- This topic has 5 ответов, 2 участника, and was last updated 14 years, 10 months назад by
.
-
Сообщения
-
Добрый вечер.не могу зайти сайты с драйверами и сайты антивирусов.сканировал RSIT Logfile of random’s system information tool 1.07 (written by random/random)
Run by Администратор at 2010-07-02 19:18:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 50 GB (17%) free of 305 GB
Total RAM: 2047 MB (64% free)HijackThis download failed
======Scheduled tasks folder======
C:WINDOWStasksGoogle Software Updater.job
C:WINDOWStasksGoogleUpdateTaskMachineCore.job
C:WINDOWStasksGoogleUpdateTaskMachineUA.job
C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-725345543-515967899-2147187605-500.job
C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-725345543-515967899-2147187605-500.job
C:WINDOWStasksUniblue SpeedUpMyPC Nag.job
C:WINDOWStasksUniblue SpeedUpMyPC.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll [2010-03-15 329312][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{422D016D-ACC7-4B28-A90F-437396175B82}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2008-09-15 1562960][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{86AA1341-3F97-42EF-BDF9-F3686C65F729}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A1F254C7-DD01-4ABC-85CB-E6DFC64A4A74}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll [2009-03-27 668656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-03-09 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2010-03-09 79648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«MULTIMEDIA KEYBOARD»=C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe [2003-09-30 425984]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«SSBkgdUpdate»=C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe [2006-10-25 210472]
«OpwareSE4″=C:Program FilesScanSoftOmniPageSE4OpwareSE4.exe [2007-02-04 79400]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2007-10-09 1036288]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«NokiaMServer»=C:Program FilesCommon FilesNokiaMPlatformNokiaMServer /watchfiles startup []
«avgnt»=C:Program FilesAviraAntiVir Desktopavgnt.exe [2009-03-02 209153]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2010-03-15 202256]
«nwiz»=C:Program FilesNVIDIA CorporationnViewnwiz.exe [2010-06-03 1753192]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2010-06-07 13902440]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2010-06-07 110696]
«SoundMax»=C:Program FilesAnalog DevicesSoundMAXsmax4.exe [2006-07-13 729088][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2009-03-05 2260480]
«Steam»=C:Program FilesSteamSteam.exe [2010-05-07 1238352]
«NBJ»=C:PROGRA~1AheadNEROBA~1NBJ.exe [2005-05-19 1957888]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120AxAutoMntSrv.exe [2009-11-15 33120]
«Start WingMan Profiler»= [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«lanmanworkstation»=2
«lanmanserver»=2C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
InterVideo WinCinema Manager.lnk — C:Program FilesCOMPANY_NAMECommonBinWinCinemaMgr.exe
Ускоренный запуск Adobe Reader.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2002-12-31 239616]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesSonyStationLaunchPadLaunchPad.exe»=»C:Program FilesSonyStationLaunchPadLaunchPad.exe:*:Enabled:LaunchPad»
«C:Program FilesSteamSteam.exe»=»C:Program FilesSteamSteam.exe:*:Enabled:Steam Client»
«C:Program FilesPro Evolution Soccer 2009pes2009.exe»=»C:Program FilesPro Evolution Soccer 2009pes2009.exe:*:Enabled:Pro Evolution Soccer 2009»
«C:GamesGTA IVRockstar Games Social ClubRGSCLauncher.exe»=»C:GamesGTA IVRockstar Games Social ClubRGSCLauncher.exe:*:Enabled:Rockstar Games Social Club»
«C:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe»=»C:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«C:Program FilesRockstar GamesGrand Theft Auto IVGTAIV.exe»=»C:Program FilesRockstar GamesGrand Theft Auto IVGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesDragon Agebin_shipdaorigins.exe»=»C:Program FilesDragon Agebin_shipdaorigins.exe:*:Enabled:Dragon Age Начало Игра»
«C:Program FilesDragon AgeDAOriginsLauncher.exe»=»C:Program FilesDragon AgeDAOriginsLauncher.exe:*:Enabled:Dragon Age Начало Запуск»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesGaijinКрылатые Хищникиlauncher.exe»=»C:Program FilesGaijinКрылатые Хищникиlauncher.exe:*:Enabled:Wings of Prey Launcher»
«C:Program FilesGaijinКрылатые Хищникиaces.exe»=»C:Program FilesGaijinКрылатые Хищникиaces.exe:*:Enabled:Wings of Prey»
«C:Program FilesGaijinКрылатые ХищникиyuPlayyuPlay.exe»=»C:Program FilesGaijinКрылатые ХищникиyuPlayyuPlay.exe:*:Enabled:Wings of Prey — yuPlay client»
«C:Program FilesUbisoftUbisoft Game LauncherUbisoftGameLauncher.exe»=»C:Program FilesUbisoftUbisoft Game LauncherUbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher»
«C:Program FilesDragon Agebin_shipdaupdatersvc.service.exe»=»C:Program FilesDragon Agebin_shipdaupdatersvc.service.exe:*:Enabled:Dragon Age Origins Обновление»
«C:Program FilesUbisoftTom Clancy’s Splinter Cell Convictionsrcsystemconviction_game.exe»=»C:Program FilesUbisoftTom Clancy’s Splinter Cell Convictionsrcsystemconviction_game.exe:*:Enabled:Tom Clancy’s Splinter Cell Conviction»
«C:Program FilesUbisoftTom Clancy’s Splinter Cell Convictionsrcsystemgu.exe»=»C:Program FilesUbisoftTom Clancy’s Splinter Cell Convictionsrcsystemgu.exe:*:Enabled:Обновление Tom Clancy’s Splinter Cell Conviction»
«C:UbisoftSilent Hunter 5sh5.exe»=»C:UbisoftSilent Hunter 5sh5.exe:*:Enabled:Silent Hunter 5»
«C:Program FilesMass Effect 2BinariesMassEffect2.exe»=»C:Program FilesMass Effect 2BinariesMassEffect2.exe:*:Enabled:Mass Effect 2 Игра»
«C:Program FilesMass Effect 2MassEffect2Launcher.exe»=»C:Program FilesMass Effect 2MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Запуск»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======File associations======
.scr — open — «C:WINDOWSnotepad.exe» «%1»
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2010-07-02 19:18:23 —-D—- C:rsit
2010-06-29 22:56:31 —-A—- C:WINDOWSsystem329oioZ9C.exe
2010-06-29 22:50:01 —-SHD—- C:WINDOWSCSC
2010-06-29 22:49:55 —-A—- C:WINDOWSntbtlog.txt
2010-06-29 22:36:24 —-A—- C:WINDOWSsystem32q4xDU9T.exe
2010-06-29 21:26:00 —-D—- C:Documents and SettingsАдминистраторApplication DataskypePM
2010-06-29 21:25:39 —-D—- C:Program FilesCommon FilesSkype
2010-06-29 21:23:13 —-A—- C:WINDOWSsystem32NgmETKE.exe
2010-06-29 21:22:51 —-A—- C:WINDOWSsystem32Ck5MooK.exe
2010-06-29 21:22:18 —-A—- C:WINDOWSsystem32AAaA40E.exe
2010-06-28 17:09:28 —-A—- C:WINDOWSsystem32RABPZ8r.exe
2010-06-28 17:09:00 —-A—- C:WINDOWSsystem32YUMQWvU.exe
2010-06-28 17:08:30 —-A—- C:WINDOWSsystem32mEAR8QH.exe
2010-06-19 15:50:41 —-A—- C:Program FilesCommon Fileskeylog.txt
2010-06-19 15:50:40 —-A—- C:WINDOWSsystem32LrKtvmp.exe
2010-06-15 20:17:38 —-D—- C:Program FilesCommon FilesOpera
2010-06-07 17:35:38 —-A—- C:WINDOWSsystem32nvwddi.dll
2010-06-07 17:35:30 —-A—- C:WINDOWSsystem32nvrsth.dll
2010-06-07 17:35:30 —-A—- C:WINDOWSsystem32nvrseng.dll
2010-06-07 17:35:28 —-A—- C:WINDOWSsystem32nvrszht.dll
2010-06-07 17:35:28 —-A—- C:WINDOWSsystem32nvrsnl.dll
2010-06-07 17:35:28 —-A—- C:WINDOWSsystem32nvrshe.dll
2010-06-07 17:35:28 —-A—- C:WINDOWSsystem32nvrsfi.dll
2010-06-07 17:35:28 —-A—- C:WINDOWSsystem32nvrsesm.dll
2010-06-07 17:35:28 —-A—- C:WINDOWSsystem32nvrsel.dll
2010-06-07 17:35:28 —-A—- C:WINDOWSsystem32nvrsda.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrszhc.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrstr.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrssv.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrssl.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrssk.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrsru.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrsptb.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrspt.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrspl.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrsno.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrsko.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrsja.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrsit.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrshu.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrsfr.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrses.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrsde.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrscs.dll
2010-06-07 17:35:26 —-A—- C:WINDOWSsystem32nvrsar.dll
2010-06-07 17:35:24 —-A—- C:WINDOWSsystem32nvmctray.dll
2010-06-07 17:35:24 —-A—- C:WINDOWSsystem32nvmccs.dll
2010-06-07 17:35:22 —-A—- C:WINDOWSsystem32nvsvc32.exe
2010-06-07 17:35:22 —-A—- C:WINDOWSsystem32nvcpl.dll
2010-06-07 17:35:22 —-A—- C:WINDOWSsystem32nvcolor.exe
2010-06-03 14:26:32 —-D—- C:Documents and SettingsАдминистраторApplication DataNVIDIA
2010-06-03 13:48:30 —-D—- C:WINDOWSC5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-06-03 13:27:14 —-D—- C:Program FilesMass Effect 2======List of files/folders modified in the last 1 months======
2010-07-02 19:17:50 —-D—- C:WINDOWSTemp
2010-07-02 19:14:17 —-D—- C:Program FilesSteam
2010-07-02 19:08:48 —-D—- C:Program FilesMozilla Thunderbird
2010-07-02 19:07:06 —-SD—- C:WINDOWSTasks
2010-07-02 19:06:56 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2010-07-02 19:05:48 —-A—- C:WINDOWSMsiosd.ini
2010-07-02 19:05:13 —-D—- C:WINDOWSsystem32CatRoot2
2010-06-30 01:22:26 —-A—- C:WINDOWSSchedLgU.Txt
2010-06-30 00:49:01 —-D—- C:WINDOWSsystem32
2010-06-29 22:50:01 —-D—- C:WINDOWS
2010-06-29 22:26:23 —-SD—- C:Documents and SettingsАдминистраторApplication DataMicrosoft
2010-06-29 22:25:05 —-SHD—- C:RECYCLER
2010-06-29 22:23:42 —-SHD—- C:System Volume Information
2010-06-29 22:23:42 —-D—- C:WINDOWSsystem32Restore
2010-06-29 22:16:23 —-D—- C:Documents and SettingsАдминистраторApplication DataSkype
2010-06-29 21:26:00 —-SHD—- C:WINDOWSInstaller
2010-06-29 21:25:39 —-RD—- C:Program FilesSkype
2010-06-29 21:25:39 —-D—- C:Program FilesCommon Files
2010-06-29 21:25:36 —-D—- C:Documents and SettingsAll UsersApplication DataSkype
2010-06-28 18:14:13 —-D—- C:Program FilesMozilla Firefox
2010-06-28 17:05:56 —-D—- C:WINDOWSsystem32appmgmt
2010-06-28 17:04:44 —-D—- C:WINDOWSPrefetch
2010-06-28 17:04:16 —-AC—- C:WINDOWSOEWABLog.txt
2010-06-28 17:04:00 —-D—- C:Documents and Settings
2010-06-17 18:19:59 —-D—- C:WINDOWSHelp
2010-06-17 18:18:52 —-D—- C:Program FilesNVIDIA Corporation
2010-06-17 18:18:18 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-06-17 18:18:18 —-D—- C:WINDOWSsystem32ReinstallBackups
2010-06-17 18:18:09 —-D—- C:WINDOWSsystem32drivers
2010-06-17 18:18:06 —-HD—- C:WINDOWSinf
2010-06-17 13:38:22 —-D—- C:Новая папка
2010-06-15 22:36:21 —-HD—- C:Program FilesInstallShield Installation Information
2010-06-11 22:03:29 —-RD—- C:My Documents
2010-06-08 03:57:00 —-A—- C:WINDOWSsystem32OpenCL.dll
2010-06-08 03:57:00 —-A—- C:WINDOWSsystem32nvudisp.exe
2010-06-08 03:57:00 —-A—- C:WINDOWSsystem32nvoglnt.dll
2010-06-08 03:57:00 —-A—- C:WINDOWSsystem32nvcuvid.dll
2010-06-08 03:57:00 —-A—- C:WINDOWSsystem32nvcuvenc.dll
2010-06-08 03:57:00 —-A—- C:WINDOWSsystem32nvcuda.dll
2010-06-08 03:57:00 —-A—- C:WINDOWSsystem32nvcompiler.dll
2010-06-08 03:57:00 —-A—- C:WINDOWSsystem32nvcodins.dll
2010-06-08 03:57:00 —-A—- C:WINDOWSsystem32nvcod.dll
2010-06-08 03:57:00 —-A—- C:WINDOWSsystem32nvapi.dll
2010-06-08 03:57:00 —-A—- C:WINDOWSsystem32nv4_disp.dll
2010-06-03 13:48:26 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2010-06-03 13:47:57 —-D—- C:Program FilesCommon FilesBioWare
2010-06-03 13:27:14 —-RD—- C:Program Files======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; ??C:Program FilesAviraAntiVir Desktopavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2009-03-30 96104]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2002-12-31 40448]
R1 msikbd2k;Multimedia Keyboard Filter Driver; C:WINDOWSSystem32DRIVERSmsikbd2k.sys [2001-12-20 6656]
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2009-05-11 28520]
R1 uziyodu4;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuziyodu4.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2007-04-14 21035]
R2 atksgt;atksgt; C:WINDOWSsystem32DRIVERSatksgt.sys [2009-06-14 279712]
R2 avgntflt;avgntflt; C:WINDOWSsystem32DRIVERSavgntflt.sys [2009-11-25 56816]
R2 CdaC15BA;CdaC15BA; ??C:WINDOWSsystem32driversCDAC15BA.SYS []
R2 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
R2 lirsgt;lirsgt; C:WINDOWSsystem32DRIVERSlirsgt.sys [2009-06-14 25888]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2007-10-09 313856]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2007-06-19 103424]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2004-10-27 138240]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2010-06-08 10531200]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:WINDOWSsystem32driversWmBEnum.sys [2004-04-14 10144]
R3 WmFilter;Logitech WingMan HID Filter Driver; C:WINDOWSsystem32driversWmFilter.sys [2004-04-14 21280]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:WINDOWSsystem32driversWmXlCore.sys [2004-04-14 44064]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2006-07-26 248832]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
S3 ADIDTSFiltService;ADI DTS Filter Service; C:WINDOWSsystem32driversadidts.sys [2006-07-20 139776]
S3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2002-12-31 60800]
S3 GarenaPEngine;GarenaPEngine; ??C:DOCUME~19335~1LOCALS~1TempHPT9CB.tmp []
S3 irsir;Драйвер для инфракрасного последовательного порта Microsoft; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-17 18688]
S3 motmodem;Motorola USB CDC ACM Driver; C:WINDOWSsystem32DRIVERSmotmodem.sys [2007-06-18 23680]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2002-12-31 61824]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2009-10-06 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:WINDOWSsystem32driversnmwcdnsu.sys [2009-10-06 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:WINDOWSsystem32driversnmwcdnsuc.sys [2009-10-06 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:WINDOWSsystem32DRIVERSRTL8187.sys [2006-06-16 176128]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:WINDOWSsystem32DRIVERSs716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:WINDOWSsystem32DRIVERSs716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:WINDOWSsystem32DRIVERSs716unic.sys [2007-04-04 98952]
S3 SjyPkt;SjyPkt; ??C:WINDOWSSystem32DriversSjyPkt.sys []
S3 STIrUsb;STIrUsb.sys USB-IrDA Adapter; C:WINDOWSsystem32DRIVERSstirusb.sys [2001-09-24 30088]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2009-10-06 7936]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2009-10-06 7936]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:WINDOWSsystem32DRIVERSusbsermptxp.sys [2008-05-31 25600]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2008-03-27 503008]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:WINDOWSsystem32driversWmVirHid.sys [2004-04-14 5600]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-01-18 83328]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2010-04-29 691696]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2002-12-31 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Планировщик; C:Program FilesAviraAntiVir Desktopsched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:Program FilesAviraAntiVir Desktopavguard.exe [2009-07-21 185089]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:WINDOWSsystem32driversCDAC11BA.EXE [2008-12-28 54784]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:Program FilesCanonIJPLMIJPLMSVC.EXE [2006-11-10 99936]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2010-03-09 153376]
R2 nhksrv;Netropa NHK Server; C:Program FilesNetropaMultimedia Keyboardnhksrv.exe [2001-08-06 28672]
R2 nvsvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2010-06-07 154728]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2009-12-24 370688]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2002-12-31 14336]
S2 gupdate;Служба Google Update (gupdate); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-07-03 133104]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-03-27 183280]
S2 pr2amnqb;Anstoss 2007 Drivers Auto Removal (pr2amnqb); C:WINDOWSsystem32pr2amnqb.exe [2007-08-02 411000]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Начало — Контентное обновление; C:Program FilesDragon Agebin_shipDAUpdaterSvc.Service.exe [2009-12-16 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Служба общего доступа к портам Net.Tcp; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
info.txt logfile of random’s system information tool 1.06 2010-07-02 19:18:48======Uninstall list======
—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
—>MsiExec /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
µTorrent—>»C:Program FilesuTorrentuTorrent.exe» /UNINSTALL
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 7.0.5 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70500000002}
ANSTOSS 2007—>C:Program FilesInstallShield Installation Information{E95C4F6D-743B-441C-B10A-294363403318}setup.exe
ASUS WiFi-AP Solo—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{8B3F4499-32E6-470D-8586-E6C03420F889}Setup.exe» -l0x9 REMOVE
AutoCAD 2004—>MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}
Autodesk Express Viewer—>C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove
Avanquest update—>»C:Program FilesInstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}Setup.exe» -runfromtemp -l0x0009 -removeonly
Avira AntiVir Personal — Free Antivirus—>C:Program FilesAviraAntiVir Desktopsetup.exe /REMOVE
Camera RAW Plug-In for EPSON Creativity Suite—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}SETUP.EXE» -l0x19 UNINST
Canon i350—>C:WINDOWSsystem32CNMCP53.exe «-PRINTERNAMECanon i350» «-HELPERDLLC:BJPrinterCNMWINDOWSCanon i350 InstallerInst2cnmis.dll» «-RCDLLC:BJPrinterCNMWINDOWSCanon i350 InstallerInst2cnmi0419.dll»
Canon MP Navigator 3.1—>»C:Program FilesCanonMP Navigator 3.1Maint.exe» /UninstallRemove C:Program FilesCanonMP Navigator 3.1uninst.ini
Canon MP140 series — регистрация пользователя—>C:Program FilesCanonIJEREGMP140 seriesUNINST.EXE
Canon MP140 series—>»C:WINDOWSsystem32CanonIJ Uninstaller Information{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_seriesDelDrv.exe» /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series /L0x0019
Canon Utilities Easy-LayoutPrint—>C:Program FilesCanonEasy-LayoutPrintuninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint—>C:Program FilesCanonEasy-PhotoPrintuninst.exe uninst.ini
DISCIPLES III v.1.4—>»C:Program FilesPCGAMEDISCIPLES IIIunins000.exe»
DivX Codec—>C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Content Uploader—>C:Program FilesDivXDivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player—>C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player—>C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
Dragon Age: Начало—>C:Program FilesCommon FilesBioWareUninstall Dragon Age.exe
Empire—>»C:Program FilesInstallShield Installation Information{FAF782E8-2AEC-421D-BA6B-74C2A705E381}setup.exe» -runfromtemp -l0x0419 -removeonly
Empire—>MsiExec.exe /I{FAF782E8-2AEC-421D-BA6B-74C2A705E381}
EPSON Attach To Email—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}SETUP.EXE» -l0x19 UNINST
EPSON File Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2EB81825-E9EE-44F4-8F51-1240C3898DC6}Setup.exe» -l0x19 UNINST
EPSON Print CD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}SETUP.EXE» -l0x19 -SYSTEM
EPSON Printer Software—>C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
EPSON Scan Assistant—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}Setup.exe» -l0x19 -u
EPSON Web-To-Page—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}SETUP.EXE» -l0x19 -anything
ESPR270 Руководство пользователя—>C:Program FilesEPSONTPMANUALESPR270RUSUSE_GDOCUNINS.EXE
EVEREST Ultimate Edition v5.01—>»C:Program FilesLavalysEVEREST Ultimate Editionunins000.exe»
FIFA 10—>MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
Garena—>C:Program FilesInstallShield Installation Information{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}setup.exe -runfromtemp -l0x0019 -removeonly
GOM Player—>»C:Program FilesGRETECHGomPlayerUninstall.exe»
Google Chrome—>»C:Program FilesGoogleChromeApplication5.0.375.99Installersetup.exe» —uninstall —system-level
Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Планета Земля Про—>MsiExec.exe /X{F6C05B70-3972-11DE-AA67-005056806466}
Google Планета Земля—>MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Grand Theft Auto IV—>»C:Program FilesInstallShield Installation Information{579BA58C-F33D-4970-9953-B94B43768AC3}setup.exe» -runfromtemp -l0x0019 -removeonly
High Definition Audio Driver Package — KB888111—>C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe
HiJackThis—>MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
HomePage—>MsiExec.exe /X{AD427252-C069-49F6-A0DC-C3235CF6576D}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
hp LaserJet 1000—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{975C8028-51D8-44A9-9585-82E9810FE96A}Setup.exe»
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 19—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KVIrc—>»C:Program FilesKVIrcuninstall.exe»
Light Alloy 2.4—>»C:ProgramsLight Alloyunins000.exe»
Logitech Gaming Software—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B9242864-2841-4ADE-86E0-8F90F91B04DD}setup.exe» -l0x9
Marvell Miniport Driver—>MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Mass Effect 2—>C:Program FilesCommon FilesBioWareUninstall Mass Effect 2.exe
Mass Effect. Золотое издание—>C:WINDOWSIsUninstR.Exe -fC:PROGRA~1snowball.ruMASSEF~1DeIsL1.isu -cC:PROGRA~1snowball.ruMASSEF~1ME_GOL~1.DLL
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack — RUS—>c:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0 Language Pack — RUSinstall.exe
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Russian Language Pack—>c:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0 Russian Language Packsetup.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>MsiExec.exe /X{855B04CC-4F7A-4FBB-B7BA-D965D23F7AD5}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}
Microsoft Games for Windows — LIVE—>MsiExec.exe /X{F112F66E-25CA-42DD-983C-6118EB38F606}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7—>»C:WINDOWS$NtUninstallWdf01007$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.7—>»C:WINDOWS$NtUninstallWudf01007$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Motorola Driver Installation 3.4.0—>MsiExec.exe /I{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}
Motorola KRZR K1 Screensaver—>C:WINDOWSsystem32Motorola KRZR K1 Screensaver.scr /u
Motorola Phone Tools—>C:Program FilesInstallShield Installation Information{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.6.6)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
Mozilla Sunbird (0.5)—>C:Program FilesMozilla Sunbirduninstalluninst.exe
Mozilla Thunderbird (2.0.0.24)—>C:Program FilesMozilla Thunderbirduninstallhelper.exe
MSVC80_x86_v2—>MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVC90_x86—>MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 6.0 Parser—>MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NevoSoft Azteca (remove only)—>»C:ИгрыAztecauninstall.exe»
Nokia Connectivity Cable Driver—>MsiExec.exe /I{C50EF365-2898-489A-B6C7-30DAA466E9A2}
Nokia Ovi Suite Software Updater—>MsiExec.exe /X{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}
Nokia Ovi Suite—>C:Documents and SettingsAll UsersApplication DataOviInstallerCache{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}Nokia_Ovi_Suite_PCS_Update.exe
Nokia Ovi Suite—>MsiExec.exe /X{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}Nokia_PC_Suite_7_1_40_1_rus.exe
Nokia PC Suite—>MsiExec.exe /I{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}
Nokia Software Updater—>MsiExec.exe /X{7169FA93-66C2-43BD-86E0-CD332A686B29}
NVIDIA Display Control Panel—>C:Program FilesNVIDIA CorporationUninstallnvuninst.exe DisplayControlPanel
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager—>C:Program FilesNVIDIA CorporationnViewnViewSetup.exe -uninstall
NVIDIA PhysX—>MsiExec.exe /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
Office Keyboard—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}setup.exe» -l0x9
OpenAL—>»C:Program FilesOpenALOpenAL.exe» /U
OpenOffice.org Installer 1.0—>MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Ovi Desktop Sync Engine—>MsiExec.exe /X{F1C3541D-5B93-4131-B440-692FBA3DD250}
OviMPlatform—>MsiExec.exe /I{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}
PC Connectivity Solution—>MsiExec.exe /I{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}
PhotoFiltre—>»C:Program FilesPhotoFiltreUninst.exe»
PIXMA Extended Survey Program—>C:Program FilesCanonIJPLMSETUP.EXE -R
Pro Evolution Soccer 2009—>»C:Program FilesPro Evolution Soccer 2009unins000.exe»
Rambler-Ассистент—>»C:Program FilesRambler Assistantuninstall.exe»
RealPlayer—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|12.0
RealUpgrade 1.0—>MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Rise of the Argonauts. В поисках золотого руна—>C:Program FilesInstallShield Installation Information{EF8E3958-DBC8-4400-A41C-0F86FA6A2F99}setup.exe -runfromtemp -l0x0019 -removeonly
Rockstar Games Social Club—>»C:Program FilesInstallShield Installation Information{08B3869E-D282-424C-9AFC-870E04A4BA14}setup.exe» -runfromtemp -l0x0009 -removeonly
SafeCast Shared Components—>C:Program FilesCommon FilesMacrovision SharedSafeCastInstallCDAC13BA.EXE /uninstall
ScanSoft OmniPage SE 4—>MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Silent Hunter 5—>»C:Program FilesInstallShield Installation Information{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}setup.exe» -runfromtemp -l0x0019 -removeonly
Skype Toolbars—>MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony Ericsson PC Suite 4.010.00—>C:Program FilesInstallShield Installation Information{2FFE93F0-BB72-4E52-8761-354D1AAA9387}Setup.exe -runfromtemp -l0x0019 -removeonly
Spybot — Search & Destroy 1.5.2.20—>»C:WINDOWSunins000.exe»
Spybot — Search & Destroy—>»C:Program FilesSpybot — Search & Destroyunins001.exe»
Steam—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab—>C:Program FilesSystemRequirementsLabUninstall.exe
Tom Clancy’s Splinter Cell Conviction—>»C:Program FilesInstallShield Installation Information{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}setup.exe» -runfromtemp -l0x0019 -removeonly
Tropico 3—>»C:Program FilesInstallShield Installation Information{8853CA1D-36AE-49E6-8D6B-637954FCDA4F}setup.exe» -runfromtemp -l0x0419 -removeonly
Tropico 3—>MsiExec.exe /I{8853CA1D-36AE-49E6-8D6B-637954FCDA4F}
Ubisoft Game Launcher—>»C:Program FilesInstallShield Installation Information{888F1505-C2B3-4FDE-835D-36353EBD4754}setup.exe» -runfromtemp -l0x0409 -removeonly
Uniblue RegistryBooster—>»C:Program FilesUniblueRegistryBoosterunins000.exe»
USB-IrDA Adapter—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}Setup.exe» -l0x9
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player Firefox Plugin—>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation Language Pack (RUS)—>MsiExec.exe /X{D83A3DFC-8528-4E31-93DC-0A41C477109C}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation RU Language Pack—>MsiExec.exe /I{1C7ADED3-C371-40DF-A69D-FE0EA73DC394}
Wings of Prey 1.0.3.2—>»C:Program FilesGaijinКрылатые Хищникиunins000.exe»
World of Warcraft—>C:Program FilesCommon FilesBlizzard EntertainmentWorld of WarcraftUninstall.exe
Wow Cartographe 1.09—>C:Program FilesWowCartographeuninst.exe
X-Chat 2.8.0-1—>»C:Program FilesX-Chat 2unins000.exe»
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
yuPlay клиент 0.7.8—>»C:Program FilesGaijinКрылатые ХищникиyuPlayunins000.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Пакет драйверов Windows — Nokia Modem (05/22/2008 3.8)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181Enokia_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (05/22/2008 7.00.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9nokbtmdm.inf
Пакет драйверов Windows — Nokia Modem (06/01/2009 7.01.0.4)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_0777326F40B753DD4E385F058ADB286B70A301FEnokbtmdm.inf
Пакет драйверов Windows — Nokia Modem (10/05/2009 4.2)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokia_blue_AAB746D5658CCF4CAE7A35CED5F0ADA3C447A973nokia_bluetooth.inf
Пакет драйверов Windows — Nokia pccsmcfd (08/22/2008 7.0.0.0)—>C:PROGRA~1DIFXB4723E9A0713E5B1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294pccsmcfd.inf
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office—>MsiExec.exe /X{90120000-0020-0419-0000-0000000FF1CE}
Программа обновлений Google—>»C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe» -uninstall
РПЛ для PES 2009 1.0—>»C:Program FilesPro Evolution Soccer 2009unins001.exe»
Русские комментаторы v1.0 для PES2009—>»C:Program FilesKONAMIPro Evolution Soccer 2009unins000.exe»======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: LANSERCLIENT
Event Code: 7036
Message: Служба «Диспетчер подключений удаленного доступа» перешла в состояние Работает.Record Number: 50811
Source Name: Service Control Manager
Time Written: 20100520210609.000000+240
Event Type: информация
User:Computer Name: LANSERCLIENT
Event Code: 7035
Message: Служба «Диспетчер подключений удаленного доступа» успешно отправила управляющий элемент «запустить».Record Number: 50810
Source Name: Service Control Manager
Time Written: 20100520210609.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: LANSERCLIENT
Event Code: 7036
Message: Служба «Телефония» перешла в состояние Работает.Record Number: 50809
Source Name: Service Control Manager
Time Written: 20100520210609.000000+240
Event Type: информация
User:Computer Name: LANSERCLIENT
Event Code: 7036
Message: Служба «Адаптер производительности WMI» перешла в состояние Остановлена.Record Number: 50808
Source Name: Service Control Manager
Time Written: 20100520210609.000000+240
Event Type: информация
User:Computer Name: LANSERCLIENT
Event Code: 7036
Message: Служба «Служба шлюза уровня приложения» перешла в состояние Работает.Record Number: 50807
Source Name: Service Control Manager
Time Written: 20100520210608.000000+240
Event Type: информация
User:=====Application event log=====
Computer Name: LANSERCLIENT
Event Code: 1
Message: Nokia M Platform 2.6.40 (NLib 0.8.510)Nokia M Data Store opened at location «c:docume~19335~1locals~1tempnokiar~1357682~1DataBaseMDataStore.db3»
Record Number: 27222
Source Name: Nokia M Platform
Time Written: 20100423213513.000000+240
Event Type: информация
User:Computer Name: LANSERCLIENT
Event Code: 1
Message: Nokia M Platform 2.6.40 (NLib 0.8.510)Nokia M Data Store opened at location «c:docume~19335~1locals~1tempnokiar~1357682~1DataBaseMDataStore.db3»
Record Number: 27221
Source Name: Nokia M Platform
Time Written: 20100423213512.000000+240
Event Type: информация
User:Computer Name: LANSERCLIENT
Event Code: 1
Message: Nokia M Platform 2.6.40 (NLib 0.8.510)Nokia M Data Store opened at location «c:docume~19335~1locals~1applic~1nokianokiad~1DataBaseMDataStore.db3»
Record Number: 27220
Source Name: Nokia M Platform
Time Written: 20100423213510.000000+240
Event Type: информация
User:Computer Name: LANSERCLIENT
Event Code: 1
Message: Nokia M Platform 2.6.40 (NLib 0.8.510)Nokia M Data Store opened at location «c:docume~19335~1locals~1applic~1nokianokiad~1DataBaseMDataStore.db3»
Record Number: 27219
Source Name: Nokia M Platform
Time Written: 20100423213509.000000+240
Event Type: информация
User:Computer Name: LANSERCLIENT
Event Code: 4096
Message: Служба AntiVir успешно запущена!Record Number: 27218
Source Name: Avira AntiVir
Time Written: 20100423213503.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=c:Program FilesNVIDIA CorporationPhysXCommon;%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32wbem;C:Program FilesPC Connectivity Solution;C:Program FilesCommon FilesAutodesk Shared
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=0f06
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«RGSCLauncher»=C:GamesGTA IVRockstar Games Social Club
«RGSC»=C:GamesGTA IVRockstar Games Social Club1_0_0_0
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Необходима дополнительная проверка.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Все сделал ComboFix 10-07-01.02 — Администратор 02.07.2010 23:52:15.3.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1603 [GMT 4:00]
Running from: C:Documents and SettingsАдминистраторРабочий столComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:Program FilesCommon Fileskeylog.txt
C:WINDOWSsystem32AAaA40E.exe
C:WINDOWSsystem32EU6989e.exe
C:WINDOWSsystem32kupTIug.exe
C:WINDOWSsystem32LrKtvmp.exe
C:WINDOWSsystem32mEAR8QH.exe
C:WINDOWSsystem32RABPZ8r.exe
C:WINDOWSsystem32UB1HEgi.exe
C:WINDOWSsystem32wfrRMFR.exeInfected copy of C:WINDOWSsystem32msgsvc.dll was found and disinfected
Restored copy from — C:WINDOWSERDNTcachemsgsvc.dll.
((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
.2010-07-02 15:18:23 . 2010-07-02 15:18:48
d
w- C:rsit
2010-06-29 18:56:31 . 2010-06-29 18:56:31 122368 —-a-w- C:WINDOWSsystem329oioZ9C.exe
2010-06-29 18:36:24 . 2010-06-29 18:36:24 122368 —-a-w- C:WINDOWSsystem32q4xDU9T.exe
2010-06-29 17:26:09 . 2010-06-29 17:26:09 56 —ha-w- C:WINDOWSsystem32ezsidmv.dat
2010-06-29 17:26:00 . 2010-06-29 17:26:00
d
w- C:Documents and SettingsАдминистраторApplication DataskypePM
2010-06-29 17:25:39 . 2010-06-29 17:25:39
d
w- C:Program FilesCommon FilesSkype
2010-06-29 17:23:13 . 2010-06-29 17:23:13 122368 —-a-w- C:WINDOWSsystem32NgmETKE.exe
2010-06-17 14:18:21 . 2010-06-17 14:18:21 217180 —-a-w- C:WINDOWSsystem32nvdrsdb0.bin
2010-06-17 14:18:18 . 2010-06-17 14:18:21 1 —-a-w- C:WINDOWSsystem32nvdrssel.bin
2010-06-17 14:18:18 . 2010-06-17 14:18:18 217180 —-a-w- C:WINDOWSsystem32nvdrsdb1.bin
2010-06-15 16:17:38 . 2010-06-17 09:41:56
d
w- C:Program FilesCommon FilesOpera
2010-06-03 10:26:32 . 2010-06-03 10:26:32
d
w- C:Documents and SettingsАдминистраторApplication DataNVIDIA
2010-06-03 09:48:30 . 2010-06-03 09:48:30
d
w- C:WINDOWSC5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-06-03 09:27:14 . 2010-06-03 09:39:17
d
w- C:Program FilesMass Effect 2.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 19:58:33 . 2008-03-03 14:10:13
d
w- C:Program FilesSteam
2010-07-02 19:36:02 . 2007-04-18 20:55:20
d
w- C:Program FilesMozilla Thunderbird
2010-07-02 15:06:56 . 2008-07-29 16:56:08
d
w- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2010-06-29 18:16:23 . 2007-04-18 23:19:00
d
w- C:Documents and SettingsАдминистраторApplication DataSkype
2010-06-29 17:25:39 . 2007-04-18 23:18:46
d
r- C:Program FilesSkype
2010-06-29 17:25:36 . 2007-04-18 23:18:59
d
w- C:Documents and SettingsAll UsersApplication DataSkype
2010-06-17 14:18:52 . 2009-09-01 15:57:13
d
w- C:Program FilesNVIDIA Corporation
2010-06-17 09:54:12 . 2010-05-19 17:49:19 11264 —-a-w- C:WINDOWSsystem32driversuziyodu4.sys
2010-06-15 18:36:21 . 2007-04-14 12:44:47
d—h—w- C:Program FilesInstallShield Installation Information
2010-06-07 13:35:38 . 2010-06-07 13:35:38 81920 —-a-w- C:WINDOWSsystem32nvwddi.dll
2010-06-03 09:48:26 . 2008-11-02 15:30:18
d
w- C:Program FilesCommon FilesWise Installation Wizard
2010-06-03 09:47:57 . 2009-12-04 15:06:12
d
w- C:Program FilesCommon FilesBioWare
2010-05-28 13:29:27 . 2010-05-28 13:29:27 503808 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-nmsvcp71.dll
2010-05-28 13:29:27 . 2010-05-28 13:29:27 499712 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-njmc.dll
2010-05-28 13:29:27 . 2010-05-28 13:29:27 348160 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-nmsvcr71.dll
2010-05-28 13:29:22 . 2010-05-28 13:29:22 61440 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0505535ab32-733fbfe1-ndecora-sse.dll
2010-05-28 13:29:22 . 2010-05-28 13:29:22 12800 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0505535ab32-733fbfe1-ndecora-d3d.dll
2010-05-28 08:58:26 . 2009-06-19 20:16:30 600680 —-a-w- C:WINDOWSsystem32NVUNINST.EXE
2010-05-24 11:12:11 . 2007-04-14 12:35:47 78328 -c—a-w- C:Documents and SettingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-20 12:20:18 . 2009-07-05 07:17:16 22 —-a-w- C:WINDOWSsystem32nvModes.dat
2010-05-19 17:08:26 . 2010-05-19 17:08:25 388096 —-a-r- C:Documents and SettingsАдминистраторApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe
2010-05-19 17:08:25 . 2010-05-19 17:08:25
d
w- C:Program FilesTrend Micro
2010-05-19 16:48:06 . 2008-05-05 17:20:05
d
w- C:Documents and SettingsАдминистраторApplication DataUniblue
2010-05-19 16:48:01 . 2008-05-05 17:19:49
d
w- C:Program FilesUniblue
2010-05-15 08:34:46 . 2010-05-15 05:19:24
d
w- C:Program FilesEMOTIONSOFT
2010-05-15 05:19:26 . 2010-05-15 05:19:26 318 —-a-r- C:Documents and SettingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_DD036E56C627C6BE73B6BA.exe
2010-05-15 05:19:26 . 2010-05-15 05:19:26 318 —-a-r- C:Documents and SettingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_D63278A7B39D64734EEF6D.exe
2010-05-15 05:19:26 . 2010-05-15 05:19:26 318 —-a-r- C:Documents and SettingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_AF703F2E1E9CFA1FF8420A.exe
2010-05-15 05:19:26 . 2010-05-15 05:19:26 318 —-a-r- C:Documents and SettingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_37069BEA580CBFC01CB811.exe
2010-05-14 18:06:24 . 2010-01-12 12:10:21
d
w- C:Documents and SettingsАдминистраторApplication DatauTorrent
2010-05-14 14:18:18 . 2008-07-29 16:56:07
d
w- C:Program FilesGoogle
2010-05-07 15:22:27 . 2008-10-06 13:13:42
d
w- C:Documents and SettingsAll UsersApplication DataUbisoft
2010-05-07 15:05:13 . 2010-04-24 07:27:28
d
w- C:Program FilesUbisoft
2010-04-29 15:04:14 . 2010-04-29 15:04:13 691696 —-a-w- C:WINDOWSsystem32driverssptd.sys
2010-04-09 16:24:22 . 2010-04-09 16:24:22 503808 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-nmsvcp71.dll
2010-04-09 16:24:22 . 2010-04-09 16:24:22 499712 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-njmc.dll
2010-04-09 16:24:22 . 2010-04-09 16:24:22 348160 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-nmsvcr71.dll
2010-04-09 16:24:20 . 2010-04-09 16:24:20 61440 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-3722c5d0-ndecora-sse.dll
2010-04-09 16:24:20 . 2010-04-09 16:24:20 12800 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-3722c5d0-ndecora-d3d.dll
2010-04-04 14:16:26 . 2008-12-14 10:42:38 752224 —-a-w- C:Documents and SettingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-01-30 11:24:34 . 2010-01-30 11:24:42 774144 —-a-w- C:Program FilesRngInterstitial.dll
2007-05-01 09:38:09 . 2007-05-01 08:53:21 21 -c—a-w- C:Program FilesCommon Filesappop.log
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«SpybotSD TeaTimer»=»C:Program FilesSpybot — Search & DestroyTeaTimer.exe» [2009-03-05 12:07:20 2260480]
«Steam»=»C:Program FilesSteamSteam.exe» [2010-05-07 14:51:28 1238352]
«NBJ»=»C:PROGRA~1AheadNEROBA~1NBJ.exe» [2005-05-19 16:38:08 1957888]
«AlcoholAutomount»=»C:Program FilesAlcohol SoftAlcohol 120AxAutoMntSrv.exe» [2009-11-15 09:42:00 33120][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NokiaMServer»=»C:Program FilesCommon FilesNokiaMPlatformNokiaMServer» [X]
«MULTIMEDIA KEYBOARD»=»C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe» [2003-09-30 03:09:30 425984]
«NeroFilterCheck»=»C:WINDOWSsystem32NeroCheck.exe» [2001-07-09 08:50:42 155648]
«SSBkgdUpdate»=»C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» [2006-10-25 06:03:38 210472]
«OpwareSE4″=»C:Program FilesScanSoftOmniPageSE4OpwareSE4.exe» [2007-02-04 09:02:14 79400]
«SoundMAXPnP»=»C:Program FilesAnalog DevicesCoresmax4pnp.exe» [2007-10-09 00:02:32 1036288]
«SunJavaUpdateSched»=»C:Program FilesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 07:43:18 248040]
«avgnt»=»C:Program FilesAviraAntiVir Desktopavgnt.exe» [2009-03-02 09:08:58 209153]
«TkBellExe»=»C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» [2010-03-15 16:39:49 202256]
«nwiz»=»C:Program FilesNVIDIA CorporationnViewnwiz.exe» [2010-06-02 20:48:04 1753192]
«NvCplDaemon»=»C:WINDOWSsystem32NvCpl.dll» [2010-06-07 13:35:22 13902440]
«NvMediaCenter»=»C:WINDOWSsystem32NvMcTray.dll» [2010-06-07 13:35:24 110696][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2002-12-31 12:00:00 15360][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«lanmanworkstation»=2 (0x2)
«lanmanserver»=2 (0x2)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe»=
«C:\Program Files\Steam\Steam.exe»=
«C:\Program Files\Pro Evolution Soccer 2009\pes2009.exe»=
«C:\Games\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe»=
«C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe»=
«C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe»=
«C:\Program Files\ICQ6.5\ICQ.exe»=
«C:\Program Files\Dragon Age\bin_ship\daorigins.exe»=
«C:\Program Files\Dragon Age\DAOriginsLauncher.exe»=
«C:\Program Files\uTorrent\uTorrent.exe»=
«C:\Program Files\Gaijin\Крылатые Хищники\launcher.exe»=
«C:\Program Files\Gaijin\Крылатые Хищники\aces.exe»=
«C:\Program Files\Gaijin\Крылатые Хищники\yuPlay\yuPlay.exe»=
«C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe»=
«C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe»=
«C:\Program Files\Ubisoft\Tom Clancy’s Splinter Cell Conviction\src\system\conviction_game.exe»=
«C:\Program Files\Ubisoft\Tom Clancy’s Splinter Cell Conviction\src\system\gu.exe»=
«C:\Ubisoft\Silent Hunter 5\sh5.exe»=
«C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe»=
«C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe»=
«C:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«C:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«6176:TCP»= 6176:TCPR0 pe3amnqb;Anstoss 2007 Environment Driver (pe3amnqb);C:WINDOWSsystem32driverspe3amnqb.sys [02.08.2007 18:55:27 64632]
R0 ps6amnqb;Anstoss 2007 Synchronization Driver (ps6amnqb);C:WINDOWSsystem32driversps6amnqb.sys [02.08.2007 18:55:00 68224]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:WINDOWSsystem32driversMsikbd2k.sys [19.04.2007 0:23:59 6656]
R1 uziyodu4;AVZ-RK Kernel Driver;C:WINDOWSsystem32driversuziyodu4.sys [19.05.2010 21:49:19 11264]
R2 AntiVirSchedulerService;Avira AntiVir Планировщик;C:Program FilesAviraAntiVir Desktopsched.exe [08.01.2010 13:39:43 108289]
R2 nhksrv;Netropa NHK Server;C:Program FilesNetropaMultimedia Keyboardnhksrv.exe [19.04.2007 0:24:00 28672]
S2 gupdate;Служба Google Update (gupdate);C:Program FilesGoogleUpdateGoogleUpdate.exe [03.07.2009 15:53:51 133104]
S2 pr2amnqb;Anstoss 2007 Drivers Auto Removal (pr2amnqb);C:WINDOWSsystem32pr2amnqb.exe svc —> C:WINDOWSsystem32pr2amnqb.exe svc [?]
S3 DAUpdaterSvc;Dragon Age: Начало — Контентное обновление;C:Program FilesDragon Agebin_shipdaupdatersvc.service.exe [16.12.2009 0:07:16 25832]
S3 GarenaPEngine;GarenaPEngine;??C:DOCUME~19335~1LOCALS~1TempHPT9CB.tmp —> C:DOCUME~19335~1LOCALS~1TempHPT9CB.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:WINDOWSsystem32driversnmwcdnsu.sys [26.12.2009 17:03:51 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:WINDOWSsystem32driversnmwcdnsuc.sys [26.12.2009 17:03:52 8320]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:WINDOWSsystem32driversRTL8187.sys [14.04.2007 16:46:29 176128]
S3 SjyPkt;SjyPkt;C:WINDOWSsystem32driversSjyPkt.sys [14.04.2007 16:46:28 13532]
S4 sptd;sptd;C:WINDOWSsystem32driverssptd.sys [29.04.2010 19:04:13 691696]
.
Contents of the ‘Scheduled Tasks’ folder2010-07-02 C:WINDOWSTasksGoogle Software Updater.job
— C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-07-29 16:56:07 . 2009-03-27 13:31:32]2010-07-02 C:WINDOWSTasksGoogleUpdateTaskMachineCore.job
— C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-07-03 11:53:51 . 2009-07-03 11:53:49]2010-07-02 C:WINDOWSTasksGoogleUpdateTaskMachineUA.job
— C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-07-03 11:53:51 . 2009-07-03 11:53:49]2010-07-02 C:WINDOWSTasksRealUpgradeLogonTaskS-1-5-21-725345543-515967899-2147187605-500.job
— C:Program FilesRealRealUpgraderealupgrade.exe [2010-02-24 19:09:42 . 2010-02-24 19:09:42]2010-07-02 C:WINDOWSTasksRealUpgradeScheduledTaskS-1-5-21-725345543-515967899-2147187605-500.job
— C:Program FilesRealRealUpgraderealupgrade.exe [2010-02-24 19:09:42 . 2010-02-24 19:09:42]2010-05-25 C:WINDOWSTasksUniblue SpeedUpMyPC Nag.job
— C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe [2008-05-05 17:19:49 . 2008-04-02 05:50:22]2008-05-05 C:WINDOWSTasksUniblue SpeedUpMyPC.job
— C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe [2008-05-05 17:19:49 . 2008-04-02 05:50:22]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{DAC5944B-F843-4b90-B605-09DE3360CDE6} — {61772ADE-7CC1-410B-A449-8EEED0930EDE} —
TCP: {048935CF-F262-4B0D-A172-B99BC4215F06} = 94.158.112.5
FF — ProfilePath — C:Documents and SettingsАдминистраторApplication DataMozillaFirefoxProfilesj7ppin35.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://ru.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ru:official
FF — component: C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginFirefoxExtcomponentsnprpffbrowserrecordext.dll
FF — component: C:Program FilesMozilla Firefoxextensions{AB2CE124-6272-4b12-94A9-7303C7397BD1}componentsSkypeFfComponent.dll
FF — plugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: C:Program FilesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: C:Program FilesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — plugin: C:Program FilesMozilla Firefoxpluginsnp-mswmp.dll
FF — plugin: C:Program FilesRealRealArcadePluginsMozillanpracplug.dll—- FIREFOX POLICIES —-
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
C:Program FilesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
C:Program FilesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
C:Program FilesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
C:Program FilesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.
.
File Associations
.
.scr=AutoCADScriptFile
.
— — — — ORPHANS REMOVED — — — —BHO-{422D016D-ACC7-4B28-A90F-437396175B82} — (no file)
BHO-{86AA1341-3F97-42EF-BDF9-F3686C65F729} — (no file)
BHO-{A1F254C7-DD01-4ABC-85CB-E6DFC64A4A74} — (no file)
HKCU-Run-Start WingMan Profiler — (no file)
AddRemove-NVIDIA Display Control Panel — C:Program FilesNVIDIA CorporationUninstallnvuninst.exeCombofix удалил несколько троянов и вариант руткита TDSS.
Нужно ещё немного поработать.Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
File::
C:WINDOWSsystem329oioZ9C.exe
C:WINDOWSsystem32q4xDU9T.exe
C:WINDOWSsystem32NgmETKE.exeЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.Спасибо за помощь! Сделал новый лог ComboFix 10-07-01.02 — Администратор 03.07.2010 21:39:29.4.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1623 [GMT 4:00]
Running from: c:documents and settingsAll UsersДокументыинтернетComboFix.exe
Command switches used :: c:documents and settingsАдминистраторРабочий столCFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}FILE ::
«c:windowssystem329oioZ9C.exe»
«c:windowssystem32NgmETKE.exe»
«c:windowssystem32q4xDU9T.exe»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.Infected copy of c:windowssystem32msgsvc.dll was found and disinfected
Restored copy from — c:windowsERDNTcachemsgsvc.dll.
((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.2010-07-02 15:18 . 2010-07-02 15:18
d
w- C:rsit
2010-06-29 17:26 . 2010-06-29 17:26 56 —ha-w- c:windowssystem32ezsidmv.dat
2010-06-29 17:26 . 2010-06-29 17:26
d
w- c:documents and settingsАдминистраторApplication DataskypePM
2010-06-29 17:25 . 2010-06-29 17:25
d
w- c:program filesCommon FilesSkype
2010-06-17 14:18 . 2010-07-02 23:18 217180 —-a-w- c:windowssystem32nvdrsdb0.bin
2010-06-17 14:18 . 2010-07-02 23:18 1 —-a-w- c:windowssystem32nvdrssel.bin
2010-06-17 14:18 . 2010-07-02 22:49 217180 —-a-w- c:windowssystem32nvdrsdb1.bin
2010-06-15 16:17 . 2010-06-17 09:41
d
w- c:program filesCommon FilesOpera.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 17:46 . 2008-03-03 14:10
d
w- c:program filesSteam
2010-07-03 17:19 . 2007-04-18 20:55
d
w- c:program filesMozilla Thunderbird
2010-07-03 16:50 . 2008-07-29 16:56
d
w- c:documents and settingsAll UsersApplication DataGoogle Updater
2010-06-29 18:16 . 2007-04-18 23:19
d
w- c:documents and settingsАдминистраторApplication DataSkype
2010-06-29 17:25 . 2007-04-18 23:18
d
r- c:program filesSkype
2010-06-29 17:25 . 2007-04-18 23:18
d
w- c:documents and settingsAll UsersApplication DataSkype
2010-06-17 14:18 . 2009-09-01 15:57
d
w- c:program filesNVIDIA Corporation
2010-06-17 09:54 . 2010-05-19 17:49 11264 —-a-w- c:windowssystem32driversuziyodu4.sys
2010-06-15 18:36 . 2007-04-14 12:44
d—h—w- c:program filesInstallShield Installation Information
2010-06-07 13:35 . 2010-06-07 13:35 81920 —-a-w- c:windowssystem32nvwddi.dll
2010-06-03 10:26 . 2010-06-03 10:26
d
w- c:documents and settingsАдминистраторApplication DataNVIDIA
2010-06-03 09:48 . 2008-11-02 15:30
d
w- c:program filesCommon FilesWise Installation Wizard
2010-06-03 09:47 . 2009-12-04 15:06
d
w- c:program filesCommon FilesBioWare
2010-06-03 09:39 . 2010-06-03 09:27
d
w- c:program filesMass Effect 2
2010-05-28 13:29 . 2010-05-28 13:29 503808 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-nmsvcp71.dll
2010-05-28 13:29 . 2010-05-28 13:29 499712 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-njmc.dll
2010-05-28 13:29 . 2010-05-28 13:29 348160 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-nmsvcr71.dll
2010-05-28 13:29 . 2010-05-28 13:29 61440 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0505535ab32-733fbfe1-ndecora-sse.dll
2010-05-28 13:29 . 2010-05-28 13:29 12800 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0505535ab32-733fbfe1-ndecora-d3d.dll
2010-05-28 08:58 . 2009-06-19 20:16 600680 —-a-w- c:windowssystem32NVUNINST.EXE
2010-05-24 11:12 . 2007-04-14 12:35 78328 -c—a-w- c:documents and settingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-20 12:20 . 2009-07-05 07:17 22 —-a-w- c:windowssystem32nvModes.dat
2010-05-19 17:08 . 2010-05-19 17:08 388096 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe
2010-05-19 17:08 . 2010-05-19 17:08
d
w- c:program filesTrend Micro
2010-05-19 16:48 . 2008-05-05 17:20
d
w- c:documents and settingsАдминистраторApplication DataUniblue
2010-05-19 16:48 . 2008-05-05 17:19
d
w- c:program filesUniblue
2010-05-15 08:34 . 2010-05-15 05:19
d
w- c:program filesEMOTIONSOFT
2010-05-15 05:19 . 2010-05-15 05:19 318 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_DD036E56C627C6BE73B6BA.exe
2010-05-15 05:19 . 2010-05-15 05:19 318 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_D63278A7B39D64734EEF6D.exe
2010-05-15 05:19 . 2010-05-15 05:19 318 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_AF703F2E1E9CFA1FF8420A.exe
2010-05-15 05:19 . 2010-05-15 05:19 318 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_37069BEA580CBFC01CB811.exe
2010-05-14 18:06 . 2010-01-12 12:10
d
w- c:documents and settingsАдминистраторApplication DatauTorrent
2010-05-14 14:18 . 2008-07-29 16:56
d
w- c:program filesGoogle
2010-05-07 15:22 . 2008-10-06 13:13
d
w- c:documents and settingsAll UsersApplication DataUbisoft
2010-05-07 15:05 . 2010-04-24 07:27
d
w- c:program filesUbisoft
2010-04-29 15:04 . 2010-04-29 15:04 691696 —-a-w- c:windowssystem32driverssptd.sys
2010-04-09 16:24 . 2010-04-09 16:24 503808 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-nmsvcp71.dll
2010-04-09 16:24 . 2010-04-09 16:24 499712 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-njmc.dll
2010-04-09 16:24 . 2010-04-09 16:24 348160 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-nmsvcr71.dll
2010-04-09 16:24 . 2010-04-09 16:24 61440 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-3722c5d0-ndecora-sse.dll
2010-04-09 16:24 . 2010-04-09 16:24 12800 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-3722c5d0-ndecora-d3d.dll
2010-01-30 11:24 . 2010-01-30 11:24 774144 —-a-w- c:program filesRngInterstitial.dll
2007-05-01 09:38 . 2007-05-01 08:53 21 -c—a-w- c:program filesCommon Filesappop.log
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2009-03-05 2260480]
«Steam»=»c:program filesSteamSteam.exe» [2010-05-07 1238352]
«NBJ»=»c:progra~1AheadNEROBA~1NBJ.exe» [2005-05-19 1957888]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120AxAutoMntSrv.exe» [2009-11-15 33120][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NokiaMServer»=»c:program filesCommon FilesNokiaMPlatformNokiaMServer» [X]
«MULTIMEDIA KEYBOARD»=»c:program filesNetropaMultimedia KeyboardMMKeybd.exe» [2003-09-30 425984]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«SSBkgdUpdate»=»c:program filesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» [2006-10-25 210472]
«OpwareSE4″=»c:program filesScanSoftOmniPageSE4OpwareSE4.exe» [2007-02-04 79400]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2007-10-09 1036288]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2010-03-15 202256]
«nwiz»=»c:program filesNVIDIA CorporationnViewnwiz.exe» [2010-06-02 1753192]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2010-06-07 13902440]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2010-06-07 110696][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2002-12-31 15360][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«lanmanworkstation»=2 (0x2)
«lanmanserver»=2 (0x2)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe»=
«c:\Program Files\Steam\Steam.exe»=
«c:\Program Files\Pro Evolution Soccer 2009\pes2009.exe»=
«c:\Games\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\Dragon Age\bin_ship\daorigins.exe»=
«c:\Program Files\Dragon Age\DAOriginsLauncher.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Gaijin\Крылатые Хищники\launcher.exe»=
«c:\Program Files\Gaijin\Крылатые Хищники\aces.exe»=
«c:\Program Files\Gaijin\Крылатые Хищники\yuPlay\yuPlay.exe»=
«c:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe»=
«c:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe»=
«c:\Program Files\Ubisoft\Tom Clancy’s Splinter Cell Conviction\src\system\conviction_game.exe»=
«c:\Program Files\Ubisoft\Tom Clancy’s Splinter Cell Conviction\src\system\gu.exe»=
«c:\Ubisoft\Silent Hunter 5\sh5.exe»=
«c:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe»=
«c:\Program Files\Mass Effect 2\MassEffect2Launcher.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«6176:TCP»= 6176:TCPR0 pe3amnqb;Anstoss 2007 Environment Driver (pe3amnqb);c:windowssystem32driverspe3amnqb.sys [02.08.2007 18:55 64632]
R0 ps6amnqb;Anstoss 2007 Synchronization Driver (ps6amnqb);c:windowssystem32driversps6amnqb.sys [02.08.2007 18:55 68224]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:windowssystem32driversMsikbd2k.sys [19.04.2007 0:23 6656]
R1 uziyodu4;AVZ-RK Kernel Driver;c:windowssystem32driversuziyodu4.sys [19.05.2010 21:49 11264]
R2 AntiVirSchedulerService;Avira AntiVir Планировщик;c:program filesAviraAntiVir Desktopsched.exe [08.01.2010 13:39 108289]
R2 nhksrv;Netropa NHK Server;c:program filesNetropaMultimedia Keyboardnhksrv.exe [19.04.2007 0:24 28672]
S2 gupdate;Служба Google Update (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [03.07.2009 15:53 133104]
S2 pr2amnqb;Anstoss 2007 Drivers Auto Removal (pr2amnqb);c:windowssystem32pr2amnqb.exe svc —> c:windowssystem32pr2amnqb.exe svc [?]
S3 DAUpdaterSvc;Dragon Age: Начало — Контентное обновление;c:program filesDragon Agebin_shipdaupdatersvc.service.exe [16.12.2009 0:07 25832]
S3 GarenaPEngine;GarenaPEngine;??c:docume~19335~1LOCALS~1TempHPT9CB.tmp —> c:docume~19335~1LOCALS~1TempHPT9CB.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [26.12.2009 17:03 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [26.12.2009 17:03 8320]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187.sys [14.04.2007 16:46 176128]
S3 SjyPkt;SjyPkt;c:windowssystem32driversSjyPkt.sys [14.04.2007 16:46 13532]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [29.04.2010 19:04 691696]
.
Contents of the ‘Scheduled Tasks’ folder2010-07-03 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-07-29 13:31]2010-07-03 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-03 11:53]2010-07-03 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-03 11:53]2010-07-03 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-725345543-515967899-2147187605-500.job
— c:program filesRealRealUpgraderealupgrade.exe [2010-02-24 19:09]2010-07-03 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-725345543-515967899-2147187605-500.job
— c:program filesRealRealUpgraderealupgrade.exe [2010-02-24 19:09]2010-05-25 c:windowsTasksUniblue SpeedUpMyPC Nag.job
— c:program filesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe [2008-05-05 05:50]2008-05-05 c:windowsTasksUniblue SpeedUpMyPC.job
— c:program filesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe [2008-05-05 05:50]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{DAC5944B-F843-4b90-B605-09DE3360CDE6} — {61772ADE-7CC1-410B-A449-8EEED0930EDE} —
TCP: {048935CF-F262-4B0D-A172-B99BC4215F06} = 94.158.112.5
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilesj7ppin35.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://ru.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ru:official
FF — component: c:documents and settingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginFirefoxExtcomponentsnprpffbrowserrecordext.dll
FF — component: c:program filesMozilla Firefoxextensions{AB2CE124-6272-4b12-94A9-7303C7397BD1}componentsSkypeFfComponent.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
FF — plugin: c:program filesRealRealArcadePluginsMozillanpracplug.dll—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.
— — — — ORPHANS REMOVED — — — —BHO-{422D016D-ACC7-4B28-A90F-437396175B82} — (no file)
BHO-{86AA1341-3F97-42EF-BDF9-F3686C65F729} — (no file)
BHO-{A1F254C7-DD01-4ABC-85CB-E6DFC64A4A74} — (no file)
HKCU-Run-Start WingMan Profiler — (no file)
AddRemove-NVIDIA Display Control Panel — c:program filesNVIDIA CorporationUninstallnvuninst.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 21:46
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(2852)
c:program filesScanSoftOmniPageSE4OpHookSE4.dll
c:program filesNetropaMultimedia Keyboardnhkdll.dll
c:windowssystem32WPDShServiceObj.dll
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989MSVCP80.dll
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
c:windowssystem32browselc.dll
c:program filesMicrosoft OfficeOFFICE11msohev.dll
.
Other Running Processes
.
c:windowssystem32nvsvc32.exe
c:program filesAviraAntiVir Desktopavguard.exe
c:windowssystem32driversCDAC11BA.EXE
c:program filesCanonIJPLMIJPLMSVC.EXE
c:program filesJavajre6binjqs.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:windowssystem32wscntfy.exe
c:program filesNetropaMultimedia KeyboardTrayMon.exe
c:program filesNetropaOnscreen DisplayOSD.exe
c:program filesCommon FilesNokiaMPlatformNokiaMServer.exe
c:windowssystem32RUNDLL32.EXE
c:program filesAdobeAcrobat 7.0Readerreader_sl.exe
.
**************************************************************************
.
Completion time: 2010-07-03 21:51:23 — machine was rebooted
ComboFix-quarantined-files.txt 2010-07-03 17:51Pre-Run: 52 870 541 312 байт свободно
Post-Run: 52 864 536 576 байт свободноCurrent=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
— — End Of File — — 1C8B3C1819EA154BC2CE2D7F4A497F09
- Для ответа в этой теме необходимо авторизоваться.
