Созданные ответы форума
-
Сообщения
-
Большое спасибо за участие и помощь! Буду следовать вашим рекоммендациям! До новых встреч на форуме! 🙂 СпасибО!
Комп вроде перестает тормозить… я тут порасчистил винт, думаю может еще из-за этого тормоза возможны…
Я правильно понимаю, что пока ничего криминально благодаря логам RSITи MBAM ничего найдено не было?Malwarebytes’ Anti-Malware 1.46
http://www.malwarebytes.orgВерсия базы данных: 4446
Windows 6.0.6000
Internet Explorer 7.0.6000.1703718.08.2010 22:01:34
mbam-log-2010-08-18 (22-01-34).txtТип сканирования: Быстрое сканирование
Просканированные объекты: 135050
Времени прошло: 7 минут, 2 секундЗараженные процессы в памяти: 0
Зараженные модули в памяти: 0
Зараженные ключи в реестре: 0
Зараженные параметры в реестре: 0
Объекты реестра заражены: 0
Зараженные папки: 0
Зараженные файлы: 0Зараженные процессы в памяти:
(Вредоносных программ не обнаружено)Зараженные модули в памяти:
(Вредоносных программ не обнаружено)Зараженные ключи в реестре:
(Вредоносных программ не обнаружено)Зараженные параметры в реестре:
(Вредоносных программ не обнаружено)Объекты реестра заражены:
(Вредоносных программ не обнаружено)Зараженные папки:
(Вредоносных программ не обнаружено)Зараженные файлы:
(Вредоносных программ не обнаружено)Добрый вечер!
Выкладываю вначале лог RSIT, а потом MBAM (он ничего не нашел):Logfile of random’s system information tool 1.08 (written by random/random)
Run by User at 2010-08-18 22:02:30
Microsoft® Windows Vista™ Home Basic
System drive C: has 8 GB (8%) free of 102 GB
Total RAM: 2046 MB (55% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:02:33, on 18.08.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: NormalRunning processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:Program FilesDellTPadApoint.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesPunto Switcherpunto.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:WindowsSystem32rundll32.exe
C:Program FilesDellTPadApMsgFwd.exe
C:Program FilesDellTPadApntex.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesDellTPadHidFind.exe
C:Program FilesSetPointSetPoint.exe
C:Program FilesCommon FilesLogitechkhalsharedKHALMNPR.EXE
c:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
C:Windowssystem32SearchFilterHost.exe
C:UsersUserDesktopвсячинаисцеление PC DefenderRSIT.exe
C:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NVHotkey] rundll32.exe C:Windowssystem32nvHotkey.dll,Start
O4 — HKLM..Run: [Apoint] C:Program FilesDellTPadApoint.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKCU..RunOnce: [Shockwave Updater] C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe -Update -1151601 -«Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618)» -«http://lms.universtal.ru/content/pkg61724/resources/resource_33/___run2_2.1.1.htm»
O4 — Startup: Apoint.lnk = C:Program FilesDellTPadApoint.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: Digital Line Detect.lnk = C:Program FilesDigital Line DetectDLG.exe
O4 — Global Startup: QuickSet.lnk = ?
O4 — Global Startup: SetPoint.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O8 — Extra context menu item: Отправить изображение на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: Отправить страницу на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 — HKLMSystemCCSServicesTcpip..{967A8621-689C-41DD-BD6B-CDE810FB6AED}: NameServer = 212.1.224.34,212.1.230.111
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: SigmaTel Audio Service (STacSV) — SigmaTel, Inc. — C:Windowssystem32STacSV.exe
O23 — Service: stllssvr — Unknown owner — C:Program FilesCommon FilesSureThing Sharedstllssvr.exe (file missing)
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exe—
End of file — 7710 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2010-06-19 75200][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-04-12 41760][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-12-03 2213160]
«Kernel and Hardware Abstraction Layer»=C:WindowsKHALMNPR.EXE [2007-01-11 101136]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2006-10-03 221184]
«NvSvc»=C:Windowssystem32nvsvc.dll [2007-10-04 86016]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2007-10-04 8497696]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2007-10-04 81920]
«NVHotkey»=C:Windowssystem32nvHotkey.dll [2007-10-04 86016]
«Apoint»=C:Program FilesDellTPadApoint.exe [2007-09-24 159744]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2009-04-09 2029640]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2010-06-20 35760]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2010-06-09 976832][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe [2007-12-13 1688872]
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-16 735016]
«WindowsWelcomeCenter»=oobefldr.dll,ShowWelcomeCenter []
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2006-11-02 201728][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Shockwave Updater»=C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe [2009-07-31 468408]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
Digital Line Detect.lnk — C:Program FilesDigital Line DetectDLG.exe
QuickSet.lnk — C:WindowsInstaller{7F0C4457-8E64-491B-8D7B-991504365D1E}NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
SetPoint.lnk — C:Program FilesSetPointSetPoint.exeC:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Apoint.lnk — C:Program FilesDellTPadApoint.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{AEB6717E-7E19-11d0-97EE-00C04FD91972}»= [][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«NoInternetOpenWith «=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=0
«NoSMConfigurePrograms»=1
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2010-08-17 23:51:16 —-D—- C:111
2010-08-17 21:09:41 —-D—- C:124
2010-08-16 00:29:19 —-D—- C:Program FilesHetman Software
2010-08-15 12:03:22 —-SHD—- C:$RECYCLE.BIN
2010-08-15 12:03:18 —-D—- C:Windowstemp
2010-08-15 12:03:16 —-A—- C:ComboFix.txt
2010-08-15 11:45:34 —-A—- C:Windowszip.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWXCACLS.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWSC.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWREG.exe
2010-08-15 11:45:34 —-A—- C:Windowssed.exe
2010-08-15 11:45:34 —-A—- C:WindowsPEV.exe
2010-08-15 11:45:34 —-A—- C:WindowsNIRCMD.exe
2010-08-15 11:45:34 —-A—- C:WindowsMBR.exe
2010-08-15 11:45:34 —-A—- C:Windowsgrep.exe
2010-08-15 11:45:25 —-D—- C:ComboFix
2010-08-15 11:42:07 —-D—- C:WindowsERDNT
2010-08-15 11:41:49 —-D—- C:Qoobox
2010-08-13 21:48:00 —-D—- C:Program Filestrend micro
2010-08-13 21:47:59 —-D—- C:rsit======List of files/folders modified in the last 1 months======
2010-08-18 22:02:33 —-D—- C:WindowsPrefetch
2010-08-18 22:01:04 —-D—- C:UsersUserAppDataRoamingSkype
2010-08-18 21:40:10 —-D—- C:UsersUserAppDataRoamingskypePM
2010-08-18 21:20:26 —-D—- C:WindowsSystem32
2010-08-18 21:20:26 —-D—- C:Windowsinf
2010-08-18 21:20:26 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-08-18 00:52:20 —-RD—- C:Program Files
2010-08-18 00:51:53 —-A—- C:WindowsNeroDigital.ini
2010-08-18 00:51:26 —-D—- C:Windows
2010-08-18 00:51:12 —-D—- C:WindowsDebug
2010-08-17 23:53:22 —-SHD—- C:System Volume Information
2010-08-16 21:38:45 —-A—- C:Windowswin.ini
2010-08-16 19:58:16 —-D—- C:UsersUserAppDataRoaminguTorrent
2010-08-15 13:28:29 —-SHD—- C:WindowsInstaller
2010-08-15 13:28:19 —-D—- C:Program FilesCommon FilesRoxio Shared
2010-08-15 13:28:19 —-D—- C:Program FilesCommon Files
2010-08-15 13:27:55 —-D—- C:Windowssystem32drivers
2010-08-15 13:27:47 —-RSD—- C:WindowsFonts
2010-08-15 13:27:21 —-D—- C:ProgramDataRoxio
2010-08-15 13:10:25 —-D—- C:VAD
2010-08-15 11:58:32 —-A—- C:Windowssystem.ini
2010-08-15 11:58:19 —-D—- C:Windowssystem32driversetc
2010-08-15 11:53:03 —-D—- C:WindowsAppPatch
2010-08-15 11:12:23 —-D—- C:Windowssystem32config
2010-08-15 11:12:23 —-D—- C:Boot
2010-08-08 15:27:41 —-D—- C:Windowssystem32catroot2
2010-08-02 01:09:10 —-A—- C:Windowsmjmcontrol.ini
2010-08-02 01:09:09 —-A—- C:WindowsUkrInfo.ini
2010-08-02 01:04:14 —-D—- C:Program FilesAuslogics======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:Windowssystem32driversiastor.sys [2007-04-29 277784]
R0 prohlp02;StarForce Protection Helper Driver v2; C:WindowsSystem32driversprohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:WindowsSystem32driversprosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:WindowsSystem32DriversPxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:WindowsSystem32driverssfhlp01.sys [2003-12-01 4832]
R1 ehdrv;ehdrv; C:Windowssystem32DRIVERSehdrv.sys [2009-04-09 107256]
R1 epfwtdi;epfwtdi; C:Windowssystem32DRIVERSepfwtdi.sys [2009-04-09 55768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WindowsSystem32driversprodrv06.sys [2004-08-09 53920]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-12-30 281760]
R2 eamon;eamon; C:Windowssystem32DRIVERSeamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:Windowssystem32DRIVERSepfw.sys [2009-04-09 133000]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-12-30 25888]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2007-04-29 12672]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-04-29 32256]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-04-29 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-04-29 37376]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2007-04-29 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:Windowssystem32DRIVERSApfiltr.sys [2007-09-24 155136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0; C:Windowssystem32DRIVERSb57nd60x.sys [2007-05-11 179712]
R3 BCM43XX;Драйвер платы Dell Wireless WLAN Card; C:Windowssystem32DRIVERSbcmwl6.sys [2007-10-10 1044472]
R3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2009-04-06 19456]
R3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2006-11-02 92160]
R3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2009-04-06 29184]
R3 btwaudio;Аудиоустройство Bluetooth; C:Windowssystem32driversbtwaudio.sys [2006-11-07 78128]
R3 btwavdt;Bluetooth AVDT Service; C:Windowssystem32driversbtwavdt.sys [2006-11-07 80176]
R3 btwrchid;btwrchid; C:Windowssystem32DRIVERSbtwrchid.sys [2006-11-07 16560]
R3 Epfwndis;Eset Personal Firewall; C:Windowssystem32DRIVERSEpfwndis.sys [2009-04-09 33096]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2007-04-29 986624]
R3 HSXHWAZL;HSXHWAZL; C:Windowssystem32DRIVERSHSXHWAZL.sys [2007-04-29 206848]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:Windowssystem32DRIVERSLHidFilt.Sys [2007-01-11 32272]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:Windowssystem32DRIVERSLMouFilt.Sys [2007-01-11 32528]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2007-10-04 7628608]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:Windowssystem32DRIVERSOEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:Windowssystem32DRIVERSOEM02Vfx.sys [2007-08-29 7424]
R3 pfc;Padus ASPI Shell; C:Windowssystem32driverspfc.sys [2008-04-01 10368]
R3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2007-11-21 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:Windowssystem32driversstwrt.sys [2007-06-27 326656]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2007-04-29 659968]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2009-04-06 220160]
S3 catchme;catchme; ??C:UsersUserAppDataLocalTempcatchme.sys []
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2006-11-02 5632]
S3 e1express;Intel(R) PRO/1000 драйвер сетевого подключения PCI Express; C:Windowssystem32DRIVERSe1e6032.sys [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2007-08-24 101504]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:Windowssystem32DRIVERSk750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:Windowssystem32DRIVERSk750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:Windowssystem32DRIVERSk750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:Windowssystem32DRIVERSk750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:Windowssystem32DRIVERSk750obex.sys [2005-07-07 79488]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2006-11-02 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:Windowssystem32DRIVERSatikmdag.sys [2006-11-02 2028032]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2006-11-02 82560]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2006-11-02 22016]
R2 ekrn;ESET Service; C:Program FilesESETESET Smart Securityekrn.exe [2009-04-09 731840]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-12-03 869672]
R2 STacSV;SigmaTel Audio Service; C:Windowssystem32STacSV.exe [2007-06-27 94208]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2007-04-29 386560]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-12-13 447784]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2009-04-09 20680]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:Program FilesCommon FilesSureThing Sharedstllssvr.exe []
EOF
комьютер продолжает жить своей жизнью… все работает, но очень медленно:
Logfile of random’s system information tool 1.08 (written by random/random)
Run by User at 2010-08-15 19:46:29
Microsoft® Windows Vista™ Home Basic
System drive C: has 1 GB (1%) free of 102 GB
Total RAM: 2046 MB (47% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:46:41, on 15.08.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: NormalRunning processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:Program FilesDellTPadApoint.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesAdobeReader 9.0Readerreader_sl.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesDellTPadApMsgFwd.exe
C:Program FilesPunto Switcherpunto.exe
C:Program FilesDellTPadApntex.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesSetPointSetPoint.exe
C:Program FilesDellTPadHidFind.exe
c:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe
C:Program FilesCommon FilesLogitechkhalsharedKHALMNPR.EXE
C:Program FilesSkypePhoneSkype.exe
C:Windowssystem32SearchFilterHost.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:UsersUserDesktopвсячинаисцеление PC DefenderRSIT.exe
C:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NVHotkey] rundll32.exe C:Windowssystem32nvHotkey.dll,Start
O4 — HKLM..Run: [Apoint] C:Program FilesDellTPadApoint.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKCU..RunOnce: [Shockwave Updater] C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe -Update -1151601 -«Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618)» -«http://lms.universtal.ru/content/pkg61724/resources/resource_33/___run2_2.1.1.htm»
O4 — Startup: Apoint.lnk = C:Program FilesDellTPadApoint.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: Digital Line Detect.lnk = C:Program FilesDigital Line DetectDLG.exe
O4 — Global Startup: QuickSet.lnk = ?
O4 — Global Startup: SetPoint.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O8 — Extra context menu item: Отправить изображение на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: Отправить страницу на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 — HKLMSystemCCSServicesTcpip..{967A8621-689C-41DD-BD6B-CDE810FB6AED}: NameServer = 212.1.224.34,212.1.230.111
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: SigmaTel Audio Service (STacSV) — SigmaTel, Inc. — C:Windowssystem32STacSV.exe
O23 — Service: stllssvr — Unknown owner — C:Program FilesCommon FilesSureThing Sharedstllssvr.exe (file missing)
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exe—
End of file — 7801 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2010-06-19 75200][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-04-12 41760][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-12-03 2213160]
«Kernel and Hardware Abstraction Layer»=C:WindowsKHALMNPR.EXE [2007-01-11 101136]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2006-10-03 221184]
«NvSvc»=C:Windowssystem32nvsvc.dll [2007-10-04 86016]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2007-10-04 8497696]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2007-10-04 81920]
«NVHotkey»=C:Windowssystem32nvHotkey.dll [2007-10-04 86016]
«Apoint»=C:Program FilesDellTPadApoint.exe [2007-09-24 159744]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2009-04-09 2029640]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2010-06-20 35760]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2010-06-09 976832][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe [2007-12-13 1688872]
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-16 735016]
«WindowsWelcomeCenter»=oobefldr.dll,ShowWelcomeCenter []
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2006-11-02 201728][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Shockwave Updater»=C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe [2009-07-31 468408]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
Digital Line Detect.lnk — C:Program FilesDigital Line DetectDLG.exe
QuickSet.lnk — C:WindowsInstaller{7F0C4457-8E64-491B-8D7B-991504365D1E}NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
SetPoint.lnk — C:Program FilesSetPointSetPoint.exeC:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Apoint.lnk — C:Program FilesDellTPadApoint.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{AEB6717E-7E19-11d0-97EE-00C04FD91972}»= [][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«NoInternetOpenWith «=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=0
«NoSMConfigurePrograms»=1
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2010-08-15 12:03:22 —-SHD—- C:$RECYCLE.BIN
2010-08-15 12:03:18 —-D—- C:Windowstemp
2010-08-15 12:03:16 —-A—- C:ComboFix.txt
2010-08-15 11:45:34 —-A—- C:Windowszip.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWXCACLS.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWSC.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWREG.exe
2010-08-15 11:45:34 —-A—- C:Windowssed.exe
2010-08-15 11:45:34 —-A—- C:WindowsPEV.exe
2010-08-15 11:45:34 —-A—- C:WindowsNIRCMD.exe
2010-08-15 11:45:34 —-A—- C:WindowsMBR.exe
2010-08-15 11:45:34 —-A—- C:Windowsgrep.exe
2010-08-15 11:45:25 —-D—- C:ComboFix
2010-08-15 11:42:07 —-D—- C:WindowsERDNT
2010-08-15 11:41:49 —-D—- C:Qoobox
2010-08-13 21:48:00 —-D—- C:Program Filestrend micro
2010-08-13 21:47:59 —-D—- C:rsit======List of files/folders modified in the last 1 months======
2010-08-15 19:45:25 —-D—- C:UsersUserAppDataRoamingskypePM
2010-08-15 19:45:25 —-D—- C:UsersUserAppDataRoamingSkype
2010-08-15 13:58:39 —-RD—- C:Program Files
2010-08-15 13:58:10 —-D—- C:WindowsSystem32
2010-08-15 13:58:09 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-08-15 13:58:08 —-D—- C:Windowsinf
2010-08-15 13:28:29 —-SHD—- C:WindowsInstaller
2010-08-15 13:28:19 —-D—- C:Program FilesCommon FilesRoxio Shared
2010-08-15 13:28:19 —-D—- C:Program FilesCommon Files
2010-08-15 13:27:55 —-D—- C:Windowssystem32drivers
2010-08-15 13:27:47 —-RSD—- C:WindowsFonts
2010-08-15 13:27:21 —-D—- C:ProgramDataRoxio
2010-08-15 13:24:10 —-SHD—- C:System Volume Information
2010-08-15 13:10:25 —-D—- C:VAD
2010-08-15 12:46:23 —-D—- C:Windows
2010-08-15 11:58:32 —-A—- C:Windowssystem.ini
2010-08-15 11:58:19 —-D—- C:Windowssystem32driversetc
2010-08-15 11:53:03 —-D—- C:WindowsAppPatch
2010-08-15 11:41:59 —-D—- C:WindowsPrefetch
2010-08-15 11:12:23 —-D—- C:Windowssystem32config
2010-08-15 11:12:23 —-D—- C:Boot
2010-08-14 19:29:19 —-D—- C:WindowsDebug
2010-08-08 15:27:41 —-D—- C:Windowssystem32catroot2
2010-08-02 01:09:42 —-A—- C:WindowsNeroDigital.ini
2010-08-02 01:09:10 —-A—- C:Windowsmjmcontrol.ini
2010-08-02 01:09:09 —-A—- C:Windowswin.ini
2010-08-02 01:09:09 —-A—- C:WindowsUkrInfo.ini
2010-08-02 01:04:14 —-D—- C:Program FilesAuslogics
2010-07-27 18:53:37 —-D—- C:UsersUserAppDataRoaminguTorrent======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:Windowssystem32driversiastor.sys [2007-04-29 277784]
R0 prohlp02;StarForce Protection Helper Driver v2; C:WindowsSystem32driversprohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:WindowsSystem32driversprosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:WindowsSystem32DriversPxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:WindowsSystem32driverssfhlp01.sys [2003-12-01 4832]
R1 ehdrv;ehdrv; C:Windowssystem32DRIVERSehdrv.sys [2009-04-09 107256]
R1 epfwtdi;epfwtdi; C:Windowssystem32DRIVERSepfwtdi.sys [2009-04-09 55768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WindowsSystem32driversprodrv06.sys [2004-08-09 53920]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-12-30 281760]
R2 eamon;eamon; C:Windowssystem32DRIVERSeamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:Windowssystem32DRIVERSepfw.sys [2009-04-09 133000]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-12-30 25888]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2007-04-29 12672]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-04-29 32256]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-04-29 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-04-29 37376]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2007-04-29 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:Windowssystem32DRIVERSApfiltr.sys [2007-09-24 155136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0; C:Windowssystem32DRIVERSb57nd60x.sys [2007-05-11 179712]
R3 BCM43XX;Драйвер платы Dell Wireless WLAN Card; C:Windowssystem32DRIVERSbcmwl6.sys [2007-10-10 1044472]
R3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2009-04-06 19456]
R3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2006-11-02 92160]
R3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2009-04-06 29184]
R3 btwaudio;Аудиоустройство Bluetooth; C:Windowssystem32driversbtwaudio.sys [2006-11-07 78128]
R3 btwavdt;Bluetooth AVDT Service; C:Windowssystem32driversbtwavdt.sys [2006-11-07 80176]
R3 btwrchid;btwrchid; C:Windowssystem32DRIVERSbtwrchid.sys [2006-11-07 16560]
R3 Epfwndis;Eset Personal Firewall; C:Windowssystem32DRIVERSEpfwndis.sys [2009-04-09 33096]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2007-04-29 986624]
R3 HSXHWAZL;HSXHWAZL; C:Windowssystem32DRIVERSHSXHWAZL.sys [2007-04-29 206848]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:Windowssystem32DRIVERSLHidFilt.Sys [2007-01-11 32272]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:Windowssystem32DRIVERSLMouFilt.Sys [2007-01-11 32528]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2007-10-04 7628608]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:Windowssystem32DRIVERSOEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:Windowssystem32DRIVERSOEM02Vfx.sys [2007-08-29 7424]
R3 pfc;Padus ASPI Shell; C:Windowssystem32driverspfc.sys [2008-04-01 10368]
R3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2007-11-21 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:Windowssystem32driversstwrt.sys [2007-06-27 326656]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2007-04-29 659968]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2009-04-06 220160]
S3 catchme;catchme; ??C:UsersUserAppDataLocalTempcatchme.sys []
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2006-11-02 5632]
S3 e1express;Intel(R) PRO/1000 драйвер сетевого подключения PCI Express; C:Windowssystem32DRIVERSe1e6032.sys [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2007-08-24 101504]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:Windowssystem32DRIVERSk750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:Windowssystem32DRIVERSk750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:Windowssystem32DRIVERSk750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:Windowssystem32DRIVERSk750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:Windowssystem32DRIVERSk750obex.sys [2005-07-07 79488]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2006-11-02 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:Windowssystem32DRIVERSatikmdag.sys [2006-11-02 2028032]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2006-11-02 82560]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2006-11-02 22016]
R2 ekrn;ESET Service; C:Program FilesESETESET Smart Securityekrn.exe [2009-04-09 731840]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-12-03 869672]
R2 STacSV;SigmaTel Audio Service; C:Windowssystem32STacSV.exe [2007-06-27 94208]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2007-04-29 386560]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-12-13 447784]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2009-04-09 20680]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:Program FilesCommon FilesSureThing Sharedstllssvr.exe []
EOF
День добрый!
Выкладываю:ComboFix 10-08-14.02 — User 15.08.2010 11:47:53.1.2 — x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1251.7.1049.18.2046.1227 [GMT 4:00]
Running from: c:usersUserDesktopComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Персональный файервол ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: Защитник Windows *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ESET Smart Security 4.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:usersUserAppDataRoamingAldea
c:usersUserAppDataRoamingMicrosoftInternet ExplorerqiPSearchbar.dll
c:windowssystem32Пузыри.scr
c:windowssystem32ssField Lines.scr
c:windowssystem32ssRibbons.scr
c:windowssystem32SYSINTERNALS_BLUESCREEN.SCR.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.2010-08-15 07:58 . 2010-08-15 07:58
d
w- c:usersDefaultAppDataLocaltemp
2010-08-13 17:48 . 2010-08-13 17:48
d
w- c:program filestrend micro
2010-08-13 17:47 . 2010-08-13 17:48
d
w- C:rsit.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 07:20 . 2006-11-09 07:20 85900 —-a-w- c:windowssystem32perfc019.dat
2010-08-15 07:20 . 2006-11-09 07:20 530020 —-a-w- c:windowssystem32perfh019.dat
2010-08-15 07:13 . 2007-11-21 09:27 3308 —-a-w- c:windowsbthservsdp.dat
2010-08-14 11:54 . 2008-12-26 20:59
d
w- c:usersUserAppDataRoamingSkype
2010-08-14 06:21 . 2008-12-26 21:03
d
w- c:usersUserAppDataRoamingskypePM
2010-08-08 18:52 . 2008-04-07 00:26 680 —-a-w- c:usersUserAppDataLocald3d9caps.dat
2010-08-02 20:55 . 2007-11-21 09:46
d
w- c:program filesRoxio
2010-08-01 21:26 . 2007-11-21 09:45
d
w- c:program filesCommon FilesSonic Shared
2010-08-01 21:04 . 2010-01-01 03:52
d
w- c:program filesAuslogics
2010-07-27 14:53 . 2009-11-15 18:47
d
w- c:usersUserAppDataRoaminguTorrent
2010-07-11 06:24 . 2010-07-11 05:57
d
w- c:program filesExact Audio Copy
2010-07-10 17:34 . 2008-03-31 23:19 27240 —-a-w- c:usersUserAppDataRoamingnvModes.dat
2010-07-05 16:45 . 2010-07-05 16:45
d
w- c:program filesQS
2007-11-21 17:20 . 2007-11-21 17:11 8192 —sha-w- c:windowsUsersDefaultNTUSER.DAT
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2007-12-13 1688872]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«WindowsWelcomeCenter»=»oobefldr.dll» [2006-11-02 2159104]
«WMPNSCFG»=»c:program filesWindows Media PlayerWMPNSCFG.exe» [2006-11-02 201728][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
«Shockwave Updater»=»c:windowssystem32AdobeShockwave 11SwHelper_1151601.exe» [2009-07-31 468408][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2007-12-03 2213160]
«Kernel and Hardware Abstraction Layer»=»KHALMNPR.EXE» [2007-01-11 101136]
«ISUSPM Startup»=»c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe» [2006-10-03 221184]
«NvSvc»=»c:windowssystem32nvsvc.dll» [2007-10-04 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-10-04 8497696]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-10-04 81920]
«NVHotkey»=»c:windowssystem32nvHotkey.dll» [2007-10-04 86016]
«Apoint»=»c:program filesDellTPadApoint.exe» [2007-09-24 159744]
«egui»=»c:program filesESETESET Smart Securityegui.exe» [2009-04-09 2029640]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2010-06-20 35760]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-06-09 976832]c:usersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Apoint.lnk — c:program filesDellTPadApoint.exe [2007-11-21 159744]c:programdataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk — c:program filesDigital Line DetectDLG.exe [2007-11-21 50688]
QuickSet.lnk — c:windowsInstaller{7F0C4457-8E64-491B-8D7B-991504365D1E}NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-11-21 45056]
SetPoint.lnk — c:program filesSetPointSetPoint.exe [2007-11-21 679936][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«mixer2″=wdmaud.drv[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-333778006-3081254602-750035399-1000]
«EnableNotificationsRef»=dword:00000001S1 ehdrv;ehdrv;c:windowssystem32DRIVERSehdrv.sys [2009-04-09 107256]
S2 ekrn;ESET Service;c:program filesESETESET Smart Securityekrn.exe [2009-04-09 731840]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0;c:windowssystem32DRIVERSb57nd60x.sys [2007-05-11 179712][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
.
Supplementary Scan
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Translate with Lingvo — c:program filesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
IE: Отправить изображение на &устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: Отправить страницу на &устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie.htm
TCP: {967A8621-689C-41DD-BD6B-CDE810FB6AED} = 212.1.224.34,212.1.230.111
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-15 11:58
Windows 6.0.6000 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.032UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.032»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.aniUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ani»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.arwUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.arw»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bayUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.bay»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bmpUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.bmp»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bwUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.bw»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cr2UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.cr2»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.crwUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.crw»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cs1UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.cs1»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.curUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.cur»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcrUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.dcr»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcxUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.dcx»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dibUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.dib»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.djv»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvuUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.djvu»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dngUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.dng»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.emf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.epsUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.eps»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.erfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.erf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fffUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.fff»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fpxUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.fpx»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.gifUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.gif»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.hdrUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.hdr»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iclUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.icl»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.icnUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.icn»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.icoUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ico»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iffUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.iff»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ilbmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ilbm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.int»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intaUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.inta»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iw4UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.iw4»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2cUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.j2c»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2kUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.j2k»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jfifUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jfif»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jifUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jif»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jp2UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jp2»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpcUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpc»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpeUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpe»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpegUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpeg»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpgUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpg»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpkUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpk»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpxUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpx»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.lbmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.lbm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mefUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.mef»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mosUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.mos»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mrwUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.mrw»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nefUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.nef»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.orfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.orf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pbm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcdUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pcd»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pctUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pct»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcxUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pcx»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pefUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pef»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pgmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pgm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.picUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pic»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pictUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pict»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pixUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pix»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pngUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.png»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ppmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ppm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.psdUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.psd»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.psp»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspimageUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pspimage»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rafUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.raf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rasUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ras»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rawUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.raw»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.rgb»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbaUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.rgba»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rleUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.rle»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rsbUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.rsb»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sgiUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.sgi»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sr2UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.sr2»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.srf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tgaUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.tga»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.thmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.thm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tiffUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.tiff»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttcUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ttc»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ttf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v20poUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.v20po»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v20ppUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.v20pp»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v20ppfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.v20ppf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.wbm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmpUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.wbmp»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.wmf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xbmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.xbm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xifUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.xif»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xmpUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.xmp»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xpmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.xpm»[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=»FlashBroker»
«LocalizedString»=»@c:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe,-101»[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]
«Enabled»=dword:00000001[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]
@=»c:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe»[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker4″[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0»[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}004AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}005AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}006AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}007AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}008AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}009AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}010AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
Completion time: 2010-08-15 12:03:15
ComboFix-quarantined-files.txt 2010-08-15 08:03Pre-Run: 1 615 507 456 байт свободно
Post-Run: 1 350 631 424 байт свободно— — End Of File — — 38D0F3B443F7C19179F1637487C9ADB8
Добрый вечер!
выкладываю лог RSIT:Logfile of random’s system information tool 1.08 (written by random/random)
Run by User at 2010-08-13 21:47:59
Microsoft® Windows Vista™ Home Basic
System drive C: has 233 MB (0%) free of 102 GB
Total RAM: 2046 MB (51% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:48:08, on 13.08.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:Program FilesDellTPadApoint.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesPunto Switcherpunto.exe
C:WindowsSystem32rundll32.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesDellTPadApMsgFwd.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesSetPointSetPoint.exe
C:Program FilesDellTPadHidFind.exe
C:Program FilesDellTPadApntex.exe
C:Program FilesCommon FilesLogitechkhalsharedKHALMNPR.EXE
c:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe
C:Program FilesInternet Exploreriexplore.exe
C:UsersUserDesktopRSIT.exe
C:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=eu&l=en&s=gen
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Internet Explorer предоставлен: Dell
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:UsersUserAppDataRoamingMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: (no name) — — shell32.dll (file missing)
F2 — REG:system.ini: UserInit=C:Windowssystem32userinit.exe,C:Windowssystem32f86330d.exe,
O1 — Hosts: ::1 localhost
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:UsersUserAppDataRoamingMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NVHotkey] rundll32.exe C:Windowssystem32nvHotkey.dll,Start
O4 — HKLM..Run: [Apoint] C:Program FilesDellTPadApoint.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKCU..RunOnce: [Shockwave Updater] C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe -Update -1151601 -«Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618)» -«http://lms.universtal.ru/content/pkg61724/resources/resource_33/___run2_2.1.1.htm»
O4 — HKCU..RunOnce: [FlashPlayerUpdate] C:Windowssystem32MacromedFlashFlashUtil10h_ActiveX.exe -update activex
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: Apoint.lnk = C:Program FilesDellTPadApoint.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: Digital Line Detect.lnk = C:Program FilesDigital Line DetectDLG.exe
O4 — Global Startup: QuickSet.lnk = ?
O4 — Global Startup: SetPoint.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O8 — Extra context menu item: Отправить изображение на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: Отправить страницу на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — shell32.dll (file missing)
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 — HKLMSystemCCSServicesTcpip..{967A8621-689C-41DD-BD6B-CDE810FB6AED}: NameServer = 212.1.224.34,212.1.230.111
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: RoxMediaDB9 — Sonic Solutions — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 — Service: Roxio Hard Drive Watcher 9 (RoxWatch9) — Sonic Solutions — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe
O23 — Service: SigmaTel Audio Service (STacSV) — SigmaTel, Inc. — C:Windowssystem32STacSV.exe
O23 — Service: stllssvr — Unknown owner — C:Program FilesCommon FilesSureThing Sharedstllssvr.exe (file missing)
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exe—
End of file — 9248 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2010-06-19 75200][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:UsersUserAppDataRoamingMicrosoftInternet Explorerqipsearchbar.dll [2009-06-17 119808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-04-12 41760][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-12-03 2213160]
«Kernel and Hardware Abstraction Layer»=C:WindowsKHALMNPR.EXE [2007-01-11 101136]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2006-10-03 221184]
«NvSvc»=C:Windowssystem32nvsvc.dll [2007-10-04 86016]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2007-10-04 8497696]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2007-10-04 81920]
«NVHotkey»=C:Windowssystem32nvHotkey.dll [2007-10-04 86016]
«Apoint»=C:Program FilesDellTPadApoint.exe [2007-09-24 159744]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2009-04-09 2029640]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2010-06-20 35760]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2010-06-09 976832][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe [2007-12-13 1688872]
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-16 735016]
«WindowsWelcomeCenter»=oobefldr.dll,ShowWelcomeCenter []
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2006-11-02 201728][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Shockwave Updater»=C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe [2009-07-31 468408]
«FlashPlayerUpdate»=C:Windowssystem32MacromedFlashFlashUtil10h_ActiveX.exe [2010-06-15 231888]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
Digital Line Detect.lnk — C:Program FilesDigital Line DetectDLG.exe
QuickSet.lnk — C:WindowsInstaller{7F0C4457-8E64-491B-8D7B-991504365D1E}NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
SetPoint.lnk — C:Program FilesSetPointSetPoint.exeC:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Apoint.lnk — C:Program FilesDellTPadApoint.exe[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«NoInternetOpenWith «=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=0
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2010-08-13 21:48:00 —-D—- C:Program Filestrend micro
2010-08-13 21:47:59 —-D—- C:rsit======List of files/folders modified in the last 1 months======
2010-08-13 21:48:08 —-D—- C:WindowsPrefetch
2010-08-13 21:48:01 —-D—- C:WindowsTemp
2010-08-13 21:48:00 —-RD—- C:Program Files
2010-08-13 21:12:39 —-D—- C:WindowsSystem32
2010-08-13 21:12:37 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-08-13 21:12:36 —-D—- C:Windowsinf
2010-08-13 21:01:03 —-SHD—- C:System Volume Information
2010-08-09 21:17:54 —-D—- C:Windows
2010-08-09 21:17:26 —-D—- C:WindowsDebug
2010-08-08 23:08:54 —-D—- C:UsersUserAppDataRoamingSkype
2010-08-08 22:53:05 —-D—- C:UsersUserAppDataRoamingskypePM
2010-08-08 15:27:41 —-D—- C:Windowssystem32catroot2
2010-08-06 01:24:01 —-D—- C:VAD
2010-08-03 00:55:47 —-SHD—- C:WindowsInstaller
2010-08-03 00:55:02 —-D—- C:Program FilesRoxio
2010-08-03 00:55:00 —-D—- C:Program FilesCommon Files
2010-08-03 00:36:55 —-SHD—- C:Boot
2010-08-03 00:36:55 —-D—- C:Windowssystem32config
2010-08-02 01:26:07 —-D—- C:Program FilesCommon FilesSonic Shared
2010-08-02 01:09:42 —-A—- C:WindowsNeroDigital.ini
2010-08-02 01:09:10 —-A—- C:Windowsmjmcontrol.ini
2010-08-02 01:09:09 —-A—- C:Windowswin.ini
2010-08-02 01:09:09 —-A—- C:WindowsUkrInfo.ini
2010-08-02 01:04:14 —-D—- C:Program FilesAuslogics
2010-07-27 18:53:37 —-D—- C:UsersUserAppDataRoaminguTorrent======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:Windowssystem32driversiastor.sys [2007-04-29 277784]
R0 prohlp02;StarForce Protection Helper Driver v2; C:WindowsSystem32driversprohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:WindowsSystem32driversprosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:WindowsSystem32DriversPxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:WindowsSystem32driverssfhlp01.sys [2003-12-01 4832]
R1 ehdrv;ehdrv; C:Windowssystem32DRIVERSehdrv.sys [2009-04-09 107256]
R1 epfwtdi;epfwtdi; C:Windowssystem32DRIVERSepfwtdi.sys [2009-04-09 55768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WindowsSystem32driversprodrv06.sys [2004-08-09 53920]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-12-30 281760]
R2 eamon;eamon; C:Windowssystem32DRIVERSeamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:Windowssystem32DRIVERSepfw.sys [2009-04-09 133000]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-12-30 25888]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2007-04-29 12672]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-04-29 32256]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-04-29 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-04-29 37376]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2007-04-29 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:Windowssystem32DRIVERSApfiltr.sys [2007-09-24 155136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0; C:Windowssystem32DRIVERSb57nd60x.sys [2007-05-11 179712]
R3 BCM43XX;Драйвер платы Dell Wireless WLAN Card; C:Windowssystem32DRIVERSbcmwl6.sys [2007-10-10 1044472]
R3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2009-04-06 19456]
R3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2006-11-02 92160]
R3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2009-04-06 29184]
R3 btwaudio;Аудиоустройство Bluetooth; C:Windowssystem32driversbtwaudio.sys [2006-11-07 78128]
R3 btwavdt;Bluetooth AVDT Service; C:Windowssystem32driversbtwavdt.sys [2006-11-07 80176]
R3 btwrchid;btwrchid; C:Windowssystem32DRIVERSbtwrchid.sys [2006-11-07 16560]
R3 Epfwndis;Eset Personal Firewall; C:Windowssystem32DRIVERSEpfwndis.sys [2009-04-09 33096]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2007-04-29 986624]
R3 HSXHWAZL;HSXHWAZL; C:Windowssystem32DRIVERSHSXHWAZL.sys [2007-04-29 206848]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:Windowssystem32DRIVERSLHidFilt.Sys [2007-01-11 32272]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:Windowssystem32DRIVERSLMouFilt.Sys [2007-01-11 32528]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2007-10-04 7628608]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:Windowssystem32DRIVERSOEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:Windowssystem32DRIVERSOEM02Vfx.sys [2007-08-29 7424]
R3 pfc;Padus ASPI Shell; C:Windowssystem32driverspfc.sys [2008-04-01 10368]
R3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2007-11-21 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:Windowssystem32driversstwrt.sys [2007-06-27 326656]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2007-04-29 659968]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2009-04-06 220160]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2006-11-02 5632]
S3 e1express;Intel(R) PRO/1000 драйвер сетевого подключения PCI Express; C:Windowssystem32DRIVERSe1e6032.sys [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2007-08-24 101504]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:Windowssystem32DRIVERSk750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:Windowssystem32DRIVERSk750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:Windowssystem32DRIVERSk750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:Windowssystem32DRIVERSk750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:Windowssystem32DRIVERSk750obex.sys [2005-07-07 79488]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2006-11-02 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:Windowssystem32DRIVERSatikmdag.sys [2006-11-02 2028032]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2006-11-02 82560]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2006-11-02 22016]
R2 ekrn;ESET Service; C:Program FilesESETESET Smart Securityekrn.exe [2009-04-09 731840]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-12-03 869672]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe [2006-11-05 159744]
R2 STacSV;SigmaTel Audio Service; C:Windowssystem32STacSV.exe [2007-06-27 94208]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2007-04-29 386560]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-12-13 447784]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2009-04-09 20680]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:Program FilesCommon FilesSureThing Sharedstllssvr.exe []
EOF
Получается все? Избавился от заразы? отличнО! и большое спасибО!
Давайте теперь посомтрим что с компом моего брата : жалуется, что стал работать гораздо медленнее… Начинаем с RSIT?сделали со старыми. лог прикрепляю. А что делать теперь с MBAM? как обновить? или установить заново?
как удалять combofix, rsit, hijack ? СпасибоMalwarebytes’ Anti-Malware 1.40
Версия базы данных: 2708
Windows 6.0.6001 Service Pack 110.08.2010 22:48:53
mbam-log-2010-08-10 (22-48-53).txtТип проверки: Полная (C:|)
Проверено объектов: 264490
Прошло времени: 57 minute(s), 12 second(s)Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 0
Заражено значений реестра: 0
Заражено параметров реестра: 0
Заражено папок: 0
Заражено файлов: 0Заражено процессов в памяти:
(Вредоносные программы не обнаружены)Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
(Вредоносные программы не обнаружены)Заражено значений реестра:
(Вредоносные программы не обнаружены)Заражено параметров реестра:
(Вредоносные программы не обнаружены)Заражено папок:
(Вредоносные программы не обнаружены)Заражено файлов:
(Вредоносные программы не обнаружены)какже меня так угораздло… 🙁
отправляю еще один лог:ComboFix 10-08-07.02 — sony 09.08.2010 22:37:28.2.2 — x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.7.1049.18.2046.1220 [GMT 4:00]
Running from: c:userssonyDesktopComboFix.exe
Command switches used :: c:userssonyDesktopCFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Защитник Windows *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesWindows Defender
c:program filesWindows DefenderMpAsDesc.dll
c:program filesWindows DefenderMpClient.dll
c:program filesWindows DefenderMpCmdRun.exe
c:program filesWindows DefenderMpEvMsg.dll
c:program filesWindows DefenderMpOAV.dll
c:program filesWindows DefenderMpRtMon.dll
c:program filesWindows DefenderMpRtPlug.dll
c:program filesWindows DefenderMpSigDwn.dll
c:program filesWindows DefenderMpSoftEx.dll
c:program filesWindows DefenderMpSvc.dll
c:program filesWindows DefenderMSASCui.exe
c:program filesWindows DefenderMsMpCom.dll
c:program filesWindows DefenderMsMpLics.dll
c:program filesWindows DefenderMsMpRes.dll
c:program filesWindows Defenderru-RUMpAsDesc.dll.mui
c:program filesWindows Defenderru-RUMpEvMsg.dll.mui
c:program filesWindows Defenderru-RUMsMpRes.dll.mui.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.2010-08-09 18:45 . 2010-08-09 18:47
d
w- c:userssonyAppDataLocaltemp
2010-08-09 18:45 . 2010-08-09 18:45
d
w- c:usersPublicAppDataLocaltemp
2010-08-08 12:23 . 2010-08-08 12:23
d
w- C:rsit
2010-08-08 12:23 . 2010-08-08 12:23
d
w- c:program filestrend micro
2010-07-17 12:45 . 2010-04-14 17:47 293376 —-a-w- c:windowssystem32psisdecd.dll
2010-07-17 12:45 . 2010-04-14 17:46 428544 —-a-w- c:windowssystem32EncDec.dll
2010-07-17 12:43 . 2009-11-08 06:55 99176 —-a-w- c:windowssystem32PresentationHostProxy.dll
2010-07-17 12:43 . 2009-11-08 06:55 295264 —-a-w- c:windowssystem32PresentationHost.exe
2010-07-17 12:43 . 2009-11-08 06:55 49472 —-a-w- c:windowssystem32netfxperf.dll
2010-07-17 12:43 . 2009-11-08 06:55 297808 —-a-w- c:windowssystem32mscoree.dll
2010-07-17 12:43 . 2009-11-08 06:55 1130824 —-a-w- c:windowssystem32dfshim.dll
2010-07-14 05:23 . 2010-04-05 16:07 67072 —-a-w- c:windowssystem32asycfilt.dll
2010-07-14 05:23 . 2010-04-16 16:05 28672 —-a-w- c:windowssystem32Apphlpdm.dll
2010-07-14 05:23 . 2010-04-16 14:17 4240384 —-a-w- c:windowssystem32GameUXLegacyGDFs.dll
2010-07-14 05:23 . 2010-05-26 14:25 289792 —-a-w- c:windowssystem32atmfd.dll
2010-07-14 05:23 . 2010-05-26 16:16 34304 —-a-w- c:windowssystem32atmlib.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 18:45 . 2008-10-19 09:07 12 —-a-w- c:windowsbthservsdp.dat
2010-08-09 17:42 . 2006-11-09 07:21 656392 —-a-w- c:windowssystem32perfh019.dat
2010-08-09 17:42 . 2006-11-09 07:21 126656 —-a-w- c:windowssystem32perfc019.dat
2010-08-08 11:15 . 2009-11-13 19:42
d
w- c:userssonyAppDataRoaminguTorrent
2010-08-08 11:06 . 2009-07-14 19:49
d
w- c:userssonyAppDataRoamingSkype
2010-08-08 09:21 . 2009-11-13 19:42
d
w- c:program filesuTorrent
2010-07-17 12:51 . 2006-11-02 11:18
d
w- c:program filesWindows Mail
2010-05-21 10:14 . 2009-10-03 05:55 221568
w- c:windowssystem32MpSigStub.exe
1999-06-25 07:55 . 2008-12-06 13:58 149504 —-a-w- c:program filesUNWISE.EXE
.(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.— c:program filesUNWISE.EXE —
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 149504
Created time: 2008-12-06 13:58
Modified time: 1999-06-25 07:55
MD5: 443E13846997C537E8F5ED61130AB705
SHA1: 6B10D458A5F1E3DBF8DFA96B118CF232D3A66F5F— c:windowssystem32Apphlpdm.dll —
Company: Microsoft Corporation
File Description: Модуль поддержки совместимости приложений
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Операционная система Microsoft® Windows®
Copyright: © Корпорация Майкрософт. Все права защищены.
Original Filename: apphlpdm.dll.mui
File size: 28672
Created time: 2010-07-14 05:23
Modified time: 2010-04-16 16:05
MD5: 44936AEDE6FE843701170CDB483CD76C
SHA1: C158D2EAC0AB2F42EBB66F54F6C01BF6FEFA13E5— c:windowssystem32asycfilt.dll —
Company: Microsoft Corporation
File Description:
File Version: 6.0.6001.18454
Product Name:
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename:
File size: 67072
Created time: 2010-07-14 05:23
Modified time: 2010-04-05 16:07
MD5: C006588AA4814F367B6A1311D17BBE73
SHA1: 45203BFF972F22B91400F98B637B15D7F479C908— c:windowssystem32atmfd.dll —
Company: Adobe Systems Incorporated
File Description: Windows NT OpenType/Type 1 Font Driver
File Version: 5.1 Build 228
Product Name: Adobe Type Manager
Copyright: ©1983-1990, 1993-2004 Adobe Systems Inc.
Original Filename: ATMFD.DLL
File size: 289792
Created time: 2010-07-14 05:23
Modified time: 2010-05-26 14:25
MD5: 700291E989B010CF342035987E147E73
SHA1: 5EB226AFA2BAF84DD9FF5BE5356161C3A4FD8872— c:windowssystem32atmlib.dll —
Company: Adobe Systems
File Description: Windows NT OpenType/Type 1 API Library.
File Version: 5.1 Build 228
Product Name: Adobe Type Manager
Copyright: ©1983-1990, 1993-2004 Adobe Systems Inc.
Original Filename: ATMLIB.DLL
File size: 34304
Created time: 2010-07-14 05:23
Modified time: 2010-05-26 16:16
MD5: 33798B26A32F9788FD2968F117C6B7B2
SHA1: CB861B83D6A0EBFC120A1157033C16C8B4C4308D— c:windowssystem32dfshim.dll —
Company: Microsoft Corporation
File Description: ClickOnce Application Deployment Support Library
File Version: 4.0.31106.0 (Main.031106-0000)
Product Name: Microsoft® .NET Framework
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: dfshim.dll
File size: 1130824
Created time: 2010-07-17 12:43
Modified time: 2009-11-08 06:55
MD5: FA4B5940B31853ADE67A73026884C8C9
SHA1: A329FCE2B14118FB32BEE1875CA7F5897AEDE155— c:windowssystem32EncDec.dll —
Company: Microsoft Corporation
File Description: Кодеки XDS и фильтры шифровщика и расшифровщика.
File Version: 6.6.6000.16386 (vista_rtm.061101-2205)
Product Name: Операционная система Microsoft® Windows®
Copyright: © Корпорация Майкрософт. Все права защищены.
Original Filename: EncDec.dll.mui
File size: 428544
Created time: 2010-07-17 12:45
Modified time: 2010-04-14 17:46
MD5: 9087C15CE234D3399EB892CA700E1518
SHA1: 57570806EE34A8675018882296116E0D10EDF176— c:windowssystem32GameUXLegacyGDFs.dll —
Company: Microsoft
File Description: Legacy GDF resource DLL
File Version: 1.0.0.1
Product Name: Legacy GDF resource DLL
Copyright: (c) Microsoft. All rights reserved.
Original Filename: GameUXLegacyGDFs.dll
File size: 4240384
Created time: 2010-07-14 05:23
Modified time: 2010-04-16 14:17
MD5: 82E5E353FE09DC84C4232825674B3F1A
SHA1: FA641013998B0CF09127DA00170747870E6CBA62— c:windowssystem32MpSigStub.exe —
Company: Microsoft Corporation
File Description: Microsoft Malware Protection Signature Update Stub
File Version: 2.1.1112.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: MpSigStub.exe
File size: 221568
Created time: 2009-10-03 05:55
Modified time: 2010-05-21 10:14
MD5: B2C19B2BE2A8C467F2B5C6D63574D9F6
SHA1: B1B677FAC184E5903583312A50FD04F34CBAB3B1— c:windowssystem32mscoree.dll —
Company: Microsoft Corporation
File Description: Microsoft .NET Runtime Execution Engine
File Version: 4.0.31106.0 (Main.031106-0000)
Product Name: Microsoft® .NET Framework
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: mscoree.dll
File size: 297808
Created time: 2010-07-17 12:43
Modified time: 2009-11-08 06:55
MD5: 128DD9AF8640DBCC711940903C8B554F
SHA1: 437703D6916457B7B7E6367CB285FDD952CBE550— c:windowssystem32netfxperf.dll —
Company: Microsoft Corporation
File Description: Extensible Performance Counter Shim
File Version: 4.0.31106.0 (Main.031106-0000)
Product Name: Microsoft® .NET Framework
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: netfxperf.dll
File size: 49472
Created time: 2010-07-17 12:43
Modified time: 2009-11-08 06:55
MD5: 15515AE1540B4EE2B75DF63FC15129DF
SHA1: 4A247F06653681012DA78E2FCD09B8AF1D794EEB— c:windowssystem32PresentationHost.exe —
Company: Корпорация Майкрософт
File Description: Узел Windows Presentation Foundation
File Version: 3.0.6920.1453 built by: NetFX
Product Name: Microsoft® .NET Framework
Copyright: © Корпорация Майкрософт (Microsoft Corp.). Все права защищены.
Original Filename: PresentationHost.exe.mui
File size: 295264
Created time: 2010-07-17 12:43
Modified time: 2009-11-08 06:55
MD5: 302964DCAC79D618CC7B72C778DA9FD2
SHA1: 105B805B992F2B2FE4DDEBB6915D616FC4F1E196— c:windowssystem32PresentationHostProxy.dll —
Company: Microsoft Corporation
File Description: Windows Presentation Foundation Host Proxy
File Version: 4.0.31106.0 built by: Main
Product Name: Microsoft® .NET Framework
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: PresentationHostProxy.dll
File size: 99176
Created time: 2010-07-17 12:43
Modified time: 2009-11-08 06:55
MD5: DFF617498211FBB3D8D3FCC51A37B777
SHA1: 1A6EBBA96FEB2F014B0A7B5EE9A9BD2BF28BAD50— c:windowssystem32psisdecd.dll —
Company: Microsoft Corporation
File Description: Microsoft SI/PSI parser for MPEG2 based networks.
File Version: 6.6.6001.18459 (vistasp1_gdr.100414-0533)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: psisdecd.dll
File size: 293376
Created time: 2010-07-17 12:45
Modified time: 2010-04-14 17:47
MD5: A6E278C31CD0AFEAF22E1FA35472CD19
SHA1: 22333D20F7F38A40035922DF55E7D01675B460B2((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«NSUFloatingUI»=»c:program filesSonyNetwork UtilityLANUtil.exe» [2007-11-26 253952]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2007-12-13 1688872]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-04-24 39408]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-08-25 4669440]
«Apoint»=»c:program filesApointApoint.exe» [2007-06-10 118784]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2007-05-11 40048]
«ISBMgr.exe»=»c:program filesSonyISB UtilityISBMgr.exe» [2007-09-19 311296]
«Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2007-12-10 1838592]
«MarketingTools»=»c:program filesSonyMarketing ToolsMarketingTools.exe» [2007-12-10 36864]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2007-12-03 2213160]
«V0470Mon.exe»=»c:windowsV0470Mon.exe» [2007-04-11 32768]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-10-11 149280]
«NvSvc»=»c:windowssystem32nvsvc.dll» [2007-11-16 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-11-16 8497696]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-11-16 81920]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-05-14 2029640][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyVESWinlogon]
2007-08-14 17:05 98304 —-a-w- c:windowsSystem32VESWinlogon.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1GoogleGOOGLE~1GoogleDesktopNetwork3.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-3017918878-1056736650-3520941960-1003]
«EnableNotificationsRef»=dword:00000001R0 BtHidBus;Bluetooth HID Bus Service;c:windowsSystem32DriversBtHidBus.sys [x]
R2 gupdate1ca04bc30c2d331;Служба Google Update (gupdate1ca04bc30c2d331);c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-14 133104]
R3 btnetBUs;Bluetooth PAN Bus Service;c:windowssystem32DriversbtnetBus.sys [2008-12-07 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:windowssystem32DriversIvtBtBus.sys [x]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:program filesSonyVAIO Media Integrated ServerUCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:program filesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:program filesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:program filesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe [2007-09-28 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:program filesCommon FilesSony SharedVcmXmlVcmXmlIfHelper.exe [2007-09-20 79136]
S1 ehdrv;ehdrv;c:windowssystem32DRIVERSehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:windowssystem32DRIVERSepfwtdir.sys [2009-05-14 94360]
S2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2009-05-14 731840]
S2 NSUService;NSUService;c:program filesSonyNetwork UtilityNSUService.exe [2007-11-26 204800]
S2 regi;regi;c:windowssystem32driversregi.sys [2007-04-17 11032]
S3 SFEP;Sony Firmware Extension Parser;c:windowssystem32DRIVERSSFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:windowssystem32driversti21sony.sys [2007-06-06 812544]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:windowssystem32DRIVERSV0470Vid.sys [2007-04-20 146368][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the ‘Scheduled Tasks’ folder2010-08-09 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-14 19:49]2010-08-09 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-14 19:49]
.
.
Supplementary Scan
.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {312EF9F3-BFD1-4364-90DA-F83585309A50} = 212.1.224.34,212.1.230.111
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 22:46
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
«MSCurrentCountry»=dword:000000b8[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘Explorer.exe'(2480)
c:program filesPunto Switcherpshook.dll
.
Other Running Processes
.
c:windowssystem32conime.exe
c:program filesCommon FilesInterVideoRegMgriviRegMgr.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
c:program filesNeroNero8Nero BackItUpNBService.exe
c:program filesSonyVAIO Event ServiceVESMgr.exe
c:program filesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe
c:windowssystem32DRIVERSxaudio.exe
c:program filesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
c:program filesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzFw.exe
c:windowssystem32WUDFHost.exe
c:program filesApointApMsgFwd.exe
c:windowsSystem32rundll32.exe
c:windowsSystem32rundll32.exe
c:program filesApointApntex.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:\?c:windowssystem32wbemWMIADAP.EXE
c:windowsservicingTrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-09 22:53:53 — machine was rebooted
ComboFix-quarantined-files.txt 2010-08-09 18:53
ComboFix2.txt 2010-08-09 17:52Pre-Run: 16 888 020 992 байт свободно
Post-Run: 16 862 973 952 байт свободно— — End Of File — — 69B55850CCE3549CBF67CF8482483D10
Добрый вечер!
После запуска Combofix PC Defender исчез. Отправляю лог файл:
если все хорошо, что делать дальше? Нужно удалять Combofix?ComboFix 10-08-07.02 — sony 09.08.2010 21:38:19.1.2 — x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.7.1049.18.2046.1205 [GMT 4:00]
Running from: c:userssonyDesktopComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Защитник Windows *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesDef Group
c:program filesDef GroupPC Defenderpcdef.exe
c:program filesDef GroupPC Defenderproccheck.exe
c:program filesDef GroupPC Defenderprockill32.exe
c:program filesDef GroupPC Defenderprockill64.exe
c:program filesDef GroupPC Defenderrundelay.exe
c:program filesDef GroupPC Defenderuninstall.bat
c:program filesINSTALL.LOG
c:programdataMicrosoftWindowsStart MenuProgramsPC Defender
c:programdataMicrosoftWindowsStart MenuProgramsPC DefenderPC Defender.lnk
c:programdataMicrosoftWindowsStart MenuProgramsPC DefenderUninstall.lnk
C:restore.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.2010-08-09 17:47 . 2010-08-09 17:47
d
w- c:usersDefaultAppDataLocaltemp
2010-08-08 12:23 . 2010-08-08 12:23
d
w- C:rsit
2010-08-08 12:23 . 2010-08-08 12:23
d
w- c:program filestrend micro
2010-07-17 12:45 . 2010-04-14 17:47 293376 —-a-w- c:windowssystem32psisdecd.dll
2010-07-17 12:45 . 2010-04-14 17:46 428544 —-a-w- c:windowssystem32EncDec.dll
2010-07-17 12:43 . 2009-11-08 06:55 99176 —-a-w- c:windowssystem32PresentationHostProxy.dll
2010-07-17 12:43 . 2009-11-08 06:55 295264 —-a-w- c:windowssystem32PresentationHost.exe
2010-07-17 12:43 . 2009-11-08 06:55 49472 —-a-w- c:windowssystem32netfxperf.dll
2010-07-17 12:43 . 2009-11-08 06:55 297808 —-a-w- c:windowssystem32mscoree.dll
2010-07-17 12:43 . 2009-11-08 06:55 1130824 —-a-w- c:windowssystem32dfshim.dll
2010-07-14 05:23 . 2010-04-05 16:07 67072 —-a-w- c:windowssystem32asycfilt.dll
2010-07-14 05:23 . 2010-04-16 16:05 28672 —-a-w- c:windowssystem32Apphlpdm.dll
2010-07-14 05:23 . 2010-04-16 14:17 4240384 —-a-w- c:windowssystem32GameUXLegacyGDFs.dll
2010-07-14 05:23 . 2010-05-26 14:25 289792 —-a-w- c:windowssystem32atmfd.dll
2010-07-14 05:23 . 2010-05-26 16:16 34304 —-a-w- c:windowssystem32atmlib.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 17:42 . 2006-11-09 07:21 656392 —-a-w- c:windowssystem32perfh019.dat
2010-08-09 17:42 . 2006-11-09 07:21 126656 —-a-w- c:windowssystem32perfc019.dat
2010-08-09 17:33 . 2008-10-19 09:07 12 —-a-w- c:windowsbthservsdp.dat
2010-08-08 11:15 . 2009-11-13 19:42
d
w- c:userssonyAppDataRoaminguTorrent
2010-08-08 11:06 . 2009-07-14 19:49
d
w- c:userssonyAppDataRoamingSkype
2010-08-08 09:21 . 2009-11-13 19:42
d
w- c:program filesuTorrent
2010-07-17 12:51 . 2006-11-02 11:18
d
w- c:program filesWindows Mail
2010-05-21 10:14 . 2009-10-03 05:55 221568
w- c:windowssystem32MpSigStub.exe
1999-06-25 07:55 . 2008-12-06 13:58 149504 —-a-w- c:program filesUNWISE.EXE
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«NSUFloatingUI»=»c:program filesSonyNetwork UtilityLANUtil.exe» [2007-11-26 253952]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2007-12-13 1688872]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-04-24 39408]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»c:program filesWindows DefenderMSASCui.exe» [2008-01-19 1008184]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-08-25 4669440]
«Apoint»=»c:program filesApointApoint.exe» [2007-06-10 118784]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2007-05-11 40048]
«ISBMgr.exe»=»c:program filesSonyISB UtilityISBMgr.exe» [2007-09-19 311296]
«Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2007-12-10 1838592]
«MarketingTools»=»c:program filesSonyMarketing ToolsMarketingTools.exe» [2007-12-10 36864]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2007-12-03 2213160]
«V0470Mon.exe»=»c:windowsV0470Mon.exe» [2007-04-11 32768]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-10-11 149280]
«NvSvc»=»c:windowssystem32nvsvc.dll» [2007-11-16 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-11-16 8497696]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-11-16 81920]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-05-14 2029640][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyVESWinlogon]
2007-08-14 17:05 98304 —-a-w- c:windowsSystem32VESWinlogon.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1GoogleGOOGLE~1GoogleDesktopNetwork3.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-3017918878-1056736650-3520941960-1003]
«EnableNotificationsRef»=dword:00000001R0 BtHidBus;Bluetooth HID Bus Service;c:windowsSystem32DriversBtHidBus.sys [x]
R2 gupdate1ca04bc30c2d331;Служба Google Update (gupdate1ca04bc30c2d331);c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-14 133104]
R3 btnetBUs;Bluetooth PAN Bus Service;c:windowssystem32DriversbtnetBus.sys [2008-12-07 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:windowssystem32DriversIvtBtBus.sys [x]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:program filesSonyVAIO Media Integrated ServerUCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:program filesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:program filesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:program filesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe [2007-09-28 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:program filesCommon FilesSony SharedVcmXmlVcmXmlIfHelper.exe [2007-09-20 79136]
S1 ehdrv;ehdrv;c:windowssystem32DRIVERSehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:windowssystem32DRIVERSepfwtdir.sys [2009-05-14 94360]
S2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2009-05-14 731840]
S2 NSUService;NSUService;c:program filesSonyNetwork UtilityNSUService.exe [2007-11-26 204800]
S2 regi;regi;c:windowssystem32driversregi.sys [2007-04-17 11032]
S3 SFEP;Sony Firmware Extension Parser;c:windowssystem32DRIVERSSFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:windowssystem32driversti21sony.sys [2007-06-06 812544]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:windowssystem32DRIVERSV0470Vid.sys [2007-04-20 146368][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the ‘Scheduled Tasks’ folder2010-08-09 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-14 19:49]2010-08-08 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-14 19:49]
.
.
Supplementary Scan
.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {312EF9F3-BFD1-4364-90DA-F83585309A50} = 212.1.224.34,212.1.230.111
.
— — — — ORPHANS REMOVED — — — —BHO-{0FE8F188-6CC9-55E8-B26C-6C3E65D114E6} — (no file)
HKLM-Run-ShutDoun — G:shutdoun-setup.exe
HKLM-Run-PC Defender — c:program filesDef GroupPC Defenderpcdef.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 21:47
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
c:userssonyAppDataLocalTempcatchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
«MSCurrentCountry»=dword:000000b8[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
Completion time: 2010-08-09 21:52:08
ComboFix-quarantined-files.txt 2010-08-09 17:52Pre-Run: 17 096 740 864 байт свободно
Post-Run: 16 858 132 480 байт свободно— — End Of File — — 9FFDF9952F94822F9612E8B511BE0566
добрый вечер. Если честно, то не понял, что означает ссылка СДЕЛАЙТЕ ТАКОЙ ЛОГ. Запустил hijackthis. Получил вот такой лог файл:
Что делать дальше?Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:13:12, on 08.08.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesApointApoint.exe
C:Program FilesAdobeReader 8.0Readerreader_sl.exe
C:Program FilesSonyISB UtilityISBMgr.exe
C:Program FilesSonyMarketing ToolsMarketingTools.exe
C:Windowssystem32taskeng.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:WindowsV0470Mon.exe
C:Program FilesJavajre6binjusched.exe
C:WindowsSystem32rundll32.exe
C:Program FilesDef GroupPC Defenderpcdef.exe
C:Program FilesSonyNetwork UtilityLANUtil.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesPunto Switcherpunto.exe
C:WindowsSystem32rundll32.exe
C:Program FilesApointApMsgFwd.exe
C:Program FilesApointApntex.exe
C:Program FilesDef GroupPC Defenderprockill32.exe
C:Program FilesDef GroupPC Defenderprockill32.exe
C:Program FilesDef GroupPC Defenderproccheck.exe
C:UserssonyDesktopHijackThis.exe
C:WindowsSystem32mobsync.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.club-vaio.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.club-vaio.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 — Hosts: ::1 localhost
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: MS Media Module — {0FE8F188-6CC9-55E8-B26C-6C3E65D114E6} — (no file)
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.5.5126.1836swg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [Apoint] C:Program FilesApointApoint.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [ISBMgr.exe] «C:Program FilesSonyISB UtilityISBMgr.exe»
O4 — HKLM..Run: [Google Desktop Search] «C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe» /startup
O4 — HKLM..Run: [MarketingTools] C:Program FilesSonyMarketing ToolsMarketingTools.exe
O4 — HKLM..Run: [ShutDoun] G:shutdoun-setup.exe 21:00 20:00 1
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [V0470Mon.exe] C:WindowsV0470Mon.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [PC Defender] C:Program FilesDef GroupPC Defenderpcdef.exe
O4 — HKCU..Run: [NSUFloatingUI] «C:Program FilesSonyNetwork UtilityLANUtil.exe»
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [swg] «C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe»
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Google ВикиКомментарии… — res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O17 — HKLMSystemCCSServicesTcpip..{312EF9F3-BFD1-4364-90DA-F83585309A50}: NameServer = 212.1.224.34,212.1.230.111
O17 — HKLMSystemCS1ServicesTcpip..{312EF9F3-BFD1-4364-90DA-F83585309A50}: NameServer = 212.1.224.34,212.1.230.111
O17 — HKLMSystemCS2ServicesTcpip..{312EF9F3-BFD1-4364-90DA-F83585309A50}: NameServer = 212.1.224.34,212.1.230.111
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: Symantec Lic NetConnect service (CLTNetCnService) — Unknown owner — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (file missing)
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: GoogleDesktopManager — Google — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 — Service: Служба Google Update (gupdate1ca04bc30c2d331) (gupdate1ca04bc30c2d331) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 — Service: IviRegMgr — InterVideo — C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
O23 — Service: MSCSPTISRV — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: NSUService — Sony Corporation — C:Program FilesSonyNetwork UtilityNSUService.exe
O23 — Service: PACSPTISVR — Unknown owner — C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 — Service: Sony SPTI Service (SPTISRV) — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 — Service: VAIO Entertainment TV Device Arbitration Service — Sony Corporation — C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCsVzHardwareResourceManagerVzHardwareResourceManager.exe
O23 — Service: VAIO Event Service — Sony Corporation — C:Program FilesSonyVAIO Event ServiceVESMgr.exe
O23 — Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) — Sony Corporation — C:Program FilesSonyVAIO Media Integrated ServerVMISrv.exe
O23 — Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) — Sony Corporation — C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe
O23 — Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) — Sony Corporation — C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe
O23 — Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) — Sony Corporation — C:Program FilesSonyVAIO Media Integrated ServerPlatformVmGateway.exe
O23 — Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) — Sony Corporation — C:Program FilesSonyVAIO Media Integrated ServerUCLS.exe
O23 — Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) — Sony Corporation — C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe
O23 — Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) — Sony Corporation — C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe
O23 — Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) — Sony Corporation — C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe
O23 — Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) — Sony Corporation — C:Program FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper.exe
O23 — Service: VAIO Entertainment UPnP Client Adapter (Vcsw) — Sony Corporation — C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe
O23 — Service: VAIO Entertainment Database Service (VzCdbSvc) — Sony Corporation — C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
O23 — Service: VAIO Entertainment File Import Service (VzFw) — Sony Corporation — C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzFw.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exe—
End of file — 10574 bytesLOG.txt:
Logfile of random’s system information tool 1.08 (written by random/random)
Run by sony at 2010-08-08 16:23:20
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 16 GB (9%) free of 183 GB
Total RAM: 2046 MB (66% free)HijackThis download failed
======Scheduled tasks folder======
C:WindowstasksGoogleUpdateTaskMachineCore.job
C:WindowstasksGoogleUpdateTaskMachineUA.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0FE8F188-6CC9-55E8-B26C-6C3E65D114E6}]
MS Media Module[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2010-07-14 278192][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.5.5126.1836swg.dll [2010-07-14 814648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-10-11 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2010-07-14 278192][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2008-01-19 1008184]
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2007-08-25 4669440]
«Apoint»=C:Program FilesApointApoint.exe [2007-06-10 118784]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2007-05-11 40048]
«ISBMgr.exe»=C:Program FilesSonyISB UtilityISBMgr.exe [2007-09-19 311296]
«Google Desktop Search»=C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2007-12-10 1838592]
«MarketingTools»=C:Program FilesSonyMarketing ToolsMarketingTools.exe [2007-12-10 36864]
«ShutDoun»=G:shutdoun-setup.exe 21:00 20:00 1 []
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-12-03 2213160]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2009-05-14 2029640]
«V0470Mon.exe»=C:WindowsV0470Mon.exe [2007-04-11 32768]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-10-11 149280]
«NvSvc»=C:Windowssystem32nvsvc.dll [2007-11-16 86016]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2007-11-16 8497696]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2007-11-16 81920]
«PC Defender»=C:Program FilesDef GroupPC Defenderpcdef.exe [2010-08-07 1056768][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«NSUFloatingUI»=C:Program FilesSonyNetwork UtilityLANUtil.exe [2007-11-26 253952]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe [2007-12-13 1688872]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-04-24 39408]
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-16 735016][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLs»=»C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyVESWinlogon]
C:Windowssystem32VESWinlogon.dll [2007-08-14 98304][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2010-08-08 16:23:20 —-D—- C:rsit
2010-08-08 16:23:20 —-D—- C:Program Filestrend micro
2010-08-08 15:10:10 —-D—- C:Program FilesDef Group
2010-08-03 22:30:22 —-A—- C:Windowssystem32shell32.dll
2010-07-17 16:45:03 —-A—- C:Windowssystem32psisdecd.dll
2010-07-17 16:45:00 —-A—- C:Windowssystem32EncDec.dll
2010-07-17 16:43:55 —-A—- C:Windowssystem32PresentationHostProxy.dll
2010-07-17 16:43:55 —-A—- C:Windowssystem32PresentationHost.exe
2010-07-17 16:43:54 —-A—- C:Windowssystem32netfxperf.dll
2010-07-17 16:43:54 —-A—- C:Windowssystem32mscoree.dll
2010-07-17 16:43:54 —-A—- C:Windowssystem32dfshim.dll
2010-07-14 09:23:31 —-A—- C:Windowssystem32asycfilt.dll
2010-07-14 09:23:17 —-A—- C:Windowssystem32Apphlpdm.dll
2010-07-14 09:23:14 —-A—- C:Windowssystem32GameUXLegacyGDFs.dll
2010-07-14 09:23:08 —-A—- C:Windowssystem32atmfd.dll
2010-07-14 09:23:06 —-A—- C:Windowssystem32atmlib.dll
2010-07-14 09:22:39 —-A—- C:Windowssystem32mshtml.dll
2010-07-14 09:22:38 —-A—- C:Windowssystem32occache.dll
2010-07-14 09:22:37 —-A—- C:Windowssystem32wininet.dll
2010-07-14 09:22:35 —-A—- C:Windowssystem32urlmon.dll
2010-07-14 09:22:33 —-A—- C:Windowssystem32ieframe.dll
2010-07-14 09:22:31 —-A—- C:Windowssystem32ieapfltr.dll
2010-07-14 09:22:29 —-A—- C:Windowssystem32mshtmled.dll
2010-07-14 09:22:29 —-A—- C:Windowssystem32iertutil.dll
2010-07-14 09:22:28 —-A—- C:Windowssystem32iedkcs32.dll
2010-07-14 09:22:27 —-A—- C:Windowssystem32msfeeds.dll
2010-07-14 09:22:26 —-A—- C:Windowssystem32iepeers.dll
2010-07-14 09:22:25 —-A—- C:Windowssystem32ieaksie.dll
2010-07-14 09:22:24 —-A—- C:Windowssystem32ieUnatt.exe
2010-07-14 09:22:23 —-A—- C:Windowssystem32ieencode.dll
2010-07-14 09:22:22 —-A—- C:Windowssystem32mstime.dll
2010-07-14 09:22:20 —-A—- C:Windowssystem32jsproxy.dll
2010-07-14 09:22:16 —-A—- C:Windowssystem32quartz.dll
2010-07-14 09:22:13 —-A—- C:Windowssystem32win32k.sys======List of files/folders modified in the last 1 months======
2010-08-08 16:23:21 —-D—- C:WindowsPrefetch
2010-08-08 16:23:20 —-RD—- C:Program Files
2010-08-08 16:23:18 —-D—- C:WindowsTemp
2010-08-08 16:23:09 —-D—- C:WindowsSystem32
2010-08-08 16:23:08 —-D—- C:Windowsinf
2010-08-08 16:23:08 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-08-08 15:44:51 —-D—- C:Windows
2010-08-08 15:16:42 —-D—- C:WindowsDebug
2010-08-08 15:15:22 —-D—- C:UserssonyAppDataRoaminguTorrent
2010-08-08 15:10:16 —-SHD—- C:WindowsInstaller
2010-08-08 15:06:56 —-D—- C:UserssonyAppDataRoamingSkype
2010-08-08 13:21:33 —-D—- C:Program FilesuTorrent
2010-08-08 13:15:37 —-D—- C:Фильмы
2010-08-07 00:05:54 —-D—- C:Флешка
2010-08-07 00:05:54 —-D—- C:Документы
2010-08-06 23:39:16 —-SHD—- C:System Volume Information
2010-08-05 20:40:44 —-D—- C:Windowssystem32catroot2
2010-08-04 08:15:12 —-D—- C:Windowswinsxs
2010-08-03 22:27:50 —-D—- C:Windowssystem32catroot
2010-07-28 20:45:37 —-A—- C:WindowsNeroDigital.ini
2010-07-25 11:39:26 —-D—- C:ФОТО
2010-07-17 17:07:28 —-D—- C:WindowsMicrosoft.NET
2010-07-17 17:06:51 —-RSD—- C:Windowsassembly
2010-07-17 16:51:27 —-D—- C:WindowsAppPatch
2010-07-17 16:51:27 —-D—- C:Program FilesWindows Mail
2010-07-17 16:51:26 —-D—- C:Windowssystem32wbem
2010-07-17 16:51:24 —-D—- C:Windowsehome
2010-07-17 16:51:20 —-D—- C:Program FilesInternet Explorer======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:Windowssystem32driversiastor.sys [2007-03-01 277784]
R0 PxHelp20;PxHelp20; C:WindowsSystem32DriversPxHelp20.sys [2008-11-20 43872]
R1 DMICall;Sony DMI Call service; C:Windowssystem32DRIVERSDMICall.sys [2007-09-19 10216]
R1 ehdrv;ehdrv; C:Windowssystem32DRIVERSehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:Windowssystem32DRIVERSepfwtdir.sys [2009-05-14 94360]
R2 eamon;eamon; C:Windowssystem32DRIVERSeamon.sys [2009-05-14 114472]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2007-10-25 12672]
R2 regi;regi; C:Windowssystem32driversregi.sys [2007-04-17 11032]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2007-10-25 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:Windowssystem32DRIVERSApfiltr.sys [2007-06-10 140800]
R3 GEARAspiWDM;GEARAspiWDM; C:WindowsSystem32DriversGEARAspiWDM.sys [2006-09-19 15664]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2007-10-25 985600]
R3 HSXHWAZL;HSXHWAZL; C:Windowssystem32DRIVERSHSXHWAZL.sys [2007-10-25 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2007-08-25 1841312]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2007-11-16 7626400]
R3 SFEP;Sony Firmware Extension Parser; C:Windowssystem32DRIVERSSFEP.sys [2007-08-29 9344]
R3 ti21sony;ti21sony; C:Windowssystem32driversti21sony.sys [2007-06-06 812544]
R3 usbaudio;Аудио драйвер USB (WDM); C:Windowssystem32driversusbaudio.sys [2008-01-19 73088]
R3 VF0470Vid;Live! Cam Notebook (VF0470); C:Windowssystem32DRIVERSV0470Vid.sys [2007-04-20 146368]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2007-10-25 659968]
R3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:Windowssystem32DRIVERSyk60x86.sys [2007-10-25 246784]
S0 BtHidBus;Bluetooth HID Bus Service; C:WindowsSystem32DriversBtHidBus.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:WindowsSystem32DriversBTHidMgr.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:Windowssystem32DRIVERSathr.sys [2007-06-15 705024]
S3 BlueletAudio;Bluetooth Audio Service; C:Windowssystem32DRIVERSblueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:Windowssystem32DRIVERSBlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:Windowssystem32DRIVERSbtnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WindowsSystem32Driversbtcusb.sys []
S3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2009-07-16 19456]
S3 BTHidEnum;Bluetooth HID Enumerator; C:Windowssystem32DRIVERSvbtenum.sys []
S3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2008-01-19 92160]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2009-07-16 220160]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2009-07-16 29184]
S3 btnetBUs;Bluetooth PAN Bus Service; C:WindowsSystem32DriversbtnetBus.sys [2008-12-07 30088]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:Windowssystem32DRIVERSVSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:WindowsSystem32DriversIvtBtBus.sys []
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-19 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Драйвер адаптера беспроводной сети Intel(R) PRO/Wireless 3945ABG для 32-разрядной Windows Vista; C:Windowssystem32DRIVERSNETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows Vista 32 Bit; C:Windowssystem32DRIVERSNETw4v32.sys [2007-09-19 2222080]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2008-01-19 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WindowsSystem32DriversRootMdm.sys [2008-01-19 8192]
S3 VComm;Virtual Serial port driver; C:Windowssystem32DRIVERSVComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:WindowsSystem32DriversVcommMgr.sys []
S3 WimFltr;WimFltr; C:Windowssystem32DRIVERSwimfltr.sys [2007-05-26 128104]
S4 UIUSys;Conexant Setup API; C:Windowssystem32DRIVERSUIUSYS.SYS []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-05-14 731840]
R2 IviRegMgr;IviRegMgr; C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe [2007-01-04 112152]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe [2006-10-26 335872]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-12-03 869672]
R2 NSUService;NSUService; C:Program FilesSonyNetwork UtilityNSUService.exe [2007-11-26 204800]
R2 VAIO Event Service;VAIO Event Service; C:Program FilesSonyVAIO Event ServiceVESMgr.exe [2007-08-14 182392]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe [2007-08-28 192512]
R2 VzFw;VAIO Entertainment File Import Service; C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzFw.exe [2007-08-28 131072]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2007-10-25 386560]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-12-13 447784]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe [2007-06-28 274432]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe /h ccCommon []
S2 gupdate1ca04bc30c2d331;Служба Google Update (gupdate1ca04bc30c2d331); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-07-14 133104]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-05-14 20680]
S3 GoogleDesktopManager;GoogleDesktopManager; C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2007-12-10 1838592]
S3 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe [2006-12-14 69632]
S3 SQLWriter;SQL Server VSS Writer; C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe [2006-04-14 87840]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCsVzHardwareResourceManagerVzHardwareResourceManager.exe [2007-06-28 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:Program FilesSonyVAIO Media Integrated ServerVMISrv.exe [2007-06-20 2523136]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe [2007-06-20 1089536]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:Program FilesSonyVAIO Media Integrated ServerPlatformVmGateway.exe [2007-06-20 499712]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:Program FilesSonyVAIO Media Integrated ServerUCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe [2007-06-20 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe [2007-09-28 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:Program FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper.exe [2007-09-20 79136]
EOF
INFO.TXT:
info.txt logfile of random’s system information tool 1.08 2010-08-08 16:23:23======Uninstall list======
«Правила Дорожного Движения 2008″—>»C:Program FilesПравила Дорожного Движения 2008unins000.exe»
—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
—>C:Program FilesNeroNero8\nerouninstallUNNERO.exe /UNINSTALL
—>C:WindowsUNNeroBackItUp.exe /UNINSTALL
—>C:WindowsUNNeroMediaHome.exe /UNINSTALL
—>C:WindowsUNNeroShowTime.exe /UNINSTALL
—>C:WindowsUNNeroVision.exe /UNINSTALL
—>C:WindowsUNRecode.exe /UNINSTALL
—>MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
—>MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
—>MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
—>MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
—>MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
—>MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{88B1984E-36F0-47B8-B8DC-728966807A9C}SETUP.EXE» -l0x9
Adobe Flash Player 10 ActiveX—>C:Windowssystem32MacromedFlashuninstall_activeX.exe
Adobe Photoshop 7.0 Русская версия—>C:PROGRA~1UNWISE.EXE C:PROGRA~1INSTALL.LOG
Adobe Reader 8.1.0 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A81000000003}
Alps Pointing-device for VAIO—>C:Program FilesApointUninstap.exe ADDREMOVE
Auslogics BoostSpeed—>»C:Program FilesAuslogicsAuslogics BoostSpeedunins000.exe»
Click to Disc Editor—>C:Program FilesInstallShield Installation Information{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}setup.exe -runfromtemp -l0x0419
Click to Disc—>C:Program FilesInstallShield Installation Information{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}setup.exe -runfromtemp -l0x0019 -removeonly
Creative Live! Cam Notebook Driver (1.00.03.0000)—>C:WindowsCtDrvIns.exe -uninstall -script VF0470.uns -unsext NT -plugin V0470Pin.dll -pluginres CtCamPin.crl
Creative Software AutoUpdate—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{88B1984E-36F0-47B8-B8DC-728966807A9C}SETUP.EXE» -l0x9 /remove
DivX Converter—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player—>C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
GearDrvs—>MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google Chrome—>»C:Program FilesGoogleChromeApplication5.0.375.125Installersetup.exe» —uninstall —system-level
Google Desktop—>C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopSetup.exe -uninstall
Google Earth—>MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Talk (remove only)—>»C:Program FilesGoogleGoogle Talkuninstall.exe»
Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_223E2B8E7BAD9544.exe» /uninstall
Google Toolbar for Internet Explorer—>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDAUDIO SoftV92 Data Fax Modem with SmartCP—>C:Program FilesCONEXANTCNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200UIU32m.exe -U -ISnSZIRXz.inf
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
IQ Тест 1.05—>C:Program FilesIQ ТестUninstall.exe
Java(TM) 6 Update 17—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java(TM) 6 Update 2—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
K-Lite Mega Codec Pack 1.13—>»C:Program FilesK-Lite Codec Packunins000.exe»
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 3.5 Language Pack SP1 — rus—>MsiExec.exe /I{2744791F-4E7C-32F5-AB40-AEC6A6C86DBF}
Microsoft .NET Framework 3.5 SP1—>c:WindowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007—>MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Профессиональный плюс 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall PROPLUS /dll OSETUP.DLL
Microsoft SQL Server Native Client—>MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English)—>MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer—>MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)—>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8—>MsiExec.exe /X{E2C00C8C-3D0C-40DF-BC67-44321C9E1049}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton 360—>MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
NVIDIA Drivers—>C:Windowssystem32NVUNINST.EXE UninstallGUI
OpenMG Limited Patch 4.7-07-15-19-01—>C:Program FilesCommon FilesSony SharedOpenMGHotFixesHotFix4.7-07-15-19-01HotFixSetupsetup.exe /u
OpenMG Secure Module 4.7.00—>C:PROGRA~1COMMON~1INSTAL~1Driver1150INTEL3~1IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PC Defender—>MsiExec.exe /X{456A3B12-8FE6-41AE-9E5C-5E55F0712C09}
Punto Switcher 3.0—>C:Program FilesPunto Switcheruninstall.exe
Realtek High Definition Audio Driver—>RtlUpd.exe -r -m
Roxio Activation Module—>MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Easy Media Creator Home—>MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Setting Utility Series—>»C:Program FilesInstallShield Installation Information{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}setup.exe» -runfromtemp -l0x0019 -removeonly
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Video Shared Library—>C:Program FilesInstallShield Installation Information{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}setup.exe -runfromtemp -l0x0019 -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
VAIO Content Folder Setting—>»C:Program FilesInstallShield Installation Information{23825B69-36DF-4DAD-9CFD-118D11D80F16}setup.exe» -runfromtemp -l0x0019 -removeonly
VAIO Content Metadata Intelligent Analyzing Manager—>C:Program FilesInstallShield Installation Information{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}setup.exe -runfromtemp -l0x0019 -removeonly
VAIO Content Metadata Manager Setting—>C:Program FilesInstallShield Installation Information{69351E9E-23ED-41D5-B146-EDBF83C63B66}setup.exe -runfromtemp -l0x0019 -removeonly
VAIO Content Metadata XML Interface Library—>C:Program FilesInstallShield Installation Information{B5E2DF30-1061-4DB4-AF28-08996C8E5680}setup.exe -runfromtemp -l0x0019 -removeonly
VAIO Control Center—>»C:Program FilesInstallShield Installation Information{72042FA6-5609-489F-A8EA-3C2DD650F667}setup.exe» -runfromtemp -l0x0019 -removeonly
VAIO DVD Menu Data Basic—>C:Program FilesInstallShield Installation Information{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}setup.exe -runfromtemp -l0x0019 -removeonly
VAIO Entertainment Platform—>C:Program FilesInstallShield Installation Information{6B1F20F2-6321-4669-A58C-33DF8E7517FF}setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Event Service—>»C:Program FilesInstallShield Installation Information{C7477742-DDB4-43E5-AC8D-0259E1E661B1}setup.exe» -runfromtemp -l0x0019 -removeonly
VAIO Launcher—>»C:Program FilesInstallShield Installation Information{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}setup.exe» -runfromtemp -l0x0019 -removeonly
Vaio Marketing Tools—>C:Program FilesSonyMarketing ToolsUninstaller.exe /bootstrap
VAIO Media 6.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{560F6B2E-F0DF-44E5-8190-A4A161F0E205}setup.exe» -l0x9 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2063C2E8-3812-4BBD-9998-6610F80C1DD4}Setup.exe» -l0x9 UNINSTALL
VAIO Media Content Collection 6.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{500162A0-4DD5-460A-BAFD-895AAE48C532}setup.exe» -l0x9 UNINSTALL -removeonly
VAIO Media Integrated Server 6.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{785EB1D4-ECEC-4195-99B4-73C47E187721}setup.exe» -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 6.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}setup.exe» -l0x9 UNINSTALL -removeonly
VAIO Media Registration Tool 6.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}setup.exe» -l0x9 UNINSTALL -removeonly
VAIO Movie Story Template Data—>C:Program FilesInstallShield Installation Information{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}setup.exe -runfromtemp -l0x0019 -removeonly
VAIO Movie Story—>C:Program FilesInstallShield Installation Information{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}setup.exe -runfromtemp -l0x0019 -removeonly
VAIO MusicBox Sample Music—>»C:Program FilesInstallShield Installation Information{98FC7A64-774B-49B5-B046-4B4EBC053FA9}setup.exe» -runfromtemp -l0x0019 -removeonly
VAIO MusicBox—>»C:Program FilesInstallShield Installation Information{4EA55D20-27FB-45D7-8726-147E8A5F6C62}setup.exe» -runfromtemp -l0x0019 -removeonly
VAIO Original Function Setting—>»C:Program FilesInstallShield Installation Information{A63E7492-A0BC-4BB9-89A7-352965222380}setup.exe» -runfromtemp -l0x0019 -removeonly
VAIO Power Management—>»C:Program FilesInstallShield Installation Information{802889F8-6AF5-45A5-9764-CA5B999E50FC}setup.exe» -runfromtemp -l0x0019 -removeonly
VAIO Smart Network—>»C:Program FilesInstallShield Installation Information{3B659FAD-E772-44A3-B7E7-560FF084669F}setup.exe» -runfromtemp -l0x0019 -removeonly
VAIO Update 3—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{48820099-ED7D-424B-890C-9A82EF00656D}setup.exe» -l0x19 -removeonly
VAIO Wallpaper Contents—>»C:Program FilesInstallShield Installation Information{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}setup.exe» -runfromtemp -l0x0019 -removeonly
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
WinDVD for VAIO—>C:Program FilesInstallShield Installation Information{20471B27-D702-4FE8-8DEC-0702CC8C0A85}setup.exe -runfromtemp -l0x0419
Декларация 2009—>»C:Program FilesДекларация 2009unins000.exe»
Печать НД с PDF417 3.0.9 (пакет)—>MsiExec.exe /I{476219D4-168B-4634-9A38-A5286BB3AFB5}
Программа «Восстановление данных VAIO»—>C:Program FilesInstallShield Installation Information{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}setup.exe -runfromtemp -l0x0019 -removeonly
Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS—>c:WindowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — russetup.exe======Security center information======
AV: ESET NOD32 Antivirus 4.0
AS: ESET NOD32 Antivirus 4.0
AS: Защитник Windows======System event log======
Computer Name: sony-ПК
Event Code: 4201
Message: Система обнаружила, что сетевой адаптер Подключение по локальной сети был подключен к сети, и инициировала нормальную работу через этот сетевой адаптер.
Record Number: 115930
Source Name: Tcpip
Time Written: 20100317164705.542000-000
Event Type: Сведения
User:Computer Name: sony-ПК
Event Code: 4201
Message: Система обнаружила, что сетевой адаптер Подключение по локальной сети был подключен к сети, и инициировала нормальную работу через этот сетевой адаптер.
Record Number: 115931
Source Name: Tcpip
Time Written: 20100317164705.542000-000
Event Type: Сведения
User:Computer Name: sony-ПК
Event Code: 121
Message: Port A is up with 100 Mbps
Record Number: 115932
Source Name: yukonwlh
Time Written: 20100317171324.964800-000
Event Type: Сведения
User:Computer Name: sony-ПК
Event Code: 4201
Message: Система обнаружила, что сетевой адаптер Подключение по локальной сети был подключен к сети, и инициировала нормальную работу через этот сетевой адаптер.
Record Number: 115933
Source Name: Tcpip
Time Written: 20100317171324.964800-000
Event Type: Сведения
User:Computer Name: sony-ПК
Event Code: 4201
Message: Система обнаружила, что сетевой адаптер Подключение по локальной сети был подключен к сети, и инициировала нормальную работу через этот сетевой адаптер.
Record Number: 115934
Source Name: Tcpip
Time Written: 20100317171324.964800-000
Event Type: Сведения
User:=====Application event log=====
Computer Name: sony-ПК
Event Code: 0
Message:
Record Number: 25318
Source Name: NMIndexingService
Time Written: 20100808121552.000000-000
Event Type: Сведения
User:Computer Name: sony-ПК
Event Code: 0
Message:
Record Number: 25319
Source Name: gupdate1ca04bc30c2d331
Time Written: 20100808121608.000000-000
Event Type: Сведения
User:Computer Name: sony-ПК
Event Code: 1
Message: Служба центра обеспечения безопасности Windows запущена.
Record Number: 25320
Source Name: SecurityCenter
Time Written: 20100808121752.000000-000
Event Type: Сведения
User:Computer Name: sony-ПК
Event Code: 1001
Message: Счетчики производительности для службы WmiApRpl (WmiApRpl) успешно удалены. Данные записи содержат новые значения разделов системного реестра Last Counter и Last Help.
Record Number: 25321
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100808122308.000000-000
Event Type: Сведения
User:Computer Name: sony-ПК
Event Code: 1000
Message: Cчетчики производительности для службы WmiApRpl (WmiApRpl) загружены успешно. Данные в секции данных содержат новые значения индексов, назначенные этой службе.
Record Number: 25322
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100808122309.000000-000
Event Type: Сведения
User:=====Security event log=====
Computer Name: sony-ПК
Event Code: 4907
Message: Изменились параметры аудита для объекта.Предмет:
Идентификатор безопасности: S-1-5-18
Имя учетной записи: SONY-ПК$
Домен учетной записи: WORKGROUP
Идентификатор входа: 0x3e7Объект:
Сервер объекта: Security
Тип объекта: File
Имя объекта: C:WindowsSystem32driversru-RUhttp.sys.mui
Идентификатор дескриптора: 0x1cСведения о процессе:
Идентификатор процесса: 0x8f8
Имя процесса: C:Windowswinsxsx86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0poqexec.exeПараметры аудита:
Исходный дескриптор безопасности:
Новый дескриптор безопасности: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 28186
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100304201132.005423-000
Event Type: Аудит выполнен успешно
User:Computer Name: sony-ПК
Event Code: 4907
Message: Изменились параметры аудита для объекта.Предмет:
Идентификатор безопасности: S-1-5-18
Имя учетной записи: SONY-ПК$
Домен учетной записи: WORKGROUP
Идентификатор входа: 0x3e7Объект:
Сервер объекта: Security
Тип объекта: File
Имя объекта: C:WindowsSystem32driversru-RUvolsnap.sys.mui
Идентификатор дескриптора: 0x1cСведения о процессе:
Идентификатор процесса: 0x8f8
Имя процесса: C:Windowswinsxsx86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0poqexec.exeПараметры аудита:
Исходный дескриптор безопасности:
Новый дескриптор безопасности: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 28187
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100304201132.083423-000
Event Type: Аудит выполнен успешно
User:Computer Name: sony-ПК
Event Code: 4907
Message: Изменились параметры аудита для объекта.Предмет:
Идентификатор безопасности: S-1-5-18
Имя учетной записи: SONY-ПК$
Домен учетной записи: WORKGROUP
Идентификатор входа: 0x3e7Объект:
Сервер объекта: Security
Тип объекта: File
Имя объекта: C:WindowsSystem32driversru-RUe1e6032.sys.mui
Идентификатор дескриптора: 0x1cСведения о процессе:
Идентификатор процесса: 0x8f8
Имя процесса: C:Windowswinsxsx86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0poqexec.exeПараметры аудита:
Исходный дескриптор безопасности:
Новый дескриптор безопасности: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 28188
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100304201132.145823-000
Event Type: Аудит выполнен успешно
User:Computer Name: sony-ПК
Event Code: 4907
Message: Изменились параметры аудита для объекта.Предмет:
Идентификатор безопасности: S-1-5-18
Имя учетной записи: SONY-ПК$
Домен учетной записи: WORKGROUP
Идентификатор входа: 0x3e7Объект:
Сервер объекта: Security
Тип объекта: File
Имя объекта: C:WindowsSystem32driversru-RUluafv.sys.mui
Идентификатор дескриптора: 0x1cСведения о процессе:
Идентификатор процесса: 0x8f8
Имя процесса: C:Windowswinsxsx86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0poqexec.exeПараметры аудита:
Исходный дескриптор безопасности:
Новый дескриптор безопасности: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 28189
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100304201132.177023-000
Event Type: Аудит выполнен успешно
User:Computer Name: sony-ПК
Event Code: 4907
Message: Изменились параметры аудита для объекта.Предмет:
Идентификатор безопасности: S-1-5-18
Имя учетной записи: SONY-ПК$
Домен учетной записи: WORKGROUP
Идентификатор входа: 0x3e7Объект:
Сервер объекта: Security
Тип объекта: File
Имя объекта: C:WindowsSystem32driversru-RUwdf01000.sys.mui
Идентификатор дескриптора: 0x1cСведения о процессе:
Идентификатор процесса: 0x8f8
Имя процесса: C:Windowswinsxsx86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0poqexec.exeПараметры аудита:
Исходный дескриптор безопасности:
Новый дескриптор безопасности: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 28190
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100304201132.177023-000
Event Type: Аудит выполнен успешно
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesRoxio SharedDLLShared;C:Program FilesCommon FilesRoxio Shared9.0DLLShared
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
«PROCESSOR_ARCHITECTURE»=x86
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«USERNAME»=SYSTEM
«windir»=%SystemRoot%
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«configsetroot»=%SystemRoot%ConfigSetRoot
«RoxioCentral»=C:Program FilesCommon FilesRoxio Shared9.0Roxio Central33
EOF
