- This topic has 8 ответов, 2 участника, and was last updated 15 years, 11 months назад by
.
-
Сообщения
-
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
При загрузке компьютера появляются и мелькают окна Internet, даже если выключен модем.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Родители at 2009-10-20 21:40:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (5%) free of 31 GB
Total RAM: 2047 MB (73% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:38, on 20.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:DOCUME~18E4B~1LOCALS~1Tempvshost32.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesLoviVkontakteVkontakteService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSRTHDCPL.EXE
C:program filesVolumeControlvolume.exe
C:Program FilesEsetnod32kui.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesLoviVkontaktelovivkontakte.exe
D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrotray.exe
C:Program FilesPunto Switcherps.exe
C:WINDOWSsystem32ctfmon.exe
C:DOCUME~18E4B~1LOCALS~1Tempservices.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsРодителиРабочий столRSIT.exe
C:Program FilesTrend MicroHijackThisРодители.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = vkontakte.ru;www.vkontakte.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:DOCUME~18E4B~1LOCALS~1Tempvshost32.exe,
O1 — Hosts: 88.198.72.190 css.yandex.net #AdwMtam_MicroSoft
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Adobe PDF Conversion Toolbar Helper — {AE7CD045-E861-484f-8273-0445EE161910} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O2 — BHO: SmartSelect — {F4971EE7-DAA0-4053-9964-665D8EE6A077} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Adobe PDF — {47833539-D0C5-4125-9FA8-0819E2EAAC93} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [VolumeControl] C:program filesVolumeControlvolume.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [LoviVkontakte] C:Program FilesLoviVkontaktelovivkontakte.exe
O4 — HKLM..Run: [Adobe Acrobat Speed Launcher] «D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrobat_sl.exe»
O4 — HKLM..Run: [Acrobat Assistant 8.0] «D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrotray.exe»
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [BootMgr] C:DOCUME~18E4B~1LOCALS~1Tempservices.exe
O4 — HKUSS-1-5-19..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 — Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Append Link Target to Existing PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 — Extra context menu item: Append to Existing PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert Link Target to Adobe PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 — Extra context menu item: Convert to Adobe PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — Cmdmapping — (no file) (HKCU)
O16 — DPF: {2D4C57AA-54C0-4942-BB2A-51DF0727950B} (ImResize Class) — http://www.openkremlin.ru/cab/ImResCtl.cab
O19 — User stylesheet: C:Documents and SettingsРодителиРабочий столfgh.css (file missing)
O20 — AppInit_DLLs: C:WINDOWSsystem32vksaver.dll acaptuser32.dll
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: LoviVkontake Service (LoviVkontakteService) — Zeyfman Genady — C:Program FilesLoviVkontakteVkontakteService.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10015 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2009-02-27 61816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-01 665800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll [2009-02-27 349576][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll [2009-02-27 349576][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-01 665800]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} — Adobe PDF — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll [2009-02-27 349576][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-07-13 8466432]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-07-13 81920]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-11-06 16855552]
«VolumeControl»=C:program filesVolumeControlvolume.exe [2003-09-16 36864]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2008-04-15 949376]
«HP Software Update»=C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2007-03-11 49152]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-10-01 4417016]
«LoviVkontakte»=C:Program FilesLoviVkontaktelovivkontakte.exe [2009-09-14 728576]
«Adobe Acrobat Speed Launcher»=D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrobat_sl.exe [2009-02-27 38768]
«»= []
«Acrobat Assistant 8.0″=D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrotray.exe [2009-02-27 640376][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2007-01-25 201728]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2007-07-02 132608]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2007-12-22 30208]
«BootMgr»=C:DOCUME~18E4B~1LOCALS~1Tempservices.exe [2009-07-31 29065]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
HP Digital Imaging Monitor.lnk — C:Program FilesHPDigital Imagingbinhpqtra08.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:WINDOWSsystem32vksaver.dll acaptuser32.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2004-08-18 239616][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=
«NoDrives»=
«NoDriveAutoRun»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4965638d-0bdf-11de-aca3-001a4df2dae2}]
shellAutoRuncommand — G:USBNB.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6728205f-0c89-11dd-a9ce-001a4df2dae2}]
shellAutoRuncommand — G:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe
shellopencommand — G:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{67282060-0c89-11dd-a9ce-001a4df2dae2}]
shellAutoRuncommand — H:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe
shellopencommand — H:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a568c97a-36f6-11de-ad5e-001a4df2dae2}]
shellAutoRuncommand — F:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe
shellopencommand — F:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b8396306-163b-11de-acda-001a4df2dae2}]
shellAutoRuncommand — F:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe
shellopencommand — F:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe======List of files/folders created in the last 1 months======
2009-10-15 21:40:23 —-D—- C:Documents and SettingsAll UsersApplication DataFLEXnet
2009-10-15 21:29:44 —-RA—- C:WINDOWSsystem32AdobePDFUI.dll
2009-10-15 21:29:44 —-A—- C:WINDOWSsystem32AdobePDF.dll
2009-10-15 21:11:34 —-D—- C:Program FilesCommon FilesMacrovision Shared======List of files/folders modified in the last 1 months======
2009-10-20 21:39:56 —-D—- C:WINDOWStemp
2009-10-19 21:14:54 —-A—- C:WINDOWSSchedLgU.Txt
2009-10-19 19:59:25 —-D—- C:Documents and SettingsРодителиApplication DataMra
2009-10-15 22:11:23 —-D—- C:WINDOWS
2009-10-15 21:43:48 —-SHD—- C:WINDOWSInstaller
2009-10-15 21:43:47 —-HD—- C:Config.Msi
2009-10-15 21:43:37 —-D—- C:WINDOWSsystem32
2009-10-15 21:43:36 —-D—- C:WINDOWSsystem32CatRoot2
2009-10-15 21:30:02 —-D—- C:Program FilesCommon FilesAdobe
2009-10-15 21:30:01 —-D—- C:Documents and SettingsРодителиApplication DataAdobe
2009-10-15 21:29:59 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-10-15 21:29:44 —-HD—- C:WINDOWSinf
2009-10-15 21:27:08 —-RSD—- C:WINDOWSFonts
2009-10-15 21:18:04 —-D—- C:Program FilesAdobe
2009-10-15 21:11:34 —-D—- C:Program FilesCommon Files
2009-10-15 20:31:09 —-D—- C:WINDOWSWinSxS
2009-10-14 21:55:58 —-D—- C:WINDOWSsystem32drivers======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2007-12-22 40448]
R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2008-04-15 15424]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2008-04-15 512096]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-11-14 4625408]
R3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-07-13 6807744]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-10-24 103296]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2007-12-22 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2007-12-22 59392]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2007-12-22 20608]
S2 ruvvfngdepkl;ruvvfngdepkl; ??C:WINDOWSsystem32driversdoqfp.sys []
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 tdi_client.dll;tdi_client.dll; ??C:WINDOWSsystem32tdi_client.dll []
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2007-12-21 31616]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2007-12-21 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2007-12-22 26496]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:WINDOWSsystem32DRIVERSw200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSw200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSw200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSw200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSw200obex.sys [2006-11-07 86368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 hpqddsvc;Служба HP CUE DeviceDiscovery; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
R2 LoviVkontakteService;LoviVkontake Service; C:Program FilesLoviVkontakteVkontakteService.exe [2009-09-14 476672]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-04-15 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-07-13 155716]
R3 hpqcxs08;hpqcxs08; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-10-15 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Судя по логам вы использовали несколько заражённых флешек.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
Запустите HijackThis, для этого кликните Пуск, Выполнить, введите
C:Program FilesTrend MicroHijackThisРодители.exeи нажмите Enter.
Кликните по кнопке Do a system scan only.
Далее отметьте галочкой (слева) следующие строки, если они присутствуют:F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:DOCUME~18E4B~1LOCALS~1Tempvshost32.exe,
O1 - Hosts: 88.198.72.190 css.yandex.net #AdwMtam_MicroSoft
O4 - HKCU..Run: [BootMgr] C:DOCUME~18E4B~1LOCALS~1Tempservices.exe
O19 - User stylesheet: C:Documents and SettingsРодителиРабочий столfgh.css (file missing)Закройте все запущенные программы (включая InternetExplorer) и окна Windows.
Кликните по кнопке Fix checked и подтвердите свои действия выбрав YES.
Перезагрузите компьютер.Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.
Жду от вас этот лог + свежий RSIT лог.- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Вот полученные отчеты.
первый:
Malwarebytes’ Anti-Malware 1.41
Версия базы данных: 3024
Windows 5.1.2600 Service Pack 224.10.2009 19:19:53
mbam-log-2009-10-24 (19-19-53).txtТип проверки: Полная (C:|D:|)
Проверено объектов: 183245
Прошло времени: 19 minute(s), 6 second(s)Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 3
Заражено значений реестра: 0
Заражено параметров реестра: 2
Заражено папок: 1
Заражено файлов: 48Заражено процессов в памяти:
(Вредоносные программы не обнаружены)Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28abc5c0-4fcb-11cf-aax5-21cx1c642131} (Generic.Bot.H) -> Delete on reboot.
HKEY_CLASSES_ROOTCLSID{8e8e8f8a-8fcc-88ce-bcb8-b8fd8e88888a} (Malware.Packer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTDSSserv.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.Заражено значений реестра:
(Вредоносные программы не обнаружены)Заражено параметров реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Заражено папок:
C:RESTORES-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Delete on reboot.Заражено файлов:
C:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe (Generic.Bot.H) -> Delete on reboot.
C:vshost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTempLOL-M.Jackson_BoySex.pif (IM.Worm) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTempLOLWTF!!_YourMom.PIF (Backdoor.Bot) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTempLOL_MichaelJackson.pif (IM.Worm) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTempM.Jackson_GAY.pif (IM.Worm) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTempservices.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTempSwineFlu.PIF (Backdoor.Bot) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp01552.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp43063.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp45979.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp72562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp94670.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp108421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp129352.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp620422.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTempMichaelJackson_GAY.PIF (IM.Worm) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp913465.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp954775.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp974685.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp981535.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp998814.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp438904.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp458738.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp468070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp474832.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp476924.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp484176.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp490586.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp517599.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp517726.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp529562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp580979.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp588606.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:System Volume Information_restore{000596F6-382E-45BB-80BD-741A9678AB00}RP101A0040531.exe (IM.Worm) -> Quarantined and deleted successfully.
C:System Volume Information_restore{000596F6-382E-45BB-80BD-741A9678AB00}RP103A0040773.exe (Worm.Messenger) -> Quarantined and deleted successfully.
C:System Volume Information_restore{000596F6-382E-45BB-80BD-741A9678AB00}RP119A0055831.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:System Volume Information_restore{000596F6-382E-45BB-80BD-741A9678AB00}RP94A0036879.exe (Worm.Messenger) -> Quarantined and deleted successfully.
C:WINDOWSsystem32CDClose.dll (Malware.Packer) -> Quarantined and deleted successfully.
D:vshost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:Adobe Acrobat 9 Pro Extended RusInstallkeygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:System Volume Information_restore{000596F6-382E-45BB-80BD-741A9678AB00}RP101A0040533.exe (IM.Worm) -> Quarantined and deleted successfully.
D:System Volume Information_restore{000596F6-382E-45BB-80BD-741A9678AB00}RP103A0040775.exe (Worm.Messenger) -> Quarantined and deleted successfully.
C:RESTORES-1-5-21-1482476501-1644491937-682003330-1013Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTemp174094.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTempFuckedByMichaelJackson.pif (Worm.Messenger) -> Quarantined and deleted successfully.
C:Documents and SettingsРодителиLocal SettingsTempscvhost.exe (Trojan.Downloader) -> Delete on reboot.
C:Documents and SettingsРодителиLocal SettingsTempvshost32.exe (Worm.Messenger) -> Quarantined and deleted successfully.и второй:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Родители at 2009-10-24 19:32:16
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (5%) free of 31 GB
Total RAM: 2047 MB (77% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:19, on 24.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSRTHDCPL.EXE
C:program filesVolumeControlvolume.exe
C:Program FilesEsetnod32kui.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesLoviVkontaktelovivkontakte.exe
D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrotray.exe
C:Program FilesPunto Switcherps.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLoviVkontakteVkontakteService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsРодителиРабочий столRSIT.exe
C:Program FilesTrend MicroHijackThisРодители.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = vkontakte.ru;www.vkontakte.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O1 — Hosts: 88.198.72.190 css.yandex.net #AdwMtam_MicroSoft
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Adobe PDF Conversion Toolbar Helper — {AE7CD045-E861-484f-8273-0445EE161910} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O2 — BHO: SmartSelect — {F4971EE7-DAA0-4053-9964-665D8EE6A077} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Adobe PDF — {47833539-D0C5-4125-9FA8-0819E2EAAC93} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [VolumeControl] C:program filesVolumeControlvolume.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [LoviVkontakte] C:Program FilesLoviVkontaktelovivkontakte.exe
O4 — HKLM..Run: [Adobe Acrobat Speed Launcher] «D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrobat_sl.exe»
O4 — HKLM..Run: [Acrobat Assistant 8.0] «D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrotray.exe»
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Windows Workstation] C:DOCUME~18E4B~1LOCALS~1Tempscvhost.exe
O4 — HKUSS-1-5-19..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 — Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Append Link Target to Existing PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 — Extra context menu item: Append to Existing PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert Link Target to Adobe PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 — Extra context menu item: Convert to Adobe PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — Cmdmapping — (no file) (HKCU)
O16 — DPF: {2D4C57AA-54C0-4942-BB2A-51DF0727950B} (ImResize Class) — http://www.openkremlin.ru/cab/ImResCtl.cab
O20 — AppInit_DLLs: C:WINDOWSsystem32vksaver.dll acaptuser32.dll
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: LoviVkontake Service (LoviVkontakteService) — Zeyfman Genady — C:Program FilesLoviVkontakteVkontakteService.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9854 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2009-02-27 61816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-01 665800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll [2009-02-27 349576][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll [2009-02-27 349576][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-01 665800]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} — Adobe PDF — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll [2009-02-27 349576][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-07-13 8466432]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-07-13 81920]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-11-06 16855552]
«VolumeControl»=C:program filesVolumeControlvolume.exe [2003-09-16 36864]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2008-04-15 949376]
«HP Software Update»=C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2007-03-11 49152]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-10-01 4417016]
«LoviVkontakte»=C:Program FilesLoviVkontaktelovivkontakte.exe [2009-09-14 728576]
«Adobe Acrobat Speed Launcher»=D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrobat_sl.exe [2009-02-27 38768]
«»= []
«Acrobat Assistant 8.0″=D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrotray.exe [2009-02-27 640376]
«Malwarebytes Anti-Malware (reboot)»=C:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2007-01-25 201728]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2007-07-02 132608]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2007-12-22 30208]
«Windows Workstation»=C:DOCUME~18E4B~1LOCALS~1Tempscvhost.exe []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
HP Digital Imaging Monitor.lnk — C:Program FilesHPDigital Imagingbinhpqtra08.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:WINDOWSsystem32vksaver.dll acaptuser32.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2004-08-18 239616][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDrives»=0
«NoDriveAutoRun»=FFFFFFFF
«NoDriveTypeAutoRun»=36[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=
«NoDrives»=
«NoDriveAutoRun»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4965638d-0bdf-11de-aca3-001a4df2dae2}]
shellAutoRuncommand — G:USBNB.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6728205f-0c89-11dd-a9ce-001a4df2dae2}]
shellAutoRuncommand — G:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe
shellopencommand — G:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{67282060-0c89-11dd-a9ce-001a4df2dae2}]
shellAutoRuncommand — H:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe
shellopencommand — H:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a568c97a-36f6-11de-ad5e-001a4df2dae2}]
shellAutoRuncommand — F:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe
shellopencommand — F:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b8396306-163b-11de-acda-001a4df2dae2}]
shellAutoRuncommand — F:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe
shellopencommand — F:RESTORES-1-5-21-1482476501-1644491937-682003330-1013rise.exe======List of files/folders created in the last 1 months======
2009-10-15 21:40:23 —-D—- C:Documents and SettingsAll UsersApplication DataFLEXnet
2009-10-15 21:29:44 —-RA—- C:WINDOWSsystem32AdobePDFUI.dll
2009-10-15 21:29:44 —-A—- C:WINDOWSsystem32AdobePDF.dll
2009-10-15 21:11:34 —-D—- C:Program FilesCommon FilesMacrovision Shared======List of files/folders modified in the last 1 months======
2009-10-24 19:21:21 —-A—- C:WINDOWSSchedLgU.Txt
2009-10-24 19:19:53 —-D—- C:WINDOWSsystem32
2009-10-24 18:55:51 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-10-24 18:55:48 —-D—- C:WINDOWSsystem32drivers
2009-10-24 18:49:21 —-D—- C:WINDOWStemp
2009-10-24 12:45:47 —-D—- C:Documents and SettingsРодителиApplication DataMra
2009-10-15 22:11:23 —-D—- C:WINDOWS
2009-10-15 21:43:48 —-SHD—- C:WINDOWSInstaller
2009-10-15 21:43:47 —-HD—- C:Config.Msi
2009-10-15 21:43:36 —-D—- C:WINDOWSsystem32CatRoot2
2009-10-15 21:30:02 —-D—- C:Program FilesCommon FilesAdobe
2009-10-15 21:30:01 —-D—- C:Documents and SettingsРодителиApplication DataAdobe
2009-10-15 21:29:59 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-10-15 21:29:44 —-HD—- C:WINDOWSinf
2009-10-15 21:27:08 —-RSD—- C:WINDOWSFonts
2009-10-15 21:18:04 —-D—- C:Program FilesAdobe
2009-10-15 21:11:34 —-D—- C:Program FilesCommon Files
2009-10-15 20:31:09 —-D—- C:WINDOWSWinSxS======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2007-12-22 40448]
R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2008-04-15 15424]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2008-04-15 512096]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-11-14 4625408]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-07-13 6807744]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-10-24 103296]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2007-12-22 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2007-12-22 59392]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2007-12-22 20608]
S2 ruvvfngdepkl;ruvvfngdepkl; ??C:WINDOWSsystem32driversdoqfp.sys []
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 tdi_client.dll;tdi_client.dll; ??C:WINDOWSsystem32tdi_client.dll []
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2007-12-21 31616]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2007-12-21 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2007-12-22 26496]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:WINDOWSsystem32DRIVERSw200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSw200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSw200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSw200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSw200obex.sys [2006-11-07 86368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 hpqddsvc;Служба HP CUE DeviceDiscovery; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
R2 LoviVkontakteService;LoviVkontake Service; C:Program FilesLoviVkontakteVkontakteService.exe [2009-09-14 476672]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-04-15 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-07-13 155716]
R3 hpqcxs08;hpqcxs08; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-10-15 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
EOF
Скачайте OTM by OldTimer кликнув по этой ссылке.
Запустите OTM и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:services
ruvvfngdepkl
:reg
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6728205f-0c89-11dd-a9ce-001a4df2dae2}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{67282060-0c89-11dd-a9ce-001a4df2dae2}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a568c97a-36f6-11de-ad5e-001a4df2dae2}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b8396306-163b-11de-acda-001a4df2dae2}]
:files
C:WINDOWSsystem32driversdoqfp.sys
:Commands
[emptytemp]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMMovedFiles.Скачайте RootRepeal кликнув по этой ссылке или этой ссылке и распакуйте на ваш рабочий стол.
Кликните по файлу RootRepeal.exe для запуска программы.
Откройте вкладку Report, затем кликните Scan. Откроется окно с запросом что включать в лог, выберите пункты перечисленные ниже и кликните OK.
* Drivers
* Files
* Processes
* SSDT
* Stealth Objects
* Hidden Services
На следующем этапе появится запрос о том, какой диск сканировать, выберите C: и кликните OK снова, после этого запустится процесс сканирования. Когда сканирование закончится кликните Save Report для сохранения лога.Жду от вас OTM лог, RootRepeal лог и свежий RSIT лог.
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
ОТМ лог:
All processes killed
========== SERVICES/DRIVERS ==========ServiceDriver key ruvvfngdepkl deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6728205f-0c89-11dd-a9ce-001a4df2dae2} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{6728205f-0c89-11dd-a9ce-001a4df2dae2} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{67282060-0c89-11dd-a9ce-001a4df2dae2} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{67282060-0c89-11dd-a9ce-001a4df2dae2} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a568c97a-36f6-11de-ad5e-001a4df2dae2} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{a568c97a-36f6-11de-ad5e-001a4df2dae2} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b8396306-163b-11de-acda-001a4df2dae2} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{b8396306-163b-11de-acda-001a4df2dae2} not found.
========== FILES ==========
C:WINDOWSsystem32driversdoqfp.sys moved successfully.
========== COMMANDS ==========[EMPTYTEMP]
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytesUser: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytesUser: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytesUser: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytesUser: Родители
->Temp folder emptied: 718470499 bytes
->Temporary Internet Files folder emptied: 151757182 bytes
->FireFox cache emptied: 47293818 bytes%systemdrive% .tmp files removed: 0 bytes
C:WINDOWSNV8561408.TMP folder deleted successfully.
%systemroot% .tmp files removed: 2238698 bytes
%systemroot%System32 .tmp files removed: 5709 bytes
Windows Temp folder emptied: 3107331 bytes
RecycleBin emptied: 0 bytesTotal Files Cleaned = 880,22 mb
OTM by OldTimer — Version 3.0.0.6 log created on 11042009_101156
Files moved on Reboot…
Registry entries deleted on Reboot…
RootRepeal лог:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/04 10:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================Drivers
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA663000 Size: 188288 File Visible: — Signed: —
Status: —Name: ACPI_HAL
Image Path: DriverACPI_HAL
Address: 0x804D7000 Size: 2142208 File Visible: — Signed: —
Status: —Name: afd.sys
Image Path: C:WINDOWSSystem32driversafd.sys
Address: 0xB64C1000 Size: 138368 File Visible: — Signed: —
Status: —Name: amon.sys
Image Path: C:WINDOWSsystem32driversamon.sys
Address: 0xB58C5000 Size: 501952 File Visible: — Signed: —
Status: —Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA5F5000 Size: 98304 File Visible: — Signed: —
Status: —Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: — Signed: —
Status: —Name: ATMFD.DLL
Image Path: C:WINDOWSSystem32ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: — Signed: —
Status: —Name: audstub.sys
Image Path: C:WINDOWSsystem32DRIVERSaudstub.sys
Address: 0xBAF66000 Size: 3072 File Visible: — Signed: —
Status: —Name: Beep.SYS
Image Path: C:WINDOWSSystem32DriversBeep.SYS
Address: 0xBADC6000 Size: 4224 File Visible: — Signed: —
Status: —Name: BOOTVID.dll
Image Path: C:WINDOWSsystem32BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: — Signed: —
Status: —Name: Cdfs.SYS
Image Path: C:WINDOWSSystem32DriversCdfs.SYS
Address: 0xBAA68000 Size: 63744 File Visible: — Signed: —
Status: —Name: cdrom.sys
Image Path: C:WINDOWSsystem32DRIVERScdrom.sys
Address: 0xBA958000 Size: 62592 File Visible: — Signed: —
Status: —Name: CLASSPNP.SYS
Image Path: C:WINDOWSsystem32DRIVERSCLASSPNP.SYS
Address: 0xBA8E8000 Size: 53248 File Visible: — Signed: —
Status: —Name: disk.sys
Image Path: disk.sys
Address: 0xBA8D8000 Size: 36352 File Visible: — Signed: —
Status: —Name: dmio.sys
Image Path: dmio.sys
Address: 0xBA60D000 Size: 153600 File Visible: — Signed: —
Status: —Name: dmload.sys
Image Path: dmload.sys
Address: 0xBADAC000 Size: 5888 File Visible: — Signed: —
Status: —Name: drmk.sys
Image Path: C:WINDOWSsystem32driversdrmk.sys
Address: 0xBA9E8000 Size: 61440 File Visible: — Signed: —
Status: —Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xB63E6000 Size: 98304 File Visible: No Signed: —
Status: —Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xBADD4000 Size: 8192 File Visible: No Signed: —
Status: —Name: Dxapi.sys
Image Path: C:WINDOWSSystem32driversDxapi.sys
Address: 0xB6685000 Size: 12288 File Visible: — Signed: —
Status: —Name: dxg.sys
Image Path: C:WINDOWSSystem32driversdxg.sys
Address: 0xBF9C4000 Size: 73728 File Visible: — Signed: —
Status: —Name: dxgthk.sys
Image Path: C:WINDOWSSystem32driversdxgthk.sys
Address: 0xBAF0A000 Size: 4096 File Visible: — Signed: —
Status: —Name: fdc.sys
Image Path: C:WINDOWSsystem32DRIVERSfdc.sys
Address: 0xBAB88000 Size: 27392 File Visible: — Signed: —
Status: —Name: Fips.SYS
Image Path: C:WINDOWSSystem32DriversFips.SYS
Address: 0xBAA38000 Size: 34944 File Visible: — Signed: —
Status: —Name: flpydisk.sys
Image Path: C:WINDOWSsystem32DRIVERSflpydisk.sys
Address: 0xBAC18000 Size: 20480 File Visible: — Signed: —
Status: —Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xBA5D5000 Size: 128768 File Visible: — Signed: —
Status: —Name: Fs_Rec.SYS
Image Path: C:WINDOWSSystem32DriversFs_Rec.SYS
Address: 0xBADC2000 Size: 7936 File Visible: — Signed: —
Status: —Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA633000 Size: 125440 File Visible: — Signed: —
Status: —Name: hal.dll
Image Path: C:WINDOWSsystem32hal.dll
Address: 0x806E2000 Size: 134400 File Visible: — Signed: —
Status: —Name: HDAudBus.sys
Image Path: C:WINDOWSsystem32DRIVERSHDAudBus.sys
Address: 0xB9DD8000 Size: 151552 File Visible: — Signed: —
Status: —Name: HIDCLASS.SYS
Image Path: C:WINDOWSsystem32DRIVERSHIDCLASS.SYS
Address: 0xBAA58000 Size: 36864 File Visible: — Signed: —
Status: —Name: HIDPARSE.SYS
Image Path: C:WINDOWSsystem32DRIVERSHIDPARSE.SYS
Address: 0xBAC80000 Size: 28672 File Visible: — Signed: —
Status: —Name: hidusb.sys
Image Path: C:WINDOWSsystem32DRIVERShidusb.sys
Address: 0xB9C61000 Size: 9600 File Visible: — Signed: —
Status: —Name: HTTP.sys
Image Path: C:WINDOWSSystem32DriversHTTP.sys
Address: 0xB50E7000 Size: 262656 File Visible: — Signed: —
Status: —Name: i8042prt.sys
Image Path: C:WINDOWSsystem32DRIVERSi8042prt.sys
Address: 0xBA938000 Size: 53376 File Visible: — Signed: —
Status: —Name: imapi.sys
Image Path: C:WINDOWSsystem32DRIVERSimapi.sys
Address: 0xBA948000 Size: 41856 File Visible: — Signed: —
Status: —Name: intelppm.sys
Image Path: C:WINDOWSsystem32DRIVERSintelppm.sys
Address: 0xBA918000 Size: 40448 File Visible: — Signed: —
Status: —Name: ipnat.sys
Image Path: C:WINDOWSsystem32DRIVERSipnat.sys
Address: 0xB64E3000 Size: 136320 File Visible: — Signed: —
Status: —Name: ipsec.sys
Image Path: C:WINDOWSsystem32DRIVERSipsec.sys
Address: 0xB6586000 Size: 74752 File Visible: — Signed: —
Status: —Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8A8000 Size: 36096 File Visible: — Signed: —
Status: —Name: kbdclass.sys
Image Path: C:WINDOWSsystem32DRIVERSkbdclass.sys
Address: 0xBABA8000 Size: 24832 File Visible: — Signed: —
Status: —Name: KDCOM.DLL
Image Path: C:WINDOWSsystem32KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: — Signed: —
Status: —Name: ks.sys
Image Path: C:WINDOWSsystem32DRIVERSks.sys
Address: 0xB9D63000 Size: 143360 File Visible: — Signed: —
Status: —Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA5AC000 Size: 92544 File Visible: — Signed: —
Status: —Name: mouclass.sys
Image Path: C:WINDOWSsystem32DRIVERSmouclass.sys
Address: 0xBAC08000 Size: 23296 File Visible: — Signed: —
Status: —Name: mouhid.sys
Image Path: C:WINDOWSsystem32DRIVERSmouhid.sys
Address: 0xB66A1000 Size: 12160 File Visible: — Signed: —
Status: —Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8B8000 Size: 42240 File Visible: — Signed: —
Status: —Name: mrxdav.sys
Image Path: C:WINDOWSsystem32DRIVERSmrxdav.sys
Address: 0xB5968000 Size: 181248 File Visible: — Signed: —
Status: —Name: mrxsmb.sys
Image Path: C:WINDOWSsystem32DRIVERSmrxsmb.sys
Address: 0xB6426000 Size: 455936 File Visible: — Signed: —
Status: —Name: Msfs.SYS
Image Path: C:WINDOWSSystem32DriversMsfs.SYS
Address: 0xBAC40000 Size: 19072 File Visible: — Signed: —
Status: —Name: msgpc.sys
Image Path: C:WINDOWSsystem32DRIVERSmsgpc.sys
Address: 0xBA9A8000 Size: 35072 File Visible: — Signed: —
Status: —Name: mssmbios.sys
Image Path: C:WINDOWSsystem32DRIVERSmssmbios.sys
Address: 0xBAD90000 Size: 15488 File Visible: — Signed: —
Status: —Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA4D8000 Size: 105088 File Visible: — Signed: —
Status: —Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA4F2000 Size: 182656 File Visible: — Signed: —
Status: —Name: ndistapi.sys
Image Path: C:WINDOWSsystem32DRIVERSndistapi.sys
Address: 0xBAD6C000 Size: 9600 File Visible: — Signed: —
Status: —Name: ndisuio.sys
Image Path: C:WINDOWSsystem32DRIVERSndisuio.sys
Address: 0xB6681000 Size: 14592 File Visible: — Signed: —
Status: —Name: ndiswan.sys
Image Path: C:WINDOWSsystem32DRIVERSndiswan.sys
Address: 0xB9D4C000 Size: 91776 File Visible: — Signed: —
Status: —Name: NDProxy.SYS
Image Path: C:WINDOWSSystem32DriversNDProxy.SYS
Address: 0xBA9C8000 Size: 38016 File Visible: — Signed: —
Status: —Name: netbios.sys
Image Path: C:WINDOWSsystem32DRIVERSnetbios.sys
Address: 0xBAA28000 Size: 34560 File Visible: — Signed: —
Status: —Name: netbt.sys
Image Path: C:WINDOWSsystem32DRIVERSnetbt.sys
Address: 0xB6505000 Size: 162816 File Visible: — Signed: —
Status: —Name: nod32drv.sys
Image Path: C:WINDOWSsystem32driversnod32drv.sys
Address: 0xBADD0000 Size: 7648 File Visible: — Signed: —
Status: —Name: Npfs.SYS
Image Path: C:WINDOWSSystem32DriversNpfs.SYS
Address: 0xBAC50000 Size: 30848 File Visible: — Signed: —
Status: —Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA51F000 Size: 574976 File Visible: — Signed: —
Status: —Name: ntkrnlpa.exe
Image Path: C:WINDOWSsystem32ntkrnlpa.exe
Address: 0x804D7000 Size: 2142208 File Visible: — Signed: —
Status: —Name: Null.SYS
Image Path: C:WINDOWSSystem32DriversNull.SYS
Address: 0xBAFB1000 Size: 2944 File Visible: — Signed: —
Status: —Name: nv4_disp.dll
Image Path: C:WINDOWSSystem32nv4_disp.dll
Address: 0xBF9D6000 Size: 5697536 File Visible: — Signed: —
Status: —Name: nv4_mini.sys
Image Path: C:WINDOWSsystem32DRIVERSnv4_mini.sys
Address: 0xB9E11000 Size: 6807744 File Visible: — Signed: —
Status: —Name: parport.sys
Image Path: C:WINDOWSsystem32DRIVERSparport.sys
Address: 0xB9D86000 Size: 80128 File Visible: — Signed: —
Status: —Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB30000 Size: 18688 File Visible: — Signed: —
Status: —Name: ParVdm.SYS
Image Path: C:WINDOWSSystem32DriversParVdm.SYS
Address: 0xBAE28000 Size: 6912 File Visible: — Signed: —
Status: —Name: pci.sys
Image Path: pci.sys
Address: 0xBA652000 Size: 68480 File Visible: — Signed: —
Status: —Name: PCI_PNP5490
Image Path: DriverPCI_PNP5490
Address: 0x00000000 Size: 0 File Visible: No Signed: —
Status: —Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000 Size: 3328 File Visible: — Signed: —
Status: —Name: PCIIDEX.SYS
Image Path: C:WINDOWSsystem32DRIVERSPCIIDEX.SYS
Address: 0xBAB28000 Size: 28672 File Visible: — Signed: —
Status: —Name: PnpManager
Image Path: DriverPnpManager
Address: 0x804D7000 Size: 2142208 File Visible: — Signed: —
Status: —Name: portcls.sys
Image Path: C:WINDOWSsystem32driversportcls.sys
Address: 0xB66A9000 Size: 147456 File Visible: — Signed: —
Status: —Name: psched.sys
Image Path: C:WINDOWSsystem32DRIVERSpsched.sys
Address: 0xB9D13000 Size: 69120 File Visible: — Signed: —
Status: —Name: ptilink.sys
Image Path: C:WINDOWSsystem32DRIVERSptilink.sys
Address: 0xBABE8000 Size: 17792 File Visible: — Signed: —
Status: —Name: rasacd.sys
Image Path: C:WINDOWSsystem32DRIVERSrasacd.sys
Address: 0xB9D30000 Size: 8832 File Visible: — Signed: —
Status: —Name: rasl2tp.sys
Image Path: C:WINDOWSsystem32DRIVERSrasl2tp.sys
Address: 0xBA978000 Size: 51328 File Visible: — Signed: —
Status: —Name: raspppoe.sys
Image Path: C:WINDOWSsystem32DRIVERSraspppoe.sys
Address: 0xBA988000 Size: 41472 File Visible: — Signed: —
Status: —Name: raspptp.sys
Image Path: C:WINDOWSsystem32DRIVERSraspptp.sys
Address: 0xBA998000 Size: 48384 File Visible: — Signed: —
Status: —Name: raspti.sys
Image Path: C:WINDOWSsystem32DRIVERSraspti.sys
Address: 0xBABF8000 Size: 16512 File Visible: — Signed: —
Status: —Name: RAW
Image Path: FileSystemRAW
Address: 0x804D7000 Size: 2142208 File Visible: — Signed: —
Status: —Name: rdbss.sys
Image Path: C:WINDOWSsystem32DRIVERSrdbss.sys
Address: 0xB6496000 Size: 174592 File Visible: — Signed: —
Status: —Name: RDPCDD.sys
Image Path: C:WINDOWSSystem32DRIVERSRDPCDD.sys
Address: 0xBADCA000 Size: 4224 File Visible: — Signed: —
Status: —Name: rdpdr.sys
Image Path: C:WINDOWSsystem32DRIVERSrdpdr.sys
Address: 0xB9CE2000 Size: 196864 File Visible: — Signed: —
Status: —Name: redbook.sys
Image Path: C:WINDOWSsystem32DRIVERSredbook.sys
Address: 0xBA968000 Size: 58112 File Visible: — Signed: —
Status: —Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xB5A15000 Size: 49152 File Visible: No Signed: —
Status: —Name: rspndr.sys
Image Path: C:WINDOWSsystem32DRIVERSrspndr.sys
Address: 0xB6176000 Size: 62336 File Visible: — Signed: —
Status: —Name: Rtenicxp.sys
Image Path: C:WINDOWSsystem32DRIVERSRtenicxp.sys
Address: 0xB9DBE000 Size: 103296 File Visible: — Signed: —
Status: —Name: RtkHDAud.sys
Image Path: C:WINDOWSsystem32driversRtkHDAud.sys
Address: 0xB66CD000 Size: 4800512 File Visible: — Signed: —
Status: —Name: SCSIPORT.SYS
Image Path: C:WINDOWSSystem32DriversSCSIPORT.SYS
Address: 0xBA691000 Size: 98304 File Visible: — Signed: —
Status: —Name: serenum.sys
Image Path: C:WINDOWSsystem32DRIVERSserenum.sys
Address: 0xBAD54000 Size: 15488 File Visible: — Signed: —
Status: —Name: serial.sys
Image Path: C:WINDOWSsystem32DRIVERSserial.sys
Address: 0xBA928000 Size: 65408 File Visible: — Signed: —
Status: —Name: sppg.sys
Image Path: sppg.sys
Address: 0xBA6A9000 Size: 1040384 File Visible: No Signed: —
Status: —Name: sptd
Image Path: Driversptd
Address: 0x00000000 Size: 0 File Visible: No Signed: —
Status: —Name: sr.sys
Image Path: sr.sys
Address: 0xBA5C3000 Size: 73472 File Visible: — Signed: —
Status: —Name: srv.sys
Image Path: C:WINDOWSsystem32DRIVERSsrv.sys
Address: 0xB5534000 Size: 333184 File Visible: — Signed: —
Status: —Name: swenum.sys
Image Path: C:WINDOWSsystem32DRIVERSswenum.sys
Address: 0xBADB6000 Size: 4352 File Visible: — Signed: —
Status: —Name: sysaudio.sys
Image Path: C:WINDOWSsystem32driverssysaudio.sys
Address: 0xB5F36000 Size: 60800 File Visible: — Signed: —
Status: —Name: tcpip.sys
Image Path: C:WINDOWSsystem32DRIVERStcpip.sys
Address: 0xB652D000 Size: 360960 File Visible: — Signed: —
Status: —Name: TDI.SYS
Image Path: C:WINDOWSsystem32DRIVERSTDI.SYS
Address: 0xBABD8000 Size: 20480 File Visible: — Signed: —
Status: —Name: termdd.sys
Image Path: C:WINDOWSsystem32DRIVERStermdd.sys
Address: 0xBA9B8000 Size: 40704 File Visible: — Signed: —
Status: —Name: update.sys
Image Path: C:WINDOWSsystem32DRIVERSupdate.sys
Address: 0xB9C89000 Size: 364160 File Visible: — Signed: —
Status: —Name: USBD.SYS
Image Path: C:WINDOWSsystem32DRIVERSUSBD.SYS
Address: 0xBADBE000 Size: 8192 File Visible: — Signed: —
Status: —Name: usbehci.sys
Image Path: C:WINDOWSsystem32DRIVERSusbehci.sys
Address: 0xBAB78000 Size: 30208 File Visible: — Signed: —
Status: —Name: usbhub.sys
Image Path: C:WINDOWSsystem32DRIVERSusbhub.sys
Address: 0xBA9F8000 Size: 59392 File Visible: — Signed: —
Status: —Name: USBPORT.SYS
Image Path: C:WINDOWSsystem32DRIVERSUSBPORT.SYS
Address: 0xB9D9A000 Size: 147456 File Visible: — Signed: —
Status: —Name: usbuhci.sys
Image Path: C:WINDOWSsystem32DRIVERSusbuhci.sys
Address: 0xBAB70000 Size: 20608 File Visible: — Signed: —
Status: —Name: vga.sys
Image Path: C:WINDOWSSystem32driversvga.sys
Address: 0xBAC30000 Size: 20992 File Visible: — Signed: —
Status: —Name: VIDEOPRT.SYS
Image Path: C:WINDOWSsystem32DRIVERSVIDEOPRT.SYS
Address: 0xB9DFD000 Size: 81920 File Visible: — Signed: —
Status: —Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8C8000 Size: 51968 File Visible: — Signed: —
Status: —Name: wanarp.sys
Image Path: C:WINDOWSsystem32DRIVERSwanarp.sys
Address: 0xBAA18000 Size: 34560 File Visible: — Signed: —
Status: —Name: watchdog.sys
Image Path: C:WINDOWSSystem32watchdog.sys
Address: 0xBACB0000 Size: 20480 File Visible: — Signed: —
Status: —Name: wdmaud.sys
Image Path: C:WINDOWSsystem32driverswdmaud.sys
Address: 0xB5DC1000 Size: 82944 File Visible: — Signed: —
Status: —Name: Win32k
Image Path: DriverWin32k
Address: 0xBF800000 Size: 1851392 File Visible: — Signed: —
Status: —Name: win32k.sys
Image Path: C:WINDOWSSystem32win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: — Signed: —
Status: —Name: WMILIB.SYS
Image Path: C:WINDOWSSystem32DriversWMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: — Signed: —
Status: —Name: WMIxWDM
Image Path: DriverWMIxWDM
Address: 0x804D7000 Size: 2142208 File Visible: — Signed: —
Status: —Name: ws2ifsl.sys
Image Path: C:WINDOWSSystem32driversws2ifsl.sys
Address: 0xB9C7D000 Size: 12032 File Visible: — Signed: —
Status: —ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/04 10:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================Hidden/Locked Files
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/04 10:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================Processes
Path: System
PID: 4 Status: —Path: C:Program FilesHPHP Software UpdatehpwuSchd2.exe
PID: 128 Status: —Path: C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
PID: 136 Status: —Path: C:Program FilesMail.RuAgentmagent.exe
PID: 140 Status: —Path: D:Adobe Acrobat 9 Pro Extended RusAcrobatacrotray.exe
PID: 192 Status: —Path: C:WINDOWSsystem32svchost.exe
PID: 260 Status: —Path: C:Program FilesPunto Switcherps.exe
PID: 344 Status: —Path: C:WINDOWSsystem32ctfmon.exe
PID: 452 Status: —Path: C:Program FilesHPDigital Imagingbinhpqtra08.exe
PID: 544 Status: —Path: C:WINDOWSsystem32smss.exe
PID: 632 Status: —Path: C:WINDOWSsystem32svchost.exe
PID: 656 Status: —Path: C:Program FilesLoviVkontakteVkontakteService.exe
PID: 684 Status: —Path: C:WINDOWSsystem32csrss.exe
PID: 688 Status: —Path: C:WINDOWSsystem32winlogon.exe
PID: 712 Status: —Path: C:WINDOWSsystem32services.exe
PID: 756 Status: —Path: C:WINDOWSsystem32lsass.exe
PID: 768 Status: —Path: C:WINDOWSsystem32svchost.exe
PID: 940 Status: —Path: C:Program FilesESETnod32krn.exe
PID: 956 Status: —Path: C:WINDOWSsystem32svchost.exe
PID: 1008 Status: —Path: C:WINDOWSsystem32nvsvc32.exe
PID: 1080 Status: —Path: C:WINDOWSsystem32svchost.exe
PID: 1132 Status: —Path: C:WINDOWSsystem32svchost.exe
PID: 1280 Status: —Path: C:WINDOWSsystem32svchost.exe
PID: 1284 Status: —Path: C:WINDOWSsystem32svchost.exe
PID: 1348 Status: —Path: C:WINDOWSsystem32spoolsv.exe
PID: 1616 Status: —Path: C:WINDOWSexplorer.exe
PID: 1804 Status: —Path: C:WINDOWSNOTEPAD.EXE
PID: 1876 Status: —Path: C:WINDOWSRTHDCPL.EXE
PID: 2016 Status: —Path: C:Program FilesVolumeControlvolume.exe
PID: 2024 Status: —Path: C:Program FilesESETnod32kui.exe
PID: 2040 Status: —Path: C:WINDOWSsystem32alg.exe
PID: 2416 Status: —Path: C:Program FilesInternet Exploreriexplore.exe
PID: 3272 Status: —Path: C:Program FilesWinRARWinRAR.exe
PID: 3916 Status: —Path: C:DOCUME~18E4B~1LOCALS~1TempRar$EX00.266RootRepeal.exe
PID: 3968 Status: —ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/04 11:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================SSDT
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked#: 001 Function Name: NtAccessCheck
Status: Not hooked#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked#: 003 Function Name: NtAccessCheckByType
Status: Not hooked#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked#: 008 Function Name: NtAddAtom
Status: Not hooked#: 009 Function Name: NtAddBootEntry
Status: Not hooked#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked#: 011 Function Name: NtAdjustPrivilegesToken
Status: Not hooked#: 012 Function Name: NtAlertResumeThread
Status: Not hooked#: 013 Function Name: NtAlertThread
Status: Not hooked#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked#: 016 Function Name: NtAllocateUuids
Status: Not hooked#: 017 Function Name: NtAllocateVirtualMemory
Status: Not hooked#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked#: 019 Function Name: NtAssignProcessToJobObject
Status: Not hooked#: 020 Function Name: NtCallbackReturn
Status: Not hooked#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked#: 022 Function Name: NtCancelIoFile
Status: Not hooked#: 023 Function Name: NtCancelTimer
Status: Not hooked#: 024 Function Name: NtClearEvent
Status: Not hooked#: 025 Function Name: NtClose
Status: Not hooked#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked#: 027 Function Name: NtCompactKeys
Status: Not hooked#: 028 Function Name: NtCompareTokens
Status: Not hooked#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked#: 030 Function Name: NtCompressKey
Status: Not hooked#: 031 Function Name: NtConnectPort
Status: Not hooked#: 032 Function Name: NtContinue
Status: Not hooked#: 033 Function Name: NtCreateDebugObject
Status: Not hooked#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked#: 035 Function Name: NtCreateEvent
Status: Not hooked#: 036 Function Name: NtCreateEventPair
Status: Not hooked#: 037 Function Name: NtCreateFile
Status: Not hooked#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked#: 039 Function Name: NtCreateJobObject
Status: Not hooked#: 040 Function Name: NtCreateJobSet
Status: Not hooked#: 041 Function Name: NtCreateKey
Status: Hooked by «sppg.sys» at address 0xba6aa0e0#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked#: 043 Function Name: NtCreateMutant
Status: Not hooked#: 044 Function Name: NtCreateNamedPipeFile
Status: Not hooked#: 045 Function Name: NtCreatePagingFile
Status: Not hooked#: 046 Function Name: NtCreatePort
Status: Not hooked#: 047 Function Name: NtCreateProcess
Status: Not hooked#: 048 Function Name: NtCreateProcessEx
Status: Not hooked#: 049 Function Name: NtCreateProfile
Status: Not hooked#: 050 Function Name: NtCreateSection
Status: Not hooked#: 051 Function Name: NtCreateSemaphore
Status: Not hooked#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked#: 053 Function Name: NtCreateThread
Status: Not hooked#: 054 Function Name: NtCreateTimer
Status: Not hooked#: 055 Function Name: NtCreateToken
Status: Not hooked#: 056 Function Name: NtCreateWaitablePort
Status: Not hooked#: 057 Function Name: NtDebugActiveProcess
Status: Not hooked#: 058 Function Name: NtDebugContinue
Status: Not hooked#: 059 Function Name: NtDelayExecution
Status: Not hooked#: 060 Function Name: NtDeleteAtom
Status: Not hooked#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked#: 062 Function Name: NtDeleteFile
Status: Not hooked#: 063 Function Name: NtDeleteKey
Status: Not hooked#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked#: 065 Function Name: NtDeleteValueKey
Status: Not hooked#: 066 Function Name: NtDeviceIoControlFile
Status: Not hooked#: 067 Function Name: NtDisplayString
Status: Not hooked#: 068 Function Name: NtDuplicateObject
Status: Not hooked#: 069 Function Name: NtDuplicateToken
Status: Not hooked#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked#: 071 Function Name: NtEnumerateKey
Status: Hooked by «sppg.sys» at address 0xba6c7ca2#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by «sppg.sys» at address 0xba6c8030#: 074 Function Name: NtExtendSection
Status: Not hooked#: 075 Function Name: NtFilterToken
Status: Not hooked#: 076 Function Name: NtFindAtom
Status: Not hooked#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked#: 079 Function Name: NtFlushKey
Status: Not hooked#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked#: 083 Function Name: NtFreeVirtualMemory
Status: Not hooked#: 084 Function Name: NtFsControlFile
Status: Not hooked#: 085 Function Name: NtGetContextThread
Status: Not hooked#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked#: 088 Function Name: NtGetWriteWatch
Status: Not hooked#: 089 Function Name: NtImpersonateAnonymousToken
Status: Not hooked#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked#: 091 Function Name: NtImpersonateThread
Status: Not hooked#: 092 Function Name: NtInitializeRegistry
Status: Not hooked#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked#: 094 Function Name: NtIsProcessInJob
Status: Not hooked#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked#: 096 Function Name: NtListenPort
Status: Not hooked#: 097 Function Name: NtLoadDriver
Status: Not hooked#: 098 Function Name: NtLoadKey
Status: Not hooked#: 099 Function Name: NtLoadKey2
Status: Not hooked#: 100 Function Name: NtLockFile
Status: Not hooked#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked#: 102 Function Name: NtLockRegistryKey
Status: Not hooked#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked#: 104 Function Name: NtMakePermanentObject
Status: Not hooked#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked#: 108 Function Name: NtMapViewOfSection
Status: Not hooked#: 109 Function Name: NtModifyBootEntry
Status: Not hooked#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked#: 111 Function Name: NtNotifyChangeKey
Status: Not hooked#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked#: 114 Function Name: NtOpenEvent
Status: Not hooked#: 115 Function Name: NtOpenEventPair
Status: Not hooked#: 116 Function Name: NtOpenFile
Status: Not hooked#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked#: 118 Function Name: NtOpenJobObject
Status: Not hooked#: 119 Function Name: NtOpenKey
Status: Hooked by «sppg.sys» at address 0xba6aa0c0#: 120 Function Name: NtOpenMutant
Status: Not hooked#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked#: 122 Function Name: NtOpenProcess
Status: Not hooked#: 123 Function Name: NtOpenProcessToken
Status: Not hooked#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked#: 125 Function Name: NtOpenSection
Status: Not hooked#: 126 Function Name: NtOpenSemaphore
Status: Not hooked#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked#: 128 Function Name: NtOpenThread
Status: Not hooked#: 129 Function Name: NtOpenThreadToken
Status: Not hooked#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked#: 131 Function Name: NtOpenTimer
Status: Not hooked#: 132 Function Name: NtPlugPlayControl
Status: Not hooked#: 133 Function Name: NtPowerInformation
Status: Not hooked#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked#: 137 Function Name: NtProtectVirtualMemory
Status: Not hooked#: 138 Function Name: NtPulseEvent
Status: Not hooked#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked#: 141 Function Name: NtQueryBootOptions
Status: Not hooked#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked#: 147 Function Name: NtQueryEaFile
Status: Not hooked#: 148 Function Name: NtQueryEvent
Status: Not hooked#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked#: 151 Function Name: NtQueryInformationFile
Status: Not hooked#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked#: 153 Function Name: NtQueryInformationPort
Status: Not hooked#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked#: 155 Function Name: NtQueryInformationThread
Status: Not hooked#: 156 Function Name: NtQueryInformationToken
Status: Not hooked#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked#: 160 Function Name: NtQueryKey
Status: Hooked by «sppg.sys» at address 0xba6c8108#: 161 Function Name: NtQueryMultipleValueKey
Status: Not hooked#: 162 Function Name: NtQueryMutant
Status: Not hooked#: 163 Function Name: NtQueryObject
Status: Not hooked#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked#: 167 Function Name: NtQuerySection
Status: Not hooked#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked#: 169 Function Name: NtQuerySemaphore
Status: Not hooked#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked#: 174 Function Name: NtQuerySystemTime
Status: Not hooked#: 175 Function Name: NtQueryTimer
Status: Not hooked#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked#: 177 Function Name: NtQueryValueKey
Status: Hooked by «sppg.sys» at address 0xba6c7f88#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked#: 180 Function Name: NtQueueApcThread
Status: Not hooked#: 181 Function Name: NtRaiseException
Status: Not hooked#: 182 Function Name: NtRaiseHardError
Status: Not hooked#: 183 Function Name: NtReadFile
Status: Not hooked#: 184 Function Name: NtReadFileScatter
Status: Not hooked#: 185 Function Name: NtReadRequestData
Status: Not hooked#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked#: 188 Function Name: NtReleaseMutant
Status: Not hooked#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked#: 192 Function Name: NtRenameKey
Status: Not hooked#: 193 Function Name: NtReplaceKey
Status: Not hooked#: 194 Function Name: NtReplyPort
Status: Not hooked#: 195 Function Name: NtReplyWaitReceivePort
Status: Not hooked#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked#: 199 Function Name: NtRequestPort
Status: Not hooked#: 200 Function Name: NtRequestWaitReplyPort
Status: Not hooked#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked#: 202 Function Name: NtResetEvent
Status: Not hooked#: 203 Function Name: NtResetWriteWatch
Status: Not hooked#: 204 Function Name: NtRestoreKey
Status: Not hooked#: 205 Function Name: NtResumeProcess
Status: Not hooked#: 206 Function Name: NtResumeThread
Status: Not hooked#: 207 Function Name: NtSaveKey
Status: Not hooked#: 208 Function Name: NtSaveKeyEx
Status: Not hooked#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked#: 210 Function Name: NtSecureConnectPort
Status: Not hooked#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked#: 212 Function Name: NtSetBootOptions
Status: Not hooked#: 213 Function Name: NtSetContextThread
Status: Not hooked#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked#: 218 Function Name: NtSetEaFile
Status: Not hooked#: 219 Function Name: NtSetEvent
Status: Not hooked#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked#: 221 Function Name: NtSetHighEventPair
Status: Not hooked#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked#: 224 Function Name: NtSetInformationFile
Status: Not hooked#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked#: 226 Function Name: NtSetInformationKey
Status: Not hooked#: 227 Function Name: NtSetInformationObject
Status: Not hooked#: 228 Function Name: NtSetInformationProcess
Status: Not hooked#: 229 Function Name: NtSetInformationThread
Status: Not hooked#: 230 Function Name: NtSetInformationToken
Status: Not hooked#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked#: 232 Function Name: NtSetIoCompletion
Status: Not hooked#: 233 Function Name: NtSetLdtEntries
Status: Not hooked#: 234 Function Name: NtSetLowEventPair
Status: Not hooked#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked#: 237 Function Name: NtSetSecurityObject
Status: Not hooked#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked#: 240 Function Name: NtSetSystemInformation
Status: Not hooked#: 241 Function Name: NtSetSystemPowerState
Status: Not hooked#: 242 Function Name: NtSetSystemTime
Status: Not hooked#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked#: 244 Function Name: NtSetTimer
Status: Not hooked#: 245 Function Name: NtSetTimerResolution
Status: Not hooked#: 246 Function Name: NtSetUuidSeed
Status: Not hooked#: 247 Function Name: NtSetValueKey
Status: Hooked by «sppg.sys» at address 0xba6c819a#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked#: 249 Function Name: NtShutdownSystem
Status: Not hooked#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked#: 251 Function Name: NtStartProfile
Status: Not hooked#: 252 Function Name: NtStopProfile
Status: Not hooked#: 253 Function Name: NtSuspendProcess
Status: Not hooked#: 254 Function Name: NtSuspendThread
Status: Not hooked#: 255 Function Name: NtSystemDebugControl
Status: Not hooked#: 256 Function Name: NtTerminateJobObject
Status: Not hooked#: 257 Function Name: NtTerminateProcess
Status: Not hooked#: 258 Function Name: NtTerminateThread
Status: Not hooked#: 259 Function Name: NtTestAlert
Status: Not hooked#: 260 Function Name: NtTraceEvent
Status: Not hooked#: 261 Function Name: NtTranslateFilePath
Status: Not hooked#: 262 Function Name: NtUnloadDriver
Status: Not hooked#: 263 Function Name: NtUnloadKey
Status: Not hooked#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked#: 265 Function Name: NtUnlockFile
Status: Not hooked#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked#: 267 Function Name: NtUnmapViewOfSection
Status: Not hooked#: 268 Function Name: NtVdmControl
Status: Not hooked#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked#: 274 Function Name: NtWriteFile
Status: Not hooked#: 275 Function Name: NtWriteFileGather
Status: Not hooked#: 276 Function Name: NtWriteRequestData
Status: Not hooked#: 277 Function Name: NtWriteVirtualMemory
Status: Not hooked#: 278 Function Name: NtYieldExecution
Status: Not hooked#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hookedROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/04 11:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================Stealth Objects
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89de51f8 Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x89de61f8 Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x89de61f8 Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89de61f8 Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89de61f8 Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x89de61f8 Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89de61f8 Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x89de61f8 Size: 121Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89d631f8 Size: 121Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89d631f8 Size: 121Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89d631f8 Size: 121Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89d631f8 Size: 121Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89d631f8 Size: 121Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89d631f8 Size: 121Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89d631f8 Size: 121Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89d631f8 Size: 121Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89d631f8 Size: 121Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89d631f8 Size: 121Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89d631f8 Size: 121Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89e561f8 Size: 121Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89e561f8 Size: 121Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89e561f8 Size: 121Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89e561f8 Size: 121Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89e561f8 Size: 121Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e561f8 Size: 121Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89e561f8 Size: 121Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89e561f8 Size: 121Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89e561f8 Size: 121Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89e561f8 Size: 121Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89e561f8 Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x89d841f8 Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x89d841f8 Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89d841f8 Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89d841f8 Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x89d841f8 Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89d841f8 Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x89d841f8 Size: 121Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89de71f8 Size: 121Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89de71f8 Size: 121Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89de71f8 Size: 121Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89de71f8 Size: 121Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89de71f8 Size: 121Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89de71f8 Size: 121Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89de71f8 Size: 121Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89de71f8 Size: 121Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89de71f8 Size: 121Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89de71f8 Size: 121Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89de71f8 Size: 121Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x896684d8 Size: 121Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x896684d8 Size: 121Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x896684d8 Size: 121Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x896684d8 Size: 121Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x896684d8 Size: 121Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x896684d8 Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x89d671f8 Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x89d671f8 Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89d671f8 Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89d671f8 Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x89d671f8 Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89d671f8 Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x89d671f8 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x89657500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_CREATE]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_CLOSE]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_READ]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_CLEANUP]
Process: System Address: 0x89635500 Size: 121Object: Hidden Code [Driver: CdfsЅఆ䵃᩠ተ䀀䀀, IRP_MJ_PNP]
Process: System Address: 0x89635500 Size: 121ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/04 11:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================Hidden Services
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
RSIT лог:
RSIT лог:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Родители at 2009-11-04 11:01:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (8%) free of 31 GB
Total RAM: 2047 MB (78% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:10, on 04.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21115)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSnotepad.exe
C:WINDOWSRTHDCPL.EXE
C:program filesVolumeControlvolume.exe
C:Program FilesEsetnod32kui.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesMail.RuAgentMAgent.exe
D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrotray.exe
C:Program FilesPunto Switcherps.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLoviVkontakteVkontakteService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsРодителиРабочий столRSIT.exe
C:Program FilesTrend MicroHijackThisРодители.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = vkontakte.ru;www.vkontakte.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O1 — Hosts: 88.198.72.190 css.yandex.net #AdwMtam_MicroSoft
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Adobe PDF Conversion Toolbar Helper — {AE7CD045-E861-484f-8273-0445EE161910} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O2 — BHO: SmartSelect — {F4971EE7-DAA0-4053-9964-665D8EE6A077} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Adobe PDF — {47833539-D0C5-4125-9FA8-0819E2EAAC93} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [VolumeControl] C:program filesVolumeControlvolume.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [LoviVkontakte] C:Program FilesLoviVkontaktelovivkontakte.exe
O4 — HKLM..Run: [Adobe Acrobat Speed Launcher] «D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrobat_sl.exe»
O4 — HKLM..Run: [Acrobat Assistant 8.0] «D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrotray.exe»
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Windows Workstation] C:DOCUME~18E4B~1LOCALS~1Tempscvhost.exe
O4 — HKUSS-1-5-19..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 — Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Append Link Target to Existing PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 — Extra context menu item: Append to Existing PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert Link Target to Adobe PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 — Extra context menu item: Convert to Adobe PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Найти в интернете — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — Cmdmapping — (no file) (HKCU)
O16 — DPF: {2D4C57AA-54C0-4942-BB2A-51DF0727950B} (ImResize Class) — http://www.openkremlin.ru/cab/ImResCtl.cab
O20 — AppInit_DLLs: C:WINDOWSsystem32vksaver.dll acaptuser32.dll
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: LoviVkontake Service (LoviVkontakteService) — Zeyfman Genady — C:Program FilesLoviVkontakteVkontakteService.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9795 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2009-02-27 61816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-01 665800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll [2009-02-27 349576][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll [2009-02-27 349576][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-01 665800]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} — Adobe PDF — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll [2009-02-27 349576][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-07-13 8466432]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-07-13 81920]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-11-06 16855552]
«VolumeControl»=C:program filesVolumeControlvolume.exe [2003-09-15 36864]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2008-04-15 949376]
«HP Software Update»=C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2007-03-11 49152]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-10-01 4417016]
«LoviVkontakte»=C:Program FilesLoviVkontaktelovivkontakte.exe [2009-09-14 728576]
«Adobe Acrobat Speed Launcher»=D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrobat_sl.exe [2009-02-27 38768]
«»= []
«Acrobat Assistant 8.0″=D:Adobe Acrobat 9 Pro Extended RusAcrobatAcrotray.exe [2009-02-27 640376]
«Malwarebytes Anti-Malware (reboot)»=C:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2007-01-25 201728]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2007-07-02 132608]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2007-12-22 30208]
«Windows Workstation»=C:DOCUME~18E4B~1LOCALS~1Tempscvhost.exe []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
HP Digital Imaging Monitor.lnk — C:Program FilesHPDigital Imagingbinhpqtra08.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:WINDOWSsystem32vksaver.dll acaptuser32.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2004-08-18 239616][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDrives»=0
«NoDriveAutoRun»=FFFFFFFF
«NoDriveTypeAutoRun»=36[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=
«NoDrives»=
«NoDriveAutoRun»=
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4965638d-0bdf-11de-aca3-001a4df2dae2}]
shellAutoRuncommand — G:USBNB.exe======List of files/folders created in the last 1 months======
2009-11-04 09:52:17 —-D—- C:_OTM
2009-11-04 09:20:16 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-11-04 09:20:10 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-11-04 09:20:03 —-HDC—- C:WINDOWS$NtUninstallKB959426$
2009-11-04 09:19:55 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-11-04 09:19:48 —-HDC—- C:WINDOWS$NtUninstallKB960859$
2009-11-04 09:19:43 —-HDC—- C:WINDOWS$NtUninstallKB958869$
2009-11-04 09:19:28 —-HDC—- C:WINDOWS$NtUninstallKB954155_WM9$
2009-11-04 09:18:45 —-HDC—- C:WINDOWS$NtUninstallKB969059$
2009-11-04 09:18:27 —-HDC—- C:WINDOWS$NtUninstallKB961371-v2$
2009-11-04 09:18:19 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-11-04 09:17:59 —-HDC—- C:WINDOWS$NtUninstallKB971657$
2009-11-04 09:17:51 —-HDC—- C:WINDOWS$NtUninstallKB971557$
2009-11-04 09:17:37 —-D—- C:WINDOWSServicePackFiles
2009-11-04 09:17:35 —-HDC—- C:WINDOWS$NtUninstallKB956744$
2009-11-04 09:17:28 —-HDC—- C:WINDOWS$NtUninstallKB974112$
2009-11-04 09:17:17 —-HDC—- C:WINDOWS$NtUninstallKB956572$
2009-11-04 09:16:37 —-HDC—- C:WINDOWS$NtUninstallKB956844$
2009-11-04 09:16:20 —-HDC—- C:WINDOWS$NtUninstallKB961501$
2009-11-04 09:16:05 —-D—- C:Program FilesMSXML 6.0
2009-11-04 09:15:32 —-HDC—- C:WINDOWS$NtUninstallKB968816_WM9$
2009-11-04 09:15:26 —-HDC—- C:WINDOWS$NtUninstallKB971633$
2009-11-04 09:15:20 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-11-04 09:15:14 —-HDC—- C:WINDOWS$NtUninstallKB973869$
2009-11-04 09:15:07 —-HDC—- C:WINDOWS$NtUninstallKB975025$
2009-11-04 09:14:42 —-D—- C:WINDOWSie7updates
2009-11-04 09:14:29 —-HDC—- C:WINDOWS$NtUninstallKB973540_WM9L$
2009-11-04 09:14:20 —-HDC—- C:WINDOWS$NtUninstallKB952004$
2009-11-04 09:14:11 —-HDC—- C:WINDOWS$NtUninstallKB974571$
2009-11-04 09:14:05 —-HDC—- C:WINDOWS$NtUninstallKB973507$
2009-11-04 09:13:58 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-11-04 09:13:50 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-11-04 09:13:43 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-11-04 09:13:36 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2009-11-04 09:13:28 —-HDC—- C:WINDOWS$NtUninstallKB973354$
2009-11-04 09:13:14 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-11-04 02:15:12 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2009-11-04 02:14:14 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-11-04 02:14:07 —-HDC—- C:WINDOWS$NtUninstallKB970238$
2009-11-04 02:14:00 —-HDC—- C:WINDOWS$NtUninstallKB960803$
2009-11-04 02:13:54 —-HDC—- C:WINDOWS$NtUninstallKB973815$
2009-11-04 02:13:48 —-HDC—- C:WINDOWS$NtUninstallKB968537$
2009-11-04 02:13:39 —-HDC—- C:WINDOWS$NtUninstallKB971032$
2009-11-04 02:13:23 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-11-04 02:13:18 —-D—- C:Program FilesMSXML 4.0
2009-11-04 02:13:12 —-HDC—- C:WINDOWS$NtUninstallKB975467$
2009-11-04 02:13:00 —-HDC—- C:WINDOWS$NtUninstallKB968389$
2009-11-03 21:02:27 —-HDC—- C:WINDOWS$NtUninstallKB971486$
2009-11-03 21:01:56 —-HDC—- C:WINDOWS$NtUninstallKB973525$
2009-11-03 21:01:28 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-11-03 21:00:56 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-10-31 12:55:27 —-HDC—- C:WINDOWS$NtUninstallKB954154_WM11$
2009-10-31 12:54:55 —-HDC—- C:WINDOWS$NtUninstallKB923561$
2009-10-31 12:54:22 —-HDC—- C:WINDOWS$NtUninstallKB971961$
2009-10-31 12:53:46 —-HDC—- C:WINDOWS$NtUninstallKB970653-v3$
2009-10-25 19:04:19 —-HD—- C:WINDOWS$hf_mig$
2009-10-25 19:01:08 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-10-25 19:01:08 —-A—- C:WINDOWSsystem32mucltui.dll
2009-10-25 19:01:01 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-10-15 20:40:23 —-D—- C:Documents and SettingsAll UsersApplication DataFLEXnet
2009-10-15 20:29:44 —-RA—- C:WINDOWSsystem32AdobePDFUI.dll
2009-10-15 20:29:44 —-A—- C:WINDOWSsystem32AdobePDF.dll
2009-10-15 20:11:34 —-D—- C:Program FilesCommon FilesMacrovision Shared======List of files/folders modified in the last 1 months======
2009-11-04 10:30:43 —-D—- C:WINDOWSsystem32drivers
2009-11-04 10:19:45 —-D—- C:WINDOWStemp
2009-11-04 10:14:17 —-D—- C:WINDOWSsystem32
2009-11-04 10:14:17 —-D—- C:WINDOWS
2009-11-04 09:32:15 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-11-04 09:27:11 —-D—- C:WINDOWSsystem32wbem
2009-11-04 09:25:50 —-A—- C:WINDOWSSchedLgU.Txt
2009-11-04 09:20:27 —-HD—- C:Config.Msi
2009-11-04 09:20:26 —-SHD—- C:WINDOWSInstaller
2009-11-04 09:20:18 —-HD—- C:WINDOWSinf
2009-11-04 09:20:17 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-11-04 09:20:13 —-A—- C:WINDOWSimsins.BAK
2009-11-04 09:19:43 —-D—- C:WINDOWSWinSxS
2009-11-04 09:19:18 —-A—- C:WINDOWSwin.ini
2009-11-04 09:18:46 —-D—- C:WINDOWSsystem32CatRoot2
2009-11-04 09:17:37 —-D—- C:WINDOWSsystem32ru-ru
2009-11-04 09:16:53 —-D—- C:WINDOWSsystem32Restore
2009-11-04 09:16:05 —-RD—- C:Program Files
2009-11-04 09:16:00 —-RSD—- C:WINDOWSassembly
2009-11-04 09:14:59 —-D—- C:Program FilesInternet Explorer
2009-11-04 09:13:31 —-D—- C:Program FilesOutlook Express
2009-11-04 09:10:53 —-D—- C:WINDOWSsystem32Setup
2009-11-04 01:45:36 —-D—- C:Documents and SettingsРодителиApplication DataMra
2009-11-01 14:53:28 —-D—- C:WINDOWSsystem32CatRoot
2009-10-31 13:40:40 —-D—- C:WINDOWSAppPatch
2009-10-25 19:01:02 —-D—- C:WINDOWSSoftwareDistribution
2009-10-25 19:01:01 —-D—- C:WINDOWSHelp
2009-10-24 18:23:07 —-RSHD—- C:RESTORE
2009-10-24 17:55:51 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-10-15 20:30:02 —-D—- C:Program FilesCommon FilesAdobe
2009-10-15 20:30:01 —-D—- C:Documents and SettingsРодителиApplication DataAdobe
2009-10-15 20:29:59 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-10-15 20:27:08 —-RSD—- C:WINDOWSFonts
2009-10-15 20:18:04 —-D—- C:Program FilesAdobe
2009-10-15 20:11:34 —-D—- C:Program FilesCommon Files======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2007-12-22 40448]
R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2008-04-15 15424]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2008-04-15 512096]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-11-14 4625408]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-07-13 6807744]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-10-24 103296]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2007-12-22 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2007-12-22 59392]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2007-12-22 20608]
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 tdi_client.dll;tdi_client.dll; ??C:WINDOWSsystem32tdi_client.dll []
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2007-12-21 31616]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2007-12-21 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2007-12-21 26496]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:WINDOWSsystem32DRIVERSw200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSw200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSw200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSw200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSw200obex.sys [2006-11-07 86368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 hpqddsvc;Служба HP CUE DeviceDiscovery; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
R2 LoviVkontakteService;LoviVkontake Service; C:Program FilesLoviVkontakteVkontakteService.exe [2009-09-14 476672]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2008-04-15 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-07-13 155716]
R3 hpqcxs08;hpqcxs08; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-10-15 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
EOF
- Темы:532
- Сообщений:1553
- ☆☆☆☆☆
Все это время работает нормально.
Несколько завершающих действий.
1. Обновите ваши программы.
Зайдите на сайт update.microsoft.com и проверьте наличие обновлений для Windows.2. Удалите все программы, которые вы использовали в процессе лечения, в случае необходимости, вы всегда сможете скачать их заново. Удаление их необходимо по-причине того, что они содержат компоненты, которые вирусы и трояны могут использовать в плохих целях.
Запустите программу OTM. Кликните по кнопке CleanUp. Если появится запрос на перезагрузку компьютера, то кликните Да/Yes.
Удалите RSIT и другие скачанные вами сканеры и небольшие утилиты, а так же все файлы и каталоги который были созданы в процессе лечения компьютера.Оставьте программу Malwarebytes Anti-malware. Обновляйте эту программу время от времени, и выполняйте полное сканирование компьютера раз в неделю.
3. Подойдите к защите вашего компьютера более серьёзно.
Большинство троянов и вирусов разработаны для поражения Internet Explorer`а, поэтому рекомендую и использовать только Оперу или Firefox.
4. Создайте новую точку восстановления.
Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
5. И несколько дополнительных советов.
Запустите ваш антивирус и проверьте состояние автоматической защиты. Включите, если она выключена.
Не забывайте обновлять Windows, ваши программы и особенно ваш антивирус.
Не посещайте незнакомые сайты, очень внимательно относитесь к файлам скаченным с Интернета.
Всего доброго!
- Для ответа в этой теме необходимо авторизоваться.
