- This topic has 10 ответов, 2 участника, and was last updated 15 years, 9 months назад by
.
-
Сообщения
-
Доброго времени суток!
Уже больше месяца наблюдается такая картина: через некоторое время после запуска компьютера один из процессов (любой, но чаще всего explorer.exe) начинает перегружать процессор. Если процесс «убить», то через пару секунд то же самое делает какой-нибудь другой процесс, и так далее. Если выйти из системы и зайти вновь, глюк пропадает, но через какое-то время может появиться вновь. А может и не появиться.
При этом подвисающие процессы не дают выйти из ситсемы, пока не открючишь какой-нибудь «жизненно важный» подвисший процесс.
Если зависший процесс приостановить, нагрузка снижается и компьютер продолжает работать нормально, а процесс зависает насовсем. Но стоит только отключить его, тут же зависает другой.
А нтивирусы, как всегда, молчат; в ходе борьбы с напастью были предприняты различные твики системы и удалены различные трояны, но проблема осталась.
Прошу, помогите. Надоело плясать с бубном!Логи прилагаю
info.txt logfile of random’s system information tool 1.05 2009-10-13 16:04:59======Uninstall list======
—>C:Program FilesNero 7\nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSNuNInst.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
3D Shadow by Lokas Software—>C:WINDOWSAWuninstall.exe SoftwareLokas Ltd3D Shadow
3DVIA player 5.0—>MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
7-Zip 4.29 beta—>»C:Program Files7-ZipUninstall.exe»
Ableton Live v6.0.7—>»C:Program FilesAbletonLive 6.0.7unins000.exe»
Acoustica Effects Pack—>C:PROGRA~1ACOUST~2UNWISE.EXE C:PROGRA~1ACOUST~2INSTALL.LOG
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>C:Program FilesCommon FilesAdobeInstallers3e054d2218e7aa282c2369d939e58ffSetup.exe
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player 9 ActiveX—>C:WINDOWSsystem32MacromedFlashUninstFl.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 7.0.5 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70500000002}
Adobe Setup—>MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agnitum Outpost Firewall Pro—>d:Program FilesAgnitumOutpost Firewalluninst.exe
Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applied Accoustics String Studio VS 1 VST DX v1.0—>C:PROGRA~1VSTPLU~1STRING~1.0UNWISE.EXE C:PROGRA~1VSTPLU~1STRING~1.0INSTALL.LOG
AV Bros. Colorist 1.0 (Remove Only)—>C:WINDOWSAVUNTOOL.EXE Colorist
AV Bros. Page Curl Pro 2.2 (Remove Only)—>C:Program FilesAdobeAdobe Photoshop CS3Plug-InsAV Bros Page Curl Pro 2.2AVUninstall.exe
avast! Antivirus—>rundll32 C:PROGRA~1Avast4Setupsetiface.dll,RunSetup
Axessh—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EFFE2145-FFD7-41B5-A00F-D5651C2CE568}SETUP.exe» -l0x9 -uninst -removeonly
BadCopy Pro—>C:PROGRA~1JufsoftBadCopyUNWISE.EXE C:PROGRA~1JufsoftBadCopyINSTALL.LOG
Bluetooth Stack for Windows—>MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broomstick Bass 1.0.0—>»D:Broomstickuninstall-bb.exe»
CAMagic Mobile for Bluetooth—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A047546B-1FC0-42AB-972E-EC689D9CF08D}setup.exe» -l0x19
Camtasia Studio 5—>MsiExec.exe /I{784E6B0F-00EC-4950-95A2-BBA64F44EC48}
Color Efex Pro 3.0 Complete—>C:Program FilesAdobeAdobe Photoshop CS3Plug-InsNik SoftwareColor Efex Pro 3.0 Completeuninstall.exe
Cool Edit Pro 2.0—>C:Program Filescoolpro2cep2unin.exe
Deckadance—>C:Program FilesVstPluginsDeckadanceuninstall.exe
Dr.Web anti-virus for Windows 5.0—>MsiExec.exe /I{2BD3661D-1384-4EF4-9E5C-DFDB8EE6E3EA}
DropMyRights—>MsiExec.exe /I{E5B72007-07C9-4E67-B29E-696073F45704}
DVB Dream version 1.4d (updated)—>»C:Program Filesdvbdreamunins000.exe»
DVS Guitar v1.04—>»C:Program FilesVstPluginsDVS Guitarunins000.exe»
Edirol HQ Orchestral VSTi v1.03—>C:PROGRA~1EDIROLORCHES~1.03UNWISE.EXE C:PROGRA~1EDIROLORCHES~1.03INSTALL.LOG
eJay DJMixStation — Deinstallation—>C:eJayDJMixStationdeinstal.exe
Elevayta Extra Boy v4.91d VST—>D:PROGRA~1ELEVAY~1EXTRAB~1UNWISE.EXE D:PROGRA~1ELEVAY~1EXTRAB~1INSTALL.LOG
FL Studio 8—>C:Program FilesFL Studio 8uninstall.exe
Foxit PDF Reader 1.3 build 0708—>»C:Program FilesFoxit PDF Readerunins000.exe»
FX Freeze—>»C:Program FilesVstPluginsfreezeUninstall.exe» «C:Program FilesVstPluginsfreezeinstall.log»
GlobaX—>C:Program FilesGlobaXuninstall.exe
GoldWave v5.07—>»C:Program FilesGoldWaveunstall.exe» «GoldWave v5.07» «C:Program FilesGoldWaveunstall.log»
GPRS Explorer—>C:Program FilesBeelineGPRS Exploreruninstall.exe
Haali Reader CE 2.0 (remove only)—>»C:Program FilesHaaliHaali Reader CEuninstall.exe»
High Definition Audio — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
HijackThis 2.0.2—>»C:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
Hotfix for Windows XP (KB909394)—>»C:WINDOWS$NtUninstallKB909394$spuninstspuninst.exe»
HTTP Analyzer Std V3.3.3—>»d:Program FilesIEInspectorHTTPAnalyzerStdV3unins000.exe»
IETester v0.2.2 (remove only)—>»C:Program FilesIETesteruninstall.exe»
IL Download Manager—>C:Program FilesImage-LineDownloaderuninstall.exe
IL Gross Beat—>d:IL Gross Beatuninstall.exe
Image Trends’ ShineOff Plug-In 1.0.2—>MsiExec.exe /I{022B0C16-18C9-464A-8BC6-2B2CC6342E5F}
Internet Explorer Developer Toolbar—>MsiExec.exe /I{E7081891-BC7F-43F9-9CE6-B5DD2F497156}
IrfanView (remove only)—>C:Program FilesIrfanViewiv_uninstall.exe
iZotope Ozone 3—>»C:Program FilesVstPluginsOzone 3unins000.exe»
iZotope Spectron—>»C:Program FilesVstPluginsSpectronunins000.exe»
Java(TM) SE Runtime Environment 6 Update 1—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
jv16 PowerTools 2005—>»C:Program Filesjv16 PowerToolsunins000.exe»
Keyboard Driver—>C:Program FilesInstallShield Installation Information{DFCDD1CE-6D49-49B8-BFB7-93391D22776B}setup.exe -runfromtemp -l0x0409
K-Lite Mega Codec Pack 2.1.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
KPT(R) effects(TM)—>C:WINDOWSIsUninst.exe -f»c:program filesadobeadobe photoshop cs3plug-insfiltersKPT effectsKPTUnins.isu»
L&H TTS3000 British English—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSENG.inf, Uninstall
Linplug Albino v2.1—>C:PROGRA~1VSTPLU~1ALBINO~1ALBINO~1UNWISE.EXE C:PROGRA~1VSTPLU~1ALBINO~1ALBINO~1INSTALL.LOG
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Melodyne 3.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}setup.exe» -l0x9 -removeonly
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft .NET Framework 3.0—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{0A942F60-4ED2-4E1E-ACA8-33586BB77497}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)—>MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola Driver Installation—>MsiExec.exe /I{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}
Mozilla Firefox (3.0.5)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 Parser and SDK—>MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser—>MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MusicLab RealGuitar 2.0—>»C:Program FilesMusicLabRealGuitar2Uninstall.exe» «C:Program FilesMusicLabRealGuitar2install.log»
MySQL Workbench 5.2 OSS—>MsiExec.exe /I{D86A951F-10B4-41EA-9924-0B73A17BE89B}
Native Instruments Absynth 2—>C:PROGRA~1NATIVE~1ABSYNT~1UNINST~1UNWISE.EXE C:PROGRA~1NATIVE~1ABSYNT~1UNINST~1INSTALL.LOG
Native Instruments Kontakt 2—>C:PROGRA~1NATIVE~1KONTAK~1UNWISE.EXE C:PROGRA~1NATIVE~1KONTAK~1INSTALL.LOG
Native Instruments Traktor DJ Studio v2.6.1.022—>C:PROGRA~1NATIVE~1TRAKTO~1UNWISE.EXE C:PROGRA~1NATIVE~1TRAKTO~1INSTALL.LOG
NeonHTML 4.3—>D:Program FilesNeonHTML 4.3Installer.exe uninstall
Nero 7 Premium—>MsiExec.exe /I{400348D1-032F-4717-A840-D52F975C1049}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetSetMan 2.6.1—>»d:Program FilesNetSetManunins000.exe»
NI Service Center—>C:PROGRA~1NATIVE~1NISERV~1UNWISE.EXE C:PROGRA~1NATIVE~1NISERV~1INSTALL.LOG
Noiseware Professional Plug-in—>MsiExec.exe /I{7C515D87-2DCD-422B-B993-3FE8A71B3DDB}
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
OLYMPUS Master 2—>MsiExec.exe /X{CBC85F2E-1981-4C55-9418-908D08D2C6E8}
OLYMPUS muvee theaterPack—>MsiExec.exe /X{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}
Omicom IP Service 2.0.0.5—>»C:Program FilesOmicom IP Serviceunins000.exe»
Omicom SkyStar 4 DVB-S/S2 1.0.2.1—>»C:WINDOWSunins000.exe»
Opera 10.00—>MsiExec.exe /X{FC66E05E-8D39-47A6-8D07-759F33727EB0}
Opera 9.20—>MsiExec.exe /X{FC0C72DD-A491-43FF-B377-67273E4D94D7}
Opera-8—>C:PROGRA~1Opera-8uninstunwise.exe C:PROGRA~1Opera-8uninstinstall.log
OrangeVocoder v2.0-OxYGeN—>C:WINDOWSvocoderUNWISE.EXE C:WINDOWSvocoderINSTALL.LOG
Paint.NET v3.0—>MsiExec.exe /X{267AB309-8021-4CAE-9698-D9A0BEEF7FBA}
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photomatix Pro version 2.5.4—>»C:Program FilesPhotomatixunins000.exe»
PlaySexGame—>MsiExec.exe /I{0FF217E6-0896-4569-B703-1FC3FA6D21ED}
PoiZone—>C:Program FilesImage-LinePoiZoneuninstall.exe
Portraiture Plug-in—>MsiExec.exe /I{8F378798-88D8-4FA1-AB74-F035542133A6}
Positive Technologies Startup Monitor—>»d:Program FilesPositive TechnologiesStartup MonitorUninstall.exe» «d:Program FilesPositive TechnologiesStartup Monitorinstall.log»
PowerISO—>»C:Program FilesPowerISOuninstall.exe»
Preset Viewer DEMO—>MsiExec.exe /I{19C6524F-9266-4D26-AF7E-428CFD016C06}
Prevx 3.0—>»C:Program FilesPrevxprevx.exe» /prop UNINSTALL=Y
ProgDVB—>C:Program FilesProgDVBuninstall.exe
PROSONIQ Timefactory II—>C:WINDOWSuninst.exe -f»C:Program FilesPROSONIQ PRODUCTS SOFTWAREPROSONIQ Timefactory IIDeIsL1.isu» -c»C:Program FilesPROSONIQ PRODUCTS SOFTWAREPROSONIQ Timefactory II_ISREG32.DLL»
PROWiSe Manager 1.8—>»%SystemRoot%system32mshta.exe» «res://C:Program FilesDMoNsoftPROWiSePROWiSe.exe/uninstall.hta»
QIP Infium 2.0.9024 RC4—>»C:Program FilesQIP Infiumunins000.exe»
RealStrat 1.0—>»C:Program FilesVstPluginsrealstratUninstall.exe» «C:Program FilesVstPluginsrealstratinstall.log» -u
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}setup.exe» -l0x19 -removeonly
ReGet Deluxe 4.1—>C:Program FilesReGetDxregetdx.exe -uninstall
ReValver Mk II—>»C:Program FilesAlien ConnectionsReValver Mk IIunins000.exe»
rgc:audio sfz VSTi v1.96—>»C:Program FilesVstPluginsunins002.exe»
rgc:audio z3ta+ VSTi v1.00—>»C:Program FilesVstPluginsunins000.exe»
Rob Papen Albino 3—>C:Program FilesVstPluginsUninstalAlbino3.exe
Rob Papen Blue VSTi v1.01 —>C:PROGRA~1VSTPLU~1\BlueUNWISE.EXE C:PROGRA~1VSTPLU~1\BlueINSTALL.LOG
Rob Papen Predator V1.1.1—>»C:Program FilesVstPluginsunins001.exe»
Safari—>MsiExec.exe /X{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Sample Modeling The Trumpet—>D:PROGRA~1THETRU~1UNWISE.EXE D:PROGRA~1THETRU~1INSTALL.LOG
Sexy Dreams—>»C:Program FilesSexy Dreamsunins000.exe»
Shinycore Path Styler Pro 1.5 for Photoshop—>C:Program FilesAdobeAdobe Photoshop CS3Plug-InsPath Styler Pro PSUninstall.exe
sitemap reader—>»d:Program FilesSitemapunins000.exe»
Sony ACID Pro 6.0—>MsiExec.exe /X{87DABCF7-2C38-4996-8FBE-053CA6536168}
Sony Media Manager 2.2—>MsiExec.exe /X{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}
Spybot — Search & Destroy—>»C:Program FilesSpybot — Search & Destroyunins000.exe»
STV Tools 2.0—>C:Program FilesSTVuninst.exe
SUPER © Version 2009.bld.36 (June 10, 2009)—>D:PROGRA~1ERIGHT~1SUPERSetup.exe /remove /q0
Swiff Player 1.1—>»C:Program FilesSwiff Playerunins000.exe»
Syncrosoft License Control—>C:PROGRA~1SYNCRO~1UNWISE.EXE C:PROGRA~1SYNCRO~1INSTALL.LOG
Synful Orchestra v2.31—>C:PROGRA~1VSTPLU~1ORCHES~1INSTAL~1UNWISE.EXE C:PROGRA~1VSTPLU~1ORCHES~1INSTAL~1INSTALL.LOG
Tau Bassline Mk2 VSTi 1.0—>C:WINDOWSiun6002.exe «C:Program FilesVstPluginsirunin.ini»
thriXXX Hentai3D2-052.003—>»D:Program FilesthriXXXHentai 3D 2 — Cry of PleasureBinariesUninstall-Hentai3D2-CryofPleasure-052.003.exe»
Total Commander (Remove or Repair)—>C:Program Filestotalcmdtcuninst.exe
Toxic Biohazard—>C:Program FilesImage-LineToxic Biohazarduninstall.exe
T-RackS 1.x—>C:Program FilesInstallShield Installation Information{37BCCAE2-A3AD-4E03-B4FD-A1BE1FE6365A}setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Unlocker 1.8.7—>d:Program FilesUnlockeruninst.exe
USB-модем «Билайн»—>»C:Program FilesInstallShield Installation Information{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}setup.exe» -runfromtemp -l0x0019 -removeonly
VDOTool 4.7—>»C:Program FilesVDOToolunins000.exe»
Vertus Fluid Mask 3 3.0.8—>»C:Program FilesAdobeAdobe Photoshop CS3Plug-InsUninstall.exe»
Waves Restoration 3.5—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EABACFC4-1CB1-438E-A418-0A3B21CD30D3}Setup.exe» -l0x9
webmedia 9.0—>»C:Program Fileswebmediaunins000.exe»
Winamp—>»C:Program FilesWinampUninstWA.exe»
WinBinder version 0.46.0—>»C:Program FilesWinBinderuninstallunins000.exe»
Windows Communication Foundation—>MsiExec.exe /X{418D87C0-D8F8-4967-BC37-DE52EAC070E7}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Presentation Foundation—>MsiExec.exe /X{5526CB1D-7CE4-40AB-8E52-9783D7C831B5}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0—>»C:WINDOWS$NtUninstallXpsEPSC$spuninstspuninst.exe»
xp-AntiSpy 3.97-3—>C:Program Filesxp-AntiSpyUninstall.exe
XSpider 7.7 Demo—>»d:Program FilesPositive TechnologiesXSpider 7.7 DemoUninstall.exe» «d:Program FilesPositive TechnologiesXSpider 7.7 Demoinstall.log»
Zero-G Afrolatin Slam—>C:PROGRA~1Zero-GAFROLA~1UNWISE.EXE C:PROGRA~1Zero-GAFROLA~1INSTALL.LOG
Zero-X BeatCreator—>C:WINDOWSUzerox_bc.EXE /A C:WINDOWSUzerox_bc.LOG «Zero-X BeatCreator Uninstall»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Карта звездного неба 1.3—>C:PROGRA~1STARFI~1Setup.exe /remove /q0
многопользовательское расширение АСТЕР—>MsiExec.exe /I{5971FA39-5EC8-4405-8B60-981171532CBF}
Подарки из Сказки. Новогоднее подарочное издание—>C:Program FilesAlawarПодарки из Сказки. Новогоднее подарочное изданиеUninstall.exe
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Раздень Таню 1.0—>»C:Program Filestniaunins000.exe»
СТВ-Кабинет Онлайн—>C:Program FilesСТВ-ИнтернетUninstall.exe=====HijackThis Backups=====
O17 — HKLMSystemCCSServicesTcpip..{B216CC19-A6C0-43CC-937E-B20DC7AA480E}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{B216CC19-A6C0-43CC-937E-B20DC7AA480E}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{6BAA8EC6-E664-4FFD-B28F-A7F618AC4433}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{B216CC19-A6C0-43CC-937E-B20DC7AA480E}: NameServer = 85.255.114.68;85.255.112.150
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{B216CC19-A6C0-43CC-937E-B20DC7AA480E}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{B216CC19-A6C0-43CC-937E-B20DC7AA480E}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O20 — AppInit_DLLs: C:PROGRA~1AgnitumOUTPOS~1wl_hook.dll
O20 — Winlogon Notify: mute32 — C:WINDOWSSYSTEM32mute32.dll
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{B216CC19-A6C0-43CC-937E-B20DC7AA480E}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O3 — Toolbar: (no name) — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — (no file)
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{B216CC19-A6C0-43CC-937E-B20DC7AA480E}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{B216CC19-A6C0-43CC-937E-B20DC7AA480E}: NameServer = 10.52.129.36 10.52.129.37
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{B216CC19-A6C0-43CC-937E-B20DC7AA480E}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{B216CC19-A6C0-43CC-937E-B20DC7AA480E}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{B216CC19-A6C0-43CC-937E-B20DC7AA480E}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{A01ED402-817E-448D-ACC8-D4D9F9FC9DF6}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{92600C54-4462-4A65-A85C-7F87E490A216}: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.114.68;85.255.112.150
O17 — HKLMSystemCCSServicesTcpip..{6BAA8EC6-E664-4FFD-B28F-A7F618AC4433}: NameServer = 85.255.114.68;85.255.112.150
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sexydoll.ru/Securitycenter WMI appears to be broken
System event log
Computer Name: КОМПЬЮТЕР
Event Code: 7001
Message: Служба «Обозреватель компьютеров» является зависимой от службы «Сервер», которую не удалось запустить из-за ошибки
Указанная служба не может быть запущена, поскольку она отключена или все связанные с ней устройства отключены.Record Number: 44676
Source Name: Service Control Manager
Time Written: 20090921201718.000000+240
Event Type: ошибка
User:Computer Name: КОМПЬЮТЕР
Event Code: 6005
Message: Запущена служба журнала событий.Record Number: 44675
Source Name: EventLog
Time Written: 20090921201600.000000+240
Event Type: информация
User:Computer Name: КОМПЬЮТЕР
Event Code: 6009
Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.Record Number: 44674
Source Name: EventLog
Time Written: 20090921201600.000000+240
Event Type: информация
User:Computer Name: КОМПЬЮТЕР
Event Code: 6006
Message: Служба журнала событий остановлена.Record Number: 44673
Source Name: EventLog
Time Written: 20090921184314.000000+240
Event Type: информация
User:Computer Name: КОМПЬЮТЕР
Event Code: 26
Message: Всплывающее окно приложения: Windows : Данный компьютер используется другими пользователями. Завершение работы Windows может привести к потере данных.Продолжить завершение работы?
Record Number: 44672
Source Name: Application Popup
Time Written: 20090921183854.000000+240
Event Type: информация
User:Application event log
Computer Name: КОМПЬЮТЕР
Event Code: 1
Message:
Record Number: 15235
Source Name: nview_info
Time Written: 20090924105420.000000+240
Event Type: ошибка
User:Computer Name: КОМПЬЮТЕР
Event Code: 1
Message:
Record Number: 15234
Source Name: nview_info
Time Written: 20090924105420.000000+240
Event Type: ошибка
User:Computer Name: КОМПЬЮТЕР
Event Code: 1
Message:
Record Number: 15233
Source Name: nview_info
Time Written: 20090924105420.000000+240
Event Type: ошибка
User:Computer Name: КОМПЬЮТЕР
Event Code: 1
Message:
Record Number: 15232
Source Name: nview_info
Time Written: 20090924105420.000000+240
Event Type: ошибка
User:Computer Name: КОМПЬЮТЕР
Event Code: 1
Message:
Record Number: 15231
Source Name: nview_info
Time Written: 20090924105420.000000+240
Event Type: ошибка
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«devmgr_show_nonpresent_devices»=1
«FP_NO_HOST_CHECK»=NO
«NUMBER_OF_PROCESSORS»=2
«OS»=Windows_NT
«Path»=%systemroot%system32;%systemroot%;%systemroot%system32wbem;C:Program FilesCommon FilesiZotopeRuntimes;C:Program FilesMicrosoft SQL Server80ToolsBinn
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 6 Stepping 5, GenuineIntel
«PROCESSOR_LEVEL»=15
«PROCESSOR_REVISION»=0605
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«windir»=%SystemRoot%
EOF
P.S. Важное: эти глюки происходят только под администраторской учёткой. Обычные пользователи работают нормально
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Пользователь at 2009-10-13 16:18:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (36%) free of 40 GB
Total RAM: 1023 MB (49% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:55, on 13.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAvast4aswUpdSv.exe
C:Program FilesAvast4ashServ.exe
D:Program FilesKeyboard DriverKMWDSrv.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesAvast4ashWebSv.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSExplorer.EXE
C:Program FilesVDOToolTBPanel.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1Avast4ashDisp.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32ctfmon.exe
D:Program FilesPositive TechnologiesStartup MonitorPTstartmon.exe
C:Program Filesglobaxglobax_daemon.exe
C:Program FilesOmicom IP Servicess4ip.exe
C:WINDOWSExplorer.EXE
D:СофтЗащитаRSIT.exe
C:Program FilesTrend MicroHijackThisПользователь.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 127.0.0.1:3128
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost;test1.ru;easygold;venera;ci;oop;masha;sportshop;
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: (no name) — AutorunsDisabled — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: IE Developer Toolbar BHO — {CC7E636D-39AA-49b6-B511-65413DA137A1} — D:Program FilesInternet Explorer Developer ToolbarIEDevToolbar.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [Gainward] C:Program FilesVDOToolTBPanel.exe /A
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exe
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [PTstartmon] d:Program FilesPositive TechnologiesStartup MonitorPTstartmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-21-1606980848-963894560-839522115-1005..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Зарница’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)
O4 — S-1-5-18 Startup: Create virtual drive for Denwer.lnk = d:WebServersdenwerBoot.exe (User ‘SYSTEM’)
O4 — S-1-5-18 Startup: globax.bat (User ‘SYSTEM’)
O4 — S-1-5-18 Startup: Omicom IP Service.lnk = C:Program FilesOmicom IP Servicess4ip.exe (User ‘SYSTEM’)
O4 — .DEFAULT Startup: Create virtual drive for Denwer.lnk = d:WebServersdenwerBoot.exe (User ‘Default user’)
O4 — .DEFAULT Startup: globax.bat (User ‘Default user’)
O4 — .DEFAULT Startup: Omicom IP Service.lnk = C:Program FilesOmicom IP Servicess4ip.exe (User ‘Default user’)
O4 — Startup: Create virtual drive for Denwer.lnk = d:WebServersdenwerBoot.exe
O4 — Startup: globax.bat
O4 — Startup: Omicom IP Service.lnk = C:Program FilesOmicom IP Servicess4ip.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать &все при помощи ReGet Deluxe — C:Program FilesCommon FilesReGet SharedCC_All.htm
O8 — Extra context menu item: Закачать при помощи Re&Get Deluxe — C:Program FilesCommon FilesReGet SharedCC_Link.htm
O9 — Extra button: Быстрая настройка Outpost Firewall Pro — {44627E97-789B-40d4-B5C2-58BD171129A1} — d:Program FilesAgnitumOutpost FirewallPluginsBrowserBarie_bar.dll
O9 — Extra button: IE Developer Toolbar — {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} — D:Program FilesInternet Explorer Developer ToolbarIEDevToolbar.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O20 — Winlogon Notify: mute32 — C:WINDOWSSYSTEM32mute32.dll
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAvast4aswUpdSv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAvast4ashWebSv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Keyboard And Mouse Communication Service (KMWDSERVICE) — UASSOFT.COM — D:Program FilesKeyboard DriverKMWDSrv.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DrWebspidernt.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O24 — Desktop Component AutorunsDisabled: (no name) — (no file)—
End of file — 8146 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper ObjectsAutorunsDisabled]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO — D:Program FilesInternet Explorer Developer ToolbarIEDevToolbar.dll [2007-03-01 623992][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-03-01 7700480]
«Gainward»=C:Program FilesVDOToolTBPanel.exe [2007-02-01 2154496]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-03-01 86016]
«avast!»=C:PROGRA~1Avast4ashDisp.exe [2007-12-04 79224]
«Malwarebytes Anti-Malware (reboot)»=C:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2007-03-20 30208]
«PTstartmon»=d:Program FilesPositive TechnologiesStartup MonitorPTstartmon.exe [2004-12-22 898048][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater]
C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe [2007-03-01 2321600][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregautodetect]
C:WINDOWSsystem32SupportAppXLAutoDect.exe [2009-03-16 91648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBeeline GPRS Explorer]
C:Program FilesBeelineGPRS Explorergprsexpl.exe [2007-01-12 834632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2007-03-12 153136][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBluetoothAuthenticationAgent]
C:WINDOWSsystem32bthprops.cpl [2004-08-17 110592][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
C:Program FilesMicrosoft ActiveSyncwcescomm.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInCD]
C:Program FilesNero 7InCDInCD.exe [2007-03-12 1055792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKMCONFIG]
D:Program FilesKeyboard DriverStartAutorun.exe [2008-05-30 212992][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesAheadLibNeroCheck.exe [2007-03-09 153136][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSsystem32NvCpl.dll [2007-03-01 7700480][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSsystem32NvMcTray.dll [2007-03-01 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOM2_Monitor]
C:Program FilesOLYMPUSOLYMPUS Master 2MMonitor.exe [2007-05-28 95800][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOutpostFeedBack]
d:Program FilesAgnitumOutpost Firewallfeedback.exe [2006-02-14 352324][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
C:WINDOWSRTHDCPL.EXE [2007-04-12 16132608][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSecurDisc]
C:Program FilesNero 7InCDNBHGui.exe [2007-03-12 1626160][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpIDerAgent]
C:Program FilesDrWebSpIDerAgent.exe [2008-12-17 697584][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpIDerNT]
C:PROGRA~1DrWebspiderui.exe [2008-12-09 197896][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2008-09-16 1833296][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^WINDOWS^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
C:PROGRA~1AdobeACROBA~1.0ReaderREADER~1.EXE [2005-09-24 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^WINDOWS^Documents and Settings^Пользователь^Главное меню^Программы^Автозагрузка^is-1G1N5.lnk]
C:PROGRA~1VIRUSR~1is-1G1N5startup.exe C:Program FilesVirus Removal Toolis-1G1N5is-1G1N5.exe -gui -bl [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^WINDOWS^Documents and Settings^Пользователь^Главное меню^Программы^Автозагрузка^is-3OL7G.lnk]
C:PROGRA~1VIRUSR~1is-3OL7Gstartup.exe [2008-11-12 65536][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^WINDOWS^Documents and Settings^Пользователь^Главное меню^Программы^Автозагрузка^is-EGDK2.lnk]
C:PROGRA~1VIRUSR~1is-EGDK2startup.exe C:Program FilesVirus Removal Toolis-EGDK2is-EGDK2.exe -gui -bl [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«wuauserv»=2
«InCDsrv»=2
«DrWebEngine»=2
«SPIDERNT»=3
«CSIScanner»=2
«NMIndexingService»=3
«NBService»=3C:WINDOWSDocuments and SettingsПользовательГлавное менюПрограммыАвтозагрузка
Create virtual drive for Denwer.lnk — d:WebServersdenwerBoot.exe
globax.bat
Omicom IP Service.lnk — C:Program FilesOmicom IP Servicess4ip.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifymute32]
C:WINDOWSsystem32mute32.dll [2007-09-26 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program Filesglobaxglobax_daemon.exe»=»C:Program Filesglobaxglobax_daemon.exe:*:Enabled:GlobaX»
«D:Program FilesQIPqip.exe»=»D:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«D:WebServersusrlocalapachebinhttpd.exe»=»D:WebServersusrlocalapachebinhttpd.exe:*:Enabled:Apache HTTP Server»
«C:Program Filesnpp.4.9.2.binnotepad++.exe»=»C:Program Filesnpp.4.9.2.binnotepad++.exe:*:Enabled:Notepad++ : a free (GNU) source code editor»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 3 months======
2009-10-13 16:04:37 —-D—- C:rsit
2009-10-01 13:17:34 —-D—- C:Сессии
2009-09-23 11:43:06 —-D—- C:Program Filesxp-AntiSpy
2009-09-22 20:25:19 —-A—- C:WINDOWSfsplugin.ini
2009-09-18 09:55:05 —-A—- C:WINDOWSDFC.INI
2009-09-18 09:41:36 —-D—- C:Program FilesVDOTool
2009-09-17 22:44:03 —-D—- C:Program FilesVirus Removal Tool
2009-09-17 22:02:21 —-D—- C:WINDOWSCSC
2009-09-17 21:00:02 —-A—- C:Program Filessetup_7.0.0.290_17.09.2009_19-30.exe
2009-09-14 14:23:50 —-A—- C:WINDOWSrec.txt
2009-09-12 15:13:38 —-D—- C:Program FilesHeavenWard
2009-09-12 13:10:25 —-D—- C:WINDOWSSxsCaPendDel
2009-09-12 10:18:53 —-D—- C:Program FilesPrevx
2009-09-12 10:08:50 —-D—- C:WINDOWSDocuments and SettingsAll UsersApplication DataPrevxCSI
2009-09-11 20:50:16 —-D—- C:Program FilesCommon FilesAgnitum Shared
2009-09-11 10:16:28 —-D—- C:Program FilesCommon FilesDoctor Web
2009-09-11 10:16:27 —-D—- C:WINDOWSDocuments and SettingsAll UsersApplication DataDoctor Web
2009-09-11 10:16:26 —-D—- C:Program FilesDrWeb
2009-09-11 09:53:28 —-A—- C:WINDOWSlogfile32.txt
2009-09-10 14:13:42 —-A—- C:WINDOWSsystem32MSVCR71.dll
2009-09-10 14:13:42 —-A—- C:WINDOWSsystem32MSVCP71.dll
2009-09-10 13:04:06 —-A—- C:WINDOWSlog32.txt
2009-09-10 09:42:42 —-A—- C:WINDOWSsystem32msvcsv60.dll
2009-09-09 19:10:29 —-A—- C:WINDOWSModemLog_ZTE Proprietary USB Modem.txt
2009-09-09 19:07:54 —-D—- C:WINDOWSsystem32SupportAppXL
2009-09-03 12:12:12 —-HD—- C:WINDOWSPIF
2009-09-01 23:02:42 —-D—- C:WINDOWSDocuments and SettingsПользовательApplication DataKompoZer
2009-08-31 12:51:26 —-D—- C:Program Fileswebmedia
2009-08-28 11:40:13 —-D—- C:Program FilesHaali
2009-08-24 12:03:41 —-AH—- C:WINDOWSakebook.ini
2009-08-24 12:03:41 —-AH—- C:WINDOWSa3kebook.ini
2009-08-24 12:03:41 —-A—- C:WINDOWSANS2000.INI
2009-08-24 11:44:55 —-A—- C:WINDOWSsystem32tsccvid.dll
2009-08-24 11:44:54 —-D—- C:WINDOWSsystem32QuickTime
2009-08-24 11:44:37 —-D—- C:Program FilesCommon FilesTechSmith Shared
2009-08-24 11:44:31 —-D—- C:Program FilesTechSmith
2009-08-18 17:42:01 —-D—- C:WINDOWSDocuments and SettingsПользовательApplication Datacr3
2009-07-19 16:52:28 —-A—- C:WINDOWSsystem32devil.dll
2009-07-19 16:52:28 —-A—- C:WINDOWSsystem32avisynth.dll
2009-07-19 16:52:27 —-D—- C:Program FilesAviSynth 2.5
2009-07-19 16:52:27 —-A—- C:WINDOWSsystem32i420vfw.dll
2009-07-19 16:52:27 —-A—- C:WINDOWSsystem32AVSredirect.dll
2009-07-19 16:52:11 —-RSH—- C:WINDOWSsystem32nbDX.dll
2009-07-19 16:52:11 —-RSH—- C:WINDOWSsystem32msfDX.dll
2009-07-19 16:52:11 —-RSH—- C:WINDOWSsystem32flvDX.dll======List of files/folders modified in the last 3 months======
2009-10-13 16:18:47 —-D—- C:WINDOWSTemp
2009-10-13 16:00:50 —-D—- C:Program FilesУправление АСТЕР
2009-10-13 15:45:20 —-D—- C:Program FilesMozilla Firefox
2009-10-13 15:41:12 —-A—- C:WINDOWSwincmd.ini
2009-10-13 14:00:37 —-A—- C:WINDOWSwcx_ftp.ini
2009-10-13 13:49:20 —-D—- C:WINDOWSsystem32drivers
2009-10-08 12:48:11 —-D—- C:WINDOWSsystem32CatRoot2
2009-10-08 12:09:31 —-D—- C:Program Filesglobax
2009-10-08 11:31:37 —-D—- C:WINDOWSLhsp
2009-10-08 10:05:43 —-A—- C:WINDOWSNeroDigital.ini
2009-10-05 19:54:09 —-D—- C:WINDOWS
2009-10-04 18:02:31 —-A—- C:WINDOWSsystem.ini
2009-10-04 11:22:46 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-10-01 12:35:39 —-SHD—- C:WINDOWSInstaller
2009-09-26 17:25:33 —-HD—- C:WINDOWSinf
2009-09-25 22:03:40 —-ASH—- C:boot.ini
2009-09-25 17:54:30 —-SHD—- C:System Volume Information
2009-09-25 17:54:30 —-D—- C:WINDOWSsystem32Restore
2009-09-25 17:33:33 —-A—- C:WINDOWSWininit.ini
2009-09-24 11:34:54 —-A—- C:WINDOWSwin.ini
2009-09-24 08:12:55 —-A—- C:WINDOWSODBC.INI
2009-09-23 12:43:22 —-D—- C:Program FilesQIP
2009-09-23 11:49:22 —-A—- C:WINDOWSSchedLgU.Txt
2009-09-23 11:43:06 —-RD—- C:Program Files
2009-09-22 13:54:34 —-D—- C:Program Filestotalcmd
2009-09-22 12:14:27 —-D—- C:WINDOWSsystem32
2009-09-20 10:45:26 —-D—- C:WINDOWSMinidump
2009-09-19 10:48:55 —-D—- C:WINDOWSDocuments and SettingsПользовательApplication DataOpera
2009-09-18 09:53:20 —-D—- C:WINDOWSHelp
2009-09-18 09:53:17 —-D—- C:WINDOWSnview
2009-09-18 09:43:56 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-09-18 09:43:05 —-RSD—- C:WINDOWSassembly
2009-09-18 09:42:00 —-D—- C:WINDOWSsystem32DirectX
2009-09-17 23:59:51 —-D—- C:WINDOWSpss
2009-09-17 23:22:57 —-D—- C:WINDOWSsystem32dllcache
2009-09-17 22:51:00 —-D—- C:WINDOWSRegistration
2009-09-17 22:44:10 —-A—- C:WINDOWSntbtlog.txt
2009-09-16 14:28:30 —-D—- C:Program Filesnpp.4.9.2.bin
2009-09-15 10:58:47 —-SD—- C:WINDOWSDocuments and SettingsПользовательApplication DataMicrosoft
2009-09-15 10:58:39 —-D—- C:Program FilesMicrosoft ActiveSync
2009-09-15 09:49:09 —-D—- C:WINDOWSsystem32CatRoot
2009-09-14 15:45:33 —-D—- C:Program FilesMessenger
2009-09-12 13:10:25 —-D—- C:WINDOWSWinSxS
2009-09-12 13:10:12 —-D—- C:Program FilesCommon Files
2009-09-11 22:09:03 —-SD—- C:WINDOWSTasks
2009-09-11 18:31:35 —-SHD—- C:RECYCLER
2009-09-10 14:13:18 —-D—- C:Program FilesAvast4
2009-09-09 19:09:59 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-09-09 19:07:43 —-HD—- C:Program FilesInstallShield Installation Information
2009-08-31 12:51:27 —-D—- C:WINDOWSsystem
2009-08-26 13:31:48 —-D—- C:Program FilesVstPlugins
2009-08-16 10:41:38 —-A—- C:WINDOWSModemLog_Motorola USB Modem.txt
2009-08-15 22:53:55 —-A—- C:WINDOWSModemLog_PdaNet Modem.txt
2009-08-15 16:00:18 —-D—- C:Program FilesRelease_NET20_2.0
2009-08-12 18:48:54 —-D—- C:Program FilesOpera
2009-08-11 12:18:37 —-D—- C:WINDOWSDocuments and SettingsПользовательApplication DataDeckadance
2009-08-08 10:10:30 —-D—- C:Program Filestnia
2009-08-02 18:45:56 —-D—- C:Program FilesProgDVB
2009-07-31 21:31:14 —-RSD—- C:WINDOWSFonts
2009-07-19 17:37:34 —-D—- C:WINDOWSsystem32NtmsData======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2007-12-04 26624]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2007-12-04 42912]
R1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys [2007-03-12 37040]
R1 incdrm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys [2007-03-12 38576]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R1 SCDEmu;SCDEmu; C:WINDOWSsystem32driversSCDEmu.sys [2005-10-16 27171]
R1 uzmymjk4;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzmymjk4.sys []
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-20 12032]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2007-12-04 94544]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-11-08 62336]
R2 TBPanel;TBPanel; C:WINDOWSsystem32driversTBPanel.sys [2002-07-27 5306]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2007-12-04 23152]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MPEVirtual;Virtual MPE Decoder Adapter Driver; C:WINDOWSsystem32DRIVERSMPEVirtual.sys [2008-02-29 100528]
R3 msloop;Драйвер адаптера Microsoft замыкания на себя; C:WINDOWSsystem32DRIVERSloop.sys [2001-08-17 4992]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-03-01 3994688]
R3 Omicom;%Omicom.DVBSDesc%; C:WINDOWSsystem32driversss4bda.sys [2008-03-12 232576]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2006-09-01 59264]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-04-19 20608]
R3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:WINDOWSsystem32DRIVERSZTEusbmdm6k.sys [2008-11-03 104960]
R3 ZTEusbnmea;ZTE NMEA Port; C:WINDOWSsystem32DRIVERSZTEusbnmea.sys [2008-11-03 104960]
R3 ZTEusbser6k;ZTE Diagnostic Port; C:WINDOWSsystem32DRIVERSZTEusbser6k.sys [2008-11-03 104960]
R4 InCDfs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys [2007-03-12 118064]
S1 RemoveAny;RemoveAny driver; ??C:WINDOWSsystem32Driversremoveany.sys []
S1 VFILT;Outpost Firewall Kernel Driver; ??d:Program FilesAgnitumOutpost FirewallkernelFILTNT.SYS []
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelADBLOCK.DLL []
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelARP.DLL []
S3 BthEnum;Драйвер блока запроса Bluetooth; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-04 17024]
S3 BTHMODEM;Драйвер для устройства связи по последовательному каналу Bluetooth; C:WINDOWSsystem32DRIVERSbthmodem.sys [2004-08-04 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2004-08-03 100992]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2004-08-17 274688]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-04 18944]
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelCONTENT.DLL []
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelDNSCACHE.DLL []
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelFTPFILT.DLL []
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelHTMLFILT.DLL []
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelHTTPFILT.DLL []
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelIMAPFILT.DLL []
S3 KMWDFilter;KMWDFilter; ??C:WINDOWSSystem32DriversKMWDFilter.SYS []
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelMAILFILT.DLL []
S3 massfilter;ZTE Mass Storage Filter Driver; C:WINDOWSsystem32driversmassfilter.sys [2008-11-03 7680]
S3 MPE;BDA MPE фильтр; C:WINDOWSsystem32DRIVERSMPE.sys [2004-08-03 15360]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelNNTPFILT.DLL []
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelPOP3FILT.DLL []
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelPROTECT.DLL []
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-04 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelSECRET.DLL []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 SPIDER;SpIDer Guard File System Monitor; ??C:PROGRA~1DrWebspider.sys []
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 SynasUSB;SynasUSB; C:WINDOWSsystem32driversSynasUSB.sys [2007-10-24 23288]
S3 usb_rndisx;USB RNDIS Adapter; C:WINDOWSsystem32DRIVERSusb8023x.sys [2005-10-21 12800]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 motccgp;Motorola USB Composite Device Driver; C:WINDOWSsystem32DRIVERSmotccgp.sys [2007-06-18 17920]
S4 motccgpfl;MotCcgpFlService; C:WINDOWSsystem32DRIVERSmotccgpfl.sys [2007-01-22 7680]
S4 MotDev;Motorola Inc. USB Device; C:WINDOWSsystem32DRIVERSmotodrv.sys [2007-05-07 42112]
S4 motmodem;Motorola USB CDC ACM Driver; C:WINDOWSsystem32DRIVERSmotmodem.sys [2007-06-18 23680]
S4 pnetmdm;PdaNet Modem; C:WINDOWSsystem32DRIVERSpnetmdm.sys [2006-09-28 9472]
S4 Sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-17 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAvast4aswUpdSv.exe [2007-12-04 17272]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAvast4ashServ.exe [2007-12-04 140664]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; D:Program FilesKeyboard DriverKMWDSrv.exe [2008-06-23 208896]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-03-01 159811]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAvast4ashWebSv.exe [2007-12-04 345464]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAvast4ashMaiSv.exe [2007-12-04 247160]
S3 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-12-31 14336]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-06-27 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-09-08 36864]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-09-11 741376]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; D:SonyPlug-insMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 SPIDERNT;SpIDer Guard for Windows; C:PROGRA~1DrWebspidernt.exe [2008-12-09 197896]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; D:SonyPlug-insMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-12-31 14336]
S4 CSIScanner;CSIScanner; C:Program FilesPrevxprevx.exe [2009-09-12 4368952]
S4 DrWebEngine;Dr.Web ® Scanning Engine (DrWebEngine); C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe [2008-12-15 869688]
S4 HttpAnalyzerV3 DllInjectService;HttpAnalyzerV3 CodeHook service; d:Program FilesIEInspectorHTTPAnalyzerStdV3InjectWinSockServiceV3.exe [2009-06-02 532480]
S4 InCDsrv;InCD Helper; C:Program FilesNero 7InCDInCDsrv.exe [2007-03-12 931376]
S4 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe [2006-10-26 335872]
S4 NBService;NBService; C:Program FilesNero 7Nero BackItUpNBService.exe [2007-01-15 774144]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-09-11 122880]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-03-12 271920]
S4 OutpostFirewall;Outpost Firewall Service; d:Program FilesAgnitumOutpost Firewalloutpost.exe [2006-02-13 91648]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Выполним дополнительную проверку.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
Вот лог Combofix:
ComboFix 09-10-16.09 — Пользователь 17.10.2009 10:24.2.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.1023.602 [GMT 4:00]
Running from: c:windowsDocuments and SettingsПользовательРабочий столComboFix.exe
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:recyclerS-1-5-21-3398550103-9258848523-165411855-0980
c:recyclerS-1-5-21-4233920248-0816383205-664473168-5026
c:windowsa3kebook.ini
c:windowsakebook.ini
c:windowsANS2000.INI
c:windowsDocuments and SettingsПользовательApplication DataMicrosoftInternet ExplorerqiPSearchbar.dll
c:windowslogfile32.txt
c:windowssystem32msvcsv60.dll
c:windowssystem32смо .scf
D:resycled.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.2009-10-13 12:04 . 2009-10-13 12:04
d
w- C:rsit
2009-10-01 09:17 . 2009-10-01 09:17
d
w- C:Сессии
2009-09-23 07:43 . 2009-09-23 07:43
d
w- c:program filesxp-AntiSpy
2009-09-22 09:53 . 2009-09-22 09:50 266379 —-a-w- C:wfx_efs_1_1_2.zip
2009-09-19 06:48 . 2009-09-19 06:48
d
w- c:windowsDocuments and SettingsПользовательLocal SettingsApplication DataOpera
2009-09-18 15:35 . 2009-09-18 15:35 97056 —ha-w- c:windowssystem32mlfcache.dat
2009-09-18 07:29 . 2009-09-30 19:35 11264 —-a-w- c:windowssystem32driversuzmymjk4.sys
2009-09-18 05:41 . 2002-07-27 14:01 5306 —-a-w- c:windowssystem32driversTBPanel.sys
2009-09-18 05:41 . 2009-09-18 05:41
d
w- c:program filesVDOTool
2009-09-17 18:44 . 2009-09-17 18:47
d
w- c:program filesVirus Removal Tool
2009-09-17 18:44 . 2008-07-08 10:54 148496 —-a-w- c:windowssystem32drivers34498078.sys
2009-09-17 17:56 . 2008-07-08 10:54 148496 —-a-w- c:windowssystem32drivers5731284.sys
2009-09-17 17:26 . 2009-09-22 10:28 258641952 —sha-w- c:windowssystem32driversfidbox.dat
2009-09-17 17:00 . 2009-09-17 17:12 44286728 —-a-w- c:program filessetup_7.0.0.290_17.09.2009_19-30.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 06:13 . 2009-09-12 11:13 45 —-a-w- c:windowssystem32driversRemoveAny.log
2009-10-16 11:10 . 2008-11-24 13:44
d
w- c:program filesУправление АСТЕР
2009-10-12 17:28 . 2008-08-29 09:58 32 —-a-w- c:windowsmsocreg32.dat
2009-10-08 08:09 . 2008-06-26 18:37
d
w- c:program filesglobax
2009-10-04 07:22 . 2009-01-23 14:18
d
w- c:program filesMalwarebytes’ Anti-Malware
2009-09-23 08:43 . 2009-05-28 13:26
d
w- c:program filesQIP
2009-09-23 07:24 . 2008-08-13 10:27 212 —-a-w- c:windowsildasmfnt.bin
2009-09-22 10:28 . 2009-09-17 17:26 3027176 —sha-w- c:windowssystem32driversfidbox.idx
2009-09-22 09:54 . 2008-06-27 09:48
d
w- c:program filestotalcmd
2009-09-16 10:28 . 2008-06-26 18:56
d
w- c:program filesnpp.4.9.2.bin
2009-09-15 06:58 . 2008-11-23 09:04
d
w- c:program filesMicrosoft ActiveSync
2009-09-13 18:03 . 2009-09-11 06:16
d
w- c:program filesDrWeb
2009-09-12 11:13 . 2009-09-12 11:13
d
w- c:program filesHeavenWard
2009-09-12 10:06 . 2009-09-12 06:08
d
w- c:windowsDocuments and SettingsAll UsersApplication DataPrevxCSI
2009-09-12 06:18 . 2009-09-12 06:18 27656 —-a-w- c:windowssystem32driverspxsec.sys
2009-09-12 06:18 . 2009-09-12 06:18 22024 —-a-w- c:windowssystem32driverspxscan.sys
2009-09-12 06:18 . 2009-09-12 06:18
d
w- c:program filesPrevx
2009-09-11 16:50 . 2009-09-11 16:50
d
w- c:program filesCommon FilesAgnitum Shared
2009-09-11 06:16 . 2009-09-11 06:16
d
w- c:program filesCommon FilesDoctor Web
2009-09-11 06:16 . 2009-09-11 06:16
d
w- c:windowsDocuments and SettingsAll UsersApplication DataDoctor Web
2009-09-10 10:54 . 2009-01-23 14:19 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-10 10:53 . 2009-01-23 14:19 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-09-10 10:13 . 2008-06-27 09:41
d
w- c:program filesAvast4
2009-09-09 15:09 . 2001-10-20 14:00 85800 —-a-w- c:windowssystem32perfc019.dat
2009-09-09 15:09 . 2001-10-20 14:00 487172 —-a-w- c:windowssystem32perfh019.dat
2009-09-09 15:07 . 2008-06-26 09:08
d—h—w- c:program filesInstallShield Installation Information
2009-09-01 19:02 . 2009-09-01 19:02
d
w- c:windowsDocuments and SettingsПользовательApplication DataKompoZer
2009-08-31 08:51 . 2009-08-31 08:51
d
w- c:program fileswebmedia
2009-08-28 09:42 . 2009-08-28 07:40
d
w- c:program filesHaali
2009-08-26 09:31 . 2008-07-01 20:55
d
w- c:program filesVstPlugins
2009-08-24 07:44 . 2009-08-24 07:44
d
w- c:program filesCommon FilesTechSmith Shared
2009-08-24 07:44 . 2009-08-24 07:44
d
w- c:program filesTechSmith
2009-08-18 19:08 . 2008-12-14 18:42
d
w- c:windowsDocuments and SettingsЗарницаApplication DataWinamp
2009-08-18 13:42 . 2009-08-18 13:42
d
w- c:windowsDocuments and SettingsПользовательApplication Datacr3
2009-08-01 07:56 . 2008-11-24 17:13 156488 —-a-w- c:windowsDocuments and SettingsЗарницаLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-07-31 18:44 . 2008-06-26 17:03 156488 —-a-w- c:windowsDocuments and SettingsПользовательLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2006-10-09 13:31 . 2008-12-12 13:33 225280 —-a-w- c:program filesChess3DR.exe
2006-05-03 09:06 . 2009-07-19 12:52 163328 —sh—r- c:windowssystem32flvDX.dll
2007-02-21 10:47 . 2009-07-19 12:52 31232 —sh—r- c:windowssystem32msfDX.dll
2008-03-16 12:30 . 2009-07-19 12:52 216064 —sh—r- c:windowssystem32nbDX.dll
.
Sigcheck
[-] 2007-03-20 . D66D54EC7C2E2025F22D22BCBE1867B4 . 4003840 . . [7.00.5730.11] . . c:windowssystem32mshtml.dll[-] 2007-03-20 . D836E87C1ECAE37C1FC5BAAC62748156 . 577536 . . [5.1.2600.2622] . . c:windowssystem32user32.dll
[-] 2007-03-20 . 8461B677EB0BDC195945DF290FF33070 . 943616 . . [7.00.5730.11] . . c:windowssystem32wininet.dll
[-] 2007-03-20 . 7880331219D76B81CAEC762E6491CF67 . 114176 . . [5.4.3790.2180] . . c:windowssystem32wuauclt.exe
[-] 2007-03-20 . 214E0C336CE868949ED6F6AE45F2F9E2 . 1607680 . . [6.00.2900.2649] . . c:windowsexplorer.exe
[-] 2007-03-20 . BA6FBEBD54BA6F80A330C4BE69A137F8 . 1548288 . . [5.1.2600.2180] . . c:windowssystem32sfcfiles.dll
[-] 2007-03-20 . E6BBC5E0DB1804ACAEF5902902679A6A . 30208 . . [5.1.2600.2180] . . c:windowssystem32ctfmon.exe
c:windowssystem32wscntfy.exe … is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«PTstartmon»=»d:program filesPositive TechnologiesStartup MonitorPTstartmon.exe» [2004-12-22 898048][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-03-01 7700480]
«Gainward»=»c:program filesVDOToolTBPanel.exe» [2007-02-01 2154496]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-03-01 86016]
«avast!»=»c:progra~1Avast4ashDisp.exe» [2007-12-04 79224]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2007-03-01 1622016][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2007-03-20 30208][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«nltide_2″=»shell32» [X]
«nltide_3″=»advpack.dll» — c:windowssystem32advpack.dll [2007-03-20 123904]c:windowsDocuments and SettingsЏ®«м§®ў ⥫샫 ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Create virtual drive for Denwer.lnk — d:webserversdenwerBoot.exe [2008-6-27 6656]
globax.bat [2009-1-28 65]
Omicom IP Service.lnk — c:program filesOmicom IP Servicess4ip.exe [2008-3-12 212992]c:windowsDocuments and SettingsЏ®«м§®ў ⥫샫 ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Create virtual drive for Denwer.lnk — d:webserversdenwerBoot.exe [2008-6-27 6656]
globax.bat [2009-1-28 65]
Omicom IP Service.lnk — c:program filesOmicom IP Servicess4ip.exe [2008-3-12 212992]c:windowsDocuments and SettingsЏ®«м§®ў ⥫샫 ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Create virtual drive for Denwer.lnk — d:webserversdenwerBoot.exe [2008-6-27 6656]
globax.bat [2009-1-28 65]
Omicom IP Service.lnk — c:program filesOmicom IP Servicess4ip.exe [2008-3-12 212992]c:windowsDocuments and SettingsЏ®«м§®ў ⥫샫 ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Create virtual drive for Denwer.lnk — d:webserversdenwerBoot.exe [2008-6-27 6656]
globax.bat [2009-1-28 65]
Omicom IP Service.lnk — c:program filesOmicom IP Servicess4ip.exe [2008-3-12 212992][HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMMyPictures»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifymute32]
2007-09-26 06:37 34816 —-a-w- c:windowssystem32mute32.dll[HKLM~startupfolderC:^WINDOWS^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
backup=c:windowspssУскоренный запуск Adobe Reader.lnkCommon Startup[HKLM~startupfolderC:^WINDOWS^Documents and Settings^Пользователь^Главное меню^Программы^Автозагрузка^is-1G1N5.lnk]
path=c:windowsDocuments and SettingsПользовательГлавное менюПрограммыАвтозагрузкаis-1G1N5.lnk
backup=c:windowspssis-1G1N5.lnkStartup[HKLM~startupfolderC:^WINDOWS^Documents and Settings^Пользователь^Главное меню^Программы^Автозагрузка^is-3OL7G.lnk]
path=c:windowsDocuments and SettingsПользовательГлавное менюПрограммыАвтозагрузкаis-3OL7G.lnk
backup=c:windowspssis-3OL7G.lnkStartup[HKLM~startupfolderC:^WINDOWS^Documents and Settings^Пользователь^Главное меню^Программы^Автозагрузка^is-EGDK2.lnk]
path=c:windowsDocuments and SettingsПользовательГлавное менюПрограммыАвтозагрузкаis-EGDK2.lnk
backup=c:windowspssis-EGDK2.lnkStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«wuauserv»=2 (0x2)
«InCDsrv»=2 (0x2)
«DrWebEngine»=2 (0x2)
«SPIDERNT»=3 (0x3)
«CSIScanner»=2 (0x2)
«NMIndexingService»=3 (0x3)
«NBService»=3 (0x3)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\globax\globax_daemon.exe»=
«d:\Program Files\QIP\qip.exe»=
«d:\WebServers\usr\local\apache\bin\httpd.exe»=
«c:\Program Files\npp.4.9.2.bin\notepad++.exe»=
«c:\Program Files\totalcmd\TOTALCMD.EXE»=
«d:\Program Files\Opera10\opera.exe»=R0 DwProt;DrWeb Protection;c:windowssystem32driversdwprot.sys [11.09.2009 10:30 98168]
R0 MUTE2X_SERVICE;MUTE2X_SERVICE;c:windowssystem32mute2x.sys [26.09.2007 10:37 113696]
R0 pxscan;pxscan;c:windowssystem32driverspxscan.sys [12.09.2009 10:18 22024]
R0 pxsec;pxsec;c:windowssystem32driverspxsec.sys [12.09.2009 10:18 27656]
R1 uzmymjk4;AVZ-RK Kernel Driver;c:windowssystem32driversuzmymjk4.sys [18.09.2009 11:29 11264]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;d:program filesKeyboard DriverKMWDSrv.exe [23.06.2008 21:28 208896]
R3 MPEVirtual;Virtual MPE Decoder Adapter Driver;c:windowssystem32driversMPEVirtual.sys [26.06.2008 21:20 100528]
R3 Omicom;%Omicom.DVBSDesc%;c:windowssystem32driversss4bda.sys [26.06.2008 21:19 232576]
S1 RemoveAny;RemoveAny driver;c:windowssystem32driversRemoveAny.sys [24.04.2009 16:11 11264]
S1 VFILT;Outpost Firewall Kernel Driver;d:program filesAgnitumOutpost FirewallKernelfiltnt.sys [11.09.2009 20:50 125216]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);d:program filesAgnitumOutpost FirewallKerneladblock.dll [11.09.2009 20:50 33600]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);d:program filesAgnitumOutpost FirewallKernelarp.dll [11.09.2009 20:50 17440]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);d:program filesAgnitumOutpost FirewallKernelcontent.dll [11.09.2009 20:50 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);d:program filesAgnitumOutpost FirewallKerneldnscache.dll [11.09.2009 20:50 14304]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);d:program filesAgnitumOutpost FirewallKernelftpfilt.dll [11.09.2009 20:50 9024]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);d:program filesAgnitumOutpost FirewallKernelhtmlfilt.dll [11.09.2009 20:50 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);d:program filesAgnitumOutpost FirewallKernelhttpfilt.dll [11.09.2009 20:50 13248]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);d:program filesAgnitumOutpost FirewallKernelimapfilt.dll [11.09.2009 20:50 7200]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);d:program filesAgnitumOutpost FirewallKernelmailfilt.dll [11.09.2009 20:50 14912]
S3 massfilter;ZTE Mass Storage Filter Driver;c:windowssystem32driversmassfilter.sys [09.09.2009 19:07 7680]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);d:program filesAgnitumOutpost FirewallKernelnntpfilt.dll [11.09.2009 20:50 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);d:program filesAgnitumOutpost FirewallKernelpop3filt.dll [11.09.2009 20:50 9984]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);d:program filesAgnitumOutpost FirewallKernelprotect.dll [11.09.2009 20:50 16960]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);d:program filesAgnitumOutpost FirewallKernelsecret.dll [11.09.2009 20:50 9696]
S3 SPIDER;SpIDer Guard File System Monitor;c:progra~1DrWebspider.sys [09.12.2008 13:28 268328]
S3 SPIDERNT;SpIDer Guard for Windows;c:progra~1DrWebspidernt.exe [09.12.2008 13:28 197896]
S3 SynasUSB;SynasUSB;c:windowssystem32driverssynasUSB.sys [29.08.2008 0:24 23288]
S4 CSIScanner;CSIScanner;c:program filesPrevxprevx.exe [12.09.2009 10:18 4368952]
S4 DrWebEngine;Dr.Web ® Scanning Engine (DrWebEngine);c:program filesCommon FilesDoctor WebScanning Enginedwengine.exe [15.12.2008 13:08 869688]
S4 HttpAnalyzerV3 DllInjectService;HttpAnalyzerV3 CodeHook service;d:program filesIEInspectorHTTPAnalyzerStdV3InjectWinSockServiceV3.exe [22.06.2009 10:17 532480]
S4 motccgp;Motorola USB Composite Device Driver;c:windowssystem32driversmotccgp.sys [26.06.2008 21:31 17920]
S4 motccgpfl;MotCcgpFlService;c:windowssystem32driversmotccgpfl.sys [26.06.2008 21:31 7680]
S4 MotDev;Motorola Inc. USB Device;c:windowssystem32driversmotodrv.sys [26.06.2008 21:31 42112]
S4 pnetmdm;PdaNet Modem;c:windowssystem32driverspnetmdm.sys [13.04.2009 12:48 9472]
.
.
Supplementary Scan
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = 127.0.0.1:3128
uInternet Settings,ProxyOverride = localhost;test1.ru;easygold;venera;ci;oop;masha;sportshop;
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1Office12EXCEL.EXE/3000
IE: Закачать &все при помощи ReGet Deluxe — c:program filesCommon FilesReGet SharedCC_All.htm
IE: Закачать при помощи Re&Get Deluxe — c:program filesCommon FilesReGet SharedCC_Link.htm
FF — ProfilePath — c:windowsDocuments and SettingsПользовательApplication DataMozillaFirefoxProfilesbec9dpux.default
FF — prefs.js: browser.search.selectedEngine — QIP Search
FF — prefs.js: browser.startup.homepage — hxxp://start.qip.ru
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
FF — prefs.js: network.proxy.ftp — 127.0.0.1
FF — prefs.js: network.proxy.ftp_port — 1080
FF — prefs.js: network.proxy.gopher — 127.0.0.1
FF — prefs.js: network.proxy.gopher_port — 1080
FF — prefs.js: network.proxy.http — 127.0.0.1
FF — prefs.js: network.proxy.http_port — 3128
FF — prefs.js: network.proxy.socks — 127.0.0.1
FF — prefs.js: network.proxy.socks_port — 1080
FF — prefs.js: network.proxy.ssl — 127.0.0.1
FF — prefs.js: network.proxy.ssl_port — 3128
FF — prefs.js: network.proxy.type — 1
FF — component: c:windowsDocuments and SettingsПользовательApplication DataMozillaFirefoxProfilesbec9dpux.defaultextensions{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}componentsnstidy.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesVirtools3D Life Playernpvirtools.dll
FF — plugin: d:program filesOpera10programpluginsnpdsplay.dll
FF — plugin: d:program filesOpera10programpluginsnpwmsdrm.dll
.
— — — — ORPHANS REMOVED — — — —AddRemove-HaaliHaaliReaderCE — c:program filesHaaliHaali Reader CEuninstall.exe
AddRemove-ShockwaveFlash — c:windowssystem32MacromedFlashUninstFl.exe
AddRemove-STV Tools — c:program filesSTVuninst.exe
AddRemove-{9AE5560A-EEDE-49B0-B3A4-F2A713AAE83B}}_is1 — c:program filesSexy Dreamsunins000.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 10:28
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(668)
c:windowssystem32SETUPAPI.dll
c:windowssystem32Mute32.dll
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(760)
c:windowssystem32setupapi.dll
.
Completion time: 2009-10-17 10:30
ComboFix-quarantined-files.txt 2009-10-17 06:30Pre-Run: 14 841 516 032 байт свободно
Post-Run: 14 956 986 368 байт свободно252
После комбофикса что-то стало с правами, теперь большинство программ не загружаются в учётках простых пользователей.
Проблема с процессами осталась, к сожалению.С правами разобрался. Но с процессами та же проблема… Очень надеюсь на вашу помощь. Больше помочь некому
Вижу у вас несколько антивирусных и антиспайварных программ.
Удалите все.
После чего установите один антивирус и одну антиспайварную программу.
Временно удалите Outpost Firewall.
Так же удалите Prevx.Кроме этого удалите все редко используемые и неиспользованные программы.
Кликните Пуск -> Выполнить
В строке ввода введите notepad и нажмите Enter.
Вствавьте в блокнот следующий текст:dir wscntfy.exe /a h /s > File.txtКликните Файл, Сохранить как.
Смените тип файла на: Все файлы.
Введите имя файла find_file.bat и кликните Ok.
Сохраните файл на ваш рабочий стол.
Закройте блокнот.
Дважды кликните по созданному нами файлу find_file.bat.
По-завершению работы на рабочем столе появится файл File.txt, вставьте его содержимое в ваш ответ.Combofix сообщает что системный файл wscntfy.exe был удалён.
Нужно его восстановить. У вас есть инсталляционный диск Windows ?К сожалению, нет, есть только консоль восстановления.
C:WINDOWSsystem32wscntfy.exe присутствует. Проверил на virustotal — с ним все в порядке
- Для ответа в этой теме необходимо авторизоваться.
