- This topic has 6 ответов, 2 участника, and was last updated 16 years, 3 months назад by
.
-
Сообщения
-
Здравствуйте, помогите пожалуйста разобраться, что твориться с моим компьютером. Наверно это какой-то вирус или троян, но антивирус никаких сигналов не подавал(Panda Cloud Antivirus) он даже после проверки выдал , что компьютер работает корректно. А началось все два дня назад, я даже не поняла из-за чего, он завис и после повторного включения стали вылетать окошки с предупреждениями от Microsoft типа «Прекращена работа Userinit поиск решений в интернете…….» и как только эту закрываешь сразу же всплывает другая такая же, только там уже — прекращена работа планировщика заданий, диспетчер рабочего стола, хост-процесс Windows(Rundll32), Java(TM), Application Launcher, Amoumain, Panda ….. и так они вылетают друг за другом раз 30 и программы которые там указаны перестают работать. Я еще раз все проверила антивирусом и сегодня утром когда включала компьютер это прекратилось(я даже специально пару раз выключила и включила его, но ничего больше не вылетало). Зато когда включила интернет сразу же появился информер на пол экрана с голой теткой — «Если рекламный модуль был вами установлен, но вы решили отказаться от подписки, то вам достаточно отправить смс на короткий номер, указанный ниже. Полученный код позволит вам удалить информер.» Естественно, мною он не был установлен. И появляется он везде и на мозилле, на эксплорере и на опере, он как приклеенный в нижнем правом углу и не сдвигается, из-за него ничего не видно. Помогите, пожалуйста, с этой проблемой.
P.S- И еще маленькая просьба, не могли бы вы мне поподробней написать что именно надо делать, а то я очень плохо разбираюсь в компьютерах, плохо знаю что где находиться и некоторых терминов не понимаю. Я была бы вам очень признательна. =)Вот что получилась после сканирования:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-07-05 22:47:51
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 31 GB (13%) free of 238 GB
Total RAM: 2047 MB (66% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:10, on 05.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: NormalRunning processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:Program FilesA4TechMouseAmoumain.exe
C:Program FilesPanda SecurityPanda Cloud AntivirusPSUNMain.exe
C:WindowsSystem32rundll32.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Windowsehomeehtray.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32wuauclt.exe
C:UsersUserDownloadsRSIT.exe
C:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.key.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 — Hosts: ::1 localhost
O2 — BHO: (no name) — {88888888-8888-8888-8888-888888888888} — (no file)
O2 — BHO: MS Media Module — {9D64F819-9380-8473-DAB2-702FCB3D7A3E} — %USERPROFILE%Application Datamsmedia.dll (file missing)
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [PSUNMain] «C:Program FilesPanda SecurityPanda Cloud AntivirusPSUNMain.exe» /Traybar
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 — HKCU..Run: [RGSC] C:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent
O4 — HKCU..Run: [adstopper] C:Program FilesAdStoperAdStopperTrayApp.exe
O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [userinit] C:UsersUserAppDataRoamingntos.exe
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: is-7M2TH.lnk = C:UsersUserVirus Removal Tool1is-7M2THstartup.exe
O4 — Startup: is-LU48L.lnk = C:UsersUserVirus Removal Toolis-LU48Lstartup.exe
O4 — Startup: Registration .LNK = C:Program FilesUbisoftCyan WorldsMyst V End Of AgesregisterRegistrationReminder.exe
O9 — Extra button: PokerStars.net — {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} — C:Program FilesPokerStars.NETPokerStarsUpdate.exe
O13 — Gopher Prefix:
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 — Service: MSCSPTISRV — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 — Service: NanoServiceMain — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: PACSPTISVR — Unknown owner — C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 — Service: SonicStage Back-End Service — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibSsBeSvc.exe
O23 — Service: Sony SPTI Service (SPTISRV) — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 — Service: SonicStage SCSI Service (SSScsiSV) — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe—
End of file — 6186 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{88888888-8888-8888-8888-888888888888}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9D64F819-9380-8473-DAB2-702FCB3D7A3E}]
MS Media Module — C:UsersUserApplication Datamsmedia.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-05-24 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-21 3117856]
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2009-04-23 937416][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2008-01-19 1008184]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-05-24 148888]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2007-05-28 528384]
«WheelMouse»=C:Program FilesA4TechMouseAmoumain.exe [2007-02-11 241664]
«PSUNMain»=C:Program FilesPanda SecurityPanda Cloud AntivirusPSUNMain.exe [2009-04-23 353536]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2009-03-28 13687328]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2009-03-28 92704][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2008-01-19 1233920]
«ehTray.exe»=C:WindowsehomeehTray.exe [2008-01-19 125952]
«RGSC»=C:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe [2008-12-01 306088]
«adstopper»=C:Program FilesAdStoperAdStopperTrayApp.exe []
«YandexOnline»=C:Program FilesYandexOnlineonline.exe -AutoStart []
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2009-04-23 691656]
«userinit»=C:UsersUserAppDataRoamingntos.exe []C:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
is-7M2TH.lnk — C:UsersUserVirus Removal Tool1is-7M2THstartup.exe
is-LU48L.lnk — C:UsersUserVirus Removal Toolis-LU48Lstartup.exe
Registration .LNK — C:Program FilesUbisoftCyan WorldsMyst V End Of AgesregisterRegistrationReminder.exe[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesSims 3GameBinTS3.exe»=»C:Program FilesSims 3GameBinTS3.exe:*:Disabled:Sims3»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ab66e7d6-6325-11de-ac84-0019665315d7}]
shellAutoRuncommand — E:autorunautorun.exe======List of files/folders created in the last 3 months======
2009-07-05 22:47:51 —-D—- C:rsit
2009-07-05 22:47:51 —-D—- C:Program Filestrend micro
2009-07-05 12:25:55 —-A—- C:UsersUserAppDataRoamingmsmedia.dll
2009-07-04 16:03:17 —-D—- C:ProgramDataPanda Security
2009-07-04 15:43:09 —-D—- C:Program FilesFIFA 2009 — Russian Premier League
2009-07-04 15:01:26 —-SHD—- C:UsersUserAppDataRoamingwsnpoem
2009-06-28 22:33:41 —-D—- C:ProgramDataSonicStage
2009-06-28 22:29:13 —-A—- C:Windowssystem32CDDBUISony.dll
2009-06-28 22:29:13 —-A—- C:Windowssystem32CddbPlaylist2Sony.dll
2009-06-28 22:29:13 —-A—- C:Windowssystem32CddbMusicIDSony.dll
2009-06-28 22:29:13 —-A—- C:Windowssystem32CddbLinkSony.dll
2009-06-28 22:29:13 —-A—- C:Windowssystem32CDDBControlSony.dll
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxsfs.dll
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxinsi64.exe
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxinsa64.exe
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxhpinst.exe
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxdrv.dll
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxcpyi64.exe
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxcpya64.exe
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxafs.dll
2009-06-28 22:29:11 —-A—- C:Windowssystem32vxblock.dll
2009-06-28 22:29:11 —-A—- C:Windowssystem32pxwave.dll
2009-06-28 22:29:11 —-A—- C:Windowssystem32pxmas.dll
2009-06-28 22:29:11 —-A—- C:Windowssystem32px.dll
2009-06-28 22:28:23 —-D—- C:ProgramDataSony Corporation
2009-06-28 22:27:41 —-D—- C:Program FilesSony
2009-06-28 22:27:39 —-D—- C:Windowssystem32Iosubsys
2009-06-28 22:25:27 —-D—- C:UsersUserAppDataRoamingSony Corporation
2009-06-28 22:25:26 —-D—- C:Program FilesCommon FilesSony Shared
2009-06-27 19:43:26 —-D—- C:UsersUserAppDataRoamingGames
2009-06-27 19:39:39 —-D—- C:Windows8AAB4176A747493AA42CB63CFADFD8E3.TMP
2009-06-27 18:49:20 —-D—- C:ProgramDataTages
2009-06-27 18:21:55 —-D—- C:Program FilesDAEMON Tools Toolbar
2009-06-27 16:31:56 —-D—- C:UsersUserAppDataRoamingBlackBean
2009-06-24 01:36:49 —-D—- C:GAMES
2009-06-23 22:22:39 —-D—- C:Program FilesA4Tech
2009-06-21 02:48:02 —-A—- C:WindowsGame.INI
2009-06-17 22:51:24 —-SHD—- C:found.001
2009-06-17 14:41:07 —-D—- C:Program FilesThe Adventure Company
2009-06-13 14:10:44 —-D—- C:Program FilesPrototype
2009-06-05 06:16:58 —-D—- C:UsersUserAppDataRoamingPeerNetworking
2009-06-03 02:11:19 —-D—- C:UsersUserAppDataRoamingUP
2009-06-03 01:07:54 —-D—- C:UsersUserAppDataRoamingAce
2009-06-01 19:56:13 —-D—- C:Program FilesEuro Truck Simulator 2008
2009-06-01 19:04:57 —-D—- C:Program FilesCommon FilesAdobe
2009-06-01 17:23:31 —-D—- C:UsersUserAppDataRoamingMedia Player Classic
2009-06-01 03:00:49 —-D—- C:Program FilesMSXML 4.0
2009-05-31 05:00:37 —-D—- C:Program FilesElectronic Arts
2009-05-30 21:15:58 —-A—- C:Windowsmngui.INI
2009-05-30 20:29:20 —-D—- C:UsersUserAppDataRoamingTeleca
2009-05-30 20:10:12 —-D—- C:UsersUserAppDataRoamingSony Ericsson
2009-05-30 20:09:53 —-D—- C:Program FilesCommon FilesSony Ericsson Shared
2009-05-30 20:09:52 —-D—- C:Program FilesCommon FilesTeleca Shared
2009-05-30 20:09:47 —-D—- C:Program FilesSony Ericsson
2009-05-30 20:09:12 —-D—- C:WindowsDownloaded Installations
2009-05-30 20:07:48 —-D—- C:ProgramDataTeleca
2009-05-30 20:07:48 —-D—- C:ProgramDataSony Ericsson
2009-05-30 14:17:10 —-D—- C:ProgramDataApple Computer
2009-05-30 14:17:06 —-D—- C:Program FilesQuickTime Alternative
2009-05-30 14:14:39 —-D—- C:Program FilesThe KMPlayer
2009-05-30 14:12:19 —-A—- C:Windowssystem32unrar.dll
2009-05-30 14:12:18 —-D—- C:Program FilesK-Lite Codec Pack
2009-05-28 18:38:07 —-D—- C:ProgramDatais-7M2TH
2009-05-26 13:22:02 —-D—- C:UsersUserAppDataRoamingPanda Security
2009-05-26 13:21:02 —-D—- C:Program FilesPanda Security
2009-05-24 18:16:06 —-D—- C:Program FilesWMV9_VCM
2009-05-24 16:08:20 —-D—- C:WindowsSun
2009-05-24 16:03:59 —-D—- C:ProgramDatais-LU48L
2009-05-24 15:50:14 —-A—- C:Windowssystem32javaws.exe
2009-05-24 15:50:14 —-A—- C:Windowssystem32javaw.exe
2009-05-24 15:50:14 —-A—- C:Windowssystem32java.exe
2009-05-24 15:50:14 —-A—- C:Windowssystem32deploytk.dll
2009-05-24 15:49:47 —-D—- C:Program FilesJava
2009-05-23 15:47:44 —-D—- C:UsersUserAppDataRoamingYaChatData
2009-05-20 17:16:08 —-D—- C:Program FilesSims 3
2009-05-15 17:37:07 —-D—- C:Windowssystem32AGEIA
2009-05-15 17:37:06 —-D—- C:Program FilesAGEIA Technologies
2009-05-15 17:36:31 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-05-15 17:35:59 —-A—- C:Windowssystem32XAudio2_3.dll
2009-05-15 17:35:59 —-A—- C:Windowssystem32XAPOFX1_2.dll
2009-05-15 17:35:59 —-A—- C:Windowssystem32xactengine3_3.dll
2009-05-15 17:35:59 —-A—- C:Windowssystem32X3DAudio1_5.dll
2009-05-15 17:35:58 —-A—- C:Windowssystem32XAudio2_2.dll
2009-05-15 17:35:58 —-A—- C:Windowssystem32XAPOFX1_1.dll
2009-05-15 17:35:58 —-A—- C:Windowssystem32xactengine3_2.dll
2009-05-15 17:35:58 —-A—- C:Windowssystem32D3DCompiler_39.dll
2009-05-15 16:10:34 —-A—- C:Windowssystem32D3DCompiler_40.dll
2009-05-14 18:33:25 —-A—- C:WindowsIsUninst.exe
2009-05-14 18:32:24 —-A—- C:Windowssystem32LMRTREND.dll
2009-05-14 18:32:24 —-A—- C:Windowssystem32LMRT.dll
2009-05-14 18:32:24 —-A—- C:Windowssystem32dxtmsft3.dll
2009-05-14 18:32:23 —-A—- C:Windowssystem32unam4ie.exe
2009-05-14 18:32:23 —-A—- C:Windowssystem32strmdll.dll
2009-05-14 18:32:21 —-A—- C:Windowssystem32vidx16.dll
2009-05-14 18:32:21 —-A—- C:Windowssystem32qcut.dll
2009-05-14 18:32:21 —-A—- C:Windowssystem32danim.dll
2009-05-14 18:32:20 —-A—- C:Windowssystem32w95inf32.dll
2009-05-14 18:32:20 —-A—- C:Windowssystem32w95inf16.dll
2009-05-14 11:46:30 —-D—- C:Windowsnvtmpinst
2009-05-14 11:45:54 —-A—- C:Windowssystem32nvexpbar.dll
2009-05-14 11:45:54 —-A—- C:Windowssystem32nvcpluir.dll
2009-05-14 11:43:52 —-D—- C:Program FilesCommon FilesInstallShield
2009-04-21 01:01:20 —-D—- C:Program FilesVKLife
2009-04-11 01:25:23 —-D—- C:ProgramDataWindowsSearch
2009-04-10 21:51:14 —-A—- C:Windowsntbtlog.txt
2009-04-10 17:39:07 —-A—- C:UsersUserAppDataRoamingtasks.txt
2009-04-10 17:04:12 —-D—- C:Program Filesgoodlogin
2009-04-09 15:58:41 —-D—- C:Program FilesBonjour======List of files/folders modified in the last 3 months======
2009-07-05 22:47:58 —-D—- C:WindowsTemp
2009-07-05 22:47:51 —-RD—- C:Program Files
2009-07-05 22:14:39 —-SHD—- C:System Volume Information
2009-07-05 22:14:12 —-D—- C:WindowsSystem32
2009-07-05 10:02:01 —-D—- C:Windows
2009-07-05 06:31:07 —-D—- C:ProgramDataNVIDIA
2009-07-05 06:24:55 —-D—- C:Windowssystem32drivers
2009-07-05 06:24:53 —-D—- C:Windowssystem32catroot
2009-07-05 06:24:53 —-D—- C:Windowsinf
2009-07-05 06:21:57 —-D—- C:Windowssystem32catroot2
2009-07-05 05:43:12 —-D—- C:Program FilesMozilla Firefox
2009-07-04 21:09:36 —-SHD—- C:WindowsInstaller
2009-07-04 21:09:36 —-HD—- C:Program FilesInstallShield Installation Information
2009-07-04 20:25:55 —-D—- C:WindowsPrefetch
2009-07-04 16:03:17 —-HD—- C:ProgramData
2009-07-04 15:57:32 —-D—- C:Windowswinsxs
2009-07-04 12:13:50 —-D—- C:WindowsMicrosoft.NET
2009-06-28 22:25:26 —-D—- C:Program FilesCommon Files
2009-06-28 22:04:32 —-A—- C:Windowssystem32PerfStringBackup.INI
2009-06-27 19:40:19 —-RSD—- C:Windowsassembly
2009-06-27 18:24:07 —-D—- C:UsersUserAppDataRoamingDAEMON Tools Lite
2009-06-27 18:23:10 —-D—- C:Program FilesDAEMON Tools Lite
2009-06-24 20:46:58 —-D—- C:Program FilesRockstar Games
2009-06-22 02:49:27 —-D—- C:WindowsMinidump
2009-06-21 15:53:16 —-D—- C:Program FilesYandex
2009-06-05 15:38:03 —-D—- C:WindowsDebug
2009-06-04 04:42:17 —-D—- C:UsersUserAppDataRoamingBitTorrent
2009-06-04 00:58:49 —-D—- C:UsersUserAppDataRoamingAdobe
2009-06-01 20:51:12 —-A—- C:Windowssystem32mrt.exe
2009-05-31 14:25:41 —-D—- C:Windowssystem32WDI
2009-05-30 03:40:02 —-D—- C:Program FilesAdobe
2009-05-30 03:36:59 —-RSD—- C:WindowsFonts
2009-05-26 22:14:50 —-D—- C:Program FilesDAEMON Tools SearchBar
2009-05-23 15:47:33 —-D—- C:Program FilesOpera
2009-05-23 15:47:25 —-D—- C:UsersUserAppDataRoamingYandex
2009-05-19 13:50:38 —-D—- C:Windowssystem32Tasks
2009-05-15 00:56:05 —-D—- C:UsersUserAppDataRoamingDAEMON Tools Pro
2009-05-15 00:37:11 —-SD—- C:UsersUserAppDataRoamingMicrosoft
2009-05-14 19:15:11 —-D—- C:Windowssystem32NDF
2009-05-14 18:32:24 —-D—- C:Program FilesWindows Media Player
2009-05-14 18:32:23 —-D—- C:WindowsHelp
2009-04-21 16:36:33 —-D—- C:ProgramDataKaspersky Lab Setup Files
2009-04-18 06:05:48 —-D—- C:Program FilesPokerStars.NET
2009-04-10 16:41:00 —-D—- C:Program Files4GAME======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 is-LU48Ldrv;is-LU48Ldrv; C:Windowssystem32DRIVERS�5268050.sys [2008-07-08 148496]
R1 PSINKNC;PSINKNC; C:Windowssystem32DRIVERSpsinknc.sys [2009-04-23 114184]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-06-27 281504]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-06-27 25888]
R2 PSINAflt;PSINAflt; C:Windowssystem32DRIVERSPSINAflt.sys [2009-04-23 137224]
R2 PSINFile;PSINFile; C:Windowssystem32DRIVERSPSINFile.sys [2009-04-23 94216]
R2 PSINProc;PSINProc; C:Windowssystem32DRIVERSPSINProc.sys [2009-04-23 98312]
R3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2009-03-28 7738816]
R3 RTL8169;Realtek 8169 NT драйвер; C:Windowssystem32DRIVERSRtlh86.sys [2006-11-02 44544]
S1 is-7M2THdrv;is-7M2THdrv; C:Windowssystem32DRIVERS42613427.sys [2008-07-08 148496]
S3 agknm3i7;agknm3i7; C:Windowssystem32driversagknm3i7.sys []
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:Windowssystem32DRIVERSAmps2prt.sys [2007-02-10 14336]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-18 5632]
S3 ialm;ialm; C:Windowssystem32DRIVERSialmnt5.sys [2006-11-02 1302492]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-18 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-18 6016]
S3 NPPTNT2;NPPTNT2; ??C:Windowssystem32npptNT2.sys [2005-01-03 4682]
S3 R300;R300; C:Windowssystem32DRIVERSatikmdag.sys [2006-11-02 2028032]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 драйвер; C:Windowssystem32DRIVERSRtnicxp.sys [2006-11-02 47104]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:Windowssystem32DRIVERSs125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:Windowssystem32DRIVERSs125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:Windowssystem32DRIVERSs125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:Windowssystem32DRIVERSs125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:Windowssystem32DRIVERSs125obex.sys [2007-04-24 98696]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-18 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys [2006-11-02 11264]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 NanoServiceMain;NanoServiceMain; C:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe [2009-04-23 95488]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2009-03-28 207392]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:Program FilesCommon FilesSony SharedAVLibSsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe [2007-02-05 75320]
S3 usprserv;User Privilege Service; C:WindowsSystem32svchost.exe [2008-01-19 21504]
EOF
info.txt logfile of random’s system information tool 1.06 2009-07-05 22:48:11======Uninstall list======
—>Dummy
—>MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
2X-Office 7.80—>C:Program FilesA4TechMouseUninst32.exe
Adobe Anchor Service CS3—>MsiExec.exe /I{A4464AC3-D85E-4649-8748-706191063DF6}
Adobe Asset Services CS3—>MsiExec.exe /I{7302810D-7ACF-4339-B27B-57016CAADDCD}
Adobe Bridge CS3—>MsiExec.exe /I{FABA59CC-347B-478B-B2A7-37BF0885CACB}
Adobe Bridge Start Meeting—>MsiExec.exe /I{CE52110A-7773-444F-9E5D-4A45E4792DB6}
Adobe Camera Raw 4.0—>MsiExec.exe /I{AED353B9-E6D7-406F-B007-2C55C5265EB3}
Adobe CMaps—>MsiExec.exe /I{D8FC8E35-D397-4C16-87AE-141A625221E4}
Adobe Default Language CS3—>MsiExec.exe /I{D446BA40-1F5F-44EB-A794-0AC14F809C79}
Adobe Device Central CS3—>MsiExec.exe /I{265FCC3B-4814-4B2B-89D6-217DFB8AD886}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{F36CFE58-47C0-4D75-995B-E0172563FA83}
Adobe Flash Player 10 ActiveX—>C:Windowssystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:Windowssystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{162DDD86-C087-4E59-B7A8-0C1D8F884A9A}
Adobe Help Viewer 1.1—>MsiExec.exe /I{F3697BA5-C8D8-4925-ACCA-F486C76BAD33}
Adobe Linguistics CS3—>MsiExec.exe /I{E5C28906-EC86-404E-BB4F-6AB2590451FF}
Adobe PDF Library Files—>MsiExec.exe /I{91D829E6-F1D1-433F-861F-0552DFED0EAD}
Adobe Photoshop CS3—>MsiExec.exe /I{F32F1F7C-322D-46B9-B69A-5C3EDC88B74C}
Adobe Setup—>MsiExec.exe /I{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}
Adobe Shockwave Player—>C:WindowsSystem32MacromedSHOCKW~1UNWISE.EXE C:WindowsSystem32MacromedSHOCKW~1Install.log
Adobe Stock Photos CS3—>MsiExec.exe /I{73B79E83-490B-460D-B0D6-2C7B73980325}
Adobe Type Support—>MsiExec.exe /I{A78A65E4-1D88-477A-83B4-3EC540F6A55A}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{BF18C55F-791F-4C17-AB75-E397EE01C14B}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{51DC4D9C-F729-48A7-9CE0-BC77529ECCA2}
Adobe XMP Panels CS3—>MsiExec.exe /I{F0CF6455-EDD8-41C6-A96A-223874E660CC}
Cheat Engine 5.4—>»C:Program FilesCheat Engineunins000.exe»
DAEMON Tools Toolbar—>C:Program FilesDAEMON Tools Toolbaruninst.exe
DirectX10 LV (Last Version)—>»C:Program FilesCommon Filesunins000.exe»
Eng-Rus Dictionary Gadget—>MsiExec.exe /I{68E910DE-008D-40B1-BDBC-18AF3A8A380D}
Euro Truck Simulator 2008—>»C:Program FilesEuro Truck Simulator 2008unins000.exe»
FIFA 2009 — Russian Premier League—>»C:Program FilesFIFA 2009 — Russian Premier Leagueunins000.exe»
Grand Theft Auto IV—>»C:Program FilesInstallShield Installation Information{579BA58C-F33D-4970-9953-B94B43768AC3}setup.exe» -runfromtemp -l0x0019 -removeonly
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
Java(TM) 6 Update 13—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Codec Pack 3.9.5 (Standard)—>»C:Program FilesK-Lite Codec Packunins000.exe»
Microsoft .NET Framework 3.5 (Pre-Release Version) Language Pack — rus—>MsiExec.exe /I{2EC70FE7-1673-3EEF-B8CE-B86281CE8B9A}
Microsoft .NET Framework 3.5 (предварительная версия), языковой пакет — rus—>c:WindowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 (Pre-Release Version) Language Pack — russetup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 — rus—>MsiExec.exe /I{2744791F-4E7C-32F5-AB40-AEC6A6C86DBF}
Microsoft .NET Framework 3.5 SP1—>c:WindowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WindowsINFwmv9vcm.inf, Uninstall
Mozilla Firefox (3.0.11)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nancy Drew — Danger by Design—>»C:GAMESNancy Drew — Danger by Designunins000.exe»
NVIDIA Drivers—>C:Windowssystem32nvuninst.exe UninstallGUI
NVIDIA PhysX—>MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
OpenMG Limited Patch 4.7-07-14-05-01—>C:Program FilesCommon FilesSony SharedOpenMGHotFixesHotFix4.7-07-14-05-01HotFixSetupsetup.exe /u
OpenMG Secure Module 4.7.00—>C:PROGRA~1COMMON~1INSTAL~1Driver1150INTEL3~1IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Opera—>C:PROGRA~1Operauninstunwise.exe C:PROGRA~1Operauninstinstall.log
Panda Cloud Antivirus—>»C:Program FilesPanda SecurityPanda Cloud AntivirusSetup.exe» /X{42ABBD6C-422E-4523-B776-2ADD6EEA9C65}
Panda Cloud Antivirus—>MsiExec.exe /X{42ABBD6C-422E-4523-B776-2ADD6EEA9C65}
PDF Manual NW-E010 Series—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4038EAF0-6F8E-4068-88F6-A417958B8AC5}setup.exe» -l0x19 UNINSTALL -removeonly
PokerStars.net—>»C:Program FilesPokerStars.NETPokerStarsUninstall.exe» /u:PokerStars.net
Prototype—>»C:Program FilesPrototypeunins000.exe»
QuickTime Alternative 2.6.0—>»C:Program FilesQuickTime Alternativeunins000.exe»
Rockstar Games Social Club—>»C:Program FilesInstallShield Installation Information{08B3869E-D282-424C-9AFC-870E04A4BA14}setup.exe» -runfromtemp -l0x0019 -removeonly
Sherlock Holmes vs Jack the Ripper—>»C:Program FilesInstallShield Installation Information{4CA139C8-A46C-42D1-9D20-EAF06EE9A627}setup.exe» -runfromtemp -l0x0419 -removeonly
Sherlock Holmes vs Jack the Ripper—>MsiExec.exe /I{4CA139C8-A46C-42D1-9D20-EAF06EE9A627}
SonicStage 4.3—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A0EB195B-5876-48E6-879D-33D4B2102610}setup.exe» -l0x9 UNINSTALL -removeonly
Sony Ericsson Device Data—>MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers—>MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite—>C:WindowsInstaller{D6BF6477-8369-489F-8DE6-3731F4B88560}Setup.exe /uninstall
Sony Ericsson PC Suite—>MsiExec.exe /I{345CDDCB-8241-4E76-9D3B-155F2FD6F07E}
The KMPlayer (remove only)—>»C:Program FilesThe KMPlayeruninstall.exe»
The Sims 3—>»C:Program FilesSims 3unins000.exe»
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
VKLife 1.9—>»C:VKLifeunins000.exe»
патч 1.0.631.00001 для Sims 3—>»C:Program FilesElectronic ArtsThe Sims 3unins000.exe»
РПЛ08—>C:Program FilesInstallShield Installation Information{B5382E2F-E0BC-4733-BF1C-BB4AF59F7F3C}setup.exe -runfromtemp -l0x0419
Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS—>c:WindowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — russetup.exe
Яндекс.Бар для Internet Explorer 4.0.0—>»C:Program FilesYandexYandexBarIEunins000.exe»======Security center information======
AS: Защитник Windows (disabled)
======System event log======
Computer Name: User-ПК
Event Code: 7036
Message: Служба «Модуль запуска службы Windows Media Center» перешла в состояние Остановлена.
Record Number: 70847
Source Name: Service Control Manager
Time Written: 20090705184456.000000-000
Event Type: Сведения
User:Computer Name: User-ПК
Event Code: 10029
Message: DCOM запустил службу TrustedInstaller с аргументами «», чтобы запустить сервер:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 70848
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090705184545.000000-000
Event Type: Сведения
User:Computer Name: User-ПК
Event Code: 7036
Message: Служба «Установщик модулей Windows» перешла в состояние Работает.
Record Number: 70849
Source Name: Service Control Manager
Time Written: 20090705184545.000000-000
Event Type: Сведения
User:Computer Name: User-ПК
Event Code: 18
Message: Все готово к установке: следующие обновления загружены и готовы к установке. Установка обновлений будет выполнена по расписанию ?6 ?июля ?2009 ?г. в 3:00:
— Накопительный пакет обновления для флагов блокировки элемента ActiveX в ОС Windows Vista (KB969898)
— Браузер Internet Explorer 8 для Windows Vista
Record Number: 70850
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20090705184611.392474-000
Event Type: Сведения
User: NT AUTHORITYSYSTEMComputer Name: User-ПК
Event Code: 7036
Message: Служба «Сведения о приложении» перешла в состояние Работает.
Record Number: 70851
Source Name: Service Control Manager
Time Written: 20090705184730.000000-000
Event Type: Сведения
User:=====Application event log=====
Computer Name: User-ПК
Event Code: 1003
Message: Служба Windows Search запущена.Record Number: 10721
Source Name: Microsoft-Windows-Search
Time Written: 20090705184234.000000-000
Event Type: Сведения
User:Computer Name: User-ПК
Event Code: 0
Message:
Record Number: 10722
Source Name: NanoServiceMain
Time Written: 20090705184252.000000-000
Event Type: Сведения
User:Computer Name: User-ПК
Event Code: 1
Message: Клиент служб сертификации запущен.
Record Number: 10723
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090705184315.945867-000
Event Type: Сведения
User: User-ПКUserComputer Name: User-ПК
Event Code: 1
Message: Клиент служб сертификации запущен.
Record Number: 10724
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090705184327.477117-000
Event Type: Сведения
User: NT AUTHORITYSYSTEMComputer Name: User-ПК
Event Code: 1
Message: Служба центра обеспечения безопасности Windows запущена.
Record Number: 10725
Source Name: SecurityCenter
Time Written: 20090705184453.000000-000
Event Type: Сведения
User:=====Security event log=====
Computer Name: User-ПК
Event Code: 5038
Message: Средство проверки целостности кода обнаружило, что хэш образа файла недопустим. Файл может быть поврежден после его несанкционированного изменения, или недопустимый хэш может указывать на потенциальную ошибку дискового устройства.Имя файла: DeviceHarddiskVolume1WindowsSystem32driverstcpip.sys
Record Number: 19442
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090705184809.710097-000
Event Type: Сбой аудита
User:Computer Name: User-ПК
Event Code: 5038
Message: Средство проверки целостности кода обнаружило, что хэш образа файла недопустим. Файл может быть поврежден после его несанкционированного изменения, или недопустимый хэш может указывать на потенциальную ошибку дискового устройства.Имя файла: DeviceHarddiskVolume1WindowsSystem32driverstcpip.sys
Record Number: 19443
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090705184809.744274-000
Event Type: Сбой аудита
User:Computer Name: User-ПК
Event Code: 5038
Message: Средство проверки целостности кода обнаружило, что хэш образа файла недопустим. Файл может быть поврежден после его несанкционированного изменения, или недопустимый хэш может указывать на потенциальную ошибку дискового устройства.Имя файла: DeviceHarddiskVolume1WindowsSystem32driverstcpip.sys
Record Number: 19444
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090705184809.768687-000
Event Type: Сбой аудита
User:Computer Name: User-ПК
Event Code: 5038
Message: Средство проверки целостности кода обнаружило, что хэш образа файла недопустим. Файл может быть поврежден после его несанкционированного изменения, или недопустимый хэш может указывать на потенциальную ошибку дискового устройства.Имя файла: DeviceHarddiskVolume1WindowsSystem32driverstcpip.sys
Record Number: 19445
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090705184809.794076-000
Event Type: Сбой аудита
User:Computer Name: User-ПК
Event Code: 5038
Message: Средство проверки целостности кода обнаружило, что хэш образа файла недопустим. Файл может быть поврежден после его несанкционированного изменения, или недопустимый хэш может указывать на потенциальную ошибку дискового устройства.Имя файла: DeviceHarddiskVolume1WindowsSystem32driverstcpip.sys
Record Number: 19446
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090705184809.819465-000
Event Type: Сбой аудита
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«Path»=C:Windowssystem32;C:Windows;C:WindowsSystem32Wbem;C:Program FilesCommon FilesTeleca Shared
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
«PROCESSOR_ARCHITECTURE»=x86
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«USERNAME»=SYSTEM
«windir»=%SystemRoot%
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«configsetroot»=%SystemRoot%ConfigSetRoot
«RGSCLauncher»=C:Program FilesRockstar GamesRockstar Games Social Club
«RGSC»=C:Program FilesRockstar GamesRockstar Games Social Club1_0_0_0
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Скачайте OTM by OldTimer кликнув по этой ссылке.
Запустите OTM и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe:services
is-LU48Ldrv
is-7M2THdrv
usprserv:reg
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{88888888-8888-8888-8888-888888888888}]
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9D64F819-9380-8473-DAB2-702FCB3D7A3E}][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«userinit»=-[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ab66e7d6-6325-11de-ac84-0019665315d7}]
:files
C:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupis-7M2TH.lnk
C:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupis-LU48L.lnk:Commands
[start explorer]
[Reboot]
Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите к вашему сообщению свежий RSIT лог (только log.txt).
Сделала, как вы сказали. Вот, что получилось:
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========
ServiceDriver is-LU48Ldrv not found.
Unable to delete servicedriver keyis-LU48Ldrv.
ServiceDriver is-7M2THdrv not found.
Unable to delete servicedriver keyis-7M2THdrv.
ServiceDriver is-7M2THdrv not found.
Unable to delete servicedriver keyusprserv.
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{88888888-8888-8888-8888-888888888888} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{88888888-8888-8888-8888-888888888888} not found.
Registry delete failed. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9D64F819-9380-8473-DAB2-702FCB3D7A3E} scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9D64F819-9380-8473-DAB2-702FCB3D7A3E} .
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\userinit deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ab66e7d6-6325-11de-ac84-0019665315d7} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{ab66e7d6-6325-11de-ac84-0019665315d7} not found.
========== FILES ==========
C:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupis-7M2TH.lnk moved successfully.
C:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupis-LU48L.lnk moved successfully.
========== COMMANDS ==========OTM by OldTimer — Version 3.0.0.4 log created on 09022009_210936
Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-09-02 21:23:50
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 31 GB (13%) free of 238 GB
Total RAM: 2047 MB (66% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:52, on 02.09.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: NormalRunning processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:Program FilesA4TechMouseAmoumain.exe
C:Program FilesPanda SecurityPanda Cloud AntivirusPSUNMain.exe
C:WindowsSystem32rundll32.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Windowsehomeehtray.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Windowssystem32wuauclt.exe
C:Windowsexplorer.exe
C:Windowssystem32NOTEPAD.EXE
C:UsersUserDesktopRSIT.exe
C:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.key.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 — Hosts: ::1 localhost
O2 — BHO: Search Helper — {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} — C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 — BHO: (no name) — {88888888-8888-8888-8888-888888888888} — (no file)
O2 — BHO: Помощник по входу в Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: MS Media Module — {9D64F819-9380-8473-DAB2-702FCB3D7A3E} — %USERPROFILE%Application Datamsmedia.dll (file missing)
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: Windows Live Toolbar Helper — {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} — C:Program FilesWindows LiveToolbarwltcore.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 — Toolbar: &Windows Live Toolbar — {21FA44EF-376D-4D53-9B0F-8A89D3229068} — C:Program FilesWindows LiveToolbarwltcore.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [PSUNMain] «C:Program FilesPanda SecurityPanda Cloud AntivirusPSUNMain.exe» /Traybar
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 — HKCU..Run: [RGSC] C:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent
O4 — HKCU..Run: [adstopper] C:Program FilesAdStoperAdStopperTrayApp.exe
O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [msnmsgr] «C:Program FilesWindows LiveMessengermsnmsgr.exe» /background
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: Registration .LNK = C:Program FilesUbisoftCyan WorldsMyst V End Of AgesregisterRegistrationReminder.exe
O9 — Extra button: Отправка в блог — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra ‘Tools’ menuitem: &Отправка в блог Windows Live Writer — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra button: PokerStars.net — {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} — C:Program FilesPokerStars.NETPokerStarsUpdate.exe
O13 — Gopher Prefix:
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 — Service: MSCSPTISRV — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 — Service: NanoServiceMain — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: PACSPTISVR — Unknown owner — C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 — Service: SonicStage Back-End Service — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibSsBeSvc.exe
O23 — Service: Sony SPTI Service (SPTISRV) — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 — Service: SonicStage SCSI Service (SSScsiSV) — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe—
End of file — 7012 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper — C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll [2009-05-19 137600][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{88888888-8888-8888-8888-888888888888}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу в Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9D64F819-9380-8473-DAB2-702FCB3D7A3E}]
MS Media Module — C:UsersUserApplication Datamsmedia.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-05-24 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper — C:Program FilesWindows LiveToolbarwltcore.dll [2009-02-06 1068904][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-21 3117856]
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2009-04-23 937416]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} — &Windows Live Toolbar — C:Program FilesWindows LiveToolbarwltcore.dll [2009-02-06 1068904][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2008-01-19 1008184]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-05-24 148888]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2007-05-28 528384]
«WheelMouse»=C:Program FilesA4TechMouseAmoumain.exe [2007-02-11 241664]
«PSUNMain»=C:Program FilesPanda SecurityPanda Cloud AntivirusPSUNMain.exe [2009-04-23 353536]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2009-03-28 13687328]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2009-03-28 92704][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2008-01-19 1233920]
«ehTray.exe»=C:WindowsehomeehTray.exe [2008-01-19 125952]
«RGSC»=C:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe [2008-12-01 306088]
«adstopper»=C:Program FilesAdStoperAdStopperTrayApp.exe []
«YandexOnline»=C:Program FilesYandexOnlineonline.exe -AutoStart []
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2009-04-23 691656]
«msnmsgr»=C:Program FilesWindows LiveMessengermsnmsgr.exe [2009-02-06 3885408]C:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Registration .LNK — C:Program FilesUbisoftCyan WorldsMyst V End Of AgesregisterRegistrationReminder.exe[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesSims 3GameBinTS3.exe»=»C:Program FilesSims 3GameBinTS3.exe:*:Disabled:Sims3»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 3 months======
2009-09-02 21:09:36 —-D—- C:_OTM
2009-09-01 19:24:26 —-DC—- C:Windowssystem32DRVSTORE
2009-09-01 19:23:38 —-D—- C:Program FilesMicrosoft Sync Framework
2009-09-01 19:22:33 —-D—- C:Program FilesMicrosoft SQL Server Compact Edition
2009-09-01 19:20:28 —-D—- C:Program FilesMicrosoft
2009-09-01 19:20:11 —-D—- C:Program FilesWindows Live SkyDrive
2009-09-01 19:20:04 —-D—- C:Program FilesWindows Live
2009-09-01 19:19:52 —-D—- C:WindowsPCHEALTH
2009-09-01 18:59:56 —-D—- C:Program FilesCommon FilesWindows Live
2009-07-05 22:47:51 —-D—- C:rsit
2009-07-05 22:47:51 —-D—- C:Program Filestrend micro
2009-07-05 12:25:55 —-A—- C:UsersUserAppDataRoamingmsmedia.dll
2009-07-04 16:03:17 —-D—- C:ProgramDataPanda Security
2009-07-04 15:43:09 —-D—- C:Program FilesFIFA 2009 — Russian Premier League
2009-07-04 15:01:26 —-SHD—- C:UsersUserAppDataRoamingwsnpoem
2009-06-28 22:33:41 —-D—- C:ProgramDataSonicStage
2009-06-28 22:29:13 —-A—- C:Windowssystem32CDDBUISony.dll
2009-06-28 22:29:13 —-A—- C:Windowssystem32CddbPlaylist2Sony.dll
2009-06-28 22:29:13 —-A—- C:Windowssystem32CddbMusicIDSony.dll
2009-06-28 22:29:13 —-A—- C:Windowssystem32CddbLinkSony.dll
2009-06-28 22:29:13 —-A—- C:Windowssystem32CDDBControlSony.dll
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxsfs.dll
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxinsi64.exe
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxinsa64.exe
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxhpinst.exe
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxdrv.dll
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxcpyi64.exe
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxcpya64.exe
2009-06-28 22:29:12 —-A—- C:Windowssystem32pxafs.dll
2009-06-28 22:29:11 —-A—- C:Windowssystem32vxblock.dll
2009-06-28 22:29:11 —-A—- C:Windowssystem32pxwave.dll
2009-06-28 22:29:11 —-A—- C:Windowssystem32pxmas.dll
2009-06-28 22:29:11 —-A—- C:Windowssystem32px.dll
2009-06-28 22:28:23 —-D—- C:ProgramDataSony Corporation
2009-06-28 22:27:41 —-D—- C:Program FilesSony
2009-06-28 22:27:39 —-D—- C:Windowssystem32Iosubsys
2009-06-28 22:25:27 —-D—- C:UsersUserAppDataRoamingSony Corporation
2009-06-28 22:25:26 —-D—- C:Program FilesCommon FilesSony Shared
2009-06-27 19:43:26 —-D—- C:UsersUserAppDataRoamingGames
2009-06-27 19:39:39 —-D—- C:Windows8AAB4176A747493AA42CB63CFADFD8E3.TMP
2009-06-27 18:49:20 —-D—- C:ProgramDataTages
2009-06-27 18:21:55 —-D—- C:Program FilesDAEMON Tools Toolbar
2009-06-27 16:31:56 —-D—- C:UsersUserAppDataRoamingBlackBean
2009-06-24 01:36:49 —-D—- C:GAMES
2009-06-23 22:22:39 —-D—- C:Program FilesA4Tech
2009-06-21 02:48:02 —-A—- C:WindowsGame.INI
2009-06-17 22:51:24 —-SHD—- C:found.001
2009-06-17 14:41:07 —-D—- C:Program FilesThe Adventure Company
2009-06-13 14:10:44 —-D—- C:Program FilesPrototype
2009-06-05 06:16:58 —-D—- C:UsersUserAppDataRoamingPeerNetworking
2009-06-03 02:11:19 —-D—- C:UsersUserAppDataRoamingUP
2009-06-03 01:07:54 —-D—- C:UsersUserAppDataRoamingAce======List of files/folders modified in the last 3 months======
2009-09-02 21:23:34 —-D—- C:WindowsTemp
2009-09-02 15:27:47 —-SHD—- C:System Volume Information
2009-09-02 12:09:58 —-D—- C:Windowssystem32drivers
2009-09-02 03:02:51 —-SHD—- C:WindowsInstaller
2009-09-01 20:07:32 —-D—- C:WindowsMicrosoft.NET
2009-09-01 20:06:36 —-RSD—- C:Windowsassembly
2009-09-01 19:53:12 —-SD—- C:UsersUserAppDataRoamingMicrosoft
2009-09-01 19:24:26 —-D—- C:WindowsSystem32
2009-09-01 19:23:44 —-D—- C:Windowswinsxs
2009-09-01 19:23:38 —-RD—- C:Program Files
2009-09-01 19:23:29 —-SD—- C:ProgramDataMicrosoft
2009-09-01 19:23:15 —-D—- C:Windows
2009-09-01 19:22:15 —-D—- C:WindowsSoftwareDistribution
2009-09-01 19:20:16 —-D—- C:Program FilesCommon Filesmicrosoft shared
2009-09-01 18:59:56 —-D—- C:Program FilesCommon Files
2009-07-05 06:31:07 —-D—- C:ProgramDataNVIDIA
2009-07-05 06:30:16 —-D—- C:Windowsnvtmpinst
2009-07-05 06:24:53 —-D—- C:Windowssystem32catroot
2009-07-05 06:24:53 —-D—- C:Windowsinf
2009-07-05 06:21:57 —-D—- C:Windowssystem32catroot2
2009-07-05 05:43:12 —-D—- C:Program FilesMozilla Firefox
2009-07-04 21:09:36 —-HD—- C:Program FilesInstallShield Installation Information
2009-07-04 20:25:55 —-D—- C:WindowsPrefetch
2009-07-04 16:03:17 —-HD—- C:ProgramData
2009-06-28 22:26:22 —-D—- C:Program FilesCommon FilesInstallShield
2009-06-28 22:04:32 —-A—- C:Windowssystem32PerfStringBackup.INI
2009-06-27 19:39:35 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-06-27 18:24:07 —-D—- C:UsersUserAppDataRoamingDAEMON Tools Lite
2009-06-27 18:23:10 —-D—- C:Program FilesDAEMON Tools Lite
2009-06-24 20:46:58 —-D—- C:Program FilesRockstar Games
2009-06-22 02:49:27 —-D—- C:WindowsMinidump
2009-06-21 15:53:16 —-D—- C:Program FilesYandex
2009-06-21 15:51:30 —-D—- C:UsersUserAppDataRoamingYaChatData
2009-06-05 15:38:03 —-D—- C:WindowsDebug
2009-06-04 04:42:17 —-D—- C:UsersUserAppDataRoamingBitTorrent
2009-06-04 03:31:49 —-D—- C:Program FilesCommon FilesAdobe
2009-06-04 00:58:49 —-D—- C:UsersUserAppDataRoamingAdobe======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 is-LU48Ldrv;is-LU48Ldrv; C:Windowssystem32DRIVERS5268050.sys [2008-07-08 148496]
R1 PSINKNC;PSINKNC; C:Windowssystem32DRIVERSpsinknc.sys [2009-04-23 114184]
R2 atksgt;atksgt; C:Windowssystem32DRIVERSatksgt.sys [2009-06-27 281504]
R2 lirsgt;lirsgt; C:Windowssystem32DRIVERSlirsgt.sys [2009-06-27 25888]
R2 PSINAflt;PSINAflt; C:Windowssystem32DRIVERSPSINAflt.sys [2009-04-23 137224]
R2 PSINFile;PSINFile; C:Windowssystem32DRIVERSPSINFile.sys [2009-04-23 94216]
R2 PSINProc;PSINProc; C:Windowssystem32DRIVERSPSINProc.sys [2009-04-23 98312]
R3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2009-03-28 7738816]
R3 RTL8169;Realtek 8169 NT драйвер; C:Windowssystem32DRIVERSRtlh86.sys [2006-11-02 44544]
S1 is-7M2THdrv;is-7M2THdrv; C:Windowssystem32DRIVERS42613427.sys [2008-07-08 148496]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:Windowssystem32DRIVERSAmps2prt.sys [2007-02-10 14336]
S3 ayp8dcjt;ayp8dcjt; C:Windowssystem32driversayp8dcjt.sys []
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-18 5632]
S3 fssfltr;FssFltr; C:Windowssystem32DRIVERSfssfltr.sys [2009-02-06 55280]
S3 ialm;ialm; C:Windowssystem32DRIVERSialmnt5.sys [2006-11-02 1302492]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-18 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-18 6016]
S3 NPPTNT2;NPPTNT2; ??C:Windowssystem32npptNT2.sys [2005-01-03 4682]
S3 R300;R300; C:Windowssystem32DRIVERSatikmdag.sys [2006-11-02 2028032]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 драйвер; C:Windowssystem32DRIVERSRtnicxp.sys [2006-11-02 47104]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:Windowssystem32DRIVERSs125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:Windowssystem32DRIVERSs125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:Windowssystem32DRIVERSs125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:Windowssystem32DRIVERSs125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:Windowssystem32DRIVERSs125obex.sys [2007-04-24 98696]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-18 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys [2006-11-02 11264]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 NanoServiceMain;NanoServiceMain; C:Program FilesPanda SecurityPanda Cloud AntivirusPSANHost.exe [2009-04-23 95488]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2009-03-28 207392]
R2 SeaPort;SeaPort; C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe [2009-05-19 240512]
S3 fsssvc;Семейная безопасность Windows Live; C:Program FilesWindows LiveFamily Safetyfsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:Program FilesCommon FilesSony SharedAVLibSsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe [2007-02-05 75320]
S3 usprserv;User Privilege Service; C:WindowsSystem32svchost.exe [2008-01-19 21504]
EOF
Пробовала перевести дату в календаре на два месяца вперед, на мозилле информер исчез, а на опере и экспорере остался. Хотя и на мозилле уже вылетал, приходилось еще раз переводить дату.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Скачала и запустила эту программу. Вот, что она показала в конце:
ComboFix 09-07-12.03 — User 02.09.2009 3:12.1.2 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.7.1049.18.2047.1125 [GMT 4:00]
Running from: c:usersUserDownloadsComboFix.exe
SP: Защитник Windows *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:$recycle.binS-1-5-21-1557293541-630233733-3230284385-500
c:$recycle.binS-1-5-21-2152478756-3922319563-605102323-500
c:programdataMicrosoftNetworkDownloaderqmgr0.dat
c:programdataMicrosoftNetworkDownloaderqmgr1.dat
c:usersUserAppDataRoamingwsnpoem
c:usersUserAppDataRoamingwsnpoem0B5F982.uf
c:usersUserAppDataRoamingwsnpoemaudio.dll
c:usersUserAppDataRoamingwsnpoemvideo.dll
c:windowsInstaller98cd6.msi
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.2009-09-02 22:04 . 2009-09-02 22:04
d
w- c:program filesToros Software
2009-09-02 17:09 . 2009-09-02 17:09
d
w- C:_OTM
2009-09-01 23:16 . 2009-09-01 23:16
d
w- c:usersUserAppDataLocaltemp
2009-09-01 15:53 . 2009-09-01 20:45
d
w- c:usersUserTracing
2009-09-01 15:24 . 2009-09-01 15:24
dc—-w- c:windowssystem32DRVSTORE
2009-09-01 15:24 . 2009-02-06 14:08 55280 —-a-w- c:windowssystem32driversfssfltr.sys
2009-09-01 15:23 . 2009-09-01 15:23
d
w- c:program filesMicrosoft Sync Framework
2009-09-01 15:22 . 2009-09-01 15:22
d
w- c:program filesMicrosoft SQL Server Compact Edition
2009-09-01 15:20 . 2009-09-01 15:20
d
w- c:program filesMicrosoft
2009-09-01 15:20 . 2009-09-01 15:20
d
w- c:program filesWindows Live SkyDrive
2009-09-01 15:20 . 2009-09-01 15:24
d
w- c:program filesWindows Live
2009-09-01 15:19 . 2009-09-01 15:19
d
w- c:windowsPCHEALTH
2009-09-01 14:59 . 2009-09-01 14:59
d
w- c:program filesCommon FilesWindows Live
2009-09-01 11:59 . 2009-09-01 11:59
d
w- c:program filesRealtek
2009-09-01 11:59 . 2009-06-29 08:16 160256 —-a-w- c:windowssystem32FMAPO.dll
2009-09-01 11:59 . 2009-04-16 06:14 142848 —-a-w- c:windowssystem32AERTACap.dll
2009-09-01 11:59 . 2009-03-31 10:07 125952 —-a-w- c:windowssystem32AERTARen.dll
2009-09-01 11:59 . 2009-03-09 01:30 290304 —-a-w- c:windowssystem32RP3DAA32.dll
2009-09-01 11:59 . 2008-11-09 07:52 159744 —-a-w- c:windowssystem32MaxxAudioAPO20.dll
2009-09-01 11:59 . 2008-05-19 14:25 1933312 —-a-w- c:windowssystem32MaxxAudioEQ.dll
2009-09-01 11:59 . 2007-07-30 14:26 126976 —-a-w- c:windowssystem32MaxxAudioAPO.dll
2009-09-01 11:57 . 2009-09-01 12:01
d—h—w- c:program filesTemp
2009-09-01 11:57 . 2009-06-24 06:43 831488 —-a-w- c:windowsRtlExUpd.dll
2009-08-31 22:52 . 2009-08-31 22:52
d
w- c:usersUserAppDataLocalApps.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 17:23 . 2009-07-05 18:47
d
w- c:program filestrend micro
2009-09-01 23:16 . 2009-05-24 12:03 289069088 —sha-w- c:windowssystem32driversfidbox.dat
2009-09-01 23:11 . 2009-03-22 13:08
d
w- c:usersUserAppDataRoamingBitTorrent
2009-09-01 20:44 . 2009-05-24 12:03 3328292 —sha-w- c:windowssystem32driversfidbox.idx
2009-09-01 12:00 . 2009-09-01 12:00 319456 —-a-w- c:windowsDIFxAPI.dll
2009-09-01 11:59 . 2009-03-22 18:02
d—h—w- c:program filesInstallShield Installation Information
2009-07-09 17:39 . 2009-07-09 17:39
d
w- c:program filesPerfect World Entertainment
2009-07-09 17:25 . 2009-07-09 11:05
d
w- c:usersUserAppDataRoamingGetRightToGo
2009-07-09 17:14 . 2009-07-09 17:14
d
w- c:program filesUbisoft
2009-07-09 15:32 . 2009-07-09 15:32
d
w- c:program filesMidway Home Entertainment
2009-07-09 15:13 . 2009-03-22 18:02
d
w- c:program filesRockstar Games
2009-07-06 13:47 . 2009-09-01 12:00 51744 —-a-w- c:windowssystem32RtkCoInst.dll
2009-07-06 13:47 . 2009-09-01 12:00 1169440 —-a-w- c:windowssystem32RtkPgExt.dll
2009-07-06 13:47 . 2009-09-01 12:00 326176 —-a-w- c:windowssystem32RtkApoApi.dll
2009-07-06 13:47 . 2009-09-01 12:00 2898464 —-a-w- c:windowssystem32RtkAPO.dll
2009-07-06 13:12 . 2009-09-01 12:00 2657120 —-a-w- c:windowssystem32driversRTKVHDA.sys
2009-07-05 18:10 . 2009-06-17 10:41
d
w- c:program filesThe Adventure Company
2009-07-05 08:25 . 2009-07-05 08:25 12800 —-a-w- c:usersUserAppDataRoamingmsmedia.dll
2009-07-05 08:25 . 2009-07-05 08:25 12800 —-a-w- c:usersUserAppDataRoamingmsmedia.dll
2009-07-05 02:31 . 2009-03-18 17:10
d
w- c:programdataNVIDIA
2009-07-04 12:03 . 2009-07-04 12:03 245 —-a-w- c:windowssystem32PSUNCpl.dat
2009-07-04 12:03 . 2009-07-04 12:03
d
w- c:programdataPanda Security
2009-07-04 11:55 . 2009-07-04 11:43
d
w- c:program filesFIFA 2009 — Russian Premier League
2009-06-28 18:04 . 2006-11-09 07:21 653074 —-a-w- c:windowssystem32perfh019.dat
2009-06-28 18:04 . 2006-11-09 07:21 125594 —-a-w- c:windowssystem32perfc019.dat
2009-06-27 15:40 . 2009-06-27 14:41 281504 —-a-w- c:windowssystem32driversatksgt.sys
2009-06-27 15:40 . 2009-06-27 14:41 25888 —-a-w- c:windowssystem32driverslirsgt.sys
2009-06-27 14:19 . 2009-03-22 13:16 721904 —-a-w- c:windowssystem32driverssptd.sys
2009-06-27 13:05 . 2009-03-18 16:49 49920 —-a-w- c:usersUserAppDataLocalGDIPFONTCACHEV1.DAT
2009-03-22 13:47 . 2009-03-22 13:47 2599 —-a-w- c:program filesCommon Filesunins000.dat
2009-03-22 13:46 . 2009-03-22 13:47 729520 —-a-w- c:program filesCommon Filesunins000.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-21 3117856][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-21 3117856][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2008-01-18 1233920]
«ehTray.exe»=»c:windowsehomeehTray.exe» [2008-01-18 125952]
«RGSC»=»c:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe» [2008-12-01 306088]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2009-04-23 691656]
«msnmsgr»=»c:program filesWindows LiveMessengermsnmsgr.exe» [2009-02-06 3885408][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»c:program filesWindows DefenderMSASCui.exe» [2008-01-18 1008184]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-05-24 148888]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2007-05-28 528384]
«WheelMouse»=»c:program filesA4TechMouseAmoumain.exe» [2007-02-10 241664]
«PSUNMain»=»c:program filesPanda SecurityPanda Cloud AntivirusPSUNMain.exe» [2009-04-23 353536]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-03-27 13687328]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-03-27 92704]
«RtHDVCpl»=»c:program filesRealtekAudioHDARtHDVCpl.exe» [2009-07-06 7600672]
«Skytel»=»c:program filesRealtekAudioHDASkytel.exe» [2009-07-06 1833504][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{3CE2CE2B-9196-402D-A8E2-471709DD8F31}»= UDP:c:program filesBitTorrentBitTorrent.exe:BitTorrent (TCP-In)
«{9DD7E610-5320-4B5D-8D50-F89D93CC69F1}»= TCP:c:program filesBitTorrentBitTorrent.exe:BitTorrent (UDP-In)
«{F52A7D62-BD7D-4773-9E5E-239983ED2A99}»= UDP:c:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe:Rockstar Games Social Club
«{D389AA9E-62BE-434B-A0A4-B0D6C986CEE4}»= TCP:c:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe:Rockstar Games Social Club
«{EB9A164A-B748-4A7A-9DCB-27118E8AEBA4}»= c:program filesWindows LiveSyncWindowsLiveSync.exe:Windows Live Sync[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfileAuthorizedApplicationsList]
«c:\Program Files\Sims 3\Game\Bin\TS3.exe»= c:program filesSims 3GameBinTS3.exe:*:Disabled:Sims3R1 is-LU48Ldrv;is-LU48Ldrv;c:windowsSystem32drivers5268050.sys [24.05.2009 16:03 148496]
R1 PSINKNC;PSINKNC;c:windowsSystem32driversPSINKNC.sys [23.04.2009 20:14 114184]
R2 NanoServiceMain;NanoServiceMain;c:program filesPanda SecurityPanda Cloud AntivirusPSANHost.exe [23.04.2009 20:14 95488]
R2 PSINAflt;PSINAflt;c:windowsSystem32driversPSINAflt.sys [23.04.2009 20:14 137224]
R2 PSINFile;PSINFile;c:windowsSystem32driversPSINFile.sys [23.04.2009 20:14 94216]
R2 PSINProc;PSINProc;c:windowsSystem32driversPSINProc.sys [23.04.2009 20:14 98312]
S1 is-7M2THdrv;is-7M2THdrv;c:windowsSystem32drivers42613427.sys [28.05.2009 18:37 148496]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:windowsSystem32driversAmps2prt.sys [10.02.2007 6:04 14336]
S3 fssfltr;FssFltr;c:windowsSystem32driversfssfltr.sys [01.09.2009 19:24 55280]
S3 fsssvc;Семейная безопасность Windows Live;c:program filesWindows LiveFamily Safetyfsssvc.exe [06.02.2009 18:08 533360]
.
— — — — ORPHANS REMOVED — — — —BHO-{88888888-8888-8888-8888-888888888888} — (no file)
HKCU-Run-adstopper — c:program filesAdStoperAdStopperTrayApp.exe
HKCU-Run-YandexOnline — c:program filesYandexOnlineonline.exe.
Supplementary Scan
.
uStart Page = http://www.apeha.ru
uInternet Settings,ProxyOverride = *.local
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} — c:program filesPokerStars.NETPokerStarsUpdate.exe
FF — ProfilePath — c:usersUserAppDataRoamingMozillaFirefoxProfilesrmeoxo4z.default
FF — prefs.js: browser.search.defaulturl — hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF — prefs.js: browser.search.selectedEngine — Live Search
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=41140&yasoft=barff
FF — prefs.js: keyword.URL — hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF — component: c:usersUserAppDataRoamingMozillaFirefoxProfilesrmeoxo4z.defaultextensionsDTToolbar@toolbarnet.comcomponentsDTToolbarFF.dll
FF — plugin: c:program filesMozilla FirefoxpluginsnpWebLaunch.dll
FF — plugin: c:program filesWindows LivePhoto GalleryNPWLPG.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-02 03:16
Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
c:windowsTEMPTMP000000666E0D484B240C8158 524288 bytes executable
scan completed successfully
hidden files: 1**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1660588483-3707213830-2510818919-1001SoftwareSecuROMLicense information*]
«datasecu»=hex:f2,4c,7b,0d,43,b5,90,5c,a7,3c,d6,55,61,4d,8a,3f,a4,19,44,ae,bf,
ee,db,da,59,9f,18,6f,5f,af,b0,cc,aa,3c,22,ad,9d,d7,52,0d,83,b3,39,be,c6,f4,
«rkeysecu»=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.
Completion time: 2009-09-01 3:18
ComboFix-quarantined-files.txt 2009-09-01 23:18Pre-Run: 27 578 454 016 байт свободно
Post-Run: 37 512 531 968 байт свободно191 — E O F — 2009-09-01 23:01
- Для ответа в этой теме необходимо авторизоваться.
