SPYWARE-RU.COM

Созданные ответы форума

Просмотр 9 сообщений - с 1 по 9 (из 9 всего)

Автор

Сообщения
2 апреля, 2009 в 5:23 пп в ответ на: удолить информер #22761
nobbert
Participant
- Темы:3
- Сообщений:12
сделал как сказано,только вместо Папка пользовательских файлов JavaScrypt,было JavaScript,но информер исчез.вот лог
DDS (Ver_09-03-16.01) — NTFSx86
Run by Admin at 22:03:38,00 on 05.03.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.511.146 [GMT 4:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32Ati2evxx.exe
svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesGoogleUpdateGoogleUpdate.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:WINDOWSsystem32rserver30RServer3.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32rserver30FamItrfc.Exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSSOUNDMAN.EXE
C:Program FilesAmlMapleAmlMaple.exe
C:Program FilesMultimedia Combo SetMouseDrv.exe
C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FileslouderitLouderIt.exe
C:Program FilesLClocklclock.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesCursorXPCursorXP.exe
C:PROGRA~1MICROS~4rapimgr.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesMail.RuAgentmagent.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsAdminРабочий столdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mail.ru
uLocal Page = c:windowspchealthhelpctrsystempanelsblank.htm
uInternet Connection Wizard,ShellNext = hxxp://dt-updates.com/activate?query=vk3ri0r6XEm4%2br%2bs57aUe3AFWbBanIIIGCqccKypmXAluGD4n8tHqVvfEn6WiiozWf3ieLX8OO%2bsKEPJPIzgKM%2bCPCIaPbluJ1Ly4pYGnP%2fRECT7NtaBidtdp8JQA8Qao63kIsFOQ6fU3ZrdjmlbgNOzgtJ%2fU64ti8f5l94swsqjL7vIRNgFDeFEZrDwQrno8XHTI4XzhAfG4U5mkV7iDGByD45vXFgxNZGC1U1Qv2WRNb0NdcTJ5edrB1gOlowhTzCGkq6l6bEtJPmXmZbsYRcT23y07bxDCp28TCp2HQk%3d
uURLSearchHooks: {83821c2b-32a8-4dd7-b6d4-44309a78e668} — c:program filesmail.ruagentmradllnewmrasearch.dll
uURLSearchHooks: Спутник@Mail.Ru: {09900de8-1dca-443f-9243-26ff581438af} — c:program filesmail.rusputnikMailRuSputnik.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} — c:program filestechsmithsnagit 8SnagItBHO.dll
BHO: Open LI Toolbar: {067c5591-c9fb-4dcc-835f-6cb5dc169d44} — c:progra~1litool~1LIToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} — c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} — c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} — c:program fileskaspersky labkaspersky internet security 2009ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} — c:program filesjavajre1.6.0_07binssv.dll
BHO: MailRuBHO Class: {8984b388-a5bb-4df7-b274-77b879e179db} — c:program filesmail.rusputnikMailRuSputnik.dll
BHO: IE 4.x-6.x BHO for Download Master: {9961627e-4059-41b4-8e0e-a7d6b3854adf} — c:progra~1downlo~1dmiehlp.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} — c:program filestechsmithsnagit 8SnagItIEAddin.dll
TB: Спутник@Mail.Ru: {09900de8-1dca-443f-9243-26ff581438af} — c:program filesmail.rusputnikMailRuSputnik.dll
TB: LI Toolbar: {067c5591-c9fb-4dcc-835f-6cb5dc169d41} — c:progra~1litool~1LIToolbar.dll
EB: Настройки СОКРАТ Интернет 3.0: {6810c254-fb30-4f46-84dc-4584f5f1ffae} — c:program filesarsenal companysocrat internetSocratInternetT.dll
uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe
uRun: [louderit.exe] c:program fileslouderitLouderIt.exe
uRun: [LClock] c:program fileslclocklclock.exe
uRun: [KillCopy] «c:windowssystem32killcopy.exe» /kcresume /startup
uRun: [H/PC Connection Agent] «c:program filesmicrosoft activesyncwcescomm.exe»
uRun: [AlcoholAutomount] «c:program filesalcohol softalcohol 120axcmd.exe» /automount
uRun: [CursorXP] c:program filescursorxpCursorXP.exe
uRun: [ByteOMeter] «c:program filesbyteometerByteOMeter.exe»
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AmlMaple] c:program filesamlmapleAmlMaple.exe
mRun: [NeroFilterCheck] c:windowssystem32NeroCheck.exe
mRun: [WireLessMouse ] c:program filesmultimedia combo setMouseDrv.exe
mRun: [WireLessKeyboard ] c:program filesmultimedia combo setPS2USBKbdDrv.exe
mRun: [RemoteControl8] «c:program filescyberlinkpowerdvd8PDVD8Serv.exe»
mRun: [PDVD8LanguageShortcut] «c:program filescyberlinkpowerdvd8languageLanguage.exe»
mRun: [AVP] «c:program fileskaspersky labkaspersky internet security 2009avp.exe»
mRun: [Adobe Reader Speed Launcher] «c:program filesadobereader 9.0readerReader_sl.exe»
mRun: [MAgent] c:program filesmail.ruagentMAgent.exe -LM
mRun: [VIPv3_Auto_Update] c:windowsvipv3CheckForUpdates.exe
mRun: [QuickTime Task] «c:program filesquicktimeqttask.exe» -atboottime
dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE
dRunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection c:windowsinfcustom.inf,NewUserFirstLogonInstall,0
dRunOnce: [IE7_011] regsvr32 /s /n /i:u shell32
dRunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N
StartupFolder: c:docume~1alluse~15d29~14a66~160c2~1adobeg~1.lnk — c:program filescommon filesadobecalibrationAdobe Gamma Loader.exe
StartupFolder: c:docume~1alluse~15d29~14a66~160c2~1blueso~1.lnk — c:program filesivt corporationbluesoleilBlueSoleil.exe
StartupFolder: c:docume~1alluse~15d29~14a66~160c2~1nikonm~1.lnk — c:program filescommon filesnikonmonitorNkMonitor.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoPrinters = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &Перевести — c:program filesarsenal companysocrat internethtmlWSocrat.js
IE: &Экспорт в Microsoft Excel — c:progra~1micros~2office12EXCEL.EXE/3000
IE: Добавить в Анти-Баннер — c:program fileskaspersky labkaspersky internet security 2009ie_banner_deny.htm
IE: Закачать ВСЕ при помощи Download Master — c:program filesdownload masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesdownload masterdmie.htm
IE: Запостить в LiveInternet-дневник — c:progra~1litool~1LIToolbar.dll/IECONTEXT.DLL.HTM
IE: Запостить картинку в LiveInternet-дневник — c:progra~1litool~1LIToolbar.dll/IECONTEXT_IMG.DLL.HTM
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesmail.ruagentmagent.exe
IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesdownload masterdmaster.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} — %windir%Network Diagnosticxpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} — c:program filesjavajre1.6.0_07binssv.dll
IE: {17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} — c:program filesarsenal companysocrat internetSocratInternet.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — {85E0B171-04FA-11D1-B7DA-00A0C90348D6} — c:program fileskaspersky labkaspersky internet security 2009SCIEPlgn.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} — c:progra~1micros~4INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} — c:progra~1micros~4INetRepl.dll
IE: {71F65890-5ED6-11d4-9665-00E02962D81A} — {6810C254-FB30-4f46-84DC-4584F5F1FFAE} — c:program filesarsenal companysocrat internetSocratInternetT.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} — {FF059E31-CC5A-4E2E-BF3B-96E929D65503} — c:progra~1micros~2office12REFIEBAR.DLL
IE: {DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — {A3400175-12F9-4220-83BF-A7210CA4003E} — c:program filesarsenal companysocrat internetSocratInternet.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} — hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} — hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} — hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} — hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {82F5A454-B68B-481C-9D52-D3FB1EC251D3} = 62.213.0.12 62.213.2.1
Notify: AtiExtEvent — Ati2evxx.dll
Notify: klogon — c:windowssystem32klogon.dll
AppInit_DLLs: c:progra~1kasper~1kasper~1mzvkbd.dll,c:progra~1kasper~1kasper~1mzvkbd3.dll,c:progra~1kasper~1kasper~1adialhk.dll,c:progra~1kasper~1kasper~1kloehk.dll
SSODL: WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — c:windowssystem32wpdshserviceobj.dll

================= FIREFOX ===================

FF — ProfilePath — c:docume~1adminapplic~1mozillafirefoxprofilesmevysotl.default
FF — prefs.js: browser.startup.homepage — hxxp://www.mail.ru
FF — prefs.js: browser.search.selectedEngine — РџРѕРёСЃРє@mail.ru
FF — prefs.js: network.proxy.type — 2
FF — plugin: c:program filesgoogleupdate1.2.141.5npGoogleOneClick7.dll
FF — plugin: c:program filesk-lite codec packrealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesk-lite codec packrealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesoperaprogrampluginsnp-mswmp.dll
FF — plugin: c:program filesoperaprogrampluginsnp-mswmp.dll
FF — plugin: c:program filesoperaprogrampluginsNP32DSW.DLL
FF — plugin: c:program filesoperaprogrampluginsnpdevalvr.dll
FF — plugin: c:program filesoperaprogrampluginsnpdevalvr.dll
FF — plugin: c:program filesoperaprogrampluginsnpdivx32.dll
FF — plugin: c:program filesoperaprogrampluginsnpdivx32.dll
FF — plugin: c:program filesoperaprogrampluginsnpindeo.dll
FF — plugin: c:program filesoperaprogrampluginsnpindeo.dll
FF — plugin: c:program filesoperaprogrampluginsnppl3260.dll
FF — plugin: c:program filesoperaprogrampluginsnprhapengine.dll
FF — plugin: c:program filesoperaprogrampluginsnprhapengine.dll
FF — plugin: c:program filesoperaprogrampluginsnprjplug.dll
FF — plugin: c:program filesoperaprogrampluginsnprjplug.dll
FF — plugin: c:program filesoperaprogrampluginsnprpjplug.dll
FF — plugin: c:program filesoperaprogrampluginsnprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 AFPAnsi;Alfa File Protector Ansi;c:windowssystem32driversAFPAnsi.sys [2009-1-10 43936]
R0 hotcore3;hotcore3;c:windowssystem32drivershotcore3.sys [2009-1-10 39472]
R0 kl1;Kl1;c:windowssystem32driverskl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:windowssystem32driversklif.sys [2009-1-10 213520]
R1 raddrvv3;raddrvv3;c:windowssystem32rserver30raddrvv3.sys [2008-4-24 45848]
R1 VBoxDrv;VirtualBox Service;c:windowssystem32driversVBoxDrv.sys [2009-1-10 55424]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:windowssystem32driversVBoxUSBMon.sys [2009-1-10 42048]
R2 AVP;Kaspersky Internet Security;c:program fileskaspersky labkaspersky internet security 2009avp.exe [2008-7-29 206088]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32driversklfltdev.sys [2008-3-13 26640]
R3 mirrorv3;mirrorv3;c:windowssystem32driversrminiv3.sys [2006-11-1 3328]
S2 gupdate1c989fe9dfec3ec;Google Update Service (gupdate1c989fe9dfec3ec);c:program filesgoogleupdateGoogleUpdate.exe [2009-2-8 133104]
S2 OMSCAN;OMSCAN;Syst —> Syst [?]

=============== Created Last 30 ================

2009-02-25 20:30 43,528

c:windowssystem32driversPxHelp20.sys
2009-02-25 20:25 —d

c:program filesDivX
2009-02-25 19:45 87,608 a

c:docume~1adminapplic~1inst.exe
2009-02-25 19:45 47,360 a

c:windowssystem32driverspcouffin.sys
2009-02-25 19:45 47,360 a

c:docume~1adminapplic~1pcouffin.sys
2009-02-25 19:44 217,127 a

c:windowssystem32drv43260.dll
2009-02-25 19:44 208,935 a

c:windowssystem32drv33260.dll
2009-02-25 19:44 102,439 a

c:windowssystem32sipr3260.dll
2009-02-25 19:44 1,184,984 a

c:windowssystem32wvc1dmod.dll
2009-02-25 19:44 626,688 a

c:windowssystem32vp7vfw.dll
2009-02-25 19:44 176,165 a

c:windowssystem32drv23260.dll
2009-02-25 19:44 65,602 a

c:windowssystem32cook3260.dll
2009-02-25 19:44 —d

c:program filesVSO
2009-02-24 18:21 —d

c:docume~1adminapplic~1ByteOMeter
2009-02-24 18:21 —d

c:program filesByteOMeter
2009-02-19 00:22 —d

c:program filescommon filesmuvee Technologies
2009-02-19 00:19 —d

c:docume~1alluse~1applic~1Font Book
2009-02-16 12:49 —d

c:program filesLIToolbar
2009-02-13 14:04 —d

c:program filesУскоритель интернета
2009-02-09 17:54 —d

c:program filesЦетр новых технологий
2009-02-08 21:01 —d

c:windowssystem32appmgmt
2009-02-08 20:17 131 a

C:initemp.dat
2009-02-08 18:28 —d

c:program filesSatelliteTVforPC
2009-02-08 18:17 —d

c:windowsuninstall
2009-02-08 17:56 —d

c:program filesWindows Media Components
2009-02-08 17:51 —d

c:program filesCorel
2009-02-08 16:00 —d

c:docume~1adminapplic~1Aston
2009-02-08 16:00 —d—r— c:program filesAston
2009-02-07 19:55 —d

c:program filesVideo Client
2009-02-06 22:16 119,798 a—-r— c:windowssystem32driversSPCA561.SYS
2009-02-06 22:16 14,336 a—-r— c:windowssystem32dshow508.ax
2009-02-06 22:16 54,272 ac

c:windowssystem32dllcachevfwwdm32.dll
2009-02-06 22:16 54,272 a

c:windowssystem32vfwwdm32.dll
2009-02-06 21:25 42 a

c:windowslifeview.ini
2009-02-06 20:14 —d

C:VideoCAM Express
2009-02-06 20:12 162,969 a

c:windowssystem32driversOMCAMVID.SYS
2009-02-06 20:12 135,168 a

c:windowsOMCAMCAP.EXE
2009-02-06 20:12 73,728 a

c:windowsOMCAMDIB.DLL
2009-02-06 20:12 28,344 a

c:windowssystem32driversLvcamd.SYS
2009-02-06 20:12 24,335 a

c:windowssystem32driversOVTCAMD.SYS
2009-02-06 20:12 22,790 a

c:windowsOMCAMUSD.DLL
2009-02-06 20:12 6,049 a

c:windowssystem32OMCAMCPL.CPL
2009-02-06 19:15 —d

c:program filescommon filesAdobe Systems Shared
2009-02-06 12:31 —d

c:program filesPSCS2Updater
2009-02-05 23:13 86,016 a

c:windowsunvise32.exe
2009-02-05 21:14 5,632 a

c:windowssystem32ptpusb.dll
2009-02-05 21:14 159,232 a

c:windowssystem32ptpusd.dll
2009-02-05 21:14 15,104 ac

c:windowssystem32dllcacheusbscan.sys
2009-02-05 21:14 15,104 a

c:windowssystem32driversusbscan.sys
2009-02-04 21:47 327,168 a

c:windowsIsUn0419.exe
2009-02-04 20:29 —d

c:docume~1adminapplic~1Yandex
2009-02-04 16:52 —d

c:docume~1adminapplic~1Avant Profiles
2009-02-04 16:52 —d

c:program filesAvant Browser
2009-02-04 12:35 1,352,704 a

c:windowssystem32Gerz Clock.exe
2009-02-04 12:35 1,352,704 a

c:windowssystem32Gerz Clock.scr
2009-02-04 12:35 —d

c:windowssystem32Gerz Clock

==================== Find3M ====================

2009-03-19 23:48 724 a

c:program filesweoebwk.txt
2009-03-05 08:16 3,487,264 a—sh— c:windowssystem32driversfidbox.dat
2009-03-05 08:16 606,240 a—sh— c:windowssystem32driversfidbox2.dat
2009-03-05 08:16 29,372 a—sh— c:windowssystem32driversfidbox.idx
2009-03-05 08:16 4,200 a—sh— c:windowssystem32driversfidbox2.idx
2009-02-25 01:43 20 —-h— c:docume~1alluse~1applic~1PKP_DLdu.DAT
2009-02-19 00:19 106,496 a

c:windowssystem32ATL71.DLL
2009-02-10 19:54 33,808 a

c:windowssystem32driversklbg.sys
2009-02-04 20:31 488,014 a

c:windowssystem32perfh019.dat
2009-02-04 20:31 85,314 a

c:windowssystem32perfc019.dat
2009-02-03 21:10 101,287 a

c:windowssystem32driversklin.dat
2009-02-03 21:10 89,601 a

c:windowssystem32driversklick.dat
2009-01-19 21:58 7,176,124 a

c:windowssystem32VIPv3_EXT.dll
2009-01-11 18:55 259,584 a

c:windowssystem32xtbaksm.dll
2009-01-11 18:55 259,584 a

c:windowssystem32xtbaksm.dat
2009-01-10 18:37 86,327 a

c:windowspchealthhelpctrofflinecacheindex.dat
2009-01-10 16:33 355,584 a

c:windowssystem32TuneUpDefragService.exe
2009-01-10 14:05 418,480

c:windowssystem32wrap_oal.dll
2009-01-10 14:05 115,432

c:windowssystem32OpenAL32.dll
2009-01-09 23:44 62,813 a

c:windowssystem32Uninstall.exe
2009-01-09 23:12 717,296 a

c:windowssystem32driverssptd.sys
2009-01-09 23:00 22,564 a

c:windowssystem32emptyregdb.dat
2008-12-11 04:33 200,704 a

c:windowssystem32dtu100.dll
2008-12-11 04:33 86,016 a

c:windowssystem32dpl100.dll

============= FINISH: 22:13:29,35 ===============
очень вам благодарен,уже непервый раз выручаете
29 марта, 2009 в 11:37 дп в ответ на: удолить информер #22759
nobbert
Participant
- Темы:3
- Сообщений:12
в Mozilla Firefox и Opera.
29 марта, 2009 в 7:12 дп в ответ на: удолить информер #22757
nobbert
Participant
- Темы:3
- Сообщений:12
информер мешает только работе в интернете,на самам компьютере не отрозилось
23 марта, 2009 в 6:28 дп в ответ на: удолить информер #22755
nobbert
Participant
- Темы:3
- Сообщений:12
нет нечего нового не произошло
19 марта, 2009 в 8:13 пп в ответ на: удолить информер #22753
nobbert
Participant
- Темы:3
- Сообщений:12
вот,что просили:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: registry key «RegistryMachineSystemCurrentControlSetServicesak3n9edx» not found!
Deletion of driver «ak3n9edx» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not exist

Error: registry key «RegistryMachineSystemCurrentControlSetServicesanmtdai9» not found!
Deletion of driver «anmtdai9» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not exist

Error: file «C:WINDOWSsystem32driversanmtdai9.sys» not found!
Deletion of file «C:WINDOWSsystem32driversanmtdai9.sys» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not exist

Error: file «C:WINDOWSsystem32driversak3n9edx.sys» not found!
Deletion of file «C:WINDOWSsystem32driversak3n9edx.sys» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not exist

Error: file «C:Documents and SettingsAdminApplication Databpfeed.dll» not found!
Deletion of file «C:Documents and SettingsAdminApplication Databpfeed.dll» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not exist

Registry key «HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9D64F819-9380-8473-DAB2-702FCB3D7A3E}» deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of random’s system information tool 1.05 (written by random/random)
Run by Admin at 2009-03-20 00:00:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (9%) free of 38 GB
Total RAM: 511 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:01:10, on 20.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesGoogleUpdateGoogleUpdate.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:WINDOWSsystem32rserver30RServer3.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32rserver30FamItrfc.Exe
C:WINDOWSsystem32svchost.exe
C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesAmlMapleAmlMaple.exe
C:Program FilesMultimedia Combo SetMouseDrv.exe
C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FileslouderitLouderIt.exe
C:Program FilesLClocklclock.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesCursorXPCursorXP.exe
C:Program FilesByteOMeterByteOMeter.exe
C:PROGRA~1MICROS~4rapimgr.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSpchealthhelpctrSystempanelsblank.htm
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://dt-updates.com/activate?query=vk3ri0r6XEm4%2br%2bs57aUe3AFWbBanIIIGCqccKypmXAluGD4n8tHqVvfEn6WiiozWf3ieLX8OO%2bsKEPJPIzgKM%2bCPCIaPbluJ1Ly4pYGnP%2fRECT7NtaBidtdp8JQA8Qao63kIsFOQ6fU3ZrdjmlbgNOzgtJ%2fU64ti8f5l94swsqjL7vIRNgFDeFEZrDwQrno8XHTI4XzhAfG4U5mkV7iDGByD45vXFgxNZGC1U1Qv2WRNb0NdcTJ5edrB1gOlowhTzCGkq6l6bEtJPmXmZbsYRcT23y07bxDCp28TCp2HQk%3d
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: SnagIt Toolbar Loader — {00C6482D-C502-44C8-8409-FCE54AD9C208} — C:Program FilesTechSmithSnagIt 8SnagItBHO.dll
O2 — BHO: Open LI Toolbar — {067C5591-C9FB-4dcc-835F-6CB5DC169D44} — C:PROGRA~1LITOOL~1LIToolbar.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_07binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O3 — Toolbar: SnagIt — {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: LI Toolbar — {067C5591-C9FB-4dcc-835F-6CB5DC169D41} — C:PROGRA~1LITOOL~1LIToolbar.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [AmlMaple] C:Program FilesAmlMapleAmlMaple.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [WireLessMouse ] C:Program FilesMultimedia Combo SetMouseDrv.exe
O4 — HKLM..Run: [WireLessKeyboard ] C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
O4 — HKLM..Run: [RemoteControl8] «C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe»
O4 — HKLM..Run: [PDVD8LanguageShortcut] «C:Program FilesCyberLinkPowerDVD8LanguageLanguage.exe»
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [VIPv3_Auto_Update] C:WINDOWSVIPv3CheckForUpdates.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [louderit.exe] C:Program FileslouderitLouderIt.exe
O4 — HKCU..Run: [LClock] C:Program FilesLClocklclock.exe
O4 — HKCU..Run: [KillCopy] «C:WINDOWSsystem32killcopy.exe» /kcresume /startup
O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncwcescomm.exe»
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe
O4 — HKCU..Run: [ByteOMeter] «C:Program FilesByteOMeterByteOMeter.exe»
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: BlueSoleil.lnk = ?
O4 — Global Startup: Nikon Monitor.lnk = C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
O8 — Extra context menu item: &Перевести — C:Program FilesArsenal CompanySOCRAT InternetHTMLWSocrat.js
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Запостить в LiveInternet-дневник — res://C:PROGRA~1LITOOL~1LIToolbar.dll/IECONTEXT.DLL.HTM
O8 — Extra context menu item: Запостить картинку в LiveInternet-дневник — res://C:PROGRA~1LITOOL~1LIToolbar.dll/IECONTEXT_IMG.DLL.HTM
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — DctMapping — (no file)
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra button: СОКРАТ Интернет 3.0 — {17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~4INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~4INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~4INetRepl.dll
O9 — Extra button: Настройки СОКРАТ Интернет 3.0 — {71F65890-5ED6-11d4-9665-00E02962D81A} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternetT.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: Перевести страницу — {DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Open LI Toolbar — {067C5591-C9FB-4dcc-835F-6CB5DC169D43} — C:PROGRA~1LITOOL~1LIToolbar.dll (HKCU)
O9 — Extra ‘Tools’ menuitem: Open LI Toolbar — {067C5591-C9FB-4dcc-835F-6CB5DC169D43} — C:PROGRA~1LITOOL~1LIToolbar.dll (HKCU)
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 — HKLMSystemCCSServicesTcpip..{82F5A454-B68B-481C-9D52-D3FB1EC251D3}: NameServer = 62.213.0.12 62.213.2.1
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O23 — Service: Adobe LM Service — Unknown owner — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Google Update Service (gupdate1c989fe9dfec3ec) (gupdate1c989fe9dfec3ec) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Radmin Server V3 (RServer3) — Famatech International Corp. — C:WINDOWSsystem32rserver30RServer3.exe
O23 — Service: SiSoftware Deployment Agent Service (SandraAgentSrv) — SiSoftware — C:Program FilesSiSoftwareSiSoftware Sandra Pro Business 2009RpcAgentSrv.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: NST ToolTipFixer (TTFixerService) — NeoSmart Technologies — C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe
O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software GmbH — C:WINDOWSSystem32TuneUpDefragService.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 14643 bytes

======Scheduled tasks folder======

C:WINDOWStasks1-Click Maintenance.job
C:WINDOWStasksGoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader — C:Program FilesTechSmithSnagIt 8SnagItBHO.dll [2007-05-01 63048]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{067C5591-C9FB-4dcc-835F-6CB5DC169D44}]
Open LI Toolbar — C:PROGRA~1LITOOL~1LIToolbar.dll [2008-06-11 1626112]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-01-23 676704]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — SnagIt — C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll [2007-05-01 161352]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-01-23 676704]
{067C5591-C9FB-4dcc-835F-6CB5DC169D41} — LI Toolbar — C:PROGRA~1LITOOL~1LIToolbar.dll [2008-06-11 1626112]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2007-04-17 577536]
«AmlMaple»=C:Program FilesAmlMapleAmlMaple.exe [2008-04-25 91648]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«WireLessMouse «=C:Program FilesMultimedia Combo SetMouseDrv.exe [2004-06-27 503808]
«WireLessKeyboard «=C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe [2005-08-02 217088]
«RemoteControl8″=C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe [2008-03-20 83240]
«PDVD8LanguageShortcut»=C:Program FilesCyberLinkPowerDVD8LanguageLanguage.exe [2007-12-14 50472]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-02-10 206088]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-01-23 5603000]
«VIPv3_Auto_Update»=C:WINDOWSVIPv3CheckForUpdates.exe [2006-09-08 23723]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2007-04-27 282624]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-05-20 30208]
«louderit.exe»=C:Program FileslouderitLouderIt.exe [2008-02-19 41472]
«LClock»=C:Program FilesLClocklclock.exe [2007-12-14 86016]
«KillCopy»=C:WINDOWSsystem32killcopy.exe [2006-10-29 1185792]
«H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2006-11-13 1289000]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2008-03-20 217544]
«CursorXP»=C:Program FilesCursorXPCursorXP.exe [2003-03-01 125440]
«ByteOMeter»=C:Program FilesByteOMeterByteOMeter.exe [2006-09-28 413696]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
BlueSoleil.lnk — C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
Nikon Monitor.lnk — C:Program FilesCommon FilesNikonMonitorNkMonitor.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-02-26 126976]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1
«EnableShellExecuteHooks»=1
«NoDesktop»=0
«NoActiveDesktop»=0
«HideClock»=0
«NoStartMenuPinnedList»=0
«NoStartMenuMFUprogramsList»=0
«NoUserNameInStartMenu»=0
«StartmenuLogoff»=0
«NoStartMenuSubFolders»=0
«NoCommonGroups»=0
«NoPrinterTabs»=0
«NoDeletePrinter»=0
«NoAddPrinter»=0
«NoPrinters»=0
«NoFavoritesMenu»=0
«NoRun»=0
«NoFind»=0
«NoClose»=0
«NoSetFolders»=0
«NoViewContextMenu»=0
«NoDrives»=0
«NoToolbarCustomize»=0
«NoRecentDocsNetHood»=0
«NoChangeAnimation»=0
«NoChangeKeyboardNavigationIndicators»=0
«NoThemesTab»=0

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

======File associations======

.js — edit — «C:Program FilesMacromediaDreamweaver 8dreamweaver.exe» «%1»

======List of files/folders created in the last 1 months======

2009-03-19 23:55:39 —-D—- C:Avenger
2009-03-19 23:55:38 —-A—- C:avenger.txt
2009-03-19 23:51:47 —-A—- C:WINDOWSbomfl.txt
2009-03-19 23:48:51 —-A—- C:Program Filesweoebwk.txt
2009-03-16 23:42:11 —-D—- C:Program Filestrend micro
2009-03-16 23:42:07 —-D—- C:rsit
2009-03-06 18:04:05 —-D—- C:Program FilesHidden and Dangerous 2 Sabre Squadron
2009-03-06 16:08:34 —-A—- C:WINDOWSsystem32vp31vfw.dll
2009-03-06 16:08:33 —-A—- C:WINDOWSsystem32MACDec.dll
2009-03-06 16:08:33 —-A—- C:WINDOWSsystem32huffyuv.dll
2009-03-06 16:08:32 —-A—- C:WINDOWSsystem32mpg4c32.dll
2009-03-06 16:08:31 —-A—- C:WINDOWSsystem32OpenQuicktimeLib.dll
2009-03-06 16:08:31 —-A—- C:WINDOWSsystem323ivxVfWCodec.dll
2009-03-06 16:08:31 —-A—- C:WINDOWSsystem323ivx.dll
2009-03-06 16:07:37 —-A—- C:WINDOWSsystem32WMV9VCM.dll
2009-03-06 16:07:36 —-A—- C:WINDOWSsystem32WMV8DMOD.DLL
2009-03-06 16:07:35 —-A—- C:WINDOWSsystem32divx.dll
2009-03-06 16:07:31 —-A—- C:WINDOWSsystem32unicows.dll
2009-03-06 16:07:31 —-A—- C:WINDOWSsystem32cpuinf32.dll
2009-03-06 15:44:45 —-D—- C:Program FilesAirborne Troops
2009-02-25 20:29:08 —-N—- C:WINDOWSsystem32pxinsi64.exe
2009-02-25 20:29:08 —-N—- C:WINDOWSsystem32pxinsa64.exe
2009-02-25 20:29:08 —-N—- C:WINDOWSsystem32pxhpinst.exe
2009-02-25 20:29:08 —-N—- C:WINDOWSsystem32pxcpyi64.exe
2009-02-25 20:29:08 —-N—- C:WINDOWSsystem32pxcpya64.exe
2009-02-25 20:29:07 —-N—- C:WINDOWSsystem32vxblock.dll
2009-02-25 20:29:07 —-N—- C:WINDOWSsystem32pxwave.dll
2009-02-25 20:29:07 —-N—- C:WINDOWSsystem32pxsfs.dll
2009-02-25 20:29:07 —-N—- C:WINDOWSsystem32pxmas.dll
2009-02-25 20:29:07 —-N—- C:WINDOWSsystem32pxdrv.dll
2009-02-25 20:29:07 —-N—- C:WINDOWSsystem32pxafs.dll
2009-02-25 20:25:00 —-D—- C:Program FilesDivX
2009-02-25 19:45:14 —-D—- C:Documents and SettingsAdminApplication DataVso
2009-02-25 19:45:14 —-A—- C:Documents and SettingsAdminApplication Datainst.exe
2009-02-25 19:44:43 —-A—- C:WINDOWSsystem32sipr3260.dll
2009-02-25 19:44:43 —-A—- C:WINDOWSsystem32drv43260.dll
2009-02-25 19:44:43 —-A—- C:WINDOWSsystem32drv33260.dll
2009-02-25 19:44:42 —-A—- C:WINDOWSsystem32wvc1dmod.dll
2009-02-25 19:44:42 —-A—- C:WINDOWSsystem32vp7vfw.dll
2009-02-25 19:44:42 —-A—- C:WINDOWSsystem32drv23260.dll
2009-02-25 19:44:42 —-A—- C:WINDOWSsystem32cook3260.dll
2009-02-25 19:44:37 —-D—- C:Program FilesVSO
2009-02-24 18:21:51 —-D—- C:Documents and SettingsAdminApplication DataByteOMeter
2009-02-24 18:21:34 —-D—- C:Program FilesByteOMeter

======List of files/folders modified in the last 1 months======

2009-03-20 00:00:20 —-D—- C:WINDOWSTemp
2009-03-19 23:58:53 —-D—- C:WINDOWSsystem32ias
2009-03-19 23:58:37 —-A—- C:WINDOWSModemLog_Bluetooth LAP Modem.txt
2009-03-19 23:58:35 —-A—- C:WINDOWSModemLog_Bluetooth LAP Modem #2.txt
2009-03-19 23:58:03 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-03-19 23:55:39 —-D—- C:WINDOWSsystem32drivers
2009-03-19 23:54:06 —-A—- C:WINDOWSSchedLgU.Txt
2009-03-19 23:54:01 —-D—- C:WINDOWS
2009-03-19 23:48:51 —-RD—- C:Program Files
2009-03-19 23:15:46 —-D—- C:Program FilesMozilla Firefox
2009-03-18 00:21:35 —-A—- C:WINDOWSNeroDigital.ini
2009-03-17 23:01:38 —-D—- C:WINDOWSsystem32CatRoot2
2009-03-17 15:57:22 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2009-03-13 10:49:15 —-HD—- C:WINDOWSinf
2009-03-13 10:32:14 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-03-13 10:32:09 —-D—- C:WINDOWSsystem32
2009-03-13 09:00:58 —-D—- C:Games
2009-03-13 08:48:05 —-D—- C:WINDOWSsystem32DirectX
2009-03-13 08:47:37 —-RSD—- C:WINDOWSassembly
2009-03-06 21:30:33 —-D—- C:Program FilesuTorrent 1.7.5 для J-Torrent.ru
2009-03-06 16:08:32 —-D—- C:Program FilesK-Lite Codec Pack
2009-03-03 15:04:53 —-SHD—- C:WINDOWSInstaller
2009-03-03 15:04:26 —-D—- C:Program FilesOpera
2009-02-25 20:52:12 —-D—- C:WINDOWSWinSxS
2009-02-22 23:11:20 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-05-20 14720]
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-02-10 213520]
R1 raddrvv3;raddrvv3; ??C:WINDOWSsystem32rserver30raddrvv3.sys []
R1 VBoxDrv;VirtualBox Service; C:WINDOWSsystem32DRIVERSVBoxDrv.sys [2008-04-30 55424]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:WINDOWSsystem32DRIVERSVBoxUSBMon.sys [2008-04-30 42048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2008-01-25 4127488]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-05-20 60800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-02-26 2863616]
R3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2004-10-19 20096]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys [2005-01-17 23000]
R3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys [2005-01-13 12500]
R3 CA561;VideoCAM Express V2; C:WINDOWSSystem32DriversSPCA561.SYS [2002-09-30 119798]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 mirrorv3;mirrorv3; C:WINDOWSsystem32DRIVERSrminiv3.sys [2006-11-01 3328]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-05-20 61824]
R3 nvmpu401;Service for NVIDIA(R) nForce(TM) MIDI UART; C:WINDOWSsystem32driversnvmpu401.sys [2006-02-26 10240]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2009-02-25 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2008-04-15 5888]
R3 RTL8023;D-Link DGE-528T Gigabit Ethernet Adapter NDIS Driver; C:WINDOWSsystem32DRIVERSDLKRTGB.SYS [2003-09-19 65280]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-05-20 32384]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-05-20 30336]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
R3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2004-11-05 82148]
S3 aj78zrgi;aj78zrgi; C:WINDOWSsystem32driversaj78zrgi.sys []
S3 ane2f679;ane2f679; C:WINDOWSsystem32driversane2f679.sys []
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2004-09-21 10804]
S3 BTNetFilter;Bluetooth Network Filter; ??C:WINDOWSsystem32driversBTNetFilter.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-05-20 17024]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-05-20 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-05-20 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-05-20 10880]
S3 SANDRA;SANDRA; ??C:Program FilesSiSoftwareSiSoftware Sandra Pro Business 2009WNt500x86Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-05-20 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-05-20 15232]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-05-20 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-05-20 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-05-20 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-02-26 520192]
R2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-02-10 206088]
R2 RServer3;Radmin Server V3; C:WINDOWSsystem32rserver30RServer3.exe [2008-04-24 1238344]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 TTFixerService;NST ToolTipFixer; C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe [2007-06-27 10240]
R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2008-04-15 14336]
S02000000 OMSCAN;OMSCAN; Sys []
S2 gupdate1c989fe9dfec3ec;Google Update Service (gupdate1c989fe9dfec3ec); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-02-08 133104]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-02-06 68096]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-01-09 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:Program FilesSiSoftwareSiSoftware Sandra Pro Business 2009RpcAgentSrv.exe [2008-09-01 98488]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2009-01-10 355584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]

EOF
10 декабря, 2008 в 8:11 пп в ответ на: красная порно реклама на пол экрана #20260
nobbert
Participant
- Темы:3
- Сообщений:12
примного благодарен все удолось ,скажите обязательно ли удалять программы скаченные с вашего сайта(HijackThis,RSIT,ComboFix)работают ли они сами по себе или без вашего кантроля они просто занемают место
10 декабря, 2008 в 3:03 пп в ответ на: красная порно реклама на пол экрана #20258
nobbert
Participant
- Темы:3
- Сообщений:12
нет каталоги не удолял незнаю как это делается.удалял только из(установка удаление программ)обьясните как удолять каталоги
10 декабря, 2008 в 6:14 дп в ответ на: красная порно реклама на пол экрана #20253
nobbert
Participant
- Темы:3
- Сообщений:12
реклама появляеца только вOpera_962_ru_Setup,но сначала появилась в Mozilla Firefox потом переползла в оперу.Из Mozilla Firefox убрал путем удаления программы и переустоновкой,в опере таким путем не получаеца ComboFix 08-12-09.02 — Admin 2008-12-10 10:01:24.6 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.239 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-09 10:55 . 2008-12-09 10:55
d—-c— C:rsit
2008-12-08 20:03 . 2008-12-08 20:03 d—-c— c:program filesTrend Micro
2008-12-07 09:55 . 2008-12-08 11:38 7 —a—c— c:windowssystem32BMXCtrlState009.rmf
2008-12-06 22:19 . 2008-08-19 20:23 19,968 —a—c— c:windowssystem32MSVCR32.DLL
2008-11-29 22:29 . 2008-11-29 22:29 d—-c— c:documents and settingsAdminApplication DataCyberLink
2008-11-24 21:02 . 2008-11-24 21:02 d—-c— c:documents and settingsAdminApplication DataReal Desktop
2008-11-24 21:02 . 2008-11-24 21:02 d—-c— c:documents and settingsAdminApplication DataAD ON Multimedia
2008-11-24 13:52 . 2008-11-24 13:52 d—-c— c:program filesXemiComputers
2008-11-24 13:52 . 2008-11-24 13:52 d—-c— c:documents and settingsAdminApplication DataXemiComputers
2008-11-24 09:22 . 2008-11-29 11:28 d—-c— c:program filesAura
2008-11-23 17:29 . 2008-11-23 17:30 185 —a—c— C:tmp.dat
2008-11-23 14:59 . 2008-11-23 14:59 332 —a—c— c:windowsdesctemp.dat
2008-11-23 01:07 . 2008-11-23 01:07 d—-c— c:program filesCommon FilesAdobe
2008-11-23 01:07 . 2008-11-23 01:07 d—-c— c:documents and settingsAdminApplication DataAdobeUM
2008-11-23 00:20 . 2008-11-23 00:26 d—-c— c:documents and settingsAll UsersApplication DataBluetooth
2008-11-23 00:17 . 2004-09-21 18:18 148,830 —a—c— c:windowssystem32driversbcbthub.sys
2008-11-23 00:17 . 2004-09-21 18:18 116,021 —a—c— c:windowssystem32driversfw203x.sys
2008-11-23 00:17 . 2004-11-05 11:39 82,148 —a—c— c:windowssystem32driversVcommMgr.sys
2008-11-23 00:17 . 2004-10-19 13:37 61,312 —a—c— c:windowssystem32driversVComm.sys
2008-11-23 00:17 . 2004-10-19 13:40 28,207 —a—c— c:windowssystem32driversBTHidMgr.sys
2008-11-23 00:17 . 2005-01-17 14:48 23,000 —a—c— c:windowssystem32driversbtcusb.sys
2008-11-23 00:17 . 2004-10-19 11:39 20,096 —a—c— c:windowssystem32driversblueletaudio.sys
2008-11-23 00:17 . 2004-12-16 16:32 13,304 —a—c— c:windowssystem32driversBTNetFilter.sys
2008-11-23 00:17 . 2004-09-22 18:08 12,504 —a—c— c:windowssystem32driversVHIDMini.sys
2008-11-23 00:17 . 2005-01-13 15:20 12,500 —a—c— c:windowssystem32driversvbtenum.sys
2008-11-23 00:17 . 2004-09-21 18:15 10,804 —a—c— c:windowssystem32driversBtNetDrv.sys
2008-11-23 00:17 . 2004-09-21 18:18 7,680 —a—c— c:windowssystem32btinstall.dll
2008-11-22 23:14 . 2008-11-22 23:14 d—-c— c:windowsCache
2008-11-22 23:13 . 2006-07-11 15:13 11,003

c— c:windowssystem32driversdiag69xp.sys
2008-11-22 23:12 . 2008-11-22 23:12 d—-c— c:windowsOPTIONS
2008-11-22 23:12 . 2008-11-22 23:12 d—-c— c:program filesD-Link
2008-11-22 23:12 . 2006-06-14 22:24 53,248 —a—c— c:windowssystem32RTLVLAN_NB.DLL
2008-11-22 23:12 . 2006-06-01 19:21 16,384 —a—c— c:windowssystem32driversRTLVLAN.SYS
2008-11-22 23:12 . 2006-07-18 02:40 8,399 —a—c— c:windowssystem32driversLANPkt.sys
2008-11-22 22:57 . 2008-11-22 22:57 d—-c— c:windowssystem32configsystemprofileApplication DataATI
2008-11-22 22:57 . 2008-11-22 22:57 4,096 —a—c— c:windowssystem32crash
2008-11-22 22:47 . 2007-01-24 11:40 70,144 -ra—c— c:windowssystem32driversDLKRT32.sys
2008-11-19 00:01 . 2008-11-21 14:11 d—-c— c:program filesLavasoft
2008-11-18 23:23 . 2008-11-21 14:11 d—-c— c:documents and settingsAdminApplication DataLavasoft
2008-11-18 12:30 . 2008-11-18 12:30 d—-c— c:documents and settingsAdminApplication DataUniblue
2008-11-17 22:57 . 2008-11-17 22:57 0 —a—c— c:windowsnsreg.dat
2008-11-17 16:50 . 2008-11-17 16:50 d—-c— c:windowsuscripts
2008-11-12 22:48 . 2008-08-19 20:15 26,368 —a—c— c:windowssystem32dllcacheusbstor.sys
2008-11-12 18:23 . 2008-11-12 18:23 d—-c— c:program filesDAEMON Tools SearchBar
2008-11-12 18:23 . 2008-11-12 18:23 d—-c— c:program filesCommon FilesWhenU
2008-11-12 18:20 . 2008-11-12 18:24 d—-c— c:program filesDAEMON Tools
2008-11-12 11:41 . 2008-11-12 11:41 d—-c— c:program filesCommon FilesNSV
2008-11-10 22:15 . 2008-11-10 22:15 518 —a—c— c:windowssystem32wul.cfg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 05:32

dc—-w c:documents and settingsAdminApplication DatauTorrent
2008-12-07 18:27

dc—-w c:program filesOpera
2008-11-24 13:20

dc—-w c:documents and settingsAdminApplication DataXnView
2008-11-22 20:17

dc-h—w c:program filesInstallShield Installation Information
2008-11-21 17:45

dc—-w c:program filesQIP
2008-11-21 08:38

dc—-w c:program filesCommon FilesWise Installation Wizard
2008-11-09 17:13

dc—-w c:program files1C
2008-11-09 17:10

dc—-w c:program filesCommon FilesInstallShield
2008-11-09 13:09

dc—-w c:program filesRussobit-M
2008-11-09 11:03

dc—-w c:program filesyuPlay
2008-11-09 10:21

dc—-w c:program filesAGEIA Technologies
2008-11-09 10:01

dc—-w c:documents and settingsAdminApplication DatayuPlay
2001-11-23 08:08 712,704 -c—a-r c:windowsinfOTHERAUDIO3D.DLL
2001-01-07 21:07 16,384 -csha-w c:windowssystem32configsystemprofileCookiesindex.dat
2001-01-07 21:07 32,768 -csha-w c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
2001-01-07 21:07 32,768 -csha-w c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5MSHist012001010820010109index.dat
2001-01-07 21:07 32,768 -csha-w c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-08-19 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2007-08-16 167368]
«Active Desktop Calendar»=»c:program filesXemiComputersActive Desktop CalendarADC.exe» [2008-10-20 4904448]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«8169Diag»=»c:program filesD-LinkDiagnostics Utility8169Diag» [X]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2006-11-10 90112]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2008-11-26 81000]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-04 36352]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-16 c:windowssoundman.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-08-19 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-08-19 c:windowssystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-08-19 c:windowssystem32advpack.dll]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BlueSoleil.lnk — c:program filesIVT CorporationBlueSoleilBlueSoleil.exe [2008-11-23 1048576]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3codec»= l3codecp.acm

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=

R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2001-01-08 111184]
R2 aswFsBlk;aswFsBlk;c:windowssystem32DRIVERSaswFsBlk.sys [2001-01-08 20560]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:windowssystem32DRIVERSLANPkt.sys [2008-11-22 8399]
S3 Diag69xp;Diag69xp;c:windowssystem32DriversDiag69xp.sys [2008-11-22 11003]
S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver;c:windowssystem32DRIVERSDLKRT32.sys [2008-11-22 70144]
S3 RTLVLAN;D-Link VLAN Intermediate Driver;c:windowssystem32DRIVERSRTLVLAN.SYS [2008-11-22 16384]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.apeha.ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe —
FireFox -: Profile — c:documents and settingsAdminApplication DataMozillaFirefoxProfilesqeoczvnl.default
FF -: plugin — c:program filesAdobeAcrobat 6.0Readerbrowsernppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 10:03:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(832)
c:windowssystem32SETUPAPI.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll

— — — — — — — > ‘lsass.exe'(892)
c:windowssystem32SETUPAPI.dll
.
Completion time: 2008-12-10 10:04:54
ComboFix-quarantined-files.txt 2008-12-10 06:04:12
ComboFix2.txt 2008-12-10 05:59:01
ComboFix3.txt 2008-12-10 05:26:14

Pre-Run: 12 217 364 480 байт свободно
Post-Run: 12,205,367,296 байт свободно

166
9 декабря, 2008 в 7:02 дп в ответ на: красная порно реклама на пол экрана #20255
nobbert
Participant
- Темы:3
- Сообщений:12
Logfile of random’s system information tool 1.04 (written by random/random)
Run by Admin at 2008-12-09 10:55:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (31%) free of 38 GB
Total RAM: 511 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:53, on 09.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:Program FilesWinampwinampa.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesD-LinkDiagnostics Utility8169Diag.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesXemiComputersActive Desktop CalendarADC.exe
C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program FilesTrend MicroHijackThisAdmin.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_07binssv.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O4 — HKLM..Run: [StartCCC] C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [8169Diag] C:Program FilesD-LinkDiagnostics Utility8169Diag /hw
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [DAEMON Tools] «C:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKCU..Run: [Active Desktop Calendar] C:Program FilesXemiComputersActive Desktop CalendarADC.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: BlueSoleil.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O17 — HKLMSystemCCSServicesTcpip..{B3941E98-0E38-4675-BBB0-AA30D93DCB63}: NameServer = 62.213.0.12 62.213.2.1
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 6926 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2006-11-10 90112]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2008-11-26 81000]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2008-08-04 36352]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2007-04-16 577536]
«8169Diag»=C:Program FilesD-LinkDiagnostics Utility8169Diag /hw []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-08-19 30208]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2007-08-16 167368]
«Active Desktop Calendar»=C:Program FilesXemiComputersActive Desktop CalendarADC.exe [2008-10-20 4904448]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BlueSoleil.lnk — C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-06-13 118784]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1
«NoDrives»=0
«NoDriveAutoRun»=67108863

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2008-12-09 10:55:39 —-DC—- C:rsit
2008-12-08 20:04:17 —-SHDC—- C:RECYCLER
2008-12-08 20:03:31 —-DC—- C:Program FilesTrend Micro
2008-12-08 12:24:36 —-AC—- C:ComboFix.txt
2008-12-08 11:22:50 —-DC—- C:WINDOWSERDNT
2008-12-08 10:39:11 —-AC—- C:logit.txt
2008-12-06 22:19:23 —-AC—- C:WINDOWSsystem32MSVCR32.DLL
2008-11-29 22:29:25 —-DC—- C:Documents and SettingsAdminApplication DataCyberLink
2008-11-24 21:02:30 —-DC—- C:Documents and SettingsAdminApplication DataReal Desktop
2008-11-24 21:02:22 —-DC—- C:Documents and SettingsAdminApplication DataAD ON Multimedia
2008-11-24 13:52:39 —-DC—- C:Documents and SettingsAdminApplication DataXemiComputers
2008-11-24 13:52:06 —-DC—- C:Program FilesXemiComputers
2008-11-24 09:22:53 —-DC—- C:Program FilesAura
2008-11-23 01:07:52 —-DC—- C:Documents and SettingsAdminApplication DataAdobeUM
2008-11-23 01:07:15 —-DC—- C:Program FilesCommon FilesAdobe
2008-11-23 00:20:29 —-DC—- C:Documents and SettingsAll UsersApplication DataBluetooth
2008-11-23 00:17:20 —-AC—- C:WINDOWSsystem32btinstall.dll
2008-11-22 23:16:08 —-DC—- C:Documents and SettingsAll UsersApplication DataAdobe
2008-11-22 23:16:03 —-DC—- C:Program FilesAdobe
2008-11-22 23:14:10 —-DC—- C:WINDOWSCache
2008-11-22 23:12:50 —-AC—- C:WINDOWSsystem32InstallLog.txt
2008-11-22 23:12:49 —-DC—- C:WINDOWSOPTIONS
2008-11-22 23:12:47 —-AC—- C:WINDOWSsystem32RTLVLAN_NB.DLL
2008-11-22 23:12:45 —-DC—- C:Program FilesD-Link
2008-11-22 19:35:14 —-AC—- C:WINDOWSsystem32pixomatic.dll
2008-11-22 19:35:13 —-AC—- C:WINDOWSsystem32fmod.dll
2008-11-22 19:35:12 —-AC—- C:WINDOWSsystem32eax.dll
2008-11-22 19:35:12 —-AC—- C:WINDOWSsystem32borlndmm.dll
2008-11-22 19:35:07 —-AC—- C:WINDOWSsystem32vp6vfw.dll
2008-11-20 22:53:22 —-DC—- C:WINDOWSsystem32appmgmt
2008-11-19 00:01:10 —-DC—- C:Program FilesLavasoft
2008-11-18 23:23:38 —-DC—- C:Documents and SettingsAdminApplication DataLavasoft
2008-11-18 22:52:00 —-DC—- C:Documents and SettingsAdminApplication DataSun
2008-11-18 12:30:18 —-DC—- C:Documents and SettingsAdminApplication DataUniblue
2008-11-17 16:50:38 —-DC—- C:WINDOWSuscripts
2008-11-12 18:23:26 —-DC—- C:Program FilesCommon FilesWhenU
2008-11-12 18:23:04 —-DC—- C:Program FilesDAEMON Tools SearchBar
2008-11-12 18:20:31 —-DC—- C:Program FilesDAEMON Tools
2008-11-12 11:41:30 —-DC—- C:Program FilesCommon FilesNSV

======List of files/folders modified in the last 1 months======

2008-12-09 09:04:15 —-DC—- C:Program FilesMozilla Firefox
2008-12-09 08:54:12 —-DC—- C:WINDOWSTemp
2008-12-08 23:16:24 —-AC—- C:WINDOWSNeroDigital.ini
2008-12-08 20:07:55 —-AC—- C:WINDOWSsystem32akelpad.ini
2008-12-08 20:03:31 —-ADC—- C:Program Files
2008-12-08 15:23:20 —-DC—- C:WINDOWS
2008-12-08 15:23:13 —-ADC—- C:WINDOWSsystem32
2008-12-08 15:23:06 —-SHDC—- C:System Volume Information
2008-12-08 15:23:06 —-DC—- C:WINDOWSsystem32Restore
2008-12-08 15:18:30 —-AC—- C:WINDOWSSchedLgU.Txt
2008-12-08 12:22:58 —-AC—- C:WINDOWSsystem.ini
2008-12-08 12:22:07 —-DC—- C:WINDOWSsystem32drivers
2008-12-08 12:22:07 —-DC—- C:WINDOWSAppPatch
2008-12-08 12:22:07 —-ADC—- C:Program FilesCommon Files
2008-12-08 11:35:43 —-AC—- C:WINDOWSsystem32PerfStringBackup.INI
2008-12-08 11:32:32 —-DC—- C:WINDOWSSoftwareDistribution
2008-12-08 11:28:10 —-DC—- C:Documents and SettingsAdminApplication DatauTorrent
2008-12-08 11:27:54 —-DC—- C:WINDOWSsystem32config
2008-12-07 22:27:47 —-SHDC—- C:WINDOWSInstaller
2008-12-07 22:27:46 —-HDC—- C:Config.Msi
2008-12-07 22:27:43 —-DC—- C:Program FilesOpera
2008-12-07 11:14:33 —-DC—- C:WINDOWSsystem32wbem
2008-12-07 11:14:33 —-DC—- C:WINDOWSRegistration
2008-12-03 22:14:35 —-DC—- C:WINDOWSHelp
2008-11-29 10:57:41 —-AC—- C:WINDOWSimsins.BAK
2008-11-29 10:57:34 —-DC—- C:WINDOWSsystem32CatRoot2
2008-11-26 21:21:30 —-AC—- C:WINDOWSsystem32aswBoot.exe
2008-11-24 23:52:43 —-SDC—- C:Documents and SettingsAdminApplication DataMicrosoft
2008-11-24 17:58:09 —-AC—- C:moduleName.txt
2008-11-24 17:20:19 —-DC—- C:Documents and SettingsAdminApplication DataXnView
2008-11-23 01:07:21 —-DC—- C:Documents and SettingsAdminApplication DataAdobe
2008-11-23 00:25:56 —-HDC—- C:WINDOWSinf
2008-11-23 00:19:21 —-DC—- C:WINDOWSsystem32dllcache
2008-11-23 00:17:12 —-HDC—- C:Program FilesInstallShield Installation Information
2008-11-22 20:07:37 —-DC—- C:Games
2008-11-21 21:45:15 —-DC—- C:Program FilesQIP
2008-11-21 14:11:57 —-SDC—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2008-11-21 12:38:29 —-DC—- C:Program FilesCommon FilesWise Installation Wizard
2008-11-17 22:57:58 —-DC—- C:Documents and SettingsAdminApplication DataMozilla
2008-11-17 17:11:49 —-DC—- C:WINDOWSCursors

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2008-11-26 50864]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2008-11-26 94032]
R2 LANPkt;Realtek LANPkt Protocol Driver; C:WINDOWSsystem32DRIVERSLANPkt.sys [2006-07-18 8399]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-07-08 62848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2007-04-25 4030144]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-08-19 60800]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-06-13 2155520]
R3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2004-10-19 20096]
R3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2004-09-21 10804]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys [2005-01-17 23000]
R3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys [2005-01-13 12500]
R3 Diag69xp;Diag69xp; C:WINDOWSSystem32DriversDiag69xp.sys [2006-07-11 11003]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-18 2944]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-08-19 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2008-04-15 5888]
R3 RTL8023xp;D-Link DGE-528T Gigabit Ethernet Adapter NDIS XP Driver; C:WINDOWSsystem32DRIVERSDLKRTXP.SYS [2006-07-31 83456]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
R3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2004-11-05 82148]
S3 ac97intc;Intel(r) 82801 служба установки аудиодрайвера (WDM); C:WINDOWSsystem32driversac97intc.sys [2001-08-18 96256]
S3 al5b3bda;al5b3bda; C:WINDOWSsystem32driversal5b3bda.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-08-19 17024]
S3 cmuda;C-Media WDM Audio Interface; C:WINDOWSsystem32driverscmuda.sys [2004-04-23 818496]
S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver; C:WINDOWSsystem32DRIVERSDLKRT32.sys [2007-01-24 70144]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-08-19 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-08-19 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-08-19 10880]
S3 RTLVLAN;D-Link VLAN Intermediate Driver; C:WINDOWSsystem32DRIVERSRTLVLAN.SYS [2006-06-01 16384]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-08-19 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-08-19 15232]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-08-19 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-08-19 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-06-13 483328]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2008-11-26 155160]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-01-27 106496]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2008-11-26 352920]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-06-13 520192]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]

EOF

info.txt logfile of random’s system information tool 1.04 2008-12-09 10:55:59

======Uninstall list======

“1С Мобильные игры” (Только Удаление)—>»C:Program Files1C1C Wirelessunins000.exe»
—>MsiExec /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
—>MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Active Desktop Calendar 7.64—>»C:Program FilesXemiComputersActive Desktop Calendarunins000.exe»
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 6.0.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AGEIA PhysX v7.05.06—>MsiExec.exe /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
ATI — Software Uninstall Utility—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Catalyst Control Center—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe» -l0x0
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
BlueSoleil—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}setup.exe» -l0x9
C-Media WDM Audio Driver—>C:WINDOWSsystem32cmirmdrv.exe
Diagnostics Utility—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7236672F-6430-439E-9B27-27EDEAF1D676}Setup.exe» -l0x9
Download Master 5.5.5.1135—>»C:Program FilesDownload Masterunins000.exe»
Everest—>C:Program FilesEverestUninstall.exe
FastStone Image Viewer 3.5—>»C:Program FilesFSImgViewerunins000.exe»
Flash Player Pro—>C:Program FilesFlash Player ProUninstall.exe
Foxit Reader—>C:Program FilesFoxit ReaderUninstall.exe
HijackThis 2.0.2—>»C:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Mega Codec Pack 4.1.7—>»C:Program FilesK-Lite Codec Packunins000.exe»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0.4)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB941833)—>MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 6—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Opera 9.62—>MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}
Paint.NET v3.35—>rundll32.exe advpack.dll,LaunchINFSection PaintDN.inf,Uninstall
QIP—>C:Program FilesQIPUninstall.exe
QuickTime Alternative 2.6.0—>»C:Program FilesQuickTime Alternativeunins000.exe»
Real Alternative 1.8.2—>»C:Program FilesReal Alternativeunins000.exe»
Realtek AC’97 Audio—>Alcrmv.exe -r -m
The KMPlayer 1432 R2—>»C:Program FilesThe KMPlayerunins000.exe»
uTorrent—>C:Program FilesuTorrentUninstall.exe
Vista Drive Icon—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
VLC—>C:Program FilesVLCUninstall.exe
Winamp 5.541—>C:Program FilesWinampUninstall.exe
WinDjView 0.5—>»C:Program FilesWinDjViewunins000.exe»
XnView 1.94.1—>»C:Program FilesXnViewunins000.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081208-0]

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%systemroot%system32;%systemroot%;%systemroot%system32wbem;C:Program FilesATI TechnologiesATI.ACECore-Static
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 1 Stepping 2, GenuineIntel
«PROCESSOR_REVISION»=0102
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

EOF
Автор

Сообщения

Просмотр 9 сообщений - с 1 по 9 (из 9 всего)

nobbert

Созданные ответы форума

Добро пожаловать

Поиск

Важные инструкции

Нет доступа в интернет после удаления вируса — Как восстановить

Как сбросить настройки Firefox (Инструкция)

Как запустить компьютер в безопасном режиме (Safe Mode)

Как удалить рекламный вирус в браузере (Chrome, Opera, Firefox, Internet Explorer, Edge)

Удалить всплывающие окна, рекламу, уведомления в Chrome

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки