- This topic has 7 ответов, 2 участника, and was last updated 14 years, 10 months назад by
.
-
Сообщения
-
info.txt logfile of random’s system information tool 1.06 2010-07-04 02:12:11
======Uninstall list======
—>»C:Program FilesCreativeSBAudigy2ZSProgramCtzapxx.EXE» /W /U /S
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{169F8893-C1C5-4847-972C-EA1E008112AC}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{169F8893-C1C5-4847-972C-EA1E008112AC}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{236FADD8-58FD-11D6-A285-00A0CC51B2FE}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{236FADD8-58FD-11D6-A285-00A0CC51B2FE}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{435E969D-867E-4364-8E74-3DC8A69C5BDB}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{435E969D-867E-4364-8E74-3DC8A69C5BDB}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7201B853-5833-11D6-A285-00A0CC51B2FE}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7201B853-5833-11D6-A285-00A0CC51B2FE}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{72A810B1-EE62-455A-A086-E1C9FEDE7F29}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{72A810B1-EE62-455A-A086-E1C9FEDE7F29}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9154ED7C-926E-49CC-B677-0CF3C5267457}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9154ED7C-926E-49CC-B677-0CF3C5267457}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A1185190-514F-11D6-A285-00A0CC51B2FE}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A1185190-514F-11D6-A285-00A0CC51B2FE}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{AC157741-3285-4D6A-B934-9174587A3493}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{AC157741-3285-4D6A-B934-9174587A3493}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B3549608-69D3-11D7-AB2D-0090271A23A2}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B3549608-69D3-11D7-AB2D-0090271A23A2}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}setup.exe» -l0x9 /remove
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FD851F7E-F887-405D-9E1C-488811113EF3}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FD851F7E-F887-405D-9E1C-488811113EF3}setup.exe» -l0x9 /remove
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWS.0INFPCHealth.inf
µTorrent—>»E:softtorrentsuTorrent.exe» /UNINSTALL
Adobe Reader 9 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
AmpliTube Fender—>C:Program FilesInstallShield Installation Information{B178BACA-880B-4D20-85F9-522F7F2DECBE}setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AP Guitar Tuner 1.02—>C:WINDOWS.0uninst.exe -fe:softtuneDeIsL1.isu -ce:softtune_ISREG32.DLL
Apple Application Support—>MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support—>MsiExec.exe /I{B5C3B892-0849-476C-9F46-B12F84819D57}
Apple Software Update—>MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
AV Voice Changer Software DIAMOND 5.0—>E:softAVVCS5~1.0DIUNWISE.EXE E:softAVVCS5~1.0DIINSTALL.LOG
Battlefield: Bad Company™ 2—>MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
Bonjour—>MsiExec.exe /X{76BC2442-0002-47FA-9617-43BAD82BEF4C}
Call of Duty: Modern Warfare 2 — Multiplayer—>»E:steamsteam.exe» steam://uninstall/10190
Call of Duty: Modern Warfare 2—>»E:steamsteam.exe» steam://uninstall/10180
CCleaner (remove only)—>»E:softCCleaneruninst.exe»
Counter-Strike: Source—>»E:steamsteam.exe» steam://uninstall/240
Counter-Strike—>»E:steamsteam.exe» steam://uninstall/10
CSS_Beta_v36—>»E:softCSS_Beta_v36unins000.exe»
Dual-Core Optimizer—>MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
EAX Unified—>C:WINDOWS.0IsUninst.exe -f»C:Program FilesCreativeEAX UnifiedUninst.isu»
F1 99-02—>E:softF199-0~1UNWISE.EXE E:softF199-0~1INSTALL.LOG
Full Tilt Poker—>E:softPOKERuninstall.exe
Guitar Pro 5.2—>»E:softGuitar Pro 5unins000.exe»
HiJackThis—>MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
iTunes—>MsiExec.exe /I{996A2FAA-7514-4628-9D12-A8FC34A0016E}
Java(TM) 6 Update 12—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
K-Lite Mega Codec Pack 1.38—>»C:Program FilesK-Lite Codec Packunins000.exe»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mIRC—>»E:mIRCmIRCmirc.exe» -uninstall
Mozilla Firefox (3.6.3)—>E:softfirefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6—>E:softneronerouninstallUNNERO.exe /UNINSTALL
NVIDIA Drivers—>C:WINDOWS.0system32nvuninst.exe UninstallGUI
Paint.NET v 3.36—>rundll32.exe advpack.dll,LaunchINFSection PaintDN.inf,Uninstall
Portal—>»E:steamsteam.exe» steam://uninstall/400
PunkBuster Services—>C:WINDOWS.0system32pbsvc_bc2.exe -u
QuickTime—>MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Sound Blaster Audigy 2 ZS—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9E2514D9-DC24-4634-B348-61F3EF0F1628}SETUP.EXE» -l0x9
Steam—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2—>»E:steamsteam.exe» steam://uninstall/440
TeamSpeak 3 Client—>»E:softTSuninstall.exe»
Total Commander (Remove or Repair)—>E:softtotalcmdtcuninst.exe
Toy Story 3—>»C:Program FilesInstallShield Installation Information{AAFD160A-2333-40D8-AA25-42D1989CA0F2}setup.exe» -runfromtemp -l0x0009 -removeonly
Tunatic—>»C:WINDOWS.0lsb_un20.exe» /C=UC /N=Tunatic
Unlocker 1.8.9—>E:softUnlockeruninst.exe
Vista Drive Icon—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWS.0INFVistaDrv.inf,Uninstall
Архиватор WinRAR—>E:softraruninstall.exe======System event log======
Computer Name: MICROSOF-8DBA75
Event Code: 7036
Message: Служба «Apple Mobile Device» перешла в состояние Остановлена.Record Number: 1073
Source Name: Service Control Manager
Time Written: 20100418233024.000000+240
Event Type: информация
User:Computer Name: MICROSOF-8DBA75
Event Code: 263
Message: Служба «Apple Mobile Device» может не отменить регистрацию для уведомлений событий устройства перед остановкой службы.Record Number: 1072
Source Name: PlugPlayManager
Time Written: 20100418233024.000000+240
Event Type: предупреждение
User:Computer Name: MICROSOF-8DBA75
Event Code: 7036
Message: Служба «Служба Bonjour» перешла в состояние Остановлена.Record Number: 1071
Source Name: Service Control Manager
Time Written: 20100418233005.000000+240
Event Type: информация
User:Computer Name: MICROSOF-8DBA75
Event Code: 7035
Message: Служба «Служба Bonjour» успешно отправила управляющий элемент «остановить».Logfile of random’s system information tool 1.07 (written by random/random)
Run by Admin at 2010-07-04 02:11:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (73%) free of 30 GB
Total RAM: 2046 MB (78% free)HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
AcroIEHelperShimObj Class — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
C:Program FilesJavajre6binjp2ssv.dll [2010-04-12 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2010-04-12 73728][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWS.0system32NvCpl.dll [2009-01-15 13680640]
«nwiz»=nwiz.exe /install []
«CTxfiHlp»=C:WINDOWS.0system32CTXFIHLP.EXE [2008-02-21 19968]
«amd_dc_opt»=C:Program FilesAMDDual-Core Optimizeramd_dc_opt.exe [2008-07-22 77824]
«CTSysVol»=C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe [2003-09-17 57344]
«NvMediaCenter»=C:WINDOWS.0system32NvMcTray.dll [2009-01-15 86016]
«Adobe Reader Speed Launcher»=E:softAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«UpdReg»=C:WINDOWS.0UpdReg.EXE [2000-05-11 90112]
«SBDrvDet»=C:Program FilesCreativeSB Drive DetSBDrvDet.exe [2002-12-03 45056]
«NeroFilterCheck»=C:WINDOWS.0system32NeroCheck.exe [2006-01-12 155648]
«CTHelper»=C:WINDOWS.0system32CTHELPER.EXE [2003-10-06 24576]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2010-03-17 421888]
«CTDVDDET»=C:Program FilesCreativeSBAudigy2ZSDVDAudioCTDVDDet.EXE [2003-06-18 45056]
«iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe [2010-03-26 142120][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWS.0system32ctfmon.exe [2009-02-19 30208]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«DAEMON Tools Lite»=E:softDAEMON Tools Litedaemon.exe [2009-04-23 691656]
«Steam»=e:steamsteam.exe [2010-05-07 1238352][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
C:Program FilesAnalog DevicesCoresmax4pnp.exe [2007-03-16 868352][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»dfhclfhd.dll,»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWS.0system32wpdshserviceobj.dll [2008-03-02 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWS.0Network Diagnosticxpnetdiag.exe»=»C:WINDOWS.0Network Diagnosticxpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000»
«C:WINDOWS.0system32sessmgr.exe»=»C:WINDOWS.0system32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2010-07-04 02:11:27 —-D—- C:rsit
2010-07-04 02:11:27 —-D—- C:Program Filestrend micro
2010-07-04 02:05:14 —-A—- C:WINDOWS.0system324aDb1Oz.exe
2010-07-04 01:59:19 —-A—- C:WINDOWS.0system32Vr62tjY.exe
2010-07-04 01:46:53 —-A—- C:WINDOWS.0system32zaUynRa.exe
2010-07-04 01:37:08 —-A—- C:WINDOWS.0system32fUSRlnO.exe
2010-07-04 01:28:59 —-A—- C:WINDOWS.0system32il9CGr3.exe
2010-07-04 00:50:42 —-A—- C:WINDOWS.0system32zMv8eAZ.exe
2010-07-03 23:46:25 —-A—- C:WINDOWS.0system32uLHD8Wq.exe
2010-07-03 23:17:50 —-A—- C:WINDOWS.0system32dfhclfhd.dll
2010-07-03 02:34:27 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataHelp
2010-07-03 00:00:03 —-A—- C:WINDOWS.0system32n2JQEkL.exe
2010-07-02 14:57:28 —-A—- C:WINDOWS.0system32sdO2I0H.exe
2010-07-02 14:56:47 —-A—- C:WINDOWS.0system32r2tt2hL.exe
2010-06-29 03:04:14 —-A—- C:WINDOWS.0system32eax.dll
2010-06-29 03:04:11 —-A—- C:WINDOWS.0IsUninst.exe
2010-06-29 02:51:56 —-RA—- C:WINDOWS.0system32MafiaSetup.exe
2010-06-21 02:29:19 —-D—- C:Program FilesCommon FilesFirefox
2010-06-20 20:41:29 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application Datateamspeak2
2010-06-20 20:27:09 —-A—- C:WINDOWS.0ODBC.INI
2010-06-20 20:27:04 —-A—- C:WINDOWS.0system32mdimon.dll
2010-06-20 20:26:08 —-D—- C:Program FilesCommon FilesDESIGNER
2010-06-20 20:26:00 —-D—- C:WINDOWS.0SHELLNEW
2010-06-20 20:25:56 —-D—- C:Program FilesMicrosoft.NET
2010-06-18 21:33:20 —-D—- C:Documents and SettingsAll Users.WINDOWS.0Application DataDAEMON Tools Lite
2010-06-18 21:31:12 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataYandex
2010-06-18 21:31:12 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataOpera
2010-06-18 21:26:41 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataDAEMON Tools Lite
2010-06-17 21:26:29 —-D—- C:Documents and SettingsAll Users.WINDOWS.0Application DataAdobe
2010-06-17 21:26:23 —-D—- C:Program FilesCommon FilesAdobe
2010-06-17 12:09:43 —-D—- C:WINDOWS.0CSC
2010-06-10 09:08:03 —-D—- C:Documents and SettingsAll Users.WINDOWS.0Application DataMSScanAppDataDir
2010-06-10 09:07:23 —-A—- C:WINDOWS.0WORDPAD.INI
2010-06-06 23:20:22 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataTS3Client
2010-06-06 17:13:28 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataThinstall
2010-06-06 15:01:28 —-D—- C:Program FilesCommon FilesOpera======List of files/folders modified in the last 1 months======
2010-07-04 02:11:27 —-RD—- C:Program Files
2010-07-04 02:08:30 —-A—- C:Program FilesCommon Fileskeylog.txt
2010-07-04 02:06:40 —-A—- C:WINDOWS.0NeroDigital.ini
2010-07-04 02:05:14 —-AD—- C:WINDOWS.0system32
2010-07-04 02:05:00 —-D—- C:WINDOWS.0
2010-07-04 02:03:36 —-A—- C:WINDOWS.0SchedLgU.Txt
2010-07-04 01:59:13 —-D—- C:WINDOWS.0Temp
2010-07-04 01:42:41 —-SHD—- C:WINDOWS.0Installer
2010-07-04 01:42:41 —-SD—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataMicrosoft
2010-07-04 01:36:25 —-D—- C:WINDOWS.0system32drivers
2010-07-04 01:15:51 —-D—- C:WINDOWS.0system32CatRoot2
2010-07-04 00:53:51 —-D—- C:WINDOWS.0system32Macromed
2010-07-03 01:34:10 —-A—- C:WINDOWS.0system32msvcsv60.dll
2010-07-02 23:59:11 —-D—- C:Program FilesCommon Files
2010-06-29 03:04:14 —-D—- C:Program FilesCreative
2010-06-27 16:11:39 —-A—- C:WINDOWS.0wincmd.ini
2010-06-27 16:11:12 —-A—- C:WINDOWS.0wcx_ftp.ini
2010-06-22 15:41:36 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DatauTorrent
2010-06-22 02:52:03 —-HD—- C:WINDOWS.0inf
2010-06-22 02:52:03 —-D—- C:WINDOWS.0system32DirectX
2010-06-22 02:43:24 —-HD—- C:Program FilesInstallShield Installation Information
2010-06-21 02:58:35 —-A—- C:WINDOWS.0system32PnkBstrB.exe
2010-06-20 20:26:56 —-RSD—- C:WINDOWS.0assembly
2010-06-20 20:26:52 —-A—- C:WINDOWS.0win.ini
2010-06-20 20:26:35 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2010-06-20 20:26:34 —-RSD—- C:WINDOWS.0Fonts
2010-06-20 20:26:00 —-D—- C:Program FilesCommon FilesSystem
2010-06-20 20:24:34 —-D—- C:WINDOWS.0system
2010-06-17 21:27:05 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataAdobe
2010-06-17 21:26:31 —-D—- C:WINDOWS.0WinSxS
2010-06-17 12:26:34 —-SHD—- C:RECYCLER
2010-06-07 22:37:05 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataApple Computer
2010-06-06 17:13:34 —-SD—- C:Documents and SettingsAll Users.WINDOWS.0Application DataMicrosoft======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 exFat;exFat; C:WINDOWS.0system32driversexFat.sys [2009-01-28 133632]
R2 PfDetNT;PfDetNT; ??C:WINDOWS.0system32driversPfModNT.sys []
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWS.0system32DRIVERSrspndr.sys [2008-10-11 62848]
R3 AmdLLD;AMD Low Level Device Driver; C:WINDOWS.0system32DRIVERSAmdLLD.sys [2007-06-29 34304]
R3 ctac32k;Creative AC3 Software Decoder; C:WINDOWS.0System32driversctac32k.sys [2003-11-05 645392]
R3 ctaud2k;Creative Audio Driver (WDM); C:WINDOWS.0system32driversctaud2k.sys [2003-11-19 366160]
R3 ctprxy2k;Creative Proxy Driver; C:WINDOWS.0System32driversctprxy2k.sys [2003-10-08 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:WINDOWS.0System32driversctsfm2k.sys [2003-10-08 130288]
R3 E100B;Intel PRO адаптер, драйвер; C:WINDOWS.0system32DRIVERSe100b325.sys [2001-10-20 117760]
R3 emupia;E-mu Plug-in Architecture Driver; C:WINDOWS.0System32driversemupia2k.sys [2003-10-13 145488]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWS.0system32DRIVERSGEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:WINDOWS.0System32driversha10kx2k.sys [2003-10-21 904496]
R3 hap16v2k;Creative P16V HAL Driver; C:WINDOWS.0System32drivershap16v2k.sys [2003-10-21 148432]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWS.0system32DRIVERShidusb.sys [2008-04-15 10368]
R3 mouhid;Драйвер мыши HID; C:WINDOWS.0system32DRIVERSmouhid.sys [2008-04-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWS.0system32DRIVERSASACPI.sys [2006-02-26 5810]
R3 nv;nv; C:WINDOWS.0system32DRIVERSnv4_mini.sys [2009-01-15 6301248]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWS.0system32DRIVERSnvnetbus.sys [2007-10-12 22016]
R3 ossrv;Creative OS Services Driver; C:WINDOWS.0system32driversctoss2k.sys [2003-10-08 178672]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWS.0system32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWS.0system32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWS.0system32DRIVERSusbohci.sys [2008-04-15 17152]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWS.0system32driversADIHdAud.sys [2007-05-18 304640]
S3 AEAudio;AE Audio Service; C:WINDOWS.0system32driversAEAudio.sys [2007-05-18 94848]
S3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWS.0system32DRIVERSarp1394.sys [2009-02-19 60800]
S3 avnwh1tf;avnwh1tf; C:WINDOWS.0system32driversavnwh1tf.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; C:WINDOWS.0system32COMMONFX.DLL [2003-10-06 114688]
S3 CT20XUT.DLL;CT20XUT.DLL; C:WINDOWS.0system32CT20XUT.DLL [2008-02-25 170520]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:WINDOWS.0system32CTAUDFX.DLL [2003-11-18 585728]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:WINDOWS.0System32driversctdvda2k.sys [2003-10-14 332800]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:WINDOWS.0system32CTEAPSFX.DLL [2008-02-25 174104]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:WINDOWS.0system32CTEDSPFX.DLL [2008-02-25 286232]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:WINDOWS.0system32CTEDSPIO.DLL [2008-02-25 134680]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:WINDOWS.0system32CTEDSPSY.DLL [2008-02-25 329240]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:WINDOWS.0system32CTERFXFX.DLL [2008-02-25 100888]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:WINDOWS.0system32CTEXFIFX.DLL [2008-02-25 1323544]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:WINDOWS.0system32CTHWIUT.DLL [2008-02-25 72728]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:WINDOWS.0system32CTSBLFX.DLL [2003-10-06 606208]
S3 hap17v2k;Creative P17V HAL Driver; C:WINDOWS.0system32drivershap17v2k.sys [2008-02-25 189464]
S3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWS.0system32DRIVERSHDAudBus.sys [2008-04-15 144384]
S3 NIC1394;Сетевой драйвер 1394; C:WINDOWS.0system32DRIVERSnic1394.sys [2009-02-19 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWS.0system32DRIVERSNVENETFD.sys [2007-10-12 54144]
S3 SenFiltService;SenFilt Service; C:WINDOWS.0system32driversSenfilt.sys [2006-03-17 392960]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWS.0System32Driversusbaapl.sys [2009-10-16 41472]
S3 usbscan;Драйвер USB-сканера; C:WINDOWS.0system32DRIVERSusbscan.sys [2008-04-14 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWS.0system32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWS.0system32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWS.0system32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 IntelIde;IntelIde; C:WINDOWS.0system32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [2010-03-19 144672]
R2 Bonjour Service;Служба Bonjour; C:Program FilesBonjourmDNSResponder.exe [2010-02-12 345376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:WINDOWS.0system32CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2010-04-12 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWS.0system32nvsvc32.exe [2009-01-15 163908]
R2 PnkBstrA;PnkBstrA; C:WINDOWS.0system32PnkBstrA.exe [2010-05-22 75064]
R2 PnkBstrB;PnkBstrB; C:WINDOWS.0system32PnkBstrB.exe [2010-06-21 218808]
R2 WMDM PMSP Service;WMDM PMSP Service; C:WINDOWS.0system32MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2010-03-26 545576]
S3 aspnet_state;ASP.NET State Service; C:WINDOWS.0Microsoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWS.0Microsoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWS.0system32svchost.exe [2008-04-15 14336]
EOF
Здравствуйте!
Добро пожаловать на Spyware-ru форум.
Вы выложили только инфо файл, не хватает самого лога. В папке «Локальный диск» должна быть папка под названием «rsit», в ней два текстовых файла лог и инфо. Откройте файл лог, скопируйте его информацию и добавьте её в вашу тему.Logfile of random’s system information tool 1.07 (written by random/random)
Run by Admin at 2010-07-04 15:29:37
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (73%) free of 30 GB
Total RAM: 2046 MB (68% free)HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
AcroIEHelperShimObj Class — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
C:Program FilesJavajre6binjp2ssv.dll [2010-04-12 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2010-04-12 73728][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWS.0system32NvCpl.dll [2009-01-15 13680640]
«nwiz»=nwiz.exe /install []
«CTxfiHlp»=C:WINDOWS.0system32CTXFIHLP.EXE [2008-02-21 19968]
«amd_dc_opt»=C:Program FilesAMDDual-Core Optimizeramd_dc_opt.exe [2008-07-22 77824]
«CTSysVol»=C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe [2003-09-17 57344]
«NvMediaCenter»=C:WINDOWS.0system32NvMcTray.dll [2009-01-15 86016]
«Adobe Reader Speed Launcher»=E:softAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«UpdReg»=C:WINDOWS.0UpdReg.EXE [2000-05-11 90112]
«SBDrvDet»=C:Program FilesCreativeSB Drive DetSBDrvDet.exe [2002-12-03 45056]
«NeroFilterCheck»=C:WINDOWS.0system32NeroCheck.exe [2006-01-12 155648]
«CTHelper»=C:WINDOWS.0system32CTHELPER.EXE [2003-10-06 24576]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2010-03-17 421888]
«CTDVDDET»=C:Program FilesCreativeSBAudigy2ZSDVDAudioCTDVDDet.EXE [2003-06-18 45056]
«iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe [2010-03-26 142120][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWS.0system32ctfmon.exe [2009-02-19 30208]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«DAEMON Tools Lite»=E:softDAEMON Tools Litedaemon.exe [2009-04-23 691656]
«Steam»=e:steamsteam.exe [2010-05-07 1238352][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
C:Program FilesAnalog DevicesCoresmax4pnp.exe [2007-03-16 868352][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»dfhclfhd.dll,»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWS.0system32wpdshserviceobj.dll [2008-03-02 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWS.0Network Diagnosticxpnetdiag.exe»=»C:WINDOWS.0Network Diagnosticxpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000»
«C:WINDOWS.0system32sessmgr.exe»=»C:WINDOWS.0system32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«E:steamSteamAppswicker450counter-strikehl.exe»=»E:steamSteamAppswicker450counter-strikehl.exe:*:Enabled:Counter-Strike»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2010-07-04 02:11:27 —-D—- C:rsit
2010-07-04 02:11:27 —-D—- C:Program Filestrend micro
2010-07-04 02:05:14 —-A—- C:WINDOWS.0system324aDb1Oz.exe
2010-07-04 01:59:19 —-A—- C:WINDOWS.0system32Vr62tjY.exe
2010-07-04 01:46:53 —-A—- C:WINDOWS.0system32zaUynRa.exe
2010-07-04 01:37:08 —-A—- C:WINDOWS.0system32fUSRlnO.exe
2010-07-04 01:28:59 —-A—- C:WINDOWS.0system32il9CGr3.exe
2010-07-04 00:50:42 —-A—- C:WINDOWS.0system32zMv8eAZ.exe
2010-07-03 23:46:25 —-A—- C:WINDOWS.0system32uLHD8Wq.exe
2010-07-03 23:17:50 —-A—- C:WINDOWS.0system32dfhclfhd.dll
2010-07-03 02:34:27 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataHelp
2010-07-03 00:00:03 —-A—- C:WINDOWS.0system32n2JQEkL.exe
2010-07-02 14:57:28 —-A—- C:WINDOWS.0system32sdO2I0H.exe
2010-07-02 14:56:47 —-A—- C:WINDOWS.0system32r2tt2hL.exe
2010-06-29 03:04:14 —-A—- C:WINDOWS.0system32eax.dll
2010-06-29 03:04:11 —-A—- C:WINDOWS.0IsUninst.exe
2010-06-29 02:51:56 —-RA—- C:WINDOWS.0system32MafiaSetup.exe
2010-06-21 02:29:19 —-D—- C:Program FilesCommon FilesFirefox
2010-06-20 20:41:29 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application Datateamspeak2
2010-06-20 20:27:09 —-A—- C:WINDOWS.0ODBC.INI
2010-06-20 20:27:04 —-A—- C:WINDOWS.0system32mdimon.dll
2010-06-20 20:26:08 —-D—- C:Program FilesCommon FilesDESIGNER
2010-06-20 20:26:00 —-D—- C:WINDOWS.0SHELLNEW
2010-06-20 20:25:56 —-D—- C:Program FilesMicrosoft.NET
2010-06-18 21:33:20 —-D—- C:Documents and SettingsAll Users.WINDOWS.0Application DataDAEMON Tools Lite
2010-06-18 21:31:12 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataYandex
2010-06-18 21:31:12 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataOpera
2010-06-18 21:26:41 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataDAEMON Tools Lite
2010-06-17 21:26:29 —-D—- C:Documents and SettingsAll Users.WINDOWS.0Application DataAdobe
2010-06-17 21:26:23 —-D—- C:Program FilesCommon FilesAdobe
2010-06-17 12:09:43 —-D—- C:WINDOWS.0CSC
2010-06-10 09:08:03 —-D—- C:Documents and SettingsAll Users.WINDOWS.0Application DataMSScanAppDataDir
2010-06-10 09:07:23 —-A—- C:WINDOWS.0WORDPAD.INI
2010-06-06 23:20:22 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataTS3Client
2010-06-06 17:13:28 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataThinstall
2010-06-06 15:01:28 —-D—- C:Program FilesCommon FilesOpera======List of files/folders modified in the last 1 months======
2010-07-04 10:58:49 —-A—- C:WINDOWS.0NeroDigital.ini
2010-07-04 04:20:59 —-A—- C:Program FilesCommon Fileskeylog.txt
2010-07-04 03:44:09 —-SD—- C:WINDOWS.0Downloaded Program Files
2010-07-04 03:43:56 —-D—- C:WINDOWS.0
2010-07-04 02:21:30 —-D—- C:WINDOWS.0system32CatRoot2
2010-07-04 02:21:29 —-D—- C:WINDOWS.0system32drivers
2010-07-04 02:11:27 —-RD—- C:Program Files
2010-07-04 02:05:14 —-AD—- C:WINDOWS.0system32
2010-07-04 02:05:08 —-D—- C:WINDOWS.0Temp
2010-07-04 02:03:36 —-A—- C:WINDOWS.0SchedLgU.Txt
2010-07-04 01:42:41 —-SHD—- C:WINDOWS.0Installer
2010-07-04 01:42:41 —-SD—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataMicrosoft
2010-07-04 00:53:51 —-D—- C:WINDOWS.0system32Macromed
2010-07-03 01:34:10 —-A—- C:WINDOWS.0system32msvcsv60.dll
2010-07-02 23:59:11 —-D—- C:Program FilesCommon Files
2010-06-29 03:04:14 —-D—- C:Program FilesCreative
2010-06-27 16:11:39 —-A—- C:WINDOWS.0wincmd.ini
2010-06-27 16:11:12 —-A—- C:WINDOWS.0wcx_ftp.ini
2010-06-22 15:41:36 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DatauTorrent
2010-06-22 02:52:03 —-HD—- C:WINDOWS.0inf
2010-06-22 02:52:03 —-D—- C:WINDOWS.0system32DirectX
2010-06-22 02:43:24 —-HD—- C:Program FilesInstallShield Installation Information
2010-06-21 02:58:35 —-A—- C:WINDOWS.0system32PnkBstrB.exe
2010-06-20 20:26:56 —-RSD—- C:WINDOWS.0assembly
2010-06-20 20:26:52 —-A—- C:WINDOWS.0win.ini
2010-06-20 20:26:35 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2010-06-20 20:26:34 —-RSD—- C:WINDOWS.0Fonts
2010-06-20 20:26:00 —-D—- C:Program FilesCommon FilesSystem
2010-06-20 20:24:34 —-D—- C:WINDOWS.0system
2010-06-17 21:27:05 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataAdobe
2010-06-17 21:26:31 —-D—- C:WINDOWS.0WinSxS
2010-06-17 12:26:34 —-SHD—- C:RECYCLER
2010-06-07 22:37:05 —-D—- C:Documents and SettingsAdmin.MICROSOF-8DBA75Application DataApple Computer
2010-06-06 17:13:34 —-SD—- C:Documents and SettingsAll Users.WINDOWS.0Application DataMicrosoft======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 exFat;exFat; C:WINDOWS.0system32driversexFat.sys [2009-01-28 133632]
R2 PfDetNT;PfDetNT; ??C:WINDOWS.0system32driversPfModNT.sys []
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWS.0system32DRIVERSrspndr.sys [2008-10-11 62848]
R3 AmdLLD;AMD Low Level Device Driver; C:WINDOWS.0system32DRIVERSAmdLLD.sys [2007-06-29 34304]
R3 ctac32k;Creative AC3 Software Decoder; C:WINDOWS.0System32driversctac32k.sys [2003-11-05 645392]
R3 ctaud2k;Creative Audio Driver (WDM); C:WINDOWS.0system32driversctaud2k.sys [2003-11-19 366160]
R3 ctprxy2k;Creative Proxy Driver; C:WINDOWS.0System32driversctprxy2k.sys [2003-10-08 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:WINDOWS.0System32driversctsfm2k.sys [2003-10-08 130288]
R3 E100B;Intel PRO адаптер, драйвер; C:WINDOWS.0system32DRIVERSe100b325.sys [2001-10-20 117760]
R3 emupia;E-mu Plug-in Architecture Driver; C:WINDOWS.0System32driversemupia2k.sys [2003-10-13 145488]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWS.0system32DRIVERSGEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:WINDOWS.0System32driversha10kx2k.sys [2003-10-21 904496]
R3 hap16v2k;Creative P16V HAL Driver; C:WINDOWS.0System32drivershap16v2k.sys [2003-10-21 148432]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWS.0system32DRIVERShidusb.sys [2008-04-15 10368]
R3 mouhid;Драйвер мыши HID; C:WINDOWS.0system32DRIVERSmouhid.sys [2008-04-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWS.0system32DRIVERSASACPI.sys [2006-02-26 5810]
R3 nv;nv; C:WINDOWS.0system32DRIVERSnv4_mini.sys [2009-01-15 6301248]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWS.0system32DRIVERSnvnetbus.sys [2007-10-12 22016]
R3 ossrv;Creative OS Services Driver; C:WINDOWS.0system32driversctoss2k.sys [2003-10-08 178672]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWS.0system32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWS.0system32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWS.0system32DRIVERSusbohci.sys [2008-04-15 17152]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWS.0system32driversADIHdAud.sys [2007-05-18 304640]
S3 AEAudio;AE Audio Service; C:WINDOWS.0system32driversAEAudio.sys [2007-05-18 94848]
S3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWS.0system32DRIVERSarp1394.sys [2009-02-19 60800]
S3 avnwh1tf;avnwh1tf; C:WINDOWS.0system32driversavnwh1tf.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; C:WINDOWS.0system32COMMONFX.DLL [2003-10-06 114688]
S3 CT20XUT.DLL;CT20XUT.DLL; C:WINDOWS.0system32CT20XUT.DLL [2008-02-25 170520]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:WINDOWS.0system32CTAUDFX.DLL [2003-11-18 585728]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:WINDOWS.0System32driversctdvda2k.sys [2003-10-14 332800]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:WINDOWS.0system32CTEAPSFX.DLL [2008-02-25 174104]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:WINDOWS.0system32CTEDSPFX.DLL [2008-02-25 286232]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:WINDOWS.0system32CTEDSPIO.DLL [2008-02-25 134680]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:WINDOWS.0system32CTEDSPSY.DLL [2008-02-25 329240]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:WINDOWS.0system32CTERFXFX.DLL [2008-02-25 100888]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:WINDOWS.0system32CTEXFIFX.DLL [2008-02-25 1323544]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:WINDOWS.0system32CTHWIUT.DLL [2008-02-25 72728]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:WINDOWS.0system32CTSBLFX.DLL [2003-10-06 606208]
S3 hap17v2k;Creative P17V HAL Driver; C:WINDOWS.0system32drivershap17v2k.sys [2008-02-25 189464]
S3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWS.0system32DRIVERSHDAudBus.sys [2008-04-15 144384]
S3 NIC1394;Сетевой драйвер 1394; C:WINDOWS.0system32DRIVERSnic1394.sys [2009-02-19 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWS.0system32DRIVERSNVENETFD.sys [2007-10-12 54144]
S3 SenFiltService;SenFilt Service; C:WINDOWS.0system32driversSenfilt.sys [2006-03-17 392960]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWS.0System32Driversusbaapl.sys [2009-10-16 41472]
S3 usbscan;Драйвер USB-сканера; C:WINDOWS.0system32DRIVERSusbscan.sys [2008-04-14 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWS.0system32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWS.0system32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWS.0system32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 IntelIde;IntelIde; C:WINDOWS.0system32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [2010-03-19 144672]
R2 Bonjour Service;Служба Bonjour; C:Program FilesBonjourmDNSResponder.exe [2010-02-12 345376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:WINDOWS.0system32CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2010-04-12 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWS.0system32nvsvc32.exe [2009-01-15 163908]
R2 PnkBstrA;PnkBstrA; C:WINDOWS.0system32PnkBstrA.exe [2010-05-22 75064]
R2 PnkBstrB;PnkBstrB; C:WINDOWS.0system32PnkBstrB.exe [2010-06-21 218808]
R2 WMDM PMSP Service;WMDM PMSP Service; C:WINDOWS.0system32MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2010-03-26 545576]
S3 aspnet_state;ASP.NET State Service; C:WINDOWS.0Microsoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWS.0Microsoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWS.0system32svchost.exe [2008-04-15 14336]
EOF
К сожалению лог не полный, не хватает начльной информации лог файла. Давайте сделаем так. Скачайте вот эту программу: HijackThis, сохраните на рабочем столе. Запустите её двойным кликом, нажмите «I Accept» затем кнопку «Do a system scan and save logfile», файл должен сохранится на рабочем столе, откройте его и содержимое этого файла вставте в вашей теме.
P.S. Эта программа одна из составляющих программы RSIT.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:41:09, on 04.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: NormalRunning processes:
C:WINDOWS.0System32smss.exe
C:WINDOWS.0system32winlogon.exe
C:WINDOWS.0system32services.exe
C:WINDOWS.0system32lsass.exe
C:WINDOWS.0system32svchost.exe
C:WINDOWS.0System32svchost.exe
C:WINDOWS.0system32spoolsv.exe
C:WINDOWS.0Explorer.EXE
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWS.0system32CTsvcCDA.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWS.0system32nvsvc32.exe
C:WINDOWS.0system32PnkBstrA.exe
C:WINDOWS.0system32PnkBstrB.exe
C:WINDOWS.0system32svchost.exe
C:WINDOWS.0system32MsPMSPSv.exe
C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe
C:WINDOWS.0system32RUNDLL32.EXE
C:WINDOWS.0system32CTHELPER.EXE
C:Program FilesCreativeSBAudigy2ZSDVDAudioCTDVDDet.EXE
C:WINDOWS.0System32svchost.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWS.0system32ctfmon.exe
C:Program FilesVistaDriveIconVistaDrv.exe
E:softDAEMON Tools Litedaemon.exe
E:steamsteam.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWS.0system32drwtsn32.exe
C:WINDOWS.0system32drwtsn32.exe
C:WINDOWS.0system32drwtsn32.exe
E:softQIPqip.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesWindows Media Playerwmplayer.exe
E:softhijaTrend MicroHiJackThisHiJackThis.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://kino.local/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.zvercd.com/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 — REG:system.ini: UserInit=C:WINDOWS.0system32userinit.exe,C:WINDOWS.0system327abdc53d.exe,\?globalrootsystemrootsystem32r2tt2hL.exe,
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWS.0system32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [CTxfiHlp] CTXFIHLP.EXE
O4 — HKLM..Run: [amd_dc_opt] C:Program FilesAMDDual-Core Optimizeramd_dc_opt.exe
O4 — HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe /r
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWS.0system32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «E:softAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [UpdReg] C:WINDOWS.0UpdReg.EXE
O4 — HKLM..Run: [SBDrvDet] C:Program FilesCreativeSB Drive DetSBDrvDet.exe /r
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWS.0system32NeroCheck.exe
O4 — HKLM..Run: [CTHelper] CTHELPER.EXE
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [CTDVDDET] C:Program FilesCreativeSBAudigy2ZSDVDAudioCTDVDDet.EXE
O4 — HKLM..Run: [iTunesHelper] «C:Program FilesiTunesiTunesHelper.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWS.0system32ctfmon.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [DAEMON Tools Lite] «E:softDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [Steam] «e:steamsteam.exe» -silent
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWS.0system32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:’Creative SoundFont Synthesizer’ /w:’SB Audigy’ (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://E:softofficeOFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Google ВикиКомментарии… — res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 — AppInit_DLLs: dfhclfhd.dll,
O22 — SharedTaskScheduler: Демон кэша категорий компонентов — {8C7461EF-2B13-11d2-BE35-3078302C2030} — (no file)
O22 — SharedTaskScheduler: Предзагрузчик Browseui — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — (no file)
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 — Service: Служба Bonjour (Bonjour Service) — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Creative Service for CDROM Access — Creative Technology Ltd — C:WINDOWS.0system32CTsvcCDA.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWS.0system32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWS.0system32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWS.0system32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWS.0system32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWS.0system32PnkBstrA.exe
O23 — Service: PnkBstrB — Unknown owner — C:WINDOWS.0system32PnkBstrB.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWS.0system32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWS.0System32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWS.0system32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWS.0System32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWS.0system32wbemwmiapsrv.exe—
End of file — 8392 bytes
вроде ничего не забыл 🙄combofix показал такой лог
ComboFix 10-07-04.04 — Admin 05.07.2010 18:17:52.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.1646 [GMT 4:00]
Running from: c:documents and settingsAdmin.MICROSOF-8DBA75Рабочий столco.exe
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll Users.WINDOWS.0Application DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll Users.WINDOWS.0Application DataMicrosoftNetworkDownloaderqmgr1.dat
c:program filesCommon Fileskeylog.txt
c:windows.0Delete.bat
c:windows.0system32Пузыри.scr
c:windows.0system32msvcsv60.dll
c:windows.0system32n2JQEkL.exe
c:windows.0system32r2tt2hL.exe
c:windows.0system32sdO2I0H.exe
c:windows.0system32ssField Lines.scr
c:windows.0system32ssRibbons.scr
c:windows.0system32SYSINTERNALS_BLUESCREEN.SCR
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.2010-07-05 13:39 . 2010-07-05 13:39 113152 —-a-w- c:windows.0system32JqaP6T3.exe
2010-07-03 22:11 . 2010-07-03 22:12
d
w- C:rsit
2010-07-03 22:11 . 2010-07-03 22:11
d
w- c:program filestrend micro
2010-07-03 22:05 . 2010-07-03 22:05 116736 —-a-w- c:windows.0system324aDb1Oz.exe
2010-07-03 21:59 . 2010-07-03 21:59 116736 —-a-w- c:windows.0system32Vr62tjY.exe
2010-07-03 21:46 . 2010-07-03 21:46 116736 —-a-w- c:windows.0system32zaUynRa.exe
2010-07-03 21:42 . 2010-07-03 21:42 388096 —-a-r- c:documents and settingsAdmin.MICROSOF-8DBA75Application DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe
2010-07-03 21:37 . 2010-07-03 21:37 116736 —-a-w- c:windows.0system32fUSRlnO.exe
2010-07-03 21:28 . 2010-07-03 21:28 116736 —-a-w- c:windows.0system32il9CGr3.exe
2010-07-03 20:50 . 2010-07-03 20:50 116736 —-a-w- c:windows.0system32zMv8eAZ.exe
2010-07-03 19:46 . 2010-07-03 19:46 116736 —-a-w- c:windows.0system32uLHD8Wq.exe
2010-07-03 19:17 . 2010-07-03 19:17 65536 —-a-w- c:windows.0system32dfhclfhd.dll
2010-07-02 22:34 . 2010-07-02 22:34
d
w- c:documents and settingsAdmin.MICROSOF-8DBA75Local SettingsApplication DataHelp
2010-06-28 23:04 . 2002-06-06 10:38 139264 —-a-w- c:windows.0system32eax.dll
2010-06-28 23:04 . 1998-10-29 12:45 306688 —-a-w- c:windows.0IsUninst.exe
2010-06-28 22:51 . 2003-04-16 12:49 233472 —-a-r- c:windows.0system32MafiaSetup.exe
2010-06-20 22:29 . 2010-06-26 11:08
d
w- c:program filesCommon FilesFirefox
2010-06-20 16:41 . 2010-06-20 16:41
d
w- c:documents and settingsAdmin.MICROSOF-8DBA75Application Datateamspeak2
2010-06-20 16:27 . 2003-06-18 21:31 18944 —-a-w- c:windows.0system32Spoolprtprocsw32x86mdippr.dll
2010-06-20 16:27 . 2003-06-18 21:31 17920 —-a-w- c:windows.0system32mdimon.dll
2010-06-20 16:26 . 2010-06-20 16:26
d
w- c:windows.0SHELLNEW
2010-06-20 16:25 . 2010-06-20 16:25
d
w- c:program filesMicrosoft.NET
2010-06-18 17:33 . 2010-06-18 17:33
d
w- c:documents and settingsAll Users.WINDOWS.0Application DataDAEMON Tools Lite
2010-06-18 17:31 . 2010-06-18 18:17
d
w- c:documents and settingsAdmin.MICROSOF-8DBA75Local SettingsApplication DataYandex
2010-06-18 17:31 . 2010-06-24 10:01
d
w- c:documents and settingsAdmin.MICROSOF-8DBA75Application DataYandex
2010-06-18 17:26 . 2010-06-18 17:34
d
w- c:documents and settingsAdmin.MICROSOF-8DBA75Application DataDAEMON Tools Lite
2010-06-17 17:27 . 2010-06-17 17:27
d
w- c:documents and settingsAdmin.MICROSOF-8DBA75Local SettingsApplication DataAdobe
2010-06-17 17:26 . 2010-06-17 17:26
d
w- c:program filesCommon FilesAdobe
2010-06-17 08:29 . 2010-06-17 08:29
d
w- c:documents and settingsГостьDoctorWeb
2010-06-13 15:43 . 2010-06-13 15:56
d
w- c:documents and settingsAdmin.MICROSOF-8DBA75Local SettingsApplication Datatemp
2010-06-12 08:24 . 2010-06-12 08:24 8688 —ha-w- c:windows.0system32mlfcache.dat
2010-06-10 05:08 . 2010-06-10 05:08
d
w- c:documents and settingsAll Users.WINDOWS.0Application DataMSScanAppDataDir
2010-06-06 19:20 . 2010-06-06 19:21
d
w- c:documents and settingsAdmin.MICROSOF-8DBA75Application DataTS3Client
2010-06-06 13:13 . 2010-06-06 13:13
d
w- c:documents and settingsAdmin.MICROSOF-8DBA75Application DataThinstall
2010-06-06 11:01 . 2010-06-17 08:42
d
w- c:program filesCommon FilesOpera.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 14:14 . 2010-05-01 21:54 384 —-a-w- c:windows.0system32DVCStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.dat
2010-07-05 14:14 . 2010-05-01 21:54 384 —-a-w- c:windows.0system32DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.dat
2010-07-02 21:34 . 2010-04-24 03:41 16 —-a-w- c:windows.0msocreg32.dat
2010-06-28 23:04 . 2010-04-09 15:13
d
w- c:program filesCreative
2010-06-22 11:41 . 2010-04-16 00:53
d
w- c:documents and settingsAdmin.MICROSOF-8DBA75Application DatauTorrent
2010-06-21 22:43 . 2010-04-09 15:13
d—h—w- c:program filesInstallShield Installation Information
2010-06-20 22:58 . 2010-05-22 13:12 137256 —-a-w- c:windows.0system32driversPnkBstrK.sys
2010-06-20 22:58 . 2010-05-22 13:12 218808 —-a-w- c:windows.0system32PnkBstrB.exe
2010-06-20 16:27 . 2010-04-12 22:11 43064 —-a-w- c:documents and settingsAdmin.MICROSOF-8DBA75Local SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-06-18 17:26 . 2010-04-12 19:24 721904 —-a-w- c:windows.0system32driverssptd.sys
2010-06-07 18:37 . 2010-04-14 22:16
d
w- c:documents and settingsAdmin.MICROSOF-8DBA75Application DataApple Computer
2010-05-22 13:12 . 2010-05-22 13:12 138056 —-a-w- c:documents and settingsAdmin.MICROSOF-8DBA75Application DataPnkBstrK.sys
2010-05-22 13:12 . 2010-05-22 13:12 138056 —-a-w- c:documents and settingsAdmin.MICROSOF-8DBA75Application DataPnkBstrK.sys
2010-05-22 13:11 . 2010-05-22 13:11 75064 —-a-w- c:windows.0system32PnkBstrA.exe
2010-05-22 13:11 . 2010-05-22 13:11 2434856 —-a-w- c:windows.0system32pbsvc_bc2.exe
2010-05-19 00:05 . 2010-05-19 00:05
d
w- c:program filesAMD
2010-05-01 21:48 . 2010-05-01 21:48 184 —-a-w- c:windows.0system32e000002.dat
2010-04-15 13:44 . 2010-04-15 13:44 0 —-a-w- c:windows.0nsreg.dat
2010-04-12 23:56 . 2010-04-12 23:56 1975408 —-a-w- c:documents and settingsAll Users.WINDOWS.0Application DataNOSAdobe_DownloadsGoogleToolbarInstaller_en32_signed.exe
2010-04-12 23:56 . 2010-04-12 23:56 1956656 —-a-w- c:documents and settingsAll Users.WINDOWS.0Application DataNOSAdobe_Downloadsinstall_flash_player_ax.exe
2010-04-12 23:41 . 2010-04-12 19:20 86339 —-a-w- c:windows.0pchealthhelpctrOfflineCacheindex.dat
2010-04-12 22:04 . 2010-04-12 22:04 184 —-a-w- c:windows.0system32e000001.dat
2010-04-12 19:24 . 2008-04-15 16:00 76678 —-a-w- c:windows.0system32perfc019.dat
2010-04-12 19:24 . 2008-04-15 16:00 448388 —-a-w- c:windows.0system32perfh019.dat
2010-04-12 19:23 . 2010-04-12 19:24 410984 —-a-w- c:windows.0system32deploytk.dll
2010-04-12 19:18 . 2010-04-12 19:18 22564 —-a-w- c:windows.0system32emptyregdb.dat
.
Sigcheck
[-] 2009-02-19 . 6A104BA98D99D53AB0C91825CE659FC6 . 361600 . . [5.1.2600.5625] . . c:windows.0system32driverstcpip.sys[-] 2009-02-19 . 0717E8AF3CD28E24C7A0903BFE60B1B0 . 78360 . . [7.2.6001.788] . . c:windows.0system32wuauclt.exe
[-] 2009-02-19 . 23B7D3F3F5EC8FEEA75EC381C71CBD5E . 579072 . . [5.1.2600.5512] . . c:windows.0system32user32.dll
[-] 2009-02-19 . 8D462CDD4769F07C7A03384436B45C0B . 952832 . . [7.00.6000.20978] . . c:windows.0system32wininet.dll
[-] 2009-02-19 . DD08EDC9648AFF1E064B2FAF24743BF6 . 1721344 . . [6.00.2900.5512] . . c:windows.0explorer.exe
[-] 2009-02-19 . 8F51D3D08E9FFF9113EFDFA7A7511F2C . 1571840 . . [5.1.2600.5512] . . c:windows.0system32sfcfiles.dll
[-] 2009-02-19 . 0C03910993057CC8BD5762441F5ABDF6 . 30208 . . [5.1.2600.5512] . . c:windows.0system32ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«DAEMON Tools Lite»=»e:softDAEMON Tools Litedaemon.exe» [2009-04-23 691656]
«Steam»=»e:steamsteam.exe» [2010-05-07 1238352][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windows.0system32NvCpl.dll» [2009-01-15 13680640]
«nwiz»=»nwiz.exe» [2009-01-15 1657376]
«CTxfiHlp»=»CTXFIHLP.EXE» [2008-02-20 19968]
«amd_dc_opt»=»c:program filesAMDDual-Core Optimizeramd_dc_opt.exe» [2008-07-22 77824]
«CTSysVol»=»c:program filesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe» [2003-09-17 57344]
«NvMediaCenter»=»c:windows.0system32NvMcTray.dll» [2009-01-15 86016]
«Adobe Reader Speed Launcher»=»e:softAdobeReader 9.0ReaderReader_sl.exe» [2008-06-11 34672]
«UpdReg»=»c:windows.0UpdReg.EXE» [2000-05-10 90112]
«SBDrvDet»=»c:program filesCreativeSB Drive DetSBDrvDet.exe» [2002-12-03 45056]
«NeroFilterCheck»=»c:windows.0system32NeroCheck.exe» [2006-01-12 155648]
«CTHelper»=»CTHELPER.EXE» [2003-10-06 24576]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2010-03-17 421888]
«CTDVDDET»=»c:program filesCreativeSBAudigy2ZSDVDAudioCTDVDDet.EXE» [2003-06-17 45056]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2010-03-25 142120][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«CTFMON.EXE»=»c:windows.0system32CTFMON.EXE» [2009-02-19 30208][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2009-02-19 124928]
«IE7_012″=»advpack.dll» [2009-02-19 124928]
«SetDefaultMIDI»=»MIDIDEF.EXE» [2008-02-20 28672][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«Userinit»=»c:windows.0system32userinit.exe,c:windows.0system327abdc53d.exe,\?globalrootsystemrootsystem32r2tt2hL.exe,»[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:windows.0system32dfhclfhd.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
2007-03-16 06:06 868352 —-a-w- c:program filesAnalog DevicesCoresmax4pnp.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS.0\system32\sessmgr.exe»=
«e:\steam\SteamApps\wicker450\counter-strike\hl.exe»=R2 PfDetNT;PfDetNT;c:windows.0system32driversPfModNT.sys [05.03.2003 11:07 15840]
S4 sptd;sptd;c:windows.0system32driverssptd.sys [12.04.2010 23:24 721904]
.
.
Supplementary Scan
.
uStart Page = hxxp://kino.local/
uInternet Connection Wizard,ShellNext = hxxp://www.zvercd.com/
uInternet Settings,ProxyOverride = *.local
IE: &Экспорт в Microsoft Excel — e:softofficeOFFICE11EXCEL.EXE/3000
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF — ProfilePath — c:documents and settingsAdmin.MICROSOF-8DBA75Application DataMozillaFirefoxProfiles68bg64r7.default
FF — prefs.js: browser.search.selectedEngine — DAEMON Search
FF — plugin: c:program filesK-Lite Codec Packrealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec Packrealbrowserpluginsnprpjplug.dll
FF — plugin: e:softAdobeReader 9.0Readerbrowsernppdf32.dll—- FIREFOX POLICIES —-
e:softfirefoxgreprefsall.js — pref(«ui.use_native_colors», true);
e:softfirefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
e:softfirefoxgreprefsall.js — pref(«svg.smil.enabled», false);
e:softfirefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
e:softfirefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
e:softfirefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
e:softfirefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
e:softfirefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
e:softfirefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
e:softfirefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
.
— — — — ORPHANS REMOVED — — — —HKU-Default-RunOnce-tscuninstall — c:windows.0system32tscupgrd.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 18:21
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(620)
c:windows.0system32cscui.dll
.
Completion time: 2010-07-05 18:21:54
ComboFix-quarantined-files.txt 2010-07-05 14:21Pre-Run: 22 726 684 672 байт свободно
Post-Run: 22 835 990 528 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS.0
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS.0=»Microsoft Windows XP Professional RU» /execute /fastdetect /usepmtimer— — End Of File — — 8FCB1233F403E985924FEC2E2C5C51B2
- Для ответа в этой теме необходимо авторизоваться.
