Не проходят обновления Windows

This topic has 9 ответов, 2 участника, and was last updated 16 years, 4 months назад by Admin.

Просмотр 10 сообщений - с 1 по 10 (из 10 всего)

Автор

Сообщения
20 апреля, 2009 в 7:38 дп #16599
tosh_loco
Participant
- Темы:1
- Сообщений:5
Пожалуйста помогите! Заметил проблему после только после того как Windows Defender при обновлении выдал ошибку 0х80244019. Справка посоветовала воспользоваться онлайн сканером Windows, но он не запускается. То же и со всеми другими онлайн-сканерами. Мой Eset Smart Security ничего не нашел…

вот логи:

Logfile of random’s system information tool 1.06 (written by random/random)
Run by TOSH! at 2009-04-20 18:44:09
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 39 GB (26%) free of 153 GB
Total RAM: 3071 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:31, on 20.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Windowsvsnp2std.exe
C:Program FilesGoogleGoogle Talkgoogletalk.exe
C:Program FilesA4TechMouseAmoumain.exe
C:WindowsSystem32rundll32.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:Windowsehomeehtray.exe
C:Program FilesAutoPowerOnAutoPowerOn.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Program FilesCodeboxBitMeterBitMeter2.exe
C:Program FilesStardockObjectDockObjectDock.exe
C:Windowsehomeehmsas.exe
C:program filesoperaopera.exe
C:WindowsSystem32mobsync.exe
C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE
C:PROGRA~1COMMON~1NokiaMPLATF~1NOKIAM~1.EXE
C:Program FilesDownload Masterdmaster.exe
C:DownloadsПрограммыRSIT.exe
C:Program Filestrend microTOSH!.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
O1 — Hosts: ::1 localhost
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Помощник по входу в Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: Easy Photo Print — {9421DD08-935F-4701-A9CA-22DF90AC4EA6} — C:Program FilesEpson SoftwareEasy Photo PrintEPTBL.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Easy Photo Print — {9421DD08-935F-4701-A9CA-22DF90AC4EA6} — C:Program FilesEpson SoftwareEasy Photo PrintEPTBL.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [egui] «C:Program FilesESETESET Smart Securityegui.exe» /hide /waitservice
O4 — HKLM..Run: [snp2std] C:Windowsvsnp2std.exe
O4 — HKLM..Run: [googletalk] C:Program FilesGoogleGoogle Talkgoogletalk.exe /autostart
O4 — HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [UVS12 Preload] C:Program FilesCorelCorel VideoStudio 12uvPL.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentmagent.exe -LM
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [Ad-Watch] C:Program FilesLavasoftAd-AwareAAWTray.exe
O4 — HKCU..Run: [EPSON Stylus CX3900 Series] C:Windowssystem32spoolDRIVERSW32X863E_FATIBEP.EXE /FU «C:WindowsTEMPE_SBD65.tmp» /EF «HKCU»
O4 — HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 — HKCU..Run: [AutoPowerOn] C:Program FilesAutoPowerOnAutoPowerOn.exe
O4 — HKCU..Run: [PC Suite Tray] «C:Program FilesNokiaNokia PC Suite 7PCSuite.exe» -onlytray
O4 — HKCU..Run: [Steam] «C:Program FilesSteamSteam.exe» -silent
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: Stardock ObjectDock.lnk = C:Program FilesStardockObjectDockObjectDock.exe
O4 — Startup: Содержание OneNote.onetoc2
O4 — Global Startup: Bitmeter2.lnk = C:Program FilesCodeboxBitMeterBitMeter2.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O13 — Gopher Prefix:
O16 — DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) — http://ax.emsisoft.com/asquared.cab
O17 — HKLMSystemCCSServicesTcpip..{2226102B-3479-424A-B958-38DE0F255836}: NameServer = 85.255.112.124,85.255.112.233
O17 — HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.112.124,85.255.112.233
O17 — HKLMSystemCS1ServicesTcpip..{2226102B-3479-424A-B958-38DE0F255836}: NameServer = 85.255.112.124,85.255.112.233
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.112.124,85.255.112.233
O17 — HKLMSystemCS2ServicesTcpip..{2226102B-3479-424A-B958-38DE0F255836}: NameServer = 85.255.112.124,85.255.112.233
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.112.124,85.255.112.233
O18 — Protocol: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — C:PROGRA~1Solo9SoloRes.dll
O21 — SSODL: okmdepgb — {499B1A17-2876-4C6B-980C-AA507428E8FA} — (no file)
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — C:WindowsSystem32appdrvrem01.exe
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET Smart Securityekrn.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба Google Update (gupdate1c991a6cf4c27d3) (gupdate1c991a6cf4c27d3) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: Lavasoft Ad-Aware Service — Lavasoft — C:Program FilesLavasoftAd-AwareAAWService.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: PnkBstrA — Unknown owner — C:Windowssystem32PnkBstrA.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe
O23 — Service: Steam Client Service — Valve Corporation — C:Program FilesCommon FilesSteamSteamService.exe

—
End of file — 9319 bytes

======Scheduled tasks folder======

C:WindowstasksAd-Aware Update (Weekly).job
C:WindowstasksGoogleUpdateTaskMachine.job
C:WindowstasksGoogleUpdateTaskUserS-1-5-21-3304611937-2532547366-3295552813-1000.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу в Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print — C:Program FilesEpson SoftwareEasy Photo PrintEPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2009-03-06 157696]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-04-18 35840]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} — Easy Photo Print — C:Program FilesEpson SoftwareEasy Photo PrintEPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2008-01-18 1008184]
«egui»=C:Program FilesESETESET Smart Securityegui.exe [2008-03-13 1443072]
«snp2std»=C:Windowsvsnp2std.exe [2006-12-04 675840]
«googletalk»=C:Program FilesGoogleGoogle Talkgoogletalk.exe [2007-01-02 3739648]
«WheelMouse»=C:Program FilesA4TechMouseAmoumain.exe [2007-05-15 204800]
«UVS12 Preload»=C:Program FilesCorelCorel VideoStudio 12uvPL.exe [2008-06-09 397456]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2009-02-09 13683232]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2009-02-09 92704]
«MAgent»=C:Program FilesMail.RuAgentmagent.exe [2009-04-10 6210744]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-04-18 148888]
«Ad-Watch»=C:Program FilesLavasoftAd-AwareAAWTray.exe [2009-03-10 515416]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«EPSON Stylus CX3900 Series»=C:Windowssystem32spoolDRIVERSW32X863E_FATIBEP.EXE [2006-09-21 139264]
«ehTray.exe»=C:WindowsehomeehTray.exe [2008-01-18 125952]
«AutoPowerOn»=C:Program FilesAutoPowerOnAutoPowerOn.exe [2007-03-04 2786816]
«PC Suite Tray»=C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2008-12-03 1205760]
«Steam»=C:Program FilesSteamSteam.exe [2009-04-18 1410296]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcoholAutomount]
C:Program FilesAlcohol SoftAlcohol 52axcmd.exe [2008-03-21 216520]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
C:UsersTOSH!AppDataLocalGoogleUpdateGoogleUpdate.exe [2009-01-30 133104]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
C:Program FilesMail.RuAgentmagent.exe [2009-04-10 6210744]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNokiaMServer]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeQTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRGSC]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows Mobile-based device management]
C:WindowsWindowsMobilewmdSync.exe [2006-11-02 215552]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregwmagent.exe]
C:Program FilesWebMoney Agentwmagent.exe [2008-10-01 209376]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
C:PROGRA~1NokiaOviSuiteRUNLAU~1.EXE [2008-11-28 946176]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Users^TOSH!^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Вырезка экрана и программа запуска для OneNote 2007.lnk]
C:PROGRA~1MICROS~2Office12ONENOTEM.EXE [2006-10-26 98632]

C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Bitmeter2.lnk — C:Program FilesCodeboxBitMeterBitMeter2.exe

C:UsersTOSH!AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Stardock ObjectDock.lnk — C:Program FilesStardockObjectDockObjectDock.exe
Содержание OneNote.onetoc2

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
okmdepgb — {499B1A17-2876-4C6B-980C-AA507428E8FA}

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=credssp.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalAppInfo]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalKeyIso]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalNTDS]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalProfSvc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsacsvr]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSWPRV]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTabletInputService]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTBS]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTrustedInstaller]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvolmgr.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvolmgrx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkAppInfo]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkBFE]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkbowser]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdfsc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDot3Svc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkEaphost]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkIKEEXT]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkKeyIso]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkLavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMPSDrv]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMPSSvc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmrxsmb]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmrxsmb10]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmrxsmb20]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNativeWifiP]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknetprofm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNlaSvc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNsi]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknsiproxy.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNTDS]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPolicyAgent]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkProfSvc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkrdbss]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkrdpencdd.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksacsvr]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSCardSvr]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSWPRV]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTabletInputService]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTBS]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTrustedInstaller]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkVDS]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvolmgr.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvolmgrx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinDefend]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWlansvc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0abe1362-7967-11dd-a601-001b115998dd}]
shellAutoRuncommand — C:Windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledautorun.exe
shellOpencommand — Recycledautorun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d6a6f2f0-9055-11dd-8416-001b115998dd}]
shellAutoRuncommand — C:Windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledautorun.exe
shellOpencommand — Recycledautorun.exe

======File associations======

.scr — open —
.scr — install —
.scr — config —

======List of files/folders created in the last 1 months======

2009-04-20 18:44:09 —-D—- C:rsit
2009-04-20 18:44:09 —-D—- C:Program Filestrend micro
2009-04-20 06:28:19 —-A—- C:Windowssystem32lsdelete.exe
2009-04-20 06:21:54 —-HDC—- C:ProgramData{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-20 06:21:49 —-D—- C:ProgramDataLavasoft
2009-04-20 06:21:49 —-D—- C:Program FilesLavasoft
2009-04-18 22:06:37 —-D—- C:Program FilesSteam
2009-04-18 12:27:30 —-D—- C:VundoFix Backups
2009-04-18 12:27:30 —-A—- C:VundoFix.txt
2009-04-18 12:17:16 —-D—- C:WindowsSun
2009-04-18 10:39:09 —-A—- C:Windowssystem32javaws.exe
2009-04-18 10:39:09 —-A—- C:Windowssystem32javaw.exe
2009-04-18 10:39:09 —-A—- C:Windowssystem32java.exe
2009-04-18 10:39:09 —-A—- C:Windowssystem32deploytk.dll
2009-04-18 10:38:55 —-D—- C:Program FilesJava
2009-04-18 10:35:27 —-D—- C:UsersTOSH!AppDataRoamingSun
2009-04-16 20:43:23 —-A—- C:DARE.INI
2009-04-16 20:20:48 —-D—- C:ProgramDataUbisoft
2009-04-12 11:44:08 —-D—- C:Program FilesMicrosoft Windows OneCare Live
2009-04-11 12:16:07 —-D—- C:Program FilesABBYY FineReader 8.0 Professional Edition
2009-04-09 20:00:13 —-D—- C:UsersTOSH!AppDataRoamingAveDesk
2009-04-07 20:01:45 —-D—- C:Program FilesCommon FilesStardock
2009-04-07 19:07:37 —-D—- C:Program FilesStardock
2009-04-06 19:52:16 —-A—- C:Windowssystem32The Lost Watch 3D Screensaver.exe
2009-04-06 19:52:14 —-D—- C:Program FilesThe Lost Watch 3D Screensaver
2009-04-06 19:44:38 —-A—- C:Windowssystem32Coral Clock 3D Screensaver.exe
2009-04-06 19:44:36 —-D—- C:Program FilesCoral Clock 3D Screensaver
2009-04-06 19:30:55 —-D—- C:Program FilesFireplace 3D Screensaver
2009-04-04 17:21:53 —-D—- C:Program FilesTunatic
2009-04-03 20:37:15 —-A—- C:Windowssystem32nvuninst.exe
2009-04-03 20:29:06 —-A—- C:Windowssystem32nvexpbar.dll
2009-04-03 20:27:00 —-D—- C:Program FilesMicrosoft
2009-04-03 20:26:46 —-D—- C:Program FilesWindows Live SkyDrive
2009-04-03 20:26:36 —-D—- C:Program FilesWindows Live
2009-04-03 20:26:18 —-D—- C:Program FilesMicrosoft SQL Server Compact Edition
2009-04-03 19:47:04 —-D—- C:Program FilesCommon FilesWindows Live
2009-03-23 20:11:41 —-D—- C:UsersTOSH!AppDataRoamingAny Video Converter
2009-03-23 20:11:34 —-D—- C:Program FilesAny Video Converter
2009-03-22 17:19:40 —-A—- C:Windowssystem32schannel.dll
2009-03-22 16:29:26 —-D—- C:MANIA
2009-03-22 13:43:50 —-D—- C:Program FilesWindows Live Safety Center

======List of files/folders modified in the last 1 months======

2009-04-20 18:44:28 —-D—- C:WindowsPrefetch
2009-04-20 18:44:19 —-D—- C:WindowsTemp
2009-04-20 18:44:09 —-RD—- C:Program Files
2009-04-20 18:43:58 —-D—- C:ProgramDataBitmeter2
2009-04-20 18:30:04 —-D—- C:WindowsSystem32
2009-04-20 18:30:04 —-D—- C:Windowsinf
2009-04-20 18:30:04 —-A—- C:Windowssystem32PerfStringBackup.INI
2009-04-20 06:22:11 —-D—- C:WindowsTasks
2009-04-20 06:22:11 —-D—- C:Windowssystem32Tasks
2009-04-20 06:22:06 —-DC—- C:Windowssystem32DRVSTORE
2009-04-20 06:22:06 —-D—- C:Windowssystem32drivers
2009-04-20 06:22:06 —-D—- C:Windowssystem32catroot
2009-04-20 06:21:54 —-SHD—- C:WindowsInstaller
2009-04-20 06:21:54 —-HD—- C:ProgramData
2009-04-20 06:21:47 —-D—- C:Windowswinsxs
2009-04-20 02:15:45 —-SHD—- C:System Volume Information
2009-04-19 20:32:30 —-D—- C:UsersTOSH!AppDataRoamingAIMP
2009-04-19 19:33:53 —-D—- C:Downloads
2009-04-19 11:11:54 —-D—- C:UsersTOSH!AppDataRoamingXnView
2009-04-19 10:37:01 —-D—- C:Program FilesCommon Files
2009-04-18 22:24:44 —-D—- C:ProgramDataMedia Center Programs
2009-04-18 22:08:34 —-D—- C:Program FilesCommon FilesSteam
2009-04-18 22:06:47 —-D—- C:Windows
2009-04-18 22:06:09 —-D—- C:Program FilesMicrosoft Games for Windows — LIVE
2009-04-18 22:05:22 —-RSD—- C:Windowsassembly
2009-04-18 15:59:48 —-D—- C:ProgramDataMicrosoft Help
2009-04-17 07:43:44 —-D—- C:UsersTOSH!AppDataRoaminguTorrent
2009-04-17 07:06:07 —-D—- C:Program FilesSpeedFan
2009-04-16 20:10:07 —-D—- C:games
2009-04-12 11:48:12 —-SD—- C:WindowsDownloaded Program Files
2009-04-12 10:50:11 —-D—- C:progs
2009-04-11 21:23:19 —-SHD—- C:RECYCLER
2009-04-11 19:15:16 —-D—- C:pics
2009-04-11 12:18:07 —-A—- C:Windowssystem32BASSMOD.dll
2009-04-11 12:14:11 —-D—- C:Temp
2009-04-10 18:49:15 —-D—- C:UsersTOSH!AppDataRoamingMra
2009-04-09 18:15:07 —-D—- C:music
2009-04-09 16:18:26 —-A—- C:UsersTOSH!AppDataRoamingburnaware.ini
2009-04-09 16:18:15 —-D—- C:Program FilesBonjour
2009-04-05 19:19:43 —-D—- C:Windowssystem32config
2009-04-04 15:24:28 —-D—- C:eBooks
2009-04-03 20:53:23 —-D—- C:ProgramDataNVIDIA
2009-04-03 20:49:09 —-D—- C:Windowssystem32catroot2
2009-04-03 20:48:56 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-04-03 20:48:32 —-D—- C:Program FilesAGEIA Technologies
2009-04-03 20:26:50 —-D—- C:Program FilesCommon Filesmicrosoft shared
2009-04-03 20:26:08 —-D—- C:WindowsSoftwareDistribution
2009-04-03 19:46:50 —-SD—- C:ProgramDataMicrosoft
2009-04-01 21:37:22 —-D—- C:misc
2009-03-31 21:08:37 —-D—- C:WindowsDebug
2009-03-29 09:23:13 —-D—- C:UsersTOSH!AppDataRoamingNokia
2009-03-29 09:03:12 —-D—- C:Program FilesNokia
2009-03-29 09:03:12 —-D—- C:Program FilesCommon FilesNokia
2009-03-29 09:02:34 —-D—- C:ProgramDataInstallations
2009-03-23 20:11:50 —-D—- C:Program FilesXilisoft
2009-03-22 23:56:43 —-D—- C:Program FilesICQ6
2009-03-22 19:10:41 —-D—- C:Program FilesDownload Master
2009-03-22 17:37:30 —-D—- C:Program FilesWindows Mail
2009-03-22 16:08:07 —-D—- C:Program FilesWinRAR

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;A4Tech Mouse Filter Driver; C:Windowssystem32DRIVERSAmfilter.sys [2007-05-15 9216]
R1 appdrv01;Application Driver (01); C:WindowsSystem32Driversappdrv01.sys [2008-11-13 2911848]
R1 DfsC;@%systemroot%system32driversdfsc.sys,-101; C:WindowsSystem32Driversdfsc.sys [2008-01-18 75264]
R1 easdrv;easdrv; C:Windowssystem32DRIVERSeasdrv.sys [2008-03-13 29704]
R1 epfwtdi;epfwtdi; C:Windowssystem32DRIVERSepfwtdi.sys [2008-03-13 54280]
R1 kbdhid;Драйвер клавиатуры HID; C:Windowssystem32DRIVERSkbdhid.sys [2008-01-18 15872]
R1 nsiproxy;NSI proxy service; C:Windowssystem32driversnsiproxy.sys [2008-01-18 16384]
R1 RDPENCDD;RDP Encoder Mirror Driver; C:Windowssystem32driversrdpencdd.sys [2008-01-18 6144]
R1 Smb;@%SystemRoot%system32tcpipcfg.dll,-50005; C:Windowssystem32DRIVERSsmb.sys [2008-01-18 66560]
R1 tdx;@%SystemRoot%system32tcpipcfg.dll,-50004; C:Windowssystem32DRIVERStdx.sys [2008-01-18 71680]
R1 Wanarpv6;Remote Access IPv6 ARP Driver; C:Windowssystem32DRIVERSwanarp.sys [2008-01-18 62464]
R2 eamon;EAMON; C:Windowssystem32DRIVERSeamon.sys [2008-03-13 40456]
R2 epfw;epfw; C:Windowssystem32DRIVERSepfw.sys [2008-03-13 71176]
R2 lltdio;Драйвер в/в тополога канального уровня; C:Windowssystem32DRIVERSlltdio.sys [2008-01-18 47104]
R2 luafv;UAC File Virtualization; C:Windowssystem32driversluafv.sys [2008-01-18 84480]
R2 PEAUTH;PEAUTH; C:Windowssystem32driverspeauth.sys [2006-11-02 878080]
R2 rspndr;Ответчик обнаружения топологии канального уровня; C:Windowssystem32DRIVERSrspndr.sys [2008-01-18 60416]
R2 tcpipreg;TCP/IP Registry Compatibility; C:WindowsSystem32driverstcpipreg.sys [2008-01-18 30208]
R3 Afc;PPdus ASPI Shell; C:Windowssystem32driversAfc.sys [2005-02-23 11776]
R3 AmdK8;AMD K8 драйвер процессора; C:Windowssystem32DRIVERSamdk8.sys [2008-01-18 44032]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:Windowssystem32DRIVERSAmusbprt.sys [2007-05-15 14336]
R3 bowser;Bowser; C:Windowssystem32DRIVERSbowser.sys [2008-01-18 69632]
R3 DXGKrnl;LDDM Graphics Subsystem; C:WindowsSystem32driversdxgkrnl.sys [2008-08-02 625152]
R3 Epfwndis;Eset Personal Firewall; C:Windowssystem32DRIVERSEpfwndis.sys [2008-03-13 30728]
R3 EthDriver;D-Link DGE-528T Vista 32-bit Driver; C:Windowssystem32DRIVERSDLKRT32.sys [2007-01-24 70144]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:Windowssystem32DRIVERSGEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
R3 HDAudBus;Драйвер для шины UAA для High Definition Audio (Microsoft); C:Windowssystem32DRIVERSHDAudBus.sys [2008-01-18 53760]
R3 HidUsb;Драйвер класса HID Microsoft; C:Windowssystem32DRIVERShidusb.sys [2008-01-18 12288]
R3 iScsiPrt;Драйвер iScsiPort; C:Windowssystem32DRIVERSmsiscsi.sys [2008-01-18 181304]
R3 monitor;Microsoft Monitor Class Function Driver Service; C:Windowssystem32DRIVERSmonitor.sys [2008-01-18 41984]
R3 mouhid;Драйвер мыши HID; C:Windowssystem32DRIVERSmouhid.sys [2008-01-18 15872]
R3 mpsdrv;@%SystemRoot%system32FirewallAPI.dll,-23092; C:WindowsSystem32driversmpsdrv.sys [2008-01-18 64000]
R3 mrxsmb10;SMB 1.x MiniRedirector; C:Windowssystem32DRIVERSmrxsmb10.sys [2008-08-27 212480]
R3 mrxsmb20;SMB 2.0 MiniRedirector; C:Windowssystem32DRIVERSmrxsmb20.sys [2008-01-18 78848]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2009-02-09 7764672]
R3 RasSstp;@%systemroot%system32sstpsvc.dll,-202; C:Windowssystem32DRIVERSrassstp.sys [2008-01-18 69120]
R3 SaiMini;SaiMini; C:Windowssystem32DRIVERSSaiMini.sys [2007-10-05 14080]
R3 SaiNtBus;SaiNtBus; C:Windowssystem32driversSaiBus.sys [2007-10-05 35200]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:Windowssystem32DRIVERSsnp2sxp.sys [2007-01-20 12028800]
R3 srv2;srv2; C:WindowsSystem32DRIVERSsrv2.sys [2008-01-18 144384]
R3 srvnet;srvnet; C:WindowsSystem32DRIVERSsrvnet.sys [2008-01-18 98304]
R3 tunnel;Драйвер адаптера минипорта для туннеля Microsoft IPv6; C:Windowssystem32DRIVERStunnel.sys [2008-01-18 23040]
R3 umbus;UMBus драйвер перечислителя; C:Windowssystem32DRIVERSumbus.sys [2008-01-18 34816]
R3 usbaudio;Аудио драйвер USB (WDM); C:Windowssystem32driversusbaudio.sys [2008-01-18 73088]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:Windowssystem32DRIVERSusbccgp.sys [2008-01-18 73216]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:Windowssystem32DRIVERSusbehci.sys [2008-01-18 39424]
R3 usbhub;USB2 концентратор; C:Windowssystem32DRIVERSusbhub.sys [2008-01-18 194560]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:Windowssystem32DRIVERSusbohci.sys [2008-01-18 19456]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:Windowssystem32DRIVERSUSBSTOR.SYS [2008-01-18 55296]
R3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-18 83328]
S3 a86ntdry;a86ntdry; C:Windowssystem32driversa86ntdry.sys []
S3 agp440;Intel AGP Bus Filter; C:Windowssystem32driversagp440.sys [2006-11-02 53864]
S3 amdagp;AMD AGP Bus Filter Driver; C:Windowssystem32driversamdagp.sys [2006-11-02 54888]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:Windowssystem32driversbrfiltlo.sys [2006-11-02 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:Windowssystem32driversbrfiltup.sys [2006-11-02 5248]
S3 Bridge;@%SystemRoot%system32bridgeres.dll,-3; C:Windowssystem32DRIVERSbridge.sys [2008-01-18 93696]
S3 BridgeMP;@%SystemRoot%system32bridgeres.dll,-1; C:Windowssystem32DRIVERSbridge.sys [2008-01-18 93696]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:Windowssystem32driversbrusbser.sys [2006-11-02 11904]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:Windowssystem32DRIVERSE1G60I32.sys [2006-11-02 117760]
S3 exfat;exFAT File System Driver; C:Windowssystem32driversexfat.sys [2008-01-18 136192]
S3 Filetrace;FileTrace; C:Windowssystem32driversfiletrace.sys [2008-01-18 27648]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:Windowssystem32driversgagp30kx.sys [2006-11-02 58984]
S3 MsRPC;MsRPC; C:Windowssystem32driversMsRPC.sys [2008-01-18 163384]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-18 6016]
S3 NativeWifiP;Фильтр NativeWiFi; C:Windowssystem32DRIVERSnwifi.sys [2008-05-20 148480]
S3 nmwcd;Nokia USB Phone Parent; C:Windowssystem32driversccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:Windowssystem32driversccdcmbo.sys [2008-09-15 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:Windowssystem32driversnmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:Windowssystem32driversnmwcdnsuc.sys [2008-02-01 8320]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:Windowssystem32driversnv_agp.sys [2006-11-02 106600]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:Windowssystem32DRIVERSnvmfdx32.sys [2008-01-29 1042464]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:Windowssystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 QWAVEdrv;@%SystemRoot%system32driversqwavedrv.sys,-1; C:Windowssystem32driversqwavedrv.sys [2008-01-18 31232]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:Windowssystem32DRIVERSs716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:Windowssystem32DRIVERSs716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:Windowssystem32DRIVERSs716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:Windowssystem32DRIVERSs716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:Windowssystem32DRIVERSs716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:Windowssystem32DRIVERSs716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:Windowssystem32DRIVERSs716unic.sys [2007-04-04 98952]
S3 SaiH040C;SaiH040C; C:Windowssystem32DRIVERSSaiH040C.sys [2007-05-01 132232]
S3 SaiU040C;SaiU040C; C:Windowssystem32DRIVERSSaiU040C.sys [2007-05-01 28416]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:Windowssystem32driverssffp_mmc.sys [2006-11-02 12800]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:Windowssystem32driverssffp_sd.sys [2006-11-02 12800]
S3 sisagp;SIS AGP Bus Filter; C:Windowssystem32driverssisagp.sys [2006-11-02 53352]
S3 Tcpip6;Драйвер протокола IPv6 (Microsoft); C:Windowssystem32DRIVERStcpip.sys [2008-04-26 891448]
S3 tssecsrv;Terminal Services Security Filter Driver; C:WindowsSystem32DRIVERStssecsrv.sys [2008-01-18 23552]
S3 uagp35;Microsoft AGPv3.5 Filter; C:Windowssystem32driversuagp35.sys [2006-11-02 56936]
S3 uliagpkx;Uli AGP Bus Filter; C:Windowssystem32driversuliagpkx.sys [2006-11-02 58472]
S3 upperdev;upperdev; C:Windowssystem32DRIVERSusbser_lowerflt.sys [2008-09-15 8064]
S3 usb_rndisx;Адаптер USB RNDIS; C:Windowssystem32DRIVERSusb8023x.sys [2008-01-18 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:WindowsSystem32Driversusbaapl.sys [2008-11-07 32000]
S3 usbprint;Класс принтеров Microsoft USB; C:Windowssystem32DRIVERSusbprint.sys [2008-01-18 18944]
S3 usbscan;Драйвер USB-сканера; C:Windowssystem32DRIVERSusbscan.sys [2008-01-18 35328]
S3 usbser;USB Modem Driver; C:Windowssystem32driversusbser.sys [2008-01-18 28160]
S3 UsbserFilt;UsbserFilt; C:Windowssystem32DRIVERSusbser_lowerfltj.sys [2008-09-15 8064]
S3 vga;vga; C:Windowssystem32DRIVERSvgapnp.sys [2008-01-18 26112]
S3 viaagp;VIA AGP Bus Filter; C:Windowssystem32driversviaagp.sys [2006-11-02 54376]
S3 WpdUsb;WpdUsb; C:Windowssystem32DRIVERSwpdusb.sys [2008-01-18 39936]
S4 adp94xx;adp94xx; C:Windowssystem32driversadp94xx.sys [2006-11-02 420968]
S4 adpahci;adpahci; C:Windowssystem32driversadpahci.sys [2006-11-02 297576]
S4 adpu320;adpu320; C:Windowssystem32driversadpu320.sys [2006-11-02 147048]
S4 amdide;amdide; C:Windowssystem32driversamdide.sys [2006-11-02 15464]
S4 AmdK7;AMD K7 Processor Driver; C:Windowssystem32driversamdk7.sys [2006-11-02 38912]
S4 arc;arc; C:Windowssystem32driversarc.sys [2006-11-02 67688]
S4 arcsas;arcsas; C:Windowssystem32driversarcsas.sys [2006-11-02 67688]
S4 blbdrive;blbdrive; C:Windowssystem32driversblbdrive.sys []
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:Windowssystem32driversbrserid.sys [2006-11-02 71808]
S4 BrSerWdm;Brother WDM Serial driver; C:Windowssystem32driversbrserwdm.sys [2006-11-02 62336]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem; C:Windowssystem32driversbrusbmdm.sys [2006-11-02 12160]
S4 BTHMODEM;Bluetooth Serial Communications Driver; C:Windowssystem32driversbthmodem.sys [2006-11-02 39936]
S4 circlass;Consumer IR Devices; C:Windowssystem32driverscirclass.sys [2006-11-02 35328]
S4 Compbatt;Microsoft Composite Battery Driver; C:Windowssystem32driverscompbatt.sys [2006-11-02 18280]
S4 Crusoe;Transmeta Crusoe Processor Driver; C:Windowssystem32driverscrusoe.sys [2006-11-02 38912]
S4 dwshd;dwshd; C:WindowsSystem32driversdwshd.sys []
S4 elxstor;elxstor; C:Windowssystem32driverselxstor.sys [2006-11-02 316520]
S4 HidBth;Microsoft Bluetooth HID Miniport; C:Windowssystem32drivershidbth.sys [2006-11-02 29184]
S4 HidIr;Microsoft Infrared HID Driver; C:Windowssystem32drivershidir.sys [2006-11-02 21504]
S4 HpCISSs;HpCISSs; C:Windowssystem32drivershpcisss.sys [2006-11-02 37480]
S4 iaStorV;Intel RAID Controller Vista; C:Windowssystem32driversiastorv.sys [2006-11-02 232040]
S4 iirsp;iirsp; C:Windowssystem32driversiirsp.sys [2006-11-02 41576]
S4 intelide;intelide; C:Windowssystem32driversintelide.sys [2006-11-02 14952]
S4 intelppm;Intel Processor Driver; C:Windowssystem32DRIVERSintelppm.sys [2006-11-02 39424]
S4 IPMIDRV;IPMIDRV; C:Windowssystem32driversipmidrv.sys [2006-11-02 65536]
S4 isapnp;PnP ISA/EISA Bus Driver; C:Windowssystem32driversisapnp.sys [2006-11-02 47208]
S4 iteatapi;ITEATAPI_Service_Install; C:Windowssystem32driversiteatapi.sys [2006-11-02 35944]
S4 iteraid;ITERAID_Service_Install; C:Windowssystem32driversiteraid.sys [2006-11-02 35944]
S4 LSI_FC;LSI_FC; C:Windowssystem32driverslsi_fc.sys [2006-11-02 65640]
S4 LSI_SAS;LSI_SAS; C:Windowssystem32driverslsi_sas.sys [2006-11-02 65640]
S4 LSI_SCSI;LSI_SCSI; C:Windowssystem32driverslsi_scsi.sys [2006-11-02 65640]
S4 megasas;megasas; C:Windowssystem32driversmegasas.sys [2006-11-02 28776]
S4 mpio;Microsoft Multi-Path Bus Driver; C:Windowssystem32driversmpio.sys [2006-11-02 78952]
S4 msahci;msahci; C:Windowssystem32driversmsahci.sys [2006-11-02 23144]
S4 msdsm;Microsoft Multi-Path Device Specific Module; C:Windowssystem32driversmsdsm.sys [2006-11-02 80488]
S4 nfrd960;nfrd960; C:Windowssystem32driversnfrd960.sys [2006-11-02 45160]
S4 ntrigdigi;N-trig HID Tablet Driver; C:Windowssystem32driversntrigdigi.sys [2006-11-02 20608]
S4 ohci1394;NEC FireWarden OHCI Compliant IEEE 1394 Host Controller; C:Windowssystem32driversohci1394.sys [2006-11-02 62080]
S4 ql2300;QLogic Fibre Channel Miniport Driver; C:Windowssystem32driversql2300.sys [2006-11-02 900712]
S4 ql40xx;QLogic iSCSI Miniport Driver; C:Windowssystem32driversql40xx.sys [2006-11-02 106088]
S4 sbp2port;SBP-2 Transport/Protocol Bus Driver; C:Windowssystem32driverssbp2port.sys [2006-11-02 76392]
S4 sermouse;Serial Mouse Driver; C:Windowssystem32driverssermouse.sys [2008-01-18 19968]
S4 sffdisk;SFF Storage Class Driver; C:Windowssystem32driverssffdisk.sys [2006-11-02 13312]
S4 SiSRaid2;SiSRaid2; C:Windowssystem32driverssisraid2.sys [2006-11-02 38504]
S4 SiSRaid4;SiSRaid4; C:Windowssystem32driverssisraid4.sys [2006-11-02 71784]
S4 uliahci;uliahci; C:Windowssystem32driversuliahci.sys [2006-11-02 235112]
S4 UlSata;UlSata; C:Windowssystem32driversulsata.sys [2006-11-02 98408]
S4 ulsata2;ulsata2; C:Windowssystem32driversulsata2.sys [2006-11-02 115816]
S4 usbcir;eHome Infrared Receiver (USBCIR); C:Windowssystem32driversusbcir.sys [2006-11-02 68608]
S4 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:Windowssystem32DRIVERSusbuhci.sys [2006-11-02 22528]
S4 ViaC7;VIA C7 Processor Driver; C:Windowssystem32driversviac7.sys [2006-11-02 39424]
S4 vsmraid;vsmraid; C:Windowssystem32driversvsmraid.sys [2006-11-02 112232]
S4 WacomPen;Wacom Serial Pen HID Driver; C:Windowssystem32driverswacompen.sys [2006-11-02 20608]
S4 Wd;Microsoft Watchdog Timer Driver; C:Windowssystem32driverswd.sys [2006-11-02 19560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys [2006-11-02 11264]
S4 ws2ifsl;Winsock IFS driver; C:Windowssystem32driversws2ifsl.sys [2008-01-18 15872]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;@%SystemRoot%system32aelupsvc.dll,-1; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2008-11-07 132424]
R2 AudioEndpointBuilder;@%SystemRoot%system32audiosrv.dll,-204; C:WindowsSystem32svchost.exe [2008-01-18 21504]
R2 BFE;@%SystemRoot%system32bfe.dll,-1001; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-08-29 238888]
R2 DPS;@%systemroot%system32dps.dll,-500; C:WindowsSystem32svchost.exe [2008-01-18 21504]
R2 ekrn;Eset Service; C:Program FilesESETESET Smart Securityekrn.exe [2008-03-13 472320]
R2 EMDMgmt;@%SystemRoot%system32emdmgmt.dll,-1000; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 FDResPub;@%systemroot%system32fdrespub.dll,-100; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 gpsvc;@gpapi.dll,-112; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 IKEEXT;@%SystemRoot%system32ikeext.dll,-501; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 iphlpsvc;@%SystemRoot%system32iphlpsvc.dll,-200; C:WindowsSystem32svchost.exe [2008-01-18 21504]
R2 KtmRm;@comres.dll,-2946; C:WindowsSystem32svchost.exe [2008-01-18 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:Program FilesLavasoftAd-AwareAAWService.exe [2009-03-10 951632]
R2 MMCSS;@%systemroot%system32mmcss.dll,-100; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 MpsSvc;@%SystemRoot%system32FirewallAPI.dll,-23090; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 netprofm;@%SystemRoot%system32netprof.dll,-246; C:WindowsSystem32svchost.exe [2008-01-18 21504]
R2 NlaSvc;@%SystemRoot%System32nlasvc.dll,-1; C:WindowsSystem32svchost.exe [2008-01-18 21504]
R2 nsi;@%SystemRoot%system32nsisvc.dll,-200; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2009-02-09 207392]
R2 PcaSvc;@%SystemRoot%system32pcasvc.dll,-1; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 PnkBstrA;PnkBstrA; C:Windowssystem32PnkBstrA.exe [2009-01-17 66872]
R2 ProfSvc;@%systemroot%system32profsvc.dll,-300; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 RapiMgr;@%windir%WindowsMobilerapimgr.dll,-104; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 slsvc;@%SystemRoot%system32SLsvc.exe,-101; C:Windowssystem32SLsvc.exe [2008-01-18 2623488]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe [2007-05-29 275968]
R2 SysMain;@%SystemRoot%system32sysmain.dll,-1000; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 TabletInputService;@%SystemRoot%system32TabSvc.dll,-100; C:WindowsSystem32svchost.exe [2008-01-18 21504]
R2 UxSms;@%SystemRoot%system32dwm.exe,-2000; C:WindowsSystem32svchost.exe [2008-01-18 21504]
R2 WcesComm;@%windir%WindowsMobilewcescomm.dll,-40079; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 WerSvc;@%SystemRoot%System32wersvc.dll,-100; C:WindowsSystem32svchost.exe [2008-01-18 21504]
R2 WinDefend;@%ProgramFiles%Windows DefenderMsMpRes.dll,-103; C:WindowsSystem32svchost.exe [2008-01-18 21504]
R2 WPDBusEnum;@%SystemRoot%system32wpdbusenum.dll,-100; C:Windowssystem32svchost.exe [2008-01-18 21504]
R2 WSearch;@%systemroot%system32SearchIndexer.exe,-103; C:Windowssystem32SearchIndexer.exe [2008-05-27 439808]
R2 wudfsvc;@%SystemRoot%system32wudfsvc.dll,-1000; C:Windowssystem32svchost.exe [2008-01-18 21504]
R3 fdPHost;@%systemroot%system32fdPHost.dll,-100; C:Windowssystem32svchost.exe [2008-01-18 21504]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-11-11 620544]
R3 SstpSvc;@%SystemRoot%system32sstpsvc.dll,-200; C:Windowssystem32svchost.exe [2008-01-18 21504]
R3 WdiSystemHost;@%systemroot%system32wdi.dll,-500; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WindowsSystem32appdrvrem01.exe [2008-11-13 304528]
S2 ehstart;@%SystemRoot%ehomeehstart.dll,-101; C:Windowssystem32svchost.exe [2008-01-18 21504]
S2 gupdate1c991a6cf4c27d3;Служба Google Update (gupdate1c991a6cf4c27d3); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-02-18 133104]
S2 TBS;@%SystemRoot%system32tbssvc.dll,-100; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 Appinfo;@%systemroot%system32appinfo.dll,-100; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 CertPropSvc;@%SystemRoot%System32certprop.dll,-11; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-28 69632]
S3 DFSR;@dfsrres.dll,-101; C:Windowssystem32DFSR.exe [2008-01-18 2091520]
S3 ehRecvr;@%SystemRoot%ehomeehrecvr.exe,-101; C:WindowsehomeehRecvr.exe [2008-01-18 292352]
S3 ehSched;@%SystemRoot%ehomeehsched.exe,-101; C:Windowsehomeehsched.exe [2006-11-02 131072]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET Smart SecurityEHttpSrv.exe [2008-03-13 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-07-27 654848]
S3 FontCache3.0.0.0;@%SystemRoot%system32PresentationHost.exe,-3309; C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2008-06-20 46104]
S3 idsvc;@%systemroot%Microsoft.NETFrameworkv3.0Windows Communication FoundationServiceModelInstallRC.dll,-8193; C:WindowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-06-20 881664]
S3 IPBusEnum;@%systemroot%system32IPBusEnum.dll,-102; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2008-11-20 536872]
S3 KeyIso;@keyiso.dll,-100; C:Windowssystem32lsass.exe [2008-01-18 9728]
S3 lltdsvc;@%SystemRoot%system32lltdres.dll,-1; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 MSiSCSI;@%SystemRoot%system32iscsidsc.dll,-5000; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 p2pimsvc;@%SystemRoot%system32p2psvc.dll,-8004; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 p2psvc;@%SystemRoot%system32p2psvc.dll,-8006; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 pla;@%systemroot%system32pla.dll,-500; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 PNRPAutoReg;@%SystemRoot%system32p2psvc.dll,-8002; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 PNRPsvc;@%SystemRoot%system32p2psvc.dll,-8000; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 QWAVE;@%SystemRoot%system32qwave.dll,-1; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 SCPolicySvc;@%SystemRoot%System32certprop.dll,-13; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 SDRSVC;@%SystemRoot%system32sdrsvc.dll,-107; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 SessionEnv;@%SystemRoot%System32SessEnv.dll,-1026; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 SLUINotify;@%SystemRoot%system32SLUINotify.dll,-103; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 SNMPTRAP;@%SystemRoot%system32snmptrap.exe,-3; C:WindowsSystem32snmptrap.exe [2006-11-02 12800]
S3 Steam Client Service;Steam Client Service; C:Program FilesCommon FilesSteamSteamService.exe [2009-04-18 322032]
S3 THREADORDER;@%systemroot%system32mmcss.dll,-102; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 TrustedInstaller;@%SystemRoot%servicingTrustedInstaller.exe,-100; C:WindowsservicingTrustedInstaller.exe [2008-01-18 39424]
S3 UI0Detect;@%SystemRoot%system32ui0detect.exe,-101; C:Windowssystem32UI0Detect.exe [2008-01-18 35840]
S3 vds;@%SystemRoot%system32vds.exe,-100; C:WindowsSystem32vds.exe [2008-01-18 382976]
S3 wcncsvc;@%SystemRoot%system32wcncsvc.dll,-3; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 WcsPlugInService;@%SystemRoot%system32WcsPlugInService.dll,-200; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 WdiServiceHost;@%systemroot%system32wdi.dll,-502; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 Wecsvc;@%SystemRoot%system32wecsvc.dll,-200; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 wercplsupport;@%SystemRoot%System32wercplsupport.dll,-101; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 WinHttpAutoProxySvc;@%SystemRoot%system32winhttp.dll,-100; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 WinRM;@%Systemroot%system32wsmsvc.dll,-101; C:WindowsSystem32svchost.exe [2008-01-18 21504]
S3 Wlansvc;@%SystemRoot%System32wlansvc.dll,-257; C:Windowssystem32svchost.exe [2008-01-18 21504]
S3 WMPNetworkSvc;@%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101; C:Program FilesWindows Media Playerwmpnetwk.exe [2008-01-18 896512]
S3 WPCSvc;@%SystemRoot%system32wpcsvc.dll,-100; C:Windowssystem32svchost.exe [2008-01-18 21504]
S4 Mcx2Svc;@%SystemRoot%ehomeehres.dll,-15501; C:Windowssystem32svchost.exe [2008-01-18 21504]
S4 NetTcpPortSharing;@%systemroot%Microsoft.NETFrameworkv3.0Windows Communication FoundationServiceModelInstallRC.dll,-8201; C:WindowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-06-20 132096]

EOF
21 апреля, 2009 в 4:37 пп #23519
Admin
Keymaster
- Темы:40
- Сообщений:5676
Здравствуйте, добро пожаловать на Spyware-ru форум.

Судя по описанию и предоставленным вами логам, компьютер заражён трояном DNSChanger (его одной из разновидностей).

Скачайте программу Avenger кликнув по этой ссылке и распакуйте её на Рабочий стол.
Запустите Avenger, при это убедитесь что стоит галочка в пункте «Scan for rootkits» и нет галочки в пункте «Automatically disable any rootkits found». Уберите или поставьте галочки в случае необходимости. Кликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.
По-окончании работы будет показан лог, пожалуйста вставьте его в ваш ответ.
24 апреля, 2009 в 7:06 дп #23520
tosh_loco
Participant
- Темы:1
- Сообщений:5
Здравствуйте и спасибо, что взялись решать мою проблему. Вот лог, хотя, как я понял, никаких руткитов не найдено…
Может быть есть еще идеи?

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.
25 апреля, 2009 в 4:19 пп #23521
Admin
Keymaster
- Темы:40
- Сообщений:5676
То что эта программа ничего опасного не нашла, это не значит что компьютер не заражён.

Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.
25 апреля, 2009 в 10:32 пп #23522
tosh_loco
Participant
- Темы:1
- Сообщений:5
Здравствуйте. Вот сделал, что нужно…

ComboFix 09-04-25.A3 — TOSH! 26.04.2009 9:25.1 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.7.1049.18.3071.2145 [GMT 11:00]
Running from: c:downloadsПрограммыComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: Персональный файервол ESET *enabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem32gaopdxcounter

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-25 07:57 . 2009-04-25 07:57

d

w c:usersTOSH!AppDataRoaming2K Sports
2009-04-25 07:54 . 2008-10-09 17:52 452440 —-a-w c:windowssystem32d3dx10_40.dll
2009-04-25 07:54 . 2008-10-09 17:52 4379984 —-a-w c:windowssystem32D3DX9_40.dll
2009-04-25 07:54 . 2008-10-09 17:52 2036576 —-a-w c:windowssystem32D3DCompiler_40.dll
2009-04-25 07:54 . 2008-10-26 23:04 514384 —-a-w c:windowssystem32XAudio2_3.dll
2009-04-25 07:54 . 2008-10-26 23:04 235856 —-a-w c:windowssystem32xactengine3_3.dll
2009-04-25 07:54 . 2008-10-26 23:04 23376 —-a-w c:windowssystem32X3DAudio1_5.dll
2009-04-25 07:54 . 2008-10-26 23:04 70992 —-a-w c:windowssystem32XAPOFX1_2.dll
2009-04-25 06:11 . 2009-04-25 06:11

d

w c:usersAll UsersUbisoft
2009-04-25 06:11 . 2009-04-25 06:11

d

w c:programdataUbisoft
2009-04-25 04:47 . 2009-04-25 04:47

d

w c:program filesKALiNKOsoft
2009-04-25 04:35 . 2009-04-25 04:35

d

w c:usersTOSH!AppDataRoamingKALiNKOsoft
2009-04-25 03:31 . 2009-04-25 03:31

d

w c:usersAll UsersSaitek
2009-04-25 03:31 . 2009-04-25 03:31

d

w c:programdataSaitek
2009-04-21 19:09 . 2009-04-21 19:09 316816 —-a-w c:windowssystem32appdrvrem01.exe
2009-04-21 19:09 . 2009-04-21 19:09 3110512 —-a-w c:windowssystem32driversappdrv01.sys
2009-04-21 08:10 . 2009-04-21 12:50

d

w c:usersTOSH!AppDataLocalWheelman
2009-04-21 08:10 . 2009-04-21 08:10

d

w c:usersTOSH!AppDataLocalPC
2009-04-20 07:44 . 2009-04-20 07:44

d

w C:rsit
2009-04-20 07:44 . 2009-04-20 07:44

d

w c:program filestrend micro
2009-04-19 19:28 . 2009-03-09 19:06 15688 —-a-w c:windowssystem32lsdelete.exe
2009-04-19 19:22 . 2009-03-09 19:06 64160 —-a-w c:windowssystem32driversLbd.sys
2009-04-19 19:21 . 2009-04-19 19:21

dc-h—w c:usersAll Users{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-19 19:21 . 2009-04-19 19:21

dc-h—w c:programdata{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-19 19:21 . 2009-04-19 19:22

d

w c:usersAll UsersLavasoft
2009-04-19 19:21 . 2009-04-19 19:22

d

w c:programdataLavasoft
2009-04-19 19:21 . 2009-04-19 19:21

d

w c:program filesLavasoft
2009-04-19 08:37 . 2009-04-19 08:37

d

w c:usersTOSH!DoctorWeb
2009-04-18 11:06 . 2009-04-25 22:15

d

w c:program filesSteam
2009-04-18 01:27 . 2009-04-18 01:27

d

w C:VundoFix Backups
2009-04-18 01:17 . 2009-04-18 01:17

d

w c:windowsSun
2009-04-17 23:39 . 2009-04-17 23:39 410984 —-a-w c:windowssystem32deploytk.dll
2009-04-17 23:38 . 2009-04-17 23:38

d

w c:program filesJava
2009-04-16 09:43 . 2009-04-16 09:43 199 —-a-w C:DARE.INI
2009-04-16 09:43 . 2009-04-16 09:43

d

w c:usersTOSH!AppDataLocalUbisoft
2009-04-12 00:44 . 2009-04-12 00:44

d

w c:program filesMicrosoft Windows OneCare Live
2009-04-11 01:16 . 2009-04-11 01:18

d

w c:program filesABBYY FineReader 8.0 Professional Edition
2009-04-11 01:14 . 2005-08-25 09:38 65536 —-a-w c:tempautorun.exe
2009-04-11 01:14 . 2005-08-25 09:38 344064 —-a-w c:tempsetup.exe
2009-04-11 01:14 . 2003-04-21 04:09 245408 —-a-w c:tempunicows.dll
2009-04-11 01:14 . 2002-03-11 01:06 1822520 —-a-w c:tempinstmsiW.exe
2009-04-11 01:14 . 2005-10-27 06:56

d

w c:tempReadMe
2009-04-11 01:13 . 2009-04-12 03:42

d

w c:tempCrack
2009-04-11 01:13 . 2005-10-27 06:56

d

w c:tempFineReader 8.0
2009-04-09 09:00 . 2009-04-09 09:11

d

w c:usersTOSH!AppDataRoamingAveDesk
2009-04-07 09:01 . 2009-04-07 09:01

d

w c:program filesCommon FilesStardock
2009-04-07 08:07 . 2009-04-07 08:07

d

w c:program filesStardock
2009-04-06 08:52 . 2008-03-31 00:59 3034624 —-a-w c:windowssystem32The Lost Watch 3D Screensaver.exe
2009-04-06 08:52 . 2008-03-28 07:40 855552 —-a-w c:windowssystem32The_Lost_Watch_3D_Screensaver.scr
2009-04-06 08:52 . 2009-04-06 08:52

d

w c:program filesThe Lost Watch 3D Screensaver
2009-04-06 08:44 . 2008-03-31 01:02 11068928 —-a-w c:windowssystem32Coral Clock 3D Screensaver.exe
2009-04-06 08:44 . 2009-04-06 08:44

d

w c:program filesCoral Clock 3D Screensaver
2009-04-06 08:44 . 2008-03-28 07:44 843776 —-a-w c:windowssystem32Coral_Clock_3D_Screensaver.scr
2009-04-06 08:30 . 2009-04-06 08:31

d

w c:program filesFireplace 3D Screensaver
2009-04-06 08:12 . 2009-04-07 07:56

d

w c:usersTOSH!AppDataLocalStardock
2009-04-04 06:21 . 2009-04-04 06:21

d

w c:program filesTunatic
2009-04-03 09:37 . 2009-01-14 22:19 453152 —-a-w c:windowssystem32nvuninst.exe
2009-04-03 09:29 . 2007-08-27 14:59 307200 —-a-w c:windowssystem32nvexpbar.dll
2009-04-03 09:27 . 2009-04-03 09:27

d

w c:program filesMicrosoft
2009-04-03 09:26 . 2009-04-03 09:26

d

w c:program filesWindows Live SkyDrive
2009-04-03 09:26 . 2009-04-03 09:27

d

w c:program filesWindows Live
2009-04-03 09:26 . 2009-04-03 09:26

d

w c:program filesMicrosoft SQL Server Compact Edition
2009-04-03 08:47 . 2009-04-03 08:47

d

w c:program filesCommon FilesWindows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 22:23 . 2008-07-01 06:02

d

w c:programdataBitmeter2
2009-04-25 22:15 . 2009-04-25 04:31 119296 —-a-w c:windowsSystem32zlib.dll
2009-04-25 22:14 . 2009-04-19 21:22 4925 —-a-w C:aaw7boot.log
2009-04-25 07:50 . 2008-05-22 05:48

d

w c:programdataMicrosoft Help
2009-04-25 06:30 . 2008-05-30 09:56

d

w c:usersTOSH!AppDataRoamingXnView
2009-04-25 06:02 . 2008-05-17 23:58

d—h—w c:program filesInstallShield Installation Information
2009-04-25 03:39 . 2008-10-27 12:34

d

w c:usersTOSH!AppDataRoamingAIMP
2009-04-25 03:32 . 2006-11-02 10:25 51200 —-a-w c:windowsInfinfpub.dat
2009-04-25 03:32 . 2006-11-02 10:25 143360 —-a-w c:windowsInfinfstrng.dat
2009-04-25 03:32 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstor.dat
2009-04-24 07:09 . 2009-04-24 07:03 1716 —-a-w C:avenger.txt
2009-04-22 11:44 . 2008-07-11 03:47

d

w c:program filesSpeedFan
2009-04-22 08:46 . 2006-11-09 07:21 656154 —-a-w c:windowsSystem32perfh019.dat
2009-04-22 08:46 . 2006-11-09 07:21 126450 —-a-w c:windowsSystem32perfc019.dat
2009-04-21 09:46 . 2009-03-15 12:59

d

w c:usersTOSH!AppDataRoamingSkype
2009-04-19 13:00 . 2009-03-23 09:11

d

w c:usersTOSH!AppDataRoamingAny Video Converter
2009-04-18 11:24 . 2008-05-26 11:02

d

w c:programdataMedia Center Programs
2009-04-18 11:08 . 2008-07-24 04:43

d

w c:program filesCommon FilesSteam
2009-04-18 11:06 . 2009-01-28 10:01

d

w c:program filesMicrosoft Games for Windows — LIVE
2009-04-18 01:40 . 2009-04-18 01:27 135 —-a-w C:VundoFix.txt
2009-04-16 20:43 . 2009-03-17 11:13

d

w c:usersTOSH!AppDataRoaminguTorrent
2009-04-12 02:03 . 2009-03-22 02:43

d

w c:program filesWindows Live Safety Center
2009-04-10 07:49 . 2008-06-11 06:06

d

w c:usersTOSH!AppDataRoamingMra
2009-04-09 05:18 . 2008-07-27 04:01

d

w c:program filesBonjour
2009-04-03 09:53 . 2008-05-16 05:52

d

w c:programdataNVIDIA
2009-04-03 09:48 . 2008-11-13 03:32

d

w c:program filesCommon FilesWise Installation Wizard
2009-04-03 09:48 . 2008-11-13 03:32

d

w c:program filesAGEIA Technologies
2009-04-03 09:39 . 2008-05-16 05:45 1356 —-a-w c:usersTOSH!AppDataLocald3d9caps.dat
2009-03-28 22:23 . 2009-01-17 03:15

d

w c:usersTOSH!AppDataRoamingNokia
2009-03-28 22:03 . 2009-01-17 03:13

d

w c:program filesCommon FilesNokia
2009-03-28 22:03 . 2009-01-17 02:59

d

w c:program filesNokia
2009-03-28 22:02 . 2009-01-17 03:25

d

w c:programdataInstallations
2009-03-23 09:12 . 2009-03-23 09:11

d

w c:program filesAny Video Converter
2009-03-23 09:11 . 2009-03-15 10:40

d

w c:program filesXilisoft
2009-03-22 12:56 . 2008-06-15 10:25

d

w c:program filesICQ6
2009-03-22 08:10 . 2008-05-23 21:45

d

w c:program filesDownload Master
2009-03-22 06:37 . 2006-11-02 11:18

d

w c:program filesWindows Mail
2009-03-17 11:13 . 2009-03-17 11:13

d

w c:program filesuTorrent
2009-03-15 21:00 . 2008-06-09 02:22

d—a-w c:programdataTEMP
2009-03-15 12:59 . 2009-03-15 12:59

d

r c:program filesSkype
2009-03-15 12:59 . 2008-07-01 06:09

d

w c:programdataSkype
2009-03-15 12:51 . 2008-07-01 06:12

d

w c:usersTOSH!AppDataRoamingskypePM
2009-03-15 10:42 . 2009-03-15 10:42

d

w c:usersTOSH!AppDataRoamingdvdcss
2009-03-14 02:08 . 2008-05-22 06:42

d

w c:program filesOpera
2009-03-09 12:01 . 2009-03-09 12:01

d

w c:program filesVistaCodecPack
2009-03-09 12:01 . 2009-03-09 12:01

d

w c:programdataVistaCodecs
2009-03-08 10:50 . 2008-05-17 23:58

d

w c:program filesCyberLink
2009-03-08 10:49 . 2008-05-18 00:02

d

w c:usersTOSH!AppDataRoamingCyberLink
2009-03-08 10:49 . 2008-05-18 00:00

d

w c:programdataCyberLink
2009-03-08 08:53 . 2009-03-08 08:53

d

w c:programdataInterVideo
2009-03-08 08:53 . 2009-03-08 08:52

d

w c:program filesCommon FilesUlead Systems
2009-03-08 08:52 . 2009-03-08 08:50

d

w c:program filesCorel
2009-03-08 08:52 . 2009-03-05 12:13

d

w c:programdataUlead Systems
2009-03-08 08:49 . 2008-05-26 10:43

d

w c:program filesCCleaner
2009-03-08 04:58 . 2008-07-24 01:00

d

w c:usersTOSH!AppDataRoamingAuslogics
2009-03-08 04:33 . 2008-07-24 01:00

d

w c:program filesAuslogics
2009-03-06 02:55 . 2009-03-05 12:15

d

w c:usersTOSH!AppDataRoamingUlead Systems
2009-03-05 12:40 . 2009-03-05 12:40

d

w c:program filesCommon FilesCyberLink
2009-03-05 12:39 . 2008-05-17 23:59 29480 —-a-w c:windowsSystem32msxml3a.dll
2009-03-05 12:36 . 2008-05-16 05:45 89656 —-a-w c:usersTOSH!AppDataLocalGDIPFONTCACHEV1.DAT
2009-03-05 12:34 . 2009-03-05 11:56

d

w c:usersTOSH!AppDataRoaminggtk-2.0
2009-03-05 12:14 . 2009-03-05 12:14

d

w c:program filesWindows Media Components
2009-03-05 11:54 . 2009-03-05 11:54

d

w c:usersTOSH!AppDataRoamingavidemux
2009-02-26 08:21 . 2008-05-22 19:36

d

w c:program filesMicrosoft Silverlight
2009-02-25 03:35 . 2009-02-25 03:34

d

w c:programdata{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-25 03:35 . 2009-02-25 03:34

d

w c:program filesiTunes
2009-02-25 03:34 . 2009-02-25 03:34

d

w c:program filesiPod
2009-02-25 03:34 . 2008-06-23 07:32

d

w c:program filesCommon FilesApple
2009-02-25 03:34 . 2009-02-25 03:33

d

w c:program filesQuickTime
2009-02-25 03:33 . 2008-06-23 07:33

d

w c:programdataApple Computer
2009-02-09 03:10 . 2009-03-22 06:19 2033152 —-a-w c:windowsSystem32win32k.sys
2009-02-06 08:29 . 2009-02-06 08:29 308104 —-a-w c:windowsWLXPGSS.SCR
2008-05-17 03:13 . 2006-11-02 12:50 174 —sha-w c:program filesdesktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«EPSON Stylus CX3900 Series»=»c:windowssystem32spoolDRIVERSW32X863E_FATIBEP.EXE» [2006-09-20 139264]
«ehTray.exe»=»c:windowsehomeehTray.exe» [2008-01-18 125952]
«AutoPowerOn»=»c:program filesAutoPowerOnAutoPowerOn.exe» [2007-03-04 2786816]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2008-12-03 1205760]
«Steam»=»c:program filesSteamSteam.exe» [2009-04-18 1410296]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«egui»=»c:program filesESETESET Smart Securityegui.exe» [2008-03-13 1443072]
«snp2std»=»c:windowsvsnp2std.exe» [2006-12-04 675840]
«googletalk»=»c:program filesGoogleGoogle Talkgoogletalk.exe» [2007-01-01 3739648]
«WheelMouse»=»c:program filesA4TechMouseAmoumain.exe» [2007-05-15 204800]
«UVS12 Preload»=»c:program filesCorelCorel VideoStudio 12uvPL.exe» [2008-06-09 397456]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-02-09 13683232]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-02-09 92704]
«MAgent»=»c:program filesMail.RuAgentmagent.exe» [2009-04-10 6210744]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-04-17 148888]
«Ad-Watch»=»c:program filesLavasoftAd-AwareAAWTray.exe» [2009-03-09 515416]

c:usersTOSH!AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Stardock ObjectDock.lnk — c:program filesStardockObjectDockObjectDock.exe [2009-4-7 3581680]
‘®¤Ґа¦ ЁҐ OneNote.onetoc2 [2008-5-26 3656]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
Bitmeter2.lnk — c:program filesCodeboxBitMeterBitMeter2.exe [2008-5-8 1458176]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]
@=»Service»

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
path=c:programdataMicrosoftWindowsStart MenuProgramsNokiaNokia Ovi Suite.lnk
backup=c:windowspssNokia Ovi Suite.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM~startupfolderC:^Users^TOSH!^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Вырезка экрана и программа запуска для OneNote 2007.lnk]
backup=c:windowspssВырезка экрана и программа запуска для OneNote 2007.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNokiaMServer
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRGSC

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-3304611937-2532547366-3295552813-1000]
«EnableNotificationsRef»=dword:00000002

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{D86C6617-790F-47DF-BDA5-26511176397B}»= UDP:c:windowsSystem32trafinspag.exe:trafinspag.exe
«{1235559C-D9A8-416A-A628-E4DEB1DC9993}»= TCP:c:windowsSystem32trafinspag.exe:trafinspag.exe
«{5B377EE2-0559-42DD-97D7-18C95C5E944F}»= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{9ACEB5B5-695F-48C6-AAF7-5365138AA576}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{01648D3B-9DCE-4ECA-9888-388E8401CC36}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{CABEB9C8-9275-4B54-BD66-216C6F417008}»= UDP:c:gamesCodemastersGRIDGRID.exe:GRID
«{91A03E45-A284-4DAB-8246-4CDF4EC092C4}»= TCP:c:gamesCodemastersGRIDGRID.exe:GRID
«{5017074F-6C6F-4A2B-A2D6-C70CA5B4D081}»= UDP:c:program filesiTunesiTunes.exe:iTunes
«{E9F21B55-D863-4241-9E4F-33AFC4DC25E1}»= TCP:c:program filesiTunesiTunes.exe:iTunes
«{82B638BA-F28F-4070-88DB-3CE0DAE540AA}»= UDP:c:program filesGoogleGoogle Talkgoogletalk.exe:Google Talk
«{3BF05882-722E-4AE9-B0E7-D0241998A4C1}»= TCP:c:program filesGoogleGoogle Talkgoogletalk.exe:Google Talk
«{44DA6333-A763-4596-9050-B67C8E7F85B2}»= UDP:990:LocalSubnet:LocalSubnet|IF={34B6824B-491B-4674-AE0A-CAB252F0770E}|%SystemRoot%system32svchost.exe|Svc=rapimgr:@%systemroot%WindowsMobilewmdSync.exe,-4001
«{A4E22374-D892-4A9F-8A3F-5CD72C66BD65}»= UDP:c:program filesiTunesiTunes.exe:iTunes
«{406086A9-95FE-4B76-8676-3283EA25DDC3}»= TCP:c:program filesiTunesiTunes.exe:iTunes
«{C2C93764-275C-41A7-9B67-1B5993E8CE7A}»= c:program filesCyberLinkPowerDVD8PowerDVD8.EXE:CyberLink PowerDVD 8.0
«{C181DF5A-4374-44A9-BEFB-ED9673C744CD}»= UDP:c:gamesEA GamesMirror’s EdgeBinariesMirrorsEdge.exe:Mirror’s Edge™
«{CC6EA890-7217-4401-B8E6-368ABA8D7F56}»= TCP:c:gamesEA GamesMirror’s EdgeBinariesMirrorsEdge.exe:Mirror’s Edge™
«{25A4ABD8-F584-491F-967E-BBD6EC655861}»= c:program filesSkypePhoneSkype.exe:Skype
«{4BEA4D01-B9FE-4268-BF47-EA2DE7569C10}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{ABBBCF89-2FF7-468B-99AE-B7AABA90886C}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent (UDP-In)
«{03F683BA-D73B-4159-B43D-9165482A9B5E}»= c:program filesWindows LiveSyncWindowsLiveSync.exe:Windows Live Sync
«{750DEF01-F791-453B-B3E9-9DBF6ED05EFE}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent
«{F746D5A5-2FF1-4424-A7A9-C9050F7F8069}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent
«{7BBCEB66-C07B-42BD-9A1A-5CCF844FE83A}»= UDP:c:program filesSkypePhoneSkype.exe:Skype
«{18E59B87-8644-4AD2-B60C-42FA343EF11A}»= TCP:c:program filesSkypePhoneSkype.exe:Skype
«{5D9AC09A-E0C0-4264-B7FB-4077E0E012AE}»= UDP:c:program filesBonjourmDNSResponder.exe:Bonjour
«{CFC76CA8-D516-4FA1-9B57-AECD9B836675}»= TCP:c:program filesBonjourmDNSResponder.exe:Bonjour
«{B75C9B2B-232E-49C9-A695-C76590BC7034}»= UDP:c:gamesUbisoftShaun White SnowboardingShaunWhiteSnowboardingGame.exe:Shaun White Snowboarding
«{5749BC73-F5D1-4274-9918-0D41ED53BAF9}»= TCP:c:gamesUbisoftShaun White SnowboardingShaunWhiteSnowboardingGame.exe:Shaun White Snowboarding

[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)

R2 appdrvrem01;Application Driver Auto Removal Service (01); [x]
R2 gupdate1c991a6cf4c27d3;Служба Google Update (gupdate1c991a6cf4c27d3);c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-18 133104]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program filesLavasoftAd-AwareAAWService.exe [2009-03-09 951632]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [2008-02-01 8320]
R3 s716bus;Sony Ericsson Device 716 driver (WDM);c:windowssystem32DRIVERSs716bus.sys [2007-04-04 83208]
R3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:windowssystem32DRIVERSs716mdfl.sys [2007-04-04 15112]
R3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:windowssystem32DRIVERSs716mdm.sys [2007-04-04 108552]
R3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:windowssystem32DRIVERSs716mgmt.sys [2007-04-04 100360]
R3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:windowssystem32DRIVERSs716nd5.sys [2007-04-04 23176]
R3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:windowssystem32DRIVERSs716obex.sys [2007-04-04 98568]
R3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:windowssystem32DRIVERSs716unic.sys [2007-04-04 98952]
R3 SaiH040C;SaiH040C;c:windowssystem32DRIVERSSaiH040C.sys [2007-05-01 132232]
R3 SaiU040C;SaiU040C;c:windowssystem32DRIVERSSaiU040C.sys [2007-05-01 28416]
S0 Lbd;Lbd;c:windowssystem32DRIVERSLbd.sys [2009-03-09 64160]
S1 appdrv01;Application Driver (01);c:windowssystem32Driversappdrv01.sys [2009-04-21 3110512]
S2 ekrn;Eset Service;c:program filesESETESET Smart Securityekrn.exe [2008-03-13 472320]
S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver;c:windowssystem32DRIVERSDLKRT32.sys [2007-01-24 70144]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0abe1362-7967-11dd-a601-001b115998dd}]
shellAutoRuncommand — c:windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledautorun.exe
shellOpencommand — Recycledautorun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7f1a04d9-2342-11dd-ad9c-806e6f6e6963}]
shellAutoRuncommand — E:Autorun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d6a6f2f0-9055-11dd-8416-001b115998dd}]
shellAutoRuncommand — c:windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledautorun.exe
shellOpencommand — Recycledautorun.exe
.
Contents of the ‘Scheduled Tasks’ folder

2009-04-19 c:windowsTasksAd-Aware Update (Weekly).job
— c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2009-03-09 19:06]

2009-04-25 c:windowsTasksGoogleUpdateTaskMachine.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-18 08:56]

2009-04-25 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3304611937-2532547366-3295552813-1000.job
— c:usersTOSH!AppDataLocalGoogleUpdateGoogleUpdate.exe [2009-01-30 09:53]
.
— — — — ORPHANS REMOVED — — — —

SSODL-okmdepgb-{499B1A17-2876-4C6B-980C-AA507428E8FA} — (no file)

.

Supplementary Scan

.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
Handler: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — c:progra~1Solo9SoloRes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 09:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

c:usersTOSH!AppDataLocalTempcatchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINESystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINESystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINESystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
Completion time: 2009-04-25 9:30
ComboFix-quarantined-files.txt 2009-04-25 22:30

Pre-Run: 10 085 474 304 байт свободно
Post-Run: 10 098 806 784 байт свободно

315 — E O F — 2009-04-03 09:29
27 апреля, 2009 в 4:23 пп #23523
Admin
Keymaster
- Темы:40
- Сообщений:5676
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
```
Registry::

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0abe1362-7967-11dd-a601-001b115998dd}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7f1a04d9-2342-11dd-ad9c-806e6f6e6963}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d6a6f2f0-9055-11dd-8416-001b115998dd}]
```
Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог,сохраните его на ваш рабочий стол.

Скачайте RootkitRevealer кликнув по этой ссылке и распакуйте файл в папку, например C:RootkitRevealer.
Отключите соединение с Интернетом и ваш антивирус.
Запустите RootkitRevealer.
Когда программа запустится кликните по кнопке Scan.
Когда сканирование закончится, кликните File->Save и сохраните лог на ваш рабочий стол.
Закройте RootkitRevealer.

Жду от вас RootkitRevealer лог + Combofix лог.
29 апреля, 2009 в 10:13 дп #23524
tosh_loco
Participant
- Темы:1
- Сообщений:5
Здравствуйте и спасибо огромное!!! Обновления пошли.
Вот лог с Combofix. А вот с RootkitRevealer получается проблема. При запуске программы она выкидывает меня с рабочего стола куда-то на серый экран, где и проводит сканирование, поминутно выходя из системы на экран выбора пользователя. По окончании сканирования прога просто выключилась, не дав сохранить лог 🙁

[attachment=0:1gwijgq4]ComboFix.txt[/attachment:1gwijgq4]
30 апреля, 2009 в 12:56 пп #23525
Admin
Keymaster
- Темы:40
- Сообщений:5676
Лог выглядит нормально.

Проверим немножко больше.
Проверьте ещё ваш компьютер используя Kaspersky Online Scanner, для этого кликните по этой ссылке.
Результаты сканирования запишите на ваш рабочий стол.

Проверим ваш компьютер с помощью программы которая ищет руткиты.

Скачайте программу GMER кликнув по этой ссылке.
Распакуйте программу на ваш рабочий стол.
Отключите Интернет и все антивирусы.
Запустите программу.
В правой части программы, в небольшом окошке будут перечислены все ваши диски, пожалуйста выделите их галочками.
Кликните по кнопке Scan.
Когда сканирование закончится, кликните по кнопке Copy.
Запустите Блокнот (Пуск -> Выполнить, введите notepad и нажмите Enter).
Вставьте результаты сканирования в блокнот (CTRL + V). Сохраните получившийся файл на ваш рабочий стол.

Жду от вас Kaspersky Online Scanner лог + GMER лог.
2 мая, 2009 в 8:59 пп #23526
tosh_loco
Participant
- Темы:1
- Сообщений:5
Снова здравствуйте.
Вот логи, как и просили.
4 мая, 2009 в 4:09 пп #23527
Admin
Keymaster
- Темы:40
- Сообщений:5676
Оба лога выглядят нормально. Сейчас работает система обновлений ?
Автор

Сообщения

Просмотр 10 сообщений - с 1 по 10 (из 10 всего)

Для ответа в этой теме необходимо авторизоваться.

Не проходят обновления Windows

Добро пожаловать

Поиск

Последние темы

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки