- This topic has 9 ответов, 2 участника, and was last updated 15 years, 5 months назад by
.
-
Сообщения
-
Здравствуйте! Спасибо Вам за этот ресурс!
Итак, симптомы. Росли лавинообразно:
1) Не дает смотреть скрытые папки и файлы (только через поиск, и то, если только знаешь точное название папки или файла).
2) Не дает пользоваться кнопкой «Выполнить…» со всеми вытекающими последствиями.
3) Не запускается Hijackthis, удалось обманным путем (сменил расширение на com), но все равно ничего в нем не понял))
4) Лажает qip: по очереди отключаются то агент, то ася, то сам квип, то все вместе… пишет либо «связь прервана» либо «пользуются с другого компьютера».
5) Тормозит браузер. Последней каплей стало удаление автоматического входа на все ресурсы и ящики — просит заново ввести рег. данные и пароли (боязно). При этом в контакте загружается со странной нехарактерной анимацией слева сверху — бегающие шарики (обычно такие появляются при загрузке страницы на вкладках, а тут крупно сбоку прямо в окне). Тоже просит ввести логин и пароль… Не ввожу, сменил пароли, сижу с телефона.
6)Проверка QureIt запустилась с пятого раза и ничего не нашла. Каспер молчит.По порнухе не лазал, единственное, чем злоупотребляю — новостники. Но всегда был уверен — раз каспер стоит — можно серфить спокойно… Может что на флешке из универа припер…
Подскажите, вирус ли это? Или что другое?
Вот то, что выдал RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by ANT at 2010-03-02 03:46:55
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (13%) free of 12 GB
Total RAM: 1023 MB (43% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:57, on 02.03.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
C:WINDOWSsystem32CTsvcCDA.exe
C:Program FilesICQ6ToolbarICQ Service.exe
I:CA_LICLogWatNT.exe
C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe
C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32ups.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesYandexPunto Switcherpunto.exe
C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionTransportsNclIrSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclMSBTSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesQIP Infiuminfium.exe
C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klwtblfs.exe
C:Program FilesMozilla Firefoxfirefox.exe
I:RSIT.exe
C:Program FilesTrend MicroHijackThisANT.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = start.qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.windowsxlive.net
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsANTApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: Winamp Search Class — {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} — C:Program FilesWinamp Toolbarwinamptb.dll
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
R3 — URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} — — (no file)
O2 — BHO: XTTBPos00 — {055FD26D-3A88-4e15-963D-DC8493744B1D} — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Winamp Toolbar Loader — {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} — C:Program FilesWinamp Toolbarwinamptb.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Anti-Virus 2010ievkbd.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_01binssv.dll
O2 — BHO: Помощник по входу в Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Documents and SettingsANTApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar2.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 — BHO: link filter bho — {E33CF602-D945-461A-83F0-819F76A199F8} — C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klwtbbho.dll
O3 — Toolbar: PROMT — {FF284F5C-7CF9-4682-8701-D467C1DBB99F} — C:Program FilesPRMT6PRMTIEprmtie.dll
O3 — Toolbar: Easy-WebPrint — {327C2873-E90D-4c37-AA9D-10AC9BABA46C} — C:Program FilesCanonEasy-WebPrintToolband.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: (no name) — {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} — (no file)
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar2.dll
O3 — Toolbar: Winamp Toolbar — {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — C:Program FilesWinamp Toolbarwinamptb.dll
O3 — Toolbar: (no name) — {D4C56A33-3488-495B-8033-9BF834E276D8} — (no file)
O4 — HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [ISUSPM Startup] «C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe» -startup
O4 — HKLM..Run: [ISUSScheduler] «C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [LogitechQuickCamRibbon] «C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe» /hide
O4 — HKLM..Run: [NevoDRM] «C:Program FilesИгры от NevoSoftNevoDRMNevoDRM.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Anti-Virus 2010avp.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE»
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [PC Suite Tray] «C:Program FilesNokiaNokia PC Suite 7PCSuite.exe» -onlytray
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [] (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [] (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [] (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [] (User ‘Default user’)
O4 — Startup: Punto Switcher.lnk = C:Program FilesYandexPunto Switcherpunto.exe
O4 — Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O8 — Extra context menu item: &Winamp Search — C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Easy-WebPrint Add To Print List — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 — Extra context menu item: Easy-WebPrint High Speed Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 — Extra context menu item: Easy-WebPrint Preview — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 — Extra context menu item: Easy-WebPrint Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_01binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_01binssv.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:Program FilesMicrosoft ActiveSyncinetrepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:Program FilesMicrosoft ActiveSyncinetrepl.dll
O9 — Extra ‘Tools’ menuitem: Create Mobile Favorite… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:Program FilesMicrosoft ActiveSyncinetrepl.dll
O9 — Extra button: &Виртуальная клавиатура — {4248FE82-7FCB-46AC-B270-339F08212110} — C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klwtbbho.dll
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT6PRMTIEprmtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT6PRMTIEprmtie5.htm
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT6PRMTIEoptions.htm
O9 — Extra ‘Tools’ menuitem: Настройка перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT6PRMTIEoptions.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Проверка ссы&лок — {CCF151D8-D089-449F-A5A4-D9909053F20F} — C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klwtbbho.dll
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: QIP Infium — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIP Infiuminfium.exe (HKCU)
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O17 — HKLMSystemCCSServicesTcpip..{C1380026-0D59-45CF-8C48-951ED4EF6577}: NameServer = 80.70.224.2,80.70.224.4
O17 — HKLMSystemCCSServicesTcpip..{C50B6EB1-B17D-44BC-90A4-3C050E5DA265}: NameServer = 80.70.224.2,80.70.224.4
O17 — HKLMSystemCCSServicesTcpip..{E1814A5A-5CDA-40C8-806C-396411C24554}: NameServer = 80.70.224.2,80.70.224.4
O18 — Protocol: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — C:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll
O21 — SSODL: UpdateCheck — {0894318A-AFBB-4AF6-87B7-AB50773F1FD3} — (no file)
O23 — Service: Acronis Scheduler2 Service (AcrSch2Svc) — Acronis — C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Kaspersky Anti-Virus (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Anti-Virus 2010avp.exe
O23 — Service: Creative Service for CDROM Access — Creative Technology Ltd — C:WINDOWSsystem32CTsvcCDA.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Update Service (gupdate1c995afc65ce744) (gupdate1c995afc65ce744) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Irbis64_Service — Unknown owner — C:IRBIS64service_64.exe
O23 — Service: Event Log Watch (LogWatch) — Computer Associates — I:CA_LICLogWatNT.exe
O23 — Service: Remote HID Service (LvHidSvc) — Unknown owner — C:WINDOWSsystem32lvhidsvc.exe (file missing)
O23 — Service: Process Monitor (LVPrcSrv) — Logitech Inc. — C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
O23 — Service: LVSrvLauncher — Logitech Inc. — C:Program FilesCommon FilesLogiShrdSrvLnchSrvLnch.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
O23 — Service: SiSoftware Database Agent Service (SandraDataSrv) — SiSoftware — C:Program FilesSiSoftwareSiSoftware Sandra Pro Business XI.SP2Win32RpcDataSrv.exe
O23 — Service: SiSoftware Sandra Agent Service (SandraTheSrv) — SiSoftware — C:Program FilesSiSoftwareSiSoftware Sandra Pro Business XI.SP2RpcSandraSrv.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem01.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Unknown owner — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 15704 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksGoogleUpdateTaskMachineCore.job
C:WINDOWStasksGoogleUpdateTaskMachineUA.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-12-21 75200][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader — C:Program FilesWinamp Toolbarwinamptb.dll [2008-03-20 1267040][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Anti-Virus 2010ievkbd.dll [2009-10-20 68112][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_01binssv.dll [2007-03-14 501400][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу в Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class — C:Documents and SettingsANTApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-10-05 150768][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar2.dll [2007-01-19 2403392][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-10-11 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class — C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klwtbbho.dll [2009-10-20 268816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{FF284F5C-7CF9-4682-8701-D467C1DBB99F} — PROMT — C:Program FilesPRMT6PRMTIEprmtie.dll [2002-03-31 425984]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} — Easy-WebPrint — C:Program FilesCanonEasy-WebPrintToolband.dll [2004-08-26 405504]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-06-12 958712]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar2.dll [2007-01-19 2403392]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — Winamp Toolbar — C:Program FilesWinamp Toolbarwinamptb.dll [2008-03-20 1267040]
{D4C56A33-3488-495B-8033-9BF834E276D8}[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Logitech Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2005-05-20 28160]
«ISUSPM Startup»=C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe [2005-08-11 249856]
«ISUSScheduler»=C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-08-11 81920]
«LogitechQuickCamRibbon»=C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe [2009-05-08 2780432]
«NevoDRM»=C:Program FilesИгры от NevoSoftNevoDRMNevoDRM.exe [2008-12-01 111616]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2010-02-15 417792]
«AVP»=C:Program FilesKaspersky LabKaspersky Anti-Virus 2010avp.exe [2009-10-20 340456]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-12-22 35760]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2009-12-11 948672][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-04-01 486856]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE [2005-01-04 405583]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2009-10-09 25623336]
«PC Suite Tray»=C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2009-06-25 1414144][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcronis Scheduler2 Service]
C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe [2005-11-28 118784][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
C:WINDOWSALCMTR.EXE [2005-05-03 69632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcWzrd]
C:WINDOWSALCWZRD.EXE [2005-05-04 2805248][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUS Probe]
C:Program FilesASUSAsus ProbeAsusProb.exe [2002-12-06 617984][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATICCC]
C:Program FilesATI TechnologiesATI.ACECLIStart.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAtiPTA]
C:WINDOWSsystem32atiptaxx.exe [2006-02-22 344064][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBlaero Start Orb]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTSysVol]
C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe [2005-10-31 57344][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
C:Program FilesDAEMON Tools Litedaemon.exe [2008-04-01 486856][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]
E:daemon.exe [2004-08-22 81920][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregegui]
C:Program FilesESETESET NOD32 Antivirusegui.exe /hide /waitservice [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE [2005-01-04 405583][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHigh Definition Audio Property Page Shortcut]
C:WINDOWSsystem32HDAShCut.exe [2005-01-07 61952][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKleptomania]
C:PROGRA~1KLEPTO~1k-mania.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2006-05-18 49152][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
C:Program FilesLClockLClock.exe [2004-09-20 65536][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLDM]
C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe [2008-10-29 66864][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitech Hardware Abstraction Layer]
C:WINDOWSKHALMNPR.EXE [2005-05-20 28160][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitech Vid]
C:Program FilesLogitechLogitech Vidvid.exe [2009-06-02 5451536][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitechCommunicationsManager]
C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitechQuickCamRibbon]
C:Program FilesLogitechQuickCamQuickcam.exe /hide [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmsnmsgr]
C:Program FilesWindows LiveMessengermsnmsgr.exe [2009-02-06 3885408][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOpwareSE2]
C:Program FilesScanSoftOmniPageSE2.0OpwareSE2.exe [2003-05-08 49152][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregP17Helper]
Rundll32 P17.dll,P17Helper [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2009-06-25 1414144][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
C:Program FilesPunto Switcherpunto.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQIP.Online]
C:Program FilesQIP.Onlineqiponline.exe auto_start [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeqttask.exe [2010-02-15 417792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRecSche]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRoboForm]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregScanRegistry]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSIM]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2005-05-03 90112][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-08-01 61440][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStyler]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program FilesJavajre1.6.0_01binjusched.exe [2007-03-14 83608][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-11-12 68856][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrueImageMonitor.exe]
C:Program FilesAcronisTrueImageTrueImageMonitor.exe [2005-11-28 1005302][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdReg]
C:WINDOWSUpdReg.EXE [2000-05-11 90112][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregViOrb]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVista Sidebar]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregViStart]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVisualTooltip]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2008-01-16 37376][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinDVRCtrl]
[][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinpower]
C:Program FilesUpsPilotWinpower.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Logitech Desktop Messenger.lnk]
C:PROGRA~1LogitechDESKTO~18876480ProgramLOGITE~1.EXE [2008-10-29 66864][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Logitech SetPoint.lnk]
C:PROGRA~1LogitechSetPointSetPoint.exe [2005-05-25 450560][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
C:PROGRA~1AdobeACROBA~1.0ReaderREADER~1.EXE [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^ANT^Главное меню^Программы^Автозагрузка^Adobe Gamma.lnk]
C:PROGRA~1COMMON~1AdobeCALIBR~1ADOBEG~1.EXE [2005-03-16 113664][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^ANT^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2007-09-14 2902984][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^ANT^Главное меню^Программы^Автозагрузка^Yahoo! Widget Engine.lnk]
[]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Logitech SetPoint.lnk — C:Program FilesLogitechSetPointSetPoint.exeC:Documents and SettingsANTГлавное менюПрограммыАвтозагрузка
Punto Switcher.lnk — C:Program FilesYandexPunto Switcherpunto.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-09-24 143360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2009-10-20 219664][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2001-10-26 3584][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]
UpdateCheck — {0894318A-AFBB-4AF6-87B7-AB50773F1FD3}[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
relog_ap[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«DisableStatusMessages»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=149[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«E:_OLDИГРЫhltv.exe»=»E:_OLDИГРЫhltv.exe:*:Enabled:HLTV Launcher»
«C:totalcmdTOTALCMD.EXE»=»C:totalcmdTOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows»
«E:ИгрушкиYou Are Emptyyou_are_empty.exe»=»E:ИгрушкиYou Are Emptyyou_are_empty.exe:*:Enabled:ds2main»
«E:ИгрушкиS.T.A.L.K.E.RbinXR_3DA.exe»=»E:ИгрушкиS.T.A.L.K.E.RbinXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (CLI)»
«E:ИгрушкиS.T.A.L.K.E.RbindedicatedXR_3DA.exe»=»E:ИгрушкиS.T.A.L.K.E.RbindedicatedXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (SRV)»
«C:Documents and SettingsANTLocal SettingsTempRar$EX11.484CS16_v27_CZhl.exe»=»C:Documents and SettingsANTLocal SettingsTempRar$EX11.484CS16_v27_CZhl.exe:*:Enabled:Half-Life Launcher»
«E:ИгрушкиS.T.A.L.K.E.RS.T.A.L.K.E.RbinXR_3DA.exe»=»E:ИгрушкиS.T.A.L.K.E.RS.T.A.L.K.E.RbinXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (CLI)»
«E:ИгрушкиS.T.A.L.K.E.RS.T.A.L.K.E.RbindedicatedXR_3DA.exe»=»E:ИгрушкиS.T.A.L.K.E.RS.T.A.L.K.E.RbindedicatedXR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (SRV)»
«C:Program FilesSIMsim.exe»=»C:Program FilesSIMsim.exe:*:Enabled:sim»
«C:Program FilesFlylinkDC++FlylinkDC.exe»=»C:Program FilesFlylinkDC++FlylinkDC.exe:*:Enabled:FlylinkDC++»
«E:TDUTestDriveUnlimited.exe»=»E:TDUTestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited»
«C:Program FilesSiSoftwareSiSoftware Sandra Pro Business XI.SP2Win32RpcDataSrv.exe»=»C:Program FilesSiSoftwareSiSoftware Sandra Pro Business XI.SP2Win32RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service»
«C:Program FilesSiSoftwareSiSoftware Sandra Pro Business XI.SP2RpcSandraSrv.exe»=»C:Program FilesSiSoftwareSiSoftware Sandra Pro Business XI.SP2RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service»
«E:UT2004SystemUT2004.exe»=»E:UT2004SystemUT2004.exe:*:Enabled:ut2004»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesTotal CommanderTotalcmd.exe»=»C:Program FilesTotal CommanderTotalcmd.exe:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup FilesKaspersky Internet Security 7.0.1.325Russiansetup.exe»=»C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup FilesKaspersky Internet Security 7.0.1.325Russiansetup.exe:*:Enabled:Программа установки Kaspersky Internet Security 7.0»
«C:Program FilesTeam MediaPortalMediaPortal TV ServerTvService.exe»=»C:Program FilesTeam MediaPortalMediaPortal TV ServerTvService.exe:LocalSubNet:Enabled:MediaPortal TV Server»
«C:Program FilesTeam MediaPortalMediaPortalMediaPortal.exe»=»C:Program FilesTeam MediaPortalMediaPortalMediaPortal.exe:LocalSubNet:Enabled:MediaPortal»
«E:CropppspuTorrent.exe»=»E:CropppspuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilessinaSAPSAPlatform.exe»=»C:Program FilessinaSAPSAPlatform.exe:*:Enabled:SAPlatform.exe»
«C:Program FilesQIP Infiuminfium.exe»=»C:Program FilesQIP Infiuminfium.exe:*:Enabled:QIP Infium»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:*:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:*:Enabled:ActiveSync Application»
«C:Program FilesVideoLANVLCvlc.exe»=»C:Program FilesVideoLANVLCvlc.exe:*:Enabled:VLC media player»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«I:Garminrsync.exe»=»I:Garminrsync.exe:*:Enabled:rsync»
«C:Program FilesMozilla Firefoxfirefox.exe»=»C:Program FilesMozilla Firefoxfirefox.exe:*:Enabled:Firefox»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«E:QUAKElllquake3.exe»=»E:QUAKElllquake3.exe:*:Enabled:quake3»
«C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe»=»C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process «
«C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe»=»C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe:*:Enabled:Nokia Software Updater»
«C:Program FilesLogitechLogitech VidVid.exe»=»C:Program FilesLogitechLogitech VidVid.exe:*:Enabled:Logitech Vid»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{060620e2-0fa9-11dd-b912-00195b313909}]
shellAutoRuncommand — M:
shellopencommand — rundll32.exe .\dnlay.dll,InstallM[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{11492b60-5f94-11de-bcb0-00195b313909}]
shellAutoRuncommand — M:
shellopencommand — rundll32.exe .\vdvdbg.dll,InstallM[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{11492b61-5f94-11de-bcb0-00195b313909}]
shellAutoRuncommand — N:
shellopencommand — rundll32.exe .\vrrifier.dll,InstallM[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{936333b0-e6b6-11db-96e5-0013d4a86ecc}]
shellAutoRuncommand — N:
shellopencommand — rundll32.exe .\cdbblangfr.dll,InstallM[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{96d12cc0-4cfd-11dc-b6e2-00195b313909}]
shellAutoRuncommand — M:
shellopencommand — rundll32.exe .\cfgbkenm.dll,InstallM[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b93cfc18-ead2-11db-96f9-0013d4a86ecc}]
shellAutoRuncommand — K:
shellopencommand — rundll32.exe .\jti2evxx.dll,InstallM[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{cdc76658-0b9f-11dc-b644-806d6172696f}]
shellAutoRuncommand — I:INSTALL.EXE[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d348f53c-54e0-11de-bc91-00195b313909}]
shellAutoRuncommand — L:
shellopencommand — rundll32.exe .\pstorea.dll,InstallM======File associations======
.bat — edit — %SystemRoot%System32NOTEPAD.EXE %1″
.ini — open — %SystemRoot%System32NOTEPAD.EXE %1″======List of files/folders created in the last 1 months======
2010-03-02 03:46:11 —-D—- C:rsit
2010-03-02 02:46:01 —-D—- C:Program FilesTrend Micro
2010-03-02 01:34:05 —-A—- C:WINDOWSsystem32AVSredirect.dll
2010-03-02 01:33:31 —-RSH—- C:WINDOWSsystem32nbDX.dll
2010-03-02 01:33:31 —-RSH—- C:WINDOWSsystem32msfDX.dll
2010-03-02 01:33:30 —-RSH—- C:WINDOWSsystem32flvDX.dll
2010-03-02 01:33:24 —-D—- C:Program FileseRightSoft
2010-03-01 18:20:24 —-D—- C:Documents and SettingsAll UsersApplication DataSecTaskMan
2010-03-01 18:20:17 —-D—- C:Program FilesSecurity Task Manager
2010-03-01 00:47:56 —-D—- C:Documents and SettingsANTApplication DataApple Computer
2010-02-23 01:11:24 —-D—- C:Program FilesQuickTime
2010-02-23 01:11:22 —-D—- C:Documents and SettingsAll UsersApplication DataApple Computer
2010-02-23 01:11:00 —-D—- C:Program FilesCommon FilesApple
2010-02-23 01:10:39 —-D—- C:Program FilesApple Software Update
2010-02-23 01:10:38 —-D—- C:Documents and SettingsAll UsersApplication DataApple
2010-02-23 00:51:00 —-D—- C:Новая папка
2010-02-23 00:50:35 —-D—- C:Partyman
2010-02-08 01:20:34 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2010-02-08 00:42:56 —-A—- C:WINDOWSModemLog_Nokia E90 Communicator USB Modem #2.txt======List of files/folders modified in the last 1 months======
2010-03-02 03:11:42 —-D—- C:Program FilesMozilla Firefox
2010-03-02 03:11:35 —-D—- C:WINDOWSsystem32drivers
2010-03-02 03:11:05 —-D—- C:WINDOWSsystem32config
2010-03-02 03:11:03 —-D—- C:WINDOWSsystem32CatRoot2
2010-03-02 03:10:59 —-D—- C:WINDOWSsystem32
2010-03-02 02:46:01 —-RD—- C:Program Files
2010-03-02 02:28:53 —-D—- C:WINDOWSTemp
2010-03-02 01:34:36 —-D—- C:WINDOWS
2010-03-02 01:33:46 —-RSD—- C:WINDOWSFonts
2010-03-02 01:26:32 —-A—- C:WINDOWSNeroDigital.ini
2010-03-01 23:48:26 —-D—- C:Documents and SettingsANTApplication DataSkype
2010-03-01 22:27:56 —-D—- C:WINDOWSPrefetch
2010-03-01 16:06:24 —-D—- C:Documents and SettingsANTApplication DataskypePM
2010-03-01 09:16:26 —-A—- C:WINDOWSSchedLgU.Txt
2010-03-01 08:51:28 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2010-03-01 08:50:33 —-SHD—- C:Config.Msi
2010-03-01 02:35:29 —-SHD—- C:WINDOWSInstaller
2010-03-01 02:35:05 —-D—- C:Program FilesCommon FilesAdobe
2010-03-01 02:34:54 —-D—- C:Program FilesAdobe
2010-03-01 02:30:31 —-D—- C:WINDOWSWinSxS
2010-02-28 02:51:02 —-D—- C:Documents and SettingsANTApplication DataCanon
2010-02-25 23:45:04 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2010-02-23 01:12:00 —-D—- C:Program FilesInternet Explorer
2010-02-23 01:11:00 —-D—- C:Program FilesCommon Files
2010-02-23 01:10:45 —-SD—- C:WINDOWSTasks
2010-02-22 01:43:12 —-D—- C:Program FilesBengal
2010-02-20 18:02:25 —-D—- C:Program FilesATI
2010-02-20 17:58:41 —-D—- C:Program FilesATI Technologies
2010-02-19 01:38:46 —-D—- C:Program FilesKaspersky Lab
2010-02-08 01:27:25 —-SHD—- C:System Volume Information
2010-02-08 01:22:26 —-D—- C:WINDOWSsystem32CatRoot
2010-02-08 01:21:48 —-HD—- C:WINDOWSinf
2010-02-08 00:56:53 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2010-02-07 23:00:26 —-D—- C:Program FilesGoogle======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aslm75;aslm75; ??C:WINDOWSsystem32driversaslm75.sys []
R1 atitray;atitray; ??C:Program FilesRadeon Omega Driversv3.8.330ATI Tray Toolsatitray.sys []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R1 kl1;Kl1; ??C:WINDOWSsystem32driverskl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2010-02-08 315408]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-11-25 54368]
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2004-08-03 87424]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-10-20 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-10-20 55936]
R2 tifsfilter;Acronis TrueImage FS Filter; C:WINDOWSsystem32DRIVERStifsfilt.sys [2007-03-24 30688]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-09-24 3331072]
R3 Cap7134;VideoWonder ProTV WDM Video Capture; C:WINDOWSsystem32DRIVERSTVCap.sys [2004-06-29 307712]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:WINDOWSsystem32DRIVERSctsfm2k.sys [2005-01-10 138752]
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSdlkfet5b.sys [2005-01-19 43008]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2005-05-04 2951680]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:WINDOWSsystem32DRIVERSklmouflt.sys [2009-10-02 19472]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLHidKE.Sys [2005-05-20 25600]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLMouKE.Sys [2005-05-20 68352]
R3 LVPr2Mon;LVPr2Mon Driver; C:WINDOWSsystem32DriversLVPr2Mon.sys [2009-04-30 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:WINDOWSsystem32DRIVERSlvrs.sys [2009-05-01 265496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys [2008-12-17 41752]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 ossrv;Creative OS Services Driver; C:WINDOWSsystem32DRIVERSctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:WINDOWSsystem32driversP17.sys [2005-07-07 1389056]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2007-03-29 47360]
R3 pepifilter;Volume Adapter; C:WINDOWSsystem32DRIVERSlv302af.sys [2009-05-01 13976]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2004-04-01 10368]
R3 PhTVTune;VideoWonder ProTV WDM TVTuner; C:WINDOWSsystem32DRIVERSSilicon.sys [2004-06-30 21888]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:WINDOWSsystem32DRIVERSLV302V32.SYS [2009-05-01 2687512]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 Tetris;Tetris driver; C:WINDOWSSystem32DriversTetris.sys [2007-08-30 48928]
R3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2004-10-27 223104]
S3 a4fmfh1m;a4fmfh1m; C:WINDOWSsystem32driversa4fmfh1m.sys []
S3 a7fwz1o1;a7fwz1o1; C:WINDOWSsystem32driversa7fwz1o1.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversHdAudio.sys [2005-01-07 145920]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:WINDOWSsystem32DRIVERSL8042Kbd.sys [2005-05-20 13056]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:WINDOWSsystem32DRIVERSL8042mou.Sys [2005-05-20 54528]
S3 MA-620;Mobile Action MA-620 USB Infrared Adapter; C:WINDOWSsystem32DRIVERSMA-620.sys [2003-03-25 27136]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:WINDOWSsystem32DRIVERSMSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:WINDOWSsystem32driversnmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:WINDOWSsystem32driversnmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; ??C:WINDOWSsystem32DRIVERSTVICHW32.SYS []
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2004-12-06 104064]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-01-18 83328]
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-17 73472]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-20 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:Program FilesCommon FilesAcronisSchedule2schedul2.exe [2005-11-28 172032]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-09-24 581632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:WINDOWSsystem32CTsvcCDA.exe [1999-12-12 44032]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-06-10 222456]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R2 LogWatch;Event Log Watch; I:CA_LICLogWatNT.exe [2005-02-23 53248]
R2 LVPrcSrv;Process Monitor; C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe [2009-04-30 154136]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe [2007-02-10 29178224]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2007-11-08 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2005-08-08 167936]
R2 SQLBrowser;SQL Server Browser; C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe [2007-02-10 89968]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2009-06-02 637952]
S02000000 OMSCAN;OMSCAN; Sys []
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-09-23 593920]
S2 AVP;Kaspersky Anti-Virus; C:Program FilesKaspersky LabKaspersky Anti-Virus 2010avp.exe [2009-10-20 340456]
S2 gupdate1c995afc65ce744;Google Update Service (gupdate1c995afc65ce744); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-02-23 133104]
S2 LvHidSvc;Remote HID Service; C:WINDOWSsystem32lvhidsvc.exe []
S2 LVSrvLauncher;LVSrvLauncher; C:Program FilesCommon FilesLogiShrdSrvLnchSrvLnch.exe [2008-07-26 141848]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:WINDOWSsystem32sfrem01.exe [2006-07-05 358008]
S2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe []
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2007-04-06 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-11-08 138168]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 Irbis64_Service;Irbis64_Service; C:IRBIS64service_64.exe [2005-12-13 448512]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:Program FilesSiSoftwareSiSoftware Sandra Pro Business XI.SP2Win32RpcDataSrv.exe [2007-05-01 131256]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:Program FilesSiSoftwareSiSoftware Sandra Pro Business XI.SP2RpcSandraSrv.exe [2007-05-01 1319088]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:Program FilesMicrosoft SQL Server90Sharedsqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Судя по логу, наиболее вероятно троян пришёл с флешки.
Нужна дополнительная проверка.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
ComboFix 10-03-04.01 — ANT 04.03.2010 22:15:58.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.1023.647 [GMT 3:00]
Running from: c:documents and settingsANTРабочий столComboFix.exe
Command switches used :: c:documents and settingsANTРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Антивирус Касперского *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Resident AV is active.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:documents and settingsANTApplication DataMicrosoftInternet ExplorerqiPSearchbar.dll
c:documents and settingsANTЊ®Ё ¤®Єг¬Ґвлcc_20100112_1507.reg
c:documents and settingsANTЊ®Ё ¤®Єг¬Ґвлcc_20100113_1824.reg
c:program filesFieryAds
C:Thumbs.db
c:windowsEventSystem.log
c:windowssystem32914366171.dat
c:windowssystem32AVSredirect.dll
c:windowssystem32Chip.dll
c:windowssystem32Data
c:windowssystem32eebbecbf1_z.dll
c:windowssystem32lowsec
c:windowssystem32lowseclocal.ds
c:windowssystem32lowsecuser.ds
c:windowssystem32mswmpdat.tlb
c:windowssystem32noruns.reg
c:windowssystem32Pvt.tmp
c:windowssystem32Thumbs.db
c:windowssystem32VB6KO.DLL
c:windowssystem32winlogon.bak
c:windowssystem32winview.ocx
c:windowssystem32wmcache.nld
c:windowswiaservim.log
E:install.exe
E:Uninstall.exe
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
c:windowssystem32winlogon.exe . . . is infected!!.
((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.2010-03-02 00:46 . 2010-03-02 00:46
d
w- C:rsit
2010-03-01 23:46 . 2010-03-01 23:46
d
w- c:program filesTrend Micro
2010-03-01 22:33 . 2008-03-16 13:30 216064 —sh—r- c:windowssystem32nbDX.dll
2010-03-01 22:33 . 2007-02-21 11:47 31232 —sh—r- c:windowssystem32msfDX.dll
2010-03-01 22:33 . 2006-05-03 10:06 163328 —sh—r- c:windowssystem32flvDX.dll
2010-03-01 22:33 . 2010-03-01 22:33
d
w- c:program fileseRightSoft
2010-02-28 21:47 . 2010-02-28 21:47
d
w- c:documents and settingsANTApplication DataApple Computer
2010-02-27 11:05 . 2010-02-27 11:05
d
w- c:documents and settingsNetworkServiceLocal SettingsApplication DataApple
2010-02-22 22:11 . 2010-02-22 22:11
d
w- c:program filesQuickTime
2010-02-22 22:11 . 2010-02-22 22:11
d
w- c:documents and settingsAll UsersApplication DataApple Computer
2010-02-22 22:11 . 2010-02-22 22:11
d
w- c:program filesCommon FilesApple
2010-02-22 22:10 . 2010-02-22 22:10
d
w- c:documents and settingsANTLocal SettingsApplication DataApple
2010-02-22 22:10 . 2010-02-22 22:10
d
w- c:program filesApple Software Update
2010-02-22 22:10 . 2010-02-22 22:10
d
w- c:documents and settingsAll UsersApplication DataApple
2010-02-22 22:10 . 2010-02-22 22:10
d
w- c:documents and settingsANTLocal SettingsApplication DataApple Computer
2010-02-22 21:51 . 2010-02-22 21:51
d
w- C:Новая папка
2010-02-22 21:50 . 2010-02-22 21:50
d
w- C:Partyman
2010-02-22 21:50 . 2010-02-22 21:50
d
w- c:documents and settingsANTНовая папка
2010-02-22 21:47 . 2010-02-22 21:47
d
w- c:documents and settingsANTHardbass Partyman
2010-02-07 22:33 . 2010-02-07 22:33 109072 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilesrollbackpatchAutoPatcheskav9exec9.0.0.736mzvkbd3.dll
2010-02-07 22:33 . 2010-02-07 22:33 80400 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilesrollbackpatchAutoPatcheskav9exec9.0.0.736fssync.dll
2010-02-07 22:33 . 2010-02-07 22:33 315408 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilesrollbackpatchAutoPatcheskav9exec9.0.0.736sysi3865.1klif.sys
2010-02-07 22:33 . 2010-02-07 22:33 109072 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav9exec9.0.0.736mzvkbd3.dll
2010-02-07 22:33 . 2010-02-07 22:33 80400 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav9exec9.0.0.736fssync.dll
2010-02-07 22:33 . 2010-02-07 22:33 315408 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav9exec9.0.0.736sysi3865.1klif.sys
2010-02-07 22:22 . 2010-02-07 22:22 108059 —-a-w- c:windowssystem32driversklin.dat
2010-02-07 22:22 . 2010-02-07 22:22 95259 —-a-w- c:windowssystem32driversklick.dat
2010-02-07 22:20 . 2010-03-04 19:27
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 19:28 . 2008-07-06 08:46
d
w- c:documents and settingsANTApplication DataSkype
2010-03-04 18:06 . 2008-07-06 08:49
d
w- c:documents and settingsANTApplication DataskypePM
2010-03-01 15:28 . 2010-03-01 15:20
d
w- c:program filesSecurity Task Manager
2010-03-01 15:28 . 2010-03-01 15:20
d
w- c:documents and settingsAll UsersApplication DataSecTaskMan
2010-02-28 23:35 . 2007-03-24 15:12
d
w- c:program filesCommon FilesAdobe
2010-02-27 23:51 . 2007-04-30 19:16
d
w- c:documents and settingsANTApplication DataCanon
2010-02-25 20:45 . 2007-11-25 08:37
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-02-23 10:04 . 2007-05-11 19:56 1157544 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-02-21 22:43 . 2008-04-13 13:59
d
w- c:program filesBengal
2010-02-20 15:02 . 2008-11-06 18:42
d
w- c:program filesATI
2010-02-20 14:58 . 2007-04-10 21:23
d
w- c:program filesATI Technologies
2010-02-18 22:38 . 2008-05-11 21:06
d
w- c:program filesKaspersky Lab
2010-02-18 22:37 . 2009-04-17 20:20 119808 -csha-w- c:program filesThumbs.db
2010-02-07 21:56 . 2008-05-11 20:59
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2010-02-07 20:00 . 2007-08-15 17:43
d
w- c:program filesGoogle
2010-01-22 07:36 . 2008-07-27 21:30
d
w- c:documents and settingsANTApplication DatauTorrent
2010-01-13 15:42 . 2009-10-14 22:01
d
w- c:program filesDrWeb
2010-01-13 15:39 . 2007-03-24 13:16
d—h—w- c:program filesInstallShield Installation Information
2010-01-13 15:08 . 2009-03-03 20:03 1324 —-a-w- c:windowssystem32d3d9caps.dat
2010-01-12 12:06 . 2010-01-12 12:06
d
w- c:program filesCCleaner
2010-01-12 11:18 . 2010-01-12 11:18
d
w- c:program filesAvira
2010-01-11 21:11 . 2008-11-11 23:15
d
w- c:program filesQIP Infium
2009-12-23 17:18 . 2009-12-23 17:18 4286 —-a-r- c:documents and settingsANTApplication DataMicrosoftInstaller{744CC3A3-431B-4FCB-A1FC-B115AB5BB359}ARPPRODUCTICON.exe
2009-12-23 17:18 . 2009-12-23 17:18 40960 —-a-r- c:documents and settingsANTApplication DataMicrosoftInstaller{744CC3A3-431B-4FCB-A1FC-B115AB5BB359}Zemble.exe_744CC3A3431B4FCBA1FCB115AB5BB359.exe
2009-12-23 10:35 . 2009-12-23 10:34 231817 —-a-w- c:program filesUninst.isu
2009-12-14 13:37 . 2009-12-14 13:37 36864 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}InstallerCommonCustomActionsSleep.exe
2009-12-14 13:37 . 2009-12-14 13:37 3351812 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}InstallerCommonCustomActionsmsxml6Exec.exe
2009-12-14 13:37 . 2009-12-14 13:37 3203453 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}InstallerCommonCustomActionsvcredistExec.exe
2009-12-10 22:16 . 2001-10-20 16:00 528974 —-a-w- c:windowssystem32perfh019.dat
2009-12-10 22:16 . 2001-10-20 16:00 101150 —-a-w- c:windowssystem32perfc019.dat
2009-12-09 23:27 . 2009-12-09 23:27 95232 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionspcswpcsi.exe
2009-12-09 23:27 . 2009-12-09 23:27 8192 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstCCD.exe
2009-12-09 23:27 . 2009-12-09 23:27 61440 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstPCSFEMsi.exe
2009-12-09 23:27 . 2009-12-09 23:27 10240 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstPCS.exe
2009-12-09 23:25 . 2009-12-09 23:27 34045136 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}Nokia_PC_Suite_7_1_30_9_rus_web.exe
2009-08-04 17:56 . 2009-09-24 09:20 416 -c—a-w- c:program filesfile_id.diz
2007-09-18 10:49 . 2009-04-17 20:20 36153 -c—a-w- c:program filesscrdoc_r.htm
2007-09-18 10:42 . 2009-04-17 20:20 22683 -c—a-w- c:program filesscrdoc_e.htm
2007-09-18 09:40 . 2009-04-17 20:20 960 -c—a-w- c:program filesReadme_E.txt
2007-09-18 09:38 . 2009-04-17 20:20 30208 -c—a-w- c:program filesReadme_R.doc
2007-09-18 09:38 . 2009-04-17 20:20 931 -c—a-w- c:program filesReadme_R.txt
2007-09-18 09:07 . 2009-04-17 20:20 2245 -c—a-w- c:program filesbrowse_r.htm
2007-09-18 09:06 . 2009-04-17 20:20 2170 -c—a-w- c:program filesbrowse_e.htm
2007-09-18 09:04 . 2009-04-17 20:20 18116 -c—a-w- c:program filesscreen_e.htm
2007-09-18 09:04 . 2009-04-17 20:20 23243 -c—a-w- c:program filesscreen_r.htm
2007-09-17 17:41 . 2009-04-17 20:20 5229 -c—a-w- c:program filesstd_rutw.png
2007-09-17 17:41 . 2009-04-17 20:20 4713 -c—a-w- c:program filesstd_ukr.png
2007-09-17 17:41 . 2009-04-17 20:20 4625 -c—a-w- c:program filesstd_ru.png
2007-09-17 17:41 . 2009-04-17 20:20 4594 -c—a-w- c:program filesyazhert.png
2007-09-17 17:41 . 2009-04-17 20:20 4897 -c—a-w- c:program filesyaschert.png
2007-09-17 17:41 . 2009-04-17 20:20 4830 -c—a-w- c:program filesyashert3.png
2007-09-17 17:41 . 2009-04-17 20:20 4727 -c—a-w- c:program filesyawert2.png
2007-09-17 17:41 . 2009-04-17 20:20 4688 -c—a-w- c:program filesyashert2.png
2007-09-17 17:41 . 2009-04-17 20:20 4593 -c—a-w- c:program filesyashert.png
2007-09-17 17:41 . 2009-04-17 20:20 4571 -c—a-w- c:program filesstudent.png
2007-09-17 17:41 . 2009-04-17 20:20 4558 -c—a-w- c:program filesyawert.png
2007-09-17 17:41 . 2009-04-17 20:20 4538 -c—a-w- c:program filesyazh_ukr.png
2007-09-17 17:40 . 2009-04-17 20:20 4923 -c—a-w- c:program filesyazhert3.png
2007-09-17 17:40 . 2009-04-17 20:20 4580 -c—a-w- c:program filesyazhert2.png
2007-09-17 17:40 . 2009-04-17 20:20 4556 -c—a-w- c:program filesyayuertj.png
2007-09-17 17:24 . 2009-04-17 20:20 4846 -c—a-w- c:program filesalphabet.png
2007-04-08 15:57 . 2009-04-17 20:20 50350 -c—a-w- c:program filescvtnonus.js
2007-04-06 13:41 . 2009-04-17 20:20 49567 -c—a-w- c:program filescvt.js
2007-04-06 13:18 . 2009-04-17 20:20 12188 -c—a-w- c:program filescvtnon_e.js
2006-10-03 08:35 . 2009-04-17 20:20 9191 -c—a-w- c:program filesvOpera_r.htm
2006-10-02 13:59 . 2009-04-17 20:20 268 -c—a-w- c:program filesardn1.png
2006-10-02 13:59 . 2009-04-17 20:20 274 -c—a-w- c:program filessmile.png
2006-10-02 11:03 . 2009-04-17 20:20 459 -c—a-w- c:program filesgo_e.png
2006-10-02 11:03 . 2009-04-17 20:20 456 -c—a-w- c:program filesgo_r.png
2006-10-02 11:03 . 2009-04-17 20:20 2673 -c—a-w- c:program filescyr-late.png
2006-10-02 11:03 . 2009-04-17 20:20 2542 -c—a-w- c:program filescyr-lat.png
2006-10-02 11:03 . 2009-04-17 20:20 1389 -c—a-w- c:program filesmain_r.png
2006-10-02 11:03 . 2009-04-17 20:20 1369 -c—a-w- c:program filesmain_e.png
2006-09-14 15:43 . 2009-04-17 20:20 318 -c—a-w- c:program filesvkb.ico
2006-04-07 09:14 . 2009-04-17 20:20 4670 -c—a-w- c:program filesutil.js
2009-10-05 15:34 . 2010-01-11 21:11 118000 —-a-w- c:program filesmozilla firefoxcomponentsqippipe.dll
2006-05-03 10:06 . 2010-03-01 22:33 163328 —sh—r- c:windowssystem32flvDX.dll
2009-11-30 07:23 . 2009-06-19 21:22 3140 —sha-w- c:windowssystem32KGyGaAvL.sys
2007-02-21 11:47 . 2010-03-01 22:33 31232 —sh—r- c:windowssystem32msfDX.dll
2008-03-16 13:30 . 2010-03-01 22:33 216064 —sh—r- c:windowssystem32nbDX.dll
.
Sigcheck
[-] 2004-08-03 . C1783498EDB152656303B5D5BCABD86C . 359040 . . [5.1.2600.2180] . . c:windowssystem32dllcachetcpip.sys
[-] 2004-08-03 . C1783498EDB152656303B5D5BCABD86C . 359040 . . [5.1.2600.2180] . . c:windowssystem32driverstcpip.sys[-] 2007-03-24 . BC260ED748748149DB05B29B256A0500 . 503808 . . [5.1.2600.2180] . . c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}»= «c:program filesWinamp Toolbarwinamptb.dll» [2008-03-19 1267040][HKEY_CLASSES_ROOTclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-04-01 486856]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-10-09 25623336]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-06-25 1414144][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Logitech Hardware Abstraction Layer»=»KHALMNPR.EXE» [2005-05-20 28160]
«ISUSPM Startup»=»c:program filesCommon FilesInstallShieldUpdateServiceisuspm.exe» [2005-08-11 249856]
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2005-08-11 81920]
«LogitechQuickCamRibbon»=»c:program filesLogitechLogitech WebCam SoftwareLWS.exe» [2009-05-08 2780432]
«NevoDRM»=»c:program filesИгры от NevoSoftNevoDRMNevoDRM.exe» [2008-12-01 111616]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2010-02-15 417792]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2010avp.exe» [2009-10-20 340456]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-12-21 35760]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2009-12-11 948672][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsANTѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Punto Switcher.lnk — c:program filesYandexPunto Switcherpunto.exe [2009-9-30 831272]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Logitech SetPoint.lnk — c:program filesLogitechSetPointSetPoint.exe [2007-5-15 450560][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«UIHost»=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionimage file execution optionsavp.com]
«Debugger»=ntsd -d[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Logitech Desktop Messenger.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаLogitech Desktop Messenger.lnk
backup=c:windowspssLogitech Desktop Messenger.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Logitech SetPoint.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаLogitech SetPoint.lnk
backup=c:windowspssLogitech SetPoint.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
backup=c:windowspssУскоренный запуск Adobe Reader.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^ANT^Главное меню^Программы^Автозагрузка^Adobe Gamma.lnk]
backup=c:windowspssAdobe Gamma.lnkStartup[HKLM~startupfolderC:^Documents and Settings^ANT^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
backup=c:windowspssTotal Commander.lnkStartup[HKLM~startupfolderC:^Documents and Settings^ANT^Главное меню^Программы^Автозагрузка^Yahoo! Widget Engine.lnk]
backup=c:windowspssYahoo! Widget Engine.lnkStartup
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBlaero Start Orb
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRecSche
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRoboForm
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregScanRegistry
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSIM
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStyler
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregViOrb
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVista Sidebar
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregViStart
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVisualTooltip
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinDVRCtrl[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcronis Scheduler2 Service]
2005-11-28 12:01 118784 -c—a-w- c:program filesCommon FilesAcronisSchedule2schedhlp.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
2005-05-03 10:43 69632 -c—a-w- c:windowsALCMTR.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcWzrd]
2005-05-04 02:01 2805248 -c—a-w- c:windowsALCWZRD.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUS Probe]
2002-12-06 13:07 617984 -c—a-w- c:program filesASUSAsus ProbeAsusProb.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAtiPTA]
2006-02-22 00:05 344064 -c—a-w- c:windowssystem32atiptaxx.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
2004-08-17 13:04 15360
w- c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTSysVol]
2005-10-31 07:51 57344 -c—-w- c:program filesCreativeSBAudigySurround MixerCTSysVol.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
2008-04-01 09:39 486856 —-a-w- c:program filesDAEMON Tools Litedaemon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]
2004-08-22 13:05 81920 —-a-w- E:daemon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
2005-01-04 08:50 405583 —-a-w- c:program filesMicrosoft ActiveSyncwcescomm.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHigh Definition Audio Property Page Shortcut]
2005-01-07 14:07 61952 -c—-w- c:windowssystem32HdAShCut.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
2006-05-18 07:29 49152 -c—a-w- c:program filesCyberLinkPowerDVDLanguageLanguage.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
2004-09-19 21:27 65536 -c—a-w- c:program filesLClockLClock.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLDM]
2008-10-29 19:53 66864 -c—a-w- c:program filesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitech Hardware Abstraction Layer]
2005-05-20 10:46 28160 —-a-w- c:windowsKHALMNPR.Exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitech Vid]
2009-06-02 04:59 5451536 —-a-w- c:program filesLogitechLogitech VidVid.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2004-08-17 13:17 1667584
w- c:program filesMessengermsmsgs.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmsnmsgr]
2009-02-06 14:50 3885408 —-a-w- c:program filesWindows LiveMessengermsnmsgr.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2001-07-09 07:50 155648 -c—a-w- c:windowssystem32NeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOpwareSE2]
2003-05-08 07:00 49152 -c—a-w- c:program filesScanSoftOmniPageSE2.0opwareSE2.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregP17Helper]
2005-05-03 11:38 64512 -c—a-r- c:windowssystem32P17.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
2009-06-25 12:12 1414144 —-a-w- c:program filesNokiaNokia PC Suite 7PCSuite.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2010-02-15 15:50 417792 —-a-w- c:program filesQuickTimeQTTask.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
2005-05-03 10:43 90112 -c—a-w- c:windowsSOUNDMAN.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
2008-08-01 12:23 61440 -c—a-w- c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2007-03-13 23:43 83608 -c—a-w- c:program filesJavajre1.6.0_01binjusched.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
2007-11-12 18:09 68856 -c—a-w- c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrueImageMonitor.exe]
2005-11-28 12:01 1005302 -c—a-w- c:program filesAcronisTrueImageTrueImageMonitor.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdReg]
2000-05-10 22:00 90112 -c—-w- c:windowsUpdreg.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
2008-01-15 21:54 37376 -c—a-w- c:program filesWinampwinampa.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\totalcmd\TOTALCMD.EXE»=
«c:\Program Files\FlylinkDC++\FlylinkDC.exe»=
«c:\Program Files\SiSoftware\SiSoftware Sandra Pro Business XI.SP2\Win32\RpcDataSrv.exe»=
«c:\Program Files\SiSoftware\SiSoftware Sandra Pro Business XI.SP2\RpcSandraSrv.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Total Commander\Totalcmd.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=
«c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Russian\setup.exe»=
«e:\Cropp\psp\uTorrent.exe»=
«c:\Program Files\QIP Infium\infium.exe»=
«c:\Program Files\Microsoft ActiveSync\wcescomm.exe»=
«c:\Program Files\Microsoft ActiveSync\WCESMgr.exe»=
«c:\Program Files\VideoLAN\VLC\vlc.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«e:\QUAKElll\quake3.exe»=
«c:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe»=
«c:\Program Files\Logitech\Logitech Vid\Vid.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«9844:TCP»= 9844:TCP:fxqtzmrR0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [14.10.2009 21:18 36880]
R0 sptd;sptd;c:windowssystem32driverssptd.sys [25.03.2007 8:35 717296]
R1 atitray;atitray;c:program filesRadeon Omega Driversv3.8.330ATI Tray Toolsatitray.sys [14.11.2005 1:43 14336]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [13.12.2008 0:46 222456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [14.09.2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:windowssystem32driversklmouflt.sys [02.10.2009 19:39 19472]
R3 PhTVTune;VideoWonder ProTV WDM TVTuner;c:windowssystem32driversSilicon.sys [24.03.2007 23:49 21888]
R3 Tetris;Tetris driver;c:windowssystem32driversTetris.sys [30.08.2007 14:32 48928]
S0 d347bus;d347bus;c:windowssystem32driversd347bus.sys [26.05.2007 18:38 155136]
S0 d347prt;d347prt;c:windowssystem32driversd347prt.sys [26.05.2007 18:38 5248]
S2 gupdate1c995afc65ce744;Google Update Service (gupdate1c995afc65ce744);c:program filesGoogleUpdateGoogleUpdate.exe [23.02.2009 15:10 133104]
S2 LogWatch;Event Log Watch;i:ca_licLogWatNT.exe —> i:ca_licLogWatNT.exe [?]
S3 Irbis64_Service;Irbis64_Service;c:irbis64service_64.exe c:irbis64 —> c:irbis64service_64.exe c:irbis64 [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [10.12.2009 2:28 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [10.12.2009 2:28 8320]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
epzck
cttrwf
rntxmn
oguqct
oeceyrqxq
xeqpbo
jwmxbd
.
Contents of the ‘Scheduled Tasks’ folder2010-02-27 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 09:34]2010-03-04 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-23 12:10]2010-03-04 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-23 12:10]
.
.
Supplementary Scan
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.windowsxlive.net
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Winamp Search — c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPRMT6PRMTIEprmtie5.htm
TCP: {C1380026-0D59-45CF-8C48-951ED4EF6577} = 80.70.224.2,80.70.224.4
TCP: {C50B6EB1-B17D-44BC-90A4-3C050E5DA265} = 80.70.224.2,80.70.224.4
TCP: {E1814A5A-5CDA-40C8-806C-396411C24554} = 80.70.224.2,80.70.224.4
Handler: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — c:program filesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
FF — ProfilePath — c:documents and settingsANTApplication DataMozillaFirefoxProfilesso4gyn3i.default
FF — prefs.js: browser.search.selectedEngine — QIP Search
FF — prefs.js: browser.startup.homepage — hxxp://active.mns.ru
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
FF — component: c:program filesMozilla Firefoxcomponentsqippipe.dll
FF — component: c:program filesMozilla Firefoxextensionslinkfilter@kaspersky.rucomponentsKavLinkFilter.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.17npGoogleOneClick8.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpqtplugin8.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpvlc.dll
FF — plugin: c:program filesQuickTimePluginsnpqtplugin8.dll
.
.
File Associations
.
inifile=%SystemRoot%System32NOTEPAD.EXE %1″
.
— — — — ORPHANS REMOVED — — — —SSODL-UpdateCheck-{0894318A-AFBB-4AF6-87B7-AB50773F1FD3} — (no file)
MSConfigStartUp-ATICCC — c:program filesATI TechnologiesATI.ACECLIStart.exe
MSConfigStartUp-egui — c:program filesESETESET NOD32 Antivirusegui.exe
MSConfigStartUp-Kleptomania — c:progra~1KLEPTO~1k-mania.exe
MSConfigStartUp-LogitechCommunicationsManager — c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon — c:program filesLogitechQuickCamQuickcam.exe
MSConfigStartUp-Punto Switcher — c:program filesPunto Switcherpunto.exe
MSConfigStartUp-QIP — c:program filesQIP.Onlineqiponline.exe
MSConfigStartUp-Winpower — c:program filesUpsPilotWinpower.exe
AddRemove-Fable — The Lost Chapters_is1 — i:fable — the lost chaptersunins000.exe
AddRemove-HijackThis — c:program filesTrend MicroHijackThisHijackThis.exe
AddRemove-XPv3.8.330 — c:windowsRadeon Omega Drivers v3.8.330
AddRemove-Winamp Toolbar for Firefox — c:documents and settingsANTApplication DataMozillaFirefoxProfilesso4gyn3i.defaultextensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}uninstall.exe
AddRemove-{DF0273D1-2E03-484D-8FFB-02C39438A6C1} — E:Uninstall.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 22:27
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll >>UNKNOWN [0x86F651F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf75cbfc3
DriverACPI -> ACPI.sys @ 0xf73f0cb8
Driveratapi -> sfsync02.sys @ 0xf7807d60
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9
ParseProcedure -> ntoskrnl.exe @ 0x8057e98a
DeviceHarddisk0DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9
ParseProcedure -> ntoskrnl.exe @ 0x8057e98a
NDIS: D-Link DFE-520TX PCI Fast Ethernet Adapter #3 -> SendCompleteHandler -> NDIS.sys @ 0xf727cba0
PacketIndicateHandler -> NDIS.sys @ 0xf7289b21
SendHandler -> NDIS.sys @ 0xf726787b
user & kernel MBR OK**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1580)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(1636)
c:windowssystem32relog_ap.dll— — — — — — — > ‘explorer.exe'(5264)
c:windowsTEMPlogishrdLVPrcInj01.dll
c:program filesYandexPunto Switcherpshook.dll
c:program filesLogitechSetPointlgscroll.dll
c:windowssystem32WPDShServiceObj.dll
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
c:windowssystem32browselc.dll
c:program filesMicrosoft OfficeOFFICE11msohev.dll
c:program filesCommon FilesAdobeAcrobatActiveXPDFShell.dll
.
Other Running Processes
.
c:windowssystem32Ati2evxx.exe
c:windowssystem32Ati2evxx.exe
c:program filesCommon FilesAcronisSchedule2schedul2.exe
c:windowssystem32CTsvcCDA.exe
c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe
c:windowssystem32PnkBstrA.exe
c:program filesCyberLinkShared filesRichVideo.exe
c:program filesMicrosoft SQL Server90Sharedsqlbrowser.exe
c:program filesMicrosoft SQL Server90Sharedsqlwriter.exe
c:windowssystem32wscntfy.exe
c:program filesCommon FilesLogishrdLQCVFXCOCIManager.exe
c:program filesCommon FilesLogitechKHALKHALMNPR.EXE
c:program filesPC Connectivity SolutionServiceLayer.exe
c:program filesPC Connectivity SolutionTransportsNclIrSrv.exe
c:program filesPC Connectivity SolutionTransportsNclRSSrv.exe
c:program filesPC Connectivity SolutionTransportsNclMSBTSrv.exe
c:program filesPC Connectivity SolutionTransportsNclUSBSrv.exe
c:program filesSkypePlugin ManagerskypePM.exe
c:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-03-04 22:32:32 — machine was rebooted
ComboFix-quarantined-files.txt 2010-03-04 19:32Pre-Run: 1 467 949 056 байт свободно
Post-Run: 1 619 087 360 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect— — End Of File — — A374B872C0BF230408A1EAADBD192D03
Кликните Пуск -> Выполнить
В строке ввода введите notepad и нажмите Enter.
Вствавьте в блокнот следующий текст:dir winlogon.* /a h /s > File.txtКликните Файл, Сохранить как.
Смените тип файла на: Все файлы.
Введите имя файла find_file.bat и кликните Ok.
Сохраните файл на ваш рабочий стол.
Закройте блокнот.
Дважды кликните по созданному нами файлу find_file.bat.
По-завершению работы на рабочем столе появится файл File.txt, вставьте его содержимое в ваш ответ.Спасибо за оперативность!!!))) Вот что в файле:
Том в устройстве C имеет метку Система
Серийный номер тома: BE56-8CB1Содержимое папки C:QooboxQuarantineCWINDOWSsystem32
17.08.2004 16:05 503 808 winlogon.bak.vir
1 файлов 503 808 байтСодержимое папки C:WINDOWSsystem32
24.03.2007 16:49 503 808 winlogon.exe
1 файлов 503 808 байтОткройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
NetSvc::
epzck
cttrwf
rntxmn
oguqct
oeceyrqxq
xeqpbo
jwmxbd
MBR::Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.Кроме этого проверьте файл следующие два файла:
C:QooboxQuarantineCWINDOWSsystem32winlogon.bak.vir
c:windowssystem32winlogon.exeна сайте VirusTotal.
В поле Отправить файл кликните по кнопке Browse/Обзор.
Выберите подозрительный фай, о котором я писал выше.
Кликните по кнопке Отправить файл.Результат сканирования так же вставьте в ваше ответное сообщение.
Вот логи с сайта Вирустотал по двум проверенным файлам:
Первый файл:
File size: 503808 bytes
MD5 : ba9df5930b2582c31c0c8e52c94dda48
SHA1 : 5cbf1147900b9688c84edf9fea72ae7d7b71e328
SHA256: 4d5e6bc3bd05477523ad762ed1813254a2367d21929221ff9f4d1fe0cb9f517c
PEInfo: PE Structure information( base data )
entrypointaddress.: 0x3D353
timedatestamp…..: 0x41107EDC (Wed Aug 4 08:14:52 2004)
machinetype…….: 0x14C (Intel I386)( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6F288 0x6F400 6.82 efef82dd9ff143ad282f8cbe68d2d76b
.data 0x71000 0x4D90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30
.rsrc 0x76000 0x96B8 0x9800 4.33 b9607525adba6ca9e2bc8c72ab88832a( 0 imports )
( 0 exports )
TrID : File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
ssdeep: 6144:dYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcrFIzdFz/N5WjyfTNQe:dVLBhic7Qy1vSneJFDNhp8nY
sigcheck: publisher….: __________ __________
copyright….: (c) __________ __________. ___ _____ ________.
product……: ____________ _______ Microsoft_ Windows_
description..: _________ _____ _ _______ Windows NT
original name: WINLOGON.EXE
internal name: winlogon
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments…..: n/a
signers……: —
signing date.: —
verified…..: Unsigned
PEiD : —
CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ba9df5930b2582c31c0c8e52c94dda48
RDS : NSRL Reference Data Set
—Второй файл:
File size: 503808 bytes
MD5 : bc260ed748748149db05b29b256a0500
SHA1 : bf512ac3eaef002805a0e90852b1cd0791ec73dc
SHA256: af19c930f984cbd4cd7a5a16e74e4bd86c495b0376ce0a0faeab368e456a80a2
PEInfo: PE Structure information( base data )
entrypointaddress.: 0x103D353
timedatestamp…..: 0x41107EDC (Wed Aug 4 08:14:52 2004)
machinetype…….: 0x14C (Intel I386)( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6F288 0x6F400 6.82 7eb8db68ce03fa8d6e3b254c4b13abfa
.data 0x71000 0x4D90 0x2000 6.21 662eceb591c7df2d6e365ae6b9b2da15
.rsrc 0x76000 0x96B8 0x9800 4.33 b9607525adba6ca9e2bc8c72ab88832a( 0 imports )
( 0 exports )
TrID : File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
ssdeep: 6144:dYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcbFIzdFz/N5WjyfTNQC:dVLBhic7Qy1vSneJFDNhp87Y
sigcheck: publisher….: __________ __________
copyright….: (c) __________ __________. ___ _____ ________.
product……: ____________ _______ Microsoft_ Windows_
description..: _________ _____ _ _______ Windows NT
original name: WINLOGON.EXE
internal name: winlogon
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments…..: n/a
signers……: —
signing date.: —
verified…..: Unsigned
PEiD : —
CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=bc260ed748748149db05b29b256a0500
RDS : NSRL Reference Data Set
—Теперь к логу от комбофикса. Словил синий экран при последней попытке запуска, поэтому сейчас попробую еще разок.
ComboFix 10-03-04.06 — ANT 06.03.2010 0:53.4.2 — x86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.1023.543 [GMT 3:00]
Running from: c:documents and settingsANTРабочий столComboFix.exe
Command switches used :: c:documents and settingsANTРабочий столCFScript.txt
AV: Антивирус Касперского *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Resident AV is active.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsANTЊ®Ё ¤®Єг¬Ґвлcc_20100112_1507.reg
c:documents and settingsANTЊ®Ё ¤®Єг¬Ґвлcc_20100113_1824.regc:windowssystem32winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.2010-03-02 00:46 . 2010-03-02 00:46
d
w- C:rsit
2010-03-01 23:46 . 2010-03-01 23:46
d
w- c:program filesTrend Micro
2010-03-01 22:33 . 2008-03-16 13:30 216064 —sh—r- c:windowssystem32nbDX.dll
2010-03-01 22:33 . 2007-02-21 11:47 31232 —sh—r- c:windowssystem32msfDX.dll
2010-03-01 22:33 . 2006-05-03 10:06 163328 —sh—r- c:windowssystem32flvDX.dll
2010-03-01 22:33 . 2010-03-01 22:33
d
w- c:program fileseRightSoft
2010-02-28 21:47 . 2010-02-28 21:47
d
w- c:documents and settingsANTApplication DataApple Computer
2010-02-27 11:05 . 2010-02-27 11:05
d
w- c:documents and settingsNetworkServiceLocal SettingsApplication DataApple
2010-02-22 22:11 . 2010-02-22 22:11
d
w- c:program filesQuickTime
2010-02-22 22:11 . 2010-02-22 22:11
d
w- c:documents and settingsAll UsersApplication DataApple Computer
2010-02-22 22:11 . 2010-02-22 22:11
d
w- c:program filesCommon FilesApple
2010-02-22 22:10 . 2010-02-22 22:10
d
w- c:documents and settingsANTLocal SettingsApplication DataApple
2010-02-22 22:10 . 2010-02-22 22:10
d
w- c:program filesApple Software Update
2010-02-22 22:10 . 2010-02-22 22:10
d
w- c:documents and settingsAll UsersApplication DataApple
2010-02-22 22:10 . 2010-02-22 22:10
d
w- c:documents and settingsANTLocal SettingsApplication DataApple Computer
2010-02-22 21:51 . 2010-02-22 21:51
d
w- C:Новая папка
2010-02-22 21:50 . 2010-02-22 21:50
d
w- C:Partyman
2010-02-22 21:50 . 2010-02-22 21:50
d
w- c:documents and settingsANTНовая папка
2010-02-22 21:47 . 2010-02-22 21:47
d
w- c:documents and settingsANTHardbass Partyman
2010-02-07 22:33 . 2010-02-07 22:33 109072 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilesrollbackpatchAutoPatcheskav9exec9.0.0.736mzvkbd3.dll
2010-02-07 22:33 . 2010-02-07 22:33 80400 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilesrollbackpatchAutoPatcheskav9exec9.0.0.736fssync.dll
2010-02-07 22:33 . 2010-02-07 22:33 315408 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilesrollbackpatchAutoPatcheskav9exec9.0.0.736sysi3865.1klif.sys
2010-02-07 22:33 . 2010-02-07 22:33 109072 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav9exec9.0.0.736mzvkbd3.dll
2010-02-07 22:33 . 2010-02-07 22:33 80400 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav9exec9.0.0.736fssync.dll
2010-02-07 22:33 . 2010-02-07 22:33 315408 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav9exec9.0.0.736sysi3865.1klif.sys
2010-02-07 22:22 . 2010-02-07 22:22 108059 —-a-w- c:windowssystem32driversklin.dat
2010-02-07 22:22 . 2010-02-07 22:22 95259 —-a-w- c:windowssystem32driversklick.dat
2010-02-07 22:20 . 2010-03-05 22:04
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 22:05 . 2008-07-06 08:46
d
w- c:documents and settingsANTApplication DataSkype
2010-03-05 09:24 . 2008-07-06 08:49
d
w- c:documents and settingsANTApplication DataskypePM
2010-03-01 15:28 . 2010-03-01 15:20
d
w- c:program filesSecurity Task Manager
2010-03-01 15:28 . 2010-03-01 15:20
d
w- c:documents and settingsAll UsersApplication DataSecTaskMan
2010-02-28 23:35 . 2007-03-24 15:12
d
w- c:program filesCommon FilesAdobe
2010-02-27 23:51 . 2007-04-30 19:16
d
w- c:documents and settingsANTApplication DataCanon
2010-02-25 20:45 . 2007-11-25 08:37
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-02-23 10:04 . 2007-05-11 19:56 1157544 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-02-21 22:43 . 2008-04-13 13:59
d
w- c:program filesBengal
2010-02-20 15:02 . 2008-11-06 18:42
d
w- c:program filesATI
2010-02-20 14:58 . 2007-04-10 21:23
d
w- c:program filesATI Technologies
2010-02-18 22:38 . 2008-05-11 21:06
d
w- c:program filesKaspersky Lab
2010-02-18 22:37 . 2009-04-17 20:20 119808 -csha-w- c:program filesThumbs.db
2010-02-07 21:56 . 2008-05-11 20:59
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2010-02-07 20:00 . 2007-08-15 17:43
d
w- c:program filesGoogle
2010-01-22 07:36 . 2008-07-27 21:30
d
w- c:documents and settingsANTApplication DatauTorrent
2010-01-13 15:42 . 2009-10-14 22:01
d
w- c:program filesDrWeb
2010-01-13 15:39 . 2007-03-24 13:16
d—h—w- c:program filesInstallShield Installation Information
2010-01-13 15:08 . 2009-03-03 20:03 1324 —-a-w- c:windowssystem32d3d9caps.dat
2010-01-12 12:06 . 2010-01-12 12:06
d
w- c:program filesCCleaner
2010-01-12 11:18 . 2010-01-12 11:18
d
w- c:program filesAvira
2010-01-11 21:11 . 2008-11-11 23:15
d
w- c:program filesQIP Infium
2009-12-23 17:18 . 2009-12-23 17:18 4286 —-a-r- c:documents and settingsANTApplication DataMicrosoftInstaller{744CC3A3-431B-4FCB-A1FC-B115AB5BB359}ARPPRODUCTICON.exe
2009-12-23 17:18 . 2009-12-23 17:18 40960 —-a-r- c:documents and settingsANTApplication DataMicrosoftInstaller{744CC3A3-431B-4FCB-A1FC-B115AB5BB359}Zemble.exe_744CC3A3431B4FCBA1FCB115AB5BB359.exe
2009-12-23 10:35 . 2009-12-23 10:34 231817 —-a-w- c:program filesUninst.isu
2009-12-14 13:37 . 2009-12-14 13:37 36864 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}InstallerCommonCustomActionsSleep.exe
2009-12-14 13:37 . 2009-12-14 13:37 3351812 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}InstallerCommonCustomActionsmsxml6Exec.exe
2009-12-14 13:37 . 2009-12-14 13:37 3203453 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}InstallerCommonCustomActionsvcredistExec.exe
2009-12-10 22:16 . 2001-10-20 16:00 528974 —-a-w- c:windowssystem32perfh019.dat
2009-12-10 22:16 . 2001-10-20 16:00 101150 —-a-w- c:windowssystem32perfc019.dat
2009-12-09 23:27 . 2009-12-09 23:27 95232 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionspcswpcsi.exe
2009-12-09 23:27 . 2009-12-09 23:27 8192 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstCCD.exe
2009-12-09 23:27 . 2009-12-09 23:27 61440 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstPCSFEMsi.exe
2009-12-09 23:27 . 2009-12-09 23:27 10240 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}InstallerCommonCustomActionsUninstPCS.exe
2009-12-09 23:25 . 2009-12-09 23:27 34045136 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{3D39E775-DDDA-4327-B747-0BDC5F191331}Nokia_PC_Suite_7_1_30_9_rus_web.exe
2009-08-04 17:56 . 2009-09-24 09:20 416 -c—a-w- c:program filesfile_id.diz
2007-09-18 10:49 . 2009-04-17 20:20 36153 -c—a-w- c:program filesscrdoc_r.htm
2007-09-18 10:42 . 2009-04-17 20:20 22683 -c—a-w- c:program filesscrdoc_e.htm
2007-09-18 09:40 . 2009-04-17 20:20 960 -c—a-w- c:program filesReadme_E.txt
2007-09-18 09:38 . 2009-04-17 20:20 30208 -c—a-w- c:program filesReadme_R.doc
2007-09-18 09:38 . 2009-04-17 20:20 931 -c—a-w- c:program filesReadme_R.txt
2007-09-18 09:07 . 2009-04-17 20:20 2245 -c—a-w- c:program filesbrowse_r.htm
2007-09-18 09:06 . 2009-04-17 20:20 2170 -c—a-w- c:program filesbrowse_e.htm
2007-09-18 09:04 . 2009-04-17 20:20 18116 -c—a-w- c:program filesscreen_e.htm
2007-09-18 09:04 . 2009-04-17 20:20 23243 -c—a-w- c:program filesscreen_r.htm
2007-09-17 17:41 . 2009-04-17 20:20 5229 -c—a-w- c:program filesstd_rutw.png
2007-09-17 17:41 . 2009-04-17 20:20 4713 -c—a-w- c:program filesstd_ukr.png
2007-09-17 17:41 . 2009-04-17 20:20 4625 -c—a-w- c:program filesstd_ru.png
2007-09-17 17:41 . 2009-04-17 20:20 4594 -c—a-w- c:program filesyazhert.png
2007-09-17 17:41 . 2009-04-17 20:20 4897 -c—a-w- c:program filesyaschert.png
2007-09-17 17:41 . 2009-04-17 20:20 4830 -c—a-w- c:program filesyashert3.png
2007-09-17 17:41 . 2009-04-17 20:20 4727 -c—a-w- c:program filesyawert2.png
2007-09-17 17:41 . 2009-04-17 20:20 4688 -c—a-w- c:program filesyashert2.png
2007-09-17 17:41 . 2009-04-17 20:20 4593 -c—a-w- c:program filesyashert.png
2007-09-17 17:41 . 2009-04-17 20:20 4571 -c—a-w- c:program filesstudent.png
2007-09-17 17:41 . 2009-04-17 20:20 4558 -c—a-w- c:program filesyawert.png
2007-09-17 17:41 . 2009-04-17 20:20 4538 -c—a-w- c:program filesyazh_ukr.png
2007-09-17 17:40 . 2009-04-17 20:20 4923 -c—a-w- c:program filesyazhert3.png
2007-09-17 17:40 . 2009-04-17 20:20 4580 -c—a-w- c:program filesyazhert2.png
2007-09-17 17:40 . 2009-04-17 20:20 4556 -c—a-w- c:program filesyayuertj.png
2007-09-17 17:24 . 2009-04-17 20:20 4846 -c—a-w- c:program filesalphabet.png
2007-04-08 15:57 . 2009-04-17 20:20 50350 -c—a-w- c:program filescvtnonus.js
2007-04-06 13:41 . 2009-04-17 20:20 49567 -c—a-w- c:program filescvt.js
2007-04-06 13:18 . 2009-04-17 20:20 12188 -c—a-w- c:program filescvtnon_e.js
2006-10-03 08:35 . 2009-04-17 20:20 9191 -c—a-w- c:program filesvOpera_r.htm
2006-10-02 13:59 . 2009-04-17 20:20 268 -c—a-w- c:program filesardn1.png
2006-10-02 13:59 . 2009-04-17 20:20 274 -c—a-w- c:program filessmile.png
2006-10-02 11:03 . 2009-04-17 20:20 459 -c—a-w- c:program filesgo_e.png
2006-10-02 11:03 . 2009-04-17 20:20 456 -c—a-w- c:program filesgo_r.png
2006-10-02 11:03 . 2009-04-17 20:20 2673 -c—a-w- c:program filescyr-late.png
2006-10-02 11:03 . 2009-04-17 20:20 2542 -c—a-w- c:program filescyr-lat.png
2006-10-02 11:03 . 2009-04-17 20:20 1389 -c—a-w- c:program filesmain_r.png
2006-10-02 11:03 . 2009-04-17 20:20 1369 -c—a-w- c:program filesmain_e.png
2006-09-14 15:43 . 2009-04-17 20:20 318 -c—a-w- c:program filesvkb.ico
2006-04-07 09:14 . 2009-04-17 20:20 4670 -c—a-w- c:program filesutil.js
2009-10-05 15:34 . 2010-01-11 21:11 118000 —-a-w- c:program filesmozilla firefoxcomponentsqippipe.dll
2006-05-03 10:06 . 2010-03-01 22:33 163328 —sh—r- c:windowssystem32flvDX.dll
2009-11-30 07:23 . 2009-06-19 21:22 3140 —sha-w- c:windowssystem32KGyGaAvL.sys
2007-02-21 11:47 . 2010-03-01 22:33 31232 —sh—r- c:windowssystem32msfDX.dll
2008-03-16 13:30 . 2010-03-01 22:33 216064 —sh—r- c:windowssystem32nbDX.dll
.
Sigcheck
[-] 2004-08-03 . C1783498EDB152656303B5D5BCABD86C . 359040 . . [5.1.2600.2180] . . c:windowssystem32dllcachetcpip.sys
[-] 2004-08-03 . C1783498EDB152656303B5D5BCABD86C . 359040 . . [5.1.2600.2180] . . c:windowssystem32driverstcpip.sys[-] 2007-03-24 . BC260ED748748149DB05B29B256A0500 . 503808 . . [5.1.2600.2180] . . c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-03-04_19.27.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-24 12:49 . 2010-03-05 19:43 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
— 2007-03-24 12:49 . 2010-02-26 07:48 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
+ 2007-03-24 12:49 . 2010-03-05 19:43 32768 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
— 2007-03-24 12:49 . 2010-02-26 07:48 32768 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
+ 2010-03-05 22:03 . 2009-04-30 12:01 109080 c:windowstemplogishrdLVPrcInj01.dll
— 2010-03-04 19:26 . 2009-04-30 12:01 109080 c:windowstemplogishrdLVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}»= «c:program filesWinamp Toolbarwinamptb.dll» [2008-03-19 1267040][HKEY_CLASSES_ROOTclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch]c:documents and settingsANTѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Punto Switcher.lnk — c:program filesYandexPunto Switcherpunto.exe [2009-9-30 831272]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Logitech SetPoint.lnk — c:program filesLogitechSetPointSetPoint.exe [2007-5-15 450560][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«UIHost»=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionimage file execution optionsavp.com]
«Debugger»=ntsd -d[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Logitech Desktop Messenger.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаLogitech Desktop Messenger.lnk
backup=c:windowspssLogitech Desktop Messenger.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Logitech SetPoint.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаLogitech SetPoint.lnk
backup=c:windowspssLogitech SetPoint.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
backup=c:windowspssУскоренный запуск Adobe Reader.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^ANT^Главное меню^Программы^Автозагрузка^Adobe Gamma.lnk]
backup=c:windowspssAdobe Gamma.lnkStartup[HKLM~startupfolderC:^Documents and Settings^ANT^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
backup=c:windowspssTotal Commander.lnkStartup[HKLM~startupfolderC:^Documents and Settings^ANT^Главное меню^Программы^Автозагрузка^Yahoo! Widget Engine.lnk]
backup=c:windowspssYahoo! Widget Engine.lnkStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcronis Scheduler2 Service]
2005-11-28 12:01 118784 -c—a-w- c:program filesCommon FilesAcronisSchedule2schedhlp.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
2005-05-03 10:43 69632 -c—a-w- c:windowsALCMTR.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcWzrd]
2005-05-04 02:01 2805248 -c—a-w- c:windowsALCWZRD.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUS Probe]
2002-12-06 13:07 617984 -c—a-w- c:program filesASUSAsus ProbeAsusProb.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAtiPTA]
2006-02-22 00:05 344064 -c—a-w- c:windowssystem32atiptaxx.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
2004-08-17 13:04 15360
w- c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTSysVol]
2005-10-31 07:51 57344 -c—-w- c:program filesCreativeSBAudigySurround MixerCTSysVol.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
2008-04-01 09:39 486856 —-a-w- c:program filesDAEMON Tools Litedaemon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]
2004-08-22 13:05 81920 —-a-w- E:daemon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
2005-01-04 08:50 405583 —-a-w- c:program filesMicrosoft ActiveSyncwcescomm.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHigh Definition Audio Property Page Shortcut]
2005-01-07 14:07 61952 -c—-w- c:windowssystem32HdAShCut.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
2006-05-18 07:29 49152 -c—a-w- c:program filesCyberLinkPowerDVDLanguageLanguage.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
2004-09-19 21:27 65536 -c—a-w- c:program filesLClockLClock.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLDM]
2008-10-29 19:53 66864 -c—a-w- c:program filesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitech Hardware Abstraction Layer]
2005-05-20 10:46 28160 —-a-w- c:windowsKHALMNPR.Exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitech Vid]
2009-06-02 04:59 5451536 —-a-w- c:program filesLogitechLogitech VidVid.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2004-08-17 13:17 1667584
w- c:program filesMessengermsmsgs.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmsnmsgr]
2009-02-06 14:50 3885408 —-a-w- c:program filesWindows LiveMessengermsnmsgr.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2001-07-09 07:50 155648 -c—a-w- c:windowssystem32NeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOpwareSE2]
2003-05-08 07:00 49152 -c—a-w- c:program filesScanSoftOmniPageSE2.0opwareSE2.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregP17Helper]
2005-05-03 11:38 64512 -c—a-r- c:windowssystem32P17.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
2009-06-25 12:12 1414144 —-a-w- c:program filesNokiaNokia PC Suite 7PCSuite.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2010-02-15 15:50 417792 —-a-w- c:program filesQuickTimeQTTask.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
2005-05-03 10:43 90112 -c—a-w- c:windowsSOUNDMAN.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
2008-08-01 12:23 61440 -c—a-w- c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2007-03-13 23:43 83608 -c—a-w- c:program filesJavajre1.6.0_01binjusched.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
2007-11-12 18:09 68856 -c—a-w- c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrueImageMonitor.exe]
2005-11-28 12:01 1005302 -c—a-w- c:program filesAcronisTrueImageTrueImageMonitor.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdReg]
2000-05-10 22:00 90112 -c—-w- c:windowsUpdreg.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
2008-01-15 21:54 37376 -c—a-w- c:program filesWinampwinampa.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\totalcmd\TOTALCMD.EXE»=
«c:\Program Files\FlylinkDC++\FlylinkDC.exe»=
«c:\Program Files\SiSoftware\SiSoftware Sandra Pro Business XI.SP2\Win32\RpcDataSrv.exe»=
«c:\Program Files\SiSoftware\SiSoftware Sandra Pro Business XI.SP2\RpcSandraSrv.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Total Commander\Totalcmd.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=
«c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Russian\setup.exe»=
«e:\Cropp\psp\uTorrent.exe»=
«c:\Program Files\QIP Infium\infium.exe»=
«c:\Program Files\Microsoft ActiveSync\wcescomm.exe»=
«c:\Program Files\Microsoft ActiveSync\WCESMgr.exe»=
«c:\Program Files\VideoLAN\VLC\vlc.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«e:\QUAKElll\quake3.exe»=
«c:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe»=
«c:\Program Files\Logitech\Logitech Vid\Vid.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«9844:TCP»= 9844:TCP:fxqtzmrR0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [14.10.2009 21:18 36880]
R0 sptd;sptd;c:windowssystem32driverssptd.sys [25.03.2007 8:35 717296]
R1 atitray;atitray;c:program filesRadeon Omega Driversv3.8.330ATI Tray Toolsatitray.sys [14.11.2005 1:43 14336]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [13.12.2008 0:46 222456]
R2 LogWatch;Event Log Watch;i:ca_licLogWatNT.exe [23.02.2005 15:56 53248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [14.09.2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:windowssystem32driversklmouflt.sys [02.10.2009 19:39 19472]
R3 PhTVTune;VideoWonder ProTV WDM TVTuner;c:windowssystem32driversSilicon.sys [24.03.2007 23:49 21888]
R3 Tetris;Tetris driver;c:windowssystem32driversTetris.sys [30.08.2007 14:32 48928]
S0 d347bus;d347bus;c:windowssystem32driversd347bus.sys [26.05.2007 18:38 155136]
S0 d347prt;d347prt;c:windowssystem32driversd347prt.sys [26.05.2007 18:38 5248]
S2 gupdate1c995afc65ce744;Google Update Service (gupdate1c995afc65ce744);c:program filesGoogleUpdateGoogleUpdate.exe [23.02.2009 15:10 133104]
S3 Irbis64_Service;Irbis64_Service;c:irbis64service_64.exe c:irbis64 —> c:irbis64service_64.exe c:irbis64 [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [10.12.2009 2:28 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [10.12.2009 2:28 8320]
.
Contents of the ‘Scheduled Tasks’ folder2010-02-27 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 09:34]2010-03-05 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-23 12:10]2010-03-05 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-23 12:10]
.
.
Supplementary Scan
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.windowsxlive.net
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Winamp Search — c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPRMT6PRMTIEprmtie5.htm
TCP: {C1380026-0D59-45CF-8C48-951ED4EF6577} = 80.70.224.2,80.70.224.4
TCP: {C50B6EB1-B17D-44BC-90A4-3C050E5DA265} = 80.70.224.2,80.70.224.4
TCP: {E1814A5A-5CDA-40C8-806C-396411C24554} = 80.70.224.2,80.70.224.4
Handler: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — c:program filesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
FF — ProfilePath — c:documents and settingsANTApplication DataMozillaFirefoxProfilesso4gyn3i.default
FF — prefs.js: browser.search.selectedEngine — QIP Search
FF — prefs.js: browser.startup.homepage — hxxp://active.mns.ru
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
FF — component: c:program filesMozilla Firefoxcomponentsqippipe.dll
FF — component: c:program filesMozilla Firefoxextensionslinkfilter@kaspersky.rucomponentsKavLinkFilter.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.17npGoogleOneClick8.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpqtplugin8.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpvlc.dll
FF — plugin: c:program filesQuickTimePluginsnpqtplugin8.dll
.**************************************************************************
scanning hidden processes …scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files:**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1568)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(1624)
c:windowssystem32relog_ap.dll— — — — — — — > ‘explorer.exe'(4808)
c:windowsTEMPlogishrdLVPrcInj01.dll
c:program filesYandexPunto Switcherpshook.dll
c:program filesLogitechSetPointlgscroll.dll
c:windowssystem32WPDShServiceObj.dll
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowssystem32Ati2evxx.exe
c:windowssystem32Ati2evxx.exe
c:program filesCommon FilesAcronisSchedule2schedul2.exe
c:program filesKaspersky LabKaspersky Anti-Virus 2010avp.exe
c:windowssystem32CTsvcCDA.exe
c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe
c:windowssystem32PnkBstrA.exe
c:program filesCyberLinkShared filesRichVideo.exe
c:program filesMicrosoft SQL Server90Sharedsqlbrowser.exe
c:program filesMicrosoft SQL Server90Sharedsqlwriter.exe
c:windowssystem32wscntfy.exe
c:program filesCommon FilesInstallShieldUpdateServiceissch.exe
c:program filesLogitechLogitech WebCam SoftwareLWS.exe
c:program filesKaspersky LabKaspersky Anti-Virus 2010avp.exe
c:program filesAdobeReader 9.0ReaderReader_sl.exe
c:program filesSkypePhoneSkype.exe
c:program filesCommon FilesLogishrdLQCVFXCOCIManager.exe
c:program filesCommon FilesLogitechKHALKHALMNPR.EXE
c:program filesPC Connectivity SolutionServiceLayer.exe
c:program filesPC Connectivity SolutionTransportsNclIrSrv.exe
c:program filesPC Connectivity SolutionTransportsNclRSSrv.exe
c:program filesPC Connectivity SolutionTransportsNclMSBTSrv.exe
c:program filesPC Connectivity SolutionTransportsNclUSBSrv.exe
c:program filesSkypePlugin ManagerskypePM.exe
c:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-03-06 01:09:11 — machine was rebooted
ComboFix-quarantined-files.txt 2010-03-05 22:08
ComboFix2.txt 2010-03-05 21:32
ComboFix3.txt 2010-03-04 19:32Pre-Run: 1 579 368 448 байт свободно
Post-Run: 1 556 131 840 байт свободно— — End Of File — — 51576F0948ACAA06F0024C742DD6A48A
- Для ответа в этой теме необходимо авторизоваться.
