- This topic has 7 ответов, 2 участника, and was last updated 16 years, 4 months назад by
.
-
Сообщения
-
Здравствуйте!!! тормозит ноут уже месяца три четыре((сегодня подхватили программку winpc с вашей помощью удалила)) но может посмотрите мой лог вдруг поможите с торможением ноута( еще он выключается очень часто сам и включается почему то через кнопку спящего режима 😯
помогите пожалуйста!!
Logfile of random’s system information tool 1.06 (written by random/random)
Run by digitals at 2009-03-27 01:47:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (48%) free of 57 GB
Total RAM: 503 MB (18% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:52, on 27.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32o2flash.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSSystem32PAStiSvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSVM303_STI.EXE
C:Program FilesJavajre6binjusched.exe
C:Program FilesWinampwinampa.exe
C:Program FilesPunto Switcherpunto.exe
C:Program FilesDNAbtdna.exe
C:Documents and SettingsdigitalsLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesDownload Masterdmaster.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Documents and SettingsdigitalsApplication DataMail.RuAgentMAgent.exe
C:Documents and SettingsdigitalsApplication Datanscagent.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMalwarebytes’ Anti-Malwarembam.exe
C:Documents and SettingsdigitalsРабочий столRSIT.exe
C:Program Filestrend microdigitals.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=27130
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=27130
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=27130
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Documents and SettingsdigitalsApplication DataMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: SweetIM ToolbarURLSearchHook Class — {EEE6C35D-6118-11DC-9C72-001320C79847} — C:Program FilesSweetIMToolbarsInternet ExplorermgHelper.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: IEocx Class — {06ec6572-7280-485a-a712-c380526bc048} — C:WINDOWSieocx.dll (file missing)
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: (no name) — {7E853D72-626A-48EC-A868-BA8D5E23E045} — (no file)
O2 — BHO: Помощник по входу в Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: SWEETIE — {EEE6C35C-6118-11DC-9C72-001320C79847} — C:Program FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll
O2 — BHO: MyCentria Internet Mate v2.3 — {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} — (no file)
O3 — Toolbar: SweetIM Toolbar for Internet Explorer — {EEE6C35B-6118-11DC-9C72-001320C79847} — C:Program FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [BigDog303] C:WINDOWSVM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [NevoDRM] «C:Program FilesИгрыNevoDRMNevoDRM.exe»
O4 — HKLM..Run: [scvhost] mirc.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..RunOnce: [Malwarebytes’ Anti-Malware] C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe /install /silent
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesDNAbtdna.exe»
O4 — HKCU..Run: [BitTorrent] «C:Program FilesBitTorrentbittorrent.exe» —force_start_minimized
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsdigitalsLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
O4 — HKCU..Run: [PC Suite Tray] «C:Program FilesNokiaNokia PC Suite 7PCSuite.exe» -onlytray
O4 — HKCU..Run: [MAgent] C:Documents and SettingsdigitalsApplication DataMail.RuAgentMAgent.exe -CU
O4 — HKCU..Run: [sysav] C:Documents and SettingsdigitalsApplication Datapcdefender.exe
O4 — HKCU..Run: [Win32load] C:Documents and SettingsdigitalsApplication Datanscagent.exe -lds
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: beeline.lnk = ?
O8 — Extra context menu item: &ieSpell Options — res://C:Program FilesieSpelliespell.dll/SPELLOPTION.HTM
O8 — Extra context menu item: Check &Spelling — res://C:Program FilesieSpelliespell.dll/SPELLCHECK.HTM
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Lookup on Merriam Webster — file://C:Program FilesieSpellMerriam Webster.HTM
O8 — Extra context menu item: Lookup on Wikipedia — file://C:Program FilesieSpellwikipedia.HTM
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: ieSpell — {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} — C:Program FilesieSpelliespell.dll
O9 — Extra ‘Tools’ menuitem: ieSpell — {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} — C:Program FilesieSpelliespell.dll
O9 — Extra button: (no name) — {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} — C:Program FilesieSpelliespell.dll
O9 — Extra ‘Tools’ menuitem: ieSpell Options — {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} — C:Program FilesieSpelliespell.dll
O9 — Extra button: Статистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: Bunu Web Gunlugune Al — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra ‘Tools’ menuitem: Windows Live Writer icinde &Bunu Web Gunlugune Al — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: PartyPoker.com — {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} — C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)
O9 — Extra ‘Tools’ menuitem: PartyPoker.com — {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} — C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)
O9 — Extra button: ICQ 4.1 — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Documents and SettingsdigitalsApplication DataMail.RuAgentmagent.exe (HKCU)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Documents and SettingsdigitalsApplication DataMail.RuAgentmagent.exe (HKCU)
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O14 — IERESET.INF: START_PAGE_URL=http://www.rovercomputers.ru
O15 — Trusted Zone: http://www.beonline.ru
O15 — Trusted Zone: http://www.megafoncenter.ru
O15 — Trusted Zone: http://www.megafondv.ru
O15 — Trusted Zone: http://www.megafonkavkaz.ru
O15 — Trusted Zone: http://sms.megafonmoscow.ru
O15 — Trusted Zone: http://www.megafonnw.ru
O15 — Trusted Zone: http://*.megafonsib.ru
O15 — Trusted Zone: http://www.megafonural.ru
O15 — Trusted Zone: http://www.megafonvolga.ru
O15 — Trusted Zone: http://sms.mts.ru
O15 — Trusted Zone: http://*.tele2.ru
O16 — DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) — http://213.252.80.26/plugin/h263ctrl.cab
O16 — DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) — http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 — DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) — http://arcade.icq.com/online/online2/peggle/popcaploader_v10_en.cab
O17 — HKLMSystemCCSServicesTcpip..{974ED94F-DAC6-4D34-913D-EB43A5405BEC}: NameServer = 213.234.192.7 195.14.50.1
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Microsoft security update service (msupdate) — Unknown owner — c:windowssystem32..svchost.exe
O23 — Service: O2Micro Flash Memory (O2Flash) — Unknown owner — C:WINDOWSsystem32o2flash.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: STI Simulator — Unknown owner — C:WINDOWSSystem32PAStiSvc.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O24 — Desktop Component 0: (no name) — http://goverla.security-dog.org/foto/dogy/adyl/adyl2.jpg
O24 — Desktop Component 1: (no name) — http://diyanet7.diyanet.gov.tr/turkish/image/main_backround.gif
O24 — Desktop Component 2: (no name) — http://i45.odnoklassniki.ru/getImage?photoId=71214871945&photoType=0&gender=0&photoModify=1204440437050—
End of file — 14654 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3159228646-2939380819-3202377236-1005.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06ec6572-7280-485a-a712-c380526bc048}]
IEocx Class — C:WINDOWSieocx.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-11-11 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-12-10 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу в Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-02-17 408440][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-12-10 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-12-10 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper — C:Program FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll [2008-03-27 1164600][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}]
MyCentria Internet Mate v2.3[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} — SweetIM Toolbar for Internet Explorer — C:Program FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll [2008-03-27 1164600]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2008-10-16 1578248][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«BigDog303″=C:WINDOWSVM303_STI.EXE [2006-08-04 61440]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]
«NevoDRM»=C:Program FilesИгрыNevoDRMNevoDRM.exe [2008-07-29 201728]
«scvhost»=mirc.exe []
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-12-10 136600]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2008-08-04 36352]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-27 206088][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Malwarebytes’ Anti-Malware»=C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [2009-03-26 401040][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-16 735016]
«BitTorrent DNA»=C:Program FilesDNAbtdna.exe [2008-12-16 342848]
«BitTorrent»=C:Program FilesBitTorrentbittorrent.exe —force_start_minimized []
«Google Update»=C:Documents and SettingsdigitalsLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-12-08 133104]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-10-20 479496]
«Download Master»=C:Program FilesDownload Masterdmaster.exe [2008-11-18 3297280]
«PC Suite Tray»=C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2008-12-03 1205760]
«MAgent»=C:Documents and SettingsdigitalsApplication DataMail.RuAgentMAgent.exe [2009-02-12 5600952]
«sysav»=C:Documents and SettingsdigitalsApplication Datapcdefender.exe []
«Win32load»=C:Documents and SettingsdigitalsApplication Datanscagent.exe [2009-03-26 11264]C:Documents and SettingsdigitalsГлавное менюПрограммыАвтозагрузка
beeline.lnk —[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSSYSTEM32igfxdev.dll [2005-11-28 135168][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-11-11 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSSYSTEM32WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«C:Documents and SettingsdigitalsApplication DataMail.RuAgentMagent.exe»=»C:Documents and SettingsdigitalsApplication DataMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Агент»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWarcraft IIIWarcraft III.exe»=»C:Program FilesWarcraft IIIWarcraft III.exe:*:Enabled:Warcraft III»
«C:Program FilesWarcraft IIIWar3.exe»=»C:Program FilesWarcraft IIIWar3.exe:*:Enabled:Warcraft III»
«C:Program FilesMail.RuAgentmagent.exe»=»C:Program FilesMail.RuAgentmagent.exe:*:Enabled:Mail.Ru Агент»
«C:Program FilesWarcraft IIIFrozen Throne.exe»=»C:Program FilesWarcraft IIIFrozen Throne.exe:*:Enabled:Warcraft III — The Frozen Throne»
«C:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe»=»C:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe:*:Enabled:Kaspersky Anti-Virus»
«C:Documents and SettingsdigitalsРабочий стол21195562.exe»=»C:Documents and SettingsdigitalsРабочий стол21195562.exe:*:Enabled:21195562»
«C:kavkav7.0russiansetup.exe»=»C:kavkav7.0russiansetup.exe:*:Enabled:Программа установки Антивируса Касперского 7.0»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveMessengerlivecall.exe»=»C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)»
«C:DownloadsПрограммыSuperOkey.exe»=»C:DownloadsПрограммыSuperOkey.exe:*:Enabled:SuperOkey»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesDNAbtdna.exe»=»C:Program FilesDNAbtdna.exe:*:Enabled:DNA»
«C:Program FilesBitTorrentbittorrent.exe»=»C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent»
«C:Program FilesJavajre6launch4j-tmpJDownloader.exe»=»C:Program FilesJavajre6launch4j-tmpJDownloader.exe:*:Enabled:Java(TM) Platform SE binary»
«C:Program FilesGarenaGarena.exe»=»C:Program FilesGarenaGarena.exe:*:Enabled:Garena»
«C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe»=»C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe:*:Enabled:Nokia Software Updater»
«C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe»=»C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process «
«C:DownloadsПрограммыSuperOkey[2].exe»=»C:DownloadsПрограммыSuperOkey[2].exe:*:Disabled:SuperOkey[2]»
«C:Program FilesJavajre6binjava.exe»=»C:Program FilesJavajre6binjava.exe:*:Enabled:Java(TM) Platform SE binary»
«C:Documents and SettingsdigitalsApplication Datanscagent.exe»=»C:Documents and SettingsdigitalsApplication Datanscagent.exe:*:Enabled:Win32load»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveMessengerlivecall.exe»=»C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{25058e92-d007-11db-bf33-0018de9f3acb}]
shellAutocommand — E:Cn911.exe
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2e87695b-01e9-11dc-97f2-0018de9f3acb}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycledsys.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{356f35b0-b29a-11db-bef0-0018de9f3acb}]
shellAutoRuncommand — E:PortableAppsPortableAppsMenuPortableAppsMenu.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c33eefe4-d21f-11db-bf37-0018de9f3acb}]
shellAutocommand — E:Cn911.exe
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dc5df6d0-b1c9-11db-beee-0018de9f3acb}]
shellAutoRuncommand — E:PortableAppsPortableAppsMenuPortableAppsMenu.exe======File associations======
.scr — open — «C:WINDOWSsystem32NOTEPAD.EXE» «%1»
.scr — install —
.scr — config —======List of files/folders created in the last 3 months======
2009-03-27 01:47:37 —-D—- C:Program Filestrend micro
2009-03-27 01:47:22 —-D—- C:rsit
2009-03-27 01:12:39 —-D—- C:Documents and SettingsdigitalsApplication DataMalwarebytes
2009-03-27 01:12:30 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-27 01:12:29 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-27 01:06:22 —-D—- C:Avenger
2009-03-27 01:06:21 —-A—- C:avenger.txt
2009-03-27 00:02:04 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-03-26 19:50:31 —-A—- C:Documents and SettingsdigitalsApplication Data~eu37.tmp
2009-03-26 19:49:41 —-A—- C:WINDOWSsvchost.exe
2009-03-26 19:49:37 —-A—- C:Documents and SettingsdigitalsApplication Datanscagent.exe
2009-03-26 02:38:29 —-A—- C:Documents and SettingsdigitalsApplication Datasvchost32.exe
2009-03-12 00:06:07 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-03-12 00:05:56 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-03-12 00:05:09 —-A—- C:WINDOWSsystem32wmpns.dll
2009-03-12 00:04:37 —-HDC—- C:WINDOWS$NtUninstallKB959772_WM11$
2009-03-07 01:23:56 —-D—- C:Program FilesPartyGaming
2009-03-01 16:54:11 —-D—- C:travian
2009-02-26 04:10:58 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-02-21 19:20:20 —-D—- C:Documents and SettingsAll UsersApplication DataВеселаяФерма-ПечемПиццу
2009-02-21 19:09:41 —-D—- C:Documents and SettingsdigitalsApplication DataMagic Seeds
2009-02-20 23:35:14 —-D—- C:Program FilesESET
2009-02-17 17:48:40 —-D—- C:Program FilesBuka
2009-02-12 18:33:28 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-02-06 10:53:48 —-D—- C:hegames
2009-02-06 10:52:12 —-D—- C:Program FilesAkella Games
2009-02-03 15:35:19 —-D—- C:Program FilesMicrosoft Silverlight
2009-01-31 21:28:31 —-D—- C:Program FilesNeed for Speed Carbon
2009-01-24 12:24:52 —-D—- C:Documents and SettingsAll UsersApplication DataFreshGames
2009-01-16 00:35:40 —-HD—- C:WINDOWSPIF
2009-01-16 00:17:19 —-D—- C:translation
2009-01-16 00:17:18 —-D—- C:skin
2009-01-15 22:56:47 —-D—- C:Program FilesWinamp
2009-01-15 22:56:47 —-D—- C:Documents and SettingsdigitalsApplication DataWinamp
2009-01-15 01:32:04 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-01-12 19:38:32 —-D—- C:Program FilesGarena
2009-01-07 04:12:19 —-D—- C:Program FilesCommon FilesINCA Shared
2009-01-07 03:11:34 —-D—- C:Program Files4GAME
2009-01-05 15:05:09 —-A—- C:WINDOWSntbtlog.txt
2009-01-01 22:35:39 —-N—- C:WINDOWSsystem32spmsgXP_2k3.dll
2009-01-01 22:35:17 —-HDC—- C:WINDOWS$NtUninstallWdf01007$
2009-01-01 22:29:13 —-D—- C:Program FilesCommon FilesPCSuite
2009-01-01 22:24:31 —-D—- C:Program FilesPC Connectivity Solution
2009-01-01 22:19:56 —-A—- C:WINDOWSsystem32wdfcoinstaller01007.dll
2009-01-01 22:19:56 —-A—- C:WINDOWSsystem32nmwcdcocls.dll======List of files/folders modified in the last 3 months======
2009-03-27 01:47:39 —-D—- C:WINDOWSTemp
2009-03-27 01:47:37 —-D—- C:Program Files
2009-03-27 01:47:11 —-D—- C:Documents and SettingsdigitalsApplication DataDNA
2009-03-27 01:23:05 —-D—- C:WINDOWS
2009-03-27 01:12:35 —-D—- C:WINDOWSsystem32drivers
2009-03-27 01:09:49 —-D—- C:Program FilesMozilla Firefox
2009-03-27 01:07:30 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-03-27 01:07:07 —-D—- C:Program FilesDNA
2009-03-27 01:06:22 —-D—- C:WINDOWSsystem32
2009-03-27 01:05:31 —-A—- C:WINDOWSSchedLgU.Txt
2009-03-27 00:22:25 —-SHD—- C:WINDOWSInstaller
2009-03-27 00:22:24 —-HD—- C:Config.Msi
2009-03-27 00:20:27 —-HD—- C:WINDOWSinf
2009-03-27 00:17:48 —-D—- C:Program FilesKaspersky Lab
2009-03-27 00:17:43 —-D—- C:WINDOWSPrefetch
2009-03-27 00:17:18 —-D—- C:WINDOWSsystem32CatRoot2
2009-03-25 18:01:40 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-03-25 17:49:10 —-A—- C:WINDOWShegames.ini
2009-03-24 03:59:30 —-A—- C:WINDOWSsystem32pingtime.ini
2009-03-24 01:21:32 —-D—- C:Documents and SettingsdigitalsApplication DataMra
2009-03-23 16:37:35 —-D—- C:Program FilesWarcraft III
2009-03-12 00:06:12 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-03-12 00:06:01 —-A—- C:WINDOWSimsins.BAK
2009-03-11 23:20:59 —-HD—- C:WINDOWS$hf_mig$
2009-03-05 19:41:06 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-02-28 21:51:23 —-D—- C:Program FilesVisiCon
2009-02-28 21:49:36 —-D—- C:Program FilesMyCentria
2009-02-25 12:55:00 —-A—- C:WINDOWSsystem32MRT.exe
2009-02-25 01:34:50 —-A—- C:WINDOWSwin.ini
2009-02-25 01:34:50 —-A—- C:WINDOWSsystem32tcpmon.ini
2009-02-21 00:23:25 —-D—- C:Program FilesAlawar.ru
2009-02-21 00:04:15 —-D—- C:Program FilesGames.Mail.Ru
2009-02-20 01:47:14 —-A—- C:WINDOWSsystem32BASSMOD.dll
2009-02-06 15:42:04 —-SD—- C:WINDOWSTasks
2009-01-29 01:45:02 —-D—- C:Documents and SettingsdigitalsApplication DatauTorrent
2009-01-28 18:14:42 —-A—- C:WINDOWSNeroDigital.ini
2009-01-28 17:53:47 —-D—- C:Downloads
2009-01-25 23:19:32 —-SD—- C:WINDOWSDownloaded Program Files
2009-01-25 23:09:53 —-D—- C:Program FilesICQ6
2009-01-24 16:57:00 —-D—- C:Documents and SettingsAll UsersApplication DataHipSoft
2009-01-15 16:00:59 —-D—- C:Documents and SettingsdigitalsApplication DataNokia
2009-01-12 19:38:28 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-07 15:15:50 —-D—- C:WINDOWSMinidump
2009-01-07 04:12:19 —-D—- C:Program FilesCommon Files
2009-01-06 21:25:12 —-D—- C:WINDOWSsystem32wbem
2009-01-06 21:25:11 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-01-01 22:30:27 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-01-01 22:29:02 —-D—- C:Program FilesNokia
2009-01-01 22:28:20 —-D—- C:Program FilesCommon FilesNokia
2009-01-01 22:14:08 —-D—- C:Documents and SettingsAll UsersApplication DataInstallations======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-03-27 226832]
R1 Tcpip6;Драйвер протокола IPv6 (Microsoft); C:WINDOWSsystem32DRIVERStcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-08-15 4368896]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NETw3x32;Драйвер адаптера Intel(R) PRO/Wireless 3945ABG для 32-разрядной версии Windows XP; C:WINDOWSsystem32DRIVERSNETw3x32.sys [2006-12-14 1709696]
R3 Stmatm;ATM/ADSL miniport; C:WINDOWSsystem32DRIVERSstmatm.sys [2003-08-12 60255]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2006-12-21 191168]
R3 tunmp;Драйвер адаптера минипорта Microsoft Tun; C:WINDOWSsystem32DRIVERStunmp.sys [2008-04-13 12288]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2006-03-15 244608]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
S1 NVKEYNT;NVKEYNT; C:WINDOWSsystem32driversNVKEYNT.sys []
S2 GiA_Guardant;GiA Guardant Emulator (v2.4); ??C:WINDOWSsystem32driversGiA_Guardant.sys []
S3 ajh21j1z;ajh21j1z; C:WINDOWSsystem32driversajh21j1z.sys []
S3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
S3 BTCOMM;BTCOMM; C:WINDOWSsystem32driversBtcomm.sys []
S3 BthEnum;Служба Bluetooth Enumerator; C:WINDOWSsystem32DRIVERSBthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Драйвер для устройства связи по последовательному каналу Bluetooth; C:WINDOWSsystem32DRIVERSbthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2008-04-13 101120]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2008-06-14 272512]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2008-04-13 18944]
S3 BTKRNBDG;Bluetooth COM Bridge; C:WINDOWSsystem32DRIVERSbtkrnbdg.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 CSRBC01;%CSRBC01.SvcDesc%; C:WINDOWSSystem32Driverscsrbc01.sys []
S3 GarenaPEngine;GarenaPEngine; ??C:DOCUME~1digitalsLOCALS~1TempDTT1584.tmp []
S3 GMSIPCI;GMSIPCI; ??D:INSTALLGMSIPCI.SYS []
S3 HidBth;Минипорт Bluetooth HID Microsoft; C:WINDOWSsystem32DRIVERShidbth.sys [2008-04-14 25728]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:WINDOWSsystem32DRIVERSk750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSk750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:WINDOWSsystem32DRIVERSk750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:WINDOWSsystem32DRIVERSk750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:WINDOWSsystem32DRIVERSk750obex.sys [2005-02-11 79488]
S3 mpr_freader;MPR FileReader Driver; ??C:DRIVERSVZLmpr_freader.sys []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
S3 nm;Драйвер сетевого монитора; C:WINDOWSsystem32DRIVERSNMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2008-09-15 22016]
S3 npkcrypt;npkcrypt; ??C:Program Files4GAMELineageIIsystemnpkcrypt.sys []
S3 NPPTNT2;NPPTNT2; ??C:WINDOWSsystem32npptNT2.sys []
S3 NTACCESS;NTACCESS; ??D:NTACCESS.sys []
S3 PAC207;VideoCAM GF112; C:WINDOWSsystem32DRIVERSpfc027.sys [2005-04-08 162176]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2004-08-18 5888]
S3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-13 79232]
S3 SetupNTGLM7X;SetupNTGLM7X; ??D:NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 TaurusUsb;ADSL Modem USB Service; C:WINDOWSsystem32DRIVERStorususb.sys [2004-05-12 542893]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32DRIVERSusbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 vad_multi;Windigo Virtual Audio Device (WDM); C:WINDOWSsystem32driversvadmulti.sys []
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S3 ZSMC303;A4 TECH PC Camera H; C:WINDOWSSystem32DriversusbVM303.sys [2006-08-04 390849]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Служба поддержки IPv6; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-27 206088]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-12-10 152984]
R2 O2Flash;O2Micro Flash Memory; C:WINDOWSsystem32o2flash.exe [2005-01-27 36864]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-03 69632]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 STI Simulator;STI Simulator; C:WINDOWSSystem32PAStiSvc.exe [2005-01-14 53248]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-11-11 620544]
S2 msupdate;Microsoft security update service; c:windowssystem32..svchost.exe [2009-03-26 16896]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-01-31 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2007-02-22 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Paylas?m Klasorleri USN Gunluk Okuyucu hizmeti; C:Program FilesWindows LiveMessengerusnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:Program FilesWindows LiveinstallerWLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
EOF
извините я про инфо лог забыла((и не скопировала((где его теперь открыть?я повторно сделала отчет но появился только лог((а инффо нету
Здравствуйте, добро пожаловать на Spyware-ru форум.
Ваш компьютер заражён ещё несколькими троянами, включая autorun.inf троян.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:services
usprserv
:reg
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06ec6572-7280-485a-a712-c380526bc048}]
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"scvhost"=-
sysav"=-
"Win32load"=-
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{25058e92-d007-11db-bf33-0018de9f3acb}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2e87695b-01e9-11dc-97f2-0018de9f3acb}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{356f35b0-b29a-11db-bef0-0018de9f3acb}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c33eefe4-d21f-11db-bf37-0018de9f3acb}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dc5df6d0-b1c9-11db-beee-0018de9f3acb}]
:files
C:WINDOWSsvchost.exe
C:Documents and SettingsdigitalsApplication Datanscagent.exe
C:Documents and SettingsdigitalsApplication Datasvchost32.exe
C:Program FilesMyCentria
:Commands
[emptytemp]
[start explorer]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите свежий RSIT лог.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========ServiceDriver usprserv deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06ec6572-7280-485a-a712-c380526bc048}\ not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\scvhost deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\sysav» not found.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\Win32load not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{25058e92-d007-11db-bf33-0018de9f3acb}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2e87695b-01e9-11dc-97f2-0018de9f3acb}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{356f35b0-b29a-11db-bef0-0018de9f3acb}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c33eefe4-d21f-11db-bf37-0018de9f3acb}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dc5df6d0-b1c9-11db-beee-0018de9f3acb}\ deleted successfully.
========== FILES ==========
File/Folder C:WINDOWSsvchost.exe not found.
File/Folder C:Documents and SettingsdigitalsApplication Datanscagent.exe not found.
C:Documents and SettingsdigitalsApplication Datasvchost32.exe moved successfully.
C:Program FilesMyCentriaInfoBar moved successfully.
C:Program FilesMyCentriaFirefox moved successfully.
C:Program FilesMyCentria moved successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~1digitalsLOCALS~1Tempetilqs_X67mTpoZj1KxbTKpP9hR scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1digitalsLOCALS~1Temp~DF58FF.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsdigitalsLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempPerflib_Perfdata_1e8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaultCache_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaultCache_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaultCache_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaultCache_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaulturlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaultXUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.10.0 log created on 04012009_155515
Files moved on Reboot…
File C:DOCUME~1digitalsLOCALS~1Tempetilqs_X67mTpoZj1KxbTKpP9hR not found!
C:DOCUME~1digitalsLOCALS~1Temp~DF58FF.tmp moved successfully.
File C:WINDOWStempPerflib_Perfdata_1e8.dat not found!
C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaultCache_CACHE_001_ moved successfully.
C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaultCache_CACHE_002_ moved successfully.
C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaultCache_CACHE_003_ moved successfully.
C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaultCache_CACHE_MAP_ moved successfully.
C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaulturlclassifier3.sqlite moved successfully.
C:Documents and SettingsdigitalsLocal SettingsApplication DataMozillaFirefoxProfilesrjwnjpq9.defaultXUL.mfl moved successfully.Logfile of random’s system information tool 1.06 (written by random/random)
Run by digitals at 2009-04-01 16:03:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 30 GB (52%) free of 57 GB
Total RAM: 503 MB (30% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:44, on 01.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesJavajre6binjusched.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Documents and SettingsdigitalsApplication DataMail.RuAgentMAgent.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32o2flash.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSSystem32PAStiSvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsdigitalsРабочий столRSIT.exe
C:Program FilesJavajre6binjucheck.exe
C:Program Filestrend microdigitals.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=27130
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=27130
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=27130
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Documents and SettingsdigitalsApplication DataMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: SweetIM ToolbarURLSearchHook Class — {EEE6C35D-6118-11DC-9C72-001320C79847} — C:Program FilesSweetIMToolbarsInternet ExplorermgHelper.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: (no name) — {7E853D72-626A-48EC-A868-BA8D5E23E045} — (no file)
O2 — BHO: Помощник по входу в Windows Live — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: SWEETIE — {EEE6C35C-6118-11DC-9C72-001320C79847} — C:Program FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll
O3 — Toolbar: SweetIM Toolbar for Internet Explorer — {EEE6C35B-6118-11DC-9C72-001320C79847} — C:Program FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [MAgent] C:Documents and SettingsdigitalsApplication DataMail.RuAgentMAgent.exe -CU
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: beeline.lnk = ?
O8 — Extra context menu item: &ieSpell Options — res://C:Program FilesieSpelliespell.dll/SPELLOPTION.HTM
O8 — Extra context menu item: Check &Spelling — res://C:Program FilesieSpelliespell.dll/SPELLCHECK.HTM
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Lookup on Merriam Webster — file://C:Program FilesieSpellMerriam Webster.HTM
O8 — Extra context menu item: Lookup on Wikipedia — file://C:Program FilesieSpellwikipedia.HTM
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: ieSpell — {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} — C:Program FilesieSpelliespell.dll
O9 — Extra ‘Tools’ menuitem: ieSpell — {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} — C:Program FilesieSpelliespell.dll
O9 — Extra button: (no name) — {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} — C:Program FilesieSpelliespell.dll
O9 — Extra ‘Tools’ menuitem: ieSpell Options — {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} — C:Program FilesieSpelliespell.dll
O9 — Extra button: Статистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: Bunu Web Gunlugune Al — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra ‘Tools’ menuitem: Windows Live Writer icinde &Bunu Web Gunlugune Al — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: PartyPoker.com — {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} — C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)
O9 — Extra ‘Tools’ menuitem: PartyPoker.com — {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} — C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)
O9 — Extra button: ICQ 4.1 — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Documents and SettingsdigitalsApplication DataMail.RuAgentmagent.exe (HKCU)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Documents and SettingsdigitalsApplication DataMail.RuAgentmagent.exe (HKCU)
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O14 — IERESET.INF: START_PAGE_URL=http://www.rovercomputers.ru
O15 — Trusted Zone: http://www.beonline.ru
O15 — Trusted Zone: http://www.megafoncenter.ru
O15 — Trusted Zone: http://www.megafondv.ru
O15 — Trusted Zone: http://www.megafonkavkaz.ru
O15 — Trusted Zone: http://sms.megafonmoscow.ru
O15 — Trusted Zone: http://www.megafonnw.ru
O15 — Trusted Zone: http://*.megafonsib.ru
O15 — Trusted Zone: http://www.megafonural.ru
O15 — Trusted Zone: http://www.megafonvolga.ru
O15 — Trusted Zone: http://sms.mts.ru
O15 — Trusted Zone: http://*.tele2.ru
O16 — DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) — http://213.252.80.26/plugin/h263ctrl.cab
O16 — DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) — http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 — HKLMSystemCCSServicesTcpip..{974ED94F-DAC6-4D34-913D-EB43A5405BEC}: NameServer = 213.234.192.7 195.14.50.1
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: O2Micro Flash Memory (O2Flash) — Unknown owner — C:WINDOWSsystem32o2flash.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: STI Simulator — Unknown owner — C:WINDOWSSystem32PAStiSvc.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O24 — Desktop Component 0: (no name) — http://goverla.security-dog.org/foto/dogy/adyl/adyl2.jpg
O24 — Desktop Component 1: (no name) — http://diyanet7.diyanet.gov.tr/turkish/image/main_backround.gif
O24 — Desktop Component 2: (no name) — http://i45.odnoklassniki.ru/getImage?photoId=71214871945&photoType=0&gender=0&photoModify=1204440437050—
End of file — 12322 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3159228646-2939380819-3202377236-1005.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-11-11 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-12-10 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу в Windows Live — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-02-17 408440][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-12-10 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-12-10 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper — C:Program FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll [2008-03-27 1164600][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} — SweetIM Toolbar for Internet Explorer — C:Program FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll [2008-03-27 1164600]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2008-10-16 1578248][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-12-10 136600]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-27 206088][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-10-20 479496]
«MAgent»=C:Documents and SettingsdigitalsApplication DataMail.RuAgentMAgent.exe [2009-02-12 5600952][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBigDog303]
C:WINDOWSVM303_STI.EXE [2006-08-04 61440][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBitTorrent DNA]
C:Program FilesDNAbtdna.exe [2008-12-16 342848][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
C:Program FilesDownload Masterdmaster.exe [2008-11-18 3297280][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
C:Documents and SettingsdigitalsLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-12-08 133104][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNevoDRM]
C:Program FilesИгрыNevoDRMNevoDRM.exe [2008-07-29 201728][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2008-12-03 1205760][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
C:Program FilesPunto Switcherpunto.exe [2008-10-16 735016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2008-08-04 36352]C:Documents and SettingsdigitalsГлавное менюПрограммыАвтозагрузка
beeline.lnk —[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1adialhk.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSSYSTEM32igfxdev.dll [2005-11-28 135168][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-11-11 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSSYSTEM32WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«C:Documents and SettingsdigitalsApplication DataMail.RuAgentMagent.exe»=»C:Documents and SettingsdigitalsApplication DataMail.RuAgentMagent.exe:*:Enabled:Mail.Ru Агент»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWarcraft IIIWarcraft III.exe»=»C:Program FilesWarcraft IIIWarcraft III.exe:*:Enabled:Warcraft III»
«C:Program FilesWarcraft IIIWar3.exe»=»C:Program FilesWarcraft IIIWar3.exe:*:Enabled:Warcraft III»
«C:Program FilesMail.RuAgentmagent.exe»=»C:Program FilesMail.RuAgentmagent.exe:*:Enabled:Mail.Ru Агент»
«C:Program FilesWarcraft IIIFrozen Throne.exe»=»C:Program FilesWarcraft IIIFrozen Throne.exe:*:Enabled:Warcraft III — The Frozen Throne»
«C:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe»=»C:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe:*:Enabled:Kaspersky Anti-Virus»
«C:Documents and SettingsdigitalsРабочий стол21195562.exe»=»C:Documents and SettingsdigitalsРабочий стол21195562.exe:*:Enabled:21195562»
«C:kavkav7.0russiansetup.exe»=»C:kavkav7.0russiansetup.exe:*:Enabled:Программа установки Антивируса Касперского 7.0»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveMessengerlivecall.exe»=»C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)»
«C:DownloadsПрограммыSuperOkey.exe»=»C:DownloadsПрограммыSuperOkey.exe:*:Enabled:SuperOkey»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesDNAbtdna.exe»=»C:Program FilesDNAbtdna.exe:*:Enabled:DNA»
«C:Program FilesBitTorrentbittorrent.exe»=»C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent»
«C:Program FilesJavajre6launch4j-tmpJDownloader.exe»=»C:Program FilesJavajre6launch4j-tmpJDownloader.exe:*:Enabled:Java(TM) Platform SE binary»
«C:Program FilesGarenaGarena.exe»=»C:Program FilesGarenaGarena.exe:*:Enabled:Garena»
«C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe»=»C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe:*:Enabled:Nokia Software Updater»
«C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe»=»C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process «
«C:DownloadsПрограммыSuperOkey[2].exe»=»C:DownloadsПрограммыSuperOkey[2].exe:*:Disabled:SuperOkey[2]»
«C:Program FilesJavajre6binjava.exe»=»C:Program FilesJavajre6binjava.exe:*:Enabled:Java(TM) Platform SE binary»
«C:Documents and SettingsdigitalsApplication Datanscagent.exe»=»C:Documents and SettingsdigitalsApplication Datanscagent.exe:*:Enabled:Win32load»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveMessengerlivecall.exe»=»C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{01fd7c64-1eb3-11de-bffc-0018de9f3acb}]
shellAutoRuncommand — G:AutoRun.exe======File associations======
.scr — open — «C:WINDOWSsystem32NOTEPAD.EXE» «%1»
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2009-04-01 15:55:15 —-D—- C:_OTMoveIt
2009-04-01 15:47:11 —-RASHD—- C:autorun.inf
2009-03-27 04:22:16 —-D—- C:Program FilesCCleaner
2009-03-27 02:47:37 —-D—- C:Program Filestrend micro
2009-03-27 02:47:22 —-D—- C:rsit
2009-03-27 02:12:39 —-D—- C:Documents and SettingsdigitalsApplication DataMalwarebytes
2009-03-27 02:12:30 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-27 02:12:29 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-27 01:02:04 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-03-26 20:50:31 —-A—- C:Documents and SettingsdigitalsApplication Data~eu37.tmp
2009-03-12 01:06:07 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-03-12 01:05:56 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-03-12 01:05:09 —-A—- C:WINDOWSsystem32wmpns.dll
2009-03-12 01:04:37 —-HDC—- C:WINDOWS$NtUninstallKB959772_WM11$
2009-03-07 02:23:56 —-D—- C:Program FilesPartyGaming======List of files/folders modified in the last 1 months======
2009-04-01 16:03:45 —-D—- C:WINDOWSPrefetch
2009-04-01 15:59:59 —-D—- C:Program FilesMozilla Firefox
2009-04-01 15:59:07 —-D—- C:WINDOWSTemp
2009-04-01 15:58:50 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-04-01 15:57:09 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-01 15:55:16 —-D—- C:Program Files
2009-04-01 15:48:21 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-01 15:48:19 —-D—- C:WINDOWS
2009-03-31 15:35:53 —-D—- C:Documents and SettingsdigitalsApplication DataAdobe
2009-03-31 03:58:25 —-D—- C:Documents and SettingsdigitalsApplication DataMra
2009-03-28 03:50:48 —-A—- C:WINDOWSsystem32pingtime.ini
2009-03-27 04:46:55 —-D—- C:Documents and SettingsdigitalsApplication DataDNA
2009-03-27 04:36:03 —-D—- C:Program FilesИгры
2009-03-27 04:28:14 —-D—- C:WINDOWSDebug
2009-03-27 04:28:08 —-D—- C:WINDOWSMinidump
2009-03-27 04:06:36 —-D—- C:Program FilesDNA
2009-03-27 03:40:49 —-D—- C:WINDOWSsystem32drivers
2009-03-27 03:39:08 —-D—- C:WINDOWSsystem32
2009-03-27 01:22:25 —-SHD—- C:WINDOWSInstaller
2009-03-27 01:22:24 —-HD—- C:Config.Msi
2009-03-27 01:20:27 —-HD—- C:WINDOWSinf
2009-03-27 01:17:48 —-D—- C:Program FilesKaspersky Lab
2009-03-25 19:01:40 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-03-25 18:49:10 —-A—- C:WINDOWShegames.ini
2009-03-25 18:42:59 —-D—- C:hegames
2009-03-23 17:37:35 —-D—- C:Program FilesWarcraft III
2009-03-22 02:29:31 —-D—- C:Program FilesGarena
2009-03-12 01:06:12 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-03-12 00:20:59 —-HD—- C:WINDOWS$hf_mig$
2009-03-07 20:55:19 —-D—- C:travian
2009-03-05 20:41:06 —-D—- C:Program FilesCommon FilesMicrosoft Shared======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-03-27 226832]
R1 Tcpip6;Драйвер протокола IPv6 (Microsoft); C:WINDOWSsystem32DRIVERStcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-08-15 4368896]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NETw3x32;Драйвер адаптера Intel(R) PRO/Wireless 3945ABG для 32-разрядной версии Windows XP; C:WINDOWSsystem32DRIVERSNETw3x32.sys [2006-12-14 1709696]
R3 Stmatm;ATM/ADSL miniport; C:WINDOWSsystem32DRIVERSstmatm.sys [2003-08-12 60255]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2006-12-21 191168]
R3 tunmp;Драйвер адаптера минипорта Microsoft Tun; C:WINDOWSsystem32DRIVERStunmp.sys [2008-04-13 12288]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2006-03-15 244608]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
S1 NVKEYNT;NVKEYNT; C:WINDOWSsystem32driversNVKEYNT.sys []
S2 GiA_Guardant;GiA Guardant Emulator (v2.4); ??C:WINDOWSsystem32driversGiA_Guardant.sys []
S3 a8mtdjge;a8mtdjge; C:WINDOWSsystem32driversa8mtdjge.sys []
S3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
S3 BTCOMM;BTCOMM; C:WINDOWSsystem32driversBtcomm.sys []
S3 BthEnum;Служба Bluetooth Enumerator; C:WINDOWSsystem32DRIVERSBthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Драйвер для устройства связи по последовательному каналу Bluetooth; C:WINDOWSsystem32DRIVERSbthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2008-04-13 101120]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2008-06-14 272512]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2008-04-13 18944]
S3 BTKRNBDG;Bluetooth COM Bridge; C:WINDOWSsystem32DRIVERSbtkrnbdg.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 CSRBC01;%CSRBC01.SvcDesc%; C:WINDOWSSystem32Driverscsrbc01.sys []
S3 GarenaPEngine;GarenaPEngine; ??C:DOCUME~1digitalsLOCALS~1TempDTT1584.tmp []
S3 GMSIPCI;GMSIPCI; ??D:INSTALLGMSIPCI.SYS []
S3 HidBth;Минипорт Bluetooth HID Microsoft; C:WINDOWSsystem32DRIVERShidbth.sys [2008-04-14 25728]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:WINDOWSsystem32DRIVERSk750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSk750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:WINDOWSsystem32DRIVERSk750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:WINDOWSsystem32DRIVERSk750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:WINDOWSsystem32DRIVERSk750obex.sys [2005-02-11 79488]
S3 mpr_freader;MPR FileReader Driver; ??C:DRIVERSVZLmpr_freader.sys []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
S3 nm;Драйвер сетевого монитора; C:WINDOWSsystem32DRIVERSNMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2008-09-15 22016]
S3 npkcrypt;npkcrypt; ??C:Program Files4GAMELineageIIsystemnpkcrypt.sys []
S3 NPPTNT2;NPPTNT2; ??C:WINDOWSsystem32npptNT2.sys []
S3 NTACCESS;NTACCESS; ??D:NTACCESS.sys []
S3 PAC207;VideoCAM GF112; C:WINDOWSsystem32DRIVERSpfc027.sys [2005-04-08 162176]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2004-08-18 5888]
S3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-13 79232]
S3 SetupNTGLM7X;SetupNTGLM7X; ??D:NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 TaurusUsb;ADSL Modem USB Service; C:WINDOWSsystem32DRIVERStorususb.sys [2004-05-12 542893]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32DRIVERSusbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 vad_multi;Windigo Virtual Audio Device (WDM); C:WINDOWSsystem32driversvadmulti.sys []
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S3 ZSMC303;A4 TECH PC Camera H; C:WINDOWSSystem32DriversusbVM303.sys [2006-08-04 390849]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Служба поддержки IPv6; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-12-10 152984]
R2 O2Flash;O2Micro Flash Memory; C:WINDOWSsystem32o2flash.exe [2005-01-27 36864]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-03 69632]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 STI Simulator;STI Simulator; C:WINDOWSSystem32PAStiSvc.exe [2005-01-14 53248]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-27 206088]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-01-31 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2007-02-22 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-11-11 620544]
S3 usnjsvc;Messenger Paylas?m Klasorleri USN Gunluk Okuyucu hizmeti; C:Program FilesWindows LiveMessengerusnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:Program FilesWindows LiveinstallerWLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
EOF
Нужно проверить ещё.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
ComboFix 09-04-03.01 — digitals 2009-04-04 18:55:23.1 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.503.236 [GMT 4:00]
Running from: c:documents and settingsdigitalsРабочий столComboFix.exe
Command switches used :: c:documents and settingsdigitalsРабочий столWindowsXP-KB310994-SP2-Home-BootDisk-RUS.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowswinsys.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_MSUPDATE((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.2009-04-02 01:22 . 2009-04-02 01:22 d—s—- c:documents and settingsdigitalsUserData
2009-04-02 01:21 . 2009-04-02 01:21 268 —ah
C:sqmdata05.sqm
2009-04-02 01:21 . 2009-04-02 01:21 244 —ah
C:sqmnoopt05.sqm
2009-04-01 15:55 . 2009-04-01 15:55 d
C:_OTMoveIt
2009-03-27 04:22 . 2009-03-27 04:22 d
c:program filesCCleaner
2009-03-27 02:47 . 2009-03-27 02:49 d
C:rsit
2009-03-27 02:47 . 2009-04-01 16:03 d
c:program filestrend micro
2009-03-27 02:12 . 2009-03-27 02:12 d
c:program filesMalwarebytes’ Anti-Malware
2009-03-27 02:12 . 2009-03-27 02:12 d
c:documents and settingsdigitalsApplication DataMalwarebytes
2009-03-27 02:12 . 2009-03-27 02:12 d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-27 02:12 . 2009-03-26 17:49 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2009-03-27 02:12 . 2009-03-26 17:49 15,504 —a
c:windowssystem32driversmbam.sys
2009-03-27 01:21 . 2009-03-27 01:45 101,287 —a
c:windowssystem32driversklin.dat
2009-03-27 01:21 . 2009-03-27 01:45 89,601 —a
c:windowssystem32driversklick.dat
2009-03-27 01:17 . 2009-04-04 18:58 3,300,896 —ahs—- c:windowssystem32driversfidbox.dat
2009-03-27 01:17 . 2009-04-04 18:59 491,552 —ahs—- c:windowssystem32driversfidbox2.dat
2009-03-27 01:17 . 2009-04-04 18:58 26,868 —ahs—- c:windowssystem32driversfidbox.idx
2009-03-27 01:17 . 2009-04-04 18:58 2,760 —ahs—- c:windowssystem32driversfidbox2.idx
2009-03-27 01:02 . 2009-03-27 01:02 d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-03-21 20:59 . 2009-02-15 02:01 81,925 —ah
c:documents and settingsdigitalsKamaSutrav4.5.exe
2009-03-12 01:05 . 2004-08-18 20:00 221,184 —a
c:windowssystem32wmpns.dll
2009-03-10 22:00 . 2009-03-10 22:00 244 —ah
C:sqmnoopt04.sqm
2009-03-10 22:00 . 2009-03-10 22:00 232 —ah
C:sqmdata04.sqm
2009-03-10 20:44 . 2009-03-10 20:44 244 —ah
C:sqmnoopt03.sqm
2009-03-10 20:44 . 2009-03-10 20:44 232 —ah
C:sqmdata03.sqm
2009-03-10 20:23 . 2009-03-10 20:23 244 —ah
C:sqmnoopt02.sqm
2009-03-10 20:23 . 2009-03-10 20:23 232 —ah
C:sqmdata02.sqm
2009-03-07 02:23 . 2009-03-27 00:51 d
c:program filesPartyGaming.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 14:59
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-04-04 13:12
d
w c:documents and settingsdigitalsApplication DataMra
2009-03-27 00:46
d
w c:documents and settingsdigitalsApplication DataDNA
2009-03-27 00:36
d
w c:program filesИгры
2009-03-27 00:06
d
w c:program filesDNA
2009-03-26 21:45 33,808 —-a-w c:windowssystem32driversklbg.sys
2009-03-26 21:17
d
w c:program filesKaspersky Lab
2009-03-25 15:01
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-03-23 13:37
d
w c:program filesWarcraft III
2009-03-21 22:29
d
w c:program filesGarena
2009-02-28 18:51
d
w c:program filesVisiCon
2009-02-26 18:46
d
w c:program filesMicrosoft Silverlight
2009-02-21 16:24
d
w c:documents and settingsAll UsersApplication DataВеселаяФерма-ПечемПиццу
2009-02-21 16:09
d
w c:documents and settingsdigitalsApplication DataMagic Seeds
2009-02-20 21:23
d
w c:program filesAlawar.ru
2009-02-20 21:04
d
w c:program filesGames.Mail.Ru
2009-02-20 20:35
d
w c:program filesESET
2009-02-17 14:48
d
w c:program filesBuka
2009-02-06 07:52
d
w c:program filesAkella Games
2008-02-25 14:22 20,013 —-a-w c:program filesPatchWise.log
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{EEE6C35D-6118-11DC-9C72-001320C79847}»= «c:program filesSweetIMToolbarsInternet ExplorermgHelper.dll» [2008-03-27 173368][HKEY_CLASSES_ROOTclsid{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOTSweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOTTypeLib{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOTSweetIM_URLSearchHook.ToolbarURLSearchHook][HKEY_LOCAL_MACHINE~Browser Helper Objects{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 —a
c:program filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{EEE6C35B-6118-11DC-9C72-001320C79847}»= «c:program filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll» [2008-03-27 1164600]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248][HKEY_CLASSES_ROOTclsid{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOTTypeLib{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{EEE6C35B-6118-11DC-9C72-001320C79847}»= «c:program filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll» [2008-03-27 1164600]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-16 1578248][HKEY_CLASSES_ROOTclsid{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOTTypeLib{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-10-20 479496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-12-10 136600]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2009avp.exe» [2009-03-27 206088][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBigDog303]
—a
2006-08-04 18:08 61440 c:windowsVM303_STI.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBitTorrent DNA]
—a
2008-12-16 16:59 342848 c:program filesDNAbtdna.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
—a
2008-11-18 18:27 3297280 c:program filesDownload Masterdmaster.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
—a—-t- 2008-12-08 17:13 133104 c:documents and settingsdigitalsLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNevoDRM]
—a
2008-07-29 15:12 201728 c:program filesИгрыNevoDRMNevoDRM.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
—a
2008-12-03 13:47 1205760 c:program filesNokiaNokia PC Suite 7PCSuite.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
—a
2008-10-16 16:20 735016 c:program filesPunto Switcherpunto.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
—a
2008-08-04 03:02 36352 c:program filesWinampwinampa.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«MsnMsgr»=»c:program filesWindows LiveMessengermsnmsgr.exe» /background
«MAgent»=c:documents and settingsdigitalsApplication DataMail.RuAgentMAgent.exe -CU
«PcSync»=c:program filesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
«Download Master»=c:program filesDownload Masterdmaster.exe -autorun
«Skype»=»c:program filesSkypePhoneSkype.exe» /nosplash /minimized[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«SynTPEnh»=c:program filesSynapticsSynTPSynTPEnh.exe
«SkyTel»=SkyTel.EXE
«Alcmtr»=ALCMTR.EXE
«BluetoothAuthenticationAgent»=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
«BTSETBOOTKEY»=BTSetBootKey.exe
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe»
«NeroFilterCheck»=c:windowssystem32NeroCheck.exe
«AdslTaskBar»=rundll32.exe stmctrl.dll,TaskBar
«DataLayer»=c:progra~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
«BigDog303″=c:windowsVM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» -start
«HP Software Update»=c:program filesHPHP Software UpdateHPWuSchd2.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=
«c:\Documents and Settings\digitals\Application Data\Mail.Ru\Agent\Magent.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Warcraft III\Warcraft III.exe»=
«c:\Program Files\Warcraft III\War3.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«c:\Program Files\Warcraft III\Frozen Throne.exe»=
«c:\Documents and Settings\digitals\Рабочий стол\21195562.exe»=
«c:\kav\kav7.0\russian\setup.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\Program Files\Windows Live\Messenger\livecall.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\DNA\btdna.exe»=
«c:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe»=
«c:\Program Files\Garena\Garena.exe»=
«c:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe»=
«c:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe»=
«c:\Program Files\Java\jre6\bin\java.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«6112:TCP»= 6112:TCP:WarCraft III Battle.netR0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2008-01-29 33808]
R0 O2MDRDR;O2MDRDR;c:windowssystem32driverso2media.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR;c:windowssystem32driverso2sd.sys [2006-06-21 29184]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32driversklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [2008-04-30 24592]
R3 Stmatm;ATM/ADSL miniport;c:windowssystem32driversstmatm.sys [2007-12-19 60255]
S1 NVKEYNT;NVKEYNT; [x]
S2 GiA_Guardant;GiA Guardant Emulator (v2.4);c:windowssystem32driversGiA_Guardant.sys [2007-12-19 8960]
S3 BTCOMM;BTCOMM;c:windowssystem32driversBtcomm.sys —> c:windowssystem32driversBtcomm.sys [?]
S3 BTKRNBDG;Bluetooth COM Bridge;c:windowssystem32DRIVERSbtkrnbdg.sys —> c:windowssystem32DRIVERSbtkrnbdg.sys [?]
S3 CSRBC01;%CSRBC01.SvcDesc%;c:windowssystem32Driverscsrbc01.sys —> c:windowssystem32Driverscsrbc01.sys [?]
S3 GarenaPEngine;GarenaPEngine;??c:docume~1digitalsLOCALS~1TempDTT1584.tmp —> c:docume~1digitalsLOCALS~1TempDTT1584.tmp [?]
S3 mpr_freader;MPR FileReader Driver;c:driversVZLmpr_freader.sys [2008-11-24 2816]
S3 PAC207;VideoCAM GF112;c:windowssystem32driverspfc027.sys [2005-04-08 162176]
S3 SetupNTGLM7X;SetupNTGLM7X;??d:ntglm7x.sys —> d:NTGLM7X.sys [?]
S3 TaurusUsb;ADSL Modem USB Service;c:windowssystem32driverstorususb.sys [2007-12-19 542893]
S3 vad_multi;Windigo Virtual Audio Device (WDM);c:windowssystem32driversvadmulti.sys —> c:windowssystem32driversvadmulti.sys [?][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{01fd7c64-1eb3-11de-bffc-0018de9f3acb}]
ShellAutoRuncommand — G:AutoRun.exe
.
Contents of the ‘Scheduled Tasks’ folder2009-04-04 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3159228646-2939380819-3202377236-1005.job
— c:documents and settingsdigitalsLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-12-08 17:13]
.
— — — — ORPHANS REMOVED — — — —HKU-Default-Run-Nokia.PCSync — c:program filesNokiaNokia PC Suite 6PcSync2.exe
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.yandex.ru/?clid=27130
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options — c:program filesieSpelliespell.dll/SPELLOPTION.HTM
IE: Check &Spelling — c:program filesieSpelliespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Lookup on Merriam Webster — file://c:program filesieSpellMerriam Webster.HTM
IE: Lookup on Wikipedia — file://c:program filesieSpellwikipedia.HTM
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
Trusted Zone: beonline.ruwww
Trusted Zone: megafoncenter.ruwww
Trusted Zone: megafondv.ruwww
Trusted Zone: megafonkavkaz.ruwww
Trusted Zone: megafonmoscow.rusms
Trusted Zone: megafonnw.ruwww
Trusted Zone: megafonsib.ru
Trusted Zone: megafonural.ruwww
Trusted Zone: megafonvolga.ruwww
Trusted Zone: mts.rusms
Trusted Zone: tele2.ru
TCP: {974ED94F-DAC6-4D34-913D-EB43A5405BEC} = 213.234.192.7 195.14.50.1
FF — ProfilePath — c:documents and settingsdigitalsApplication DataMozillaFirefoxProfilesrjwnjpq9.default
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=27130
FF — plugin: c:documents and settingsdigitalsLocal SettingsApplication DataGoogleUpdate1.2.141.5npGoogleOneClick7.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdm.dll
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 18:59:54
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Other Running Processes
.
c:program filesJavajre6binjqs.exe
c:windowssystem32o2flash.exe
c:windowssystem32HPZipm12.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:windowssystem32PAStiSvc.exe
c:windowssystem32wbemwmiapsrv.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-04 19:04:04 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-04 15:04:01Pre-Run: 30 003 411 456 байт свободно
Post-Run: 30,486,353,920 байт свободноWindowsXP-KB310994-SP2-Home-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Home Edition RU» /noexecute=optin /fastdetect270 — E O F — 2009-03-20 17:52:53
вотПроверим ваш компьютер с помощью программы которая ищет руткиты.
Скачайте программу GMER кликнув по этой ссылке.
Распакуйте программу на ваш рабочий стол.
Отключите Интернет и все антивирусы.
Запустите программу.
В правой части программы, в небольшом окошке будут перечислены все ваши диски, пожалуйста выделите их галочками.
Кликните по кнопке Scan.
Когда сканирование закончится, кликните по кнопке Copy.
Запустите Блокнот (Пуск -> Выполнить, введите notepad и нажмите Enter).
Вставьте результаты сканирования в блокнот (CTRL + V). Сохраните получившийся файл на ваш рабочий стол.Вставьте содержимое записанного лога в ваш ответ.
- Для ответа в этой теме необходимо авторизоваться.
