- This topic has 8 ответов, 2 участника, and was last updated 16 years назад by
.
-
Сообщения
-
Здраствуйте.
Моя проблема заключается в том, что после загрузки виндуса при нажатии ctrl+alt+del и выбора диспетчера задач, он сворачивается в трей и не реагирует ни на какие действия (двойной клик левой кнопкой мыши или правой). Так же он ведет себя если вызывать его другими способами. Антивирус Касперского не нашел на компе вирусов… Я почитал форум и использовал ComboFix после чего Диспетчер вызывается нормально и работает… но стоит перезагрузить компьютер и все начинается по новой.
Самостоятельно я не смог найти решения проблемы поэтому и обратился к вам.log.txt:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by 1 at 2009-04-22 15:19:38
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 22 GB (44%) free of 50 GB
Total RAM: 2046 MB (68% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:15, on 22.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesVtuneTBPANEL.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesOperaOpera.exe
C:Windowssystem32SearchFilterHost.exe
C:Users1DesktopRSIT.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program Filestrend micro1.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 — Hosts: ::1 localhost
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Anti-Virus 2009ievkbd.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe»
O4 — HKCU..Run: [TBPanel] C:Program FilesVtuneTBPanel.exe /A
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 — Extra button: Статистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Anti-Virus 2009SCIEPlgn.dll
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O13 — Gopher Prefix:
O16 — DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) — http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 — HKLMSystemCCSServicesTcpip..{5D70B13B-2A9C-49A3-9786-879696C7D2F8}: NameServer = 195.34.32.116 212.188.4.10
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll
O23 — Service: Kaspersky Anti-Virus (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: nProtect GameGuard Service (npggsvc) — Unknown owner — C:Windowssystem32GameMon.des.exe (file missing)
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: PnkBstrA — Unknown owner — C:Windowssystem32PnkBstrA.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Steam Client Service — Valve Corporation — C:Program FilesCommon FilesSteamSteamService.exe—
End of file — 4781 bytes======Scheduled tasks folder======
C:WindowstasksRegCure Program Check.job
C:WindowstasksRegCure.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Anti-Virus 2009ievkbd.dll [2008-11-11 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-04-03 35840][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-04-03 148888]
«AVP»=C:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe [2009-04-21 206088][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«TBPanel»=C:Program FilesVtuneTBPanel.exe [2008-07-10 2154496]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-10 216520][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe [2007-08-03 202024][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCnxDslTaskBar]
C:Program FilesZyXELOMNI ADSL USBCnxDslTb.exe [2003-12-30 491520][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor]
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBKeyScan]
C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-08-08 1828136][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:Windowssystem32NvCpl.dll [2008-11-12 13675040][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:Windowssystem32NvMcTray.dll [2008-11-12 92704][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2008-12-03 1205760][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRtHDVCpl]
C:WindowsRtHDVCpl.exe [2008-02-13 4915200][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSteam]
d:steamsteam.exe [2009-01-19 1410296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:Windowssystem32klogon.dll [2008-11-11 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskManager»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2009-04-22 15:00:49 —-D—- C:rsit
2009-04-22 15:00:49 —-D—- C:Program Filestrend micro
2009-04-22 14:44:34 —-D—- C:Windowstemp
2009-04-22 14:44:33 —-A—- C:ComboFix.txt
2009-04-22 14:40:45 —-D—- C:ComboFix
2009-04-22 13:48:22 —-D—- C:Program FilesRegCure
2009-04-22 12:58:48 —-D—- C:Users1AppDataRoamingMalwarebytes
2009-04-22 12:58:44 —-D—- C:ProgramDataMalwarebytes
2009-04-22 12:58:44 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-04-21 23:57:42 —-A—- C:Windowszip.exe
2009-04-21 23:57:42 —-A—- C:WindowsvFind.exe
2009-04-21 23:57:42 —-A—- C:WindowsSWXCACLS.exe
2009-04-21 23:57:42 —-A—- C:WindowsSWSC.exe
2009-04-21 23:57:42 —-A—- C:WindowsSWREG.exe
2009-04-21 23:57:42 —-A—- C:Windowssed.exe
2009-04-21 23:57:42 —-A—- C:WindowsNIRCMD.exe
2009-04-21 23:57:42 —-A—- C:Windowsgrep.exe
2009-04-21 23:57:24 —-D—- C:WindowsERDNT
2009-04-21 23:57:09 —-D—- C:Qoobox
2009-04-21 17:45:17 —-A—- C:Windowsntbtlog.txt
2009-04-21 16:32:00 —-D—- C:ProgramDataKaspersky Lab
2009-04-21 16:32:00 —-D—- C:Program FilesKaspersky Lab
2009-04-21 16:12:09 —-A—- C:Windowssystem32PresentationCFFRasterizerNative_v0300.dll
2009-04-21 16:12:09 —-A—- C:Windowssystem32infocardapi.dll
2009-04-21 16:12:08 —-A—- C:Windowssystem32PresentationHostProxy.dll
2009-04-21 16:12:08 —-A—- C:Windowssystem32icardres.dll
2009-04-21 16:12:08 —-A—- C:Windowssystem32icardagt.exe
2009-04-21 16:12:07 —-A—- C:Windowssystem32PresentationNative_v0300.dll
2009-04-21 16:12:06 —-A—- C:Windowssystem32PresentationHost.exe
2009-04-21 16:09:08 —-A—- C:Windowssystem32dfshim.dll
2009-04-21 16:09:07 —-A—- C:Windowssystem32netfxperf.dll
2009-04-21 16:09:07 —-A—- C:Windowssystem32mscoree.dll
2009-04-21 16:09:04 —-A—- C:Windowssystem32mscorier.dll
2009-04-21 16:09:02 —-A—- C:Windowssystem32mscories.dll
2009-04-21 15:36:29 —-D—- C:ProgramDataKaspersky Lab Setup Files
2009-04-21 13:48:19 —-D—- C:ProgramDataTages
2009-04-20 15:06:15 —-D—- C:Users1AppDataRoamingDigital Support Free Tools
2009-04-16 02:01:33 —-A—- C:Windowssystem32sdohlp.dll
2009-04-16 02:01:33 —-A—- C:Windowssystem32rpcss.dll
2009-04-16 02:01:33 —-A—- C:Windowssystem32printfilterpipelinesvc.exe
2009-04-16 02:01:33 —-A—- C:Windowssystem32printfilterpipelineprxy.dll
2009-04-16 02:01:33 —-A—- C:Windowssystem32ntoskrnl.exe
2009-04-16 02:01:33 —-A—- C:Windowssystem32ntkrnlpa.exe
2009-04-16 02:01:33 —-A—- C:Windowssystem32iasrecst.dll
2009-04-16 02:01:33 —-A—- C:Windowssystem32iashost.exe
2009-04-16 02:01:33 —-A—- C:Windowssystem32iasdatastore.dll
2009-04-16 02:01:33 —-A—- C:Windowssystem32iasads.dll
2009-04-16 02:01:30 —-A—- C:Windowssystem32secur32.dll
2009-04-16 02:01:30 —-A—- C:Windowssystem32lsasrv.dll
2009-04-16 02:01:30 —-A—- C:Windowssystem32kernel32.dll
2009-04-16 02:01:30 —-A—- C:Windowssystem32apilogen.dll
2009-04-16 02:01:30 —-A—- C:Windowssystem32amxread.dll
2009-04-16 02:01:24 —-A—- C:Windowssystem32mshtml.dll
2009-04-16 02:01:23 —-A—- C:Windowssystem32urlmon.dll
2009-04-16 02:01:23 —-A—- C:Windowssystem32ieframe.dll
2009-04-16 02:01:22 —-A—- C:Windowssystem32wininet.dll
2009-04-16 02:01:22 —-A—- C:Windowssystem32occache.dll
2009-04-16 02:01:22 —-A—- C:Windowssystem32mstime.dll
2009-04-16 02:01:22 —-A—- C:Windowssystem32msfeeds.dll
2009-04-16 02:01:22 —-A—- C:Windowssystem32jsproxy.dll
2009-04-16 02:01:22 —-A—- C:Windowssystem32ieUnatt.exe
2009-04-16 02:01:22 —-A—- C:Windowssystem32iertutil.dll
2009-04-16 02:01:22 —-A—- C:Windowssystem32ieencode.dll
2009-04-16 02:01:22 —-A—- C:Windowssystem32iedkcs32.dll
2009-04-16 02:01:22 —-A—- C:Windowssystem32ieaksie.dll
2009-04-16 02:01:15 —-A—- C:Windowssystem32winhttp.dll
2009-04-16 02:01:13 —-A—- C:Windowssystem32xolehlp.dll
2009-04-16 02:01:13 —-A—- C:Windowssystem32msdtcprx.dll
2009-04-03 17:08:52 —-HD—- C:WindowsPIF
2009-04-03 02:00:27 —-A—- C:Windowssystem32javaws.exe
2009-04-03 02:00:27 —-A—- C:Windowssystem32javaw.exe
2009-04-03 02:00:27 —-A—- C:Windowssystem32java.exe
2009-04-03 02:00:27 —-A—- C:Windowssystem32deploytk.dll
2009-04-03 02:00:18 —-D—- C:Program FilesJava
2009-03-31 17:33:50 —-D—- C:Users1AppDataRoamingInstallShield======List of files/folders modified in the last 1 months======
2009-04-22 15:17:26 —-D—- C:Windowssystem32catroot2
2009-04-22 15:00:49 —-RD—- C:Program Files
2009-04-22 14:57:29 —-D—- C:WindowsSystem32
2009-04-22 14:57:29 —-A—- C:Windowssystem32PerfStringBackup.INI
2009-04-22 14:57:28 —-D—- C:Windowsinf
2009-04-22 14:44:35 —-D—- C:Windowssystem32ru-RU
2009-04-22 14:44:34 —-D—- C:Windows
2009-04-22 14:43:26 —-A—- C:Windowssystem.ini
2009-04-22 14:42:47 —-D—- C:Windowssystem32drivers
2009-04-22 14:42:47 —-D—- C:WindowsAppPatch
2009-04-22 14:42:46 —-D—- C:Program FilesCommon Files
2009-04-22 14:41:02 —-SHD—- C:System Volume Information
2009-04-22 14:18:24 —-D—- C:ProgramDataMedia Center Programs
2009-04-22 14:08:12 —-D—- C:WindowsTasks
2009-04-22 14:08:12 —-D—- C:Windowssystem32Tasks
2009-04-22 13:39:20 —-D—- C:Windowstracing
2009-04-22 12:58:44 —-HD—- C:ProgramData
2009-04-22 04:36:37 —-D—- C:Users1AppDataRoaminguTorrent
2009-04-21 16:45:59 —-D—- C:Windowssystem32WDI
2009-04-21 16:40:36 —-D—- C:Windowsrescache
2009-04-21 16:34:02 —-SHD—- C:WindowsInstaller
2009-04-21 16:33:29 —-D—- C:Windowssystem32catroot
2009-04-21 16:26:53 —-D—- C:WindowsMicrosoft.NET
2009-04-21 16:26:52 —-RSD—- C:Windowsassembly
2009-04-21 16:23:22 —-D—- C:Windowssystem32XPSViewer
2009-04-21 16:23:22 —-D—- C:Windowssystem32wbem
2009-04-21 16:23:22 —-D—- C:Windowssystem32en-US
2009-04-21 16:15:46 —-D—- C:Windowswinsxs
2009-04-21 16:02:47 —-D—- C:WindowsPrefetch
2009-04-21 14:34:25 —-D—- C:Program FilesDAEMON Tools Lite
2009-04-21 13:31:57 —-HD—- C:Program FilesInstallShield Installation Information
2009-04-20 12:39:28 —-D—- C:Windowssystem32LogFiles
2009-04-19 15:02:51 —-A—- C:WindowsNeroDigital.ini
2009-04-18 15:52:10 —-D—- C:Program FilesCommon FilesSteam
2009-04-18 03:08:10 —-SD—- C:WindowsDownloaded Program Files
2009-04-16 03:26:04 —-D—- C:Windowssystem32manifeststore
2009-04-16 03:26:04 —-D—- C:Program FilesWindows Mail
2009-04-16 03:26:03 —-D—- C:Program FilesInternet Explorer
2009-04-06 18:57:24 —-A—- C:Windowssystem32mrt.exe
2009-04-01 15:04:26 —-D—- C:Program FilesCommon FilesInstallShield
2009-03-26 04:49:53 —-D—- C:Program FilesICQ6======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 CSC;Offline Files Driver; C:Windowssystem32driverscsc.sys [2008-01-21 350720]
R1 kl1;kl1; C:Windowssystem32DRIVERSkl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:Windowssystem32DRIVERSklif.sys [2009-04-21 239120]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:Windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WindowsSystem32driversprodrv06.sys [2004-04-08 54272]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-04-21 279712]
R2 CDRPDACC;Quinnware CDDA Driver (by InfinaDyne); ??C:Program FilesQuintessential Playercdrpdacc.sys [2005-12-06 5273]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-04-21 25888]
R2 TBPanel;TBPanel; C:Windowssystem32driversTBPanel.sys [2007-03-16 12256]
R3 FStarForce;FStarForce; C:Windowssystem32DRIVERSFStarForce.sys [2008-09-28 7680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2008-02-14 2061528]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2008-11-12 7611360]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver; C:Windowssystem32DRIVERSusb8023.sys [2008-01-21 15872]
S3 aazts2pr;aazts2pr; C:Windowssystem32driversaazts2pr.sys []
S3 Cardex;Cardex; ??C:Windowssystem32driversTBPANEL.SYS [2007-03-16 12256]
S3 catchme;catchme; ??C:Users1AppDataLocalTempcatchme.sys []
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver; C:Windowssystem32DRIVERSCnxEtP.sys [2003-07-31 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:Windowssystem32DRIVERSCnxEtU.sys [2003-07-31 642944]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver; C:Windowssystem32DRIVERSCnxTgN.sys [2003-08-01 108547]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-21 5632]
S3 gdrv;gdrv; ??C:Windowsgdrv.sys [2008-12-10 16608]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-21 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:Windowssystem32driversccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:Windowssystem32driversccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:Windowssystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 RTL8169;Realtek 8169 NT Driver; C:Windowssystem32DRIVERSRtlh86.sys [2008-01-25 106496]
S3 upperdev;upperdev; C:Windowssystem32DRIVERSusbser_lowerflt.sys [2008-09-15 8064]
S3 usbser;USB Modem Driver; C:Windowssystem32driversusbser.sys [2008-01-21 28160]
S3 UsbserFilt;UsbserFilt; C:Windowssystem32DRIVERSusbser_lowerfltj.sys [2008-09-15 8064]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys [2008-01-21 11264]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%system32cscsvc.dll,-200; C:WindowsSystem32svchost.exe [2008-01-21 21504]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-08-08 836904]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2008-11-12 207392]
R2 PnkBstrA;PnkBstrA; C:Windowssystem32PnkBstrA.exe [2008-12-16 66872]
S2 AVP;Kaspersky Anti-Virus; C:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe [2009-04-21 206088]
S3 AppMgmt;@appmgmts.dll,-3250; C:Windowssystem32svchost.exe [2008-01-21 21504]
S3 Fax;@%systemroot%system32fxsresm.dll,-118; C:Windowssystem32fxssvc.exe [2008-01-21 523776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-08-03 382248]
S3 npggsvc;nProtect GameGuard Service; C:Windowssystem32GameMon.des [2009-03-19 2726941]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-11-11 620544]
S3 Steam Client Service;Steam Client Service; C:Program FilesCommon FilesSteamSteamService.exe [2009-04-18 322032]
S3 UmRdpService;@%SystemRoot%system32umrdp.dll,-1000; C:WindowsSystem32svchost.exe [2008-01-21 21504]
S3 usprserv;User Privilege Service; C:WindowsSystem32svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%system32wbengine.exe,-104; C:Windowssystem32wbengine.exe [2008-01-21 917504]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Раз вы уже запускали Combofix, то запустите ещё раз и получившийся лог вставьте в ваш ответ.
ComboFix 09-04-22.A23 — 1 23.04.2009 19:24.7 — NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1251.7.1049.18.2046.1404 [GMT 4:00]
Running from: c:users1DesktopComboFix.exe
AV: Антивирус Касперского *On-access scanning disabled* (Outdated)
.((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
.2009-04-23 15:13 . 2009-04-23 15:13
d
w c:users1AppDataLocalMigWiz
2009-04-23 14:45 . 2009-04-23 14:45
d
w C:_OTMoveIt
2009-04-22 11:00 . 2009-04-22 11:01
d
w C:rsit
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:users1AppDataRoamingMalwarebytes
2009-04-22 08:58 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-04-22 08:58 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:usersAll UsersMalwarebytes
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:programdataMalwarebytes
2009-04-21 12:33 . 2009-04-21 12:41 89601 —-a-w c:windowssystem32driversklick.dat
2009-04-21 12:33 . 2009-04-21 12:41 101287 —-a-w c:windowssystem32driversklin.dat
2009-04-21 12:32 . 2009-04-23 15:20 3455008 —sha-w c:windowssystem32driversfidbox.dat
2009-04-21 12:32 . 2009-04-23 15:20 344096 —sha-w c:windowssystem32driversfidbox2.dat
2009-04-21 12:32 . 2009-04-23 15:20 3304 —sha-w c:windowssystem32driversfidbox2.idx
2009-04-21 12:32 . 2009-04-23 15:20 29120 —sha-w c:windowssystem32driversfidbox.idx
2009-04-21 12:32 . 2009-04-23 14:32
d
w c:usersAll UsersKaspersky Lab
2009-04-21 12:32 . 2009-04-23 14:32
d
w c:programdataKaspersky Lab
2009-04-21 12:12 . 2008-06-20 01:14 105016 —-a-w c:windowssystem32PresentationCFFRasterizerNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 97800 —-a-w c:windowssystem32infocardapi.dll
2009-04-21 12:12 . 2008-06-20 01:14 43544 —-a-w c:windowssystem32PresentationHostProxy.dll
2009-04-21 12:12 . 2008-06-20 01:14 37384 —-a-w c:windowssystem32infocardcpl.cpl
2009-04-21 12:12 . 2008-06-20 01:14 11264 —-a-w c:windowssystem32icardres.dll
2009-04-21 12:12 . 2008-06-20 01:14 622080 —-a-w c:windowssystem32icardagt.exe
2009-04-21 12:12 . 2008-06-20 01:14 781344 —-a-w c:windowssystem32PresentationNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 326160 —-a-w c:windowssystem32PresentationHost.exe
2009-04-21 12:09 . 2008-07-27 18:03 96760 —-a-w c:windowssystem32dfshim.dll
2009-04-21 12:09 . 2008-07-27 18:03 41984 —-a-w c:windowssystem32netfxperf.dll
2009-04-21 12:09 . 2008-07-27 18:03 282112 —-a-w c:windowssystem32mscoree.dll
2009-04-21 12:09 . 2008-07-27 18:03 158720 —-a-w c:windowssystem32mscorier.dll
2009-04-21 12:09 . 2008-07-27 18:03 83968 —-a-w c:windowssystem32mscories.dll
2009-04-21 11:40 . 2009-04-21 11:40 604140 —sha-w c:windowssystem32driversISwift3.dat
2009-04-21 11:36 . 2009-04-21 12:29
d
w c:usersAll UsersKaspersky Lab Setup Files
2009-04-21 11:36 . 2009-04-21 12:29
d
w c:programdataKaspersky Lab Setup Files
2009-04-21 09:48 . 2009-04-21 09:49
d
w c:usersAll UsersTages
2009-04-21 09:48 . 2009-04-21 09:49
d
w c:programdataTages
2009-04-20 11:06 . 2009-04-20 11:06
d
w c:users1AppDataRoamingDigital Support Free Tools
2009-04-13 16:55 . 2009-04-23 15:22 65536
w c:windowssystem32Ikeext.etl
2009-04-11 09:05 . 2009-03-19 16:16 2726941 —-a-w c:windowssystem32GameMon.des
2009-04-03 13:08 . 2009-04-03 13:08
d—h—w c:windowsPIF
2009-04-02 22:00 . 2009-04-02 22:00 410984 —-a-w c:windowssystem32deploytk.dll
2009-04-02 21:49 . 2009-04-02 21:49
d
w c:users1AppDataLocalNWN2 Toolset
2009-03-31 19:01 . 2005-01-03 06:43 4682 —-a-w c:windowssystem32npptNT2.sys
2009-03-31 19:01 . 2003-07-19 15:17 5174 —-a-w c:windowssystem32nppt9x.vxd
2009-03-31 13:33 . 2009-03-31 13:33
d
w c:users1AppDataRoamingInstallShield.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 14:56 . 2008-01-21 05:44 653074 —-a-w c:windowsSystem32perfh019.dat
2009-04-23 14:56 . 2008-01-21 05:44 125594 —-a-w c:windowsSystem32perfc019.dat
2009-04-23 14:32 . 2009-04-23 14:32 1166 —-a-w C:avenger.txt
2009-04-23 10:19 . 2008-12-10 16:06 16608 —-a-w c:windowsgdrv.sys
2009-04-22 21:38 . 2008-12-10 14:09
d
w c:users1AppDataRoaminguTorrent
2009-04-22 11:20 . 2009-04-22 11:00
d
w c:program filestrend micro
2009-04-22 10:18 . 2009-01-10 22:20
d
w c:programdataMedia Center Programs
2009-04-22 10:18 . 2009-04-22 09:48
d
w c:program filesRegCure
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:program filesMalwarebytes’ Anti-Malware
2009-04-21 12:41 . 2008-01-29 13:29 33808 —-a-w c:windowssystem32driversklbg.sys
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstrng.dat
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstor.dat
2009-04-21 12:33 . 2006-11-02 10:25 51200 —-a-w c:windowsInfinfpub.dat
2009-04-21 12:32 . 2009-04-21 12:32
d
w c:program filesKaspersky Lab
2009-04-21 10:34 . 2008-12-10 22:09
d
w c:program filesDAEMON Tools Lite
2009-04-21 09:31 . 2008-12-10 16:09
d—h—w c:program filesInstallShield Installation Information
2009-04-21 09:31 . 2009-02-05 12:36 279712 —-a-w c:windowssystem32driversatksgt.sys
2009-04-21 09:31 . 2009-02-05 12:36 25888 —-a-w c:windowssystem32driverslirsgt.sys
2009-04-18 11:52 . 2009-01-19 13:38
d
w c:program filesCommon FilesSteam
2009-04-15 23:26 . 2006-11-02 11:18
d
w c:program filesWindows Mail
2009-04-11 19:30 . 2008-12-10 16:03 100736 —-a-w c:users1AppDataLocalGDIPFONTCACHEV1.DAT
2009-04-02 22:00 . 2009-04-02 22:00
d
w c:program filesJava
2009-04-01 11:04 . 2008-12-10 16:09
d
w c:program filesCommon FilesInstallShield
2009-03-26 00:49 . 2008-12-11 09:43
d
w c:program filesICQ6
2009-03-17 03:38 . 2009-04-15 22:01 40960 —-a-w c:windowsAppPatchapihex86.dll
2009-03-17 03:38 . 2009-04-15 22:01 13824 —-a-w c:windowsSystem32apilogen.dll
2009-03-17 03:38 . 2009-04-15 22:01 24064 —-a-w c:windowsSystem32amxread.dll
2009-03-12 20:23 . 2009-03-12 20:22
d
w c:program filesZyXEL
2009-03-09 05:22 . 2009-03-09 05:22
d
w c:programdataUbisoft
2009-03-03 04:46 . 2009-04-15 22:01 3599328 —-a-w c:windowsSystem32ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 22:01 3547632 —-a-w c:windowsSystem32ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 22:01 827392 —-a-w c:windowsSystem32wininet.dll
2009-03-03 04:39 . 2009-04-15 22:01 183296 —-a-w c:windowsSystem32sdohlp.dll
2009-03-03 04:39 . 2009-04-15 22:01 551424 —-a-w c:windowsSystem32rpcss.dll
2009-03-03 04:39 . 2009-04-15 22:01 26112 —-a-w c:windowsSystem32printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 22:01 78336 —-a-w c:windowsSystem32ieencode.dll
2009-03-03 04:37 . 2009-04-15 22:01 98304 —-a-w c:windowsSystem32iasrecst.dll
2009-03-03 04:37 . 2009-04-15 22:01 54784 —-a-w c:windowsSystem32iasads.dll
2009-03-03 04:37 . 2009-04-15 22:01 44032 —-a-w c:windowsSystem32iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 22:01 666624 —-a-w c:windowsSystem32printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 22:01 17408 —-a-w c:windowsSystem32iashost.exe
2009-03-03 02:28 . 2009-04-15 22:01 26624 —-a-w c:windowsSystem32ieUnatt.exe
2009-03-01 10:49 . 2009-03-01 10:48
d
w c:users1AppDataRoamingVentrilo
2009-03-01 10:47 . 2009-03-01 10:47
d
w c:program filesVentrilo
2009-03-01 10:47 . 2008-12-27 15:40
d
w c:program filesCommon FilesWise Installation Wizard
2009-02-24 09:50 . 2009-02-24 09:50
d
w c:programdataCodemasters
2009-02-24 09:48 . 2008-12-27 15:41
d
w c:program filesOpenAL
2009-02-13 08:49 . 2009-04-15 22:01 72704 —-a-w c:windowsSystem32secur32.dll
2009-02-13 08:49 . 2009-04-15 22:01 1255936 —-a-w c:windowsSystem32lsasrv.dll
2009-02-09 03:10 . 2009-03-11 14:11 2033152 —-a-w c:windowsSystem32win32k.sys
2008-12-10 16:20 . 2008-12-10 16:19 680 —-a-w c:usersАдминистраторAppDataLocald3d9caps.dat
2008-12-10 16:19 . 2008-12-10 16:19 48600 —-a-w c:usersАдминистраторAppDataLocalGDIPFONTCACHEV1.DAT
2008-12-10 16:13 . 2008-12-10 16:02 680 —-a-w c:users1AppDataLocald3d9caps.dat
2008-01-21 02:41 . 2006-11-02 12:49 174 —sha-w c:program filesdesktop.ini
.((((((((((((((((((((((((((((( SnapShot@2009-04-22_10.28.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:56 . 2009-04-23 15:24 38558 c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-04-23 15:24 98512 c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
+ 2008-12-10 16:01 . 2009-04-23 15:26 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
— 2008-12-10 16:01 . 2009-04-22 10:07 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
— 2008-12-10 16:01 . 2009-04-22 10:07 32768 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
+ 2008-12-10 16:01 . 2009-04-23 15:26 32768 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2008-12-10 16:01 . 2009-04-22 10:07 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-12-10 16:01 . 2009-04-23 15:26 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-12-03 12:33 . 2008-12-03 12:33 47960 c:windowsMicrosoft.NETFrameworkv3.5ruMSBuild.resources.exe
+ 2008-12-03 12:33 . 2008-12-03 12:33 31576 c:windowsMicrosoft.NETFrameworkv3.5ruEdmGen.Resources.dll
+ 2008-12-03 12:33 . 2008-12-03 12:33 17248 c:windowsMicrosoft.NETFrameworkv3.5ruDataSvcUtil.resources.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 97280 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusDeleteTemp.exe
+ 2008-12-03 12:30 . 2008-12-03 12:30 27912 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusbaseline.dat
+ 2009-04-23 15:16 . 2009-04-23 15:16 53248 c:windowsassemblyGAC_MSILSystem.Web.Extensions.Design.resources3.5.0.0_ru_31bf3856ad364e35System.Web.Extensions.Design.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 28672 c:windowsassemblyGAC_MSILSystem.Web.Entity.resources3.5.0.0_ru_b77a5c561934e089System.Web.Entity.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 13312 c:windowsassemblyGAC_MSILSystem.Web.Entity.Design.resources3.5.0.0_ru_b77a5c561934e089System.Web.Entity.Design.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 32768 c:windowsassemblyGAC_MSILSystem.Web.DynamicData.resources3.5.0.0_ru_31bf3856ad364e35System.Web.DynamicData.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 94208 c:windowsassemblyGAC_MSILSystem.ServiceModel.Web.resources3.5.0.0_ru_31bf3856ad364e35System.ServiceModel.Web.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 36864 c:windowsassemblyGAC_MSILSystem.Net.resources3.5.0.0_ru_b03f5f7f11d50a3aSystem.Net.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 13312 c:windowsassemblyGAC_MSILSystem.Management.Instrumentation.resources3.5.0.0_ru_b77a5c561934e089System.Management.Instrumentation.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 40960 c:windowsassemblyGAC_MSILSystem.DirectoryServices.AccountManagement.resources3.5.0.0_ru_b77a5c561934e089System.DirectoryServices.AccountManagement.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 81920 c:windowsassemblyGAC_MSILSystem.Data.Services.resources3.5.0.0_ru_b77a5c561934e089System.Data.Services.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 40960 c:windowsassemblyGAC_MSILSystem.Data.Services.Client.resources3.5.0.0_ru_b77a5c561934e089System.Data.Services.Client.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 65536 c:windowsassemblyGAC_MSILSystem.Data.Linq.resources3.5.0.0_ru_b77a5c561934e089System.Data.Linq.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 19456 c:windowsassemblyGAC_MSILSystem.Data.Entity.Design.resources3.5.0.0_ru_b77a5c561934e089System.Data.Entity.Design.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 73728 c:windowsassemblyGAC_MSILSystem.Core.resources3.5.0.0_ru_b77a5c561934e089System.Core.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 13312 c:windowsassemblyGAC_MSILMicrosoft.Build.Utilities.v3.5.resources3.5.0.0_ru_b03f5f7f11d50a3aMicrosoft.Build.Utilities.v3.5.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 81920 c:windowsassemblyGAC_MSILMicrosoft.Build.Engine.resources3.5.0.0_ru_b03f5f7f11d50a3aMicrosoft.Build.Engine.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 13824 c:windowsassemblyGAC_MSILMicrosoft.Build.Conversion.v3.5.resources3.5.0.0_ru_b03f5f7f11d50a3aMicrosoft.Build.Conversion.v3.5.resources.dll
+ 2008-12-10 16:04 . 2009-04-23 15:24 7596 c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-2572017069-2101235274-472651915-1000_UserData.bin
— 2009-04-22 09:37 . 2009-04-22 09:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
+ 2009-04-23 15:22 . 2009-04-23 15:22 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
— 2009-04-22 09:37 . 2009-04-22 09:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2009-04-23 15:22 . 2009-04-23 15:22 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2008-12-03 12:33 . 2008-12-03 12:33 6144 c:windowsMicrosoft.NETFrameworkv3.5ruMicrosoft.Data.Entity.Build.Tasks.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 9216 c:windowsassemblyGAC_MSILSystem.Xml.Linq.resources3.5.0.0_ru_b77a5c561934e089System.Xml.Linq.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 3584 c:windowsassemblyGAC_MSILSystem.Windows.Presentation.resources3.5.0.0_ru_b77a5c561934e089System.Windows.Presentation.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 8704 c:windowsassemblyGAC_MSILSystem.Web.Routing.resources3.5.0.0_ru_31bf3856ad364e35System.Web.Routing.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 4096 c:windowsassemblyGAC_MSILSystem.Web.DynamicData.Design.resources3.5.0.0_ru_31bf3856ad364e35System.Web.DynamicData.Design.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 3584 c:windowsassemblyGAC_MSILSystem.Web.Abstractions.resources3.5.0.0_ru_31bf3856ad364e35System.Web.Abstractions.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 8704 c:windowsassemblyGAC_MSILSystem.Data.Services.Design.resources3.5.0.0_ru_b77a5c561934e089System.Data.Services.Design.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 5632 c:windowsassemblyGAC_MSILSystem.Data.DataSetExtensions.resources3.5.0.0_ru_b77a5c561934e089System.Data.DataSetExtensions.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 9216 c:windowsassemblyGAC_MSILSystem.ComponentModel.DataAnnotations.resources3.5.0.0_ru_31bf3856ad364e35System.ComponentModel.DataAnnotations.Resources.dll
+ 2006-11-02 10:33 . 2009-04-23 14:56 586980 c:windowsSystem32perfh009.dat
— 2006-11-02 10:33 . 2009-04-22 09:44 586980 c:windowsSystem32perfh009.dat
+ 2006-11-02 10:33 . 2009-04-23 14:56 101052 c:windowsSystem32perfc009.dat
— 2006-11-02 10:33 . 2009-04-22 09:44 101052 c:windowsSystem32perfc009.dat
— 2006-11-02 12:42 . 2009-04-21 19:58 262144 c:windowsSystem32configsystemprofilentuser.dat
+ 2006-11-02 12:42 . 2009-04-22 14:31 262144 c:windowsSystem32configsystemprofilentuser.dat
— 2006-11-02 12:46 . 2009-04-22 10:18 262144 c:windowsServiceProfilesNetworkServiceNTUSER.DAT
+ 2006-11-02 12:46 . 2009-04-23 15:25 262144 c:windowsServiceProfilesNetworkServiceNTUSER.DAT
— 2006-11-02 12:46 . 2009-04-22 10:18 262144 c:windowsServiceProfilesLocalServiceNTUSER.DAT
+ 2006-11-02 12:46 . 2009-04-23 15:24 262144 c:windowsServiceProfilesLocalServiceNTUSER.DAT
+ 2008-12-03 12:33 . 2008-12-03 12:33 180224 c:windowsMicrosoft.NETFrameworkv3.5ruMicrosoft.Build.Tasks.v3.5.resources.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 984056 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusWapUI.dll
+ 2008-12-03 08:41 . 2008-12-03 08:41 104768 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusWapRes.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 689152 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusvsscenario.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 413184 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusvsbasereqs.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 632320 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusvs70uimgr.dll
+ 2008-12-03 08:41 . 2008-12-03 08:41 121672 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — russetupres.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 269304 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — russetup.exe
+ 2008-12-03 12:33 . 2008-12-03 12:33 181064 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusRebootStub.exe
+ 2008-12-03 08:39 . 2008-12-03 08:39 177152 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusHtmlLite.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 276984 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusdlmgr.dll
+ 2008-12-03 12:33 . 2008-12-03 12:33 250688 c:windowsMicrosoft.NETFrameworkv3.51049vbc7ui.dll
+ 2008-12-03 12:33 . 2008-12-03 12:33 185160 c:windowsMicrosoft.NETFrameworkv3.51049cscompui.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 114688 c:windowsassemblyGAC_MSILSystem.WorkflowServices.resources3.5.0.0_ru_31bf3856ad364e35System.WorkflowServices.resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 659456 c:windowsassemblyGAC_MSILSystem.Web.Extensions.resources3.5.0.0_ru_31bf3856ad364e35System.Web.Extensions.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 475136 c:windowsassemblyGAC_MSILSystem.Data.Entity.resources3.5.0.0_ru_b77a5c561934e089System.Data.Entity.Resources.dll
+ 2009-04-23 15:16 . 2009-04-23 15:16 180224 c:windowsassemblyGAC_MSILMicrosoft.Build.Tasks.v3.5.resources3.5.0.0_ru_b03f5f7f11d50a3aMicrosoft.Build.Tasks.v3.5.resources.dll
— 2006-11-02 10:22 . 2009-04-21 12:23 6553600 c:windowsSystem32SMIStoreMachineSCHEMA.DAT
+ 2006-11-02 10:22 . 2009-04-23 15:20 6553600 c:windowsSystem32SMIStoreMachineSCHEMA.DAT
+ 2008-12-03 08:39 . 2008-12-03 08:39 1054208 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusvs_setup.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 1364992 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusSITSetup.dll
+ 2008-12-03 08:39 . 2008-12-03 08:39 1064448 c:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — rusgencomp.dll
+ 2008-01-21 05:28 . 2009-04-23 15:20 93227918 c:windowswinsxsManifestCache6.0.6001.18000_001c50b5_blobs.bin
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«TBPanel»=»c:program filesVtuneTBPanel.exe» [2008-07-10 2154496]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-10 216520]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-08-03 202024][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-04-02 148888]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-11-12 13675040]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-11-12 92704][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskManager»= 0[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1KASPER~1KASPER~1mzvkbd.dll c:progra~1KASPER~1KASPER~1mzvkbd3.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-2572017069-2101235274-472651915-1000]
«EnableNotifications»=dword:00000001
«EnableNotificationsRef»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{F18AE134-DECF-4EC9-AEA8-1F6CA9FEFC4C}»= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{194B2175-B298-4805-AAED-F9055AC532BB}»= UDP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{6BA7C62B-6CB2-46A9-8939-5DF030D5CCC6}»= TCP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{B04D9EDE-A366-4349-88F1-40801561F0DD}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{BA1AC9D5-711D-4979-8CE4-CBF55D6AB8FD}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{B1FED140-0E41-41B5-8075-9B005FABE6A9}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{0188C203-F0D1-49D4-9999-FB2F6587AAA7}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent (UDP-In)
«TCP Query User{EDCBD3B4-A703-4684-89AE-FD5C599D2D06}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{94422C60-78BE-4F6D-BCF3-698DC8BBDCFB}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{B57A6B89-344B-496A-9880-507192D64B4A}c:\program files\opera\opera.exe»= UDP:c:program filesoperaopera.exe:Opera Internet Browser
«UDP Query User{B36735C5-28C1-40F1-BE8C-4970FDF5E251}c:\program files\opera\opera.exe»= TCP:c:program filesoperaopera.exe:Opera Internet Browser
«{40E511F0-3BBC-41E0-8B20-C1E1A2B7C62E}»= UDP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{4491286B-1672-4F9B-9BAC-918AA80792FC}»= TCP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{95D3A8F6-2F02-4E27-8058-BD7E072B20C6}»= UDP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«{CAB61701-7A37-46BB-9889-31102672358D}»= TCP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«TCP Query User{6580B0FA-20A6-40C7-B7B3-7B6D23E1EF71}d:\test drive unlimited gold\testdriveunlimited.exe»= UDP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«UDP Query User{9735496D-25DF-418D-9FF3-43F8A1A8C4A4}d:\test drive unlimited gold\testdriveunlimited.exe»= TCP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«{E3CD3FE0-601C-4423-94C7-225367E2C9B7}»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{C96DB9CF-6B66-442F-B87E-EB966075816A}»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{9DE117F8-736F-4458-86CC-8F553E89F103}»= UDP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«{9E0F2399-01E4-41D2-B486-C5D39668FCE4}»= TCP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«TCP Query User{F09EE4D7-79AA-4AF2-847A-69A85756FBC3}d:\rockstar games\grand theft auto iv\gtaiv.exe»= UDP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«UDP Query User{9E71809C-8335-4C83-8F52-594A90BA6E09}d:\rockstar games\grand theft auto iv\gtaiv.exe»= TCP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«{556C0AC1-BE88-4B3A-97E3-6B873FAE45D3}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{DA1D1CF5-C5F7-4579-8BF5-148ED404B5E6}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{C2732B47-B4BA-4720-9408-C43B189E52D6}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«{A1756CE7-BD89-4B46-985C-A400D57B76ED}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«TCP Query User{EEB1C243-FFC3-44C8-AB2C-A833EDD8AA6E}d:\saints row 2\sr2_pc.exe»= UDP:d:saints row 2sr2_pc.exe:SR2_pc
«UDP Query User{50512360-1B26-4E95-BF45-AAEFAB52F792}d:\saints row 2\sr2_pc.exe»= TCP:d:saints row 2sr2_pc.exe:SR2_pc
«TCP Query User{F7A30913-7C2D-4358-BDE1-7CD2CEFF74C0}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{B29B5AB2-B7A8-42D5-8460-360B891977F9}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{02B4EF3B-14C9-4055-90C1-C8EEF7A2FB6B}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{581726E8-3836-4737-A04C-7D2B5D02EBC8}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«{AE28890D-2E4F-41B2-99B3-93B27CE542E4}»= c:program filesSkypePhoneSkype.exe:Skype
«{2E310961-46AF-4F80-80AD-CF6E01D98FE3}»= c:program filesSkypePhoneSkype.exe:Skype
«{D75B798D-C550-4521-AEF0-DE0F248B4414}»= UDP:d:race driver gridGRID.exe:Race Driver GRID
«{BA99A147-EFD9-4364-B9DD-1112A5575C89}»= TCP:d:race driver gridGRID.exe:Race Driver GRID
«{ED2C5986-BB08-4E3C-A557-47E22BFC6BF2}»= UDP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{1D0E2C57-59D9-4CFA-AB8A-14F067B77B39}»= TCP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{9E0CE50D-514E-4BFE-8748-806B0169D5DD}»= UDP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{779656E9-1E8D-448E-9C42-043F880C6967}»= TCP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{2F9C443E-AD44-4FA3-8931-8D4EA51CAAA2}»= UDP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«{46012404-8D28-479E-A1B7-0C49541DE4FD}»= TCP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«TCP Query User{67B32845-5A69-4DA7-84DF-E78BBF9AFDEA}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{826D75DD-A7DC-4841-96B7-7748D6A3E868}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«TCP Query User{EC7762A7-B472-42E3-B378-FC79A07DC3A8}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{EFB68BEB-1270-4CCC-BAC1-A27E1C185CEA}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{775193A3-0F63-47BE-8E97-FF51C2D8967C}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{FCB4AA59-9BF5-4076-9F17-9F13D10AF8C1}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{98B2E2E5-BCEB-40D8-A738-3EBFABC67DD6}c:\program files\utorrent\utorrent.exe»= UDP:c:program filesutorrentutorrent.exe:µTorrent
«UDP Query User{ED421106-C2E5-4140-8BB5-9C9DE0D5D198}c:\program files\utorrent\utorrent.exe»= TCP:c:program filesutorrentutorrent.exe:µTorrent
«TCP Query User{A2919733-37F3-4C8E-9AE9-3313817C830B}d:\sacred 2 — fallen angel\system\s2gs.exe»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«UDP Query User{80F8922F-722D-4D02-9C49-6F538AEEAF36}d:\sacred 2 — fallen angel\system\s2gs.exe»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«{106035FC-F403-405D-A84F-528F63949F26}»= UDP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{F511E9A3-9AEC-42A4-9108-0DC8DA46877C}»= TCP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{1327CA88-A3D1-4BFC-A511-59C10D0517A9}»= UDP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{561C56F3-181F-4177-BD45-EDDF96AD296C}»= TCP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{244CDBC2-E7C7-4A86-8367-2D923939DA72}»= UDP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«{C20BAF31-6792-41B9-B157-07F94E333D82}»= TCP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«TCP Query User{FB280609-177D-4299-9342-EA87CB32BEEC}d:\silverfall\silverfall.exe»= UDP:d:silverfallsilverfall.exe:Silverfall
«UDP Query User{17AAD917-F268-434B-B844-EB463A81BAB9}d:\silverfall\silverfall.exe»= TCP:d:silverfallsilverfall.exe:Silverfall
«TCP Query User{F75582DA-10E9-4665-93A0-9D5FAA1C65C5}d:\neverwinter nights 2\nwn2main.exe»= UDP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2
«UDP Query User{E4E3EE13-9464-4C18-96B2-32AED1F81919}d:\neverwinter nights 2\nwn2main.exe»= TCP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:windowssystem32DRIVERSCnxEtP.sys [2003-07-31 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32DRIVERSCnxEtU.sys [2003-07-31 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:windowssystem32DRIVERSCnxTgN.sys [2003-08-01 108547]
R3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des [2009-03-19 2726941]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-04-21 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
S3 FStarForce;FStarForce;c:windowssystem32DRIVERSFStarForce.sys [2008-09-28 7680]
S3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32DRIVERSusb8023.sys [2008-01-21 15872].
Contents of the ‘Scheduled Tasks’ folder2009-04-23 c:windowsTasksRegCure Program Check.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]2009-04-22 c:windowsTasksRegCure.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]
.
.
Supplementary Scan
.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 19:27
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
c:windowssystem32driversovfsthxqocvkebe.sys 84992 bytes executable
c:windowssystem32ovfsthxcwtcbtcj.dat 491245 bytes
c:windowssystem32ovfsthxofnscogv.dll 19456 bytes executable
c:windowssystem32ovfsthxpgujrsbp.dll 61952 bytes executable
c:windowssystem32ovfsthxpiksfbax.dll 19456 bytes executable
c:windowssystem32ovfsthxviqnfiwe.dat 43 bytes
c:users1AppDataLocalTempcatchme.dll 53248 bytes executablescan completed successfully
hidden files: 7**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Servicesovfsthxnhbdexxr]
«imagepath»=»systemrootsystem32driversovfsthxqocvkebe.sys»[HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc]
«ImagePath»=»c:windowssystem32GameMon.des -service»
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINESystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘Explorer.exe'(2996)
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
.
Completion time: 2009-04-23 19:28
ComboFix-quarantined-files.txt 2009-04-23 15:28
ComboFix2.txt 2009-04-23 09:54
ComboFix3.txt 2009-04-22 14:35
ComboFix4.txt 2009-04-22 10:44
ComboFix5.txt 2009-04-23 15:24Pre-Run: 23 446 769 664 байт свободно
Post-Run: 23 312 302 080 байт свободноCurrent=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5
347 — E O F — 2009-04-23 15:17Combofix показывает, что компьютер заражён скрытым трояном.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Driver::
ovfsthxnhbdexxr
File::
c:windowssystem32driversovfsthxqocvkebe.sys
c:windowssystem32ovfsthxcwtcbtcj.dat
c:windowssystem32ovfsthxofnscogv.dll
c:windowssystem32ovfsthxpgujrsbp.dll
c:windowssystem32ovfsthxpiksfbax.dll
c:windowssystem32ovfsthxviqnfiwe.datЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.ComboFix 09-04-23.A3 — 1 23.04.2009 19:53.8 — NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1251.7.1049.18.2046.1254 [GMT 4:00]
Running from: c:users1DesktopComboFix.exe
Command switches used :: c:users1DesktopCFScript.txt
AV: Антивирус Касперского *On-access scanning disabled* (Outdated)
* Created a new restore pointFILE ::
c:windowssystem32driversovfsthxqocvkebe.sys
c:windowssystem32ovfsthxcwtcbtcj.dat
c:windowssystem32ovfsthxofnscogv.dll
c:windowssystem32ovfsthxpgujrsbp.dll
c:windowssystem32ovfsthxpiksfbax.dll
c:windowssystem32ovfsthxviqnfiwe.dat
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32driversovfsthxqocvkebe.sys
c:windowssystem32ovfsthxcwtcbtcj.dat
c:windowssystem32ovfsthxpgujrsbp.dll
c:windowssystem32ovfsthxviqnfiwe.dat.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.2009-04-23 15:37 . 2009-04-23 15:52 23552 —-a-w c:windowssystem32ruts.exe
2009-04-23 15:13 . 2009-04-23 15:13
d
w c:users1AppDataLocalMigWiz
2009-04-23 14:45 . 2009-04-23 14:45
d
w C:_OTMoveIt
2009-04-22 11:00 . 2009-04-22 11:01
d
w C:rsit
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:users1AppDataRoamingMalwarebytes
2009-04-22 08:58 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-04-22 08:58 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:usersAll UsersMalwarebytes
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:programdataMalwarebytes
2009-04-21 12:33 . 2009-04-21 12:41 89601 —-a-w c:windowssystem32driversklick.dat
2009-04-21 12:33 . 2009-04-21 12:41 101287 —-a-w c:windowssystem32driversklin.dat
2009-04-21 12:32 . 2009-04-23 15:56 3455008 —sha-w c:windowssystem32driversfidbox.dat
2009-04-21 12:32 . 2009-04-23 15:56 344096 —sha-w c:windowssystem32driversfidbox2.dat
2009-04-21 12:32 . 2009-04-23 15:56 3304 —sha-w c:windowssystem32driversfidbox2.idx
2009-04-21 12:32 . 2009-04-23 15:56 29120 —sha-w c:windowssystem32driversfidbox.idx
2009-04-21 12:32 . 2009-04-23 14:32
d
w c:usersAll UsersKaspersky Lab
2009-04-21 12:32 . 2009-04-23 14:32
d
w c:programdataKaspersky Lab
2009-04-21 12:12 . 2008-06-20 01:14 105016 —-a-w c:windowssystem32PresentationCFFRasterizerNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 97800 —-a-w c:windowssystem32infocardapi.dll
2009-04-21 12:12 . 2008-06-20 01:14 43544 —-a-w c:windowssystem32PresentationHostProxy.dll
2009-04-21 12:12 . 2008-06-20 01:14 37384 —-a-w c:windowssystem32infocardcpl.cpl
2009-04-21 12:12 . 2008-06-20 01:14 11264 —-a-w c:windowssystem32icardres.dll
2009-04-21 12:12 . 2008-06-20 01:14 622080 —-a-w c:windowssystem32icardagt.exe
2009-04-21 12:12 . 2008-06-20 01:14 781344 —-a-w c:windowssystem32PresentationNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 326160 —-a-w c:windowssystem32PresentationHost.exe
2009-04-21 12:09 . 2008-07-27 18:03 96760 —-a-w c:windowssystem32dfshim.dll
2009-04-21 12:09 . 2008-07-27 18:03 41984 —-a-w c:windowssystem32netfxperf.dll
2009-04-21 12:09 . 2008-07-27 18:03 282112 —-a-w c:windowssystem32mscoree.dll
2009-04-21 12:09 . 2008-07-27 18:03 158720 —-a-w c:windowssystem32mscorier.dll
2009-04-21 12:09 . 2008-07-27 18:03 83968 —-a-w c:windowssystem32mscories.dll
2009-04-21 11:40 . 2009-04-21 11:40 604140 —sha-w c:windowssystem32driversISwift3.dat
2009-04-21 11:36 . 2009-04-21 12:29
d
w c:usersAll UsersKaspersky Lab Setup Files
2009-04-21 11:36 . 2009-04-21 12:29
d
w c:programdataKaspersky Lab Setup Files
2009-04-21 09:48 . 2009-04-21 09:49
d
w c:usersAll UsersTages
2009-04-21 09:48 . 2009-04-21 09:49
d
w c:programdataTages
2009-04-20 11:06 . 2009-04-20 11:06
d
w c:users1AppDataRoamingDigital Support Free Tools
2009-04-13 16:55 . 2009-04-23 15:57 0
w c:windowssystem32Ikeext.etl
2009-04-11 09:05 . 2009-03-19 16:16 2726941 —-a-w c:windowssystem32GameMon.des
2009-04-03 13:08 . 2009-04-03 13:08
d—h—w c:windowsPIF
2009-04-02 22:00 . 2009-04-02 22:00 410984 —-a-w c:windowssystem32deploytk.dll
2009-04-02 21:49 . 2009-04-02 21:49
d
w c:users1AppDataLocalNWN2 Toolset
2009-03-31 19:01 . 2005-01-03 06:43 4682 —-a-w c:windowssystem32npptNT2.sys
2009-03-31 19:01 . 2003-07-19 15:17 5174 —-a-w c:windowssystem32nppt9x.vxd
2009-03-31 13:33 . 2009-03-31 13:33
d
w c:users1AppDataRoamingInstallShield.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 15:29 . 2008-01-21 05:44 653074 —-a-w c:windowsSystem32perfh019.dat
2009-04-23 15:29 . 2008-01-21 05:44 125594 —-a-w c:windowsSystem32perfc019.dat
2009-04-23 14:32 . 2009-04-23 14:32 1166 —-a-w C:avenger.txt
2009-04-23 10:19 . 2008-12-10 16:06 16608 —-a-w c:windowsgdrv.sys
2009-04-22 21:38 . 2008-12-10 14:09
d
w c:users1AppDataRoaminguTorrent
2009-04-22 11:20 . 2009-04-22 11:00
d
w c:program filestrend micro
2009-04-22 10:18 . 2009-01-10 22:20
d
w c:programdataMedia Center Programs
2009-04-22 10:18 . 2009-04-22 09:48
d
w c:program filesRegCure
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:program filesMalwarebytes’ Anti-Malware
2009-04-21 12:41 . 2008-01-29 13:29 33808 —-a-w c:windowssystem32driversklbg.sys
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstrng.dat
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstor.dat
2009-04-21 12:33 . 2006-11-02 10:25 51200 —-a-w c:windowsInfinfpub.dat
2009-04-21 12:32 . 2009-04-21 12:32
d
w c:program filesKaspersky Lab
2009-04-21 10:34 . 2008-12-10 22:09
d
w c:program filesDAEMON Tools Lite
2009-04-21 09:31 . 2008-12-10 16:09
d—h—w c:program filesInstallShield Installation Information
2009-04-21 09:31 . 2009-02-05 12:36 279712 —-a-w c:windowssystem32driversatksgt.sys
2009-04-21 09:31 . 2009-02-05 12:36 25888 —-a-w c:windowssystem32driverslirsgt.sys
2009-04-18 11:52 . 2009-01-19 13:38
d
w c:program filesCommon FilesSteam
2009-04-15 23:26 . 2006-11-02 11:18
d
w c:program filesWindows Mail
2009-04-11 19:30 . 2008-12-10 16:03 100736 —-a-w c:users1AppDataLocalGDIPFONTCACHEV1.DAT
2009-04-02 22:00 . 2009-04-02 22:00
d
w c:program filesJava
2009-04-01 11:04 . 2008-12-10 16:09
d
w c:program filesCommon FilesInstallShield
2009-03-26 00:49 . 2008-12-11 09:43
d
w c:program filesICQ6
2009-03-17 03:38 . 2009-04-15 22:01 40960 —-a-w c:windowsAppPatchapihex86.dll
2009-03-17 03:38 . 2009-04-15 22:01 13824 —-a-w c:windowsSystem32apilogen.dll
2009-03-17 03:38 . 2009-04-15 22:01 24064 —-a-w c:windowsSystem32amxread.dll
2009-03-12 20:23 . 2009-03-12 20:22
d
w c:program filesZyXEL
2009-03-09 05:22 . 2009-03-09 05:22
d
w c:programdataUbisoft
2009-03-03 04:46 . 2009-04-15 22:01 3599328 —-a-w c:windowsSystem32ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 22:01 3547632 —-a-w c:windowsSystem32ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 22:01 827392 —-a-w c:windowsSystem32wininet.dll
2009-03-03 04:39 . 2009-04-15 22:01 183296 —-a-w c:windowsSystem32sdohlp.dll
2009-03-03 04:39 . 2009-04-15 22:01 551424 —-a-w c:windowsSystem32rpcss.dll
2009-03-03 04:39 . 2009-04-15 22:01 26112 —-a-w c:windowsSystem32printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 22:01 78336 —-a-w c:windowsSystem32ieencode.dll
2009-03-03 04:37 . 2009-04-15 22:01 98304 —-a-w c:windowsSystem32iasrecst.dll
2009-03-03 04:37 . 2009-04-15 22:01 54784 —-a-w c:windowsSystem32iasads.dll
2009-03-03 04:37 . 2009-04-15 22:01 44032 —-a-w c:windowsSystem32iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 22:01 666624 —-a-w c:windowsSystem32printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 22:01 17408 —-a-w c:windowsSystem32iashost.exe
2009-03-03 02:28 . 2009-04-15 22:01 26624 —-a-w c:windowsSystem32ieUnatt.exe
2009-03-01 10:49 . 2009-03-01 10:48
d
w c:users1AppDataRoamingVentrilo
2009-03-01 10:47 . 2009-03-01 10:47
d
w c:program filesVentrilo
2009-03-01 10:47 . 2008-12-27 15:40
d
w c:program filesCommon FilesWise Installation Wizard
2009-02-24 09:50 . 2009-02-24 09:50
d
w c:programdataCodemasters
2009-02-24 09:48 . 2008-12-27 15:41
d
w c:program filesOpenAL
2009-02-13 08:49 . 2009-04-15 22:01 72704 —-a-w c:windowsSystem32secur32.dll
2009-02-13 08:49 . 2009-04-15 22:01 1255936 —-a-w c:windowsSystem32lsasrv.dll
2009-02-09 03:10 . 2009-03-11 14:11 2033152 —-a-w c:windowsSystem32win32k.sys
2008-12-10 16:20 . 2008-12-10 16:19 680 —-a-w c:usersАдминистраторAppDataLocald3d9caps.dat
2008-12-10 16:19 . 2008-12-10 16:19 48600 —-a-w c:usersАдминистраторAppDataLocalGDIPFONTCACHEV1.DAT
2008-12-10 16:13 . 2008-12-10 16:02 680 —-a-w c:users1AppDataLocald3d9caps.dat
2008-01-21 02:41 . 2006-11-02 12:49 174 —sha-w c:program filesdesktop.ini
.((((((((((((((((((((((((((((( SnapShot_2009-04-23_15.27.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:windowswinsxsx86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440msdtcvtr.bat
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:windowsSystem32MsdtcTracemsdtcvtr.bat
— 2006-11-02 10:33 . 2009-04-23 14:56 586980 c:windowsSystem32perfh009.dat
+ 2006-11-02 10:33 . 2009-04-23 15:29 586980 c:windowsSystem32perfh009.dat
+ 2006-11-02 10:33 . 2009-04-23 15:29 101052 c:windowsSystem32perfc009.dat
— 2006-11-02 10:33 . 2009-04-23 14:56 101052 c:windowsSystem32perfc009.dat
— 2006-11-02 12:42 . 2009-04-22 14:31 262144 c:windowsSystem32configsystemprofilentuser.dat
+ 2006-11-02 12:42 . 2009-04-23 15:53 262144 c:windowsSystem32configsystemprofilentuser.dat
— 2006-11-02 12:46 . 2009-04-23 15:25 262144 c:windowsServiceProfilesNetworkServiceNTUSER.DAT
+ 2006-11-02 12:46 . 2009-04-23 15:57 262144 c:windowsServiceProfilesNetworkServiceNTUSER.DAT
+ 2006-11-02 12:46 . 2009-04-23 15:57 262144 c:windowsServiceProfilesLocalServiceNTUSER.DAT
— 2006-11-02 12:46 . 2009-04-23 15:24 262144 c:windowsServiceProfilesLocalServiceNTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«TBPanel»=»c:program filesVtuneTBPanel.exe» [2008-07-10 2154496]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-10 216520]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-08-03 202024][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-04-02 148888]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-11-12 13675040]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-11-12 92704][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskManager»= 0[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1KASPER~1KASPER~1mzvkbd.dll c:progra~1KASPER~1KASPER~1mzvkbd3.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-2572017069-2101235274-472651915-1000]
«EnableNotifications»=dword:00000001
«EnableNotificationsRef»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{F18AE134-DECF-4EC9-AEA8-1F6CA9FEFC4C}»= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{194B2175-B298-4805-AAED-F9055AC532BB}»= UDP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{6BA7C62B-6CB2-46A9-8939-5DF030D5CCC6}»= TCP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{B04D9EDE-A366-4349-88F1-40801561F0DD}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{BA1AC9D5-711D-4979-8CE4-CBF55D6AB8FD}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{B1FED140-0E41-41B5-8075-9B005FABE6A9}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{0188C203-F0D1-49D4-9999-FB2F6587AAA7}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent (UDP-In)
«TCP Query User{EDCBD3B4-A703-4684-89AE-FD5C599D2D06}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{94422C60-78BE-4F6D-BCF3-698DC8BBDCFB}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{B57A6B89-344B-496A-9880-507192D64B4A}c:\program files\opera\opera.exe»= UDP:c:program filesoperaopera.exe:Opera Internet Browser
«UDP Query User{B36735C5-28C1-40F1-BE8C-4970FDF5E251}c:\program files\opera\opera.exe»= TCP:c:program filesoperaopera.exe:Opera Internet Browser
«{40E511F0-3BBC-41E0-8B20-C1E1A2B7C62E}»= UDP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{4491286B-1672-4F9B-9BAC-918AA80792FC}»= TCP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{95D3A8F6-2F02-4E27-8058-BD7E072B20C6}»= UDP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«{CAB61701-7A37-46BB-9889-31102672358D}»= TCP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«TCP Query User{6580B0FA-20A6-40C7-B7B3-7B6D23E1EF71}d:\test drive unlimited gold\testdriveunlimited.exe»= UDP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«UDP Query User{9735496D-25DF-418D-9FF3-43F8A1A8C4A4}d:\test drive unlimited gold\testdriveunlimited.exe»= TCP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«{E3CD3FE0-601C-4423-94C7-225367E2C9B7}»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{C96DB9CF-6B66-442F-B87E-EB966075816A}»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{9DE117F8-736F-4458-86CC-8F553E89F103}»= UDP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«{9E0F2399-01E4-41D2-B486-C5D39668FCE4}»= TCP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«TCP Query User{F09EE4D7-79AA-4AF2-847A-69A85756FBC3}d:\rockstar games\grand theft auto iv\gtaiv.exe»= UDP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«UDP Query User{9E71809C-8335-4C83-8F52-594A90BA6E09}d:\rockstar games\grand theft auto iv\gtaiv.exe»= TCP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«{556C0AC1-BE88-4B3A-97E3-6B873FAE45D3}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{DA1D1CF5-C5F7-4579-8BF5-148ED404B5E6}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{C2732B47-B4BA-4720-9408-C43B189E52D6}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«{A1756CE7-BD89-4B46-985C-A400D57B76ED}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«TCP Query User{EEB1C243-FFC3-44C8-AB2C-A833EDD8AA6E}d:\saints row 2\sr2_pc.exe»= UDP:d:saints row 2sr2_pc.exe:SR2_pc
«UDP Query User{50512360-1B26-4E95-BF45-AAEFAB52F792}d:\saints row 2\sr2_pc.exe»= TCP:d:saints row 2sr2_pc.exe:SR2_pc
«TCP Query User{F7A30913-7C2D-4358-BDE1-7CD2CEFF74C0}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{B29B5AB2-B7A8-42D5-8460-360B891977F9}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{02B4EF3B-14C9-4055-90C1-C8EEF7A2FB6B}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{581726E8-3836-4737-A04C-7D2B5D02EBC8}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«{AE28890D-2E4F-41B2-99B3-93B27CE542E4}»= c:program filesSkypePhoneSkype.exe:Skype
«{2E310961-46AF-4F80-80AD-CF6E01D98FE3}»= c:program filesSkypePhoneSkype.exe:Skype
«{D75B798D-C550-4521-AEF0-DE0F248B4414}»= UDP:d:race driver gridGRID.exe:Race Driver GRID
«{BA99A147-EFD9-4364-B9DD-1112A5575C89}»= TCP:d:race driver gridGRID.exe:Race Driver GRID
«{ED2C5986-BB08-4E3C-A557-47E22BFC6BF2}»= UDP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{1D0E2C57-59D9-4CFA-AB8A-14F067B77B39}»= TCP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{9E0CE50D-514E-4BFE-8748-806B0169D5DD}»= UDP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{779656E9-1E8D-448E-9C42-043F880C6967}»= TCP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{2F9C443E-AD44-4FA3-8931-8D4EA51CAAA2}»= UDP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«{46012404-8D28-479E-A1B7-0C49541DE4FD}»= TCP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«TCP Query User{67B32845-5A69-4DA7-84DF-E78BBF9AFDEA}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{826D75DD-A7DC-4841-96B7-7748D6A3E868}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«TCP Query User{EC7762A7-B472-42E3-B378-FC79A07DC3A8}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{EFB68BEB-1270-4CCC-BAC1-A27E1C185CEA}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{775193A3-0F63-47BE-8E97-FF51C2D8967C}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{FCB4AA59-9BF5-4076-9F17-9F13D10AF8C1}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{98B2E2E5-BCEB-40D8-A738-3EBFABC67DD6}c:\program files\utorrent\utorrent.exe»= UDP:c:program filesutorrentutorrent.exe:µTorrent
«UDP Query User{ED421106-C2E5-4140-8BB5-9C9DE0D5D198}c:\program files\utorrent\utorrent.exe»= TCP:c:program filesutorrentutorrent.exe:µTorrent
«TCP Query User{A2919733-37F3-4C8E-9AE9-3313817C830B}d:\sacred 2 — fallen angel\system\s2gs.exe»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«UDP Query User{80F8922F-722D-4D02-9C49-6F538AEEAF36}d:\sacred 2 — fallen angel\system\s2gs.exe»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«{106035FC-F403-405D-A84F-528F63949F26}»= UDP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{F511E9A3-9AEC-42A4-9108-0DC8DA46877C}»= TCP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{1327CA88-A3D1-4BFC-A511-59C10D0517A9}»= UDP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{561C56F3-181F-4177-BD45-EDDF96AD296C}»= TCP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{244CDBC2-E7C7-4A86-8367-2D923939DA72}»= UDP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«{C20BAF31-6792-41B9-B157-07F94E333D82}»= TCP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«TCP Query User{FB280609-177D-4299-9342-EA87CB32BEEC}d:\silverfall\silverfall.exe»= UDP:d:silverfallsilverfall.exe:Silverfall
«UDP Query User{17AAD917-F268-434B-B844-EB463A81BAB9}d:\silverfall\silverfall.exe»= TCP:d:silverfallsilverfall.exe:Silverfall
«TCP Query User{F75582DA-10E9-4665-93A0-9D5FAA1C65C5}d:\neverwinter nights 2\nwn2main.exe»= UDP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2
«UDP Query User{E4E3EE13-9464-4C18-96B2-32AED1F81919}d:\neverwinter nights 2\nwn2main.exe»= TCP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:windowssystem32DRIVERSCnxEtP.sys [2003-07-31 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32DRIVERSCnxEtU.sys [2003-07-31 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:windowssystem32DRIVERSCnxTgN.sys [2003-08-01 108547]
R3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des [2009-03-19 2726941]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-04-21 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
S3 FStarForce;FStarForce;c:windowssystem32DRIVERSFStarForce.sys [2008-09-28 7680]
S3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32DRIVERSusb8023.sys [2008-01-21 15872]— Other Services/Drivers In Memory —
*Deregistered* — sptd
.
Contents of the ‘Scheduled Tasks’ folder2009-04-23 c:windowsTasksRegCure Program Check.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]2009-04-22 c:windowsTasksRegCure.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]
.
.
Supplementary Scan
.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
TCP: {5D70B13B-2A9C-49A3-9786-879696C7D2F8} = 195.34.32.116 212.188.4.10
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 19:57
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
c:windowssystem32driversovfsthxqocvkebe.sys 84992 bytes executable
c:windowssystem32ovfsthxofnscogv.dll 19456 bytes executable
c:windowssystem32ovfsthxpiksfbax.dll 19456 bytes executablescan completed successfully
hidden files: 3**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Servicesovfsthxnhbdexxr]
«imagepath»=»systemrootsystem32driversovfsthxqocvkebe.sys»[HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc]
«ImagePath»=»c:windowssystem32GameMon.des -service»
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINESystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘Explorer.exe'(2864)
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
.
Other Running Processes
.
c:windowsSystem32nvvsvc.exe
c:windowsSystem32audiodg.exe
c:windowsSystem32rundll32.exe
c:program filesNeroNero8Nero BackItUpNBService.exe
c:windowsSystem32PnkBstrA.exe
c:windowsSystem32iashost.exe
c:windowsSystem32conime.exe
c:windowsSystem32rundll32.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe
c:windowsservicingTrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-04-23 20:00 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-23 16:00
ComboFix2.txt 2009-04-23 15:28
ComboFix3.txt 2009-04-23 09:54
ComboFix4.txt 2009-04-22 14:35
ComboFix5.txt 2009-04-23 15:53Pre-Run: 24 811 577 344 байт свободно
Post-Run: 24 557 723 648 байт свободноCurrent=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
313 — E O F — 2009-04-23 15:17Скачайте программу Avenger кликнув по этой ссылке и распакуйте её на Рабочий стол.
Запустите Avenger, при это убедитесь что стоит галочка в пункте «Scan for rootkits» и нет галочки в пункте «Automatically disable any rootkits found». Уберите или поставьте галочки в случае необходимости. Скопируйте ниже приведённый текст в Input script Box:Drivers to delete:
ovfsthxnhbdexxr
Registry keys to delete:
HKEY_LOCAL_MACHINESystemControlSet001Servicesovfsthxnhbdexxr
Files to delete:
c:windowssystem32driversovfsthxqocvkebe.sys
c:windowssystem32ovfsthxofnscogv.dll
c:windowssystem32ovfsthxpiksfbax.dllКликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.По-окончании работы будет показан лог, пожалуйста вставьте его в ваш ответ. И приложите свежий Combofix лог.
Avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver «ovfsthxnhbdexxr» found!
ImagePath: systemrootsystem32driversovfsthxqocvkebe.sys
Start Type: 4 (Disabled)Rootkit scan completed.
Driver «ovfsthxnhbdexxr» deleted successfully.
Error: registry key «HKEY_LOCAL_MACHINESystemControlSet001Servicesovfsthxnhbdexxr» not found!
Deletion of registry key «HKEY_LOCAL_MACHINESystemControlSet001Servicesovfsthxnhbdexxr» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existFile «c:windowssystem32driversovfsthxqocvkebe.sys» deleted successfully.
File «c:windowssystem32ovfsthxofnscogv.dll» deleted successfully.
File «c:windowssystem32ovfsthxpiksfbax.dll» deleted successfully.Completed script processing.
*******************
Finished! Terminate.
ComboFix:
ComboFix 09-04-23.A3 — 1 23.04.2009 20:21.9 — NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1251.7.1049.18.2046.1307 [GMT 4:00]
Running from: c:users1DesktopComboFix.exe
AV: Антивирус Касперского *On-access scanning disabled* (Outdated)
.((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.2009-04-23 15:37 . 2009-04-23 15:52 23552 —-a-w c:windowssystem32ruts.exe
2009-04-23 15:13 . 2009-04-23 15:13
d
w c:users1AppDataLocalMigWiz
2009-04-23 14:45 . 2009-04-23 14:45
d
w C:_OTMoveIt
2009-04-22 11:00 . 2009-04-22 11:01
d
w C:rsit
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:users1AppDataRoamingMalwarebytes
2009-04-22 08:58 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-04-22 08:58 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:usersAll UsersMalwarebytes
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:programdataMalwarebytes
2009-04-21 12:33 . 2009-04-21 12:41 89601 —-a-w c:windowssystem32driversklick.dat
2009-04-21 12:33 . 2009-04-21 12:41 101287 —-a-w c:windowssystem32driversklin.dat
2009-04-21 12:32 . 2009-04-23 16:17 3455008 —sha-w c:windowssystem32driversfidbox.dat
2009-04-21 12:32 . 2009-04-23 16:17 344096 —sha-w c:windowssystem32driversfidbox2.dat
2009-04-21 12:32 . 2009-04-23 16:17 3304 —sha-w c:windowssystem32driversfidbox2.idx
2009-04-21 12:32 . 2009-04-23 16:17 29120 —sha-w c:windowssystem32driversfidbox.idx
2009-04-21 12:32 . 2009-04-23 14:32
d
w c:usersAll UsersKaspersky Lab
2009-04-21 12:32 . 2009-04-23 14:32
d
w c:programdataKaspersky Lab
2009-04-21 12:12 . 2008-06-20 01:14 105016 —-a-w c:windowssystem32PresentationCFFRasterizerNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 97800 —-a-w c:windowssystem32infocardapi.dll
2009-04-21 12:12 . 2008-06-20 01:14 43544 —-a-w c:windowssystem32PresentationHostProxy.dll
2009-04-21 12:12 . 2008-06-20 01:14 37384 —-a-w c:windowssystem32infocardcpl.cpl
2009-04-21 12:12 . 2008-06-20 01:14 11264 —-a-w c:windowssystem32icardres.dll
2009-04-21 12:12 . 2008-06-20 01:14 622080 —-a-w c:windowssystem32icardagt.exe
2009-04-21 12:12 . 2008-06-20 01:14 781344 —-a-w c:windowssystem32PresentationNative_v0300.dll
2009-04-21 12:12 . 2008-06-20 01:14 326160 —-a-w c:windowssystem32PresentationHost.exe
2009-04-21 12:09 . 2008-07-27 18:03 96760 —-a-w c:windowssystem32dfshim.dll
2009-04-21 12:09 . 2008-07-27 18:03 41984 —-a-w c:windowssystem32netfxperf.dll
2009-04-21 12:09 . 2008-07-27 18:03 282112 —-a-w c:windowssystem32mscoree.dll
2009-04-21 12:09 . 2008-07-27 18:03 158720 —-a-w c:windowssystem32mscorier.dll
2009-04-21 12:09 . 2008-07-27 18:03 83968 —-a-w c:windowssystem32mscories.dll
2009-04-21 11:40 . 2009-04-21 11:40 604140 —sha-w c:windowssystem32driversISwift3.dat
2009-04-21 11:36 . 2009-04-21 12:29
d
w c:usersAll UsersKaspersky Lab Setup Files
2009-04-21 11:36 . 2009-04-21 12:29
d
w c:programdataKaspersky Lab Setup Files
2009-04-21 09:48 . 2009-04-21 09:49
d
w c:usersAll UsersTages
2009-04-21 09:48 . 2009-04-21 09:49
d
w c:programdataTages
2009-04-20 11:06 . 2009-04-20 11:06
d
w c:users1AppDataRoamingDigital Support Free Tools
2009-04-13 16:55 . 2009-04-23 16:18 65536
w c:windowssystem32Ikeext.etl
2009-04-11 09:05 . 2009-03-19 16:16 2726941 —-a-w c:windowssystem32GameMon.des
2009-04-03 13:08 . 2009-04-03 13:08
d—h—w c:windowsPIF
2009-04-02 22:00 . 2009-04-02 22:00 410984 —-a-w c:windowssystem32deploytk.dll
2009-04-02 21:49 . 2009-04-02 21:49
d
w c:users1AppDataLocalNWN2 Toolset
2009-03-31 19:01 . 2005-01-03 06:43 4682 —-a-w c:windowssystem32npptNT2.sys
2009-03-31 19:01 . 2003-07-19 15:17 5174 —-a-w c:windowssystem32nppt9x.vxd
2009-03-31 13:33 . 2009-03-31 13:33
d
w c:users1AppDataRoamingInstallShield.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 16:23 . 2008-01-21 05:44 653074 —-a-w c:windowsSystem32perfh019.dat
2009-04-23 16:23 . 2008-01-21 05:44 125594 —-a-w c:windowsSystem32perfc019.dat
2009-04-23 16:18 . 2009-04-23 16:18 2280 —-a-w C:avenger.txt
2009-04-23 10:19 . 2008-12-10 16:06 16608 —-a-w c:windowsgdrv.sys
2009-04-22 21:38 . 2008-12-10 14:09
d
w c:users1AppDataRoaminguTorrent
2009-04-22 11:20 . 2009-04-22 11:00
d
w c:program filestrend micro
2009-04-22 10:18 . 2009-01-10 22:20
d
w c:programdataMedia Center Programs
2009-04-22 10:18 . 2009-04-22 09:48
d
w c:program filesRegCure
2009-04-22 08:58 . 2009-04-22 08:58
d
w c:program filesMalwarebytes’ Anti-Malware
2009-04-21 12:41 . 2008-01-29 13:29 33808 —-a-w c:windowssystem32driversklbg.sys
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstrng.dat
2009-04-21 12:33 . 2006-11-02 10:25 86016 —-a-w c:windowsInfinfstor.dat
2009-04-21 12:33 . 2006-11-02 10:25 51200 —-a-w c:windowsInfinfpub.dat
2009-04-21 12:32 . 2009-04-21 12:32
d
w c:program filesKaspersky Lab
2009-04-21 10:34 . 2008-12-10 22:09
d
w c:program filesDAEMON Tools Lite
2009-04-21 09:31 . 2008-12-10 16:09
d—h—w c:program filesInstallShield Installation Information
2009-04-21 09:31 . 2009-02-05 12:36 279712 —-a-w c:windowssystem32driversatksgt.sys
2009-04-21 09:31 . 2009-02-05 12:36 25888 —-a-w c:windowssystem32driverslirsgt.sys
2009-04-18 11:52 . 2009-01-19 13:38
d
w c:program filesCommon FilesSteam
2009-04-15 23:26 . 2006-11-02 11:18
d
w c:program filesWindows Mail
2009-04-11 19:30 . 2008-12-10 16:03 100736 —-a-w c:users1AppDataLocalGDIPFONTCACHEV1.DAT
2009-04-02 22:00 . 2009-04-02 22:00
d
w c:program filesJava
2009-04-01 11:04 . 2008-12-10 16:09
d
w c:program filesCommon FilesInstallShield
2009-03-26 00:49 . 2008-12-11 09:43
d
w c:program filesICQ6
2009-03-17 03:38 . 2009-04-15 22:01 40960 —-a-w c:windowsAppPatchapihex86.dll
2009-03-17 03:38 . 2009-04-15 22:01 13824 —-a-w c:windowsSystem32apilogen.dll
2009-03-17 03:38 . 2009-04-15 22:01 24064 —-a-w c:windowsSystem32amxread.dll
2009-03-12 20:23 . 2009-03-12 20:22
d
w c:program filesZyXEL
2009-03-09 05:22 . 2009-03-09 05:22
d
w c:programdataUbisoft
2009-03-03 04:46 . 2009-04-15 22:01 3599328 —-a-w c:windowsSystem32ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 22:01 3547632 —-a-w c:windowsSystem32ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 22:01 827392 —-a-w c:windowsSystem32wininet.dll
2009-03-03 04:39 . 2009-04-15 22:01 183296 —-a-w c:windowsSystem32sdohlp.dll
2009-03-03 04:39 . 2009-04-15 22:01 551424 —-a-w c:windowsSystem32rpcss.dll
2009-03-03 04:39 . 2009-04-15 22:01 26112 —-a-w c:windowsSystem32printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 22:01 78336 —-a-w c:windowsSystem32ieencode.dll
2009-03-03 04:37 . 2009-04-15 22:01 98304 —-a-w c:windowsSystem32iasrecst.dll
2009-03-03 04:37 . 2009-04-15 22:01 54784 —-a-w c:windowsSystem32iasads.dll
2009-03-03 04:37 . 2009-04-15 22:01 44032 —-a-w c:windowsSystem32iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 22:01 666624 —-a-w c:windowsSystem32printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 22:01 17408 —-a-w c:windowsSystem32iashost.exe
2009-03-03 02:28 . 2009-04-15 22:01 26624 —-a-w c:windowsSystem32ieUnatt.exe
2009-03-01 10:49 . 2009-03-01 10:48
d
w c:users1AppDataRoamingVentrilo
2009-03-01 10:47 . 2009-03-01 10:47
d
w c:program filesVentrilo
2009-03-01 10:47 . 2008-12-27 15:40
d
w c:program filesCommon FilesWise Installation Wizard
2009-02-24 09:50 . 2009-02-24 09:50
d
w c:programdataCodemasters
2009-02-24 09:48 . 2008-12-27 15:41
d
w c:program filesOpenAL
2009-02-13 08:49 . 2009-04-15 22:01 72704 —-a-w c:windowsSystem32secur32.dll
2009-02-13 08:49 . 2009-04-15 22:01 1255936 —-a-w c:windowsSystem32lsasrv.dll
2009-02-09 03:10 . 2009-03-11 14:11 2033152 —-a-w c:windowsSystem32win32k.sys
2008-12-10 16:20 . 2008-12-10 16:19 680 —-a-w c:usersАдминистраторAppDataLocald3d9caps.dat
2008-12-10 16:19 . 2008-12-10 16:19 48600 —-a-w c:usersАдминистраторAppDataLocalGDIPFONTCACHEV1.DAT
2008-12-10 16:13 . 2008-12-10 16:02 680 —-a-w c:users1AppDataLocald3d9caps.dat
2008-01-21 02:41 . 2006-11-02 12:49 174 —sha-w c:program filesdesktop.ini
.((((((((((((((((((((((((((((( SnapShot_2009-04-23_15.27.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:windowswinsxsx86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440msdtcvtr.bat
+ 2008-01-21 01:56 . 2009-04-23 16:20 38816 c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-04-23 16:20 98984 c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:windowsSystem32MsdtcTracemsdtcvtr.bat
— 2008-12-10 16:01 . 2009-04-23 15:26 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2008-12-10 16:01 . 2009-04-23 16:20 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2008-12-10 16:01 . 2009-04-23 16:20 32768 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2008-12-10 16:01 . 2009-04-23 15:26 32768 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2008-12-10 16:01 . 2009-04-23 15:26 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-12-10 16:01 . 2009-04-23 16:20 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2008-12-10 16:04 . 2009-04-23 16:20 7988 c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-2572017069-2101235274-472651915-1000_UserData.bin
— 2009-04-23 15:22 . 2009-04-23 15:22 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
+ 2009-04-23 16:17 . 2009-04-23 16:18 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
+ 2009-04-23 16:17 . 2009-04-23 16:18 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
— 2009-04-23 15:22 . 2009-04-23 15:22 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2006-11-02 10:33 . 2009-04-23 16:02 586980 c:windowsSystem32perfh009.dat
— 2006-11-02 10:33 . 2009-04-23 14:56 586980 c:windowsSystem32perfh009.dat
+ 2006-11-02 10:33 . 2009-04-23 16:02 101052 c:windowsSystem32perfc009.dat
— 2006-11-02 10:33 . 2009-04-23 14:56 101052 c:windowsSystem32perfc009.dat
+ 2006-11-02 12:42 . 2009-04-23 15:53 262144 c:windowsSystem32configsystemprofilentuser.dat
— 2006-11-02 12:42 . 2009-04-22 14:31 262144 c:windowsSystem32configsystemprofilentuser.dat
— 2006-11-02 12:46 . 2009-04-23 15:25 262144 c:windowsServiceProfilesNetworkServiceNTUSER.DAT
+ 2006-11-02 12:46 . 2009-04-23 16:20 262144 c:windowsServiceProfilesNetworkServiceNTUSER.DAT
— 2006-11-02 12:46 . 2009-04-23 15:24 262144 c:windowsServiceProfilesLocalServiceNTUSER.DAT
+ 2006-11-02 12:46 . 2009-04-23 16:21 262144 c:windowsServiceProfilesLocalServiceNTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«TBPanel»=»c:program filesVtuneTBPanel.exe» [2008-07-10 2154496]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-10 216520]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-08-03 202024][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-04-02 148888]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-11-12 13675040]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-11-12 92704][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«DisableTaskManager»= 0[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1KASPER~1KASPER~1mzvkbd.dll c:progra~1KASPER~1KASPER~1mzvkbd3.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-2572017069-2101235274-472651915-1000]
«EnableNotifications»=dword:00000001
«EnableNotificationsRef»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{F18AE134-DECF-4EC9-AEA8-1F6CA9FEFC4C}»= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
«{194B2175-B298-4805-AAED-F9055AC532BB}»= UDP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{6BA7C62B-6CB2-46A9-8939-5DF030D5CCC6}»= TCP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
«{B04D9EDE-A366-4349-88F1-40801561F0DD}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{BA1AC9D5-711D-4979-8CE4-CBF55D6AB8FD}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{B1FED140-0E41-41B5-8075-9B005FABE6A9}»= UDP:c:program filesuTorrentuTorrent.exe:µTorrent (TCP-In)
«{0188C203-F0D1-49D4-9999-FB2F6587AAA7}»= TCP:c:program filesuTorrentuTorrent.exe:µTorrent (UDP-In)
«TCP Query User{EDCBD3B4-A703-4684-89AE-FD5C599D2D06}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{94422C60-78BE-4F6D-BCF3-698DC8BBDCFB}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{B57A6B89-344B-496A-9880-507192D64B4A}c:\program files\opera\opera.exe»= UDP:c:program filesoperaopera.exe:Opera Internet Browser
«UDP Query User{B36735C5-28C1-40F1-BE8C-4970FDF5E251}c:\program files\opera\opera.exe»= TCP:c:program filesoperaopera.exe:Opera Internet Browser
«{40E511F0-3BBC-41E0-8B20-C1E1A2B7C62E}»= UDP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{4491286B-1672-4F9B-9BAC-918AA80792FC}»= TCP:d:prince of persiaPrince of Persia.exe:Prince of Persia Dx
«{95D3A8F6-2F02-4E27-8058-BD7E072B20C6}»= UDP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«{CAB61701-7A37-46BB-9889-31102672358D}»= TCP:d:prince of persiaPrinceOfPersia_Launcher.exe:Prince of Persia Update
«TCP Query User{6580B0FA-20A6-40C7-B7B3-7B6D23E1EF71}d:\test drive unlimited gold\testdriveunlimited.exe»= UDP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«UDP Query User{9735496D-25DF-418D-9FF3-43F8A1A8C4A4}d:\test drive unlimited gold\testdriveunlimited.exe»= TCP:d:test drive unlimited goldtestdriveunlimited.exe:Test Drive Unlimited
«{E3CD3FE0-601C-4423-94C7-225367E2C9B7}»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{C96DB9CF-6B66-442F-B87E-EB966075816A}»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 Game Server
«{9DE117F8-736F-4458-86CC-8F553E89F103}»= UDP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«{9E0F2399-01E4-41D2-B486-C5D39668FCE4}»= TCP:d:sacred 2 — fallen angelsystemsacred2.exe:Sacred 2
«TCP Query User{F09EE4D7-79AA-4AF2-847A-69A85756FBC3}d:\rockstar games\grand theft auto iv\gtaiv.exe»= UDP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«UDP Query User{9E71809C-8335-4C83-8F52-594A90BA6E09}d:\rockstar games\grand theft auto iv\gtaiv.exe»= TCP:d:rockstar gamesgrand theft auto ivgtaiv.exe:Grand Theft Auto IV
«{556C0AC1-BE88-4B3A-97E3-6B873FAE45D3}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{DA1D1CF5-C5F7-4579-8BF5-148ED404B5E6}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)
«{C2732B47-B4BA-4720-9408-C43B189E52D6}»= UDP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«{A1756CE7-BD89-4B46-985C-A400D57B76ED}»= TCP:d:gsc world publishingС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)
«TCP Query User{EEB1C243-FFC3-44C8-AB2C-A833EDD8AA6E}d:\saints row 2\sr2_pc.exe»= UDP:d:saints row 2sr2_pc.exe:SR2_pc
«UDP Query User{50512360-1B26-4E95-BF45-AAEFAB52F792}d:\saints row 2\sr2_pc.exe»= TCP:d:saints row 2sr2_pc.exe:SR2_pc
«TCP Query User{F7A30913-7C2D-4358-BDE1-7CD2CEFF74C0}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{B29B5AB2-B7A8-42D5-8460-360B891977F9}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{02B4EF3B-14C9-4055-90C1-C8EEF7A2FB6B}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{581726E8-3836-4737-A04C-7D2B5D02EBC8}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«{AE28890D-2E4F-41B2-99B3-93B27CE542E4}»= c:program filesSkypePhoneSkype.exe:Skype
«{2E310961-46AF-4F80-80AD-CF6E01D98FE3}»= c:program filesSkypePhoneSkype.exe:Skype
«{D75B798D-C550-4521-AEF0-DE0F248B4414}»= UDP:d:race driver gridGRID.exe:Race Driver GRID
«{BA99A147-EFD9-4364-B9DD-1112A5575C89}»= TCP:d:race driver gridGRID.exe:Race Driver GRID
«{ED2C5986-BB08-4E3C-A557-47E22BFC6BF2}»= UDP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{1D0E2C57-59D9-4CFA-AB8A-14F067B77B39}»= TCP:c:program filesVentriloVentrilo.exe:Ventrilo.exe
«{9E0CE50D-514E-4BFE-8748-806B0169D5DD}»= UDP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{779656E9-1E8D-448E-9C42-043F880C6967}»= TCP:d:tom clancy’s h.a.w.xHAWX.exe:Tom Clancy’s H.A.W.X
«{2F9C443E-AD44-4FA3-8931-8D4EA51CAAA2}»= UDP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«{46012404-8D28-479E-A1B7-0C49541DE4FD}»= TCP:d:tom clancy’s h.a.w.xHAWX_dx10.exe:Tom Clancy’s H.A.W.X
«TCP Query User{67B32845-5A69-4DA7-84DF-E78BBF9AFDEA}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= UDP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«UDP Query User{826D75DD-A7DC-4841-96B7-7748D6A3E868}d:\steam\steamapps\norev\source dedicated server\srcds.exe»= TCP:d:steamsteamappsnorevsource dedicated serversrcds.exe:srcds
«TCP Query User{EC7762A7-B472-42E3-B378-FC79A07DC3A8}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= UDP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«UDP Query User{EFB68BEB-1270-4CCC-BAC1-A27E1C185CEA}d:\steam\steamapps\norev\counter-strike source\hl2.exe»= TCP:d:steamsteamappsnorevcounter-strike sourcehl2.exe:hl2
«TCP Query User{775193A3-0F63-47BE-8E97-FF51C2D8967C}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{FCB4AA59-9BF5-4076-9F17-9F13D10AF8C1}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{98B2E2E5-BCEB-40D8-A738-3EBFABC67DD6}c:\program files\utorrent\utorrent.exe»= UDP:c:program filesutorrentutorrent.exe:µTorrent
«UDP Query User{ED421106-C2E5-4140-8BB5-9C9DE0D5D198}c:\program files\utorrent\utorrent.exe»= TCP:c:program filesutorrentutorrent.exe:µTorrent
«TCP Query User{A2919733-37F3-4C8E-9AE9-3313817C830B}d:\sacred 2 — fallen angel\system\s2gs.exe»= UDP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«UDP Query User{80F8922F-722D-4D02-9C49-6F538AEEAF36}d:\sacred 2 — fallen angel\system\s2gs.exe»= TCP:d:sacred 2 — fallen angelsystems2gs.exe:Sacred 2 — Game Server
«{106035FC-F403-405D-A84F-528F63949F26}»= UDP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{F511E9A3-9AEC-42A4-9108-0DC8DA46877C}»= TCP:d:ubisoftFar Cry 2binFarCry2.exe:Far Cry 2
«{1327CA88-A3D1-4BFC-A511-59C10D0517A9}»= UDP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{561C56F3-181F-4177-BD45-EDDF96AD296C}»= TCP:d:ubisoftFar Cry 2binFC2Launcher.exe:Far Cry 2 Updater
«{244CDBC2-E7C7-4A86-8367-2D923939DA72}»= UDP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«{C20BAF31-6792-41B9-B157-07F94E333D82}»= TCP:d:ubisoftFar Cry 2binFC2Editor.exe:Редактор
«TCP Query User{FB280609-177D-4299-9342-EA87CB32BEEC}d:\silverfall\silverfall.exe»= UDP:d:silverfallsilverfall.exe:Silverfall
«UDP Query User{17AAD917-F268-434B-B844-EB463A81BAB9}d:\silverfall\silverfall.exe»= TCP:d:silverfallsilverfall.exe:Silverfall
«TCP Query User{F75582DA-10E9-4665-93A0-9D5FAA1C65C5}d:\neverwinter nights 2\nwn2main.exe»= UDP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2
«UDP Query User{E4E3EE13-9464-4C18-96B2-32AED1F81919}d:\neverwinter nights 2\nwn2main.exe»= TCP:d:neverwinter nights 2nwn2main.exe:Neverwinter Nights 2R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:windowssystem32DRIVERSCnxEtP.sys [2003-07-31 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32DRIVERSCnxEtU.sys [2003-07-31 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:windowssystem32DRIVERSCnxTgN.sys [2003-08-01 108547]
R3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des [2009-03-19 2726941]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2009-04-21 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [2008-07-09 20496]
S3 FStarForce;FStarForce;c:windowssystem32DRIVERSFStarForce.sys [2008-09-28 7680]
S3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32DRIVERSusb8023.sys [2008-01-21 15872].
Contents of the ‘Scheduled Tasks’ folder2009-04-23 c:windowsTasksRegCure Program Check.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]2009-04-22 c:windowsTasksRegCure.job
— c:program filesRegCureRegCure.exe [2008-11-27 23:11]
.
.
Supplementary Scan
.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
TCP: {5D70B13B-2A9C-49A3-9786-879696C7D2F8} = 195.34.32.116 212.188.4.10
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 20:23
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc]
«ImagePath»=»c:windowssystem32GameMon.des -service»
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINESystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘Explorer.exe'(3284)
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
.
Completion time: 2009-04-23 20:24
ComboFix-quarantined-files.txt 2009-04-23 16:24
ComboFix2.txt 2009-04-23 16:00
ComboFix3.txt 2009-04-23 15:28
ComboFix4.txt 2009-04-23 09:54
ComboFix5.txt 2009-04-23 16:21Pre-Run: 24 604 323 840 байт свободно
Post-Run: 24 455 213 056 байт свободноCurrent=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,4,5,6
287 — E O F — 2009-04-23 15:17Рад вам помочь 🙂
Combofix лог так же выглядит нормально.
Несколько завершающих действий.1. Обновите ваши программы.
Зайдите на сайт update.microsoft.com и обновите Windows.
2. Удалите все программы, которые вы использовали в процессе лечения, в случае необходимости, вы всегда сможете скачать их заново. Удаление их необходимо по-причине того, что они содержат компоненты, которые вирусы и трояны могут использовать в плохих целях.
Удалите Combofix с вашего компьютера, действуйте согласно инструкции: Как правильно удалить combofix с компьютера.
Удалите Avenger, RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.
3. И несколько дополнительных советов.
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
