- This topic has 28 ответов, 3 участника, and was last updated 14 years, 9 months назад by
.
-
Сообщения
-
Добрый вечер!
выкладываю лог RSIT:Logfile of random’s system information tool 1.08 (written by random/random)
Run by User at 2010-08-13 21:47:59
Microsoft® Windows Vista™ Home Basic
System drive C: has 233 MB (0%) free of 102 GB
Total RAM: 2046 MB (51% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:48:08, on 13.08.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:Program FilesDellTPadApoint.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesPunto Switcherpunto.exe
C:WindowsSystem32rundll32.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesDellTPadApMsgFwd.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesSetPointSetPoint.exe
C:Program FilesDellTPadHidFind.exe
C:Program FilesDellTPadApntex.exe
C:Program FilesCommon FilesLogitechkhalsharedKHALMNPR.EXE
c:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe
C:Program FilesInternet Exploreriexplore.exe
C:UsersUserDesktopRSIT.exe
C:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=eu&l=en&s=gen
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Internet Explorer предоставлен: Dell
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:UsersUserAppDataRoamingMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: (no name) — — shell32.dll (file missing)
F2 — REG:system.ini: UserInit=C:Windowssystem32userinit.exe,C:Windowssystem32f86330d.exe,
O1 — Hosts: ::1 localhost
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:UsersUserAppDataRoamingMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NVHotkey] rundll32.exe C:Windowssystem32nvHotkey.dll,Start
O4 — HKLM..Run: [Apoint] C:Program FilesDellTPadApoint.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKCU..RunOnce: [Shockwave Updater] C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe -Update -1151601 -«Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618)» -«http://lms.universtal.ru/content/pkg61724/resources/resource_33/___run2_2.1.1.htm»
O4 — HKCU..RunOnce: [FlashPlayerUpdate] C:Windowssystem32MacromedFlashFlashUtil10h_ActiveX.exe -update activex
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: Apoint.lnk = C:Program FilesDellTPadApoint.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: Digital Line Detect.lnk = C:Program FilesDigital Line DetectDLG.exe
O4 — Global Startup: QuickSet.lnk = ?
O4 — Global Startup: SetPoint.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O8 — Extra context menu item: Отправить изображение на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: Отправить страницу на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — shell32.dll (file missing)
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 — HKLMSystemCCSServicesTcpip..{967A8621-689C-41DD-BD6B-CDE810FB6AED}: NameServer = 212.1.224.34,212.1.230.111
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: RoxMediaDB9 — Sonic Solutions — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 — Service: Roxio Hard Drive Watcher 9 (RoxWatch9) — Sonic Solutions — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe
O23 — Service: SigmaTel Audio Service (STacSV) — SigmaTel, Inc. — C:Windowssystem32STacSV.exe
O23 — Service: stllssvr — Unknown owner — C:Program FilesCommon FilesSureThing Sharedstllssvr.exe (file missing)
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exe—
End of file — 9248 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2010-06-19 75200][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:UsersUserAppDataRoamingMicrosoftInternet Explorerqipsearchbar.dll [2009-06-17 119808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-04-12 41760][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-12-03 2213160]
«Kernel and Hardware Abstraction Layer»=C:WindowsKHALMNPR.EXE [2007-01-11 101136]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2006-10-03 221184]
«NvSvc»=C:Windowssystem32nvsvc.dll [2007-10-04 86016]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2007-10-04 8497696]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2007-10-04 81920]
«NVHotkey»=C:Windowssystem32nvHotkey.dll [2007-10-04 86016]
«Apoint»=C:Program FilesDellTPadApoint.exe [2007-09-24 159744]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2009-04-09 2029640]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2010-06-20 35760]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2010-06-09 976832][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe [2007-12-13 1688872]
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-16 735016]
«WindowsWelcomeCenter»=oobefldr.dll,ShowWelcomeCenter []
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2006-11-02 201728][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Shockwave Updater»=C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe [2009-07-31 468408]
«FlashPlayerUpdate»=C:Windowssystem32MacromedFlashFlashUtil10h_ActiveX.exe [2010-06-15 231888]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
Digital Line Detect.lnk — C:Program FilesDigital Line DetectDLG.exe
QuickSet.lnk — C:WindowsInstaller{7F0C4457-8E64-491B-8D7B-991504365D1E}NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
SetPoint.lnk — C:Program FilesSetPointSetPoint.exeC:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Apoint.lnk — C:Program FilesDellTPadApoint.exe[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«NoInternetOpenWith «=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=0
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2010-08-13 21:48:00 —-D—- C:Program Filestrend micro
2010-08-13 21:47:59 —-D—- C:rsit======List of files/folders modified in the last 1 months======
2010-08-13 21:48:08 —-D—- C:WindowsPrefetch
2010-08-13 21:48:01 —-D—- C:WindowsTemp
2010-08-13 21:48:00 —-RD—- C:Program Files
2010-08-13 21:12:39 —-D—- C:WindowsSystem32
2010-08-13 21:12:37 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-08-13 21:12:36 —-D—- C:Windowsinf
2010-08-13 21:01:03 —-SHD—- C:System Volume Information
2010-08-09 21:17:54 —-D—- C:Windows
2010-08-09 21:17:26 —-D—- C:WindowsDebug
2010-08-08 23:08:54 —-D—- C:UsersUserAppDataRoamingSkype
2010-08-08 22:53:05 —-D—- C:UsersUserAppDataRoamingskypePM
2010-08-08 15:27:41 —-D—- C:Windowssystem32catroot2
2010-08-06 01:24:01 —-D—- C:VAD
2010-08-03 00:55:47 —-SHD—- C:WindowsInstaller
2010-08-03 00:55:02 —-D—- C:Program FilesRoxio
2010-08-03 00:55:00 —-D—- C:Program FilesCommon Files
2010-08-03 00:36:55 —-SHD—- C:Boot
2010-08-03 00:36:55 —-D—- C:Windowssystem32config
2010-08-02 01:26:07 —-D—- C:Program FilesCommon FilesSonic Shared
2010-08-02 01:09:42 —-A—- C:WindowsNeroDigital.ini
2010-08-02 01:09:10 —-A—- C:Windowsmjmcontrol.ini
2010-08-02 01:09:09 —-A—- C:Windowswin.ini
2010-08-02 01:09:09 —-A—- C:WindowsUkrInfo.ini
2010-08-02 01:04:14 —-D—- C:Program FilesAuslogics
2010-07-27 18:53:37 —-D—- C:UsersUserAppDataRoaminguTorrent======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:Windowssystem32driversiastor.sys [2007-04-29 277784]
R0 prohlp02;StarForce Protection Helper Driver v2; C:WindowsSystem32driversprohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:WindowsSystem32driversprosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:WindowsSystem32DriversPxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:WindowsSystem32driverssfhlp01.sys [2003-12-01 4832]
R1 ehdrv;ehdrv; C:Windowssystem32DRIVERSehdrv.sys [2009-04-09 107256]
R1 epfwtdi;epfwtdi; C:Windowssystem32DRIVERSepfwtdi.sys [2009-04-09 55768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WindowsSystem32driversprodrv06.sys [2004-08-09 53920]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-12-30 281760]
R2 eamon;eamon; C:Windowssystem32DRIVERSeamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:Windowssystem32DRIVERSepfw.sys [2009-04-09 133000]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-12-30 25888]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2007-04-29 12672]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-04-29 32256]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-04-29 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-04-29 37376]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2007-04-29 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:Windowssystem32DRIVERSApfiltr.sys [2007-09-24 155136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0; C:Windowssystem32DRIVERSb57nd60x.sys [2007-05-11 179712]
R3 BCM43XX;Драйвер платы Dell Wireless WLAN Card; C:Windowssystem32DRIVERSbcmwl6.sys [2007-10-10 1044472]
R3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2009-04-06 19456]
R3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2006-11-02 92160]
R3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2009-04-06 29184]
R3 btwaudio;Аудиоустройство Bluetooth; C:Windowssystem32driversbtwaudio.sys [2006-11-07 78128]
R3 btwavdt;Bluetooth AVDT Service; C:Windowssystem32driversbtwavdt.sys [2006-11-07 80176]
R3 btwrchid;btwrchid; C:Windowssystem32DRIVERSbtwrchid.sys [2006-11-07 16560]
R3 Epfwndis;Eset Personal Firewall; C:Windowssystem32DRIVERSEpfwndis.sys [2009-04-09 33096]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2007-04-29 986624]
R3 HSXHWAZL;HSXHWAZL; C:Windowssystem32DRIVERSHSXHWAZL.sys [2007-04-29 206848]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:Windowssystem32DRIVERSLHidFilt.Sys [2007-01-11 32272]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:Windowssystem32DRIVERSLMouFilt.Sys [2007-01-11 32528]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2007-10-04 7628608]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:Windowssystem32DRIVERSOEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:Windowssystem32DRIVERSOEM02Vfx.sys [2007-08-29 7424]
R3 pfc;Padus ASPI Shell; C:Windowssystem32driverspfc.sys [2008-04-01 10368]
R3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2007-11-21 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:Windowssystem32driversstwrt.sys [2007-06-27 326656]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2007-04-29 659968]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2009-04-06 220160]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2006-11-02 5632]
S3 e1express;Intel(R) PRO/1000 драйвер сетевого подключения PCI Express; C:Windowssystem32DRIVERSe1e6032.sys [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2007-08-24 101504]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:Windowssystem32DRIVERSk750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:Windowssystem32DRIVERSk750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:Windowssystem32DRIVERSk750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:Windowssystem32DRIVERSk750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:Windowssystem32DRIVERSk750obex.sys [2005-07-07 79488]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2006-11-02 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:Windowssystem32DRIVERSatikmdag.sys [2006-11-02 2028032]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2006-11-02 82560]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2006-11-02 22016]
R2 ekrn;ESET Service; C:Program FilesESETESET Smart Securityekrn.exe [2009-04-09 731840]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-12-03 869672]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe [2006-11-05 159744]
R2 STacSV;SigmaTel Audio Service; C:Windowssystem32STacSV.exe [2007-06-27 94208]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2007-04-29 386560]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-12-13 447784]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2009-04-09 20680]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:Program FilesCommon FilesSureThing Sharedstllssvr.exe []
EOF
День добрый!
Выкладываю:ComboFix 10-08-14.02 — User 15.08.2010 11:47:53.1.2 — x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1251.7.1049.18.2046.1227 [GMT 4:00]
Running from: c:usersUserDesktopComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Персональный файервол ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: Защитник Windows *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ESET Smart Security 4.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:usersUserAppDataRoamingAldea
c:usersUserAppDataRoamingMicrosoftInternet ExplorerqiPSearchbar.dll
c:windowssystem32Пузыри.scr
c:windowssystem32ssField Lines.scr
c:windowssystem32ssRibbons.scr
c:windowssystem32SYSINTERNALS_BLUESCREEN.SCR.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.2010-08-15 07:58 . 2010-08-15 07:58
d
w- c:usersDefaultAppDataLocaltemp
2010-08-13 17:48 . 2010-08-13 17:48
d
w- c:program filestrend micro
2010-08-13 17:47 . 2010-08-13 17:48
d
w- C:rsit.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 07:20 . 2006-11-09 07:20 85900 —-a-w- c:windowssystem32perfc019.dat
2010-08-15 07:20 . 2006-11-09 07:20 530020 —-a-w- c:windowssystem32perfh019.dat
2010-08-15 07:13 . 2007-11-21 09:27 3308 —-a-w- c:windowsbthservsdp.dat
2010-08-14 11:54 . 2008-12-26 20:59
d
w- c:usersUserAppDataRoamingSkype
2010-08-14 06:21 . 2008-12-26 21:03
d
w- c:usersUserAppDataRoamingskypePM
2010-08-08 18:52 . 2008-04-07 00:26 680 —-a-w- c:usersUserAppDataLocald3d9caps.dat
2010-08-02 20:55 . 2007-11-21 09:46
d
w- c:program filesRoxio
2010-08-01 21:26 . 2007-11-21 09:45
d
w- c:program filesCommon FilesSonic Shared
2010-08-01 21:04 . 2010-01-01 03:52
d
w- c:program filesAuslogics
2010-07-27 14:53 . 2009-11-15 18:47
d
w- c:usersUserAppDataRoaminguTorrent
2010-07-11 06:24 . 2010-07-11 05:57
d
w- c:program filesExact Audio Copy
2010-07-10 17:34 . 2008-03-31 23:19 27240 —-a-w- c:usersUserAppDataRoamingnvModes.dat
2010-07-05 16:45 . 2010-07-05 16:45
d
w- c:program filesQS
2007-11-21 17:20 . 2007-11-21 17:11 8192 —sha-w- c:windowsUsersDefaultNTUSER.DAT
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2007-12-13 1688872]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«WindowsWelcomeCenter»=»oobefldr.dll» [2006-11-02 2159104]
«WMPNSCFG»=»c:program filesWindows Media PlayerWMPNSCFG.exe» [2006-11-02 201728][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
«Shockwave Updater»=»c:windowssystem32AdobeShockwave 11SwHelper_1151601.exe» [2009-07-31 468408][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2007-12-03 2213160]
«Kernel and Hardware Abstraction Layer»=»KHALMNPR.EXE» [2007-01-11 101136]
«ISUSPM Startup»=»c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe» [2006-10-03 221184]
«NvSvc»=»c:windowssystem32nvsvc.dll» [2007-10-04 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-10-04 8497696]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-10-04 81920]
«NVHotkey»=»c:windowssystem32nvHotkey.dll» [2007-10-04 86016]
«Apoint»=»c:program filesDellTPadApoint.exe» [2007-09-24 159744]
«egui»=»c:program filesESETESET Smart Securityegui.exe» [2009-04-09 2029640]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2010-06-20 35760]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-06-09 976832]c:usersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Apoint.lnk — c:program filesDellTPadApoint.exe [2007-11-21 159744]c:programdataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk — c:program filesDigital Line DetectDLG.exe [2007-11-21 50688]
QuickSet.lnk — c:windowsInstaller{7F0C4457-8E64-491B-8D7B-991504365D1E}NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-11-21 45056]
SetPoint.lnk — c:program filesSetPointSetPoint.exe [2007-11-21 679936][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«mixer2″=wdmaud.drv[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-333778006-3081254602-750035399-1000]
«EnableNotificationsRef»=dword:00000001S1 ehdrv;ehdrv;c:windowssystem32DRIVERSehdrv.sys [2009-04-09 107256]
S2 ekrn;ESET Service;c:program filesESETESET Smart Securityekrn.exe [2009-04-09 731840]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0;c:windowssystem32DRIVERSb57nd60x.sys [2007-05-11 179712][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
.
Supplementary Scan
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Translate with Lingvo — c:program filesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
IE: Отправить изображение на &устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: Отправить страницу на &устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie.htm
TCP: {967A8621-689C-41DD-BD6B-CDE810FB6AED} = 212.1.224.34,212.1.230.111
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-15 11:58
Windows 6.0.6000 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.032UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.032»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.aniUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ani»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.arwUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.arw»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bayUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.bay»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bmpUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.bmp»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bwUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.bw»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cr2UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.cr2»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.crwUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.crw»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cs1UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.cs1»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.curUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.cur»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcrUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.dcr»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcxUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.dcx»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dibUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.dib»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.djv»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvuUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.djvu»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dngUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.dng»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.emf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.epsUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.eps»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.erfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.erf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fffUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.fff»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fpxUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.fpx»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.gifUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.gif»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.hdrUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.hdr»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iclUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.icl»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.icnUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.icn»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.icoUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ico»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iffUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.iff»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ilbmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ilbm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.int»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intaUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.inta»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iw4UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.iw4»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2cUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.j2c»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2kUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.j2k»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jfifUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jfif»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jifUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jif»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jp2UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jp2»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpcUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpc»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpeUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpe»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpegUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpeg»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpgUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpg»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpkUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpk»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpxUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.jpx»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.lbmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.lbm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mefUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.mef»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mosUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.mos»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mrwUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.mrw»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nefUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.nef»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.orfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.orf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pbm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcdUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pcd»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pctUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pct»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcxUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pcx»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pefUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pef»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pgmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pgm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.picUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pic»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pictUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pict»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pixUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pix»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pngUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.png»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ppmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ppm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.psdUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.psd»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.psp»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspimageUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.pspimage»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rafUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.raf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rasUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ras»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rawUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.raw»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.rgb»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbaUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.rgba»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rleUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.rle»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rsbUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.rsb»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sgiUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.sgi»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sr2UserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.sr2»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.srf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tgaUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.tga»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.thmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.thm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tiffUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.tiff»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttcUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ttc»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.ttf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v20poUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.v20po»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v20ppUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.v20pp»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v20ppfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.v20ppf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.wbm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmpUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.wbmp»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmfUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.wmf»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xbmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.xbm»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xifUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.xif»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xmpUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.xmp»[HKEY_USERSS-1-5-21-333778006-3081254602-750035399-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xpmUserChoice]
@Denied: (2) (LocalSystem)
«Progid»=»ACDSee Pro 2.0.xpm»[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=»FlashBroker»
«LocalizedString»=»@c:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe,-101»[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]
«Enabled»=dword:00000001[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]
@=»c:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe»[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker4″[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0»[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}004AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}005AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}006AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}007AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}008AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}009AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}010AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
Completion time: 2010-08-15 12:03:15
ComboFix-quarantined-files.txt 2010-08-15 08:03Pre-Run: 1 615 507 456 байт свободно
Post-Run: 1 350 631 424 байт свободно— — End Of File — — 38D0F3B443F7C19179F1637487C9ADB8
комьютер продолжает жить своей жизнью… все работает, но очень медленно:
Logfile of random’s system information tool 1.08 (written by random/random)
Run by User at 2010-08-15 19:46:29
Microsoft® Windows Vista™ Home Basic
System drive C: has 1 GB (1%) free of 102 GB
Total RAM: 2046 MB (47% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:46:41, on 15.08.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: NormalRunning processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:Program FilesDellTPadApoint.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesAdobeReader 9.0Readerreader_sl.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesDellTPadApMsgFwd.exe
C:Program FilesPunto Switcherpunto.exe
C:Program FilesDellTPadApntex.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesSetPointSetPoint.exe
C:Program FilesDellTPadHidFind.exe
c:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe
C:Program FilesCommon FilesLogitechkhalsharedKHALMNPR.EXE
C:Program FilesSkypePhoneSkype.exe
C:Windowssystem32SearchFilterHost.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:UsersUserDesktopвсячинаисцеление PC DefenderRSIT.exe
C:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NVHotkey] rundll32.exe C:Windowssystem32nvHotkey.dll,Start
O4 — HKLM..Run: [Apoint] C:Program FilesDellTPadApoint.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKCU..RunOnce: [Shockwave Updater] C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe -Update -1151601 -«Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618)» -«http://lms.universtal.ru/content/pkg61724/resources/resource_33/___run2_2.1.1.htm»
O4 — Startup: Apoint.lnk = C:Program FilesDellTPadApoint.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: Digital Line Detect.lnk = C:Program FilesDigital Line DetectDLG.exe
O4 — Global Startup: QuickSet.lnk = ?
O4 — Global Startup: SetPoint.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O8 — Extra context menu item: Отправить изображение на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: Отправить страницу на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 — HKLMSystemCCSServicesTcpip..{967A8621-689C-41DD-BD6B-CDE810FB6AED}: NameServer = 212.1.224.34,212.1.230.111
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: SigmaTel Audio Service (STacSV) — SigmaTel, Inc. — C:Windowssystem32STacSV.exe
O23 — Service: stllssvr — Unknown owner — C:Program FilesCommon FilesSureThing Sharedstllssvr.exe (file missing)
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exe—
End of file — 7801 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2010-06-19 75200][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-04-12 41760][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-12-03 2213160]
«Kernel and Hardware Abstraction Layer»=C:WindowsKHALMNPR.EXE [2007-01-11 101136]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2006-10-03 221184]
«NvSvc»=C:Windowssystem32nvsvc.dll [2007-10-04 86016]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2007-10-04 8497696]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2007-10-04 81920]
«NVHotkey»=C:Windowssystem32nvHotkey.dll [2007-10-04 86016]
«Apoint»=C:Program FilesDellTPadApoint.exe [2007-09-24 159744]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2009-04-09 2029640]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2010-06-20 35760]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2010-06-09 976832][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe [2007-12-13 1688872]
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-16 735016]
«WindowsWelcomeCenter»=oobefldr.dll,ShowWelcomeCenter []
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2006-11-02 201728][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Shockwave Updater»=C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe [2009-07-31 468408]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
Digital Line Detect.lnk — C:Program FilesDigital Line DetectDLG.exe
QuickSet.lnk — C:WindowsInstaller{7F0C4457-8E64-491B-8D7B-991504365D1E}NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
SetPoint.lnk — C:Program FilesSetPointSetPoint.exeC:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Apoint.lnk — C:Program FilesDellTPadApoint.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{AEB6717E-7E19-11d0-97EE-00C04FD91972}»= [][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«NoInternetOpenWith «=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=0
«NoSMConfigurePrograms»=1
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2010-08-15 12:03:22 —-SHD—- C:$RECYCLE.BIN
2010-08-15 12:03:18 —-D—- C:Windowstemp
2010-08-15 12:03:16 —-A—- C:ComboFix.txt
2010-08-15 11:45:34 —-A—- C:Windowszip.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWXCACLS.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWSC.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWREG.exe
2010-08-15 11:45:34 —-A—- C:Windowssed.exe
2010-08-15 11:45:34 —-A—- C:WindowsPEV.exe
2010-08-15 11:45:34 —-A—- C:WindowsNIRCMD.exe
2010-08-15 11:45:34 —-A—- C:WindowsMBR.exe
2010-08-15 11:45:34 —-A—- C:Windowsgrep.exe
2010-08-15 11:45:25 —-D—- C:ComboFix
2010-08-15 11:42:07 —-D—- C:WindowsERDNT
2010-08-15 11:41:49 —-D—- C:Qoobox
2010-08-13 21:48:00 —-D—- C:Program Filestrend micro
2010-08-13 21:47:59 —-D—- C:rsit======List of files/folders modified in the last 1 months======
2010-08-15 19:45:25 —-D—- C:UsersUserAppDataRoamingskypePM
2010-08-15 19:45:25 —-D—- C:UsersUserAppDataRoamingSkype
2010-08-15 13:58:39 —-RD—- C:Program Files
2010-08-15 13:58:10 —-D—- C:WindowsSystem32
2010-08-15 13:58:09 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-08-15 13:58:08 —-D—- C:Windowsinf
2010-08-15 13:28:29 —-SHD—- C:WindowsInstaller
2010-08-15 13:28:19 —-D—- C:Program FilesCommon FilesRoxio Shared
2010-08-15 13:28:19 —-D—- C:Program FilesCommon Files
2010-08-15 13:27:55 —-D—- C:Windowssystem32drivers
2010-08-15 13:27:47 —-RSD—- C:WindowsFonts
2010-08-15 13:27:21 —-D—- C:ProgramDataRoxio
2010-08-15 13:24:10 —-SHD—- C:System Volume Information
2010-08-15 13:10:25 —-D—- C:VAD
2010-08-15 12:46:23 —-D—- C:Windows
2010-08-15 11:58:32 —-A—- C:Windowssystem.ini
2010-08-15 11:58:19 —-D—- C:Windowssystem32driversetc
2010-08-15 11:53:03 —-D—- C:WindowsAppPatch
2010-08-15 11:41:59 —-D—- C:WindowsPrefetch
2010-08-15 11:12:23 —-D—- C:Windowssystem32config
2010-08-15 11:12:23 —-D—- C:Boot
2010-08-14 19:29:19 —-D—- C:WindowsDebug
2010-08-08 15:27:41 —-D—- C:Windowssystem32catroot2
2010-08-02 01:09:42 —-A—- C:WindowsNeroDigital.ini
2010-08-02 01:09:10 —-A—- C:Windowsmjmcontrol.ini
2010-08-02 01:09:09 —-A—- C:Windowswin.ini
2010-08-02 01:09:09 —-A—- C:WindowsUkrInfo.ini
2010-08-02 01:04:14 —-D—- C:Program FilesAuslogics
2010-07-27 18:53:37 —-D—- C:UsersUserAppDataRoaminguTorrent======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:Windowssystem32driversiastor.sys [2007-04-29 277784]
R0 prohlp02;StarForce Protection Helper Driver v2; C:WindowsSystem32driversprohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:WindowsSystem32driversprosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:WindowsSystem32DriversPxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:WindowsSystem32driverssfhlp01.sys [2003-12-01 4832]
R1 ehdrv;ehdrv; C:Windowssystem32DRIVERSehdrv.sys [2009-04-09 107256]
R1 epfwtdi;epfwtdi; C:Windowssystem32DRIVERSepfwtdi.sys [2009-04-09 55768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WindowsSystem32driversprodrv06.sys [2004-08-09 53920]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-12-30 281760]
R2 eamon;eamon; C:Windowssystem32DRIVERSeamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:Windowssystem32DRIVERSepfw.sys [2009-04-09 133000]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-12-30 25888]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2007-04-29 12672]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-04-29 32256]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-04-29 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-04-29 37376]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2007-04-29 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:Windowssystem32DRIVERSApfiltr.sys [2007-09-24 155136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0; C:Windowssystem32DRIVERSb57nd60x.sys [2007-05-11 179712]
R3 BCM43XX;Драйвер платы Dell Wireless WLAN Card; C:Windowssystem32DRIVERSbcmwl6.sys [2007-10-10 1044472]
R3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2009-04-06 19456]
R3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2006-11-02 92160]
R3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2009-04-06 29184]
R3 btwaudio;Аудиоустройство Bluetooth; C:Windowssystem32driversbtwaudio.sys [2006-11-07 78128]
R3 btwavdt;Bluetooth AVDT Service; C:Windowssystem32driversbtwavdt.sys [2006-11-07 80176]
R3 btwrchid;btwrchid; C:Windowssystem32DRIVERSbtwrchid.sys [2006-11-07 16560]
R3 Epfwndis;Eset Personal Firewall; C:Windowssystem32DRIVERSEpfwndis.sys [2009-04-09 33096]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2007-04-29 986624]
R3 HSXHWAZL;HSXHWAZL; C:Windowssystem32DRIVERSHSXHWAZL.sys [2007-04-29 206848]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:Windowssystem32DRIVERSLHidFilt.Sys [2007-01-11 32272]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:Windowssystem32DRIVERSLMouFilt.Sys [2007-01-11 32528]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2007-10-04 7628608]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:Windowssystem32DRIVERSOEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:Windowssystem32DRIVERSOEM02Vfx.sys [2007-08-29 7424]
R3 pfc;Padus ASPI Shell; C:Windowssystem32driverspfc.sys [2008-04-01 10368]
R3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2007-11-21 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:Windowssystem32driversstwrt.sys [2007-06-27 326656]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2007-04-29 659968]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2009-04-06 220160]
S3 catchme;catchme; ??C:UsersUserAppDataLocalTempcatchme.sys []
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2006-11-02 5632]
S3 e1express;Intel(R) PRO/1000 драйвер сетевого подключения PCI Express; C:Windowssystem32DRIVERSe1e6032.sys [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2007-08-24 101504]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:Windowssystem32DRIVERSk750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:Windowssystem32DRIVERSk750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:Windowssystem32DRIVERSk750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:Windowssystem32DRIVERSk750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:Windowssystem32DRIVERSk750obex.sys [2005-07-07 79488]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2006-11-02 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:Windowssystem32DRIVERSatikmdag.sys [2006-11-02 2028032]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2006-11-02 82560]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2006-11-02 22016]
R2 ekrn;ESET Service; C:Program FilesESETESET Smart Securityekrn.exe [2009-04-09 731840]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-12-03 869672]
R2 STacSV;SigmaTel Audio Service; C:Windowssystem32STacSV.exe [2007-06-27 94208]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2007-04-29 386560]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-12-13 447784]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2009-04-09 20680]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:Program FilesCommon FilesSureThing Sharedstllssvr.exe []
EOF
Привет.у меня комп все время перезагружается,когда идет сканирование superantispuware, поймали мы, где то ,эту грязь pc defender.что делать?заранее спасибо.
Привет. 🙂
Логи RSIT нужно сделать, создать новую тему и вставить их туда.
vlkruglov, Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.
Его содержимое вставьте в ваше следующее сообщение и приложите так же свежий RSIT лог (только log.txt).Добрый вечер!
Выкладываю вначале лог RSIT, а потом MBAM (он ничего не нашел):Logfile of random’s system information tool 1.08 (written by random/random)
Run by User at 2010-08-18 22:02:30
Microsoft® Windows Vista™ Home Basic
System drive C: has 8 GB (8%) free of 102 GB
Total RAM: 2046 MB (55% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:02:33, on 18.08.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: NormalRunning processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:Program FilesDellTPadApoint.exe
C:Program FilesESETESET Smart Securityegui.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesPunto Switcherpunto.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:WindowsSystem32rundll32.exe
C:Program FilesDellTPadApMsgFwd.exe
C:Program FilesDellTPadApntex.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesDellTPadHidFind.exe
C:Program FilesSetPointSetPoint.exe
C:Program FilesCommon FilesLogitechkhalsharedKHALMNPR.EXE
c:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
C:Windowssystem32SearchFilterHost.exe
C:UsersUserDesktopвсячинаисцеление PC DefenderRSIT.exe
C:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NVHotkey] rundll32.exe C:Windowssystem32nvHotkey.dll,Start
O4 — HKLM..Run: [Apoint] C:Program FilesDellTPadApoint.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKCU..RunOnce: [Shockwave Updater] C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe -Update -1151601 -«Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618)» -«http://lms.universtal.ru/content/pkg61724/resources/resource_33/___run2_2.1.1.htm»
O4 — Startup: Apoint.lnk = C:Program FilesDellTPadApoint.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: Digital Line Detect.lnk = C:Program FilesDigital Line DetectDLG.exe
O4 — Global Startup: QuickSet.lnk = ?
O4 — Global Startup: SetPoint.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O8 — Extra context menu item: Отправить изображение на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: Отправить страницу на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 — HKLMSystemCCSServicesTcpip..{967A8621-689C-41DD-BD6B-CDE810FB6AED}: NameServer = 212.1.224.34,212.1.230.111
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: SigmaTel Audio Service (STacSV) — SigmaTel, Inc. — C:Windowssystem32STacSV.exe
O23 — Service: stllssvr — Unknown owner — C:Program FilesCommon FilesSureThing Sharedstllssvr.exe (file missing)
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exe—
End of file — 7710 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2010-06-19 75200][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-04-12 41760][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-12-03 2213160]
«Kernel and Hardware Abstraction Layer»=C:WindowsKHALMNPR.EXE [2007-01-11 101136]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2006-10-03 221184]
«NvSvc»=C:Windowssystem32nvsvc.dll [2007-10-04 86016]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2007-10-04 8497696]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2007-10-04 81920]
«NVHotkey»=C:Windowssystem32nvHotkey.dll [2007-10-04 86016]
«Apoint»=C:Program FilesDellTPadApoint.exe [2007-09-24 159744]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2009-04-09 2029640]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2010-06-20 35760]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2010-06-09 976832][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe [2007-12-13 1688872]
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-16 735016]
«WindowsWelcomeCenter»=oobefldr.dll,ShowWelcomeCenter []
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2006-11-02 201728][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Shockwave Updater»=C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe [2009-07-31 468408]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
Digital Line Detect.lnk — C:Program FilesDigital Line DetectDLG.exe
QuickSet.lnk — C:WindowsInstaller{7F0C4457-8E64-491B-8D7B-991504365D1E}NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
SetPoint.lnk — C:Program FilesSetPointSetPoint.exeC:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Apoint.lnk — C:Program FilesDellTPadApoint.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{AEB6717E-7E19-11d0-97EE-00C04FD91972}»= [][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«NoInternetOpenWith «=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=0
«NoSMConfigurePrograms»=1
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2010-08-17 23:51:16 —-D—- C:111
2010-08-17 21:09:41 —-D—- C:124
2010-08-16 00:29:19 —-D—- C:Program FilesHetman Software
2010-08-15 12:03:22 —-SHD—- C:$RECYCLE.BIN
2010-08-15 12:03:18 —-D—- C:Windowstemp
2010-08-15 12:03:16 —-A—- C:ComboFix.txt
2010-08-15 11:45:34 —-A—- C:Windowszip.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWXCACLS.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWSC.exe
2010-08-15 11:45:34 —-A—- C:WindowsSWREG.exe
2010-08-15 11:45:34 —-A—- C:Windowssed.exe
2010-08-15 11:45:34 —-A—- C:WindowsPEV.exe
2010-08-15 11:45:34 —-A—- C:WindowsNIRCMD.exe
2010-08-15 11:45:34 —-A—- C:WindowsMBR.exe
2010-08-15 11:45:34 —-A—- C:Windowsgrep.exe
2010-08-15 11:45:25 —-D—- C:ComboFix
2010-08-15 11:42:07 —-D—- C:WindowsERDNT
2010-08-15 11:41:49 —-D—- C:Qoobox
2010-08-13 21:48:00 —-D—- C:Program Filestrend micro
2010-08-13 21:47:59 —-D—- C:rsit======List of files/folders modified in the last 1 months======
2010-08-18 22:02:33 —-D—- C:WindowsPrefetch
2010-08-18 22:01:04 —-D—- C:UsersUserAppDataRoamingSkype
2010-08-18 21:40:10 —-D—- C:UsersUserAppDataRoamingskypePM
2010-08-18 21:20:26 —-D—- C:WindowsSystem32
2010-08-18 21:20:26 —-D—- C:Windowsinf
2010-08-18 21:20:26 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-08-18 00:52:20 —-RD—- C:Program Files
2010-08-18 00:51:53 —-A—- C:WindowsNeroDigital.ini
2010-08-18 00:51:26 —-D—- C:Windows
2010-08-18 00:51:12 —-D—- C:WindowsDebug
2010-08-17 23:53:22 —-SHD—- C:System Volume Information
2010-08-16 21:38:45 —-A—- C:Windowswin.ini
2010-08-16 19:58:16 —-D—- C:UsersUserAppDataRoaminguTorrent
2010-08-15 13:28:29 —-SHD—- C:WindowsInstaller
2010-08-15 13:28:19 —-D—- C:Program FilesCommon FilesRoxio Shared
2010-08-15 13:28:19 —-D—- C:Program FilesCommon Files
2010-08-15 13:27:55 —-D—- C:Windowssystem32drivers
2010-08-15 13:27:47 —-RSD—- C:WindowsFonts
2010-08-15 13:27:21 —-D—- C:ProgramDataRoxio
2010-08-15 13:10:25 —-D—- C:VAD
2010-08-15 11:58:32 —-A—- C:Windowssystem.ini
2010-08-15 11:58:19 —-D—- C:Windowssystem32driversetc
2010-08-15 11:53:03 —-D—- C:WindowsAppPatch
2010-08-15 11:12:23 —-D—- C:Windowssystem32config
2010-08-15 11:12:23 —-D—- C:Boot
2010-08-08 15:27:41 —-D—- C:Windowssystem32catroot2
2010-08-02 01:09:10 —-A—- C:Windowsmjmcontrol.ini
2010-08-02 01:09:09 —-A—- C:WindowsUkrInfo.ini
2010-08-02 01:04:14 —-D—- C:Program FilesAuslogics======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:Windowssystem32driversiastor.sys [2007-04-29 277784]
R0 prohlp02;StarForce Protection Helper Driver v2; C:WindowsSystem32driversprohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:WindowsSystem32driversprosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:WindowsSystem32DriversPxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:WindowsSystem32driverssfhlp01.sys [2003-12-01 4832]
R1 ehdrv;ehdrv; C:Windowssystem32DRIVERSehdrv.sys [2009-04-09 107256]
R1 epfwtdi;epfwtdi; C:Windowssystem32DRIVERSepfwtdi.sys [2009-04-09 55768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WindowsSystem32driversprodrv06.sys [2004-08-09 53920]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-12-30 281760]
R2 eamon;eamon; C:Windowssystem32DRIVERSeamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:Windowssystem32DRIVERSepfw.sys [2009-04-09 133000]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-12-30 25888]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2007-04-29 12672]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-04-29 32256]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-04-29 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-04-29 37376]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2007-04-29 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:Windowssystem32DRIVERSApfiltr.sys [2007-09-24 155136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0; C:Windowssystem32DRIVERSb57nd60x.sys [2007-05-11 179712]
R3 BCM43XX;Драйвер платы Dell Wireless WLAN Card; C:Windowssystem32DRIVERSbcmwl6.sys [2007-10-10 1044472]
R3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2009-04-06 19456]
R3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2006-11-02 92160]
R3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2009-04-06 29184]
R3 btwaudio;Аудиоустройство Bluetooth; C:Windowssystem32driversbtwaudio.sys [2006-11-07 78128]
R3 btwavdt;Bluetooth AVDT Service; C:Windowssystem32driversbtwavdt.sys [2006-11-07 80176]
R3 btwrchid;btwrchid; C:Windowssystem32DRIVERSbtwrchid.sys [2006-11-07 16560]
R3 Epfwndis;Eset Personal Firewall; C:Windowssystem32DRIVERSEpfwndis.sys [2009-04-09 33096]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2007-04-29 986624]
R3 HSXHWAZL;HSXHWAZL; C:Windowssystem32DRIVERSHSXHWAZL.sys [2007-04-29 206848]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:Windowssystem32DRIVERSLHidFilt.Sys [2007-01-11 32272]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:Windowssystem32DRIVERSLMouFilt.Sys [2007-01-11 32528]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2007-10-04 7628608]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:Windowssystem32DRIVERSOEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:Windowssystem32DRIVERSOEM02Vfx.sys [2007-08-29 7424]
R3 pfc;Padus ASPI Shell; C:Windowssystem32driverspfc.sys [2008-04-01 10368]
R3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2007-11-21 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:Windowssystem32driversstwrt.sys [2007-06-27 326656]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2007-04-29 659968]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2009-04-06 220160]
S3 catchme;catchme; ??C:UsersUserAppDataLocalTempcatchme.sys []
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2006-11-02 5632]
S3 e1express;Intel(R) PRO/1000 драйвер сетевого подключения PCI Express; C:Windowssystem32DRIVERSe1e6032.sys [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2007-08-24 101504]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:Windowssystem32DRIVERSk750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:Windowssystem32DRIVERSk750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:Windowssystem32DRIVERSk750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:Windowssystem32DRIVERSk750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:Windowssystem32DRIVERSk750obex.sys [2005-07-07 79488]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2006-11-02 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:Windowssystem32DRIVERSatikmdag.sys [2006-11-02 2028032]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2006-11-02 82560]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2006-11-02 22016]
R2 ekrn;ESET Service; C:Program FilesESETESET Smart Securityekrn.exe [2009-04-09 731840]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-12-03 869672]
R2 STacSV;SigmaTel Audio Service; C:Windowssystem32STacSV.exe [2007-06-27 94208]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2007-04-29 386560]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-12-13 447784]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2009-04-09 20680]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:Program FilesCommon FilesSureThing Sharedstllssvr.exe []
EOF
Malwarebytes’ Anti-Malware 1.46
http://www.malwarebytes.orgВерсия базы данных: 4446
Windows 6.0.6000
Internet Explorer 7.0.6000.1703718.08.2010 22:01:34
mbam-log-2010-08-18 (22-01-34).txtТип сканирования: Быстрое сканирование
Просканированные объекты: 135050
Времени прошло: 7 минут, 2 секундЗараженные процессы в памяти: 0
Зараженные модули в памяти: 0
Зараженные ключи в реестре: 0
Зараженные параметры в реестре: 0
Объекты реестра заражены: 0
Зараженные папки: 0
Зараженные файлы: 0Зараженные процессы в памяти:
(Вредоносных программ не обнаружено)Зараженные модули в памяти:
(Вредоносных программ не обнаружено)Зараженные ключи в реестре:
(Вредоносных программ не обнаружено)Зараженные параметры в реестре:
(Вредоносных программ не обнаружено)Объекты реестра заражены:
(Вредоносных программ не обнаружено)Зараженные папки:
(Вредоносных программ не обнаружено)Зараженные файлы:
(Вредоносных программ не обнаружено)Что сейчас с проблемами?Компьютер продолжает тормозить?Если, то давайте еще антируткитом посмотрим:
Скачайте GMER по одной из указанных ссылок:
Gmer со случайным именем
http://www.gmer.net/download.php
Gmer в zip-архиве (перед применением распаковать в отдельную папку)
http://www.gmer.net/download.php
— Запустите программу (пользователям Vista и 7 запускать от имени Администратора по правой кнопке мыши).
Начнется экспресс-проверка. После завершения экспресс проверки отметьте все диски.
— Нажмите на кнопку Scan и дождитесь окончания проверки. При появлении окна с сообщением о деятельности руткита, нажмите OK.
После окончания проверки сохраните его лог (нажмите на кнопку Save) и вложите в сообщение.Комп вроде перестает тормозить… я тут порасчистил винт, думаю может еще из-за этого тормоза возможны…
Я правильно понимаю, что пока ничего криминально благодаря логам RSITи MBAM ничего найдено не было?Несколько завершающих действий.
1.Удалите комбофикс, как написано здесь
2. Обновите ваши программы.
Adobe Reader до последней версии
Зайдите на сайт update.microsoft.com и проверьте наличие обновлений для Windows.3. Создайте новую точку восстановления и удалите все старые.
Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.4. И несколько дополнительных советов.
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.
Всего доброго! 🙂
- Для ответа в этой теме необходимо авторизоваться.
