- This topic has 11 ответов, 2 участника, and was last updated 15 years, 11 months назад by
.
-
Сообщения
-
Здравствуйте, Валерий!
Посмотрите, пожалуйста. 🙂info.txt logfile of random’s system information tool 1.06 2009-05-08 08:04:02
======Uninstall list======
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ACDSee 8—>MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027}
Adobe Acrobat 5.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.isu» -c»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.dll»
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 6.0.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
ATI — Software Uninstall Utility—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Catalyst Control Center—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe» -l0x3233
ATI Control Panel—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe»
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Back2Life—>V:Total Commander XPAddOnBack2LifeBack2Life.exe /uninstall
bTV Professional 2.0—>»C:WINDOWSbuninst.exe» C:Program FilesBorg SoftwarebTV ProfessionalbTV Professional.log
Canon Camera Access Library—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonCALUninst.ini»
Canon Camera Support Core Library—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonCSCLIBUninst.ini»
Canon G.726 WMP-Decoder—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonG726DecoderG726DecUnInstall.ini»
CANON iMAGE GATEWAY Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramCRWUnInstall.ini»
Canon Internet Library for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramCIGUnInstall.ini»
Canon MovieEdit Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramMVWUninst.ini»
Canon RAW Image Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonRAW Image TaskUninst.ini»
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDVCUninst.ini»
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDVC6Uninst.ini»
Canon Utilities CameraWindow DC—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDCUninst.ini»
Canon Utilities CameraWindow—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowLauncherUninst.ini»
Canon Utilities EOS Utility—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonEOS UtilityUninst.ini»
Canon Utilities MyCamera DC—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonCameraWindowMyCameraDCUninst.ini»
Canon Utilities MyCamera—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonCameraWindowMyCameraUninst.ini»
Canon Utilities PhotoStitch—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonPhotoStitchUninst.ini»
Canon Utilities RemoteCapture Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonCameraWindowRemoteCaptureTask DCUninst.ini»
Canon Utilities ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramUninst.ini»
Canon ZoomBrowser EX Memory Card Utility—>»C:Program FilesCommon FilesCanonUIW1.4.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EX MCUUninst.ini»
Conexant USB Network Adapter—>C:Program FilesConexantConexant USB NetworkCnxUnist.exe -w7 ConexantConexant USB Network
Corel Applications—>C:WINDOWSCorelUninstal.exe
Critical Update for Windows Media Player 11 (KB959772)—>»C:WINDOWS$NtUninstallKB959772_WM11$spuninstspuninst.exe»
Direct MIDI to MP3 Converter, версия 5.0.1.20—>»C:Program FilesDirect MIDI to MP3 Converterunins000.exe»
ESET NOD32 Antivirus—>MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
Free Games Offer, Desktop Shortcut—>MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)—>»C:WINDOWSie7updatesKB947864-IE7spuninstspuninst.exe»
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows Media Player 11 (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Hotfix for Windows XP (KB914440)—>»C:WINDOWS$NtUninstallKB914440$spuninstspuninst.exe»
Hotfix for Windows XP (KB915865)—>»C:WINDOWS$NtUninstallKB915865$spuninstspuninst.exe»
Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
HP Customer Participation Program 7.0—>D:Program FilesHPDigital ImagingExtCapUninstallhpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0—>D:Program FilesHPDigital ImagingDeviceManagementhpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software (rus)—>D:Program FilesHPDigital Imaging{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}setuphpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Photosmart Essential—>MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update—>MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0—>D:Program FilesHPDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat
ICQ6—>C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 11—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Jigs@w Puzzle—>C:WINDOWStbuninst2.exe C:Program FilesJigs@w Puzzledezo.usc
K-Lite Mega Codec Pack 1.38—>»C:Program FilesK-Lite Codec Packunins000.exe»
Kyodai—>»C:Program FilesKyodaiunins000.exe»
Logitech MouseWare 9.79.1 —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5809E7CF-4DCF-11D4-9875-00105ACE7734}Setup.exe» -l0x9 -l0009 UNINSTALL
Macromedia Flash Player 8—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFswflash.inf,DefaultUninstall,5
Macromedia Shockwave Player—>C:WINDOWSsystem32MACROMEDSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MACROMEDSHOCKW~1Install.log
Microsoft .NET Framework 1.1 Hotfix (KB928366)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motherboard Monitor 5—>»C:Program FilesMotherboard Monitor 5unins000.exe»
MP3 Player Utilities—>MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MUSTEK 1200 USB PLUS v2.1a—>C:WINDOWStwain_321200US~1UNINST.EXE
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NevoSoft 4 Elements (remove only)—>»C:Program FilesИгры от NevoSoft4 Elementsuninstall.exe»
NevoSoft Cassandra Journey (remove only)—>»C:Игры от NevoSoftCassandra Journeyuninstall.exe»
NevoSoft Hidden Art (remove only)—>»C:Игры от NevoSoftHidden Artuninstall.exe»
NevoSoft Hidden Secrets (remove only)—>»C:Program FilesИгрыHidden Secretsuninstall.exe»
NevoSoft Lara Johns (remove only)—>»C:Игры от NevoSoftLara Johnsuninstall.exe»
NevoSoft Lara Johns 2 (remove only)—>»C:Program FilesAlawar.ruLara Johns 2uninstall.exe»
NevoSoft Secrets Of Town N 2 (remove only)—>»C:Program FilesИгры от NevoSoftSecrets Of Town N 2uninstall.exe»
NevoSoft Time Machine (remove only)—>»C:Program FilesИгры от NevoSoftTime Machineuninstall.exe»
NevoSoft Treasure Seekers (remove only)—>»C:Program FilesИгры от NevoSoftTreasure Seekersuninstall.exe»
Nokia Connectivity Cable Driver—>MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia PC Connectivity Solution—>MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite—>MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
On2 VP3 Video for Windows Codec—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{CF59708F-60F4-11D5-866A-00A0D2183227}Setup.exe» -l0x9
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
PCLink for GSM Ver.1.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F3BF93D3-25E7-11D6-B496-0050BF282FBC}SETUP.EXE» -l0x9
PCLinq2 Hi-Speed USB Bridge Cable—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{95381165-5D16-4CD4-9162-57799A3F3AB5}Setup.exe» -l0x9
‘Rappelz’—>»C:Program FilesNikitaRappelzunins000.exe»
RivaTuner v2.05—>»C:Program FilesRivaTuner v2.05uninstall.exe»
Security Update for Windows Internet Explorer 7 (KB938127)—>»C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB939653)—>»C:WINDOWSie7updatesKB939653-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB942615)—>»C:WINDOWSie7updatesKB942615-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB944533)—>»C:WINDOWSie7updatesKB944533-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB960714)—>»C:WINDOWSie7updatesKB960714-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB961260)—>»C:WINDOWSie7updatesKB961260-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB963027)—>»C:WINDOWSie7updatesKB963027-IE7spuninstspuninst.exe»
Security Update for Windows Media Player (KB911564)—>»C:WINDOWS$NtUninstallKB911564$spuninstspuninst.exe»
Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB911565)—>»C:WINDOWS$NtUninstallKB911565$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP10$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Security Update for Windows Media Player 6.4 (KB925398)—>»C:WINDOWS$NtUninstallKB925398_WMP64$spuninstspuninst.exe»
Security Update for Windows XP (KB890046)—>»C:WINDOWS$NtUninstallKB890046$spuninstspuninst.exe»
Security Update for Windows XP (KB893066)—>»C:WINDOWS$NtUninstallKB893066$spuninstspuninst.exe»
Security Update for Windows XP (KB893756)—>»C:WINDOWS$NtUninstallKB893756$spuninstspuninst.exe»
Security Update for Windows XP (KB896358)—>»C:WINDOWS$NtUninstallKB896358$spuninstspuninst.exe»
Security Update for Windows XP (KB896422)—>»C:WINDOWS$NtUninstallKB896422$spuninstspuninst.exe»
Security Update for Windows XP (KB896423)—>»C:WINDOWS$NtUninstallKB896423$spuninstspuninst.exe»
Security Update for Windows XP (KB896424)—>»C:WINDOWS$NtUninstallKB896424$spuninstspuninst.exe»
Security Update for Windows XP (KB896428)—>»C:WINDOWS$NtUninstallKB896428$spuninstspuninst.exe»
Security Update for Windows XP (KB896688)—>»C:WINDOWS$NtUninstallKB896688$spuninstspuninst.exe»
Security Update for Windows XP (KB899587)—>»C:WINDOWS$NtUninstallKB899587$spuninstspuninst.exe»
Security Update for Windows XP (KB899589)—>»C:WINDOWS$NtUninstallKB899589$spuninstspuninst.exe»
Security Update for Windows XP (KB899591)—>»C:WINDOWS$NtUninstallKB899591$spuninstspuninst.exe»
Security Update for Windows XP (KB900725)—>»C:WINDOWS$NtUninstallKB900725$spuninstspuninst.exe»
Security Update for Windows XP (KB901017)—>»C:WINDOWS$NtUninstallKB901017$spuninstspuninst.exe»
Security Update for Windows XP (KB901214)—>»C:WINDOWS$NtUninstallKB901214$spuninstspuninst.exe»
Security Update for Windows XP (KB902400)—>»C:WINDOWS$NtUninstallKB902400$spuninstspuninst.exe»
Security Update for Windows XP (KB904706)—>»C:WINDOWS$NtUninstallKB904706$spuninstspuninst.exe»
Security Update for Windows XP (KB905414)—>»C:WINDOWS$NtUninstallKB905414$spuninstspuninst.exe»
Security Update for Windows XP (KB905749)—>»C:WINDOWS$NtUninstallKB905749$spuninstspuninst.exe»
Security Update for Windows XP (KB905915)—>»C:WINDOWS$NtUninstallKB905915$spuninstspuninst.exe»
Security Update for Windows XP (KB908519)—>»C:WINDOWS$NtUninstallKB908519$spuninstspuninst.exe»
Security Update for Windows XP (KB908531)—>»C:WINDOWS$NtUninstallKB908531$spuninstspuninst.exe»
Security Update for Windows XP (KB911562)—>»C:WINDOWS$NtUninstallKB911562$spuninstspuninst.exe»
Security Update for Windows XP (KB911567)—>»C:WINDOWS$NtUninstallKB911567$spuninstspuninst.exe»
Security Update for Windows XP (KB911927)—>»C:WINDOWS$NtUninstallKB911927$spuninstspuninst.exe»
Security Update for Windows XP (KB912812)—>»C:WINDOWS$NtUninstallKB912812$spuninstspuninst.exe»
Security Update for Windows XP (KB912919)—>»C:WINDOWS$NtUninstallKB912919$spuninstspuninst.exe»
Security Update for Windows XP (KB913446)—>»C:WINDOWS$NtUninstallKB913446$spuninstspuninst.exe»
Security Update for Windows XP (KB913580)—>»C:WINDOWS$NtUninstallKB913580$spuninstspuninst.exe»
Security Update for Windows XP (KB914388)—>»C:WINDOWS$NtUninstallKB914388$spuninstspuninst.exe»
Security Update for Windows XP (KB914389)—>»C:WINDOWS$NtUninstallKB914389$spuninstspuninst.exe»
Security Update for Windows XP (KB917344)—>»C:WINDOWS$NtUninstallKB917344$spuninstspuninst.exe»
Security Update for Windows XP (KB917953)—>»C:WINDOWS$NtUninstallKB917953$spuninstspuninst.exe»
Security Update for Windows XP (KB918118)—>»C:WINDOWS$NtUninstallKB918118$spuninstspuninst.exe»
Security Update for Windows XP (KB918439)—>»C:WINDOWS$NtUninstallKB918439$spuninstspuninst.exe»
Security Update for Windows XP (KB919007)—>»C:WINDOWS$NtUninstallKB919007$spuninstspuninst.exe»
Security Update for Windows XP (KB920213)—>»C:WINDOWS$NtUninstallKB920213$spuninstspuninst.exe»
Security Update for Windows XP (KB920670)—>»C:WINDOWS$NtUninstallKB920670$spuninstspuninst.exe»
Security Update for Windows XP (KB920683)—>»C:WINDOWS$NtUninstallKB920683$spuninstspuninst.exe»
Security Update for Windows XP (KB920685)—>»C:WINDOWS$NtUninstallKB920685$spuninstspuninst.exe»
Security Update for Windows XP (KB921503)—>»C:WINDOWS$NtUninstallKB921503$spuninstspuninst.exe»
Security Update for Windows XP (KB922819)—>»C:WINDOWS$NtUninstallKB922819$spuninstspuninst.exe»
Security Update for Windows XP (KB923191)—>»C:WINDOWS$NtUninstallKB923191$spuninstspuninst.exe»
Security Update for Windows XP (KB923414)—>»C:WINDOWS$NtUninstallKB923414$spuninstspuninst.exe»
Security Update for Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Security Update for Windows XP (KB923689)—>»C:WINDOWS$NtUninstallKB923689$spuninstspuninst.exe»
Security Update for Windows XP (KB923980)—>»C:WINDOWS$NtUninstallKB923980$spuninstspuninst.exe»
Security Update for Windows XP (KB924270)—>»C:WINDOWS$NtUninstallKB924270$spuninstspuninst.exe»
Security Update for Windows XP (KB924496)—>»C:WINDOWS$NtUninstallKB924496$spuninstspuninst.exe»
Security Update for Windows XP (KB924667)—>»C:WINDOWS$NtUninstallKB924667$spuninstspuninst.exe»
Security Update for Windows XP (KB925902)—>»C:WINDOWS$NtUninstallKB925902$spuninstspuninst.exe»
Security Update for Windows XP (KB926255)—>»C:WINDOWS$NtUninstallKB926255$spuninstspuninst.exe»
Security Update for Windows XP (KB926436)—>»C:WINDOWS$NtUninstallKB926436$spuninstspuninst.exe»
Security Update for Windows XP (KB927779)—>»C:WINDOWS$NtUninstallKB927779$spuninstspuninst.exe»
Security Update for Windows XP (KB927802)—>»C:WINDOWS$NtUninstallKB927802$spuninstspuninst.exe»
Security Update for Windows XP (KB928255)—>»C:WINDOWS$NtUninstallKB928255$spuninstspuninst.exe»
Security Update for Windows XP (KB928843)—>»C:WINDOWS$NtUninstallKB928843$spuninstspuninst.exe»
Security Update for Windows XP (KB929123)—>»C:WINDOWS$NtUninstallKB929123$spuninstspuninst.exe»
Security Update for Windows XP (KB930178)—>»C:WINDOWS$NtUninstallKB930178$spuninstspuninst.exe»
Security Update for Windows XP (KB931261)—>»C:WINDOWS$NtUninstallKB931261$spuninstspuninst.exe»
Security Update for Windows XP (KB931784)—>»C:WINDOWS$NtUninstallKB931784$spuninstspuninst.exe»
Security Update for Windows XP (KB932168)—>»C:WINDOWS$NtUninstallKB932168$spuninstspuninst.exe»
Security Update for Windows XP (KB933729)—>»C:WINDOWS$NtUninstallKB933729$spuninstspuninst.exe»
Security Update for Windows XP (KB935839)—>»C:WINDOWS$NtUninstallKB935839$spuninstspuninst.exe»
Security Update for Windows XP (KB935840)—>»C:WINDOWS$NtUninstallKB935840$spuninstspuninst.exe»
Security Update for Windows XP (KB936021)—>»C:WINDOWS$NtUninstallKB936021$spuninstspuninst.exe»
Security Update for Windows XP (KB937143)—>»C:WINDOWS$NtUninstallKB937143$spuninstspuninst.exe»
Security Update for Windows XP (KB937894)—>»C:WINDOWS$NtUninstallKB937894$spuninstspuninst.exe»
Security Update for Windows XP (KB938127)—>»C:WINDOWS$NtUninstallKB938127$spuninstspuninst.exe»
Security Update for Windows XP (KB938464-v2)—>»C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB938829)—>»C:WINDOWS$NtUninstallKB938829$spuninstspuninst.exe»
Security Update for Windows XP (KB939653)—>»C:WINDOWS$NtUninstallKB939653$spuninstspuninst.exe»
Security Update for Windows XP (KB941202)—>»C:WINDOWS$NtUninstallKB941202$spuninstspuninst.exe»
Security Update for Windows XP (KB941568)—>»C:WINDOWS$NtUninstallKB941568$spuninstspuninst.exe»
Security Update for Windows XP (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Security Update for Windows XP (KB941644)—>»C:WINDOWS$NtUninstallKB941644$spuninstspuninst.exe»
Security Update for Windows XP (KB941693)—>»C:WINDOWS$NtUninstallKB941693$spuninstspuninst.exe»
Security Update for Windows XP (KB943055)—>»C:WINDOWS$NtUninstallKB943055$spuninstspuninst.exe»
Security Update for Windows XP (KB943460)—>»C:WINDOWS$NtUninstallKB943460$spuninstspuninst.exe»
Security Update for Windows XP (KB943485)—>»C:WINDOWS$NtUninstallKB943485$spuninstspuninst.exe»
Security Update for Windows XP (KB944653)—>»C:WINDOWS$NtUninstallKB944653$spuninstspuninst.exe»
Security Update for Windows XP (KB945553)—>»C:WINDOWS$NtUninstallKB945553$spuninstspuninst.exe»
Security Update for Windows XP (KB946026)—>»C:WINDOWS$NtUninstallKB946026$spuninstspuninst.exe»
Security Update for Windows XP (KB948590)—>»C:WINDOWS$NtUninstallKB948590$spuninstspuninst.exe»
Security Update for Windows XP (KB948881)—>»C:WINDOWS$NtUninstallKB948881$spuninstspuninst.exe»
Security Update for Windows XP (KB950749)—>»C:WINDOWS$NtUninstallKB950749$spuninstspuninst.exe»
Security Update for Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Security Update for Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Security Update for Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Security Update for Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Security Update for Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Security Update for Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Security Update for Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Security Update for Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Security Update for Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
Security Update for Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Security Update for Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Security Update for Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Security Update for Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Security Update for Windows XP (KB961373)—>»C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe»
SmsTool 1.03—>C:Program FilesSmsToolUninstall.exe
Spybot — Search & Destroy 1.4 RC2b—>»C:Program FilesSpybot — Search & Destroyunins000.exe»
The Playa—>»C:Program FilesThe Playauninstall.exe»
Total Commander (Remove or Repair)—>c:totalcmdtcuninst.exe
Total Commander 6.51 eXtended Pack—>»C:Program FilesTotal Commander XPunins000.exe»
Total Commander 7.01 Final—>»C:totalcmdunins000.exe»
TuneUp Utilities 2008—>MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Windows XP (KB894391)—>»C:WINDOWS$NtUninstallKB894391$spuninstspuninst.exe»
Update for Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
Update for Windows XP (KB900485)—>»C:WINDOWS$NtUninstallKB900485$spuninstspuninst.exe»
Update for Windows XP (KB904942)—>»C:WINDOWS$NtUninstallKB904942$spuninstspuninst.exe»
Update for Windows XP (KB910437)—>»C:WINDOWS$NtUninstallKB910437$spuninstspuninst.exe»
Update for Windows XP (KB911280)—>»C:WINDOWS$NtUninstallKB911280$spuninstspuninst.exe»
Update for Windows XP (KB916595)—>»C:WINDOWS$NtUninstallKB916595$spuninstspuninst.exe»
Update for Windows XP (KB920872)—>»C:WINDOWS$NtUninstallKB920872$spuninstspuninst.exe»
Update for Windows XP (KB922582)—>»C:WINDOWS$NtUninstallKB922582$spuninstspuninst.exe»
Update for Windows XP (KB927891)—>»C:WINDOWS$NtUninstallKB927891$spuninstspuninst.exe»
Update for Windows XP (KB930916)—>»C:WINDOWS$NtUninstallKB930916$spuninstspuninst.exe»
Update for Windows XP (KB931836)—>»C:WINDOWS$NtUninstallKB931836$spuninstspuninst.exe»
Update for Windows XP (KB932823-v3)—>»C:WINDOWS$NtUninstallKB932823-v3$spuninstspuninst.exe»
Update for Windows XP (KB933360)—>»C:WINDOWS$NtUninstallKB933360$spuninstspuninst.exe»
Update for Windows XP (KB938828)—>»C:WINDOWS$NtUninstallKB938828$spuninstspuninst.exe»
Update for Windows XP (KB942763)—>»C:WINDOWS$NtUninstallKB942763$spuninstspuninst.exe»
Update for Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Update for Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
VIA Audio Driver Setup Program—>RunDll32.exe UnAudioNT.dll,UninstallAudio C:WINDOWSIsUninst.exe -f»C:PROGRA~1VIATEC~1VIAAUD~1/Uninst.isu»
VIA Platform Device Manager—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter—>Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Driver Package — Nokia Modem (06/12/2006 6.81.0.21)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_62A340731F8930057B44B8864F236850B0D49D65nokbtmdm.inf
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Windows Internet Explorer 7—>»C:WINDOWSie7spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows XP Hotfix — KB873339—>C:WINDOWS$NtUninstallKB873339$spuninstspuninst.exe
Windows XP Hotfix — KB885250—>C:WINDOWS$NtUninstallKB885250$spuninstspuninst.exe
Windows XP Hotfix — KB885835—>C:WINDOWS$NtUninstallKB885835$spuninstspuninst.exe
Windows XP Hotfix — KB885836—>C:WINDOWS$NtUninstallKB885836$spuninstspuninst.exe
Windows XP Hotfix — KB886185—>C:WINDOWS$NtUninstallKB886185$spuninstspuninst.exe
Windows XP Hotfix — KB887472—>C:WINDOWS$NtUninstallKB887472$spuninstspuninst.exe
Windows XP Hotfix — KB887742—>C:WINDOWS$NtUninstallKB887742$spuninstspuninst.exe
Windows XP Hotfix — KB888113—>C:WINDOWS$NtUninstallKB888113$spuninstspuninst.exe
Windows XP Hotfix — KB888302—>C:WINDOWS$NtUninstallKB888302$spuninstspuninst.exe
Windows XP Hotfix — KB890859—>»C:WINDOWS$NtUninstallKB890859$spuninstspuninst.exe»
Windows XP Hotfix — KB891781—>C:WINDOWS$NtUninstallKB891781$spuninstspuninst.exe
WinPoET v6.6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9806BFBB-F566-4654-94DE-CB1F85B5CDDD}Setup.exe» -l0x9
World War 2 Sniper—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{DD2FB8D3-9BC8-40A8-A2AE-A63821829E2F}Setup.exe» -l0x19
Zuma Deluxe—>C:Program FilesZuma DeluxeUNWISE.EXE C:Program FilesZuma DeluxeINSTALL.LOG
Арифметико—>C:Program FilesAlawar.ruАрифметикоUninstall.exe
Архиватор WinRAR (только удаление)—>C:Program FilesWinRARuninstall.exe
Большая детская энциклопедия—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6253269E-DB9B-4441-942A-04B10A792031}setup.exe» -l0x19
Гиперболоид II. Лабиринт времени—>C:Program FilesAlawar.ruГиперболоид II. Лабиринт времениuninstal.exe
Гиперболоид—>C:Program FilesAlawar.ruГиперболоидuninstal.exe
Город самоцветов—>C:Program FilesAlawar.ruГород самоцветовUninstall.exe
Древо Жизни—>»C:Program FilesGenery SoftwareDrevouninstall.exe»
Интернет помощник MyCentria—>C:Program FilesMyCentriaMyCentriaUninstall.exe
Искатель. Загадки—>C:Program FilesInstallShield Installation Information{3B5CDBA9-9DEB-42A3-BA06-F5BB33CB6E7B}setup.exe -runfromtemp -l0x0019 -removeonly
Легенды пиратов. Загадка шкатулки—>C:Program FilesAlawar.ruЛегенды пиратов. Загадка шкатулкиUninstall.exe
Маша. Рождественская сказка. Делюкс—>C:Program FilesAlawar.ruМаша. Рождественская сказка. ДелюксUninstall.exe
Мухолов—>C:Program FilesAlawar.ruМухоловUninstall.exe
Натали Брукс. Сокровища затерянного королевства—>C:Program FilesAlawar.ruНатали Брукс. Сокровища затерянного королевстваUninstall.exe
Остров секретов—>C:Program FilesAlawar.ruОстров секретовUninstall.exe
Панель инструментов Webalta 1.0—>»C:Program FilesWebaltaunins000.exe»
Саморост 2. Звезданутое приключение—>C:WINDOWSIsUninstR.Exe -fC:PROGRA~1snowball.ruSAMORO~1DeIsL1.isu -cC:PROGRA~1snowball.ruSAMORO~1SAMORO~1.DLL
Тайны Города N. Часть вторая—>C:Program FilesAlawar.ruТайны Города N. Часть втораяUninstall.exe
Терминал резервирования товаров—>C:Program FilesUtkonosuninstall.exe======Security center information======
AV: ESET NOD32 Antivirus 3.0 (outdated)
======System event log======
Computer Name: PC
Event Code: 7035
Message: The WrKPoET2000 service was successfully sent a start control.Record Number: 114177
Source Name: Service Control Manager
Time Written: 20090212191406.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: PC
Event Code: 7036
Message: The Terminal Services service entered the running state.Record Number: 114176
Source Name: Service Control Manager
Time Written: 20090212191406.000000+180
Event Type: информация
User:Computer Name: PC
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.Record Number: 114175
Source Name: Service Control Manager
Time Written: 20090212191406.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: PC
Event Code: 7036
Message: The Telephony service entered the running state.Record Number: 114174
Source Name: Service Control Manager
Time Written: 20090212191406.000000+180
Event Type: информация
User:Computer Name: PC
Event Code: 7035
Message: The Terminal Services service was successfully sent a start control.Record Number: 114173
Source Name: Service Control Manager
Time Written: 20090212191406.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM=====Application event log=====
Computer Name: PC
Event Code: 1000
Message: Info: WR thread 1 is opened..Record Number: 7212
Source Name: WrRT
Time Written: 20081219213750.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: PC
Event Code: 1000
Message: Info: SOFTWAREiVasionWinPPPoverEthernetPoESymbolicDriverName.Record Number: 7211
Source Name: PPPOE
Time Written: 20081219213749.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: PC
Event Code: 1000
Message: Info: WrKPoET2000.Record Number: 7210
Source Name: PPPOE
Time Written: 20081219213746.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: PC
Event Code: 1000
Message: Info: Opening Module instance PoE..Record Number: 7209
Source Name: WrRT
Time Written: 20081219213746.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: PC
Event Code: 1000
Message: Info: Opening Module instance Mac Frames Manager..Record Number: 7208
Source Name: WrRT
Time Written: 20081219213746.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI.ACECore-Static;C:Program FilesATI TechnologiesATI Control Panel
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 4 Stepping 4, AuthenticAMD
«PROCESSOR_REVISION»=0404
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Administrator at 2009-05-16 22:56:25
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (7%) free of 24 GB
Total RAM: 255 MB (44% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:38, on 16.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWinPoET Broadband ConnectionWrOS.EXE
C:Program FilesCanonCALCALMAIN.exe
C:WINDOWSLogi_MwX.Exe
C:Program FilesMotherboard Monitor 5MBM5.EXE
C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:Игры от NevoSoftNevoDRMrun.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32WgaTray.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdministratorDesktopRSIT.exe
C:Program Filestrend microAdministrator.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fifasoccer.ru/
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: (no name) — {53707962-6F74-2D53-2644-206D7942484F} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — (no file)
O3 — Toolbar: &Webalta toolbar — {D4C56A33-3488-495B-8033-9BF834E276D8} — C:PROGRA~1WebaltaWEBALT~1.DLL
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 — HKLM..Run: [MBM 5] «C:Program FilesMotherboard Monitor 5MBM5.EXE»
O4 — HKLM..Run: [a-winpoet-service] «C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe»
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ATIPTA] «C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe»
O4 — HKLM..Run: [RivaTunerStartupDaemon] «C:Program FilesRivaTuner v2.05RivaTuner.exe» /S
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [NevoDRM] «C:Игры от NevoSoftNevoDRMNevoDRM.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [TuneUp MemOptimizer] «C:Program FilesTuneUp Utilities 2008MemOptimizer.exe» autostart
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Webalta — Добавить в Анти-Баннер — C:Program FilesWebaltaextentionsWebalta_antiban.htm
O9 — Extra button: (no name) — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — (no file)
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187443552770
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) — http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231750358_6c1c95acfc17396c43e03c6aff63745f&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 — Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem01.exe
O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software GmbH — C:WINDOWSSystem32TuneUpDefragService.exe
O23 — Service: Webalta Controller (WebaltaController) — Unknown owner — C:Program FilesWebaltaWebaltaUpdaterService.exe
O23 — Service: WinPPPoverEthernet — iVasion, a Routerware Company — C:Program FilesWinPoET Broadband ConnectionWrOS.EXE—
End of file — 7405 bytes======Scheduled tasks folder======
C:WINDOWStasks1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-04-16 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
C:Program FilesSpybot — Search & DestroySDHelper.dll [2005-04-27 853672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-01-12 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-01-12 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-01-12 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — []
{D4C56A33-3488-495B-8033-9BF834E276D8} — &Webalta toolbar — C:PROGRA~1WebaltaWEBALT~1.DLL [2009-02-06 1690626][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-10-22 7700480]
«nwiz»=nwiz.exe /install []
«Logitech Utility»=C:WINDOWSLogi_MwX.Exe [2003-12-17 19968]
«MBM 5″=C:Program FilesMotherboard Monitor 5MBM5.EXE [2004-06-12 594944]
«a-winpoet-service»=C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe [2003-05-29 299008]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-10-22 86016]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-11-22 344064]
«RivaTunerStartupDaemon»=C:Program FilesRivaTuner v2.05RivaTuner.exe [2007-09-27 2633728]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2006-11-10 90112]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-01-12 136600]
«NevoDRM»=C:Игры от NevoSoftNevoDRMNevoDRM.exe [2008-12-11 41984][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«TuneUp MemOptimizer»=C:Program FilesTuneUp Utilities 2008MemOptimizer.exe [2007-12-24 198912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-09-29 122880][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-04-10 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«MaxRecentDocs»=2
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesTotal Commander XPTOTALCMD.EXE»=»C:Program FilesTotal Commander XPTOTALCMD.EXE:*:Enabled:TOTALCMD»
«C:Program FilesEA SPORTSFIFA 06fifa06.exe»=»C:Program FilesEA SPORTSFIFA 06fifa06.exe:*:Enabled:fifa06»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesDownload MasterDMASTER.EXE»=»C:Program FilesDownload MasterDMASTER.EXE:*:Enabled:Download Master»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-05-15 09:49:46 —-RASHD—- C:autorun.inf
2009-05-09 15:26:42 —-SHD—- C:FOUND.007
2009-05-08 08:03:40 —-D—- C:Program Filestrend micro
2009-05-08 08:03:37 —-D—- C:rsit
2009-04-20 21:36:06 —-HD—- C:WINDOWS$NtUninstallKB959426$
2009-04-20 21:35:57 —-HD—- C:WINDOWS$NtUninstallKB961373$
2009-04-20 21:31:37 —-HD—- C:WINDOWS$NtUninstallKB956572$
2009-04-20 21:31:13 —-HD—- C:WINDOWS$NtUninstallKB952004$
2009-04-20 21:31:03 —-HD—- C:WINDOWS$NtUninstallKB960803$
2009-04-20 21:30:33 —-HD—- C:WINDOWS$NtUninstallKB923561$
2009-04-20 20:00:14 —-D—- C:Program FilesCommon FilesINCA Shared
2009-04-20 19:08:29 —-D—- C:Program FilesNikita======List of files/folders modified in the last 1 months======
2009-05-16 20:15:20 —-A—- C:WINDOWSWinPoET_Runtime.txt
2009-05-16 10:45:58 —-A—- C:WINDOWSwin.ini
2009-05-16 10:45:58 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-07 11:16:30 —-A—- C:WINDOWSsystem32MRT.exe
2009-04-21 22:08:14 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-04-20 21:36:02 —-A—- C:WINDOWSimsins.BAK======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 mbmiodrvr;mbmiodrvr; ??C:WINDOWSsystem32mbmiodrvr.sys []
R2 Atmuni;ATM Call Manager; C:WINDOWSsystem32DRIVERSatmuni.sys [2001-08-23 352256]
R2 bDriver;bDriver; C:WINDOWSSystem32driversbDriver.sys [2005-10-24 8105]
R2 BT848;bt848 tweaked WDM Video Capture; C:WINDOWSsystem32driversBT848.sys [2002-07-16 85231]
R2 BTTUNER;bt848 tweaked WDM TvTuner; C:WINDOWSsystem32driversBTTUNER.sys [2001-10-08 9187]
R2 BTXBAR;bt848 tweaked TV WDM Crossbar; C:WINDOWSsystem32driversBTXBAR.sys [2001-10-08 8193]
R2 Rawwan;RAW WAN Driver; C:WINDOWSsystem32DRIVERSrawwan.sys [2001-08-23 34432]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver; C:WINDOWSsystem32DRIVERSWrKPoET2000.sys [2003-05-22 53334]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-09-29 2456064]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2005-08-08 43008]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 ParadigmVScanner;MUSTEK 1200 USB PLUS Still Image Device Service; C:WINDOWSsystem32driversusbscan.sys [2004-08-03 15104]
R3 RivaTuner32;RivaTuner32; ??C:Program FilesRivaTuner v2.05RivaTuner32.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VIAudio;VIA AC’97 Audio Controller (WDM); C:WINDOWSsystem32driversviaudios.sys [2003-02-26 370048]
R3 WrKPoET2000;WrKPoET2000; ??C:Program FilesWinPoET Broadband ConnectionWrKPoET2000.sys []
R3 WRSWanDD;iVasion PoET Adapter; C:WINDOWSsystem32DRIVERSWrKPoETNic2000.sys [2002-10-28 65604]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S1 prodrv03;Star Force copy protection driver v3; ??C:WINDOWSsystem32driversprodrv03.sys []
S2 enampdat;SpeedStream DSL AMP Protocol Driver for Windows 2000; C:WINDOWSsystem32DRIVERSenampdat.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 CnxTrUsb;Conexant USB Network Interface Device Driver; C:WINDOWSsystem32DRIVERSCnxTrUsb.sys [2004-05-26 54720]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys [2007-04-15 223128]
S3 EfntRfc1483;Efficient Networks RFC 1483 Intermediate Driver; C:WINDOWSsystem32DRIVERSefnt1483.sys []
S3 EfntRfc1483MP;Efficient Networks RFC 1483 Virtual Miniport; C:WINDOWSsystem32DRIVERSefnt1483.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 gtermddo;gtermddo; ??C:DOCUME~1userLOCALS~1Tempgtermddo.sys []
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:WINDOWSsystem32DRIVERSL8042pr2.Sys [2003-12-17 51729]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:WINDOWSsystem32DRIVERSLMouFlt2.Sys [2003-12-17 70801]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:WINDOWSsystem32DRIVERSNMnt.sys [2004-08-03 40320]
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-05-29 13312]
S3 NTSIM;NTSIM; ??C:WINDOWSsystem32ntsim.sys []
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-10-22 3994624]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver; C:WINDOWSSystem32Driversusbbc2.sys [2003-05-07 8960]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; ??C:WINDOWSsystem32DRIVERSTVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:WINDOWSsystem32DRIVERSxusb21.sys [2007-08-28 55808]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-09-29 483328]
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2007-01-31 96370]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-01-12 152984]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-03 69632]
R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2004-08-03 14336]
R2 WinPPPoverEthernet;WinPPPoverEthernet; C:Program FilesWinPoET Broadband ConnectionWrOS.EXE [2003-05-22 94255]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-09-28 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-10-22 159810]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:WINDOWSsystem32sfrem01.exe [2006-07-05 358008]
S2 WebaltaController;Webalta Controller; C:Program FilesWebaltaWebaltaUpdaterService.exe [2009-02-06 97794]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe [2006-06-05 174080]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2008-10-08 306432]
S3 usprserv;User Privilege Service; C:WINDOWSSystem32svchost.exe [2004-08-03 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-03 14336]
EOF
Лог выглядит нормально, за исключением одного сервиса.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:services
usprserv
:Commands
[emptytemp]
[start explorer]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог.
Так же опишите проблемы с этим компьютером.Здравствуйте! 🙂
Проблемы такие:
1. Комп о-о-очень сильно тормозит. После включения надо ждать минут 5-10, что бы начать работать. Зависает. Любые опрерации (включить вин-амп, зайти в интернет, включить или обновить антивирус) делаются очень медленно. Оперативки не много-256, но раньше таких проблем не было.
2. Проверяла одноразовой программой Касперского, нашлось 11 эд-варе рекламных. На следующий день Аваст нашел 21 вирус. Половина эд-варе рекламные, половина трояны. Такое впечатление, что они не удаляются до конца и потом размножаются. 😀 🙄свежий RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Administrator at 2009-05-18 16:26:22
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (36%) free of 24 GB
Total RAM: 255 MB (35% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:54, on 18.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSLogi_MwX.Exe
C:Program FilesMotherboard Monitor 5MBM5.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe
C:Program FilesWinPoET Broadband ConnectionWrOS.EXE
C:Program FilesJavajre6binjusched.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTuneUp Utilities 2008MemOptimizer.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Documents and SettingsAdministratorDesktopRSIT.exe
C:WINDOWSsystem32WgaTray.exe
C:WINDOWSsystem32wuauclt.exe
C:Program Filestrend microAdministrator.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=44290
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=44290
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer provided by Yandex
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: (no name) — {53707962-6F74-2D53-2644-206D7942484F} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — (no file)
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 — HKLM..Run: [MBM 5] «C:Program FilesMotherboard Monitor 5MBM5.EXE»
O4 — HKLM..Run: [a-winpoet-service] «C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe»
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ATIPTA] «C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe»
O4 — HKLM..Run: [RivaTunerStartupDaemon] «C:Program FilesRivaTuner v2.05RivaTuner.exe» /S
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [NevoDRM] «C:Игры от NevoSoftNevoDRMNevoDRM.exe»
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [TuneUp MemOptimizer] «C:Program FilesTuneUp Utilities 2008MemOptimizer.exe» autostart
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Webalta — Добавить в Анти-Баннер — C:Program FilesWebaltaextentionsWebalta_antiban.htm
O9 — Extra button: (no name) — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — (no file)
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187443552770
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) — http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231750358_6c1c95acfc17396c43e03c6aff63745f&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem01.exe
O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software GmbH — C:WINDOWSSystem32TuneUpDefragService.exe
O23 — Service: WinPPPoverEthernet — iVasion, a Routerware Company — C:Program FilesWinPoET Broadband ConnectionWrOS.EXE—
End of file — 7917 bytes======Scheduled tasks folder======
C:WINDOWStasks1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-04-16 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
C:Program FilesSpybot — Search & DestroySDHelper.dll [2005-04-27 853672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-01-12 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-01-12 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-01-12 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — []
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-03-24 3698464][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-10-22 7700480]
«nwiz»=nwiz.exe /install []
«Logitech Utility»=C:WINDOWSLogi_MwX.Exe [2003-12-17 19968]
«MBM 5″=C:Program FilesMotherboard Monitor 5MBM5.EXE [2004-06-12 594944]
«a-winpoet-service»=C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe [2003-05-29 299008]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-10-22 86016]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-11-22 344064]
«RivaTunerStartupDaemon»=C:Program FilesRivaTuner v2.05RivaTuner.exe [2007-09-27 2633728]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2006-11-10 90112]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-01-12 136600]
«NevoDRM»=C:Игры от NevoSoftNevoDRMNevoDRM.exe []
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«TuneUp MemOptimizer»=C:Program FilesTuneUp Utilities 2008MemOptimizer.exe [2007-12-24 198912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-09-29 122880][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-04-10 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«MaxRecentDocs»=2
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesTotal Commander XPTOTALCMD.EXE»=»C:Program FilesTotal Commander XPTOTALCMD.EXE:*:Enabled:TOTALCMD»
«C:Program FilesEA SPORTSFIFA 06fifa06.exe»=»C:Program FilesEA SPORTSFIFA 06fifa06.exe:*:Enabled:fifa06»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesDownload MasterDMASTER.EXE»=»C:Program FilesDownload MasterDMASTER.EXE:*:Enabled:Download Master»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-05-18 16:13:31 —-D—- C:_OTMoveIt
2009-05-17 19:31:17 —-A—- C:WINDOWSsystem32aswBoot.exe
2009-05-17 19:31:08 —-D—- C:Program FilesAlwil Software
2009-05-17 16:11:00 —-D—- C:WINDOWSie8updates
2009-05-17 16:10:05 —-D—- C:Program FilesYandex
2009-05-17 16:10:05 —-D—- C:Documents and SettingsAdministratorApplication DataYandex
2009-05-17 16:10:01 —-HD—- C:WINDOWSmsdownld.tmp
2009-05-17 16:07:51 —-HD—- C:WINDOWSie8
2009-05-17 15:57:28 —-A—- C:Program FilesIE8-Setup-Full-EN-32bit.exe
2009-05-15 09:49:46 —-RASHD—- C:autorun.inf
2009-05-09 15:26:42 —-SHD—- C:FOUND.007
2009-05-08 08:03:40 —-D—- C:Program Filestrend micro
2009-05-08 08:03:37 —-D—- C:rsit
2009-04-20 21:36:06 —-HD—- C:WINDOWS$NtUninstallKB959426$
2009-04-20 21:35:57 —-HD—- C:WINDOWS$NtUninstallKB961373$
2009-04-20 21:31:37 —-HD—- C:WINDOWS$NtUninstallKB956572$
2009-04-20 21:31:13 —-HD—- C:WINDOWS$NtUninstallKB952004$
2009-04-20 21:31:03 —-HD—- C:WINDOWS$NtUninstallKB960803$
2009-04-20 21:30:33 —-HD—- C:WINDOWS$NtUninstallKB923561$
2009-04-20 20:00:14 —-D—- C:Program FilesCommon FilesINCA Shared======List of files/folders modified in the last 1 months======
2009-05-18 16:22:46 —-A—- C:WINDOWSWinPoET_Runtime.txt
2009-05-18 16:20:22 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-18 16:20:20 —-A—- C:WINDOWSwin.ini
2009-05-17 16:09:58 —-A—- C:WINDOWSimsins.BAK
2009-05-07 11:16:30 —-A—- C:WINDOWSsystem32MRT.exe
2009-04-21 22:08:14 —-A—- C:WINDOWSsystem32PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 mbmiodrvr;mbmiodrvr; ??C:WINDOWSsystem32mbmiodrvr.sys []
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R2 Atmuni;ATM Call Manager; C:WINDOWSsystem32DRIVERSatmuni.sys [2001-08-23 352256]
R2 BT848;bt848 tweaked WDM Video Capture; C:WINDOWSsystem32driversBT848.sys [2002-07-16 85231]
R2 BTTUNER;bt848 tweaked WDM TvTuner; C:WINDOWSsystem32driversBTTUNER.sys [2001-10-08 9187]
R2 BTXBAR;bt848 tweaked TV WDM Crossbar; C:WINDOWSsystem32driversBTXBAR.sys [2001-10-08 8193]
R2 Rawwan;RAW WAN Driver; C:WINDOWSsystem32DRIVERSrawwan.sys [2001-08-23 34432]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver; C:WINDOWSsystem32DRIVERSWrKPoET2000.sys [2003-05-22 53334]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-09-29 2456064]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2005-08-08 43008]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 ParadigmVScanner;MUSTEK 1200 USB PLUS Still Image Device Service; C:WINDOWSsystem32driversusbscan.sys [2004-08-03 15104]
R3 RivaTuner32;RivaTuner32; ??C:Program FilesRivaTuner v2.05RivaTuner32.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VIAudio;VIA AC’97 Audio Controller (WDM); C:WINDOWSsystem32driversviaudios.sys [2003-02-26 370048]
R3 WrKPoET2000;WrKPoET2000; ??C:Program FilesWinPoET Broadband ConnectionWrKPoET2000.sys []
R3 WRSWanDD;iVasion PoET Adapter; C:WINDOWSsystem32DRIVERSWrKPoETNic2000.sys [2002-10-28 65604]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S1 prodrv03;Star Force copy protection driver v3; ??C:WINDOWSsystem32driversprodrv03.sys []
S2 enampdat;SpeedStream DSL AMP Protocol Driver for Windows 2000; C:WINDOWSsystem32DRIVERSenampdat.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 CnxTrUsb;Conexant USB Network Interface Device Driver; C:WINDOWSsystem32DRIVERSCnxTrUsb.sys [2004-05-26 54720]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys [2007-04-15 223128]
S3 EfntRfc1483;Efficient Networks RFC 1483 Intermediate Driver; C:WINDOWSsystem32DRIVERSefnt1483.sys []
S3 EfntRfc1483MP;Efficient Networks RFC 1483 Virtual Miniport; C:WINDOWSsystem32DRIVERSefnt1483.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 gtermddo;gtermddo; ??C:DOCUME~1userLOCALS~1Tempgtermddo.sys []
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:WINDOWSsystem32DRIVERSL8042pr2.Sys [2003-12-17 51729]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:WINDOWSsystem32DRIVERSLMouFlt2.Sys [2003-12-17 70801]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:WINDOWSsystem32DRIVERSNMnt.sys [2004-08-03 40320]
S3 NTSIM;NTSIM; ??C:WINDOWSsystem32ntsim.sys []
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-10-22 3994624]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver; C:WINDOWSSystem32Driversusbbc2.sys [2003-05-07 8960]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; ??C:WINDOWSsystem32DRIVERSTVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:WINDOWSsystem32DRIVERSxusb21.sys [2007-08-28 55808]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-09-29 483328]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-01-12 152984]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-03 69632]
R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2004-08-03 14336]
R2 WinPPPoverEthernet;WinPPPoverEthernet; C:Program FilesWinPoET Broadband ConnectionWrOS.EXE [2003-05-22 94255]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-09-28 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-10-22 159810]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:WINDOWSsystem32sfrem01.exe [2006-07-05 358008]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2008-10-08 306432]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-03 14336]
EOF
OTMoveIt лог:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========ServiceDriver usprserv deleted successfully.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTempHistoryHistory.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTempCookiesindex.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTempTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempPerflib_Perfdata_52c.dat scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempPerflib_Perfdata_110.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 05182009_161331
Files moved on Reboot…
C:WINDOWStempPerflib_Perfdata_52c.dat moved successfully.
File C:WINDOWStempPerflib_Perfdata_110.dat not found!Сделаем ещё одну проверку.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
Здравствуйте, Валерий! 🙂
Вот лог:
ComboFix 09-05-21.03 — Administrator 22.05.2009 15:23.1 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.255.70 [GMT 4:00]
Running from: c:documents and settingsAdministratorDesktopComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090521-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
C:install.exe
C:SETUP.BAT
C:setup.exe
C:start.bat
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.2009-05-18 18:50 . 2009-05-18 18:50
d-sh—w c:windowssystem32configsystemprofileIETldCache
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32scripting
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowsl2schemas
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32en
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32bits
2009-05-18 18:32 . 2009-05-18 18:32
d
w c:windowsServicePackFiles
2009-05-18 12:13 . 2009-05-18 12:13
d
w C:_OTMoveIt
2009-05-17 15:31 . 2009-02-05 20:06 51376 —-a-w c:windowssystem32driversaswTdi.sys
2009-05-17 15:31 . 2009-02-05 20:06 23152 —-a-w c:windowssystem32driversaswRdr.sys
2009-05-17 15:31 . 2009-02-05 20:05 26944 —-a-w c:windowssystem32driversaavmker4.sys
2009-05-17 15:31 . 2009-02-05 20:04 97480 —-a-w c:windowssystem32AvastSS.scr
2009-05-17 15:31 . 2009-02-05 20:07 114768 —-a-w c:windowssystem32driversaswSP.sys
2009-05-17 15:31 . 2009-02-05 20:07 20560 —-a-w c:windowssystem32driversaswFsBlk.sys
2009-05-17 15:31 . 2009-02-05 20:08 93296 —-a-w c:windowssystem32driversaswmon.sys
2009-05-17 15:31 . 2009-02-05 20:08 94032 —-a-w c:windowssystem32driversaswmon2.sys
2009-05-17 15:31 . 2009-02-05 20:11 1256296 —-a-w c:windowssystem32aswBoot.exe
2009-05-17 15:31 . 2009-05-17 15:31
d
w c:program filesAlwil Software
2009-05-17 12:18 . 2009-05-17 12:18
d-sh—w c:documents and settingsAdministratorPrivacIE
2009-05-17 12:13 . 2009-05-17 12:13
d-sh—w c:documents and settingsAdministratorIETldCache
2009-05-17 12:11 . 2009-05-17 12:11
d
w c:windowsie8updates
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:program filesYandex
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:documents and settingsAdministratorLocal SettingsApplication DataYandex
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:documents and settingsAdministratorApplication DataYandex
2009-05-17 12:10 . 2009-05-17 12:10
d—h—w c:windowsmsdownld.tmp
2009-05-17 12:07 . 2009-05-17 12:07
d—h—w c:windowsie8
2009-05-17 12:05 . 2009-04-25 05:30 102400
w c:windowssystem32dllcacheiecompat.dll
2009-05-17 11:57 . 2009-05-17 11:57 18611464 —-a-w c:program filesIE8-Setup-Full-EN-32bit.exe
2009-05-15 09:54 . 2009-05-15 16:52 32 —sha-w c:windowssystem32driversfidbox.dat
2009-05-09 11:26 . 2009-05-09 11:26
d-sh—w C:FOUND.007
2009-05-08 04:03 . 2009-05-08 04:03
d
w c:program filestrend micro
2009-05-08 04:03 . 2009-05-08 04:03
d
w C:rsit.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 05:35 . 2007-10-21 12:54 34096 —-a-w c:documents and settingsAdministratorLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-18 18:49 . 2006-04-30 13:13 96384 —-a-w c:windowssystem32driverssptd2653.sys
2009-05-18 18:40 . 2005-10-23 17:48 166455 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-05-15 16:52 . 2009-05-15 09:54 32 —sha-w c:windowssystem32driversfidbox.idx
2009-04-20 16:00 . 2009-04-20 16:00
d
w c:program filesCommon FilesINCA Shared
2009-03-08 00:34 . 2004-08-03 16:56 914944 —-a-w c:windowssystem32wininet.dll
2009-03-08 00:34 . 2004-08-03 16:56 43008 —-a-w c:windowssystem32licmgr10.dll
2009-03-08 00:33 . 2004-08-03 16:56 18944 —-a-w c:windowssystem32corpol.dll
2009-03-08 00:33 . 2004-08-03 16:56 420352 —-a-w c:windowssystem32vbscript.dll
2009-03-08 00:32 . 2004-08-03 16:56 72704 —-a-w c:windowssystem32admparse.dll
2009-03-08 00:32 . 2004-08-03 16:56 71680 —-a-w c:windowssystem32iesetup.dll
2009-03-08 00:31 . 2004-08-03 16:56 34816 —-a-w c:windowssystem32imgutil.dll
2009-03-08 00:31 . 2004-08-03 16:56 48128 —-a-w c:windowssystem32mshtmler.dll
2009-03-08 00:31 . 2004-08-03 16:56 45568 —-a-w c:windowssystem32mshta.exe
2009-03-08 00:22 . 2001-08-23 08:00 156160 —-a-w c:windowssystem32msls31.dll
2009-03-06 14:22 . 2004-08-03 16:56 284160 —-a-w c:windowssystem32pdh.dll
2008-11-27 12:09 . 2008-11-24 05:01 299704 —-a-w c:program filesMoneyTracker_1.0.exe
2008-04-07 09:05 . 2008-04-07 09:05 331235 —-a-w c:program filescreditcalc20.zip
2007-09-09 17:40 . 2007-09-09 17:40 18466224 —-a-w c:program filesMagicTeaRus_4.exe
2007-09-09 17:38 . 2007-09-09 17:38 8968104 —-a-w c:program filesSnowyIslandsRus_4.exe
2007-09-08 15:59 . 2007-09-08 15:59 15288336 —-a-w c:program filesPeggleSetup-eni.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«TuneUp MemOptimizer»=»c:program filesTuneUp Utilities 2008MemOptimizer.exe» [2007-12-24 198912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-10-22 7700480]
«MBM 5″=»c:program filesMotherboard Monitor 5MBM5.EXE» [2004-06-12 594944]
«a-winpoet-service»=»c:program filesWinPoET Broadband Connectionwinpppoverethernet.exe» [2003-05-29 299008]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-10-22 86016]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2005-11-22 344064]
«RivaTunerStartupDaemon»=»c:program filesRivaTuner v2.05RivaTuner.exe» [2007-09-27 2633728]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2006-11-10 90112]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-01-12 136600]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-10-22 1622016]
«Logitech Utility»=»Logi_MwX.Exe» — c:windowsLOGI_MWX.EXE [2003-12-17 19968][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«MaxRecentDocs»= 2 (0x2)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 15:46 63352]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [17.05.2009 19:31 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [17.05.2009 19:31 20560]
R2 BT848;bt848 tweaked WDM Video Capture;c:windowssystem32driversBT848.sys [31.12.2001 15:21 85231]
R2 BTTUNER;bt848 tweaked WDM TvTuner;c:windowssystem32driversbttuner.sys [31.12.2001 15:21 9187]
R2 BTXBAR;bt848 tweaked TV WDM Crossbar;c:windowssystem32driversbtxbar.sys [31.12.2001 15:21 8193]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:windowssystem32driversWrKPoET2000.sys [04.01.2006 21:19 53334]
R3 ParadigmVScanner;MUSTEK 1200 USB PLUS Still Image Device Service;c:windowssystem32driversUsbScan.sys [29.10.2005 15:27 15104]
R3 WrKPoET2000;WrKPoET2000;c:program filesWinPoET Broadband ConnectionWrKPoET2000.sys [04.01.2006 21:19 53334]
R3 WRSWanDD;iVasion PoET Adapter;c:windowssystem32driversWrKPoETNic2000.sys [04.01.2006 21:19 65604]
S1 prodrv03;Star Force copy protection driver v3;??c:windowssystem32driversprodrv03.sys —> c:windowssystem32driversprodrv03.sys [?]
S2 enampdat;SpeedStream DSL AMP Protocol Driver for Windows 2000;c:windowssystem32DRIVERSenampdat.sys —> c:windowssystem32DRIVERSenampdat.sys [?]
S3 EfntRfc1483;Efficient Networks RFC 1483 Intermediate Driver;c:windowssystem32DRIVERSefnt1483.sys —> c:windowssystem32DRIVERSefnt1483.sys [?]
S3 EfntRfc1483MP;Efficient Networks RFC 1483 Virtual Miniport;c:windowssystem32DRIVERSefnt1483.sys —> c:windowssystem32DRIVERSefnt1483.sys [?]
S3 gtermddo;gtermddo;??c:docume~1userLOCALS~1Tempgtermddo.sys —> c:docume~1userLOCALS~1Tempgtermddo.sys [?]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:windowssystem32driversusbbc2.sys [23.10.2005 23:21 8960]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-05-15 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2008OneClick.exe [2007-12-21 05:13]
.
— — — — ORPHANS REMOVED — — — —HKLM-Run-NevoDRM — c:игры от nevosoftNevoDRMNevoDRM.exe
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=44290
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Webalta — Добавить в Анти-Баннер — c:program filesWebaltaextentionsWebalta_antiban.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 15:27
Windows 5.1.2600 Service Pack 3 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(524)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2009-05-22 15:29
ComboFix-quarantined-files.txt 2009-05-22 11:29Pre-Run: 9 066 446 848 bytes free
Post-Run: 10 591 715 328 bytes freeCurrent=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
161 — E O F — 2009-05-19 06:57Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Driver::
gtermddoЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.Добрый день!
ComboFix 09-05-24.07 — Administrator 25.05.2009 19:07.2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.255.84 [GMT 4:00]
Running from: c:documents and settingsAdministratorDesktopComboFix.exe
Command switches used :: c:documents and settingsAdministratorDesktopCFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090524-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_GTERMDDO
Service_gtermddo((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.2009-05-18 18:50 . 2009-05-18 18:50
d-sh—w c:windowssystem32configsystemprofileIETldCache
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32scripting
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowsl2schemas
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32en
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32bits
2009-05-18 18:32 . 2009-05-18 18:32
d
w c:windowsServicePackFiles
2009-05-17 15:31 . 2009-02-05 20:06 51376 —-a-w c:windowssystem32driversaswTdi.sys
2009-05-17 15:31 . 2009-02-05 20:06 23152 —-a-w c:windowssystem32driversaswRdr.sys
2009-05-17 15:31 . 2009-02-05 20:05 26944 —-a-w c:windowssystem32driversaavmker4.sys
2009-05-17 15:31 . 2009-02-05 20:04 97480 —-a-w c:windowssystem32AvastSS.scr
2009-05-17 15:31 . 2009-02-05 20:07 114768 —-a-w c:windowssystem32driversaswSP.sys
2009-05-17 15:31 . 2009-02-05 20:07 20560 —-a-w c:windowssystem32driversaswFsBlk.sys
2009-05-17 15:31 . 2009-02-05 20:08 93296 —-a-w c:windowssystem32driversaswmon.sys
2009-05-17 15:31 . 2009-02-05 20:08 94032 —-a-w c:windowssystem32driversaswmon2.sys
2009-05-17 15:31 . 2009-02-05 20:11 1256296 —-a-w c:windowssystem32aswBoot.exe
2009-05-17 15:31 . 2009-05-17 15:31
d
w c:program filesAlwil Software
2009-05-17 12:18 . 2009-05-17 12:18
d-sh—w c:documents and settingsAdministratorPrivacIE
2009-05-17 12:13 . 2009-05-17 12:13
d-sh—w c:documents and settingsAdministratorIETldCache
2009-05-17 12:11 . 2009-05-17 12:11
d
w c:windowsie8updates
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:program filesYandex
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:documents and settingsAdministratorLocal SettingsApplication DataYandex
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:documents and settingsAdministratorApplication DataYandex
2009-05-17 12:10 . 2009-05-17 12:10
d—h—w c:windowsmsdownld.tmp
2009-05-17 12:07 . 2009-05-17 12:07
d—h—w c:windowsie8
2009-05-17 12:05 . 2009-04-25 05:30 102400
w c:windowssystem32dllcacheiecompat.dll
2009-05-17 11:57 . 2009-05-17 11:57 18611464 —-a-w c:program filesIE8-Setup-Full-EN-32bit.exe
2009-05-15 09:54 . 2009-05-15 16:52 32 —sha-w c:windowssystem32driversfidbox.dat
2009-05-09 11:26 . 2009-05-09 11:26
d-sh—w C:FOUND.007
2009-05-08 04:03 . 2009-05-08 04:03
d
w c:program filestrend micro.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 05:35 . 2007-10-21 12:54 34096 —-a-w c:documents and settingsAdministratorLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-18 18:49 . 2006-04-30 13:13 96384 —-a-w c:windowssystem32driverssptd2653.sys
2009-05-18 18:40 . 2005-10-23 17:48 166455 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-05-15 16:52 . 2009-05-15 09:54 32 —sha-w c:windowssystem32driversfidbox.idx
2009-04-20 16:00 . 2009-04-20 16:00
d
w c:program filesCommon FilesINCA Shared
2009-03-08 00:34 . 2004-08-03 16:56 914944 —-a-w c:windowssystem32wininet.dll
2009-03-08 00:34 . 2004-08-03 16:56 43008 —-a-w c:windowssystem32licmgr10.dll
2009-03-08 00:33 . 2004-08-03 16:56 18944 —-a-w c:windowssystem32corpol.dll
2009-03-08 00:33 . 2004-08-03 16:56 420352 —-a-w c:windowssystem32vbscript.dll
2009-03-08 00:32 . 2004-08-03 16:56 72704 —-a-w c:windowssystem32admparse.dll
2009-03-08 00:32 . 2004-08-03 16:56 71680 —-a-w c:windowssystem32iesetup.dll
2009-03-08 00:31 . 2004-08-03 16:56 34816 —-a-w c:windowssystem32imgutil.dll
2009-03-08 00:31 . 2004-08-03 16:56 48128 —-a-w c:windowssystem32mshtmler.dll
2009-03-08 00:31 . 2004-08-03 16:56 45568 —-a-w c:windowssystem32mshta.exe
2009-03-08 00:22 . 2001-08-23 08:00 156160 —-a-w c:windowssystem32msls31.dll
2009-03-06 14:22 . 2004-08-03 16:56 284160 —-a-w c:windowssystem32pdh.dll
2008-11-27 12:09 . 2008-11-24 05:01 299704 —-a-w c:program filesMoneyTracker_1.0.exe
2008-04-07 09:05 . 2008-04-07 09:05 331235 —-a-w c:program filescreditcalc20.zip
2007-09-09 17:40 . 2007-09-09 17:40 18466224 —-a-w c:program filesMagicTeaRus_4.exe
2007-09-09 17:38 . 2007-09-09 17:38 8968104 —-a-w c:program filesSnowyIslandsRus_4.exe
2007-09-08 15:59 . 2007-09-08 15:59 15288336 —-a-w c:program filesPeggleSetup-eni.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«TuneUp MemOptimizer»=»c:program filesTuneUp Utilities 2008MemOptimizer.exe» [2007-12-24 198912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-10-22 7700480]
«MBM 5″=»c:program filesMotherboard Monitor 5MBM5.EXE» [2004-06-12 594944]
«a-winpoet-service»=»c:program filesWinPoET Broadband Connectionwinpppoverethernet.exe» [2003-05-29 299008]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-10-22 86016]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2005-11-22 344064]
«RivaTunerStartupDaemon»=»c:program filesRivaTuner v2.05RivaTuner.exe» [2007-09-27 2633728]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2006-11-10 90112]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-01-12 136600]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-10-22 1622016]
«Logitech Utility»=»Logi_MwX.Exe» — c:windowsLOGI_MWX.EXE [2003-12-17 19968][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«MaxRecentDocs»= 2 (0x2)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 15:46 63352]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [17.05.2009 19:31 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [17.05.2009 19:31 20560]
R2 BT848;bt848 tweaked WDM Video Capture;c:windowssystem32driversBT848.sys [31.12.2001 15:21 85231]
R2 BTTUNER;bt848 tweaked WDM TvTuner;c:windowssystem32driversbttuner.sys [31.12.2001 15:21 9187]
R2 BTXBAR;bt848 tweaked TV WDM Crossbar;c:windowssystem32driversbtxbar.sys [31.12.2001 15:21 8193]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:windowssystem32driversWrKPoET2000.sys [04.01.2006 21:19 53334]
R3 ParadigmVScanner;MUSTEK 1200 USB PLUS Still Image Device Service;c:windowssystem32driversUsbScan.sys [29.10.2005 15:27 15104]
R3 WrKPoET2000;WrKPoET2000;c:program filesWinPoET Broadband ConnectionWrKPoET2000.sys [04.01.2006 21:19 53334]
R3 WRSWanDD;iVasion PoET Adapter;c:windowssystem32driversWrKPoETNic2000.sys [04.01.2006 21:19 65604]
S1 prodrv03;Star Force copy protection driver v3;??c:windowssystem32driversprodrv03.sys —> c:windowssystem32driversprodrv03.sys [?]
S2 enampdat;SpeedStream DSL AMP Protocol Driver for Windows 2000;c:windowssystem32DRIVERSenampdat.sys —> c:windowssystem32DRIVERSenampdat.sys [?]
S3 EfntRfc1483;Efficient Networks RFC 1483 Intermediate Driver;c:windowssystem32DRIVERSefnt1483.sys —> c:windowssystem32DRIVERSefnt1483.sys [?]
S3 EfntRfc1483MP;Efficient Networks RFC 1483 Virtual Miniport;c:windowssystem32DRIVERSefnt1483.sys —> c:windowssystem32DRIVERSefnt1483.sys [?]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:windowssystem32driversusbbc2.sys [23.10.2005 23:21 8960]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-05-22 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2008OneClick.exe [2007-12-21 05:13]
.
— — — — ORPHANS REMOVED — — — —SafeBoot-procexp90.Sys
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=44290
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Webalta — Добавить в Анти-Баннер — c:program filesWebaltaextentionsWebalta_antiban.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 19:14
Windows 5.1.2600 Service Pack 3 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(472)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘explorer.exe'(2804)
c:windowssystem32ieframe.dll
c:windowssystem32OneX.DLL
c:windowssystem32eappprxy.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowsSYSTEM32ATI2EVXX.EXE
c:program filesALWIL SOFTWAREAVAST4ASWUPDSV.EXE
c:windowsSYSTEM32ATI2EVXX.EXE
c:program filesALWIL SOFTWAREAVAST4ASHSERV.EXE
c:program filesJavajre6binjqs.exe
c:windowssystem32HPZipm12.exe
c:program filesWinPoET Broadband ConnectionWrOS.EXE
c:windowssystem32WgaTray.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-25 19:24 — machine was rebooted
ComboFix2.txt 2009-05-22 11:29
ComboFix-quarantined-files.txt 2009-05-25 15:24Pre-Run: 11 787 911 168 bytes free
Post-Run: 11 689 181 184 bytes freeCurrent=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
181 — E O F — 2009-05-19 06:57Здравствуйте, Валерий!
Все работает хорошо! Спасибо большое за внимание, участие и помощь! 😀Несколько завершающих действий.
1. Обновите ваши программы.
Обновите Java, у вас устаревшая версия. Прочитайте эту инструкцию: Как обновить Java.Зайдите на сайт update.microsoft.com и обновите Windows.
2. Удалите все программы, которые вы использовали в процессе лечения, в случае необходимости, вы всегда сможете скачать их заново. Удаление их необходимо по-причине того, что они содержат компоненты, которые вирусы и трояны могут использовать в плохих целях.
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.
Запустите программу OTMoveIT3. Кликните по кнопке CleanUp. Если появится запрос на перезагрузку компьютера, то кликните Да/Yes.
Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.3. Создайте новую точку восстановления и удалите все старые.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
4. И несколько дополнительных советов.
Большинство троянов и вирусов разработаны для поражения Internet Explorer`а, поэтому рекомендую установить и использовать Оперу или Firefox.
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
