- This topic has 1 ответ, 2 участника, and was last updated 16 years, 6 months назад by
.
-
Сообщения
-
Собственно заразился, помогите пожалуйста удалить 🙁
Лог info.txt:
info.txt logfile of random’s system information tool 1.05 2009-01-13 02:11:23======Uninstall list======
—>C:PROGRA~2Yahoo!CommonUNYT_W~1.EXE
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0015-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0018-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0019-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001B-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {D7CE14BC-96D9-41C5-822D-F5B1C2C35AA2}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0422-0000-0000000FF1CE} /uninstall {DC154E48-5278-423A-80A1-B93247E38A1A}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-002A-0419-1000-0000000FF1CE} /uninstall {23653CA5-BFB5-4B52-B2DA-045D7ABEB874}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0044-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-006E-0419-0000-0000000FF1CE} /uninstall {23653CA5-BFB5-4B52-B2DA-045D7ABEB874}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-00A1-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-00BA-0419-0000-0000000FF1CE} /uninstall {1AD50F4A-04F7-4944-BD47-4421532548F5}
50 FREE MP3s +1 Free Audiobook!—>»C:Program Files (x86)WinampeMusicUninst-eMusic-promotion.exe»
Adobe AIR—>C:Program Files (x86)Common FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4—>MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4—>MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4—>MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color — Photoshop Specific CS4—>MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4—>MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4—>MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4—>MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4—>MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4—>MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4—>MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4—>MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4—>MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4—>MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4—>MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX—>C:WindowsSysWOW64MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WindowsSysWOW64MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4—>MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player—>msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player—>MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module—>MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4—>MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support—>MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4—>C:Program Files (x86)Common FilesAdobeInstallersfaf656ef605427ee2f42989c3ad31b8Setup.exe —uninstall=1
Adobe Photoshop CS4—>MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4—>MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Search for Help—>MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension—>MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup—>MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4—>MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4—>MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4—>MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK—>MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB—>MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Connect—>MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Download Master version 5.5.7.1145—>»C:Program Files (x86)Download Masterunins000.exe»
HijackThis 2.0.2—>»C:Program Files (x86)trend microHijackThis.exe» /uninstall
kuler—>MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program Files (x86)Common FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Opera 9.63—>MsiExec.exe /X{2C0CD17D-0B06-4700-83FA-7344B868B0A2}
Password Saver 4.1.1—>»C:Program Files (x86)Password Saverunins000.exe»
PDF Settings CS4—>MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw—>MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Security Update for CAPICOM (KB931906)—>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)—>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Suite Shared Configuration CS4—>MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Total Commander 7.04 PowerPack—>»C:Program Files (x86)Total Commanderuninstall.exe»
Total Video Converter 3.20 090104—>»C:Program Files (x86)Total Video Converterunins000.exe»
U.S. Robotics USB Phone—>»C:Program FilesU.S. RoboticsU.S. Robotics USB Phoneuninstall.exe»
Vista Codec Package—>MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Winamp—>»C:Program Files (x86)WinampUninstWA.exe»
WinRAR archiver—>C:Program Files (x86)WinRARuninstall.exe
Yahoo! Messenger—>C:PROGRA~2Yahoo!MESSEN~1UNWISE.EXE /U C:PROGRA~2Yahoo!MESSEN~1INSTALL.LOG
Yahoo! Toolbar—>C:PROGRA~2Yahoo!CommonUNYT_W~1.EXE======Security center information======
AV: ESET NOD32 Antivirus 3.0
AS: ESET NOD32 Antivirus 3.0
AS: Windows DefenderSystem event log
Computer Name: POLICIA_SERVER
Event Code: 10029
Message: DCOM started the service swprv with arguments «» in order to run the server:
{65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
Record Number: 1864
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090112230413.000000-000
Event Type: Information
User:Computer Name: POLICIA_SERVER
Event Code: 7036
Message: The Microsoft Software Shadow Copy Provider service entered the running state.
Record Number: 1865
Source Name: Service Control Manager
Time Written: 20090112230413.000000-000
Event Type: Information
User:Computer Name: POLICIA_SERVER
Event Code: 20001
Message: Driver Management concluded the process to install driver FileRepositoryvolsnap.inf_b0c2b395volsnap.inf for Device Instance ID STORAGEVOLUMESNAPSHOTHARDDISKVOLUMESNAPSHOT12 with the following status: 0.
Record Number: 1866
Source Name: Microsoft-Windows-User-PnP
Time Written: 20090112230417.231776-000
Event Type: Information
User: NT AUTHORITYSYSTEMComputer Name: POLICIA_SERVER
Event Code: 7036
Message: The Volume Shadow Copy service entered the stopped state.
Record Number: 1867
Source Name: Service Control Manager
Time Written: 20090112230724.000000-000
Event Type: Information
User:Computer Name: POLICIA_SERVER
Event Code: 7036
Message: The Microsoft Software Shadow Copy Provider service entered the stopped state.
Record Number: 1868
Source Name: Service Control Manager
Time Written: 20090112231024.000000-000
Event Type: Information
User:Application event log
Computer Name: POLICIA_SERVER
Event Code: 11308
Message: Product: Antispyware — Error 1308. Source file not found: C:UsersiNDExAppDataLocalTemp7zS48D4.tmpAntispywareTCL.dll. Verify that the file exists and that you can access it.
Record Number: 597
Source Name: MsiInstaller
Time Written: 20090112230435.000000-000
Event Type: Error
User: POLICIA_SERVERiNDExComputer Name: POLICIA_SERVER
Event Code: 10001
Message: Ending session 1 started 2009-01-12T23:04:20.746Z.
Record Number: 598
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090112230437.174836-000
Event Type: Information
User: POLICIA_SERVERiNDExComputer Name: POLICIA_SERVER
Event Code: 11708
Message: Product: Antispyware — Installation failed.
Record Number: 599
Source Name: MsiInstaller
Time Written: 20090112230441.000000-000
Event Type: Information
User: POLICIA_SERVERiNDExComputer Name: POLICIA_SERVER
Event Code: 1033
Message: Windows Installer installed the product. Product Name: Antispyware. Product Version: 4.0.3163. Product Language: 1033. Installation success or error status: 1603.
Record Number: 600
Source Name: MsiInstaller
Time Written: 20090112230441.000000-000
Event Type: Information
User: POLICIA_SERVERiNDExComputer Name: POLICIA_SERVER
Event Code: 8224
Message: The VSS service is shutting down due to idle timeout.
Record Number: 601
Source Name: VSS
Time Written: 20090112230724.000000-000
Event Type: Information
User:Security event log
Computer Name: POLICIA_SERVER
Event Code: 4648
Message: A logon was attempted using explicit credentials.Subject:
Security ID: S-1-5-18
Account Name: POLICIA_SERVER$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}Target Server:
Target Server Name: localhost
Additional Information: localhostProcess Information:
Process ID: 0x27c
Process Name: C:WindowsSystem32services.exeNetwork Information:
Network Address: —
Port: —This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 512
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090112230413.279881-000
Event Type: Audit Success
User:Computer Name: POLICIA_SERVER
Event Code: 4624
Message: An account was successfully logged on.Subject:
Security ID: S-1-5-18
Account Name: POLICIA_SERVER$
Account Domain: WORKGROUP
Logon ID: 0x3e7Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}Process Information:
Process ID: 0x27c
Process Name: C:WindowsSystem32services.exeNetwork Information:
Workstation Name:
Source Network Address: —
Source Port: —Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: —
Package Name (NTLM only): —
Key Length: 0This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
— Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
— Transited services indicate which intermediate services have participated in this logon request.
— Package name indicates which sub-protocol was used among the NTLM protocols.
— Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 513
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090112230413.279881-000
Event Type: Audit Success
User:Computer Name: POLICIA_SERVER
Event Code: 4672
Message: Special privileges assigned to new logon.Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 514
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090112230413.279881-000
Event Type: Audit Success
User:Computer Name: POLICIA_SERVER
Event Code: 4904
Message: An attempt was made to register a security event source.Subject :
Security ID: S-1-5-18
Account Name: POLICIA_SERVER$
Account Domain: WORKGROUP
Logon ID: 0x3e7Process:
Process ID: 0xf74
Process Name: C:WindowsSystem32VSSVC.exeEvent Source:
Source Name: VSSAudit
Event Source ID: 0x4a4be4a
Record Number: 515
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090112230424.601422-000
Event Type: Audit Success
User:Computer Name: POLICIA_SERVER
Event Code: 4905
Message: An attempt was made to unregister a security event source.Subject
Security ID: S-1-5-18
Account Name: POLICIA_SERVER$
Account Domain: WORKGROUP
Logon ID: 0x3e7Process:
Process ID: 0xf74
Process Name: C:WindowsSystem32VSSVC.exeEvent Source:
Source Name: VSSAudit
Event Source ID: 0x4a4be4a
Record Number: 516
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090112230424.601422-000
Event Type: Audit Success
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
«PROCESSOR_ARCHITECTURE»=AMD64
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«USERNAME»=SYSTEM
«windir»=%SystemRoot%
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=Intel64 Family 6 Model 15 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=0f06
«NUMBER_OF_PROCESSORS»=2
«TRACE_FORMAT_SEARCH_PATH»=\NTREL202.ntdev.corp.microsoft.com34FB5F65-FFEB-4B61-BF0E-A6A76C450FAATraceFormat
«DFSTRACINGON»=FALSE
EOF
Лог log.txt:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by iNDEx at 2009-01-13 02:11:14
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 37 GB (52%) free of 72 GB
Total RAM: 3006 MB (33% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:21, on 13.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: NormalRunning processes:
C:Program Files (x86)Yahoo!MessengerYahooMessenger.exe
C:Program Files (x86)Winampwinampa.exe
C:Program Files (x86)Operaopera.exe
C:Program Files (x86)Password Saverpwdsaver.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)RnQ1105.FullR&Q.exe
C:WindowsSysWOW64conime.exe
C:Program Files (x86)Total CommanderTotalcmd.exe
C:Program FilesU.S. RoboticsU.S. Robotics USB PhoneU.S.RoboticsUSBPhone.exe
C:Program Files (x86)Winampwinamp.exe
C:Program Files (x86)Winampelevator.exe
C:UsersiNDExDesktopputty.exe
C:Program Files (x86)Download Masterdmaster.exe
C:DownloadsПрограммыRSIT.exe
C:Program Files (x86)trend microiNDEx.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:PROGRA~2Yahoo!CompanionInstallscpnyt.dll
F2 — REG:system.ini: UserInit=userinit.exe
O1 — Hosts: ::1 localhost
O2 — BHO: &Yahoo! Toolbar Helper — {02478D38-C3F9-4efb-9B51-7695ECA05670} — C:PROGRA~2Yahoo!CompanionInstallscpnyt.dll
O2 — BHO: PSH.PSHelper — {1A0884BA-B25E-4E7A-8F87-453172DBBFD0} — C:Program Files (x86)Password SaverPSH.dll
O2 — BHO: (no name) — {4B9A7529-FEA8-4446-8F01-DFBA16CADCA4} — (no file)
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~2DOWNLO~1dmiehlp.dll
O2 — BHO: SingleInstance Class — {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} — C:PROGRA~2Yahoo!CompanionInstallscpnYTSingleInstance.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:PROGRA~2Yahoo!CompanionInstallscpnyt.dll
O4 — HKLM..Run: [GrooveMonitor] «C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [WinampAgent] «C:Program Files (x86)Winampwinampa.exe»
O4 — HKLM..Run: [AdobeCS4ServiceManager] «C:Program Files (x86)Common FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» -launchedbylogin
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [Download Master] C:Program Files (x86)Download Masterdmaster.exe -autorun
O4 — HKCU..Run: [Messenger (Yahoo!)] «C:Program Files (x86)Yahoo!MessengerYahooMessenger.exe» -quiet
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: U.S. Robotics USB Phone.lnk = C:Program FilesU.S. RoboticsU.S. Robotics USB PhoneU.S.RoboticsUSBPhone.exe
O4 — Global Startup: Total Commander.lnk = C:Program Files (x86)Total CommanderTotalcmd.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~2MICROS~1Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program Files (x86)Download Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program Files (x86)Download Masterdmie.htm
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~2MICROS~1Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~2MICROS~1Office12ONBttnIE.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program Files (x86)Download Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program Files (x86)Download Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~2MICROS~1Office12REFIEBAR.DLL
O13 — Gopher Prefix:
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: @%SystemRoot%system32Alg.exe,-112 (ALG) — Unknown owner — C:WindowsSystem32alg.exe (file missing)
O23 — Service: @dfsrres.dll,-101 (DFSR) — Unknown owner — C:Windowssystem32DFSR.exe (file missing)
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe
O23 — Service: @%systemroot%system32fxsresm.dll,-118 (Fax) — Unknown owner — C:Windowssystem32fxssvc.exe (file missing)
O23 — Service: FLEXnet Licensing Service — Acresso Software Inc. — C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: FLEXnet Licensing Service 64 — Acresso Software Inc. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService64.exe
O23 — Service: @keyiso.dll,-100 (KeyIso) — Unknown owner — C:Windowssystem32lsass.exe (file missing)
O23 — Service: @comres.dll,-2797 (MSDTC) — Unknown owner — C:WindowsSystem32msdtc.exe (file missing)
O23 — Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) — Unknown owner — C:Windowssystem32lsass.exe (file missing)
O23 — Service: NVIDIA Display Driver Service (nvsvc) — Unknown owner — C:Windowssystem32nvvsvc.exe (file missing)
O23 — Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) — Unknown owner — C:Windowssystem32lsass.exe (file missing)
O23 — Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) — Unknown owner — C:Windowssystem32locator.exe (file missing)
O23 — Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) — Unknown owner — C:Windowssystem32lsass.exe (file missing)
O23 — Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) — Unknown owner — C:Windowssystem32SLsvc.exe (file missing)
O23 — Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) — Unknown owner — C:WindowsSystem32snmptrap.exe (file missing)
O23 — Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) — Unknown owner — C:WindowsSystem32spoolsv.exe (file missing)
O23 — Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) — Unknown owner — C:Windowssystem32UI0Detect.exe (file missing)
O23 — Service: @%SystemRoot%system32vds.exe,-100 (vds) — Unknown owner — C:WindowsSystem32vds.exe (file missing)
O23 — Service: @%systemroot%system32vssvc.exe,-102 (VSS) — Unknown owner — C:Windowssystem32vssvc.exe (file missing)
O23 — Service: @%systemroot%system32wbengine.exe,-104 (wbengine) — Unknown owner — C:Windowssystem32wbengine.exe (file missing)
O23 — Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) — Unknown owner — C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 — Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) — Unknown owner — C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)—
End of file — 8343 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper — C:PROGRA~2Yahoo!CompanionInstallscpnyt.dll [2008-07-28 882416][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1A0884BA-B25E-4E7A-8F87-453172DBBFD0}]
PSH.PSHelper — C:Program Files (x86)Password SaverPSH.dll [2007-08-18 411104][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4B9A7529-FEA8-4446-8F01-DFBA16CADCA4}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~2DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class — C:PROGRA~2Yahoo!CompanionInstallscpnYTSingleInstance.dll [2008-07-28 160496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — Yahoo! Toolbar — C:PROGRA~2Yahoo!CompanionInstallscpnyt.dll [2008-07-28 882416][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«GrooveMonitor»=C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe [2007-08-24 33648]
«WinampAgent»=C:Program Files (x86)Winampwinampa.exe [2008-07-10 36352]
«AdobeCS4ServiceManager»=C:Program Files (x86)Common FilesAdobeCS4ServiceManagerCS4ServiceManager.exe [2008-08-14 611712][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2008-01-21 1555968]
«Download Master»=C:Program Files (x86)Download Masterdmaster.exe [2008-11-18 3297280]
«Messenger (Yahoo!)»=C:Program Files (x86)Yahoo!MessengerYahooMessenger.exe [2008-11-05 4347120]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Total Commander.lnk — C:Program Files (x86)Total CommanderTotalcmd.exeC:UsersiNDExAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
U.S. Robotics USB Phone.lnk — C:Program FilesU.S. RoboticsU.S. Robotics USB PhoneU.S.RoboticsUSBPhone.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoActiveDesktop»=
«NoActiveDesktopChanges»=
«ForceActiveDesktopOn»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2009-01-13 02:11:14 —-D—- C:rsit
2009-01-13 02:11:14 —-D—- C:Program Files (x86)trend micro
2009-01-12 18:47:26 —-D—- C:Program Files (x86)Total Video Converter
2009-01-12 14:06:37 —-D—- C:ProgramDataFLEXnet
2009-01-12 14:02:13 —-D—- C:UsersiNDExAppDataRoamingskypePM
2009-01-12 14:00:53 —-D—- C:UsersiNDExAppDataRoamingSkype
2009-01-12 14:00:45 —-D—- C:Program Files (x86)Skype
2009-01-12 14:00:44 —-D—- C:Program Files (x86)Common FilesSkype
2009-01-12 14:00:41 —-D—- C:ProgramDataSkype
2009-01-12 13:59:07 —-D—- C:UsersiNDExAppDataRoamingU.S. Robotics USB Phone
2009-01-12 13:06:15 —-D—- C:Program Files (x86)Total Commander
2009-01-12 12:27:16 —-D—- C:Windowssystem32spool
2009-01-12 12:26:40 —-D—- C:Program Files (x86)Adobe Media Player
2009-01-12 12:24:58 —-D—- C:Program Files (x86)Common FilesAdobe AIR
2009-01-12 12:23:34 —-D—- C:ProgramDataAdobe
2009-01-12 12:23:20 —-D—- C:Program Files (x86)Adobe
2009-01-12 12:22:53 —-D—- C:Program Files (x86)Common FilesMacrovision Shared
2009-01-12 12:20:51 —-D—- C:Program Files (x86)Common FilesAdobe
2009-01-12 09:19:34 —-D—- C:WindowsSoftwareDistribution
2009-01-12 09:17:24 —-D—- C:WindowsCSC
2009-01-12 09:15:37 —-SHD—- C:System Volume Information
2009-01-12 09:14:33 —-D—- C:WindowsPanther
2009-01-12 09:14:24 —-RAS—- C:BOOTSECT.BAK
2009-01-12 09:14:23 —-SHD—- C:Boot
2009-01-12 03:00:32 —-A—- C:Windowssystem32mshtml.dll
2009-01-12 03:00:26 —-D—- C:Program Files (x86)Microsoft CAPICOM 2.1.0.2
2009-01-12 02:14:00 —-D—- C:Program Files (x86)VistaCodecPack
2009-01-12 02:13:37 —-D—- C:ProgramDataVistaCodecs
2009-01-12 01:54:18 —-D—- C:UsersiNDExAppDataRoamingYahoo!
2009-01-12 01:54:18 —-D—- C:ProgramDataYahoo! Companion
2009-01-12 01:53:47 —-D—- C:Downloads
2009-01-12 01:53:41 —-D—- C:ProgramDataYahoo!
2009-01-12 01:53:39 —-D—- C:Program Files (x86)Yahoo!
2009-01-12 01:53:28 —-D—- C:UsersiNDExAppDataRoamingDownload Master
2009-01-12 01:53:16 —-D—- C:Program Files (x86)Download Master
2009-01-12 01:05:11 —-N—- C:Windowssystem32vxblock.dll
2009-01-12 01:05:11 —-N—- C:Windowssystem32pxwave.dll
2009-01-12 01:05:11 —-N—- C:Windowssystem32pxsfs.dll
2009-01-12 01:05:11 —-N—- C:Windowssystem32pxmas.dll
2009-01-12 01:05:11 —-N—- C:Windowssystem32pxinsa64.exe
2009-01-12 01:05:11 —-N—- C:Windowssystem32pxhpinst.exe
2009-01-12 01:05:11 —-N—- C:Windowssystem32pxdrv.dll
2009-01-12 01:05:11 —-N—- C:Windowssystem32pxcpya64.exe
2009-01-12 01:05:11 —-N—- C:Windowssystem32pxafs.dll
2009-01-12 01:05:11 —-N—- C:Windowssystem32px.dll
2009-01-12 01:05:10 —-D—- C:UsersiNDExAppDataRoamingWinamp
2009-01-12 01:05:10 —-D—- C:Program Files (x86)Winamp
2009-01-12 00:42:50 —-D—- C:Program Files (x86)Microsoft Works
2009-01-12 00:42:24 —-D—- C:Program Files (x86)Microsoft Visual Studio
2009-01-12 00:42:24 —-D—- C:Program Files (x86)Common FilesDESIGNER
2009-01-12 00:41:55 —-D—- C:WindowsPCHEALTH
2009-01-12 00:41:55 —-D—- C:Program Files (x86)Microsoft.NET
2009-01-12 00:40:07 —-D—- C:Program Files (x86)Microsoft Visual Studio 8
2009-01-12 00:39:33 —-D—- C:Program Files (x86)Microsoft Office
2009-01-12 00:39:32 —-D—- C:ProgramDataMicrosoft Help
2009-01-12 00:38:45 —-RHD—- C:MSOCache
2009-01-12 00:00:35 —-A—- C:Windowssystem32wups.dll
2009-01-12 00:00:35 —-A—- C:Windowssystem32wudriver.dll
2009-01-12 00:00:35 —-A—- C:Windowssystem32wuapi.dll
2009-01-12 00:00:27 —-A—- C:Windowssystem32wuwebv.dll
2009-01-12 00:00:27 —-A—- C:Windowssystem32wuapp.exe
2009-01-11 23:31:38 —-D—- C:Program Files (x86)RnQ1105.Full
2009-01-11 23:27:53 —-D—- C:Program Files (x86)RnQ1100
2009-01-11 23:17:54 —-D—- C:ProgramDataESET
2009-01-11 23:09:29 —-A—- C:Windowssystem32zlib.dll
2009-01-11 23:09:29 —-A—- C:Windowssystem32XceedZip.dll
2009-01-11 23:09:29 —-A—- C:Windowssystem32coder.dll
2009-01-11 23:09:28 —-D—- C:Program Files (x86)Password Saver
2009-01-11 23:08:57 —-D—- C:UsersiNDExAppDataRoamingWinRAR
2009-01-11 23:08:48 —-D—- C:Program Files (x86)WinRAR
2009-01-11 22:45:54 —-D—- C:ProgramDataNVIDIA
2009-01-11 22:43:12 —-D—- C:NVIDIA
2009-01-11 22:38:33 —-D—- C:UsersiNDExAppDataRoamingMacromedia
2009-01-11 22:38:33 —-D—- C:UsersiNDExAppDataRoamingAdobe
2009-01-11 22:38:23 —-D—- C:Windowssystem32Macromed
2009-01-11 22:37:28 —-D—- C:UsersiNDExAppDataRoamingOpera
2009-01-11 22:37:23 —-D—- C:Program Files (x86)Opera
2009-01-11 22:37:10 —-SHD—- C:WindowsInstaller
2009-01-11 22:30:00 —-D—- C:UsersiNDExAppDataRoamingIdentities
2009-01-11 22:29:47 —-SD—- C:UsersiNDExAppDataRoamingMicrosoft
2009-01-11 22:29:47 —-D—- C:UsersiNDExAppDataRoamingMedia Center Programs
2009-01-11 22:25:10 —-D—- C:WindowsDebug
2009-01-10 00:13:22 —-A—- C:Windowssystem32ff_vfw.dll
2009-01-09 18:26:54 —-A—- C:Windowssystem32VSFilter.dll
2008-12-26 00:08:00 —-A—- C:Windowssystem32nvwgf2um.dll
2008-12-26 00:08:00 —-A—- C:Windowssystem32nvoglv32.dll
2008-12-26 00:08:00 —-A—- C:Windowssystem32nvcuda.dll
2008-12-26 00:08:00 —-A—- C:Windowssystem32nvapi.dll======List of files/folders modified in the last 1 months======
2009-01-13 02:11:21 —-D—- C:WindowsTemp
2009-01-13 02:11:21 —-D—- C:WindowsPrefetch
2009-01-13 02:11:14 —-RD—- C:Program Files (x86)
2009-01-13 02:04:37 —-RD—- C:Program Files
2009-01-12 22:27:26 —-D—- C:Windowsrescache
2009-01-12 18:47:33 —-RSD—- C:WindowsFonts
2009-01-12 18:47:33 —-D—- C:WindowsSysWOW64
2009-01-12 14:06:37 —-HD—- C:ProgramData
2009-01-12 14:00:44 —-D—- C:Program Files (x86)Common Files
2009-01-12 13:06:15 —-D—- C:Windows
2009-01-12 12:27:58 —-D—- C:Windowssystem32drivers
2009-01-12 12:21:40 —-D—- C:WindowsSystem32
2009-01-12 12:21:40 —-D—- C:Windowsinf
2009-01-12 03:44:26 —-D—- C:WindowsLogs
2009-01-12 03:00:55 —-D—- C:Windowswinsxs
2009-01-12 02:03:47 —-SD—- C:ProgramDataMicrosoft
2009-01-12 01:53:37 —-D—- C:Program Files (x86)Common Filesmicrosoft shared
2009-01-12 00:49:52 —-RSD—- C:Windowsassembly
2009-01-12 00:45:26 —-A—- C:Windowswin.ini
2009-01-12 00:42:40 —-D—- C:Program Files (x86)MSBuild
2009-01-12 00:42:22 —-D—- C:WindowsShellNew
2009-01-12 00:39:53 —-D—- C:Program Files (x86)Common FilesSystem
2009-01-12 00:05:52 —-D—- C:Windowssystem32en-US
2009-01-12 00:01:08 —-D—- C:WindowsPolicyDefinitions
2009-01-11 22:43:48 —-D—- C:WindowsHelp
2009-01-11 22:30:16 —-SHD—- C:$Recycle.Bin
2009-01-11 22:29:37 —-RD—- C:Users
2009-01-11 22:22:40 —-D—- C:WindowsMicrosoft.NET
2008-12-26 00:08:00 —-A—- C:Windowssystem32nvd3dum.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 CSC;Offline Files Driver; C:Windowssystem32driverscsc.sys []
R1 easdrv;easdrv; C:Windowssystem32DRIVERSeasdrv.sys []
R1 epfwtdir;epfwtdir; C:Windowssystem32DRIVERSepfwtdir.sys []
R2 eamon;EAMON; C:Windowssystem32DRIVERSeamon.sys []
R3 3xHybr64;SAA713x TV Card Service; C:Windowssystem32DRIVERS3xHybr64.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:Windowssystem32driversHdAudio.sys []
R3 ksthunk;Kernel Streaming Thunks; C:Windowssystem32driversksthunk.sys []
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:Windowssystem32driversMSPQM.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:Windowssystem32DRIVERSASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:Windowssystem32DRIVERSRtlh64.sys []
R3 usbaudio;USB Audio Driver (WDM); C:Windowssystem32driversusbaudio.sys []
S2 adfs;adfs; C:Windowssystem32driversadfs.sys [2008-08-14 74720]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:Windowssystem32driversdrmkaud.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:Windowssystem32driversMSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:Windowssystem32driversMSPCLOCK.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:Windowssystem32driversMSTEE.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys []
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%system32cscsvc.dll,-200; C:WindowsSystem32svchost.exe [2008-01-21 21504]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe [2008-10-24 468224]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:Windowssystem32svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2008-01-21 93696]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-10-24 21760]
S3 Fax;@%systemroot%system32fxsresm.dll,-118; C:Windowssystem32fxssvc.exe []
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService64.exe [2009-01-12 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-01-12 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program Files (x86)Microsoft OfficeOffice12GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:Program Files (x86)Common FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program Files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%sysWow64perfhost.exe,-2; C:WindowsSysWow64perfhost.exe [2008-01-21 19968]
S3 UmRdpService;@%SystemRoot%system32umrdp.dll,-1000; C:WindowsSystem32svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%system32wbengine.exe,-104; C:Windowssystem32wbengine.exe []
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Сообщение об заражении этим руткитом вам показал ваш антивирус ? В том сообщении есть ещё какая-либо информация ?
И ещё, запустите RSIT снова, но в это раз кликните по иконке правой клавишей и выберите пункт запуск с правами администратора, возможно он прописан немного иначе.Жду от вас RSIT лог, и ещё у вас установлена 64битная Windows ?
- Для ответа в этой теме необходимо авторизоваться.
