- This topic has 21 ответ, 2 участника, and was last updated 16 years, 4 months назад by
.
-
Сообщения
-
http://uploading.com/files/50PYQ8TA/untitled.JPG.html
Logfile of HijackThis v1.99.1
Scan saved at 23:55:13, on 2008.12.24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32agrsmsvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32drivers593.exe
C:WINDOWSsystem32WgaTray.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSRTHDCPL.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesltmohLtmoh.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe
C:Program FilesSynapticsSynTPSynToshiba.exe
C:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHid.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosAVRC.exe
C:Program FilesToshibaBluetooth Toshiba StacktosOBEX.exe
C:Program FilesToshibaBluetooth Toshiba StacktosBtProc.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsSatelliteDesktophijackthisHijackThis.exeR1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.divx.com/divx/divx6/new/en?rcv=1&dist=divxdotcom
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: pdalibP — {FBC934E6-6F95-4742-B6BC-F6E8D854C25D} — C:Documents and SettingsAll UsersApplication Datapdalib.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [syntpenh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [remotecontrol] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Satellite] C:Documents and SettingsSatelliteSatellite.exe /i
O4 — HKCU..Run: [msmsgs] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ltmoh] C:Program FilesltmohLtmoh.exe
O4 — Global Startup: Bluetooth Manager.lnk = ?
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: c:_o_windows_o_system32_o_mmmsjfsj.dll
O20 — Winlogon Notify: WgaLogon — C:WINDOWSSYSTEM32WgaLogon.dll
O23 — Service: Agere Modem Call Progress Audio (AgereModemAudio) — Agere Systems — C:WINDOWSsystem32agrsmsvc.exe
O23 — Service: CbEvtSvc — Unknown owner — C:WINDOWSSystem32CbEvtSvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: TOSHIBA Bluetooth Service — TOSHIBA CORPORATION — C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exeПожалуйста, нужна ваша помощь!
Здравствуйте, добро пожаловать на Spyware-ru форум.
Запустите HijackThis, кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки:O2 - BHO: pdalibP - {FBC934E6-6F95-4742-B6BC-F6E8D854C25D} - C:Documents and SettingsAll UsersApplication Datapdalib.dll
O20 - AppInit_DLLs: c:_o_windows_o_system32_o_mmmsjfsj.dllКликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.Судя по HijackThis логу ваш компьютер заражён ещё одним трояном, поэтому скачайте сканер RSIT кликнув по этой ссылке.
Дважды кликните по скачанному файлу.
Кликните по кнопке Continue.
Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).Вставьте оба RSIT лога в ваш ответ.
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Satellite at 2008-12-25 14:23:39
Microsoft Windows XP Professional Service Pack 2
System drive C: has 92 GB (80%) free of 114 GB
Total RAM: 1022 MB (67% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:52, on 2008.12.25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32agrsmsvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32WgaTray.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesltmohLtmoh.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe
C:Program FilesSynapticsSynTPSynToshiba.exe
C:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHid.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosAVRC.exe
C:Program FilesToshibaBluetooth Toshiba StacktosOBEX.exe
C:Program FilesToshibaBluetooth Toshiba StacktosBtProc.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsSatelliteDesktopRSIT.exe
C:Program Filestrend microSatellite.exeR1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.divx.com/divx/divx6/new/en?rcv=1&dist=divxdotcom
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: WormRadar.com IESiteBlocker.NavFilter — {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} — C:Program FilesAVGAVG8avgssie.dll (file missing)
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [syntpenh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [remotecontrol] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Satellite] C:Documents and SettingsSatelliteSatellite.exe /i
O4 — HKCU..Run: [msmsgs] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ltmoh] C:Program FilesltmohLtmoh.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Bluetooth Manager.lnk = ?
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: crypt — crypts.dll (file missing)
O23 — Service: Agere Modem Call Progress Audio (AgereModemAudio) — Agere Systems — C:WINDOWSsystem32agrsmsvc.exe
O23 — Service: CbEvtSvc — Unknown owner — C:WINDOWSSystem32CbEvtSvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: TOSHIBA Bluetooth Service — TOSHIBA CORPORATION — C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe—
End of file — 4855 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 63136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-05-30 1410344][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}]
AVG Safe Search — C:Program FilesAVGAVG8avgssie.dll [][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-06-28 8466432]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-06-28 81920]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-07-05 16380416]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«syntpenh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2007-07-25 888832]
«remotecontrol»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«Satellite»=C:Documents and SettingsSatelliteSatellite.exe /i []
«msmsgs»=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]
«ltmoh»=C:Program FilesltmohLtmoh.exe [2007-01-09 191552]C:Documents and SettingsAll UsersStart MenuProgramsStartup
Bluetooth Manager.lnk — C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt]
crypts.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2008-09-05 241704][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ENABLE»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2008-12-25 11:34:16 —-D—- C:WINDOWSsystem32LogFiles
2008-12-25 11:09:35 —-A—- C:WINDOWSsystem32mmmenqen.dll
2008-12-25 11:07:35 —-A—- C:WINDOWSsystem32mmmayiay.dll
2008-12-25 11:04:18 —-D—- C:Documents and SettingsAll UsersApplication DataAvg8
2008-12-25 10:45:45 —-D—- C:WINDOWSLastGood
2008-12-25 10:45:40 —-D—- C:Program FilesAVG
2008-12-25 09:40:15 —-A—- C:WINDOWSsystem32wincreate.exe
2008-12-25 09:25:37 —-A—- C:WINDOWSsystem32mmmgqjgq.dll
2008-12-25 09:21:43 —-A—- C:WINDOWSsystem32mmmbajba.dll
2008-12-25 09:17:45 —-A—- C:WINDOWSsystem32mmmfwhfw.dll
2008-12-25 09:13:26 —-A—- C:WINDOWSsystem32mmmjytjy.dll
2008-12-25 02:38:51 —-A—- C:WINDOWSsystem32mmmbyhby.dll
2008-12-25 00:01:54 —-D—- C:rsit
2008-12-25 00:01:54 —-D—- C:Program Filestrend micro
2008-12-25 00:00:59 —-RASHD—- C:autorun.inf
2008-12-24 23:41:34 —-A—- C:WINDOWSsystem32mmmptgpt.dll
2008-12-24 23:08:52 —-A—- C:WINDOWSsystem32mmmnoxno.dll
2008-12-24 22:43:40 —-D—- C:WINDOWSpss
2008-12-24 22:26:17 —-A—- C:WINDOWSsystem32mmmhtvht.dll
2008-12-24 22:09:33 —-A—- C:WINDOWSsystem32mmmzdlzd.dll
2008-12-24 22:06:57 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2008-12-24 22:06:45 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2008-12-24 22:04:33 —-D—- C:Program FilesCCleaner
2008-12-24 21:53:04 —-A—- C:WINDOWSsystem32mmmltwlt.dll
2008-12-24 21:03:15 —-A—- C:WINDOWSsystem32digeste.dll
2008-12-24 20:56:58 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2008-12-24 20:56:52 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2008-12-24 20:56:44 —-HDC—- C:WINDOWS$NtUninstallKB956391$
2008-12-24 20:56:37 —-HDC—- C:WINDOWS$NtUninstallKB957095$
2008-12-24 20:56:19 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2008-12-24 20:56:08 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2008-12-24 20:55:59 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2008-12-24 20:55:52 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2008-12-24 20:55:46 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2008-12-24 20:55:39 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2008-12-24 20:55:33 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2008-12-24 20:55:25 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2008-12-24 20:55:16 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2008-12-24 20:54:54 —-D—- C:WINDOWSLastGood.Tmp
2008-12-24 20:46:48 —-A—- C:WINDOWSsystem32mmmtatta.dll
2008-12-24 20:40:05 —-A—- C:WINDOWSsystem32mmmtfntf.dll
2008-12-24 20:39:38 —-D—- C:WINDOWSMinidump
2008-12-24 20:37:01 —-A—- C:WINDOWSsystem32mmmsjfsj.dll
2008-12-24 20:26:38 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2008-12-24 20:26:10 —-D—- C:Documents and SettingsSatelliteApplication DataWinRAR
2008-12-24 20:25:43 —-D—- C:Program FilesWinRAR
2008-12-24 18:41:41 —-A—- C:WINDOWSsystem32shell31.dll
2008-12-24 18:41:40 —-A—- C:Documents and SettingsAll UsersApplication Datapdalib.dll
2008-12-24 16:34:38 —-D—- C:Program FileseMule======List of files/folders modified in the last 1 months======
2008-12-25 14:21:36 —-D—- C:WINDOWSTemp
2008-12-25 14:20:08 —-A—- C:WINDOWSSchedLgU.Txt
2008-12-25 14:14:15 —-D—- C:WINDOWSsystem32
2008-12-25 14:14:15 —-D—- C:WINDOWS
2008-12-25 14:14:14 —-D—- C:WINDOWSsystem32drivers
2008-12-25 14:13:33 —-HD—- C:WINDOWSinf
2008-12-25 14:13:27 —-D—- C:WINDOWSsystem32CatRoot2
2008-12-25 11:13:48 —-SHD—- C:WINDOWSInstaller
2008-12-25 10:47:32 —-RD—- C:Program Files
2008-12-25 10:45:34 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2008-12-25 10:45:33 —-D—- C:WINDOWSWinSxS
2008-12-25 09:14:37 —-D—- C:WINDOWSPrefetch
2008-12-25 03:37:58 —-A—- C:WINDOWSNeroDigital.ini
2008-12-25 02:48:07 —-D—- C:WINDOWSsystem32CatRoot_bak
2008-12-25 02:48:07 —-D—- C:WINDOWSsystem32CatRoot
2008-12-24 23:02:25 —-SH—- C:boot.ini
2008-12-24 23:02:25 —-A—- C:WINDOWSwin.ini
2008-12-24 23:02:25 —-A—- C:WINDOWSsystem.ini
2008-12-24 22:22:46 —-D—- C:Documents and Settings
2008-12-24 22:07:00 —-RSHDC—- C:WINDOWSsystem32dllcache
2008-12-24 22:06:19 —-HD—- C:WINDOWS$hf_mig$
2008-12-24 22:05:00 —-D—- C:WINDOWSDebug
2008-12-24 21:28:32 —-D—- C:WINDOWSsystem32NtmsData
2008-12-24 21:24:02 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2008-12-24 20:56:27 —-D—- C:Program FilesInternet Explorer
2008-12-24 19:35:01 —-D—- C:WINDOWSHelp
2008-12-24 18:41:21 —-D—- C:Program FilesOutlook Express
2008-12-24 18:41:03 —-D—- C:Documents and SettingsSatelliteApplication DataAdobe
2008-12-24 14:40:28 —-SD—- C:Documents and SettingsSatelliteApplication DataMicrosoft
2008-12-23 09:43:58 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-12-12 19:33:23 —-A—- C:WINDOWSsystem32mshtml.dll
2008-12-09 15:24:38 —-A—- C:WINDOWSsystem32MRT.exe======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-03 36096]
R1 Tosrfcom;Bluetooth RFCOMM; C:WINDOWSSystem32Driverstosrfcom.sys [2005-08-01 64896]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2006-11-28 1161888]
R3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-04 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-07-18 4547584]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:WINDOWSsystem32DRIVERSNETw4x32.sys [2007-04-30 2206976]
R3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-04 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-06-28 6807328]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2004-08-03 67584]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2007-07-25 209312]
R3 tifm21;tifm21; C:WINDOWSsystem32driverstifm21.sys [2007-01-24 290304]
R3 tosporte;Bluetooth COM Port; C:WINDOWSsystem32DRIVERStosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:WINDOWSsystem32DRIVERStosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:WINDOWSSystem32Driverstosrfbnp.sys [2006-11-20 36480]
R3 tosrfec;Bluetooth ACPI; C:WINDOWSsystem32DRIVERStosrfec.sys [2006-10-23 9216]
R3 Tosrfhid;Bluetooth RFHID; C:WINDOWSsystem32DRIVERSTosrfhid.sys [2007-03-01 73728]
R3 tosrfusb;Bluetooth USB Controller; C:WINDOWSsystem32DRIVERStosrfusb.sys [2007-04-24 41856]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 usbvideo;USB Video Device (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2004-08-04 78464]
S2 nicsk32;nicsk32; ??C:WINDOWSsystem32driversnicsk32.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; ??C:DOCUME~1SATELL~1LOCALS~1TempRarSFX0kerneld.wnt []
S3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-23 9600]
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-23 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-07-21 82432]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 tosrfnds;Bluetooth Personal Area Network; C:WINDOWSsystem32DRIVERStosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:WINDOWSsystem32driverstosrfsnd.sys [2007-01-22 53376]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:WINDOWSsystem32agrsmsvc.exe [2006-10-05 9216]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-06-28 155716]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe [2007-02-25 125048]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
нашёл… 🙂
info.txt logfile of random’s system information tool 1.05 2008-12-25 00:02:05
======Uninstall list======
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
AC3Filter (remove only)—>C:Program FilesAC3Filteruninstall.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 7.0—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Bluetooth Stack for Windows by Toshiba—>MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
DivX Codec—>C:Program FilesDivXDivXCodecUninstall.exe /CODEC
High Definition Audio Driver Package — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows XP (KB935448)—>»C:WINDOWS$NtUninstallKB935448$spuninstspuninst.exe»
Hotfix for Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Microsoft Office Professional Edition 2003—>MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Nero Digital—>C:WINDOWSUNNeroVision.exe /UNINSTALL
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x9 -removeonly
Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP10$spuninstspuninst.exe»
Security Update for Windows Media Player 6.4 (KB925398)—>»C:WINDOWS$NtUninstallKB925398_WMP64$spuninstspuninst.exe»
Security Update for Windows XP (KB911562)—>»C:WINDOWS$NtUninstallKB911562$spuninstspuninst.exe»
Security Update for Windows XP (KB913580)—>»C:WINDOWS$NtUninstallKB913580$spuninstspuninst.exe»
Security Update for Windows XP (KB914388)—>»C:WINDOWS$NtUninstallKB914388$spuninstspuninst.exe»
Security Update for Windows XP (KB914389)—>»C:WINDOWS$NtUninstallKB914389$spuninstspuninst.exe»
Security Update for Windows XP (KB917344)—>»C:WINDOWS$NtUninstallKB917344$spuninstspuninst.exe»
Security Update for Windows XP (KB917953)—>»C:WINDOWS$NtUninstallKB917953$spuninstspuninst.exe»
Security Update for Windows XP (KB918118)—>»C:WINDOWS$NtUninstallKB918118$spuninstspuninst.exe»
Security Update for Windows XP (KB918439)—>»C:WINDOWS$NtUninstallKB918439$spuninstspuninst.exe»
Security Update for Windows XP (KB919007)—>»C:WINDOWS$NtUninstallKB919007$spuninstspuninst.exe»
Security Update for Windows XP (KB920213)—>»C:WINDOWS$NtUninstallKB920213$spuninstspuninst.exe»
Security Update for Windows XP (KB920685)—>»C:WINDOWS$NtUninstallKB920685$spuninstspuninst.exe»
Security Update for Windows XP (KB921503)—>»C:WINDOWS$NtUninstallKB921503$spuninstspuninst.exe»
Security Update for Windows XP (KB922819)—>»C:WINDOWS$NtUninstallKB922819$spuninstspuninst.exe»
Security Update for Windows XP (KB923191)—>»C:WINDOWS$NtUninstallKB923191$spuninstspuninst.exe»
Security Update for Windows XP (KB923414)—>»C:WINDOWS$NtUninstallKB923414$spuninstspuninst.exe»
Security Update for Windows XP (KB923689)—>»C:WINDOWS$NtUninstallKB923689$spuninstspuninst.exe»
Security Update for Windows XP (KB923789)—>C:WINDOWSsystem32MacroMedFlashgenuinst.exe C:WINDOWSsystem32MacroMedFlashKB923789.inf
Security Update for Windows XP (KB923980)—>»C:WINDOWS$NtUninstallKB923980$spuninstspuninst.exe»
Security Update for Windows XP (KB924270)—>»C:WINDOWS$NtUninstallKB924270$spuninstspuninst.exe»
Security Update for Windows XP (KB924496)—>»C:WINDOWS$NtUninstallKB924496$spuninstspuninst.exe»
Security Update for Windows XP (KB924667)—>»C:WINDOWS$NtUninstallKB924667$spuninstspuninst.exe»
Security Update for Windows XP (KB925902)—>»C:WINDOWS$NtUninstallKB925902$spuninstspuninst.exe»
Security Update for Windows XP (KB926255)—>»C:WINDOWS$NtUninstallKB926255$spuninstspuninst.exe»
Security Update for Windows XP (KB926436)—>»C:WINDOWS$NtUninstallKB926436$spuninstspuninst.exe»
Security Update for Windows XP (KB927779)—>»C:WINDOWS$NtUninstallKB927779$spuninstspuninst.exe»
Security Update for Windows XP (KB927802)—>»C:WINDOWS$NtUninstallKB927802$spuninstspuninst.exe»
Security Update for Windows XP (KB928255)—>»C:WINDOWS$NtUninstallKB928255$spuninstspuninst.exe»
Security Update for Windows XP (KB928843)—>»C:WINDOWS$NtUninstallKB928843$spuninstspuninst.exe»
Security Update for Windows XP (KB929123)—>»C:WINDOWS$NtUninstallKB929123$spuninstspuninst.exe»
Security Update for Windows XP (KB930178)—>»C:WINDOWS$NtUninstallKB930178$spuninstspuninst.exe»
Security Update for Windows XP (KB931261)—>»C:WINDOWS$NtUninstallKB931261$spuninstspuninst.exe»
Security Update for Windows XP (KB931784)—>»C:WINDOWS$NtUninstallKB931784$spuninstspuninst.exe»
Security Update for Windows XP (KB932168)—>»C:WINDOWS$NtUninstallKB932168$spuninstspuninst.exe»
Security Update for Windows XP (KB933729)—>»C:WINDOWS$NtUninstallKB933729$spuninstspuninst.exe»
Security Update for Windows XP (KB935839)—>»C:WINDOWS$NtUninstallKB935839$spuninstspuninst.exe»
Security Update for Windows XP (KB935840)—>»C:WINDOWS$NtUninstallKB935840$spuninstspuninst.exe»
Security Update for Windows XP (KB936021)—>»C:WINDOWS$NtUninstallKB936021$spuninstspuninst.exe»
Security Update for Windows XP (KB937894)—>»C:WINDOWS$NtUninstallKB937894$spuninstspuninst.exe»
Security Update for Windows XP (KB938127)—>»C:WINDOWS$NtUninstallKB938127$spuninstspuninst.exe»
Security Update for Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Security Update for Windows XP (KB938829)—>»C:WINDOWS$NtUninstallKB938829$spuninstspuninst.exe»
Security Update for Windows XP (KB939653)—>»C:WINDOWS$NtUninstallKB939653$spuninstspuninst.exe»
Security Update for Windows XP (KB941202)—>»C:WINDOWS$NtUninstallKB941202$spuninstspuninst.exe»
Security Update for Windows XP (KB941568)—>»C:WINDOWS$NtUninstallKB941568$spuninstspuninst.exe»
Security Update for Windows XP (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Security Update for Windows XP (KB941644)—>»C:WINDOWS$NtUninstallKB941644$spuninstspuninst.exe»
Security Update for Windows XP (KB942615)—>»C:WINDOWS$NtUninstallKB942615$spuninstspuninst.exe»
Security Update for Windows XP (KB943055)—>»C:WINDOWS$NtUninstallKB943055$spuninstspuninst.exe»
Security Update for Windows XP (KB943460)—>»C:WINDOWS$NtUninstallKB943460$spuninstspuninst.exe»
Security Update for Windows XP (KB943485)—>»C:WINDOWS$NtUninstallKB943485$spuninstspuninst.exe»
Security Update for Windows XP (KB944338)—>»C:WINDOWS$NtUninstallKB944338$spuninstspuninst.exe»
Security Update for Windows XP (KB944533)—>»C:WINDOWS$NtUninstallKB944533$spuninstspuninst.exe»
Security Update for Windows XP (KB944653)—>»C:WINDOWS$NtUninstallKB944653$spuninstspuninst.exe»
Security Update for Windows XP (KB945553)—>»C:WINDOWS$NtUninstallKB945553$spuninstspuninst.exe»
Security Update for Windows XP (KB946026)—>»C:WINDOWS$NtUninstallKB946026$spuninstspuninst.exe»
Security Update for Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Security Update for Windows XP (KB948881)—>»C:WINDOWS$NtUninstallKB948881$spuninstspuninst.exe»
Security Update for Windows XP (KB950749)—>»C:WINDOWS$NtUninstallKB950749$spuninstspuninst.exe»
Security Update for Windows XP (KB950759)—>»C:WINDOWS$NtUninstallKB950759$spuninstspuninst.exe»
Security Update for Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Security Update for Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Security Update for Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Security Update for Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Security Update for Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Security Update for Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Security Update for Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Security Update for Windows XP (KB953838)—>»C:WINDOWS$NtUninstallKB953838$spuninstspuninst.exe»
Security Update for Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
Security Update for Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Security Update for Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Security Update for Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Security Update for Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Security Update for Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Security Update for Windows XP (KB958215)—>»C:WINDOWS$NtUninstallKB958215$spuninstspuninst.exe»
Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Security Update for Windows XP (KB960714)—>»C:WINDOWS$NtUninstallKB960714$spuninstspuninst.exe»
Synaptics Pointing Device Driver—>rundll32.exe «C:Program FilesSynapticsSynTPSynISDLL.dll»,standAloneUninstall
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Texas Instruments PCIxx21/x515/xx12 drivers.—>C:Program FilesInstallShield Installation Information{DB780B85-B4B5-4864-A49C-9B706B169C93}setup.exe -runfromtemp -l0x0409
TOSHIBA Software Modem—>Tosmreg -U
Total Commander (Remove or Repair)—>C:Program Filestotalcmdtcuninst.exe
Update for Windows XP (KB900485)—>»C:WINDOWS$NtUninstallKB900485$spuninstspuninst.exe»
Update for Windows XP (KB910437)—>»C:WINDOWS$NtUninstallKB910437$spuninstspuninst.exe»
Update for Windows XP (KB911280)—>»C:WINDOWS$NtUninstallKB911280$spuninstspuninst.exe»
Update for Windows XP (KB916595)—>»C:WINDOWS$NtUninstallKB916595$spuninstspuninst.exe»
Update for Windows XP (KB920872)—>»C:WINDOWS$NtUninstallKB920872$spuninstspuninst.exe»
Update for Windows XP (KB922582)—>»C:WINDOWS$NtUninstallKB922582$spuninstspuninst.exe»
Update for Windows XP (KB927891)—>»C:WINDOWS$NtUninstallKB927891$spuninstspuninst.exe»
Update for Windows XP (KB930916)—>»C:WINDOWS$NtUninstallKB930916$spuninstspuninst.exe»
Update for Windows XP (KB933360)—>»C:WINDOWS$NtUninstallKB933360$spuninstspuninst.exe»
Update for Windows XP (KB936357)—>»C:WINDOWS$NtUninstallKB936357$spuninstspuninst.exe»
Update for Windows XP (KB938828)—>»C:WINDOWS$NtUninstallKB938828$spuninstspuninst.exe»
Update for Windows XP (KB942763)—>»C:WINDOWS$NtUninstallKB942763$spuninstspuninst.exe»
Update for Windows XP (KB942840)—>»C:WINDOWS$NtUninstallKB942840$spuninstspuninst.exe»
Update for Windows XP (KB946627)—>»C:WINDOWS$NtUninstallKB946627$spuninstspuninst.exe»
Update for Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Update for Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Windows Driver Package — Intel (NETw4x32) net (04/30/2007 11.1.1.11)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997DPInst32.EXE /u C:WINDOWSsystem32DRVSTOREnetw4x32_B8E7181C5675973E1CF9EA17CB3EB24902DDC2D9netw4x32.inf
Windows Driver Package — Intel (w29n51) net (04/04/2007 9.0.4.36)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997DPInst32.EXE /u C:WINDOWSsystem32DRVSTOREw29n51_02092897E25039DF89C96EBB4841ACF0590117AEw29n51.inf
Windows Driver Package — Intel net (04/30/2007 11.1.1.11)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997DPInst32.EXE /u C:WINDOWSsystem32DRVSTOREnetw4k32_322EBC0DF0BD0D017FD344D7D1F0EC0A0F5AB45Anetw4k32.inf
Windows Driver Package — Intel net (04/30/2007 11.1.1.11)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997DPInst32.EXE /u C:WINDOWSsystem32DRVSTOREnetw4x64_3FDB2100688236429B1308C609051803854732B5netw4x64.inf
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Player 10—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Windows XP Hotfix — KB887472—>C:WINDOWS$NtUninstallKB887472$spuninstspuninst.exeSystem event log
Computer Name: KOMP
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.Record Number: 892
Source Name: Service Control Manager
Time Written: 20071107150301.000000+120
Event Type: information
User: NT AUTHORITYSYSTEMComputer Name: KOMP
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.Record Number: 891
Source Name: Service Control Manager
Time Written: 20071107150140.000000+120
Event Type: information
User:Computer Name: KOMP
Event Code: 4202
Message: The system detected that network adapter Intel(R) Wireless WiFi Link 4965AGN was disconnected from the network,
and the adapter’s network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.Record Number: 890
Source Name: Tcpip
Time Written: 20071107150123.000000+120
Event Type: information
User:Computer Name: KOMP
Event Code: 7036
Message: The service entered the Intel(R) Wireless WiFi Link 4965AGN state.Record Number: 889
Source Name: NETw4x32
Time Written: 20071107150118.000000+120
Event Type: information
User:Computer Name: KOMP
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.Record Number: 888
Source Name: Service Control Manager
Time Written: 20071107131707.000000+120
Event Type: information
User:Application event log
Computer Name: KOMP
Event Code: 4104
Message: The Microsoft Distributed Transaction Coordinator service was successfully installed.
Record Number: 5
Source Name: MSDTC
Time Written: 20071018084538.000000+180
Event Type: information
User:Computer Name: KOMP
Event Code: 1000
Message: Performance counters for the MSDTC (MSDTC) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.Record Number: 4
Source Name: LoadPerf
Time Written: 20071018084534.000000+180
Event Type: information
User:Computer Name: KOMP
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.Record Number: 3
Source Name: LoadPerf
Time Written: 20071018084531.000000+180
Event Type: information
User:Computer Name: KOMP
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.Record Number: 2
Source Name: LoadPerf
Time Written: 20071018084415.000000+180
Event Type: information
User:Computer Name: KOMP
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.Record Number: 1
Source Name: LoadPerf
Time Written: 20071018084343.000000+180
Event Type: information
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 14 Stepping 12, GenuineIntel
«PROCESSOR_REVISION»=0e0c
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
да, иногда при загрузке Windows выскакивает окошко с примерно следующим содержанием:
System shut down.
This system is shutting down. Please save all work in progress and log off.
The shut down was initiate by NT AUTHORITYSYSTEM
и таймер с отсчётом 50 секунд. После чего следует перезагрузка системы. Но так происходит не всегда.Продолжим лечение.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите программу и в большое поле ввода (заголовок этого поля выделено желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:services
nicsk32
EverestDriver
:reg
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"C:WINDOWSsystem32userinit.exe"=-
:files
C:WINDOWSsystem32mmmenqen.dll
C:WINDOWSsystem32mmmayiay.dll
C:WINDOWSsystem32wincreate.exe
C:WINDOWSsystem32mmmgqjgq.dll
C:WINDOWSsystem32mmmbajba.dll
C:WINDOWSsystem32mmmfwhfw.dll
C:WINDOWSsystem32mmmjytjy.dll
C:WINDOWSsystem32mmmbyhby.dll
C:WINDOWSsystem32mmmptgpt.dll
C:WINDOWSsystem32mmmnoxno.dll
C:WINDOWSsystem32mmmhtvht.dll
C:WINDOWSsystem32mmmzdlzd.dll
C:WINDOWSsystem32mmmltwlt.dll
C:WINDOWSsystem32digeste.dll
C:WINDOWSsystem32mmmtatta.dll
C:WINDOWSsystem32mmmtfntf.dll
C:WINDOWSsystem32mmmsjfsj.dll
C:WINDOWSsystem32shell31.dll
C:Documents and SettingsAll UsersApplication Datapdalib.dll
C:WINDOWSsystem32driversnicsk32.sys
C:WINDOWSsystem32crypts.dll
:Commands
[emptytemp]
[start explorer]
[Reboot]Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог, вставьте его в ваш ответ.
Кроме этого к вашему ответу приложите свежий RSIT лог.в процессе выполнения программа выдала окошко о нелегальности операции (не сообразил переписать сообщение 😥 )… после этого с экрана исчезли все иконки, кроме окна программы, которая эээ… перестала подавать признаки активности… нажав exit и «запустив» desktop получил новое окошко: Windows cannot find ‘/idlist,:0:1668,C:Documents’. Make shure you typed the name correctly, and then try again. To search for a file, click the Start… (лог выведен не был, комп не перезагружался)
попробовал снова (чтобы переписать сообщение об ошибке), но на этот раз ошибок не было… (в первый раз, не закрывал окна explorer’a, может дело в этом… 🙄 ) после перезагрузки выбросилось знакомое окошко принудительного завершения работы о котором я говорил выше…
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service nicsk32 .
Unable to stop service EverestDriver .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt\ not found.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders\»SecurityProviders»|»msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll» /E : value set successfully!
Registry value HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist\C:WINDOWSsystem32userinit.exe not found.
========== FILES ==========
File/Folder C:WINDOWSsystem32mmmenqen.dll not found.
File/Folder C:WINDOWSsystem32mmmayiay.dll not found.
File/Folder C:WINDOWSsystem32wincreate.exe not found.
File/Folder C:WINDOWSsystem32mmmgqjgq.dll not found.
File/Folder C:WINDOWSsystem32mmmbajba.dll not found.
File/Folder C:WINDOWSsystem32mmmfwhfw.dll not found.
File/Folder C:WINDOWSsystem32mmmjytjy.dll not found.
File/Folder C:WINDOWSsystem32mmmbyhby.dll not found.
File/Folder C:WINDOWSsystem32mmmptgpt.dll not found.
File/Folder C:WINDOWSsystem32mmmnoxno.dll not found.
File/Folder C:WINDOWSsystem32mmmhtvht.dll not found.
File/Folder C:WINDOWSsystem32mmmzdlzd.dll not found.
File/Folder C:WINDOWSsystem32mmmltwlt.dll not found.
File/Folder C:WINDOWSsystem32digeste.dll not found.
File/Folder C:WINDOWSsystem32mmmtatta.dll not found.
File/Folder C:WINDOWSsystem32mmmtfntf.dll not found.
File/Folder C:WINDOWSsystem32mmmsjfsj.dll not found.
File/Folder C:WINDOWSsystem32shell31.dll not found.
C:Documents and SettingsAll UsersApplication Datapdalib.dll unregistered successfully.
C:Documents and SettingsAll UsersApplication Datapdalib.dll moved successfully.
File/Folder C:WINDOWSsystem32driversnicsk32.sys not found.
File/Folder C:WINDOWSsystem32crypts.dll not found.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.7.2 log created on 12252008_163549
Files moved on Reboot…
File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.Logfile of random’s system information tool 1.05 (written by random/random)
Run by Satellite at 2008-12-25 16:54:36
Microsoft Windows XP Professional Service Pack 2
System drive C: has 92 GB (80%) free of 114 GB
Total RAM: 1022 MB (71% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:38, on 2008.12.25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32agrsmsvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
C:WINDOWSsystem32WgaTray.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSRTHDCPL.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesltmohLtmoh.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe
C:Program FilesSynapticsSynTPSynToshiba.exe
C:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHid.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosAVRC.exe
C:Program FilesToshibaBluetooth Toshiba StacktosOBEX.exe
C:Program FilesToshibaBluetooth Toshiba StacktosBtProc.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsSatelliteDesktopRSIT.exe
C:Program Filestrend microSatellite.exeR1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.divx.com/divx/divx6/new/en?rcv=1&dist=divxdotcom
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: WormRadar.com IESiteBlocker.NavFilter — {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} — C:Program FilesAVGAVG8avgssie.dll (file missing)
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [syntpenh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [remotecontrol] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Satellite] C:Documents and SettingsSatelliteSatellite.exe /i
O4 — HKCU..Run: [msmsgs] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [ltmoh] C:Program FilesltmohLtmoh.exe
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Bluetooth Manager.lnk = ?
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Agere Modem Call Progress Audio (AgereModemAudio) — Agere Systems — C:WINDOWSsystem32agrsmsvc.exe
O23 — Service: CbEvtSvc — Unknown owner — C:WINDOWSSystem32CbEvtSvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: TOSHIBA Bluetooth Service — TOSHIBA CORPORATION — C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe—
End of file — 4676 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 63136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-05-30 1410344][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}]
AVG Safe Search — C:Program FilesAVGAVG8avgssie.dll [][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-06-28 8466432]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-06-28 81920]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-07-05 16380416]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«syntpenh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2007-07-25 888832]
«remotecontrol»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«Satellite»=C:Documents and SettingsSatelliteSatellite.exe /i []
«msmsgs»=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]
«ltmoh»=C:Program FilesltmohLtmoh.exe [2007-01-09 191552]C:Documents and SettingsAll UsersStart MenuProgramsStartup
Bluetooth Manager.lnk — C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2008-09-05 241704][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2008-12-25 16:10:37 —-D—- C:_OTMoveIt
2008-12-25 11:34:16 —-D—- C:WINDOWSsystem32LogFiles
2008-12-25 11:04:18 —-D—- C:Documents and SettingsAll UsersApplication DataAvg8
2008-12-25 10:45:40 —-D—- C:Program FilesAVG
2008-12-25 00:01:54 —-D—- C:rsit
2008-12-25 00:01:54 —-D—- C:Program Filestrend micro
2008-12-25 00:00:59 —-RASHD—- C:autorun.inf
2008-12-24 22:43:40 —-D—- C:WINDOWSpss
2008-12-24 22:06:57 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2008-12-24 22:06:45 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2008-12-24 22:04:33 —-D—- C:Program FilesCCleaner
2008-12-24 20:56:58 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2008-12-24 20:56:52 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2008-12-24 20:56:44 —-HDC—- C:WINDOWS$NtUninstallKB956391$
2008-12-24 20:56:37 —-HDC—- C:WINDOWS$NtUninstallKB957095$
2008-12-24 20:56:19 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2008-12-24 20:56:08 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2008-12-24 20:55:59 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2008-12-24 20:55:52 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2008-12-24 20:55:46 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2008-12-24 20:55:39 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2008-12-24 20:55:33 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2008-12-24 20:55:25 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2008-12-24 20:55:16 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2008-12-24 20:39:38 —-D—- C:WINDOWSMinidump
2008-12-24 20:26:38 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2008-12-24 20:26:10 —-D—- C:Documents and SettingsSatelliteApplication DataWinRAR
2008-12-24 20:25:43 —-D—- C:Program FilesWinRAR
2008-12-24 16:34:38 —-D—- C:Program FileseMule======List of files/folders modified in the last 1 months======
2008-12-25 16:42:29 —-D—- C:WINDOWSTemp
2008-12-25 16:42:23 —-D—- C:WINDOWS
2008-12-25 16:39:51 —-HD—- C:WINDOWSinf
2008-12-25 16:37:23 —-A—- C:WINDOWSSchedLgU.Txt
2008-12-25 16:10:44 —-D—- C:WINDOWSsystem32
2008-12-25 15:24:09 —-A—- C:WINDOWSNeroDigital.ini
2008-12-25 14:14:14 —-D—- C:WINDOWSsystem32drivers
2008-12-25 14:13:27 —-D—- C:WINDOWSsystem32CatRoot2
2008-12-25 11:13:48 —-SHD—- C:WINDOWSInstaller
2008-12-25 10:47:32 —-RD—- C:Program Files
2008-12-25 10:45:34 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2008-12-25 10:45:33 —-D—- C:WINDOWSWinSxS
2008-12-25 09:14:37 —-D—- C:WINDOWSPrefetch
2008-12-25 02:48:07 —-D—- C:WINDOWSsystem32CatRoot_bak
2008-12-25 02:48:07 —-D—- C:WINDOWSsystem32CatRoot
2008-12-24 23:02:25 —-SH—- C:boot.ini
2008-12-24 23:02:25 —-A—- C:WINDOWSwin.ini
2008-12-24 23:02:25 —-A—- C:WINDOWSsystem.ini
2008-12-24 22:22:46 —-D—- C:Documents and Settings
2008-12-24 22:07:00 —-RSHDC—- C:WINDOWSsystem32dllcache
2008-12-24 22:06:19 —-HD—- C:WINDOWS$hf_mig$
2008-12-24 22:05:00 —-D—- C:WINDOWSDebug
2008-12-24 21:28:32 —-D—- C:WINDOWSsystem32NtmsData
2008-12-24 21:24:02 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2008-12-24 20:56:27 —-D—- C:Program FilesInternet Explorer
2008-12-24 19:35:01 —-D—- C:WINDOWSHelp
2008-12-24 18:41:21 —-D—- C:Program FilesOutlook Express
2008-12-24 18:41:03 —-D—- C:Documents and SettingsSatelliteApplication DataAdobe
2008-12-24 14:40:28 —-SD—- C:Documents and SettingsSatelliteApplication DataMicrosoft
2008-12-23 09:43:58 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-12-12 19:33:23 —-A—- C:WINDOWSsystem32mshtml.dll
2008-12-09 15:24:38 —-A—- C:WINDOWSsystem32MRT.exe======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-03 36096]
R1 Tosrfcom;Bluetooth RFCOMM; C:WINDOWSSystem32Driverstosrfcom.sys [2005-08-01 64896]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2006-11-28 1161888]
R3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-04 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-23 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-07-18 4547584]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-23 12160]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:WINDOWSsystem32DRIVERSNETw4x32.sys [2007-04-30 2206976]
R3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-04 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-06-28 6807328]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2004-08-03 67584]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2007-07-25 209312]
R3 tifm21;tifm21; C:WINDOWSsystem32driverstifm21.sys [2007-01-24 290304]
R3 tosporte;Bluetooth COM Port; C:WINDOWSsystem32DRIVERStosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:WINDOWSsystem32DRIVERStosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:WINDOWSSystem32Driverstosrfbnp.sys [2006-11-20 36480]
R3 tosrfec;Bluetooth ACPI; C:WINDOWSsystem32DRIVERStosrfec.sys [2006-10-23 9216]
R3 Tosrfhid;Bluetooth RFHID; C:WINDOWSsystem32DRIVERSTosrfhid.sys [2007-03-01 73728]
R3 tosrfusb;Bluetooth USB Controller; C:WINDOWSsystem32DRIVERStosrfusb.sys [2007-04-24 41856]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 usbvideo;USB Video Device (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2004-08-04 78464]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-07-21 82432]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 tosrfnds;Bluetooth Personal Area Network; C:WINDOWSsystem32DRIVERStosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:WINDOWSsystem32driverstosrfsnd.sys [2007-01-22 53376]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:WINDOWSsystem32agrsmsvc.exe [2006-10-05 9216]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-06-28 155716]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe [2007-02-25 125048]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Лог выглядит нормально.
Как поживает компьютер и окно с принудительным завершением работы выскакивает ?к сожалению, да… вообще, по-моему, вся эта канитель либо из-за конфликта оборудования, что вряд ли возможно так как установленные при сборке компоненты не менялись… либо программного обеспечения… дело в том, что сразу же после появления баннера, я попытался установить KIS 2009… до этого момента стоял AVG Free Edition, который KIS предложил удалить… и вроде бы всё шло хорошо, но после перезагрузки KIS не смог активировать защиту, похоже какая-то системная программа, которыми нашпигован этот ноутбук (кстати говоря, казённый… поэтому я не могу снести систему и поставить всё заново… мне дали его на ограниченное время, а тут такое, ужас… 😮 ) мешает активации защиты… я вообще удивляюсь сколько в нём всякой ерунды, которая только мешает, и о предназначении которой я могу только догадываться… (например постоянно выскакивает предупреждение от какой-то майкрософтской утилиты, именуемой Microsoft Genuine Advantage, которую я раньше в жизни не встречал… 😕 ) удалять из автозапуска что-либо боязно, как бы не сделать хуже…
примерно после удаления KIS и стала выскакивать эта злосчастная табличка… поначалу я особо не волновался т.к. думал что если исправить реестр проблема будет решена… а теперь… ужас, даже думать не хочется…
ещё, (возможно это бред) заметил, что при установке AVG обратно, вроде бы система «успокаивается», но это не было проверено временем, т.к. ни Hijackthis ни RSIT не хотят работать с AVG, и сейчас на компе просто пустота вместо анти-вируса…
словом, как Вы думаете, можно что-нибудь ещё предпринять для устранения этой проблемы..?из мелочей: пропал звук во flash плеере (при просмотре видео с youtube, например), и explorer иногда выбрасывает «Internet Explorer cannot open the Internet site ‘адресс сайта’ operation aborted». Но это действительно мелочи, которые не так бросаются в глаза…
ещё одна из explorer’а: «The instruction at «0x7c900659» referenced memory at «0x0279400». The memory could not be «read». Click on OK to terminate the program. Click on CANCEL to debug the program.»
в любом случае, огромное спасибо за оказываемую помощь!
я вообще с удивлением наблюдаю за Вашей работой на этом форуме… в наше время, когда тебе «бесплатно даже морду не набьют», когда постоянно то и дело сталкиваешься с человеческим безразличием и равнодушием, так удивительно было набрести на этот оазис содействия, участия и, что самое главное, стремления помочь всем без исключения… это просто невероятно! 🙂Глянул ваш последний лог ещё раз, и нашёл ещё кое-что требуещее удаления.
Запустите HijackThis, кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки:O23 - Service: CbEvtSvc - Unknown owner - C:WINDOWSSystem32CbEvtSvc.exeКликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.В свой ответ включите свежий RSIT лог.
т.к. ни Hijackthis ни RSIT не хотят работать с AVG
В смысле не хотят ?
я вообще с удивлением наблюдаю за Вашей работой на этом форуме… в наше время, когда тебе «бесплатно даже морду не набьют», когда постоянно то и дело сталкиваешься с человеческим безразличием и равнодушием, так удивительно было набрести на этот оазис содействия, участия и, что самое главное, стремления помочь всем без исключения… это просто невероятно!
Дык стараюсь помочь, к сожалению времени маловато, по этому остальные разделы форума простаивают.
- Для ответа в этой теме необходимо авторизоваться.
