Созданные ответы форума
-
Сообщения
-
Все дело в том, что я не разбираюсь, что надо, а что нет 😐 В этом вся и проблема 🙂 Хочется почистить ноут, но страшно снести что-нибудь важное.
Есть такое, что можно удалять на 200% (такие галочки)? А остальные может снять?Спасибо Вам большое за скорый ответ!
У меня еще небольшой вопрос…
После установки CCleaner, там уже стоят галочки что нужно искать и чистить. Так все и оставить? Можно спокойно доверять и удалять все, что она найдет? Ничего нужного не уничтожит? А то видела несколько отзывов в нете, люди писали, что важные системные файлы удаляет, шрифты Windows и тд…? 😕
Вроде бы все наладилось , Касперский ничего не нашел при последней проверке 🙂
Спасибо Вам большое за помощь! Мне теперь удалить RSIT и Combofix?Здравствуйте!
Все сделала, как Вы написали….. лог от Combofix:ComboFix 09-07-23.02 — user 24.07.2009 4:51.2.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.1023.529 [GMT 4:00]
Running from: c:documents and settingsuserРабочий столComboFix.exe
Command switches used :: c:documents and settingsuserРабочий столWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:program filesMail.RuAgentMradllnewmrasearch.dll
c:program filesSpeedBit Video DownloaderToolbartbhelper.dll
c:program filesWebMoney Advisor
c:program filesWebMoney Advisor16x16x32b.bmp
c:program filesWebMoney Advisorautosearch_plugin.dll
c:program filesWebMoney Advisorbasis.xml
c:program filesWebMoney Advisorbooble.html
c:program filesWebMoney Advisorfavicon.ico
c:program filesWebMoney Advisorinfo.txt
c:program filesWebMoney Advisortbhelper.dll
c:program filesWebMoney Advisortbs_include_script_014708.js
c:program filesWebMoney Advisortbs_include_script_wmadvisor.js
c:program filesWebMoney Advisoruninstall.exe
c:program filesWebMoney Advisorversion.txt
c:program filesWebMoney Advisorwmadvisor.crc
c:program filesWebMoney Advisorwmadvisor.dll
c:program filesWebMoney AdvisorWMPlugin.dll
c:windowsInstaller1460fd02.msp
c:windowsInstaller1460fd07.msp
c:windowsInstaller150acf50.msp
c:windowsInstaller150acf55.msp
c:windowsInstaller150acf5a.msp
c:windowsInstaller150acf5f.msp
c:windowsInstaller150acf64.msp
c:windowsInstaller150acf69.msp
c:windowsInstaller150acf6e.msp
c:windowsInstaller150acf73.msp
c:windowsInstaller150acf78.msp
c:windowsInstaller150acf7d.msp
c:windowsInstaller150acf82.msp
c:windowsInstaller150acf87.msp
c:windowsInstaller155bc6.msp
c:windowsInstaller155bcb.msp
c:windowsInstaller155bd0.msp
c:windowsInstaller155bd5.msp
c:windowsInstaller155bda.msp
c:windowsInstaller155bdf.msp
c:windowsInstaller155be4.msp
c:windowsInstaller155be9.msp
c:windowsInstaller155bee.msp
c:windowsInstaller155bf3.msp
c:windowsInstaller155bf8.msp
c:windowsInstaller155bfd.msp
c:windowsInstaller1e89beb1.msp
c:windowsInstaller227fd43.msp
c:windowsInstaller28e66164.msp
c:windowsInstaller28e66169.msp
c:windowsInstaller28e6616e.msp
c:windowsInstaller3e501660.msp
c:windowsInstaller3e50166e.msp
c:windowsInstaller3e501673.msp
c:windowsInstaller3e501678.msp
c:windowsInstaller3e50167d.msp
c:windowsInstaller3e501682.msp
c:windowsInstaller3e501687.msp
c:windowsInstaller3e50168c.msp
c:windowsInstaller3e501691.msp
c:windowsInstaller3e501696.msp
c:windowsInstaller3e50169b.msp
c:windowsInstaller3e5016a0.msp
c:windowsInstaller3ec8161.msp
c:windowsInstaller3ec8166.msp
c:windowsInstaller3ec8176.msp
c:windowsInstaller41e505c9.msp
c:windowsInstaller4a246d4.msp
c:windowsInstaller4aaba9.msp
c:windowsInstaller4ef1f.msp
c:windowsInstaller4ef24.msp
c:windowsInstaller4ef29.msp
c:windowsInstaller4ef2e.msp
c:windowsInstaller4ef33.msp
c:windowsInstaller4ef38.msp
c:windowsInstaller4ef3d.msp
c:windowsInstaller4fe1092.msp
c:windowsInstaller4fe1097.msp
c:windowsInstaller4fe109c.msp
c:windowsInstaller4fe10a1.msp
c:windowsInstaller4fe10a6.msp
c:windowsInstaller4fe10ab.msp
c:windowsInstaller4fe10b0.msp
c:windowsInstaller4fe10b5.msp
c:windowsInstaller50ca367.msp
c:windowsInstaller51c00.msp
c:windowsInstaller51c05.msp
c:windowsInstaller51c0a.msp
c:windowsInstaller51c0f.msp
c:windowsInstaller51c14.msp
c:windowsInstaller51c19.msp
c:windowsInstaller51c1e.msp
c:windowsInstaller51c23.msp
c:windowsInstaller51c28.msp
c:windowsInstaller51c2d.msp
c:windowsInstaller51c32.msp
c:windowsInstaller5262d9d.msp
c:windowsInstaller5262dab.msp
c:windowsInstaller53aab18.msp
c:windowsInstaller53afb5b.msp
c:windowsInstaller53afb60.msp
c:windowsInstaller53afb65.msp
c:windowsInstaller53afb6a.msp
c:windowsInstaller53afb6f.msp
c:windowsInstaller53afb74.msp
c:windowsInstaller53afb79.msp
c:windowsInstaller53afb7e.msp
c:windowsInstaller53afb83.msp
c:windowsInstaller53afb88.msp
c:windowsInstaller5500e22.msp
c:windowsInstaller5a987d5.msp
c:windowsInstaller5a987da.msp
c:windowsInstaller5a987df.msp
c:windowsInstaller5a987e4.msp
c:windowsInstaller5a987e9.msp
c:windowsInstaller5a987ee.msp
c:windowsInstaller5a987f3.msp
c:windowsInstaller5a987f8.msp
c:windowsInstaller5a987fd.msp
c:windowsInstaller5a98802.msp
c:windowsInstaller5a98807.msp
c:windowsInstaller5a9880c.msp
c:windowsInstaller5c34873.msp
c:windowsInstaller5c34878.msp
c:windowsInstaller5d997ba.msp
c:windowsInstaller5d997bf.msp
c:windowsInstaller5d997c4.msp
c:windowsInstaller5d997c9.msp
c:windowsInstaller5d997ce.msp
c:windowsInstaller5d997d3.msp
c:windowsInstaller5d997d8.msp
c:windowsInstaller5d997dd.msp
c:windowsInstaller5d997e2.msp
c:windowsInstaller5d997e7.msp
c:windowsInstaller5d997ec.msp
c:windowsInstaller5fdb600.msp
c:windowsInstaller62fd2ec.msp
c:windowsInstaller62fd2f1.msp
c:windowsInstaller62fd2f6.msp
c:windowsInstaller62fd2fb.msp
c:windowsInstaller62fd300.msp
c:windowsInstaller62fd318.msp
c:windowsInstaller6f155cd.msp
c:windowsInstaller70586e8.msp
c:windowsInstaller70586ed.msp
c:windowsInstaller70586f2.msp
c:windowsInstaller7a8c6f.msp
c:windowsInstaller7a8c74.msp
c:windowsInstaller7a8c82.msp
c:windowsInstaller87af61d.msp
c:windowsInstaller9aad509.msp
c:windowsInstaller9b4e136.msp
c:windowsInstaller9b4e13b.msp
c:windowsInstaller9b4e140.msp
c:windowsInstaller9b4e145.msp
c:windowsInstaller9ebd786.msp
c:windowsInstaller9ebd78b.msp
c:windowsInstaller9ebd790.msp
c:windowsInstaller9ebd795.msp
c:windowsInstaller9ebd79a.msp
c:windowsInstaller9ebd79f.msp
c:windowsInstaller9ebd7a4.msp
c:windowsInstaller9ebd7a9.msp
c:windowsInstaller9ebd7ae.msp
c:windowsInstaller9ebd7b3.msp
c:windowsInstaller9ebd7b8.msp
c:windowsInstallercc7186.msp
c:windowssystem32Фантик.exe
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.2009-07-20 01:41 . 2009-07-20 01:41 61 —-a-w- c:documents and settingsuserdel.bat
2009-07-19 22:20 . 2009-07-19 22:20
d
w- c:program filesCommon Filesxing shared
2009-07-16 06:49 . 2009-07-16 06:49
d
w- c:windowsSun
2009-07-16 06:45 . 2009-07-16 06:45 410984 —-a-w- c:windowssystem32deploytk.dll
2009-07-16 06:44 . 2009-07-16 06:44 152576 —-a-w- c:documents and settingsuserApplication DataSunJavajre1.6.0_14lzma.dll
2009-07-16 04:23 . 2009-07-16 04:23
d
w- c:documents and settingsuserApplication DataKeepsoft
2009-07-16 04:14 . 2009-07-16 04:14
d
w- c:program filesKeepsoft
2009-07-16 04:14 . 2009-07-16 04:14
d
w- c:documents and settingsAll UsersApplication DataKeepsoft
2009-07-16 04:00 . 2009-07-16 04:09
d
w- C:bp7
2009-07-15 04:56 . 2009-07-15 04:56
d
w- c:program filesPichugin-M Telephone Book
2009-07-15 04:31 . 2009-07-15 04:31
d
w- c:program filesAlexPro Lab
2009-07-15 03:55 . 2009-07-15 03:56
d
w- c:program filesNames
2009-07-15 03:38 . 2001-11-05 06:30 165376 —-a-w- c:windowssystem32UNWISE.EXE
2009-07-15 03:38 . 2009-07-15 05:00
d
w- c:program filesMosMap-Lite31
2009-07-15 03:19 . 2009-07-15 03:19
d
w- c:program filesCookRecepts
2009-07-15 03:09 . 2009-07-15 03:09
d
w- c:program filesTNR Vision 3.6
2009-07-15 03:06 . 2009-07-15 03:07
d
w- c:program filesChinese Pattern
2009-07-15 03:00 . 2009-07-15 03:00
d
w- c:program filespMetro
2009-07-15 02:29 . 2009-07-22 21:27
d
w- c:program filesxLines
2009-07-15 02:14 . 2009-07-15 02:15
d
w- c:program filesAura
2009-07-15 01:42 . 2005-02-28 04:32 24576 —-a-w- c:windowssystem32IdleTrac1.dll
2009-07-15 01:42 . 2009-07-15 01:42
d
w- c:program filesMailinfo
2009-07-15 01:41 . 1998-04-23 20:00 368912
w- c:windowssystem32vbar332.dll
2009-07-15 01:36 . 2009-07-20 00:05
d
w- c:documents and settingsuserLocal SettingsApplication DataAskToolbar
2009-07-15 01:31 . 2009-07-15 01:31
d
w- c:program filesAsk.com
2009-07-15 01:29 . 2009-07-15 01:29 83456 —-a-w- c:documents and settingsAll UsersApplication DataSpeedBitDAPSDCondition.dll
2009-07-15 01:28 . 2009-07-15 01:28 1943560 —-a-w- c:documents and settingsAll UsersApplication DataSpeedBitDAPOffersmailinfo30.exe
2009-07-15 01:28 . 2009-07-15 01:28 2169880 —-a-w- c:documents and settingsAll UsersApplication DataSpeedBitDAPOffersspo3.exe
2009-07-15 01:28 . 2009-07-15 01:28 3315736 —-a-w- c:documents and settingsAll UsersApplication DataSpeedBitDAPOffersVA3_DapSo.exe
2009-07-15 01:27 . 2009-07-22 19:43 95744 —-a-w- c:documents and settingsAll UsersApplication DataSpeedBitDAPUpdatesCondition.dll
2009-07-15 01:25 . 2009-07-15 02:10
d
w- c:documents and settingsAll UsersApplication DataSpeedBit
2009-07-15 01:25 . 2009-07-15 01:25 50688 —-a-w- c:windowssystem32wbhelp2.dll
2009-07-15 01:25 . 2009-07-15 01:29
d
w- c:program filesDAP
2009-07-15 01:24 . 2009-07-15 01:24
d
w- c:program filesSpeedBit Video Downloader
2009-07-15 01:12 . 2009-07-15 01:12
d
w- c:documents and settingsuserApplication DataStellarium
2009-07-15 01:09 . 2009-07-15 01:11
d
w- c:program filesStellarium
2009-07-14 21:10 . 2009-07-14 21:10 687104 —-a-w- c:windowsis-03TGN.exe
2009-07-10 15:58 . 2009-07-16 06:45
d
w- c:program filesJava
2009-07-06 17:09 . 2009-07-06 17:13
d
w- c:documents and settingsuserLocal SettingsApplication DataTemp.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 00:29 . 2008-02-16 01:56
d
w- c:documents and settingsuserApplication DatauTorrent
2009-07-22 19:49 . 2009-02-17 23:19
d
w- c:program filestrend micro
2009-07-22 18:15 . 2009-02-05 17:17 208616 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP8DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav8exec8.0.0.454avp.exe
2009-07-20 02:56 . 2008-08-25 16:33
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-07-20 02:55 . 2007-07-03 11:37
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-07-20 02:53 . 2007-08-10 13:45 2775620 —sha-w- c:windowssystem32driversfidbox.idx
2009-07-20 02:53 . 2007-08-10 13:45 2111264 —sha-w- c:windowssystem32driversfidbox2.dat
2009-07-20 02:53 . 2007-08-10 13:45 201044 —sha-w- c:windowssystem32driversfidbox2.idx
2009-07-20 02:53 . 2007-08-10 13:45 207010080 —sha-w- c:windowssystem32driversfidbox.dat
2009-07-19 22:30 . 2009-05-10 00:42
d
w- c:program filesThe KMPlayer
2009-07-19 22:20 . 2007-10-29 16:09
d
w- c:program filesCommon FilesReal
2009-07-19 21:53 . 2007-03-11 14:53
d
w- c:program filesWinamp
2009-07-15 01:47 . 2007-09-19 19:06 2560 —-a-w- c:windows_MSRSTRT.EXE
2009-07-14 22:08 . 2009-02-13 01:48
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-07-14 21:09 . 2009-03-31 23:10 3775176 —-a-w- c:documents and settingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malwarembam-setup.exe
2009-07-13 17:32 . 2009-07-10 15:58 3 —-a-w- c:program filesCommon Filestime.cv
2009-07-13 09:36 . 2009-02-13 01:48 38160 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-07-13 09:36 . 2009-02-13 01:48 19096 —-a-w- c:windowssystem32driversmbam.sys
2009-07-10 17:07 . 2008-08-25 16:33
d
w- c:program filesWebMoney
2009-07-09 19:09 . 2009-05-07 17:08
d
w- c:documents and settingsuserApplication DataVerimatrix
2009-07-06 17:15 . 2007-02-09 19:32
d
w- c:program filesGoogle
2009-07-05 14:38 . 2007-10-06 22:48
d
w- c:documents and settingsuserApplication DataYandex
2009-06-16 14:40 . 2004-09-22 13:51 119808 —-a-w- c:windowssystem32t2embed.dll
2009-06-16 14:40 . 2004-09-22 13:50 81920 —-a-w- c:windowssystem32fontsub.dll
2009-06-03 19:11 . 2004-09-22 13:51 1292800 —-a-w- c:windowssystem32quartz.dll
2009-05-20 21:50 . 2007-08-10 13:45 94643 —-a-w- c:windowssystem32driversklick.dat
2009-05-20 21:50 . 2007-08-10 13:45 105395 —-a-w- c:windowssystem32driversklin.dat
2009-05-07 15:33 . 2004-09-22 13:51 346624 —-a-w- c:windowssystem32localspl.dll
2009-04-29 04:35 . 2004-09-22 13:51 667136 —-a-w- c:windowssystem32wininet.dll
2009-04-29 04:35 . 2004-09-22 13:51 81920 —-a-w- c:windowssystem32ieencode.dll
2009-04-27 00:49 . 2004-09-22 13:51 81150 —-a-w- c:windowssystem32perfc019.dat
2009-04-27 00:49 . 2004-09-22 13:51 478476 —-a-w- c:windowssystem32perfh019.dat
2009-07-15 01:25 . 2009-07-15 01:29 251392 —-a-w- c:program filesoperaprogrampluginsdapop.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 15:50 809864 —-a-w- c:program filesAsk.comGenericAskToolbar.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{893AE660-AE80-4dd0-9959-24D2337C04E8}»= «c:program filesYandexOnlineyndminibar.dll» [2009-06-17 210728]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-04 3117856]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2009-04-02 809864][HKEY_CLASSES_ROOTclsid{893ae660-ae80-4dd0-9959-24d2337c04e8}]
[HKEY_CLASSES_ROOTYandexSearch.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{893AE653-AE80-4dd0-9959-24D2337C04E8}]
[HKEY_CLASSES_ROOTYandex.Search][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{893AE660-AE80-4DD0-9959-24D2337C04E8}»= «c:program filesYandexOnlineyndminibar.dll» [2009-06-17 210728]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-03-04 3117856]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2009-04-02 809864][HKEY_CLASSES_ROOTclsid{893ae660-ae80-4dd0-9959-24d2337c04e8}]
[HKEY_CLASSES_ROOTYandexSearch.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{893AE653-AE80-4dd0-9959-24D2337C04E8}]
[HKEY_CLASSES_ROOTYandex.Search][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersSecure Disks]
@=»{666C7836-A9B6-4AB4-94ED-DC238C81E925}»
[HKEY_CLASSES_ROOTCLSID{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-04-02 16:08 381952 —-a-r- c:program filesASUS Security CenterASUS Security Protect ManagerBinSFSShell.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Net4Switch»=»c:program filesASUSNet4SwitchNet4Switch.exe» [2006-03-02 1101824]
«MsnMsgr»=»c:program filesWindows LiveMessengerMsnMsgr.Exe» [2009-02-06 3885408]
«updateMgr»=»c:program filesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» [2006-03-30 313472]
«YandexOnline»=»c:program filesYandexOnlineonline.exe» [2009-06-22 2558728]
«Search Protection»=»c:program filesYahoo!Search ProtectionSearchProtection.exe» [2008-10-07 111856]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2009-03-05 2260480]
«DownloadAccelerator»=»c:program filesDAPDAP.EXE» [2009-07-15 2754048][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UserFaultCheck»=»c:windowssystem32dumprep 0 -u» [X]
«HControl»=»c:windowsATK0100HControl.exe» [2006-02-23 106496]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-02-08 7405568]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-02-08 86016]
«ASUS Live Update»=»c:program filesASUSASUS Live UpdateALU.exe» [2006-02-21 180224]
«Wireless Console 2″=»c:program filesWireless Console 2wcourier.exe» [2005-10-17 987136]
«ACMON»=»c:program filesASUSSplendidACMON.exe» [2006-05-30 811008]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2006-05-25 786521]
«ABLKSR»=»c:windowsABLKSRABLKSR.exe» [2006-01-03 61440]
«RemoteControl»=»c:program filesASUSTeKASUSDVDPDVDServ.exe» [2004-11-02 32768]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Power_Gear»=»c:program filesASUSPower4 GearBatteryLife.exe» [2006-03-14 90112]
«IntelZeroConfig»=»c:program filesIntelWirelessbinZCfgSvc.exe» [2006-08-01 802816]
«IntelWireless»=»c:program filesIntelWirelessBinifrmewrk.exe» [2006-08-01 696320]
«MAgent»=»c:program filesMail.RuAgentmagent.exe» [2009-04-11 6210744]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2009-07-01 37888]
«YSearchProtection»=»c:program filesYahoo!Search ProtectionSearchProtection.exe» [2008-10-07 111856]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2009avp.exe» [2009-07-22 208616]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-07-16 148888]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2009-07-19 198160]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-02-08 1519616]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.exe [2006-08-13 16050176]
«SkyTel»=»SkyTel.EXE» — c:windowsSkyTel.exe [2006-05-16 2879488]
«SMSERIAL»=»sm56hlpr.exe» — c:windowssm56hlpr.exe [2006-01-19 544768][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsuserѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
€бва㬥⠯஢ҐаЄЁ ®бЁвҐ«п ¤«п Cyber-shot Viewer.lnk — c:program filesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe [2007-2-17 155648]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2005-9-23 29696]
BTTray.lnk — c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2006-6-7 553021]
MultiFrame.lnk — c:program filesASUSAsus MultiFrameMultiFrame.exe [2006-9-28 491520][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyOneCard]
2006-05-02 21:23 40448 —-a-r- c:program filesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyIfxWlxEN]
2006-03-10 06:20 434176 —-a-w- c:windowssystem32IfxWlxEN.dll[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Messenger\MSMSGS.EXE»=
«c:\Program Files\Mail.Ru\Agent\Magent.exe»=
«c:\Program Files\QIP\QIP.EXE»=
«c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\uTorrent [tfile.ru]\utorrent.exe»=
«c:\Program Files\PC Player\pcplayer.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\DAP\DAP.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [29.01.2008 18:29 33808]
R1 ItSDisk;ItSDisk;c:windowssystem32driversitsdisk.sys [16.05.2006 14:14 17840]
R1 PersonalSecureDrive;PersonalSecureDrive;c:windowssystem32driverspsd.sys [29.11.2005 13:50 36768]
R2 ASChannel;Local Communication Channel;c:windowsSystem32svchost.exe -k Cognizance [22.09.2004 17:51 14336]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [21.02.2009 4:53 55152]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [07.03.2009 0:19 222456]
R2 VMSD;VMSD;c:windowssystem32driversvmVMSD.sys [15.05.2008 16:08 6016]
R3 IFXTPM;IFXTPM;c:windowssystem32driversifxtpm.sys [28.09.2006 22:21 36352]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32driversklfltdev.sys [13.03.2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [13.12.2007 14:28 24592]
S2 gupdate1c9ba50dff63758;Google Update Service (gupdate1c9ba50dff63758);c:program filesGoogleUpdateGoogleUpdate.exe [11.04.2009 6:54 133104]
S3 fsssvc;Семейная безопасность Windows Live;c:program filesWindows LiveFamily Safetyfsssvc.exe [06.02.2009 19:08 533360]
S3 ipswuio;ipswuio;c:windowssystem32driversipswuio.sys [28.09.2006 22:06 34944]
S3 SPT2Sp50;SPT2Sp50 NDIS Protocol Driver;c:windowssystem32DriversSPT2Sp50.sys —> c:windowssystem32DriversSPT2Sp50.sys [?][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contents of the ‘Scheduled Tasks’ folder2009-03-18 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-01-10 11:42]2009-07-20 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-11 02:54]2009-07-22 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-11 02:54]2009-07-22 c:windowsTasksScheduled Update for Ask Toolbar.job
— c:program filesAsk.comUpdateTask.exe [2009-04-02 15:50]2006-09-28 c:windowsTasksSymantec NetDetect.job
— c:program filesSymantecLiveUpdateNDETECT.EXE [2006-09-28 13:26]
.
— — — — ORPHANS REMOVED — — — —BHO-{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — c:program filesWebMoney Advisorwmadvisor.dll
Toolbar-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
WebBrowser-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
HKLM-Run-JavaVM — c:program filesJavajre1.6.2java.exe.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=43914
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Clean Traces — c:program filesDAPPrivacy Packagedapcleanerie.htm
IE: &Download with &DAP — c:program filesDAPdapextie.htm
IE: &Отправить на устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Download &all with DAP — c:program filesDAPdapextie2.htm
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU0.dll/zakladki.htm
IE: Добавить в Анти-Баннер — c:program filesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Опубликовать в Дневнике — c:program filesRambler AssistantramblertoolbarU0.dll/planet.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
TCP: {490AFAC8-1642-40EE-BCCE-D94360A21D70} = 212.1.224.34 212.1.230.111
DPF: {4D61BC1B-345F-408C-A318-E7A4059236A8} — hxxp://www.enternetica.com/viewer/evp.cab
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-24 04:58
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1608)
c:program filesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll
c:windowssystem32IfxWlxEN.dll
c:program filesASUS Security CenterASUS Security Protect ManagerBinAsChnl.dll
c:program filesASUS Security CenterASUS Security Protect ManagerBinItMsg.dll— — — — — — — > ‘lsass.exe'(1664)
c:program filesASUS Security CenterASUS Security Protect ManagerbinASWLNPkg.dll
.
Completion time: 2009-07-24 5:04
ComboFix-quarantined-files.txt 2009-07-24 01:03Pre-Run: 12 236 563 968 байт свободно
Post-Run: 12 252 281 856 байт свободноWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(2)WINDOWS=»Microsoft Windows XP Home Edition RU» /noexecute=optin /fastdetect455 — E O F — 2009-07-14 23:33
Здравствуйте Valeri!
Вот лог от RSIT:Logfile of random’s system information tool 1.06 (written by random/random)
Run by user at 2009-07-22 23:44:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (18%) free of 68 GB
Total RAM: 1023 MB (15% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:52, on 22.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesICQ6ToolbarICQ Service.exe
c:WINDOWSsystem32IFXSPMGT.exe
c:WINDOWSsystem32IFXTCS.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
c:Program FilesASUS Security CenterASUS Security Protect ManagerBinAsGHost.exe
C:WINDOWSExplorer.EXE
c:Program FilesInfineonSecurity Platform SoftwarePSDrt.exe
c:Program FilesInfineonSecurity Platform SoftwareSpTna.exe
C:WINDOWSATK0100HControl.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSATK0100ATKOSD.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesASUSASUS Live UpdateALU.exe
C:WINDOWSsm56hlpr.exe
C:Program FilesWireless Console 2wcourier.exe
C:Program FilesASUSSplendidACMON.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSsystem32ACEngSvr.exe
C:Program FilesASUSTeKASUSDVDPDVDServ.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesIntelWirelessBinDot1XCfg.exe
C:Program FilesWinampwinampa.exe
C:Program FilesYahoo!Search ProtectionSearchProtection.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesASUSNet4SwitchNet4Switch.exe
C:Program FilesSpybot — Search & DestroyTeaTimer.exe
C:Program FilesDAPDAP.EXE
C:WINDOWSsystem32wuauclt.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesASUSAsus MultiFrameMultiFrame.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesICQ6.5ICQ.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsuserРабочий столRSIT.exe
C:Program Filestrend microuser.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=43914
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesMail.RuSputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: Yahoo! IE Services Button — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Помощник по входу в Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: SBCONVERT — {A1056498-D09A-41E4-864B-505EDD640D9E} — C:Program FilesSpeedBit Video DownloaderToolbarSpeedBitVideoDownloader.dll
O2 — BHO: TBSB03223 — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: MegaIEMn — {bf00e119-21a3-4fd1-b178-3b8537e75c92} — C:Program FilesMegauploadMega ManagerMegaIEMn.dll
O2 — BHO: Ask.com Toolbar BHO — {D4027C7F-154A-4066-A1AD-4243D8127440} — C:Program FilesAsk.comGenericAskToolbar.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: ASUS Security Protect Manager — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: DAPIELoader Class — {FF6C3CF0-4B15-11D1-ABED-709549C10000} — C:PROGRA~1DAPDAPIEL~1.DLL
O2 — BHO: GrabberObj Class — {FF7C3CF0-4B15-11D1-ABED-709549C10000} — C:PROGRA~1SPEEDB~1Toolbargrabber.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O3 — Toolbar: (no name) — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — (no file)
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Яндекс.Поиск — {893AE660-AE80-4dd0-9959-24D2337C04E8} — C:Program FilesYandexOnlineyndminibar.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: SpeedBit Video Downloader — {0329E7D6-6F54-462D-93F6-F5C3118BADF2} — C:Program FilesSpeedBit Video DownloaderToolbarSpeedBitVideoDownloader.dll
O3 — Toolbar: Ask.com Toolbar — {D4027C7F-154A-4066-A1AD-4243D8127440} — C:Program FilesAsk.comGenericAskToolbar.dll
O4 — HKLM..Run: [HControl] C:WINDOWSATK0100HControl.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [ASUS Live Update] C:Program FilesASUSASUS Live UpdateALU.exe
O4 — HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 — HKLM..Run: [Wireless Console 2] C:Program FilesWireless Console 2wcourier.exe
O4 — HKLM..Run: [ACMON] C:Program FilesASUSSplendidACMON.exe
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [ABLKSR] C:windowsABLKSRABLKSR.exe
O4 — HKLM..Run: [RemoteControl] «C:Program FilesASUSTeKASUSDVDPDVDServ.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Power_Gear] C:Program FilesASUSPower4 GearBatteryLife.exe 1
O4 — HKLM..Run: [IntelZeroConfig] «C:Program FilesIntelWirelessbinZCfgSvc.exe»
O4 — HKLM..Run: [IntelWireless] «C:Program FilesIntelWirelessBinifrmewrk.exe» /tf Intel PROSet/Wireless
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentmagent.exe -LM
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [YSearchProtection] «C:Program FilesYahoo!Search ProtectionSearchProtection.exe»
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [JavaVM] C:Program FilesJavajre1.6.2java.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 — HKLM..RunOnce: [SpybotDeletingA3259] command.com /c del «C:Program FilesAskSBarbar1.binA2HIGHIN.EXE»
O4 — HKLM..RunOnce: [SpybotDeletingC5774] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2HIGHIN.EXE»
O4 — HKLM..RunOnce: [SpybotDeletingA1288] command.com /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.JAR»
O4 — HKLM..RunOnce: [SpybotDeletingC1831] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.JAR»
O4 — HKLM..RunOnce: [SpybotDeletingA3720] command.com /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.JAR»
O4 — HKLM..RunOnce: [SpybotDeletingC4057] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.JAR»
O4 — HKLM..RunOnce: [SpybotDeletingA4829] command.com /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST»
O4 — HKLM..RunOnce: [SpybotDeletingC9505] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST»
O4 — HKLM..RunOnce: [SpybotDeletingA845] command.com /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST»
O4 — HKLM..RunOnce: [SpybotDeletingC3437] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST»
O4 — HKLM..RunOnce: [SpybotDeletingA1257] command.com /c del «C:Program FilesAskSBarbar1.binA2PLUGIN.DLL»
O4 — HKLM..RunOnce: [SpybotDeletingC7152] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2PLUGIN.DLL»
O4 — HKLM..RunOnce: [SpybotDeletingA9521] command.com /c del «C:Program FilesAskSBarbar1.binASKSBAR.DLL»
O4 — HKLM..RunOnce: [SpybotDeletingC8688] cmd.exe /c del «C:Program FilesAskSBarbar1.binASKSBAR.DLL»
O4 — HKLM..RunOnce: [SpybotDeletingA7396] command.com /c del «C:Program FilesAskSBarbar1.binNPASKSBR.DLL»
O4 — HKLM..RunOnce: [SpybotDeletingC5568] cmd.exe /c del «C:Program FilesAskSBarbar1.binNPASKSBR.DLL»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Net4Switch] C:Program FilesASUSNet4SwitchNet4Switch.exe
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesWindows LiveMessengerMsnMsgr.Exe» /background
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_9 -reboot 1
O4 — HKCU..Run: [Yahoo! Pager] «C:PROGRA~1Yahoo!MESSEN~1YAHOOM~1.EXE» -quiet
O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
O4 — HKCU..Run: [Search Protection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKCU..Run: [DownloadAccelerator] «C:Program FilesDAPDAP.EXE» /STARTUP
O4 — HKCU..RunOnce: [SpybotDeletingB9184] command.com /c del «C:Program FilesAskSBarbar1.binA2HIGHIN.EXE»
O4 — HKCU..RunOnce: [SpybotDeletingD6618] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2HIGHIN.EXE»
O4 — HKCU..RunOnce: [SpybotDeletingB4501] command.com /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.JAR»
O4 — HKCU..RunOnce: [SpybotDeletingD9831] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.JAR»
O4 — HKCU..RunOnce: [SpybotDeletingB8754] command.com /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.JAR»
O4 — HKCU..RunOnce: [SpybotDeletingD8204] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.JAR»
O4 — HKCU..RunOnce: [SpybotDeletingB945] command.com /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST»
O4 — HKCU..RunOnce: [SpybotDeletingD9279] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST»
O4 — HKCU..RunOnce: [SpybotDeletingB8732] command.com /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST»
O4 — HKCU..RunOnce: [SpybotDeletingD3685] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST»
O4 — HKCU..RunOnce: [SpybotDeletingB6318] command.com /c del «C:Program FilesAskSBarbar1.binA2PLUGIN.DLL»
O4 — HKCU..RunOnce: [SpybotDeletingD2009] cmd.exe /c del «C:Program FilesAskSBarbar1.binA2PLUGIN.DLL»
O4 — HKCU..RunOnce: [SpybotDeletingB6683] command.com /c del «C:Program FilesAskSBarbar1.binASKSBAR.DLL»
O4 — HKCU..RunOnce: [SpybotDeletingD5628] cmd.exe /c del «C:Program FilesAskSBarbar1.binASKSBAR.DLL»
O4 — HKCU..RunOnce: [SpybotDeletingB9468] command.com /c del «C:Program FilesAskSBarbar1.binNPASKSBR.DLL»
O4 — HKCU..RunOnce: [SpybotDeletingD9435] cmd.exe /c del «C:Program FilesAskSBarbar1.binNPASKSBR.DLL»
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Инструмент проверки носителя для Cyber-shot Viewer.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: MultiFrame.lnk = ?
O8 — Extra context menu item: &Clean Traces — C:Program FilesDAPPrivacy Packagedapcleanerie.htm
O8 — Extra context menu item: &Download with &DAP — C:Program FilesDAPdapextie.htm
O8 — Extra context menu item: &Отправить на устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Download &all with DAP — C:Program FilesDAPdapextie2.htm
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Опубликовать в Дневнике — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/planet.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O8 — Extra context menu item: Поиск@Mail.Ru — res://c:program filesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://c:program filesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: Отправка в блог — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra ‘Tools’ menuitem: &Отправка в блог Windows Live Writer — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Yahoo! Services — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O14 — IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 — DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) — http://www.kaspersky.com/kos/russian/partner/rus/kavwebscan_unicode.cab
O16 — DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) — http://www.ipix.com/download/ipixx.cab
O16 — DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) — C:Program FilesYahoo!CommonYinsthelper.dll
O16 — DPF: {4D61BC1B-345F-408C-A318-E7A4059236A8} (CRicharoundVR2111 Object) — http://www.enternetica.com/viewer/evp.cab
O16 — DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) — http://irishkamoscow.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 — DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) — http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197331351546
O16 — DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) — http://foto.mail.ru/ImageUploader4.cab
O16 — DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) — http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 — DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games — Installer) — http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 — DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) — http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 — HKLMSystemCCSServicesTcpip..{490AFAC8-1642-40EE-BCCE-D94360A21D70}: NameServer = 212.1.224.34 212.1.230.111
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: OneCard — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll
O23 — Service: Kaspersky Internet Security (avp) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Intel(R) PROSet/Wireless Event Log (EvtEng) — Intel Corporation — C:Program FilesIntelWirelessBinEvtEng.exe
O23 — Service: Google Update Service (gupdate1c9ba50dff63758) (gupdate1c9ba50dff63758) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — c:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Security Platform Management Service (IFXSpMgtSrv) — Infineon Technologies AG — c:WINDOWSsystem32IFXSPMGT.exe
O23 — Service: Trusted Platform Core Service (IFXTCS) — Infineon Technologies AG — c:WINDOWSsystem32IFXTCS.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Unknown owner — C:Program FilesiPodbiniPodService.exe (file missing)
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Personal Secure Drive Service (PersonalSecureDriveService) — Infineon Technologies AG — c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) — Intel Corporation — C:Program FilesIntelWirelessBinRegSrvc.exe
O23 — Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) — Intel Corporation — C:Program FilesIntelWirelessBinS24EvMon.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 23083 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksGoogleUpdateTaskMachineCore.job
C:WINDOWStasksGoogleUpdateTaskMachineUA.job
C:WINDOWStasksScheduled Update for Ask Toolbar.job
C:WINDOWStasksSymantec NetDetect.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-12-18 59032][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-03-27 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2009-07-20 312928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2009-01-26 1879896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button — C:Program FilesYahoo!Commonyiesrvc.dll [2006-11-01 198136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — c:program filesMail.RuSputnikMailRuSputnik.dll [2009-04-11 680624][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу в Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A1056498-D09A-41E4-864B-505EDD640D9E}]
SBCONVERT Class — C:Program FilesSpeedBit Video DownloaderToolbarSpeedBitVideoDownloader.dll [2009-07-15 2498056][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class — C:Program FilesMegauploadMega ManagerMegaIEMn.dll [2007-10-08 110592][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask.com Toolbar — C:Program FilesAsk.comGenericAskToolbar.dll [2009-04-02 809864][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-07-16 41368][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll [2006-01-24 65536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-07-16 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
DAPIELoader Class — C:PROGRA~1DAPDAPIEL~1.DLL [2009-07-15 140888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FF7C3CF0-4B15-11D1-ABED-709549C10000}]
GrabberObj Class — C:PROGRA~1SPEEDB~1Toolbargrabber.dll [2009-07-15 198232][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2009-03-07 849392]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll [2009-04-11 680624]
{893AE660-AE80-4dd0-9959-24D2337C04E8} — Яндекс.Поиск — C:Program FilesYandexOnlineyndminibar.dll [2009-06-17 210728]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-03-04 3117856]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
{0329E7D6-6F54-462D-93F6-F5C3118BADF2} — SpeedBit Video Downloader — C:Program FilesSpeedBit Video DownloaderToolbarSpeedBitVideoDownloader.dll [2009-07-15 2498056]
{D4027C7F-154A-4066-A1AD-4243D8127440} — Ask.com Toolbar — C:Program FilesAsk.comGenericAskToolbar.dll [2009-04-02 809864][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«HControl»=C:WINDOWSATK0100HControl.exe [2006-02-23 106496]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-02-08 7405568]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-02-08 86016]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2006-08-14 16050176]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«ASUS Live Update»=C:Program FilesASUSASUS Live UpdateALU.exe [2006-02-21 180224]
«SMSERIAL»=C:WINDOWSsm56hlpr.exe [2006-01-19 544768]
«Wireless Console 2″=C:Program FilesWireless Console 2wcourier.exe [2005-10-17 987136]
«ACMON»=C:Program FilesASUSSplendidACMON.exe [2006-05-30 811008]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2006-05-25 786521]
«ABLKSR»=C:windowsABLKSRABLKSR.exe [2006-01-03 61440]
«RemoteControl»=C:Program FilesASUSTeKASUSDVDPDVDServ.exe [2004-11-02 32768]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«Power_Gear»=C:Program FilesASUSPower4 GearBatteryLife.exe [2006-03-14 90112]
«IntelZeroConfig»=C:Program FilesIntelWirelessbinZCfgSvc.exe [2006-08-02 802816]
«IntelWireless»=C:Program FilesIntelWirelessBinifrmewrk.exe [2006-08-02 696320]
«MAgent»=C:Program FilesMail.RuAgentmagent.exe [2009-04-11 6210744]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2009-07-01 37888]
«YSearchProtection»=C:Program FilesYahoo!Search ProtectionSearchProtection.exe [2008-10-07 111856]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-07-22 208616]
«JavaVM»=C:Program FilesJavajre1.6.2java.exe []
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-07-16 148888]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2009-07-20 198160]
«UserFaultCheck»=C:WINDOWSsystem32dumprep 0 -u [][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
«SpybotDeletingA3259″=command.com /c del C:Program FilesAskSBarbar1.binA2HIGHIN.EXE []
«SpybotDeletingC5774″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2HIGHIN.EXE []
«SpybotDeletingA1288″=command.com /c del C:Program FilesAskSBarbar1.binA2FFXTBR.JAR []
«SpybotDeletingC1831″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2FFXTBR.JAR []
«SpybotDeletingA3720″=command.com /c del C:Program FilesAskSBarbar1.binA2NTSTBR.JAR []
«SpybotDeletingC4057″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2NTSTBR.JAR []
«SpybotDeletingA4829″=command.com /c del C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST []
«SpybotDeletingC9505″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST []
«SpybotDeletingA845″=command.com /c del C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST []
«SpybotDeletingC3437″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST []
«SpybotDeletingA1257″=command.com /c del C:Program FilesAskSBarbar1.binA2PLUGIN.DLL []
«SpybotDeletingC7152″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2PLUGIN.DLL []
«SpybotDeletingA9521″=command.com /c del C:Program FilesAskSBarbar1.binASKSBAR.DLL []
«SpybotDeletingC8688″=cmd.exe /c del C:Program FilesAskSBarbar1.binASKSBAR.DLL []
«SpybotDeletingA7396″=command.com /c del C:Program FilesAskSBarbar1.binNPASKSBR.DLL []
«SpybotDeletingC5568″=cmd.exe /c del C:Program FilesAskSBarbar1.binNPASKSBR.DLL [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«Net4Switch»=C:Program FilesASUSNet4SwitchNet4Switch.exe [2006-03-02 1101824]
«MsnMsgr»=C:Program FilesWindows LiveMessengerMsnMsgr.Exe [2009-02-06 3885408]
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe [2006-03-30 313472]
«Yahoo! Pager»=C:PROGRA~1Yahoo!MESSEN~1YAHOOM~1.EXE [2007-11-06 3810544]
«YandexOnline»=C:Program FilesYandexOnlineonline.exe [2009-06-22 2558728]
«Search Protection»=C:Program FilesYahoo!Search ProtectionSearchProtection.exe [2008-10-07 111856]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2009-03-05 2260480]
«DownloadAccelerator»=C:Program FilesDAPDAP.EXE [2009-07-15 2754048][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«SpybotDeletingB9184″=command.com /c del C:Program FilesAskSBarbar1.binA2HIGHIN.EXE []
«SpybotDeletingD6618″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2HIGHIN.EXE []
«SpybotDeletingB4501″=command.com /c del C:Program FilesAskSBarbar1.binA2FFXTBR.JAR []
«SpybotDeletingD9831″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2FFXTBR.JAR []
«SpybotDeletingB8754″=command.com /c del C:Program FilesAskSBarbar1.binA2NTSTBR.JAR []
«SpybotDeletingD8204″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2NTSTBR.JAR []
«SpybotDeletingB945″=command.com /c del C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST []
«SpybotDeletingD9279″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2FFXTBR.MANIFEST []
«SpybotDeletingB8732″=command.com /c del C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST []
«SpybotDeletingD3685″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2NTSTBR.MANIFEST []
«SpybotDeletingB6318″=command.com /c del C:Program FilesAskSBarbar1.binA2PLUGIN.DLL []
«SpybotDeletingD2009″=cmd.exe /c del C:Program FilesAskSBarbar1.binA2PLUGIN.DLL []
«SpybotDeletingB6683″=command.com /c del C:Program FilesAskSBarbar1.binASKSBAR.DLL []
«SpybotDeletingD5628″=cmd.exe /c del C:Program FilesAskSBarbar1.binASKSBAR.DLL []
«SpybotDeletingB9468″=command.com /c del C:Program FilesAskSBarbar1.binNPASKSBR.DLL []
«SpybotDeletingD9435″=cmd.exe /c del C:Program FilesAskSBarbar1.binNPASKSBR.DLL []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
MultiFrame.lnk — C:Program FilesASUSAsus MultiFrameMultiFrame.exeC:Documents and SettingsuserГлавное менюПрограммыАвтозагрузка
Инструмент проверки носителя для Cyber-shot Viewer.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyIfxWlxEN]
C:WINDOWSsystem32IfxWlxEN.dll [2006-03-10 434176][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyOneCard]
c:Program FilesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll [2006-05-03 40448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=scecli
ASWLNPkg[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMessengerMSMSGS.EXE»=»C:Program FilesMessengerMSMSGS.EXE:*:Enabled:Windows Messenger»
«C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
«C:Program FilesQIPQIP.EXE»=»C:Program FilesQIPQIP.EXE:*:Enabled:Quiet Internet Pager»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesYahoo!MessengerYahooMessenger.exe»=»C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveSyncWindowsLiveSync.exe»=»C:Program FilesWindows LiveSyncWindowsLiveSync.exe:*:Enabled:Windows Live Sync»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesuTorrent [tfile.ru]utorrent.exe»=»C:Program FilesuTorrent [tfile.ru]utorrent.exe:*:Enabled:µTorrent»
«C:Program FilesPC Playerpcplayer.exe»=»C:Program FilesPC Playerpcplayer.exe:*:Enabled:Verimatrix ViewRight PC Player Application»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype. The whole world can talk for free.»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«C:DOCUME~1userLOCALS~1Temp49.exe»=»C:DOCUME~1userLOCALS~1Temp49.exe:*:Enabled:Microsoft Windows Update Platform»
«C:Documents and SettingsuserLocal SettingsTemp49.tmp»=»C:Documents and SettingsuserLocal SettingsTemp49.tmp:*:Disabled:49»
«C:DOCUME~1userLOCALS~1TempEA.tmp»=»C:DOCUME~1userLOCALS~1TempEA.tmp:*:Enabled:RASS Server»
«C:DOCUME~1userLOCALS~1Temp69.tmp»=»C:DOCUME~1userLOCALS~1Temp69.tmp:*:Enabled:RASS Server»
«C:DOCUME~1userLOCALS~1Temp1398.tmp»=»C:DOCUME~1userLOCALS~1Temp1398.tmp:*:Enabled:RASS Server»
«C:DOCUME~1userLOCALS~1Temp728.exe»=»C:DOCUME~1userLOCALS~1Temp728.exe:*:Enabled:Microsoft Windows Update Platform»
«C:Documents and SettingsuserLocal SettingsTemp728.tmp»=»C:Documents and SettingsuserLocal SettingsTemp728.tmp:*:Disabled:728»
«C:WINDOWSsystem32728.exe»=»C:WINDOWSsystem32728.exe:*:Enabled:Microsoft Windows Update Platform»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveSyncWindowsLiveSync.exe»=»C:Program FilesWindows LiveSyncWindowsLiveSync.exe:*:Enabled:Windows Live Sync»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f7159c6-5b1f-11dc-b717-001641b2c995}]
shellAutoRuncommand — G:USBNB.exe======List of files/folders created in the last 1 months======
2009-07-20 10:10:17 —-A—- C:WINDOWSwininit.ini
2009-07-20 02:20:18 —-D—- C:Program FilesCommon Filesxing shared
2009-07-16 10:49:47 —-D—- C:WINDOWSSun
2009-07-16 10:45:53 —-A—- C:WINDOWSsystem32javaws.exe
2009-07-16 10:45:53 —-A—- C:WINDOWSsystem32javaw.exe
2009-07-16 10:45:53 —-A—- C:WINDOWSsystem32java.exe
2009-07-16 10:45:53 —-A—- C:WINDOWSsystem32deploytk.dll
2009-07-16 10:40:19 —-D—- C:Documents and SettingsuserApplication DataSun
2009-07-16 08:23:35 —-D—- C:Documents and SettingsuserApplication DataKeepsoft
2009-07-16 08:14:50 —-D—- C:Program FilesKeepsoft
2009-07-16 08:14:50 —-D—- C:Documents and SettingsAll UsersApplication DataKeepsoft
2009-07-16 08:00:03 —-D—- C:bp7
2009-07-15 08:56:58 —-D—- C:Program FilesPichugin-M Telephone Book
2009-07-15 08:31:39 —-D—- C:Program FilesAlexPro Lab
2009-07-15 07:55:10 —-D—- C:Program FilesNames
2009-07-15 07:38:29 —-A—- C:WINDOWSsystem32UNWISE.EXE
2009-07-15 07:38:27 —-D—- C:Program FilesMosMap-Lite31
2009-07-15 07:19:35 —-D—- C:Program FilesCookRecepts
2009-07-15 07:09:35 —-D—- C:Program FilesTNR Vision 3.6
2009-07-15 07:06:02 —-D—- C:Program FilesChinese Pattern
2009-07-15 07:00:17 —-D—- C:Program FilespMetro
2009-07-15 06:29:28 —-D—- C:Program FilesxLines
2009-07-15 06:14:57 —-D—- C:Program FilesAura
2009-07-15 05:42:50 —-A—- C:WINDOWSsystem32IdleTrac1.dll
2009-07-15 05:42:49 —-D—- C:Program FilesMailinfo
2009-07-15 05:41:58 —-N—- C:WINDOWSsystem32vbar332.dll
2009-07-15 05:31:46 —-D—- C:Program FilesAsk.com
2009-07-15 05:25:25 —-D—- C:Documents and SettingsAll UsersApplication DataSpeedBit
2009-07-15 05:25:14 —-A—- C:WINDOWSsystem32wbhelp2.dll
2009-07-15 05:25:08 —-D—- C:Program FilesDAP
2009-07-15 05:24:24 —-D—- C:Program FilesSpeedBit Video Downloader
2009-07-15 05:12:19 —-D—- C:Documents and SettingsuserApplication DataStellarium
2009-07-15 05:09:24 —-D—- C:Program FilesStellarium
2009-07-15 03:33:00 —-HDC—- C:WINDOWS$NtUninstallKB973346$
2009-07-15 03:32:16 —-HDC—- C:WINDOWS$NtUninstallKB971633$
2009-07-15 03:18:14 —-HDC—- C:WINDOWS$NtUninstallKB961371$
2009-07-15 01:10:53 —-A—- C:WINDOWSis-03TGN.exe
2009-07-10 19:58:50 —-D—- C:Program FilesJava
2009-07-10 00:10:29 —-A—- C:WINDOWSIE4 Error Log.txt======List of files/folders modified in the last 1 months======
2009-07-22 23:44:39 —-D—- C:Program Filestrend micro
2009-07-22 23:44:32 —-D—- C:WINDOWStemp
2009-07-22 23:44:28 —-D—- C:WINDOWSPrefetch
2009-07-22 20:14:21 —-RSHD—- C:WINDOWSsystem32dllcache
2009-07-22 20:14:16 —-D—- C:WINDOWSsystem32
2009-07-22 20:14:09 —-D—- C:WINDOWSsystem32CatRoot2
2009-07-20 10:10:17 —-D—- C:WINDOWS
2009-07-20 10:10:07 —-D—- C:Program Files
2009-07-20 06:56:14 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-07-20 06:55:48 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-07-20 06:55:17 —-D—- C:WINDOWSsystem32drivers
2009-07-20 06:52:48 —-A—- C:WINDOWSSchedLgU.Txt
2009-07-20 02:30:27 —-D—- C:Program FilesThe KMPlayer
2009-07-20 02:20:18 —-D—- C:Program FilesCommon Files
2009-07-20 02:20:06 —-D—- C:Program FilesCommon FilesReal
2009-07-20 02:20:02 —-A—- C:WINDOWSsystem32rmoc3260.dll
2009-07-20 02:19:40 —-A—- C:WINDOWSsystem32pndx5032.dll
2009-07-20 02:19:40 —-A—- C:WINDOWSsystem32pndx5016.dll
2009-07-20 02:19:33 —-A—- C:WINDOWSsystem32pncrt.dll
2009-07-20 01:53:03 —-D—- C:Program FilesWinamp
2009-07-19 07:48:59 —-D—- C:Documents and SettingsuserApplication DatauTorrent
2009-07-16 10:46:20 —-SHD—- C:WINDOWSInstaller
2009-07-16 10:46:03 —-SHD—- C:Config.Msi
2009-07-15 10:44:47 —-A—- C:WINDOWSNeroDigital.ini
2009-07-15 05:47:23 —-A—- C:WINDOWS_MSRSTRT.EXE
2009-07-15 05:31:54 —-SD—- C:WINDOWSTasks
2009-07-15 03:33:16 —-HD—- C:WINDOWSinf
2009-07-15 03:32:58 —-HD—- C:WINDOWS$hf_mig$
2009-07-15 03:32:43 —-A—- C:WINDOWSimsins.BAK
2009-07-15 03:30:48 —-RSD—- C:WINDOWSassembly
2009-07-15 02:08:14 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-07-10 21:07:15 —-D—- C:Program FilesWebMoney
2009-07-09 23:09:59 —-D—- C:Documents and SettingsuserApplication DataVerimatrix
2009-07-09 20:26:05 —-SD—- C:WINDOWSDownloaded Program Files
2009-07-07 19:10:56 —-A—- C:WINDOWSsystem32MRT.exe
2009-07-06 21:39:28 —-D—- C:WINDOWSMicrosoft.NET
2009-07-06 21:15:22 —-D—- C:Program FilesGoogle
2009-07-05 18:38:37 —-D—- C:Documents and SettingsuserApplication DataYandex======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 ItSDisk;ItSDisk; C:WINDOWSSystem32DriversItSDisk.sys [2006-05-16 17840]
R1 klif;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-02-05 213520]
R1 PersonalSecureDrive;PersonalSecureDrive; C:WINDOWSSystem32driverspsd.sys [2005-11-29 36768]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2006-09-28 21419]
R2 fssfltr;FssFltr; C:WINDOWSsystem32DRIVERSfssfltr_tdi.sys [2009-02-06 55152]
R2 s24trans;WLAN Transport; C:WINDOWSsystem32DRIVERSs24trans.sys [2006-08-02 12544]
R2 VMSD;VMSD; ??C:WINDOWSsystem32driversvmVMSD.sys []
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2006-06-07 329901]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2006-06-07 30459]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-06-07 855018]
R3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2006-06-07 149028]
R3 btwhid;btwhid; C:WINDOWSsystem32DRIVERSbtwhid.sys [2006-06-07 47811]
R3 btwmodem;Модем Bluetooth; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2006-06-07 30285]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-06-07 67384]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 IFXTPM;IFXTPM; C:WINDOWSsystem32DRIVERSIFXTPM.SYS [2005-10-21 36352]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-08-15 4368896]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSsystem32DRIVERSATKACPI.sys [2005-02-17 5632]
R3 NETw3x32;Драйвер адаптера Intel(R) PRO/Wireless 3945ABG для 32-разрядной версии Windows XP; C:WINDOWSsystem32DRIVERSNETw3x32.sys [2006-07-26 1707776]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-02-08 3640608]
R3 rimmptsk;rimmptsk; C:WINDOWSsystem32DRIVERSrimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:WINDOWSsystem32DRIVERSrimsptsk.sys [2005-11-01 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:WINDOWSsystem32DRIVERSrixdptsk.sys [2005-11-01 308992]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2005-11-16 78976]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:WINDOWSsystem32DRIVERSsmserial.sys [2006-01-19 862340]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:WINDOWSsystem32DRIVERSsnp2sxp.sys [2006-01-04 10219904]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2006-05-25 193088]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 ipswuio;ipswuio; C:WINDOWSSystem32DRIVERSipswuio.sys [2006-01-24 34944]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 sffdisk;Драйвер класса SFF Storage; C:WINDOWSsystem32DRIVERSsffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Драйвер протокола SFF Storage для SDBus; C:WINDOWSsystem32DRIVERSsffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 SPT2Sp50;SPT2Sp50 NDIS Protocol Driver; C:WINDOWSSystem32DriversSPT2Sp50.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:WINDOWSsystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:WINDOWSsystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASChannel;Local Communication Channel; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R2 avp;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-07-22 208616]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2006-06-07 266295]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:Program FilesIntelWirelessBinEvtEng.exe [2006-08-02 434176]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 IFXSpMgtSrv;Security Platform Management Service; c:WINDOWSsystem32IFXSPMGT.exe [2006-03-10 507904]
R2 IFXTCS;Trusted Platform Core Service; c:WINDOWSsystem32IFXTCS.exe [2006-03-10 741376]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-07-16 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-02-08 143426]
R2 PersonalSecureDriveService;Personal Secure Drive Service; c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE [2005-11-29 99872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:Program FilesIntelWirelessBinRegSrvc.exe [2006-08-02 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:Program FilesIntelWirelessBinS24EvMon.exe [2006-08-02 937984]
S2 gupdate1c9ba50dff63758;Google Update Service (gupdate1c9ba50dff63758); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-04-11 133104]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Семейная безопасность Windows Live; C:Program FilesWindows LiveFamily Safetyfsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; c:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
Valeri, спасибо Вам огромное!!! Диспетчер начал запускаться!!!! :)) УРА!!!
Подскажите пожалуйста, а что делать с этими пограммами (Combofix, RSIT, OTMoveit)? Их надо теперь удалить? Или их периодически стоит запускать, с целью подчистить все ненужное (то что Касперский не видит)?Здравствуйте Valeri!
Прилагаю лог Combofix:
ComboFix 09-02-27.02 — user 2009-02-28 3:39:44.1 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.1023.316 [GMT 3:00]
Running from: c:documents and settingsuserђ Ў®зЁ© бв®«ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:windows2.exe
c:windowsIE4 Error Log.txt
c:windowswinhp32.exe
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.2009-02-21 03:53 . 2009-02-06 18:08 55,152 —a
c:windowssystem32driversfssfltr_tdi.sys
2009-02-20 02:01 . 2009-02-20 02:01d
C:_OTMoveIt
2009-02-18 02:19 . 2009-02-18 02:24d
C:rsit
2009-02-18 02:19 . 2009-02-20 02:24d
c:program filestrend micro
2009-02-13 04:48 . 2009-02-13 04:48d
c:program filesMalwarebytes’ Anti-Malware
2009-02-13 04:48 . 2009-02-13 04:48d
c:documents and settingsuserApplication DataMalwarebytes
2009-02-13 04:48 . 2009-02-13 04:48d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-02-13 04:48 . 2009-02-11 10:19 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2009-02-13 04:48 . 2009-02-11 10:19 15,504 —a
c:windowssystem32driversmbam.sys
2009-02-06 19:29 . 2009-02-06 19:29 308,104 —a
c:windowsWLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 —a
c:windowssystem32sirenacm.dll
2009-02-06 03:28 . 2009-02-06 03:28 230 —a
c:windowssystem32spupdsvc.inf
2009-01-31 21:16 . 2009-01-31 21:19d
c:program filesFreeSpacer
2009-01-31 21:10 . 2009-01-31 21:10d
c:program filesNETBYNET
2009-01-31 20:45 . 2009-01-31 20:45d
c:program filesCCleaner
2009-01-31 19:38 . 2009-01-31 19:38d
c:program filesSuper Metla
2009-01-31 19:33 . 2009-01-31 19:35d
c:program filesPointstone
2009-01-31 19:33 . 2009-01-31 19:35d
c:program filesCommon FilesPointstone.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 00:50
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-02-28 00:46 207,010,080 —sha-w c:windowssystem32driversfidbox.dat
2009-02-28 00:46 201,044 —sha-w c:windowssystem32driversfidbox2.idx
2009-02-28 00:46 2,775,620 —sha-w c:windowssystem32driversfidbox.idx
2009-02-28 00:46 2,111,264 —sha-w c:windowssystem32driversfidbox2.dat
2009-02-27 00:50
d
w c:documents and settingsuserApplication DataSkype
2009-02-26 00:39
d
w c:documents and settingsuserApplication DataMegauploadToolbar
2009-02-26 00:18
d
w c:documents and settingsuserApplication DataskypePM
2009-02-21 00:53
d
w c:program filesWindows Live
2009-02-05 17:17 89,601 —-a-w c:windowssystem32driversklick.dat
2009-02-05 17:17 33,808 —-a-w c:windowssystem32driversklbg.sys
2009-02-05 17:17 101,287 —-a-w c:windowssystem32driversklin.dat
2009-02-02 15:07
d
w c:documents and settingsuserApplication DataMra
2009-01-15 08:40
d
w c:documents and settingsuserApplication DataYandex
2008-12-28 20:33
d
w c:program filesMicrosoft
2008-12-28 20:10
d
w c:program filesWindows Live SkyDrive
2008-12-28 19:29
d
w c:program filesCommon FilesWindows Live
2008-03-30 22:25 32 —-a-w c:documents and settingsAll UsersApplication Dataezsid.dat
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
2008-03-20 15:28 2469888 —a
c:program filesWebMoney Advisorwmadvisor.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{893AE660-AE80-4dd0-9959-24D2337C04E8}»= «c:program filesYandexOnlineyndminibar.dll» [2008-03-14 204800]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisorwmadvisor.dll» [2008-03-20 2469888]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736][HKEY_CLASSES_ROOTclsid{893ae660-ae80-4dd0-9959-24d2337c04e8}]
[HKEY_CLASSES_ROOTYandexSearch.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{893AE653-AE80-4dd0-9959-24D2337C04E8}]
[HKEY_CLASSES_ROOTYandex.Search][HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{893AE660-AE80-4DD0-9959-24D2337C04E8}»= «c:program filesYandexOnlineyndminibar.dll» [2008-03-14 204800]
«{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840}»= «c:program filesWebMoney Advisorwmadvisor.dll» [2008-03-20 2469888]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736][HKEY_CLASSES_ROOTclsid{893ae660-ae80-4dd0-9959-24d2337c04e8}]
[HKEY_CLASSES_ROOTYandexSearch.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{893AE653-AE80-4dd0-9959-24D2337C04E8}]
[HKEY_CLASSES_ROOTYandex.Search][HKEY_CLASSES_ROOTclsid{3affd7f7-fd3d-4c9d-8f83-03296a1a8840}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223.3]
[HKEY_CLASSES_ROOTTypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOTTBSB03223.TBSB03223][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersSecure Disks]
@=»{666C7836-A9B6-4AB4-94ED-DC238C81E925}»
[HKEY_CLASSES_ROOTCLSID{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-04-02 19:08 381952 -ra
c:program filesASUS Security CenterASUS Security Protect ManagerBinSFSShell.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Net4Switch»=»c:program filesASUSNet4SwitchNet4Switch.exe» [2006-03-02 1101824]
«MsnMsgr»=»c:program filesWindows LiveMessengerMsnMsgr.Exe» [2009-02-06 3885408]
«updateMgr»=»c:program filesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» [2006-03-30 313472]
«Yahoo! Pager»=»c:program filesYahoo!MessengerYahooMessenger.exe» [2007-11-06 3810544]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-09-01 479496]
«YandexOnline»=»c:program filesYandexOnlineonline.exe» [2008-03-14 2291200]
«Search Protection»=»c:program filesYahoo!Search ProtectionSearchProtection.exe» [2008-10-07 111856][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«HControl»=»c:windowsATK0100HControl.exe» [2006-02-23 106496]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-02-08 7405568]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-02-08 86016]
«ASUS Live Update»=»c:program filesASUSASUS Live UpdateALU.exe» [2006-02-21 180224]
«Wireless Console 2″=»c:program filesWireless Console 2wcourier.exe» [2005-10-17 987136]
«ACMON»=»c:program filesASUSSplendidACMON.exe» [2006-05-30 811008]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2006-05-25 786521]
«ABLKSR»=»c:windowsABLKSRABLKSR.exe» [2006-01-03 61440]
«RemoteControl»=»c:program filesASUSTeKASUSDVDPDVDServ.exe» [2004-11-02 32768]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Power_Gear»=»c:program filesASUSPower4 GearBatteryLife.exe» [2006-03-14 90112]
«IntelZeroConfig»=»c:program filesIntelWirelessbinZCfgSvc.exe» [2006-08-01 802816]
«IntelWireless»=»c:program filesIntelWirelessBinifrmewrk.exe» [2006-08-01 696320]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2008-11-04 4412920]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-04 36352]
«YSearchProtection»=»c:program filesYahoo!Search ProtectionSearchProtection.exe» [2008-10-07 111856]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2008-05-02 185896]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2009avp.exe» [2009-02-05 206088]
«nwiz»=»nwiz.exe» [2006-02-08 c:windowssystem32nwiz.exe]
«RTHDCPL»=»RTHDCPL.EXE» [2006-08-14 c:windowsRTHDCPL.exe]
«SkyTel»=»SkyTel.EXE» [2006-05-16 c:windowsSkyTel.exe]
«SMSERIAL»=»sm56hlpr.exe» [2006-01-19 c:windowssm56hlpr.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsuserѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
€бва㬥⠯஢ҐаЄЁ ®бЁвҐ«п ¤«п Cyber-shot Viewer.lnk — c:program filesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe [2007-02-17 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyOneCard]
2006-05-03 00:23 40448 c:program filesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyIfxWlxEN]
2006-03-10 09:20 434176 c:windowssystem32IfxWlxEN.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll
«VIDC.3iv2″= 3ivxVfWCodec.dll
«VIDC.VP31″= vp31vfw.dll
«msacm.l3fhg»= mp3fhg.acm[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Messenger\MSMSGS.EXE»=
«c:\Program Files\Mail.Ru\Agent\Magent.exe»=
«c:\Program Files\QIP\QIP.EXE»=
«c:\Program Files\ICQ6\ICQ.exe»=
«c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2008-01-29 33808]
R1 ItSDisk;ItSDisk;c:windowssystem32driversitsdisk.sys [2006-05-16 17840]
R1 PersonalSecureDrive;PersonalSecureDrive;c:windowssystem32driverspsd.sys [2005-11-29 36768]
R2 ASChannel;Local Communication Channel;c:windowsSystem32svchost.exe -k Cognizance [2004-09-22 14336]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2009-02-21 55152]
R3 IFXTPM;IFXTPM;c:windowssystem32driversifxtpm.sys [2006-09-28 36352]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32driversklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [2007-12-13 24592]
S3 fsssvc;Семейная безопасность Windows Live;c:program filesWindows LiveFamily Safetyfsssvc.exe [2009-02-06 533360]
S3 ipswuio;ipswuio;c:windowssystem32driversipswuio.sys [2006-09-28 34944]
S3 SPT2Sp50;SPT2Sp50 NDIS Protocol Driver;c:windowssystem32DriversSPT2Sp50.sys —> c:windowssystem32DriversSPT2Sp50.sys [?][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
Cognizance REG_MULTI_SZ ASChannel[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f7159c6-5b1f-11dc-b717-001641b2c995}]
ShellAutoRuncommand — G:USBNB.exe
.
Contents of the ‘Scheduled Tasks’ folder2008-12-24 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-01-10 14:42]2006-09-28 c:windowsTasksSymantec NetDetect.job
— c:program filesSymantecLiveUpdateNDETECT.EXE [2004-07-19 16:26]
.
— — — — ORPHANS REMOVED — — — —HKLM-Run-Zshutdown — c:syspreppatchsysprep.cmd
HKLM-Run-MambaUpdater — c:\DOCUME~1\user\LOCALS~1\Temp\Tet-A-Tet\updater.exe
HKLM-Run-NevoDRM — c:program filesИгрыNevoDRMNevoDRM.exe.
Supplementary Scan
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Отправить на устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Добавить в Анти-Баннер — c:program filesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
IE: Найти в интернете — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Найти в словарях — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU1.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU1.dll/dic.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
TCP: {490AFAC8-1642-40EE-BCCE-D94360A21D70} = 212.1.224.34 212.1.230.111
DPF: {4D61BC1B-345F-408C-A318-E7A4059236A8} — hxxp://www.enternetica.com/viewer/evp.cab
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 03:48:44
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1120)
c:program filesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll
c:program filesASUS Security CenterASUS Security Protect ManagerBinAsChnl.dll
c:program filesASUS Security CenterASUS Security Protect ManagerBinItMsg.dll
c:windowssystem32IfxWlxEN.dll— — — — — — — > ‘lsass.exe'(1176)
c:program filesASUS Security CenterASUS Security Protect ManagerbinASWLNPkg.dll
.
Other Running Processes
.
c:program filesIntelWirelessBinEvtEng.exe
c:windowssystem32dllhost.exe
c:program filesIntelWirelessBinS24EvMon.exe
c:program filesWIDCOMMBluetooth Softwarebinbtwdins.exe
c:windowssystem32IFXSPMGT.exe
c:windowssystem32IFXTCS.exe
c:windowssystem32nvsvc32.exe
c:program filesInfineonSecurity Platform SoftwarePSDsrvc.EXE
c:program filesIntelWirelessBinRegSrvc.exe
c:windowssystem32scardsvr.exe
c:program filesASUS Security CenterASUS Security Protect ManagerBinasghost.exe
c:program filesInfineonSecurity Platform SoftwarePSDrt.exe
c:program filesInfineonSecurity Platform SoftwareSpTNA.exe
c:windowssystem32rundll32.exe
c:windowssystem32rundll32.exe
c:windowsATK0100ATKOSD.exe
c:windowssystem32ACEngSvr.exe
c:program filesIntelWirelessBinDot1XCfg.exe
c:program filesWIDCOMMBluetooth SoftwareBTTray.exe
c:program filesASUSAsus MultiFrameMultiFrame.exe
c:progra~1WIDCOMMBLUETO~1BTSTAC~1.EXE
c:program filesYahoo!MessengerYmsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-02-28 3:55:51 — machine was rebooted
ComboFix-quarantined-files.txt 2009-02-28 00:54:33Pre-Run: 16я748я058я112 Ў ©в бў®Ў®¤®
Post-Run: 16,986,907,648 Ў ©в бў®Ў®¤®262 — E O F — 2009-02-26 00:02:16
Здравствуйте!
Компьютер вроде работает нормально, но проблема с диспетчером задач так и осталась. Диспетчер до сих пор «отключен администратором»…..Ведь так же не должно быть…Здравствуйте!
Вот лог от OTMoveIt3 by OldTimer:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service dwshd .
Service SymEvent stopped successfully.
Service SymEvent deleted successfully.
Service aspnet_stateCiSvc stopped successfully.
Service aspnet_stateCiSvc deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\ChristmasTree deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinek85.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinra86.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinvb40.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinek85.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinra86.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinvb40.sys\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~1userLOCALS~1TempJET2913.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1userLOCALS~1Tempylib_caa863ffde78652728257a8598aba67e.tlb scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1userLOCALS~1Temp~DF6904.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1userLOCALS~1Temp~DFA6B3.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1userLOCALS~1Temp~DFA8C4.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempcch~1e8ec8b0cdc.htp scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempcch~1e8ec8b11d5.htp scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempcch~1e8ef94e471.htp scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempcch~1e8ef94ea1d.htp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 02202009_020107
Files moved on Reboot…
File C:DOCUME~1userLOCALS~1TempJET2913.tmp not found!
C:DOCUME~1userLOCALS~1Tempylib_caa863ffde78652728257a8598aba67e.tlb moved successfully.
C:DOCUME~1userLOCALS~1Temp~DF6904.tmp moved successfully.
File C:DOCUME~1userLOCALS~1Temp~DFA6B3.tmp not found!
File C:DOCUME~1userLOCALS~1Temp~DFA8C4.tmp not found!
File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.
File C:WINDOWStempcch~1e8ec8b0cdc.htp not found!
File C:WINDOWStempcch~1e8ec8b11d5.htp not found!
File C:WINDOWStempcch~1e8ef94e471.htp not found!
File C:WINDOWStempcch~1e8ef94ea1d.htp not found!А это новый RSIT:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by user at 2009-02-20 02:24:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (25%) free of 68 GB
Total RAM: 1023 MB (32% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:03, on 20.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
c:WINDOWSsystem32IFXSPMGT.exe
c:WINDOWSsystem32IFXTCS.exe
C:WINDOWSsystem32nvsvc32.exe
c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe
c:Program FilesASUS Security CenterASUS Security Protect ManagerBinAsGHost.exe
C:WINDOWSExplorer.EXE
c:Program FilesInfineonSecurity Platform SoftwarePSDrt.exe
c:Program FilesInfineonSecurity Platform SoftwareSpTna.exe
C:WINDOWSnotepad.exe
C:WINDOWSATK0100HControl.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSRTHDCPL.EXE
C:Program FilesASUSASUS Live UpdateALU.exe
C:WINDOWSsm56hlpr.exe
C:Program FilesWireless Console 2wcourier.exe
C:WINDOWSATK0100ATKOSD.exe
C:Program FilesASUSSplendidACMON.exe
C:WINDOWSsystem32ACEngSvr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesASUSTeKASUSDVDPDVDServ.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesWinampwinampa.exe
C:Program FilesYahoo!Search ProtectionSearchProtection.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesASUSNet4SwitchNet4Switch.exe
C:Program FilesIntelWirelessBinDot1XCfg.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesASUSAsus MultiFrameMultiFrame.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:WINDOWSsystem32wuauclt.exe
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:Program FilesOperaOpera.exe
C:Documents and SettingsuserРабочий столRSIT.exe
C:Program Filestrend microuser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ru.msn.com/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.asus.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Megaupload Toolbar — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — C:PROGRA~1MEGAUP~2MEGAUP~1.DLL
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: Yahoo! IE Services Button — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Помощник по входу в Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: TBSB03223 — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: MegaIEMn — {bf00e119-21a3-4fd1-b178-3b8537e75c92} — C:Program FilesMegauploadMega ManagerMegaIEMn.dll
O2 — BHO: ASUS Security Protect Manager — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: Megaupload Toolbar — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — C:PROGRA~1MEGAUP~2MEGAUP~1.DLL
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Яндекс.Поиск — {893AE660-AE80-4dd0-9959-24D2337C04E8} — C:Program FilesYandexOnlineyndminibar.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [HControl] C:WINDOWSATK0100HControl.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [ASUS Live Update] C:Program FilesASUSASUS Live UpdateALU.exe
O4 — HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 — HKLM..Run: [Wireless Console 2] C:Program FilesWireless Console 2wcourier.exe
O4 — HKLM..Run: [ACMON] C:Program FilesASUSSplendidACMON.exe
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [Zshutdown] c:syspreppatchsysprep.cmd
O4 — HKLM..Run: [ABLKSR] C:windowsABLKSRABLKSR.exe
O4 — HKLM..Run: [RemoteControl] «C:Program FilesASUSTeKASUSDVDPDVDServ.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Power_Gear] C:Program FilesASUSPower4 GearBatteryLife.exe 1
O4 — HKLM..Run: [IntelZeroConfig] «C:Program FilesIntelWirelessbinZCfgSvc.exe»
O4 — HKLM..Run: [IntelWireless] «C:Program FilesIntelWirelessBinifrmewrk.exe» /tf Intel PROSet/Wireless
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [MambaUpdater] C:\DOCUME~1\user\LOCALS~1\Temp\Tet-A-Tet\updater.exe C:Documents and SettingsuserМои документыПрограммкиTet-A-Tet.exe C:\DOCUME~1\user\LOCALS~1\Temp\Tet-A-Tet\Tet-A-Tet.exe
O4 — HKLM..Run: [YSearchProtection] «C:Program FilesYahoo!Search ProtectionSearchProtection.exe»
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [NevoDRM] «C:Program FilesИгрыNevoDRMNevoDRM.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Net4Switch] C:Program FilesASUSNet4SwitchNet4Switch.exe
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesWindows LiveMessengerMsnMsgr.Exe» /background
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_9 -reboot 1
O4 — HKCU..Run: [Yahoo! Pager] «C:Program FilesYahoo!MessengerYahooMessenger.exe» -quiet
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
O4 — HKCU..Run: [Search Protection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Инструмент проверки носителя для Cyber-shot Viewer.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: MultiFrame.lnk = ?
O8 — Extra context menu item: &Отправить на устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/dic.htm
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: Отправка в блог — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra ‘Tools’ menuitem: &Отправка в блог Windows Live Writer — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Yahoo! Services — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O14 — IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 — DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) — http://www.kaspersky.com/kos/russian/partner/rus/kavwebscan_unicode.cab
O16 — DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) — http://www.ipix.com/download/ipixx.cab
O16 — DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) — C:Program FilesYahoo!CommonYinsthelper.dll
O16 — DPF: {4D61BC1B-345F-408C-A318-E7A4059236A8} (CRicharoundVR2111 Object) — http://www.enternetica.com/viewer/evp.cab
O16 — DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) — http://irishkamoscow.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 — DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) — http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197331351546
O16 — DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) — http://foto.mail.ru/ImageUploader4.cab
O16 — DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) — http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 — DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games — Installer) — http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 — DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) — http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 — HKLMSystemCCSServicesTcpip..{490AFAC8-1642-40EE-BCCE-D94360A21D70}: NameServer = 212.1.224.34 212.1.230.111
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O20 — Winlogon Notify: OneCard — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll
O23 — Service: Kaspersky Internet Security (avp) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Intel(R) PROSet/Wireless Event Log (EvtEng) — Intel Corporation — C:Program FilesIntelWirelessBinEvtEng.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — c:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Security Platform Management Service (IFXSpMgtSrv) — Infineon Technologies AG — c:WINDOWSsystem32IFXSPMGT.exe
O23 — Service: Trusted Platform Core Service (IFXTCS) — Infineon Technologies AG — c:WINDOWSsystem32IFXTCS.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Unknown owner — C:Program FilesiPodbiniPodService.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Personal Secure Drive Service (PersonalSecureDriveService) — Infineon Technologies AG — c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) — Intel Corporation — C:Program FilesIntelWirelessBinRegSrvc.exe
O23 — Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) — Intel Corporation — C:Program FilesIntelWirelessBinS24EvMon.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 17926 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksSymantec NetDetect.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-12-18 59032][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-04-23 1377576][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-05-02 308856][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar — C:PROGRA~1MEGAUP~2MEGAUP~1.DLL [2007-11-14 1933256][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button — C:Program FilesYahoo!Commonyiesrvc.dll [2006-10-31 198136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-11-04 667336][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу в Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2008-11-18 408952][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class — C:Program FilesMegauploadMega ManagerMegaIEMn.dll [2007-10-08 110592][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll [2006-01-24 65536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU1.dll [2007-11-10 804336]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — Megaupload Toolbar — C:PROGRA~1MEGAUP~2MEGAUP~1.DLL [2007-11-14 1933256]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-11-04 667336]
{893AE660-AE80-4dd0-9959-24D2337C04E8} — Яндекс.Поиск — C:Program FilesYandexOnlineyndminibar.dll [2008-03-14 204800]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«HControl»=C:WINDOWSATK0100HControl.exe [2006-02-23 106496]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-02-08 7405568]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-02-08 86016]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2006-08-14 16050176]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«ASUS Live Update»=C:Program FilesASUSASUS Live UpdateALU.exe [2006-02-21 180224]
«SMSERIAL»=C:WINDOWSsm56hlpr.exe [2006-01-19 544768]
«Wireless Console 2″=C:Program FilesWireless Console 2wcourier.exe [2005-10-17 987136]
«ACMON»=C:Program FilesASUSSplendidACMON.exe [2006-05-30 811008]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2006-05-25 786521]
«Zshutdown»=c:syspreppatchsysprep.cmd []
«ABLKSR»=C:windowsABLKSRABLKSR.exe [2006-01-03 61440]
«RemoteControl»=C:Program FilesASUSTeKASUSDVDPDVDServ.exe [2004-11-02 32768]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«Power_Gear»=C:Program FilesASUSPower4 GearBatteryLife.exe [2006-03-14 90112]
«IntelZeroConfig»=C:Program FilesIntelWirelessbinZCfgSvc.exe [2006-08-01 802816]
«IntelWireless»=C:Program FilesIntelWirelessBinifrmewrk.exe [2006-08-01 696320]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-11-04 4412920]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2008-08-04 36352]
«MambaUpdater»=C:\DOCUME~1\user\LOCALS~1\Temp\Tet-A-Tet\updater.exe C:Documents and SettingsuserМои документыПрограммкиTet-A-Tet.exe C:\DOCUME~1\user\LOCALS~1\Temp\Tet-A-Tet\Tet-A-Tet.exe []
«YSearchProtection»=C:Program FilesYahoo!Search ProtectionSearchProtection.exe [2008-10-07 111856]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-05-02 185896]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-02-05 206088]
«NevoDRM»=C:Program FilesИгрыNevoDRMNevoDRM.exe [2008-07-29 119808][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«Net4Switch»=C:Program FilesASUSNet4SwitchNet4Switch.exe [2006-03-02 1101824]
«MsnMsgr»=C:Program FilesWindows LiveMessengerMsnMsgr.Exe [2008-12-02 3882312]
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe [2006-03-30 313472]
«Yahoo! Pager»=C:Program FilesYahoo!MessengerYahooMessenger.exe [2007-11-06 3810544]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-09-01 479496]
«YandexOnline»=C:Program FilesYandexOnlineonline.exe [2008-03-14 2291200]
«Search Protection»=C:Program FilesYahoo!Search ProtectionSearchProtection.exe [2008-10-07 111856]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
MultiFrame.lnk — C:Program FilesASUSAsus MultiFrameMultiFrame.exeC:Documents and SettingsuserГлавное менюПрограммыАвтозагрузка
Инструмент проверки носителя для Cyber-shot Viewer.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyIfxWlxEN]
C:WINDOWSsystem32IfxWlxEN.dll [2006-03-10 434176][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyOneCard]
c:Program FilesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll [2006-05-03 40448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=scecli
ASWLNPkg[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoFolderOptions»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMessengerMSMSGS.EXE»=»C:Program FilesMessengerMSMSGS.EXE:*:Enabled:Windows Messenger»
«C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
«C:Program FilesQIPQIP.EXE»=»C:Program FilesQIPQIP.EXE:*:Enabled:Quiet Internet Pager»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Documents and SettingsuserApplication DataICQ Toolbarpost.exe»=»C:Documents and SettingsuserApplication DataICQ Toolbarpost.exe:*:Enabled:Enabled»
«C:Program FilesYahoo!MessengerYahooMessenger.exe»=»C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger»
«C:Program FilesYahoo!MessengerYServer.exe»=»C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveSyncWindowsLiveSync.exe»=»C:Program FilesWindows LiveSyncWindowsLiveSync.exe:*:Enabled:Windows Live Sync»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype. The whole world can talk for free.»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveSyncWindowsLiveSync.exe»=»C:Program FilesWindows LiveSyncWindowsLiveSync.exe:*:Enabled:Windows Live Sync»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f7159c6-5b1f-11dc-b717-001641b2c995}]
shellAutoRuncommand — G:USBNB.exe======List of files/folders created in the last 1 months======
2009-02-20 02:01:07 —-D—- C:_OTMoveIt
2009-02-18 02:19:59 —-D—- C:Program Filestrend micro
2009-02-18 02:19:57 —-D—- C:rsit
2009-02-14 04:33:35 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-02-13 04:48:49 —-D—- C:Documents and SettingsuserApplication DataMalwarebytes
2009-02-13 04:48:43 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-02-13 04:48:42 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-02-08 03:06:05 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2009-02-08 03:05:09 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2009-01-31 21:16:54 —-D—- C:Program FilesFreeSpacer
2009-01-31 21:10:57 —-D—- C:Program FilesNETBYNET
2009-01-31 20:45:19 —-D—- C:Program FilesCCleaner
2009-01-31 19:38:37 —-D—- C:Program FilesSuper Metla
2009-01-31 19:33:21 —-D—- C:Program FilesPointstone
2009-01-31 19:33:21 —-D—- C:Program FilesCommon FilesPointstone======List of files/folders modified in the last 1 months======
2009-02-20 02:24:56 —-D—- C:WINDOWSTemp
2009-02-20 02:20:12 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-02-20 02:19:34 —-D—- C:WINDOWSsystem32drivers
2009-02-20 02:18:51 —-D—- C:WINDOWS
2009-02-20 02:17:08 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-20 02:10:58 —-D—- C:Documents and SettingsuserApplication DataSkype
2009-02-19 07:41:54 —-D—- C:Documents and SettingsuserApplication DataMegauploadToolbar
2009-02-18 02:19:59 —-D—- C:Program Files
2009-02-15 03:06:48 —-D—- C:Documents and SettingsuserApplication DataskypePM
2009-02-14 04:34:35 —-SHD—- C:WINDOWSInstaller
2009-02-14 04:34:35 —-SHD—- C:Config.Msi
2009-02-14 04:34:35 —-RSD—- C:WINDOWSassembly
2009-02-14 04:33:42 —-HD—- C:WINDOWSinf
2009-02-14 04:33:38 —-D—- C:WINDOWSsystem32
2009-02-14 04:32:52 —-HD—- C:WINDOWS$hf_mig$
2009-02-14 04:32:51 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-13 06:54:26 —-D—- C:Program FilesInternet Explorer
2009-02-12 07:56:17 —-A—- C:WINDOWSsystem32MRT.exe
2009-02-10 04:24:17 —-A—- C:WINDOWSNeroDigital.ini
2009-02-10 04:10:59 —-D—- C:WINDOWSHelp
2009-02-08 03:06:37 —-A—- C:WINDOWSimsins.BAK
2009-02-08 03:06:24 —-RSHD—- C:WINDOWSsystem32dllcache
2009-02-07 04:12:13 —-SD—- C:WINDOWSDownloaded Program Files
2009-02-06 03:36:31 —-D—- C:WINDOWSsystem32ru-ru
2009-02-06 03:31:11 —-D—- C:WINDOWSie7updates
2009-02-06 03:24:00 —-D—- C:WINDOWSWBEM
2009-02-03 05:00:57 —-D—- C:WINDOWSPrefetch
2009-02-02 18:07:05 —-D—- C:Documents and SettingsuserApplication DataMra
2009-01-31 19:33:21 —-D—- C:Program FilesCommon Files======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 ItSDisk;ItSDisk; C:WINDOWSSystem32DriversItSDisk.sys [2006-05-16 17840]
R1 klif;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-02-05 213520]
R1 PersonalSecureDrive;PersonalSecureDrive; C:WINDOWSSystem32driverspsd.sys [2005-11-29 36768]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2006-09-28 21419]
R2 s24trans;WLAN Transport; C:WINDOWSsystem32DRIVERSs24trans.sys [2006-08-02 12544]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2006-06-07 329901]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2006-06-07 30459]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-06-07 855018]
R3 btwhid;btwhid; C:WINDOWSsystem32DRIVERSbtwhid.sys [2006-06-07 47811]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-06-07 67384]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 IFXTPM;IFXTPM; C:WINDOWSsystem32DRIVERSIFXTPM.SYS [2005-10-21 36352]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-08-15 4368896]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSsystem32DRIVERSATKACPI.sys [2005-02-17 5632]
R3 NETw3x32;Драйвер адаптера Intel(R) PRO/Wireless 3945ABG для 32-разрядной версии Windows XP; C:WINDOWSsystem32DRIVERSNETw3x32.sys [2006-07-26 1707776]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-02-08 3640608]
R3 rimmptsk;rimmptsk; C:WINDOWSsystem32DRIVERSrimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:WINDOWSsystem32DRIVERSrimsptsk.sys [2005-11-01 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:WINDOWSsystem32DRIVERSrixdptsk.sys [2005-11-01 308992]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:WINDOWSsystem32DRIVERSsmserial.sys [2006-01-19 862340]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2006-05-25 193088]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2006-06-07 149028]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 ipswuio;ipswuio; C:WINDOWSSystem32DRIVERSipswuio.sys [2006-01-24 34944]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2005-11-16 78976]
S3 sffdisk;Драйвер класса SFF Storage; C:WINDOWSsystem32DRIVERSsffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Драйвер протокола SFF Storage для SDBus; C:WINDOWSsystem32DRIVERSsffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:WINDOWSsystem32DRIVERSsnp2sxp.sys [2006-01-04 10219904]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 SPT2Sp50;SPT2Sp50 NDIS Protocol Driver; C:WINDOWSSystem32DriversSPT2Sp50.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:WINDOWSsystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:WINDOWSsystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASChannel;Local Communication Channel; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R2 avp;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-02-05 206088]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2006-06-07 266295]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:Program FilesIntelWirelessBinEvtEng.exe [2006-08-01 434176]
R2 IFXSpMgtSrv;Security Platform Management Service; c:WINDOWSsystem32IFXSPMGT.exe [2006-03-10 507904]
R2 IFXTCS;Trusted Platform Core Service; c:WINDOWSsystem32IFXTCS.exe [2006-03-10 741376]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-02-08 143426]
R2 PersonalSecureDriveService;Personal Secure Drive Service; c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE [2005-11-29 99872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:Program FilesIntelWirelessBinRegSrvc.exe [2006-08-01 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:Program FilesIntelWirelessBinS24EvMon.exe [2006-08-01 937984]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; c:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-03 69632]
S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
EOF
Здравствуйте! Вот что показал сканер RSIT:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by user at 2009-02-18 02:19:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (16%) free of 68 GB
Total RAM: 1023 MB (20% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:17, on 18.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
c:WINDOWSsystem32IFXSPMGT.exe
c:WINDOWSsystem32IFXTCS.exe
C:WINDOWSsystem32nvsvc32.exe
c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe
c:Program FilesASUS Security CenterASUS Security Protect ManagerBinAsGHost.exe
C:WINDOWSExplorer.EXE
c:Program FilesInfineonSecurity Platform SoftwarePSDrt.exe
c:Program FilesInfineonSecurity Platform SoftwareSpTna.exe
C:WINDOWSATK0100HControl.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesASUSASUS Live UpdateALU.exe
C:WINDOWSsm56hlpr.exe
C:Program FilesWireless Console 2wcourier.exe
C:WINDOWSATK0100ATKOSD.exe
C:Program FilesASUSSplendidACMON.exe
C:WINDOWSsystem32ACEngSvr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesASUSTeKASUSDVDPDVDServ.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesWinampwinampa.exe
C:Program FilesYahoo!Search ProtectionSearchProtection.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesIntelWirelessBinDot1XCfg.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesASUSNet4SwitchNet4Switch.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesASUSAsus MultiFrameMultiFrame.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesSkypePlugin ManagerSkypePM.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesOperaOpera.exe
C:Program FilesICQ6ICQ.exe
C:Documents and SettingsuserРабочий столRSIT.exe
C:Program Filestrend microuser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ru.msn.com/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.asus.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Megaupload Toolbar — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — C:PROGRA~1MEGAUP~2MEGAUP~1.DLL
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: Yahoo! IE Services Button — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Помощник по входу в Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: TBSB03223 — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: MegaIEMn — {bf00e119-21a3-4fd1-b178-3b8537e75c92} — C:Program FilesMegauploadMega ManagerMegaIEMn.dll
O2 — BHO: ASUS Security Protect Manager — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: Megaupload Toolbar — {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — C:PROGRA~1MEGAUP~2MEGAUP~1.DLL
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Яндекс.Поиск — {893AE660-AE80-4dd0-9959-24D2337C04E8} — C:Program FilesYandexOnlineyndminibar.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [HControl] C:WINDOWSATK0100HControl.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [ASUS Live Update] C:Program FilesASUSASUS Live UpdateALU.exe
O4 — HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 — HKLM..Run: [Wireless Console 2] C:Program FilesWireless Console 2wcourier.exe
O4 — HKLM..Run: [ACMON] C:Program FilesASUSSplendidACMON.exe
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [Zshutdown] c:syspreppatchsysprep.cmd
O4 — HKLM..Run: [ABLKSR] C:windowsABLKSRABLKSR.exe
O4 — HKLM..Run: [RemoteControl] «C:Program FilesASUSTeKASUSDVDPDVDServ.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Power_Gear] C:Program FilesASUSPower4 GearBatteryLife.exe 1
O4 — HKLM..Run: [IntelZeroConfig] «C:Program FilesIntelWirelessbinZCfgSvc.exe»
O4 — HKLM..Run: [IntelWireless] «C:Program FilesIntelWirelessBinifrmewrk.exe» /tf Intel PROSet/Wireless
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [MambaUpdater] C:\DOCUME~1\user\LOCALS~1\Temp\Tet-A-Tet\updater.exe C:Documents and SettingsuserМои документыПрограммкиTet-A-Tet.exe C:\DOCUME~1\user\LOCALS~1\Temp\Tet-A-Tet\Tet-A-Tet.exe
O4 — HKLM..Run: [YSearchProtection] «C:Program FilesYahoo!Search ProtectionSearchProtection.exe»
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [NevoDRM] «C:Program FilesИгрыNevoDRMNevoDRM.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Net4Switch] C:Program FilesASUSNet4SwitchNet4Switch.exe
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesWindows LiveMessengerMsnMsgr.Exe» /background
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_9 -reboot 1
O4 — HKCU..Run: [Yahoo! Pager] «C:Program FilesYahoo!MessengerYahooMessenger.exe» -quiet
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
O4 — HKCU..Run: [ChristmasTree] C:DOCUME~1userLOCALS~1TempRar$EX00.375Christmas.exe
O4 — HKCU..Run: [Search Protection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Инструмент проверки носителя для Cyber-shot Viewer.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: MultiFrame.lnk = ?
O8 — Extra context menu item: &Отправить на устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU1.dll/dic.htm
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: Отправка в блог — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra ‘Tools’ menuitem: &Отправка в блог Windows Live Writer — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Yahoo! Services — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O14 — IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 — DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) — http://www.kaspersky.com/kos/russian/partner/rus/kavwebscan_unicode.cab
O16 — DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) — http://www.ipix.com/download/ipixx.cab
O16 — DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) — C:Program FilesYahoo!CommonYinsthelper.dll
O16 — DPF: {4D61BC1B-345F-408C-A318-E7A4059236A8} (CRicharoundVR2111 Object) — http://www.enternetica.com/viewer/evp.cab
O16 — DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) — http://irishkamoscow.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 — DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) — http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197331351546
O16 — DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) — http://foto.mail.ru/ImageUploader4.cab
O16 — DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) — http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 — DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games — Installer) — http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 — DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) — http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 — HKLMSystemCCSServicesTcpip..{490AFAC8-1642-40EE-BCCE-D94360A21D70}: NameServer = 212.1.224.34 212.1.230.111
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O20 — Winlogon Notify: OneCard — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll
O23 — Service: ASP.NET State Service aspnet_stateCiSvc (aspnet_stateCiSvc) — Unknown owner — C:WINDOWS
O23 — Service: Kaspersky Internet Security (avp) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Intel(R) PROSet/Wireless Event Log (EvtEng) — Intel Corporation — C:Program FilesIntelWirelessBinEvtEng.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — c:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Security Platform Management Service (IFXSpMgtSrv) — Infineon Technologies AG — c:WINDOWSsystem32IFXSPMGT.exe
O23 — Service: Trusted Platform Core Service (IFXTCS) — Infineon Technologies AG — c:WINDOWSsystem32IFXTCS.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Unknown owner — C:Program FilesiPodbiniPodService.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Personal Secure Drive Service (PersonalSecureDriveService) — Infineon Technologies AG — c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) — Intel Corporation — C:Program FilesIntelWirelessBinRegSrvc.exe
O23 — Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) — Intel Corporation — C:Program FilesIntelWirelessBinS24EvMon.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 18112 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksSymantec NetDetect.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-12-18 59032][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-04-23 1377576][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-05-02 308856][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar — C:PROGRA~1MEGAUP~2MEGAUP~1.DLL [2007-11-14 1933256][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button — C:Program FilesYahoo!Commonyiesrvc.dll [2006-10-31 198136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-11-04 667336][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу в Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2008-11-18 408952][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class — C:Program FilesMegauploadMega ManagerMegaIEMn.dll [2007-10-08 110592][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager — c:Program FilesASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll [2006-01-24 65536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU1.dll [2007-11-10 804336]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} — Megaupload Toolbar — C:PROGRA~1MEGAUP~2MEGAUP~1.DLL [2007-11-14 1933256]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-11-04 667336]
{893AE660-AE80-4dd0-9959-24D2337C04E8} — Яндекс.Поиск — C:Program FilesYandexOnlineyndminibar.dll [2008-03-14 204800]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«HControl»=C:WINDOWSATK0100HControl.exe [2006-02-23 106496]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-02-08 7405568]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-02-08 86016]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2006-08-14 16050176]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«ASUS Live Update»=C:Program FilesASUSASUS Live UpdateALU.exe [2006-02-21 180224]
«SMSERIAL»=C:WINDOWSsm56hlpr.exe [2006-01-19 544768]
«Wireless Console 2″=C:Program FilesWireless Console 2wcourier.exe [2005-10-17 987136]
«ACMON»=C:Program FilesASUSSplendidACMON.exe [2006-05-30 811008]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2006-05-25 786521]
«Zshutdown»=c:syspreppatchsysprep.cmd []
«ABLKSR»=C:windowsABLKSRABLKSR.exe [2006-01-03 61440]
«RemoteControl»=C:Program FilesASUSTeKASUSDVDPDVDServ.exe [2004-11-02 32768]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«Power_Gear»=C:Program FilesASUSPower4 GearBatteryLife.exe [2006-03-14 90112]
«IntelZeroConfig»=C:Program FilesIntelWirelessbinZCfgSvc.exe [2006-08-01 802816]
«IntelWireless»=C:Program FilesIntelWirelessBinifrmewrk.exe [2006-08-01 696320]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-11-04 4412920]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2008-08-04 36352]
«MambaUpdater»=C:\DOCUME~1\user\LOCALS~1\Temp\Tet-A-Tet\updater.exe [2007-10-26 1593474]
«YSearchProtection»=C:Program FilesYahoo!Search ProtectionSearchProtection.exe [2008-10-07 111856]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-05-02 185896]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-02-05 206088]
«NevoDRM»=C:Program FilesИгрыNevoDRMNevoDRM.exe [2008-07-29 119808][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«Net4Switch»=C:Program FilesASUSNet4SwitchNet4Switch.exe [2006-03-02 1101824]
«MsnMsgr»=C:Program FilesWindows LiveMessengerMsnMsgr.Exe [2008-12-02 3882312]
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe [2006-03-30 313472]
«Yahoo! Pager»=C:Program FilesYahoo!MessengerYahooMessenger.exe [2007-11-06 3810544]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-09-01 479496]
«YandexOnline»=C:Program FilesYandexOnlineonline.exe [2008-03-14 2291200]
«ChristmasTree»=C:DOCUME~1userLOCALS~1TempRar$EX00.375Christmas.exe []
«Search Protection»=C:Program FilesYahoo!Search ProtectionSearchProtection.exe [2008-10-07 111856]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
MultiFrame.lnk — C:Program FilesASUSAsus MultiFrameMultiFrame.exeC:Documents and SettingsuserГлавное менюПрограммыАвтозагрузка
Инструмент проверки носителя для Cyber-shot Viewer.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyIfxWlxEN]
C:WINDOWSsystem32IfxWlxEN.dll [2006-03-10 434176][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyOneCard]
c:Program FilesASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll [2006-05-03 40448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=scecli
ASWLNPkg[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinek85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinra86.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinvb40.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinek85.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinra86.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinvb40.sys]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoFolderOptions»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMessengerMSMSGS.EXE»=»C:Program FilesMessengerMSMSGS.EXE:*:Enabled:Windows Messenger»
«C:Program FilesMail.RuAgentMagent.exe»=»C:Program FilesMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Agent»
«C:Program FilesQIPQIP.EXE»=»C:Program FilesQIPQIP.EXE:*:Enabled:Quiet Internet Pager»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Documents and SettingsuserApplication DataICQ Toolbarpost.exe»=»C:Documents and SettingsuserApplication DataICQ Toolbarpost.exe:*:Enabled:Enabled»
«C:Program FilesYahoo!MessengerYahooMessenger.exe»=»C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger»
«C:Program FilesYahoo!MessengerYServer.exe»=»C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveSyncWindowsLiveSync.exe»=»C:Program FilesWindows LiveSyncWindowsLiveSync.exe:*:Enabled:Windows Live Sync»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype. The whole world can talk for free.»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveSyncWindowsLiveSync.exe»=»C:Program FilesWindows LiveSyncWindowsLiveSync.exe:*:Enabled:Windows Live Sync»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f7159c6-5b1f-11dc-b717-001641b2c995}]
shellAutoRuncommand — G:USBNB.exe======List of files/folders created in the last 1 months======
2009-02-18 02:19:59 —-D—- C:Program Filestrend micro
2009-02-18 02:19:57 —-D—- C:rsit
2009-02-14 04:33:35 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-02-14 04:32:51 —-D—- C:WINDOWSLastGood
2009-02-13 04:48:49 —-D—- C:Documents and SettingsuserApplication DataMalwarebytes
2009-02-13 04:48:43 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-02-13 04:48:42 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-02-08 03:06:05 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2009-02-08 03:05:09 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2009-01-31 21:16:54 —-D—- C:Program FilesFreeSpacer
2009-01-31 21:10:57 —-D—- C:Program FilesNETBYNET
2009-01-31 20:45:19 —-D—- C:Program FilesCCleaner
2009-01-31 19:38:37 —-D—- C:Program FilesSuper Metla
2009-01-31 19:33:21 —-D—- C:Program FilesPointstone
2009-01-31 19:33:21 —-D—- C:Program FilesCommon FilesPointstone======List of files/folders modified in the last 1 months======
2009-02-18 02:20:13 —-D—- C:WINDOWSTemp
2009-02-18 02:19:59 —-D—- C:Program Files
2009-02-18 02:11:47 —-D—- C:Documents and SettingsuserApplication DataSkype
2009-02-15 04:33:13 —-D—- C:Documents and SettingsuserApplication DataMegauploadToolbar
2009-02-15 03:06:48 —-D—- C:Documents and SettingsuserApplication DataskypePM
2009-02-14 04:34:35 —-SHD—- C:WINDOWSInstaller
2009-02-14 04:34:35 —-SHD—- C:Config.Msi
2009-02-14 04:34:35 —-RSD—- C:WINDOWSassembly
2009-02-14 04:33:42 —-HD—- C:WINDOWSinf
2009-02-14 04:33:41 —-D—- C:WINDOWS
2009-02-14 04:33:38 —-D—- C:WINDOWSsystem32
2009-02-14 04:32:52 —-HD—- C:WINDOWS$hf_mig$
2009-02-14 04:32:51 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-13 07:00:06 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-02-13 06:59:38 —-D—- C:WINDOWSsystem32drivers
2009-02-13 06:57:28 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-13 06:54:26 —-D—- C:Program FilesInternet Explorer
2009-02-12 07:56:17 —-A—- C:WINDOWSsystem32MRT.exe
2009-02-10 04:24:17 —-A—- C:WINDOWSNeroDigital.ini
2009-02-10 04:10:59 —-D—- C:WINDOWSHelp
2009-02-08 03:06:37 —-A—- C:WINDOWSimsins.BAK
2009-02-08 03:06:24 —-RSHD—- C:WINDOWSsystem32dllcache
2009-02-07 04:12:13 —-SD—- C:WINDOWSDownloaded Program Files
2009-02-06 03:36:31 —-D—- C:WINDOWSsystem32ru-ru
2009-02-06 03:31:11 —-D—- C:WINDOWSie7updates
2009-02-06 03:24:00 —-D—- C:WINDOWSWBEM
2009-02-03 05:00:57 —-D—- C:WINDOWSPrefetch
2009-02-02 18:07:05 —-D—- C:Documents and SettingsuserApplication DataMra
2009-01-31 19:33:21 —-D—- C:Program FilesCommon Files======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 ItSDisk;ItSDisk; C:WINDOWSSystem32DriversItSDisk.sys [2006-05-16 17840]
R1 klif;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-02-05 213520]
R1 PersonalSecureDrive;PersonalSecureDrive; C:WINDOWSSystem32driverspsd.sys [2005-11-29 36768]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2006-09-28 21419]
R2 s24trans;WLAN Transport; C:WINDOWSsystem32DRIVERSs24trans.sys [2006-08-02 12544]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2006-06-07 329901]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2006-06-07 30459]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-06-07 855018]
R3 btwhid;btwhid; C:WINDOWSsystem32DRIVERSbtwhid.sys [2006-06-07 47811]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-06-07 67384]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 IFXTPM;IFXTPM; C:WINDOWSsystem32DRIVERSIFXTPM.SYS [2005-10-21 36352]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-08-15 4368896]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSsystem32DRIVERSATKACPI.sys [2005-02-17 5632]
R3 NETw3x32;Драйвер адаптера Intel(R) PRO/Wireless 3945ABG для 32-разрядной версии Windows XP; C:WINDOWSsystem32DRIVERSNETw3x32.sys [2006-07-26 1707776]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-02-08 3640608]
R3 rimmptsk;rimmptsk; C:WINDOWSsystem32DRIVERSrimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:WINDOWSsystem32DRIVERSrimsptsk.sys [2005-11-01 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:WINDOWSsystem32DRIVERSrixdptsk.sys [2005-11-01 308992]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:WINDOWSsystem32DRIVERSsmserial.sys [2006-01-19 862340]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2006-05-25 193088]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2006-06-07 149028]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 ipswuio;ipswuio; C:WINDOWSSystem32DRIVERSipswuio.sys [2006-01-24 34944]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2005-11-16 78976]
S3 sffdisk;Драйвер класса SFF Storage; C:WINDOWSsystem32DRIVERSsffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Драйвер протокола SFF Storage для SDBus; C:WINDOWSsystem32DRIVERSsffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:WINDOWSsystem32DRIVERSsnp2sxp.sys [2006-01-04 10219904]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 SPT2Sp50;SPT2Sp50 NDIS Protocol Driver; C:WINDOWSSystem32DriversSPT2Sp50.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:WINDOWSsystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:WINDOWSsystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; ??C:Program FilesSymantecSYMEVENT.SYS []
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASChannel;Local Communication Channel; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R2 avp;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-02-05 206088]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2006-06-07 266295]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:Program FilesIntelWirelessBinEvtEng.exe [2006-08-01 434176]
R2 IFXSpMgtSrv;Security Platform Management Service; c:WINDOWSsystem32IFXSPMGT.exe [2006-03-10 507904]
R2 IFXTCS;Trusted Platform Core Service; c:WINDOWSsystem32IFXTCS.exe [2006-03-10 741376]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-02-08 143426]
R2 PersonalSecureDriveService;Personal Secure Drive Service; c:Program FilesInfineonSecurity Platform SoftwarePSDsrvc.EXE [2005-11-29 99872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:Program FilesIntelWirelessBinRegSrvc.exe [2006-08-01 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:Program FilesIntelWirelessBinS24EvMon.exe [2006-08-01 937984]
S2 aspnet_stateCiSvc;ASP.NET State Service aspnet_stateCiSvc; р%Ђ|x srv []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; c:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-03 69632]
S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
EOF
