31 августа, 2010 в 12:35 пп в ответ на: не можем удалить вирус PC Defender (2) #31235
SmokyMo
Participant
  • Темы:1
  • Сообщений:6

Большое спасибо за оперативный ответ и помощь, но уже разобрался. Суть в том что USB клавиатура не работала при загрузке, именно поэтому не мог зайти в безопасном режиме. Сходил к старичку соседу и одолжил клавиатуру с PS/2 разъемом, и в безопасном режиме почистил компьютер MalwareBytes Anti-malware’ом. PC Defender пропал, но почему то при удалении мне сообщили что удалено не все, но, в принципе, все работает замечательно =)
Приношу свои извинения за то что потратил Ваше время а не сообразил сразу найти старую клавиатуру и сделать все в безопасном режиме 🙂
И, напоследок, такой вопрос- существуют ли бесплатные программы защищающие от подобного рода гадости? 🙂
И немного оффтопа- считаете ли Вы что надо вводить уголовное наказание за агрессивную рекламу в интернете? 😀 😆

31 августа, 2010 в 11:54 дп в ответ на: не можем удалить вирус PC Defender (2) #31233
SmokyMo
Participant
  • Темы:1
  • Сообщений:6

Неожиданно тема стала моей 🙂
Лог RSIT
Logfile of random’s system information tool 1.08 (written by random/random)
Run by Admin at 2010-08-31 15:51:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (31%) free of 20 GB
Total RAM: 1535 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:52:20, on 31.08.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSMixer.exe
C:Program FilesDef GroupPC Defenderpcdef.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Program FilesJPG Saverjpgsaver.exe
C:Program FilesPando NetworksMedia BoosterPMB.exe
C:Documents and SettingsAdminApplication DataQipGuardQipGuard.exe
C:Program FilesDef GroupPC Defenderproccheck.exe
C:Program FilesDef GroupPC Defenderprockill32.exe
S:ProgramsDAEMON Tools LiteDTLite.exe
C:Program FilesDef GroupPC Defenderprockill32.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.yandex.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
F2 — REG:system.ini: Shell=
F2 — REG:system.ini: UserInit=\.globalrootsystemrootsystem32userinit.exe,
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts: Yahoo! GeoCities: Get a web site with easy-to-use site building tools.
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 — Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url(«http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif») no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 — Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 — Hosts: .services { font-size:116%; padding-bottom:20px }
O1 — Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 — Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 — Hosts: p {margin:20px;font-size:1em;}
O1 — Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 — Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 — Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:
O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:
O1 — Hosts:
O1 — Hosts: div#headerblock div{font-family:arial;}
O1 — Hosts:
O1 — Hosts:

Get Yahoo! Toolbar
O1 — Hosts:
O1 — Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 — Hosts: window.yzq_d=’&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1′;
O1 — Hosts:
O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

Sorry, the GeoCities web site you were trying to reach is no longer available.

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

GeoCities has closed, but there’s a lot more to explore on Yahoo!

O1 — Hosts:

Visit one of these popular Yahoo! sites:

O1 — Hosts:

O1 — Hosts:

O1 — Hosts:

  • O1 — Hosts:

    The GeoCities site you were looking for may have been preserved in the Internet Archive’s Wayback Machine. To find out, visit Archive.org and enter the site’s web address in the field provided.

    O1 — Hosts:

  • O1 — Hosts:

    O1 — Hosts:

    O1 — Hosts:

    O1 — Hosts:

    O1 — Hosts:

    O1 — Hosts:

    O1 — Hosts: Copyright © 2009 Yahoo! Inc. All rights reserved.
    O1 — Hosts:

    O1 — Hosts:
    O1 — Hosts:

    O1 — Hosts:

    O1 — Hosts:

    O1 — Hosts:
    O1 — Hosts:
    O1 — Hosts:

    O1 — Hosts: 1
    O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
    O2 — BHO: VixD Net edt. Class — {24783612-0199-4A37-B205-847853E151C6} — C:WINDOWSsystem32anpla.dll
    O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
    O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll
    O2 — BHO: SkypeIEPluginBHO — {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)
    O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
    O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
    O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
    O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
    O4 — HKLM..Run: [C-Media Mixer] Mixer.exe /startup
    O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
    O4 — HKLM..Run: [iTunesHelper] «C:Program FilesiTunesiTunesHelper.exe»
    O4 — HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
    O4 — HKLM..Run: [PC Defender] C:Program FilesDef GroupPC Defenderpcdef.exe
    O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
    O4 — HKCU..Run: [wsctf.exe] wsctf.exe
    O4 — HKCU..Run: [PC Suite Tray] «C:Program FilesNokiaNokia PC Suite 7PCSuite.exe» -onlytray
    O4 — HKCU..Run: [JPGSaver] C:Program FilesJPG Saverjpgsaver.exe
    O4 — HKCU..Run: [Pando Media Booster] C:Program FilesPando NetworksMedia BoosterPMB.exe
    O4 — HKCU..Run: [QIP Internet Guardian] C:Documents and SettingsAdminApplication DataQipGuardQipGuard.exe
    O4 — HKCU..Run: [DAEMON Tools Lite] «S:ProgramsDAEMON Tools LiteDTLite.exe» -autorun
    O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
    O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
    O7 — HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
    O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1Office10EXCEL.EXE/3000
    O9 — Extra button: Skype add-on for Internet Explorer — {898EA8C8-E7FF-479B-8935-AEC46303B9E5} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)
    O9 — Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer — {898EA8C8-E7FF-479B-8935-AEC46303B9E5} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)
    O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
    O17 — HKLMSystemCCSServicesTcpip..{7B74982C-33F9-4B5A-966B-9031D5E8A4D7}: NameServer = 10.30.1.11,217.26.9.2
    O17 — HKLMSystemCCSServicesTcpip..{D1D1D5F2-1C73-41E6-B508-5FCB9571CA9C}: NameServer = 213.234.192.7 85.21.192.5
    O18 — Protocol: skype-ie-addon-data — {91774881-D725-4E58-B298-07617B9B86A8} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (file missing)
    O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
    O22 — SharedTaskScheduler: Предзагрузчик Browseui — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSsystem32browseui.dll
    O22 — SharedTaskScheduler: Демон кэша категорий компонентов — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSsystem32browseui.dll
    O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
    O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
    O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
    O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
    O23 — Service: Сервис iPod (iPod Service) — Unknown owner — C:Program FilesiPodbiniPodService.exe (file missing)
    O23 — Service: nProtect GameGuard Service (npggsvc) — Unknown owner — C:WINDOWSsystem32GameMon.des.exe (file missing)
    O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
    O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
    O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
    O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
    O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
    O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
    O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe


    End of file — 19471 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{24783612-0199-4A37-B205-847853E151C6}]
    VixD Net edt. Class — C:WINDOWSsystem32anpla.dll [2010-02-04 446464]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2010-01-07 320920]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
    QIPBHO Class — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2010-04-21 149968]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
    Skype add-on for Internet Explorer — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll []

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-01-07 34816]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2010-01-07 73728]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    {91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-12-24 8729864]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «SoundMan»=C:WINDOWSSOUNDMAN.EXE [2007-04-17 577536]
    «C-Media Mixer»=Mixer.exe /startup []
    «QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2009-11-11 417792]
    «iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe []
    «NeroCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
    «PC Defender»=C:Program FilesDef GroupPC Defenderpcdef.exe [2010-08-30 1170432]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-10-25 30208]
    «VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
    «wsctf.exe»=wsctf.exe []
    «PC Suite Tray»=C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2009-03-20 1312256]
    «JPGSaver»=C:Program FilesJPG Saverjpgsaver.exe [2005-12-23 188416]
    «Pando Media Booster»=C:Program FilesPando NetworksMedia BoosterPMB.exe [2010-02-20 2937528]
    «QIP Internet Guardian»=C:Documents and SettingsAdminApplication DataQipGuardQipGuard.exe [2010-04-21 184272]
    «DAEMON Tools Lite»=S:ProgramsDAEMON Tools LiteDTLite.exe [2010-04-01 357696]

    C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
    Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXE

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
    C:WINDOWSsystem32Ati2evxx.dll [2008-08-21 143360]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «DisableRegistryTools»=1
    «DisableCMD»=0

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1
    «EnableLUA»=0

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=145
    «NoSharedDocuments»=1
    «NoSMConfigurePrograms»=1
    «NoFolderOptions»=1

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
    «C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
    «C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
    «C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
    «C:Program FilesPando NetworksMedia BoosterPMB.exe»=»C:Program FilesPando NetworksMedia BoosterPMB.exe:*:Enabled:Pando Media Booster»
    «C:Documents and SettingsAll UsersApplication DataNexonUSNGMNGM.exe»=»C:Documents and SettingsAll UsersApplication DataNexonUSNGMNGM.exe:*:Enabled:Nexon Game Manager»
    «C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
    «C:Allods OnlinebinLauncher.exe»=»C:Allods OnlinebinLauncher.exe:*:Enabled:Allods Launcher»
    «S:Allods OnlinebinLauncher.exe»=»S:Allods OnlinebinLauncher.exe:*:Enabled:Allods Launcher»
    «S:League of LegendsAirLolClient.exe»=»S:League of LegendsAirLolClient.exe:*:Enabled:League of Legends Lobby»
    «S:League of LegendsGameLeague of Legends.exe»=»S:League of LegendsGameLeague of Legends.exe:*:Enabled:League of Legends Game Client»
    «S:CIV IV ColonizationColonization.exe»=»S:CIV IV ColonizationColonization.exe:*:Enabled:Sid Meier’s Civilization IV: Колонизация»
    «C:Documents and SettingsAdminМои документыЗагрузкиhomm_v1000.exe»=»C:Documents and SettingsAdminМои документыЗагрузкиhomm_v1000.exe:*:Enabled:homm_v1000.exe»
    «C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
    «S:League of Legendslol.launcher.exe»=»S:League of Legendslol.launcher.exe:*:Enabled:League of Legends Launcher»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «S:CIV IV ColonizationColonization.exe»=»S:CIV IV ColonizationColonization.exe:*:Enabled:Sid Meier’s Civilization IV: Колонизация»

    ======List of files/folders created in the last 1 months======

    2010-08-31 10:18:50 —-D—- C:Program FilesCommon FilesNero
    2010-08-31 04:41:03 —-D—- C:Program Filestrend micro
    2010-08-31 04:41:01 —-D—- C:rsit
    2010-08-31 03:59:39 —-D—- C:Documents and SettingsAdminApplication DataMalwarebytes
    2010-08-31 03:59:33 —-A—- C:WINDOWSsystem32driversmbamswissarmy.sys
    2010-08-31 03:59:32 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
    2010-08-31 03:59:32 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
    2010-08-31 03:59:32 —-A—- C:WINDOWSsystem32driversmbam.sys
    2010-08-31 03:44:32 —-D—- C:Program FilesDef Group
    2010-08-27 19:29:17 —-D—- C:Program FilesCommon FilesINCA Shared
    2010-08-27 19:29:17 —-A—- C:WINDOWSsystem32npptNT2.sys
    2010-08-16 09:10:16 —-D—- C:Program FilesD-Link
    2010-08-06 04:40:25 —-D—- C:Documents and SettingsAdminApplication DataMp3 Music Editor
    2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTWMAFile2.dll
    2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioVisualization2.dll
    2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioTransform2.dll
    2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioRecord2.dll
    2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioPlayer2.dll
    2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioInformation2.dll
    2010-08-06 04:40:08 —-A—- C:WINDOWSsystem32NCTAudioFile2.dll
    2010-08-06 04:40:07 —-A—- C:WINDOWSsystem32NCTAudioEditor2.dll
    2010-08-06 04:40:07 —-A—- C:WINDOWSsystem32NCTAudioDisplay2.dll
    2010-08-06 04:40:07 —-A—- C:WINDOWSsystem32NCTAudioDesign2.dll
    2010-08-06 04:40:07 —-A—- C:WINDOWSsystem32NCTAudioCDGrabber2.dll
    2010-08-06 04:40:05 —-D—- C:Program FilesMp3 Music Editor

    ======List of files/folders modified in the last 1 months======

    2010-08-31 10:48:03 —-A—- C:WINDOWSSchedLgU.Txt
    2010-08-31 10:47:58 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
    2010-08-31 10:32:25 —-D—- C:WINDOWSTemp
    2010-08-31 10:18:50 —-AD—- C:Program FilesCommon Files
    2010-08-31 04:41:21 —-D—- C:WINDOWSsystem32driversetc
    2010-08-31 04:41:03 —-AD—- C:Program Files
    2010-08-31 03:59:33 —-D—- C:WINDOWSsystem32drivers
    2010-08-31 03:44:34 —-SHD—- C:WINDOWSInstaller
    2010-08-27 19:29:35 —-AD—- C:WINDOWSsystem32
    2010-08-27 01:22:23 —-HD—- C:Program FilesInstallShield Installation Information
    2010-08-21 23:40:11 —-D—- C:Documents and SettingsAdminApplication DataApple Computer
    2010-08-19 13:45:47 —-D—- C:Program FilesCommon FilesInstallShield
    2010-08-16 09:14:20 —-D—- C:WINDOWSsystem32CatRoot2
    2010-08-16 09:14:00 —-D—- C:WINDOWS
    2010-08-16 09:10:20 —-HD—- C:WINDOWSinf
    2010-08-16 09:10:20 —-D—- C:WINDOWSsystem32CatRoot

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 agp440;Intel — фильтр шины AGP; C:WINDOWSsystem32DRIVERSagp440.sys [2008-04-14 42368]
    R0 PxHelp20;PxHelp20; C:WINDOWSSystem32DriversPxHelp20.sys [2009-04-29 44944]
    R0 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2010-05-08 691696]
    R0 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-15 76544]
    R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
    R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
    R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2008-01-25 4127488]
    R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-08-21 3299840]
    R3 cmpci;C-Media PCI Audio Driver (WDM); C:WINDOWSsystem32driverscmaudio.sys [2001-12-10 357070]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSsystem32DRIVERSGEARAspiWDM.sys [2009-05-18 26600]
    R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
    R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller; C:WINDOWSsystem32DRIVERSm4cxw2k3.sys [2005-03-10 227584]
    R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
    R3 nvmpu401;Service for NVIDIA(R) nForce(TM) MIDI UART; C:WINDOWSsystem32driversnvmpu401.sys [2006-02-26 10240]
    R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
    S3 axidzezp;axidzezp; C:WINDOWSsystem32driversaxidzezp.sys []
    S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]
    S3 EagleNT;EagleNT; ??C:WINDOWSsystem32driversEagleNT.sys []
    S3 EL90XBC;3Com EtherLink XL 90XB/C, драйвер адаптера; C:WINDOWSsystem32DRIVERSel90xbc5.sys [2001-08-17 66591]
    S3 FilterService;UVC Filter Service; C:WINDOWSsystem32DRIVERSlvuvcflt.sys []
    S3 GarenaPEngine;GarenaPEngine; ??C:DOCUME~1AdminLOCALS~1TempHVK3F.tmp []
    S3 lvpopflt;Logitech POP Suppression Filter; C:WINDOWSsystem32DRIVERSlvpopflt.sys []
    S3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys []
    S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:WINDOWSsystem32DRIVERSlvuvc.sys []
    S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]
    S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]
    S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]
    S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2009-02-09 17664]
    S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2009-02-09 22016]
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
    S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]
    S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]
    S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2009-02-09 7808]
    S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2009-08-28 40448]
    S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-14 60032]
    S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
    S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
    S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2008-04-14 26112]
    S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2009-02-09 7808]
    S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
    S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]
    S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]
    S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
    S3 XDva309;XDva309; ??C:WINDOWSsystem32XDva309.sys []
    S3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver; C:WINDOWSsystem32DRIVERSWlanUZXP.sys [2007-06-14 437760]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-08-28 144672]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-08-21 573440]
    R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-12-12 238888]
    R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
    R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2009-03-04 621056]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
    S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe []
    S3 npggsvc;nProtect GameGuard Service; C:WINDOWSsystem32GameMon.des [2010-06-06 3819912]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
    S4 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2010-01-07 152984]

    EOF

  • Автор
    Сообщения
    • Просмотр 5 сообщений - с 1 по 5 (из 5 всего)