- This topic has 10 ответов, 2 участника, and was last updated 15 years, 10 months назад by
.
-
Сообщения
-
Установился информер в правый нижний угол, закрывает почти четверть экрана. Написал, что через 30 дней удалится сам. Запускается при запуске любого браузера. Антивирус никак его не определяет, но окончание файла я видел как .js. Попробовал поудалять все подобные файлы, не помогло… Помогите пожалуйста удалить это.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Светулька at 2009-11-13 23:36:35
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 43 GB (36%) free of 119 GB
Total RAM: 3069 MB (50% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37:00, on 13.11.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: NormalRunning processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
c:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesJavajre6binjusched.exe
C:WindowsRtHDVCpl.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesToshibaConfigFreeNDSTray.exe
C:Program FilesToshibaToshiba Online Product InformationTOPI.exe
C:Program FilesPicasa2PicasaMediaDetector.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesCamera Assistant Software for Toshibatraybar.exe
C:Program FilesToshibaPower SaverTPwrMain.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:Program FilesToshibaSmoothViewSmoothView.exe
C:Program FilesToshibaFlashCardsTCrdMain.exe
C:WindowsSystem32wpcumi.exe
C:Program FilesEsetnod32kui.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WindowsWindowsMobilewmdc.exe
C:Program FilesCamera Assistant Software for ToshibaCEC_MAIN.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesToshibaTOSCDSPDTOSCDSPD.exe
C:Program FilesToshibaConfigFreeCFSwMgr.exe
C:UsersСветулькаAppDataRoamingMail.RuAgentmagent.exe
C:Program FilesSprite SoftwareSprite BackupSpriteService.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Windowssystem32wuauclt.exe
C:WindowsSystem32mobsync.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:UsersСветулькаDesktopRSIT.exe
C:Program Filestrend microСветулька.exeR1 — HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://yandex.ru/yandsearch?clid=123046&text=%s
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=123048
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://yandex.ru/yandsearch?clid=123044
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=123048
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:UsersСветулькаAppDataRoamingMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll
O1 — Hosts: ::1 localhost
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: McAfee Phishing Filter — {27B4851A-3207-45A2-B947-BE8AFE6163AB} — c:PROGRA~1mcafeemskmskapbho.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 — BHO: scriptproxy — {7DB2D5A0-7241-4E79-B68D-6309F01C5231} — c:PROGRA~1mcafeeVIRUSS~1scriptsn.dll
O2 — BHO: (no name) — {88888888-8888-8888-8888-888888888888} — (no file)
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesmail.rusputnikMailRuSputnik.dll
O2 — BHO: script helper for ie — {9B5FB65F-631E-4564-ABF2-AD71845B28E0} — C:Program FilesGet-Styles 2.0iejsloader.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll
O2 — BHO: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: MS Media Module — {E4D7AD54-5F3F-4F02-A7B8-A4849B16EE87} — %APPDATA%at_EHI.dll (file missing)
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll
O3 — Toolbar: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O3 — Toolbar: Get-Styles Toolbar — {5BCDC9E9-A980-4B53-B2E8-60CFF484DA61} — C:Program FilesGet-Styles 2.0ietoolbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [ITSecMng] %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
O4 — HKLM..Run: [NDSTray.exe] NDSTray.exe
O4 — HKLM..Run: [mcagent_exe] «C:Program FilesMcAfee.comAgentmcagent.exe» /runkey
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [topi] C:Program FilesTOSHIBAToshiba Online Product Informationtopi.exe -startup
O4 — HKLM..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe
O4 — HKLM..Run: [Google Desktop Search] «C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe» /startup
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe»
O4 — HKLM..Run: [Camera Assistant Software] «C:Program FilesCamera Assistant Software for Toshibatraybar.exe» /start
O4 — HKLM..Run: [TPwrMain] %ProgramFiles%TOSHIBAPower SaverTPwrMain.EXE
O4 — HKLM..Run: [HSON] %ProgramFiles%TOSHIBATBSHSON.exe
O4 — HKLM..Run: [SmoothView] %ProgramFiles%ToshibaSmoothViewSmoothView.exe
O4 — HKLM..Run: [00TCrdMain] %ProgramFiles%TOSHIBAFlashCardsTCrdMain.exe
O4 — HKLM..Run: [Toshiba Registration] C:Program FilesToshibaRegistrationToshibaRegistration.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [WPCUMI] C:Windowssystem32WpcUmi.exe
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [actx.exe] «C:Program FilesMegaFonMultiFonactx.exe» /autostart
O4 — HKLM..Run: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 — HKCU..Run: [TOSCDSPD] C:Program FilesTOSHIBATOSCDSPDTOSCDSPD.exe
O4 — HKCU..Run: [MAgent] C:UsersСветулькаAppDataRoamingMail.RuAgentMAgent.exe -CU
O4 — HKCU..Run: [SpriteService] «C:Program FilesSprite SoftwareSprite BackupSpriteService.exe»
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — .DEFAULT User Startup: TRDCReminder.lnk = C:Program FilesToshibaTRDCReminderTRDCReminder.exe (User ‘Default user’)
O4 — Startup: TRDCReminder.lnk = C:Program FilesToshibaTRDCReminderTRDCReminder.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Поиск@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/283
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra ‘Tools’ menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: eBay — {76577871-04EC-495E-A12B-91F7C3600AFA} — http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?RU (file missing)
O9 — Extra button: Amazon.co.uk — {8A918C1D-E123-4E36-B562-5C1519E434CE} — http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:UsersСветулькаAppDataRoamingMail.RuAgentmagent.exe (HKCU)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:UsersСветулькаAppDataRoamingMail.RuAgentmagent.exe (HKCU)
O13 — Gopher Prefix:
O18 — Protocol: base64 — {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} — C:Program FilesGet-Styles 2.0ietdataprotocol.dll
O18 — Protocol: chrome — {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} — C:Program FilesGet-Styles 2.0ietdataprotocol.dll
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 — Filter: x-sdch — {B1759355-3EEC-4C1E-B0F1-B719FE26E377} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O20 — AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~3GOEC62~1.DLL
O23 — Service: Agere Modem Call Progress Audio (AgereModemAudio) — Agere Systems — C:Windowssystem32agrsmsvc.exe
O23 — Service: Ati External Event Utility — ATI Technologies Inc. — C:Windowssystem32Ati2evxx.exe
O23 — Service: ConfigFree Service — TOSHIBA CORPORATION — C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: GoogleDesktopManager — Google — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: McAfee Services (mcmscsvc) — McAfee, Inc. — C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 — Service: McAfee Network Agent (McNASvc) — McAfee, Inc. — c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 — Service: McAfee Scanner (McODS) — McAfee, Inc. — C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 — Service: McAfee Proxy Service (McProxy) — McAfee, Inc. — c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 — Service: McAfee Real-time Scanner (McShield) — McAfee, Inc. — C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 — Service: McAfee Personal Firewall Service (MpfService) — McAfee, Inc. — C:Program FilesMcAfeeMPFMPFSrv.exe
O23 — Service: McAfee Anti-Spam Service (MSK80Service) — McAfee, Inc. — C:Program FilesMcAfeeMSKMskSrver.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: PnkBstrA — Unknown owner — C:Windowssystem32PnkBstrA.exe
O23 — Service: PnkBstrB — Unknown owner — C:Windowssystem32PnkBstrB.exe
O23 — Service: TOSHIBA Navi Support Service (TNaviSrv) — TOSHIBA Corporation — C:Program FilesToshibaTOSHIBA DVD PLAYERTNaviSrv.exe
O23 — Service: TOSHIBA Optical Disc Drive Service (TODDSrv) — TOSHIBA Corporation — C:Windowssystem32TODDSrv.exe
O23 — Service: TOSHIBA Power Saver (TosCoSrv) — TOSHIBA Corporation — C:Program FilesToshibaPower SaverTosCoSrv.exe
O23 — Service: TOSHIBA Bluetooth Service — TOSHIBA CORPORATION — c:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
O23 — Service: TOSHIBA SMART Log Service — TOSHIBA Corporation — C:Program FilesTOSHIBASMARTLogServiceTosIPCSrv.exe
O23 — Service: Ulead Burning Helper (UleadBurningHelper) — Ulead Systems, Inc. — C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe—
End of file — 13982 bytes======Scheduled tasks folder======
C:WindowstasksMcDefragTask.job
C:WindowstasksMcQcTask.job
C:WindowstasksUser_Feed_Synchronization-{A16FFCB4-7386-461B-A288-7584F6B4358A}.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter — c:PROGRA~1mcafeemskmskapbho.dll [2009-01-09 246800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy — c:PROGRA~1mcafeeVIRUSS~1scriptsn.dll [2009-03-25 62784][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{88888888-8888-8888-8888-888888888888}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — c:program filesmail.rusputnikMailRuSputnik.dll [2009-05-25 680624][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9B5FB65F-631E-4564-ABF2-AD71845B28E0}]
WitBHO Class — C:Program FilesGet-Styles 2.0iejsloader.dll [2009-08-05 215040][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-29 259696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll [2009-09-28 762864][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
Radio W Toolbar — C:Program FilesRadio_WtbRadi.dll [2009-05-20 2085400][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll [2009-05-21 470512][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-10-06 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E4D7AD54-5F3F-4F02-A7B8-A4849B16EE87}]
MS Media Module — C:UsersСветулькаAppDataRoamingat_EHI.dll [2009-11-13 16896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll [2009-05-25 680624]
{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — Radio W Toolbar — C:Program FilesRadio_WtbRadi.dll [2009-05-20 2085400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-29 259696]
{5BCDC9E9-A980-4B53-B2E8-60CFF484DA61} — Get-Styles Toolbar — C:Program FilesGet-Styles 2.0ietoolbar.dll [2009-07-28 122368]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-07-24 5586208][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2008-01-21 1008184]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-10-06 149280]
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2008-01-29 4911104]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2007-12-06 1029416]
«ITSecMng»=C:Program FilesTOSHIBABluetooth Toshiba StackItSecMng.exe [2007-09-28 75136]
«NDSTray.exe»=NDSTray.exe []
«mcagent_exe»=C:Program FilesMcAfee.comAgentmcagent.exe [2009-03-25 645328]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2007-05-11 40048]
«topi»=C:Program FilesTOSHIBAToshiba Online Product Informationtopi.exe [2007-07-10 581632]
«Picasa Media Detector»=C:Program FilesPicasa2PicasaMediaDetector.exe [2006-12-06 366400]
«Google Desktop Search»=C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-04-23 1836544]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2006-11-10 90112]
«Camera Assistant Software»=C:Program FilesCamera Assistant Software for Toshibatraybar.exe [2007-10-25 413696]
«TPwrMain»=C:Program FilesTOSHIBAPower SaverTPwrMain.EXE [2008-01-17 431456]
«HSON»=C:Program FilesTOSHIBATBSHSON.exe [2007-10-31 54608]
«SmoothView»=C:Program FilesToshibaSmoothViewSmoothView.exe [2008-01-25 509816]
«00TCrdMain»=C:Program FilesTOSHIBAFlashCardsTCrdMain.exe [2008-01-22 712704]
«Toshiba Registration»=C:Program FilesToshibaRegistrationToshibaRegistration.exe [2007-05-04 571024]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-05-25 6210744]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2009-06-18 949376]
«WPCUMI»=C:Windowssystem32WpcUmi.exe [2006-11-02 176128]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2007-08-24 33648]
«actx.exe»=C:Program FilesMegaFonMultiFonactx.exe [2009-05-27 5458432]
«Windows Mobile Device Center»=C:WindowsWindowsMobilewmdc.exe [2007-05-31 648072]
«Malwarebytes Anti-Malware (reboot)»=C:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2008-01-21 1233920]
«WindowsWelcomeCenter»=oobefldr.dll,ShowWelcomeCenter []
«TOSCDSPD»=C:Program FilesTOSHIBATOSCDSPDTOSCDSPD.exe [2008-01-29 430080]
«MAgent»=C:UsersСветулькаAppDataRoamingMail.RuAgentMAgent.exe [2009-08-09 7975608]
«SpriteService»=C:Program FilesSprite SoftwareSprite BackupSpriteService.exe [2006-08-18 544768]
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2008-01-21 202240]C:UsersСветулькаAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
TRDCReminder.lnk — C:Program FilesToshibaTRDCReminderTRDCReminder.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1GoogleGOOGLE~3GOEC62~1.DLL»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
igfxdev.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmcmscsvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMCODS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMpfService]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«LogonHoursAction»=2
«DontDisplayLogonHoursWarnings»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b0f746aa-9d08-11de-8e34-001e3352d052}]
shellAutoRuncommand — D:AutoRun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b52da50f-998c-11de-9dfe-001f3c81e79a}]
shellAutoRuncommand — D:AutoRun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b52da527-998c-11de-9dfe-001f3c81e79a}]
shellAutoRuncommand — D:AutoRun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b52da55d-998c-11de-9dfe-001e3352d052}]
shellAutoRuncommand — D:AutoRun.exe======File associations======
.js — edit — C:WindowsSystem32Notepad.exe %1
.js — open — C:WindowsSystem32WScript.exe «%1» %*======List of files/folders created in the last 1 months======
2009-11-13 23:36:35 —-D—- C:rsit
2009-11-13 23:36:35 —-D—- C:Program Filestrend micro
2009-11-13 21:41:23 —-A—- C:Windowssystem32PerfStringBackup.TMP
2009-11-13 21:25:56 —-D—- C:UsersСветулькаAppDataRoamingMalwarebytes
2009-11-13 21:25:50 —-D—- C:ProgramDataMalwarebytes
2009-11-13 21:25:49 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-11-13 19:53:11 —-A—- C:UsersСветулькаAppDataRoamingat_EHI.dll
2009-11-11 14:29:39 —-A—- C:Windowssystem32WSDApi.dll
2009-11-04 18:06:17 —-A—- C:Windowssystem32mshtml.dll
2009-10-29 20:20:26 —-A—- C:Windowssystem32wups2.dll
2009-10-29 20:20:26 —-A—- C:Windowssystem32wucltux.dll
2009-10-29 20:20:26 —-A—- C:Windowssystem32wuaueng.dll
2009-10-29 20:20:26 —-A—- C:Windowssystem32wuauclt.exe
2009-10-29 20:19:40 —-A—- C:Windowssystem32wups.dll
2009-10-29 20:19:40 —-A—- C:Windowssystem32wudriver.dll
2009-10-29 20:19:40 —-A—- C:Windowssystem32wuapi.dll
2009-10-29 20:19:10 —-A—- C:Windowssystem32wuwebv.dll
2009-10-29 20:19:08 —-A—- C:Windowssystem32wuapp.exe
2009-10-16 06:29:39 —-A—- C:Windowssystem32WMSPDMOD.DLL
2009-10-16 06:28:14 —-A—- C:Windowssystem32ntkrnlpa.exe
2009-10-16 06:28:13 —-A—- C:Windowssystem32ntoskrnl.exe
2009-10-16 06:28:08 —-A—- C:Windowssystem32msv1_0.dll
2009-10-16 06:27:32 —-A—- C:Windowssystem32ieframe.dll
2009-10-16 06:27:31 —-A—- C:Windowssystem32iertutil.dll
2009-10-16 06:27:30 —-A—- C:Windowssystem32wininet.dll
2009-10-16 06:27:30 —-A—- C:Windowssystem32urlmon.dll
2009-10-16 06:27:29 —-A—- C:Windowssystem32occache.dll
2009-10-16 06:27:29 —-A—- C:Windowssystem32msfeeds.dll
2009-10-16 06:27:29 —-A—- C:Windowssystem32iedkcs32.dll
2009-10-16 06:27:28 —-A—- C:Windowssystem32ieui.dll
2009-10-16 06:27:27 —-A—- C:Windowssystem32msfeedssync.exe
2009-10-16 06:27:27 —-A—- C:Windowssystem32msfeedsbs.dll
2009-10-16 06:27:27 —-A—- C:Windowssystem32jsproxy.dll
2009-10-16 06:27:27 —-A—- C:Windowssystem32ieUnatt.exe
2009-10-16 06:27:27 —-A—- C:Windowssystem32iesysprep.dll
2009-10-16 06:27:27 —-A—- C:Windowssystem32iesetup.dll
2009-10-16 06:27:27 —-A—- C:Windowssystem32iernonce.dll
2009-10-16 06:27:27 —-A—- C:Windowssystem32iepeers.dll
2009-10-16 06:27:27 —-A—- C:Windowssystem32ie4uinit.exe
2009-10-16 06:26:55 —-A—- C:Windowssystem32msasn1.dll======List of files/folders modified in the last 1 months======
2009-11-13 23:37:00 —-D—- C:WindowsPrefetch
2009-11-13 23:36:51 —-D—- C:WindowsTemp
2009-11-13 23:36:35 —-RD—- C:Program Files
2009-11-13 21:41:23 —-D—- C:Windowsinf
2009-11-13 21:41:23 —-AD—- C:WindowsSystem32
2009-11-13 21:35:44 —-D—- C:Windows
2009-11-13 21:25:52 —-D—- C:Windowssystem32drivers
2009-11-13 21:25:50 —-HD—- C:ProgramData
2009-11-13 19:08:46 —-SHD—- C:System Volume Information
2009-11-12 03:06:11 —-SHD—- C:WindowsInstaller
2009-11-12 03:06:04 —-D—- C:ProgramDataMicrosoft Help
2009-11-12 03:00:55 —-D—- C:Windowswinsxs
2009-11-12 02:26:58 —-SD—- C:ProgramDataMicrosoft
2009-11-11 14:16:10 —-D—- C:Windowssystem32catroot
2009-11-11 14:14:34 —-D—- C:Windowssystem32catroot2
2009-11-07 18:44:26 —-D—- C:Program FilesMozilla Firefox
2009-11-05 20:36:21 —-A—- C:Windowssystem32mrt.exe
2009-11-01 03:03:45 —-RSD—- C:Windowsassembly
2009-10-31 03:03:03 —-D—- C:Program FilesCommon Filesmicrosoft shared
2009-10-30 19:53:42 —-D—- C:Program FilesArtMoney
2009-10-30 03:38:25 —-D—- C:Windowsrescache
2009-10-30 03:21:15 —-D—- C:Windowssystem32ru-RU
2009-10-18 20:47:17 —-D—- C:WindowsMicrosoft.NET
2009-10-18 20:35:50 —-D—- C:Windowssystem32migration
2009-10-18 20:35:50 —-D—- C:Program FilesInternet Explorer======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 mfehidk;McAfee Inc. mfehidk; C:Windowssystem32driversmfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:WindowsSystem32DriversMpfp.sys [2008-10-23 130424]
R1 nod32drv;nod32drv; C:Windowssystem32driversnod32drv.sys [2009-06-18 15424]
R2 AMON;AMON; C:Windowssystem32driversamon.sys [2009-06-18 512096]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-07-30 38400]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:Windowssystem32DRIVERSAGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:Windowssystem32DRIVERSatikmdag.sys [2008-01-30 3483648]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Microsoft); C:Windowssystem32DRIVERSCmBatt.sys [2008-01-21 14208]
R3 FwLnk;FwLnk Driver; C:Windowssystem32DRIVERSFwLnk.sys [2006-11-20 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2008-01-30 2058528]
R3 mfeavfk;McAfee Inc. mfeavfk; C:Windowssystem32driversmfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:Windowssystem32driversmfebopk.sys [2009-03-25 35272]
R3 NETw4v32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows Vista 32 Bit; C:Windowssystem32DRIVERSNETw4v32.sys [2007-09-26 2251776]
R3 RTL8169;Realtek 8169 NT Driver; C:Windowssystem32DRIVERSRtlh86.sys [2007-12-28 104448]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2008-01-21 88576]
R3 SynTP;Synaptics TouchPad Driver; C:Windowssystem32DRIVERSSynTP.sys [2007-12-06 196400]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:Windowssystem32DRIVERStdcmdpst.sys [2006-10-18 16128]
R3 tosrfec;Bluetooth ACPI; C:Windowssystem32DRIVERStosrfec.sys [2006-10-23 9216]
R3 usbvideo;Chicony USB 2.0 Camera; C:WindowsSystem32Driversusbvideo.sys [2008-01-21 134016]
R3 UVCFTR;UVCFTR; C:WindowsSystem32DriversUVCFTR_S.SYS [2007-12-17 18432]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2008-12-13 102784]
S3 hwusbfake;Huawei DataCard USB Fake; C:Windowssystem32DRIVERSewusbfake.sys [2008-12-30 103040]
S3 igfx;igfx; C:Windowssystem32DRIVERSigdkmd32.sys []
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:Windowssystem32driversIntcHdmi.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:Windowssystem32driversmferkdk.sys [2009-03-25 34216]
S3 mfesmfk;McAfee Inc. mfesmfk; C:Windowssystem32driversmfesmfk.sys [2009-03-25 40552]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-21 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG — драйвер адаптера 32-разрядной версии Windows Vista; C:Windowssystem32DRIVERSNETw3v32.sys [2008-01-21 2225664]
S3 Tosrfcom;Tosrfcom; C:Windowssystem32driversTosrfcom.sys []
S3 usb_rndisx;Адаптер USB RNDIS; C:Windowssystem32DRIVERSusb8023x.sys [2008-01-21 15872]
S3 WpdUsb;WpdUsb; C:Windowssystem32DRIVERSwpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys [2008-01-21 11264]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:Windowssystem32agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:Windowssystem32Ati2evxx.exe [2008-01-30 643072]
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 ConfigFree Service;ConfigFree Service; C:Program FilesTOSHIBAConfigFreeCFSvcs.exe [2007-12-25 40960]
R2 mcmscsvc;McAfee Services; C:PROGRA~1McAfeeMSCmcmscsvc.exe [2009-03-25 797864]
R2 McNASvc;McAfee Network Agent; c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:PROGRA~1McAfeeVIRUSS~1mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:Program FilesMcAfeeMPFMPFSrv.exe [2009-03-19 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:Program FilesMcAfeeMSKMskSrver.exe [2009-01-09 26640]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2009-06-18 552064]
R2 PnkBstrA;PnkBstrA; C:Windowssystem32PnkBstrA.exe [2009-06-16 66872]
R2 PnkBstrB;PnkBstrB; C:Windowssystem32PnkBstrB.exe [2009-06-16 103736]
R2 RapiMgr;@%windir%WindowsMobilerapimgr.dll,-104; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:Program FilesToshibaTOSHIBA DVD PLAYERTNaviSrv.exe [2008-01-21 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:Windowssystem32TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:Program FilesToshibaPower SaverTosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe [2007-09-28 128360]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:Program FilesTOSHIBASMARTLogServiceTosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe [2006-08-23 49152]
R2 WcesComm;@%windir%WindowsMobilewcescomm.dll,-40079; C:Windowssystem32svchost.exe [2008-01-21 21504]
S3 GoogleDesktopManager;GoogleDesktopManager; C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-04-23 1836544]
S3 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-05-21 182768]
S3 McODS;McAfee Scanner; C:PROGRA~1McAfeeVIRUSS~1mcods.exe [2009-04-01 365072]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S4 McSysmon;McAfee SystemGuards; C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe [2009-03-23 606736]
EOF
info.txt logfile of random’s system information tool 1.06 2009-11-13 23:37:01
======Uninstall list======
—>»C:Program FilesInstallShield Installation Information{A644254B-92F6-4970-8635-AB0775371E72}setup.exe» —u:{A644254B-92F6-4970-8635-AB0775371E72}
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{622E6F16-0904-49B6-BBE1-4CC836314CCF}setup.exe» -l0x9
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{697AFC77-F318-4CD4-BF16-F50F4C1072DA}setup.exe» -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites—>»C:ProgramData{174892B1-CBE7-44F5-86FF-AB555EFD73A3}Microsoft Office Activation Assistant.exe» REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX—>C:Windowssystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:Windowssystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 8.1.0 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A81000000003}
Application Suite—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CFD65E8-C489-438C-B283-A1919CDA50E1}Setup.exe» -l0x19
ArtMoney SE v7.30.3—>»C:Program FilesArtMoneyUninstallunins000.exe»
Bluetooth Stack for Windows by Toshiba—>MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
BS.Player FREE powered by AdVantage—>»C:Program FilesWebtehBSplayeruninstall.exe»
Call of Duty(R) 4 — Modern Warfare(TM)—>C:Program FilesInstallShield Installation Information{E48469CC-635E-4FD5-A122-1497C286D217}setup.exe -runfromtemp -l0x0419
Camera Assistant Software for Toshiba—>C:Program FilesInstallShield Installation Information{37C866E4-AA67-4725-9E95-A39968DD7960}Setup.exe -runfromtemp -l0x0019
Catalyst Control Center — Branding—>MsiExec.exe /I{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}
Charles—>»C:Program FilesCharlesuninstall.exe»
Desktop SMS—>MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
DocumentsRescue Pro 4.0—>C:Program FilesDocumentsRescue Prouninst.exe
DVD MovieFactory for TOSHIBA—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}setup.exe» -l0x9
FlylinkDC++ r(329)—>»C:Program FilesFlylinkDC++unins000.exe»
Get-Styles для ВКонтакте—>C:Program FilesGet-Styles 2.0uninstall.exe
Google Desktop—>C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopSetup.exe -uninstall
Google Earth—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}setup.exe» -l0x9 -removeonly
Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_9DE96A29E721D90A.exe» /uninstall
Google Toolbar for Internet Explorer—>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
Intel® Matrix Storage Manager—>C:Windowssystem32imsmudlg.exe -uninstall
Java(TM) 6 Update 15—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Mail.Ru Агент 5.4 (сборка 2652, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Mail.Ru Спутник 2.0.1.90—>c:program filesmail.rusputnikSputnikInstaller.exe -uninstall
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
McAfee SecurityCenter—>C:Program FilesMcAfeeMSCmcuninst.exe
MegaFon Internet—>C:Program FilesMegaFon Internetuninst.exe
Microsoft .NET Framework 3.5 SP1—>C:WindowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Russian)—>MsiExec.exe /X{95120000-00AF-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works—>MsiExec.exe /I{93492218-15C0-4719-B898-05FC5769F2E6}
Mozilla Firefox (3.5.5)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MultiFon—>MsiExec.exe /I{19CE7CCB-79B3-4522-B23D-2ECABA1C98FC}
Need For Speed Hot Pursuit 2—>»C:Program FilesNeed For Speed Hot Pursuit 2unins000.exe»
OpenOffice.org Installer 1.0—>MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Opera 9.64—>MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Picasa 2—>»C:Program FilesPicasa2Uninstall.exe»
Radio_W Toolbar—>C:PROGRA~1Radio_WUNWISE.EXE /U C:PROGRA~1Radio_WINSTALL.LOG
RAR Key—>C:PROGRA~1PasswareUNWISE.EXE /U C:PROGRA~1Passwarerarkey.log
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista—>C:Program FilesInstallShield Installation Information{8833FFB6-5B0C-4764-81AA-06DFEED9A476}setup.exe -runfromtemp -l0x0019 -removeonly
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{59F6A514-9813-47A3-948C-8A155460CC2A}setup.exe» -l0x19 anything
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office OneNote 2007 (KB950130)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office Outlook 2007 (KB972363)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Media Encoder (KB954156)—>msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Sprite Backup—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{ABC5404F-F0F3-4221-8DB9-5D34DD866E50}setup.exe» -l0x19
Synaptics Pointing Device Driver—>rundll32.exe «C:Program FilesSynapticsSynTPSynISDLL.dll»,standAloneUninstall
TCPMP—>C:WindowsWindowsMobileTCPMPUninstall.exe TCPMP
TOSHIBA Assist—>C:Program FilesInstallShield Installation Information{12B3A009-A080-4619-9A2A-C6DB151D8D67}setup.exe -runfromtemp -l0x0019 -removeonly
TOSHIBA ConfigFree—>MsiExec.exe /X{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}
TOSHIBA Disc Creator—>MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER—>C:Program FilesInstallShield Installation Information{6C5F3BDC-0A1B-4436-A696-5939629D5C31}setup.exe -runfromtemp -l0x0019 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center—>C:Program FilesInstallShield Installation Information{617C36FD-0CBE-4600-84B2-441CEB12FADF}setup.exe -runfromtemp -l0x0419
TOSHIBA Face Recognition—>»C:Program FilesInstallShield Installation Information{C730E42C-935A-45BB-A0C5-37E5234D111B}setup.exe» -runfromtemp -l0x0419 -removeonly
TOSHIBA Face Recognition—>MsiExec.exe /I{C730E42C-935A-45BB-A0C5-37E5234D111B}
TOSHIBA Hardware Setup—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2883F6F5-0509-43F3-868C-D50330DD9DD3}setup.exe» -l0x19
Toshiba Online Product Information—>C:Program FilesInstallShield Installation Information{2290A680-4083-410A-ADCC-7092C67FC052}setup.exe -runfromtemp -l0x0019 -removeonly
TOSHIBA Recovery Disc Creator—>MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA SD Memory Utilities—>MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem—>Tosmreg -U
TOSHIBA Supervisor Password—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4B1E87C3-00DE-4898-8E39-E390AAEF2391}setup.exe» -l0x19
TOSHIBA Value Added Package—>C:Program FilesInstallShield Installation Information{FEDD27A0-B306-45EF-BF58-B527406B42C8}setup.exe -runfromtemp -l0x0419
TRDCReminder—>C:Program FilesInstallShield Installation Information{773970F1-5EBA-4474-ADEE-1EA3B0A59492}setup.exe -runfromtemp -l0x0419
TRORDCLauncher—>C:Program FilesInstallShield Installation Information{E65C7D8E-186D-484B-BEA8-DEF0331CE600}setup.exe -runfromtemp -l0x0419
Update for 2007 Microsoft Office System (KB967642)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
Update for Outlook 2007 Junk Email Filter (kb975960)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5}
Vista Codec Package—>MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
VKLife 1.9—>»C:VKLifeunins000.exe»
Windows Media Encoder 9 Series—>msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series—>MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Антивирусная система NOD32—>C:Program FilesEsetSetupsetup.exe /UNINSTALL
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Обновление драйверов Центра устройств Windows Mobile—>MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office—>MsiExec.exe /X{90120000-0020-0419-0000-0000000FF1CE}
Ресурсы Windows Mobile—>C:Program FilesWindows Mobile Device HandbookWindows Mobile Device HandbookBinDHUninstall.exe
Справочные руководства TOSHIBA—>C:Program FilesInstallShield Installation Information{5892352E-6D3B-4DA6-BF5C-0249A4C6C114}setup.exe -runfromtemp -l0x0019 -removeonly
Утилита CD/DVD Drive Acoustic Silencer—>C:Program FilesInstallShield Installation Information{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}setup.exe -runfromtemp -l0x0019 -removeonly
Центр устройств Windows Mobile—>MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Яндекс.Бар 4.2 для Internet Explorer—>MsiExec.exe /X{6740F9E3-1353-47DD-9765-BA49FC4C3479}======Security center information======
AV: Антивирусная система Eset NOD32 2.70 (outdated)
AS: Windows Defender======System event log======
Computer Name: SVETULKA
Event Code: 1103
Message: Компьютеру успешно назначен сетевой адрес, и теперь он может подключаться к другим компьютерам.
Record Number: 50345
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091113203532.000000-000
Event Type: Сведения
User:Computer Name: SVETULKA
Event Code: 7036
Message: Служба «McAfee Real-time Scanner» перешла в состояние Приостановлена.
Record Number: 50346
Source Name: Service Control Manager
Time Written: 20091113203608.000000-000
Event Type: Сведения
User:Computer Name: SVETULKA
Event Code: 7036
Message: Служба «McAfee Real-time Scanner» перешла в состояние Работает.
Record Number: 50347
Source Name: Service Control Manager
Time Written: 20091113203609.000000-000
Event Type: Сведения
User:Computer Name: SVETULKA
Event Code: 7036
Message: Служба «McAfee Real-time Scanner» перешла в состояние Приостановлена.
Record Number: 50348
Source Name: Service Control Manager
Time Written: 20091113203611.000000-000
Event Type: Сведения
User:Computer Name: SVETULKA
Event Code: 7036
Message: Служба «McAfee Real-time Scanner» перешла в состояние Работает.
Record Number: 50349
Source Name: Service Control Manager
Time Written: 20091113203611.000000-000
Event Type: Сведения
User:=====Application event log=====
Computer Name: SVETULKA
Event Code: 3006
Message: Не удалось прочесть раздел реестра для строк счетчиков производительности, определенных для языка с ИД 019. Первое двойное слово DWORD в секции данных содержит код ошибки Win32.
Record Number: 7217
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20091113184123.000000-000
Event Type: Предупреждение
User:Computer Name: SVETULKA
Event Code: 3006
Message: Не удалось прочесть раздел реестра для строк счетчиков производительности, определенных для языка с ИД 009. Первое двойное слово DWORD в секции данных содержит код ошибки Win32.
Record Number: 7218
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20091113184123.000000-000
Event Type: Предупреждение
User:Computer Name: SVETULKA
Event Code: 3006
Message: Не удалось прочесть раздел реестра для строк счетчиков производительности, определенных для языка с ИД 019. Первое двойное слово DWORD в секции данных содержит код ошибки Win32.
Record Number: 7219
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20091113184123.000000-000
Event Type: Предупреждение
User:Computer Name: SVETULKA
Event Code: 1000
Message: Cчетчики производительности для службы WmiApRpl (WmiApRpl) загружены успешно. Данные в секции данных содержат новые значения индексов, назначенные этой службе.
Record Number: 7220
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20091113184123.000000-000
Event Type: Сведения
User:Computer Name: SVETULKA
Event Code: 8
Message: Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code).
Record Number: 7221
Source Name: RapiMgr
Time Written: 20091113195811.000000-000
Event Type: Ошибка
User:=====Security event log=====
Computer Name: SVETULKA
Event Code: 5038
Message: Средство проверки целостности кода обнаружило, что хэш образа файла недопустим. Файл может быть поврежден после его несанкционированного изменения, или недопустимый хэш может указывать на потенциальную ошибку дискового устройства.Имя файла: DeviceHarddiskVolume2WindowsSystem32driverstcpip.sys
Record Number: 25049
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091113203659.366670-000
Event Type: Сбой аудита
User:Computer Name: SVETULKA
Event Code: 5038
Message: Средство проверки целостности кода обнаружило, что хэш образа файла недопустим. Файл может быть поврежден после его несанкционированного изменения, или недопустимый хэш может указывать на потенциальную ошибку дискового устройства.Имя файла: DeviceHarddiskVolume2WindowsSystem32driverstcpip.sys
Record Number: 25050
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091113203659.406670-000
Event Type: Сбой аудита
User:Computer Name: SVETULKA
Event Code: 5038
Message: Средство проверки целостности кода обнаружило, что хэш образа файла недопустим. Файл может быть поврежден после его несанкционированного изменения, или недопустимый хэш может указывать на потенциальную ошибку дискового устройства.Имя файла: DeviceHarddiskVolume2WindowsSystem32driverstcpip.sys
Record Number: 25051
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091113203659.445670-000
Event Type: Сбой аудита
User:Computer Name: SVETULKA
Event Code: 5038
Message: Средство проверки целостности кода обнаружило, что хэш образа файла недопустим. Файл может быть поврежден после его несанкционированного изменения, или недопустимый хэш может указывать на потенциальную ошибку дискового устройства.Имя файла: DeviceHarddiskVolume2WindowsSystem32driverstcpip.sys
Record Number: 25052
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091113203659.485670-000
Event Type: Сбой аудита
User:Computer Name: SVETULKA
Event Code: 5038
Message: Средство проверки целостности кода обнаружило, что хэш образа файла недопустим. Файл может быть поврежден после его несанкционированного изменения, или недопустимый хэш может указывать на потенциальную ошибку дискового устройства.Имя файла: DeviceHarddiskVolume2WindowsSystem32driverstcpip.sys
Record Number: 25053
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091113203659.524670-000
Event Type: Сбой аудита
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:PROGRA~1COMMON~1ULEADS~1MPEG;C:Program FilesATI TechnologiesATI.ACECore-Static
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
«PROCESSOR_ARCHITECTURE»=x86
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«USERNAME»=SYSTEM
«windir»=%SystemRoot%
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«TRACE_FORMAT_SEARCH_PATH»=\NTREL202.ntdev.corp.microsoft.com4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0TraceFormat
«DFSTRACINGON»=FALSE
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Скачайте OTM by OldTimer кликнув по этой ссылке.
Запустите OTM и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:reg
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{88888888-8888-8888-8888-888888888888}]
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E4D7AD54-5F3F-4F02-A7B8-A4849B16EE87}]
:files
C:UsersСветулькаAppDataRoamingat_EHI.dll
:Commands
[emptytemp]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог.
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{88888888-8888-8888-8888-888888888888} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{88888888-8888-8888-8888-888888888888} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E4D7AD54-5F3F-4F02-A7B8-A4849B16EE87} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E4D7AD54-5F3F-4F02-A7B8-A4849B16EE87} deleted successfully.
========== FILES ==========
LoadLibrary failed for C:UsersСветулькаAppDataRoamingat_EHI.dll
C:UsersСветулькаAppDataRoamingat_EHI.dll moved successfully.
========== COMMANDS ==========[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytesUser: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytesUser: Public
User: Света
->Temp folder emptied: 27232032 bytes
->Temporary Internet Files folder emptied: 600031064 bytes
->Java cache emptied: 25493450 bytes
->FireFox cache emptied: 50839649 bytes
->Opera cache emptied: 22988692 bytesUser: Светулька
->Temp folder emptied: 121280854 bytes
->Temporary Internet Files folder emptied: 344715367 bytes
->Java cache emptied: 25493450 bytes
->FireFox cache emptied: 58478714 bytes
->Opera cache emptied: 55381534 bytes%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%System32 .tmp files removed: 4838 bytes
Windows Temp folder emptied: 41626457 bytes
%systemroot%system32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 4380431 bytes
RecycleBin emptied: 8885155351 bytesTotal Files Cleaned = 1595,69 mb
OTM by OldTimer — Version 3.1.1.0 log created on 11162009_231014
Files moved on Reboot…
File C:Windowstempmcmsc_2cdUYnu3qhmIsgz not found!
File C:Windowstempsqlite_e6YZohbf3yCgoTm not found!
File C:Windowstempsqlite_KR5nXZQoSfBXzVC not found!
File C:Windowstempsqlite_nHK3Tqezmh98HEq not found!
File C:Windowstempsqlite_vmlGNoCSWONPmJN not found!Registry entries deleted on Reboot…
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Светулька at 2009-11-16 23:20:20
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 47 GB (39%) free of 119 GB
Total RAM: 3069 MB (59% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:24, on 16.11.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:Windowsnotepad.exe
C:Program FilesJavajre6binjusched.exe
C:WindowsRtHDVCpl.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesToshibaConfigFreeNDSTray.exe
C:Program FilesToshibaToshiba Online Product InformationTOPI.exe
C:Program FilesPicasa2PicasaMediaDetector.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesCamera Assistant Software for Toshibatraybar.exe
C:Program FilesToshibaPower SaverTPwrMain.exe
C:Program FilesToshibaSmoothViewSmoothView.exe
C:Program FilesToshibaFlashCardsTCrdMain.exe
C:WindowsSystem32wpcumi.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:WindowsWindowsMobilewmdc.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesToshibaTOSCDSPDTOSCDSPD.exe
C:UsersСветулькаAppDataRoamingMail.RuAgentmagent.exe
C:Program FilesSprite SoftwareSprite BackupSpriteService.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesEsetnod32kui.exe
C:Program FilesCamera Assistant Software for ToshibaCEC_MAIN.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesToshibaConfigFreeCFSwMgr.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Windowssystem32wuauclt.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowsexplorer.exe
C:UsersСветулькаDesktopRSIT.exe
C:Program Filestrend microСветулька.exeR1 — HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://yandex.ru/yandsearch?clid=123046&text=%s
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=123048
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://yandex.ru/yandsearch?clid=123044
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=123048
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:UsersСветулькаAppDataRoamingMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll
O1 — Hosts: ::1 localhost
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: McAfee Phishing Filter — {27B4851A-3207-45A2-B947-BE8AFE6163AB} — c:PROGRA~1mcafeemskmskapbho.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 — BHO: scriptproxy — {7DB2D5A0-7241-4E79-B68D-6309F01C5231} — c:PROGRA~1mcafeeVIRUSS~1scriptsn.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — c:program filesmail.rusputnikMailRuSputnik.dll
O2 — BHO: script helper for ie — {9B5FB65F-631E-4564-ABF2-AD71845B28E0} — C:Program FilesGet-Styles 2.0iejsloader.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll
O2 — BHO: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — c:program filesmail.rusputnikMailRuSputnik.dll
O3 — Toolbar: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRadi.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O3 — Toolbar: Get-Styles Toolbar — {5BCDC9E9-A980-4B53-B2E8-60CFF484DA61} — C:Program FilesGet-Styles 2.0ietoolbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [ITSecMng] %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
O4 — HKLM..Run: [NDSTray.exe] NDSTray.exe
O4 — HKLM..Run: [mcagent_exe] «C:Program FilesMcAfee.comAgentmcagent.exe» /runkey
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [topi] C:Program FilesTOSHIBAToshiba Online Product Informationtopi.exe -startup
O4 — HKLM..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe
O4 — HKLM..Run: [Google Desktop Search] «C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe» /startup
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe»
O4 — HKLM..Run: [Camera Assistant Software] «C:Program FilesCamera Assistant Software for Toshibatraybar.exe» /start
O4 — HKLM..Run: [TPwrMain] %ProgramFiles%TOSHIBAPower SaverTPwrMain.EXE
O4 — HKLM..Run: [HSON] %ProgramFiles%TOSHIBATBSHSON.exe
O4 — HKLM..Run: [SmoothView] %ProgramFiles%ToshibaSmoothViewSmoothView.exe
O4 — HKLM..Run: [00TCrdMain] %ProgramFiles%TOSHIBAFlashCardsTCrdMain.exe
O4 — HKLM..Run: [Toshiba Registration] C:Program FilesToshibaRegistrationToshibaRegistration.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [WPCUMI] C:Windowssystem32WpcUmi.exe
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [actx.exe] «C:Program FilesMegaFonMultiFonactx.exe» /autostart
O4 — HKLM..Run: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 — HKCU..Run: [TOSCDSPD] C:Program FilesTOSHIBATOSCDSPDTOSCDSPD.exe
O4 — HKCU..Run: [MAgent] C:UsersСветулькаAppDataRoamingMail.RuAgentMAgent.exe -CU
O4 — HKCU..Run: [SpriteService] «C:Program FilesSprite SoftwareSprite BackupSpriteService.exe»
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — .DEFAULT User Startup: TRDCReminder.lnk = C:Program FilesToshibaTRDCReminderTRDCReminder.exe (User ‘Default user’)
O4 — Startup: TRDCReminder.lnk = C:Program FilesToshibaTRDCReminderTRDCReminder.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Поиск@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://c:program filesmail.rusputnikMailRuSputnik.dll/283
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra ‘Tools’ menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:WindowsWindowsMobileINetRepl.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: eBay — {76577871-04EC-495E-A12B-91F7C3600AFA} — http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?RU (file missing)
O9 — Extra button: Amazon.co.uk — {8A918C1D-E123-4E36-B562-5C1519E434CE} — http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:UsersСветулькаAppDataRoamingMail.RuAgentmagent.exe (HKCU)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:UsersСветулькаAppDataRoamingMail.RuAgentmagent.exe (HKCU)
O13 — Gopher Prefix:
O18 — Protocol: base64 — {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} — C:Program FilesGet-Styles 2.0ietdataprotocol.dll
O18 — Protocol: chrome — {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} — C:Program FilesGet-Styles 2.0ietdataprotocol.dll
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 — Filter: x-sdch — {B1759355-3EEC-4C1E-B0F1-B719FE26E377} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O20 — AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~3GOEC62~1.DLL
O23 — Service: Agere Modem Call Progress Audio (AgereModemAudio) — Agere Systems — C:Windowssystem32agrsmsvc.exe
O23 — Service: Ati External Event Utility — ATI Technologies Inc. — C:Windowssystem32Ati2evxx.exe
O23 — Service: ConfigFree Service — TOSHIBA CORPORATION — C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: GoogleDesktopManager — Google — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: McAfee Services (mcmscsvc) — McAfee, Inc. — C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 — Service: McAfee Network Agent (McNASvc) — McAfee, Inc. — c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 — Service: McAfee Scanner (McODS) — McAfee, Inc. — C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 — Service: McAfee Proxy Service (McProxy) — McAfee, Inc. — c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 — Service: McAfee Real-time Scanner (McShield) — McAfee, Inc. — C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 — Service: McAfee Personal Firewall Service (MpfService) — McAfee, Inc. — C:Program FilesMcAfeeMPFMPFSrv.exe
O23 — Service: McAfee Anti-Spam Service (MSK80Service) — McAfee, Inc. — C:Program FilesMcAfeeMSKMskSrver.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: PnkBstrA — Unknown owner — C:Windowssystem32PnkBstrA.exe
O23 — Service: PnkBstrB — Unknown owner — C:Windowssystem32PnkBstrB.exe
O23 — Service: TOSHIBA Navi Support Service (TNaviSrv) — TOSHIBA Corporation — C:Program FilesToshibaTOSHIBA DVD PLAYERTNaviSrv.exe
O23 — Service: TOSHIBA Optical Disc Drive Service (TODDSrv) — TOSHIBA Corporation — C:Windowssystem32TODDSrv.exe
O23 — Service: TOSHIBA Power Saver (TosCoSrv) — TOSHIBA Corporation — C:Program FilesToshibaPower SaverTosCoSrv.exe
O23 — Service: TOSHIBA Bluetooth Service — TOSHIBA CORPORATION — c:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
O23 — Service: TOSHIBA SMART Log Service — TOSHIBA Corporation — C:Program FilesTOSHIBASMARTLogServiceTosIPCSrv.exe
O23 — Service: Ulead Burning Helper (UleadBurningHelper) — Ulead Systems, Inc. — C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe—
End of file — 13860 bytes======Scheduled tasks folder======
C:WindowstasksMcDefragTask.job
C:WindowstasksMcQcTask.job
C:WindowstasksUser_Feed_Synchronization-{A16FFCB4-7386-461B-A288-7584F6B4358A}.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter — c:PROGRA~1mcafeemskmskapbho.dll [2009-01-09 246800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy — c:PROGRA~1mcafeeVIRUSS~1scriptsn.dll [2009-03-25 62784][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — c:program filesmail.rusputnikMailRuSputnik.dll [2009-05-25 680624][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9B5FB65F-631E-4564-ABF2-AD71845B28E0}]
WitBHO Class — C:Program FilesGet-Styles 2.0iejsloader.dll [2009-08-05 215040][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-29 259696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll [2009-09-28 762864][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
Radio W Toolbar — C:Program FilesRadio_WtbRadi.dll [2009-05-20 2085400][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll [2009-05-21 470512][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-10-06 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll [2009-05-25 680624]
{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — Radio W Toolbar — C:Program FilesRadio_WtbRadi.dll [2009-05-20 2085400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-06-29 259696]
{5BCDC9E9-A980-4B53-B2E8-60CFF484DA61} — Get-Styles Toolbar — C:Program FilesGet-Styles 2.0ietoolbar.dll [2009-07-28 122368]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-07-24 5586208][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2008-01-21 1008184]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-10-06 149280]
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2008-01-29 4911104]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2007-12-06 1029416]
«ITSecMng»=C:Program FilesTOSHIBABluetooth Toshiba StackItSecMng.exe [2007-09-28 75136]
«NDSTray.exe»=NDSTray.exe []
«mcagent_exe»=C:Program FilesMcAfee.comAgentmcagent.exe [2009-03-25 645328]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2007-05-11 40048]
«topi»=C:Program FilesTOSHIBAToshiba Online Product Informationtopi.exe [2007-07-10 581632]
«Picasa Media Detector»=C:Program FilesPicasa2PicasaMediaDetector.exe [2006-12-06 366400]
«Google Desktop Search»=C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-04-23 1836544]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2006-11-10 90112]
«Camera Assistant Software»=C:Program FilesCamera Assistant Software for Toshibatraybar.exe [2007-10-25 413696]
«TPwrMain»=C:Program FilesTOSHIBAPower SaverTPwrMain.EXE [2008-01-17 431456]
«HSON»=C:Program FilesTOSHIBATBSHSON.exe [2007-10-31 54608]
«SmoothView»=C:Program FilesToshibaSmoothViewSmoothView.exe [2008-01-25 509816]
«00TCrdMain»=C:Program FilesTOSHIBAFlashCardsTCrdMain.exe [2008-01-22 712704]
«Toshiba Registration»=C:Program FilesToshibaRegistrationToshibaRegistration.exe [2007-05-04 571024]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-05-25 6210744]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2009-06-18 949376]
«WPCUMI»=C:Windowssystem32WpcUmi.exe [2006-11-02 176128]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2007-08-24 33648]
«actx.exe»=C:Program FilesMegaFonMultiFonactx.exe [2009-05-27 5458432]
«Windows Mobile Device Center»=C:WindowsWindowsMobilewmdc.exe [2007-05-31 648072]
«Malwarebytes Anti-Malware (reboot)»=C:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2008-01-21 1233920]
«WindowsWelcomeCenter»=oobefldr.dll,ShowWelcomeCenter []
«TOSCDSPD»=C:Program FilesTOSHIBATOSCDSPDTOSCDSPD.exe [2008-01-29 430080]
«MAgent»=C:UsersСветулькаAppDataRoamingMail.RuAgentMAgent.exe [2009-08-09 7975608]
«SpriteService»=C:Program FilesSprite SoftwareSprite BackupSpriteService.exe [2006-08-18 544768]
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2008-01-21 202240]C:UsersСветулькаAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
TRDCReminder.lnk — C:Program FilesToshibaTRDCReminderTRDCReminder.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1GoogleGOOGLE~3GOEC62~1.DLL»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
igfxdev.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmcmscsvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMCODS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMpfService]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«LogonHoursAction»=2
«DontDisplayLogonHoursWarnings»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b0f746aa-9d08-11de-8e34-001e3352d052}]
shellAutoRuncommand — D:AutoRun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b52da50f-998c-11de-9dfe-001f3c81e79a}]
shellAutoRuncommand — D:AutoRun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b52da527-998c-11de-9dfe-001f3c81e79a}]
shellAutoRuncommand — D:AutoRun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b52da55d-998c-11de-9dfe-001e3352d052}]
shellAutoRuncommand — D:AutoRun.exe======File associations======
.js — edit — C:WindowsSystem32Notepad.exe %1
.js — open — C:WindowsSystem32WScript.exe «%1» %*======List of files/folders created in the last 1 months======
2009-11-16 23:10:14 —-D—- C:_OTM
2009-11-13 23:36:35 —-D—- C:rsit
2009-11-13 23:36:35 —-D—- C:Program Filestrend micro
2009-11-13 21:25:56 —-D—- C:UsersСветулькаAppDataRoamingMalwarebytes
2009-11-13 21:25:50 —-D—- C:ProgramDataMalwarebytes
2009-11-13 21:25:49 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-11-11 14:29:39 —-A—- C:Windowssystem32WSDApi.dll
2009-11-04 18:06:17 —-A—- C:Windowssystem32mshtml.dll
2009-10-29 20:20:26 —-A—- C:Windowssystem32wups2.dll
2009-10-29 20:20:26 —-A—- C:Windowssystem32wucltux.dll
2009-10-29 20:20:26 —-A—- C:Windowssystem32wuaueng.dll
2009-10-29 20:20:26 —-A—- C:Windowssystem32wuauclt.exe
2009-10-29 20:19:40 —-A—- C:Windowssystem32wups.dll
2009-10-29 20:19:40 —-A—- C:Windowssystem32wudriver.dll
2009-10-29 20:19:40 —-A—- C:Windowssystem32wuapi.dll
2009-10-29 20:19:10 —-A—- C:Windowssystem32wuwebv.dll
2009-10-29 20:19:08 —-A—- C:Windowssystem32wuapp.exe======List of files/folders modified in the last 1 months======
2009-11-16 23:20:24 —-D—- C:WindowsPrefetch
2009-11-16 23:20:21 —-D—- C:WindowsTemp
2009-11-16 23:14:26 —-D—- C:Windows
2009-11-16 23:12:27 —-AD—- C:WindowsSystem32
2009-11-16 22:25:38 —-SHD—- C:System Volume Information
2009-11-16 21:55:17 —-D—- C:Windowsinf
2009-11-14 17:25:31 —-D—- C:Program FilesESET
2009-11-13 23:36:35 —-RD—- C:Program Files
2009-11-13 21:25:52 —-D—- C:Windowssystem32drivers
2009-11-13 21:25:50 —-HD—- C:ProgramData
2009-11-12 03:06:11 —-SHD—- C:WindowsInstaller
2009-11-12 03:06:04 —-D—- C:ProgramDataMicrosoft Help
2009-11-12 03:00:55 —-D—- C:Windowswinsxs
2009-11-12 02:26:58 —-SD—- C:ProgramDataMicrosoft
2009-11-11 14:16:10 —-D—- C:Windowssystem32catroot
2009-11-11 14:14:34 —-D—- C:Windowssystem32catroot2
2009-11-07 18:44:26 —-D—- C:Program FilesMozilla Firefox
2009-11-05 20:36:21 —-A—- C:Windowssystem32mrt.exe
2009-11-01 03:03:45 —-RSD—- C:Windowsassembly
2009-10-31 03:03:03 —-D—- C:Program FilesCommon Filesmicrosoft shared
2009-10-30 19:53:42 —-D—- C:Program FilesArtMoney
2009-10-30 03:38:25 —-D—- C:Windowsrescache
2009-10-30 03:21:15 —-D—- C:Windowssystem32ru-RU
2009-10-18 20:47:17 —-D—- C:WindowsMicrosoft.NET
2009-10-18 20:35:50 —-D—- C:Windowssystem32migration
2009-10-18 20:35:50 —-D—- C:Program FilesInternet Explorer======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 mfehidk;McAfee Inc. mfehidk; C:Windowssystem32driversmfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:WindowsSystem32DriversMpfp.sys [2008-10-23 130424]
R1 nod32drv;nod32drv; C:Windowssystem32driversnod32drv.sys [2009-06-18 15424]
R2 AMON;AMON; C:Windowssystem32driversamon.sys [2009-06-18 512096]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-07-30 38400]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:Windowssystem32DRIVERSAGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:Windowssystem32DRIVERSatikmdag.sys [2008-01-30 3483648]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Microsoft); C:Windowssystem32DRIVERSCmBatt.sys [2008-01-21 14208]
R3 FwLnk;FwLnk Driver; C:Windowssystem32DRIVERSFwLnk.sys [2006-11-20 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2008-01-30 2058528]
R3 mfeavfk;McAfee Inc. mfeavfk; C:Windowssystem32driversmfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:Windowssystem32driversmfebopk.sys [2009-03-25 35272]
R3 NETw4v32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows Vista 32 Bit; C:Windowssystem32DRIVERSNETw4v32.sys [2007-09-26 2251776]
R3 RTL8169;Realtek 8169 NT Driver; C:Windowssystem32DRIVERSRtlh86.sys [2007-12-28 104448]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2008-01-21 88576]
R3 SynTP;Synaptics TouchPad Driver; C:Windowssystem32DRIVERSSynTP.sys [2007-12-06 196400]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:Windowssystem32DRIVERStdcmdpst.sys [2006-10-18 16128]
R3 tosrfec;Bluetooth ACPI; C:Windowssystem32DRIVERStosrfec.sys [2006-10-23 9216]
R3 usbvideo;Chicony USB 2.0 Camera; C:WindowsSystem32Driversusbvideo.sys [2008-01-21 134016]
R3 UVCFTR;UVCFTR; C:WindowsSystem32DriversUVCFTR_S.SYS [2007-12-17 18432]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:Windowssystem32DRIVERSewusbmdm.sys [2008-12-13 102784]
S3 hwusbfake;Huawei DataCard USB Fake; C:Windowssystem32DRIVERSewusbfake.sys [2008-12-30 103040]
S3 igfx;igfx; C:Windowssystem32DRIVERSigdkmd32.sys []
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:Windowssystem32driversIntcHdmi.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:Windowssystem32driversmferkdk.sys [2009-03-25 34216]
S3 mfesmfk;McAfee Inc. mfesmfk; C:Windowssystem32driversmfesmfk.sys [2009-03-25 40552]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-21 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG — драйвер адаптера 32-разрядной версии Windows Vista; C:Windowssystem32DRIVERSNETw3v32.sys [2008-01-21 2225664]
S3 Tosrfcom;Tosrfcom; C:Windowssystem32driversTosrfcom.sys []
S3 usb_rndisx;Адаптер USB RNDIS; C:Windowssystem32DRIVERSusb8023x.sys [2008-01-21 15872]
S3 WpdUsb;WpdUsb; C:Windowssystem32DRIVERSwpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys [2008-01-21 11264]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:Windowssystem32agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:Windowssystem32Ati2evxx.exe [2008-01-30 643072]
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 ConfigFree Service;ConfigFree Service; C:Program FilesTOSHIBAConfigFreeCFSvcs.exe [2007-12-25 40960]
R2 mcmscsvc;McAfee Services; C:PROGRA~1McAfeeMSCmcmscsvc.exe [2009-03-25 797864]
R2 McNASvc;McAfee Network Agent; c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:PROGRA~1McAfeeVIRUSS~1mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:Program FilesMcAfeeMPFMPFSrv.exe [2009-03-19 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:Program FilesMcAfeeMSKMskSrver.exe [2009-01-09 26640]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2009-06-18 552064]
R2 PnkBstrA;PnkBstrA; C:Windowssystem32PnkBstrA.exe [2009-06-16 66872]
R2 PnkBstrB;PnkBstrB; C:Windowssystem32PnkBstrB.exe [2009-06-16 103736]
R2 RapiMgr;@%windir%WindowsMobilerapimgr.dll,-104; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:Program FilesToshibaTOSHIBA DVD PLAYERTNaviSrv.exe [2008-01-21 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:Windowssystem32TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:Program FilesToshibaPower SaverTosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe [2007-09-28 128360]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:Program FilesTOSHIBASMARTLogServiceTosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe [2006-08-23 49152]
R2 WcesComm;@%windir%WindowsMobilewcescomm.dll,-40079; C:Windowssystem32svchost.exe [2008-01-21 21504]
S3 GoogleDesktopManager;GoogleDesktopManager; C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-04-23 1836544]
S3 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-05-21 182768]
S3 McODS;McAfee Scanner; C:PROGRA~1McAfeeVIRUSS~1mcods.exe [2009-04-01 365072]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S4 McSysmon;McAfee SystemGuards; C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe [2009-03-23 606736]
EOF
В каком браузере наблюдается информер ?
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.ComboFix 09-11-28.01 — Светулька 29.11.2009 0:48:27.1.2 — x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.7.1049.18.3069.1673 [GMT 3:00]
Running from: C:UsersСветулькаDesktopComboFix.exe
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:Program FilesMail.RuAgentMradllnewmrasearch.dll
C:ProgramDataMicrosoftNetworkDownloaderqmgr0.dat
C:ProgramDataMicrosoftNetworkDownloaderqmgr1.dat
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-28 )))))))))))))))))))))))))))))))
.2009-11-28 22:06:12 . 2009-11-28 22:06:12 0 d
w- C:UsersDefaultAppDataLocaltemp
2009-11-27 00:01:23 . 2009-10-29 09:41:23 2048 —-a-w- C:Windowssystem32tzres.dll
2009-11-25 20:35:47 . 2009-08-10 11:01:00 1399296 —-a-w- C:Windowssystem32msxml6.dll
2009-11-25 20:35:46 . 2009-08-10 11:00:37 1257472 —-a-w- C:Windowssystem32msxml3.dll
2009-11-16 20:10:14 . 2009-11-16 20:10:14 0 d
w- C:_OTM
2009-11-16 14:13:30 . 2009-11-16 14:14:59 0 d
w- C:UsersСветаAppDataRoamingBSplayer
2009-11-14 19:47:03 . 2009-11-14 19:47:03 0 d
w- C:UsersСветаAppDataRoamingMalwarebytes
2009-11-13 20:36:35 . 2009-11-16 20:20:22 4096 d
w- C:Program Filestrend micro
2009-11-13 20:36:35 . 2009-11-13 20:37:01 0 d
w- C:rsit
2009-11-13 18:25:56 . 2009-11-13 18:25:56 0 d
w- C:UsersСветулькаAppDataRoamingMalwarebytes
2009-11-13 18:25:52 . 2009-09-10 11:54:06 38224 —-a-w- C:Windowssystem32driversmbamswissarmy.sys
2009-11-13 18:25:50 . 2009-11-13 18:25:50 0 d
w- C:ProgramDataMalwarebytes
2009-11-13 18:25:50 . 2009-09-10 11:53:50 19160 —-a-w- C:Windowssystem32driversmbam.sys
2009-11-13 18:25:49 . 2009-11-13 18:25:55 4096 d
w- C:Program FilesMalwarebytes’ Anti-Malware
2009-11-11 11:39:44 . 2009-08-14 13:53:16 2035712 —-a-w- C:Windowssystem32win32k.sys
2009-11-11 11:29:39 . 2009-08-10 13:05:35 351232 —-a-w- C:Windowssystem32WSDApi.dll
2009-10-31 00:03:53 . 2009-10-31 00:03:53 0 d
w- C:UsersDefaultAppDataLocalMicrosoft Help.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 22:06:53 . 2009-05-18 17:23:48 1835008 —sha-w- C:UsersСветулькаNTUSER.DAT
2009-11-28 22:06:11 . 2009-06-27 11:24:09 1835008 —sha-w- C:UsersСветаNTUSER.DAT
2009-11-27 00:23:57 . 2009-11-16 20:20:28 4838 —-a-w- C:Windowssystem32PerfStringBackup.TMP
2009-11-27 00:17:47 . 2009-10-01 17:56:54 12 —-a-w- C:Windowsbthservsdp.dat
2009-11-16 14:14:59 . 2009-11-16 14:13:30 0 d
w- C:UsersСветаAppDataRoamingBSplayer
2009-11-14 19:47:03 . 2009-11-14 19:47:03 0 d
w- C:UsersСветаAppDataRoamingMalwarebytes
2009-11-14 14:25:31 . 2009-06-18 11:08:16 8192 d
w- C:Program FilesESET
2009-11-13 18:25:56 . 2009-11-13 18:25:56 0 d
w- C:UsersСветулькаAppDataRoamingMalwarebytes
2009-11-12 00:06:04 . 2008-05-09 06:36:23 8192 d
w- C:ProgramDataMicrosoft Help
2009-11-07 08:46:07 . 2009-07-04 11:38:05 0 d
w- C:UsersСветаAppDataRoamingToshiba
2009-10-30 16:53:42 . 2009-07-05 17:42:46 4096 d
w- C:Program FilesArtMoney
2009-10-27 05:05:55 . 2009-06-27 11:24:09 4096 d-s—w- C:UsersСветаAppDataRoamingMicrosoft
2009-10-11 13:46:00 . 2009-10-11 13:45:16 0 d
w- C:UsersСветулькаAppDataRoamingYandex
2009-10-11 13:45:17 . 2009-10-11 13:45:17 0 d
w- C:Program FilesYandex
2009-10-06 20:25:11 . 2009-10-06 20:25:46 411368 —-a-w- C:Windowssystem32deploytk.dll
2009-10-06 20:25:02 . 2008-04-23 10:07:09 4096 d
w- C:Program FilesJava
2009-10-01 18:07:00 . 2009-05-18 17:23:48 4096 d-s—w- C:UsersСветулькаAppDataRoamingMicrosoft
2009-10-01 18:06:45 . 2009-10-01 18:06:45 0 —ha-w- C:Windowssystem32driversMsft_User_WpdRapi2_01_00_00.Wdf
2009-09-14 09:44:57 . 2009-10-16 03:30:23 144896 —-a-w- C:Windowssystem32driverssrv2.sys
2009-09-10 17:30:12 . 2009-10-16 03:28:08 213504 —-a-w- C:Windowssystem32msv1_0.dll
2009-09-04 12:24:34 . 2009-10-16 03:26:55 61440 —-a-w- C:Windowssystem32msasn1.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «C:Program FilesRadio_WtbRadi.dll» [2009-05-20 14:05:00 2085400][HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{9B5FB65F-631E-4564-ABF2-AD71845B28E0}]
2009-08-05 16:07:48 215040 —-a-w- C:Program FilesGet-Styles 2.0iejsloader.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
2009-05-20 14:05:00 2085400 —-a-w- C:Program FilesRadio_WtbRadi.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «C:Program FilesRadio_WtbRadi.dll» [2009-05-20 14:05:00 2085400]
«{5BCDC9E9-A980-4B53-B2E8-60CFF484DA61}»= «C:Program FilesGet-Styles 2.0ietoolbar.dll» [2009-07-28 08:30:26 122368]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «C:Program FilesYandexYandexBarIEyndbar.dll» [2009-07-24 10:47:20 5586208][HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
[HKEY_CLASSES_ROOTclsid{5bcdc9e9-a980-4b53-b2e8-60cff484da61}]
[HKEY_CLASSES_ROOTScriptedStar.Bar.2]
[HKEY_CLASSES_ROOTTypeLib{B124F09B-1B6C-431D-BE2D-DBA6864A8897}]
[HKEY_CLASSES_ROOTScriptedStar.Bar][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{B4EFB02B-CD4A-44B9-B5D9-AA486CDFFAB6}»= «C:Program FilesRadio_WtbRadi.dll» [2009-05-20 14:05:00 2085400]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «C:Program FilesYandexYandexBarIEyndbar.dll» [2009-07-24 10:47:20 5586208][HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»C:Program FilesWindows Sidebarsidebar.exe» [2008-01-21 02:23:29 1233920]
«TOSCDSPD»=»C:Program FilesTOSHIBATOSCDSPDTOSCDSPD.exe» [2008-01-29 12:00:40 430080]
«SpriteService»=»C:Program FilesSprite SoftwareSprite BackupSpriteService.exe» [2006-08-18 11:19:08 544768]
«WMPNSCFG»=»C:Program FilesWindows Media PlayerWMPNSCFG.exe» [2008-01-21 02:25:33 202240]
«WindowsWelcomeCenter»=»oobefldr.dll» — C:WindowsSystem32oobefldr.dll [2008-01-21 02:23:39 2153472][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=»C:Program FilesWindows DefenderMSASCui.exe» [2008-01-21 02:23:32 1008184]
«SunJavaUpdateSched»=»C:Program FilesJavajre6binjusched.exe» [2009-10-06 20:25:12 149280]
«SynTPEnh»=»C:Program FilesSynapticsSynTPSynTPEnh.exe» [2007-12-06 17:12:44 1029416]
«ITSecMng»=»C:Program FilesTOSHIBABluetooth Toshiba StackItSecMng.exe» [2007-09-28 12:03:46 75136]
«mcagent_exe»=»C:Program FilesMcAfee.comAgentmcagent.exe» [2009-03-25 13:25:20 645328]
«Adobe Reader Speed Launcher»=»C:Program FilesAdobeReader 8.0ReaderReader_sl.exe» [2007-05-11 09:06:32 40048]
«topi»=»C:Program FilesTOSHIBAToshiba Online Product Informationtopi.exe» [2007-07-10 05:24:10 581632]
«Picasa Media Detector»=»C:Program FilesPicasa2PicasaMediaDetector.exe» [2006-12-06 01:44:45 366400]
«Google Desktop Search»=»C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2008-04-23 10:55:42 1836544]
«StartCCC»=»C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2006-11-10 08:35:24 90112]
«Camera Assistant Software»=»C:Program FilesCamera Assistant Software for Toshibatraybar.exe» [2007-10-25 13:41:18 413696]
«TPwrMain»=»C:Program FilesTOSHIBAPower SaverTPwrMain.EXE» [2008-01-17 12:27:52 431456]
«HSON»=»C:Program FilesTOSHIBATBSHSON.exe» [2007-10-31 19:01:12 54608]
«SmoothView»=»C:Program FilesToshibaSmoothViewSmoothView.exe» [2008-01-25 07:22:14 509816]
«00TCrdMain»=»C:Program FilesTOSHIBAFlashCardsTCrdMain.exe» [2008-01-22 10:25:26 712704]
«Toshiba Registration»=»C:Program FilesToshibaRegistrationToshibaRegistration.exe» [2007-05-04 10:05:08 571024]
«MAgent»=»C:Program FilesMail.RuAgentMAgent.exe» [2009-05-25 18:19:19 6210744]
«nod32kui»=»C:Program FilesEsetnod32kui.exe» [2009-06-18 11:08:19 949376]
«WPCUMI»=»C:Windowssystem32WpcUmi.exe» [2006-11-02 12:35:35 176128]
«GrooveMonitor»=»C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe» [2007-08-24 04:00:48 33648]
«actx.exe»=»C:Program FilesMegaFonMultiFonactx.exe» [2009-05-27 13:16:06 5458432]
«Windows Mobile Device Center»=»C:WindowsWindowsMobilewmdc.exe» [2007-05-31 05:21:28 648072]
«Malwarebytes Anti-Malware (reboot)»=»C:Program FilesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 11:53:56 1312080]
«RtHDVCpl»=»RtHDVCpl.exe» — C:WindowsRtHDVCpl.exe [2008-01-29 17:51:52 4911104]
«NDSTray.exe»=»NDSTray.exe» [BU]C:Users‘ўҐвг«мЄ AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
TRDCReminder.lnk — C:Program FilesToshibaTRDCReminderTRDCReminder.exe [2008-3-5 393216]C:Users‘ўҐв AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
‚л१Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE [2007-12-7 101440][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableUIADesktopToggle»= 0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=C:PROGRA~1GoogleGOOGLE~3GoogleDesktopNetwork3.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«aux1″=wdmaud.drv[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]
@=»»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
@=»»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@=»Service»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware]
«DisableMonitoring»=dword:00000001R1 nod32drv;nod32drv;C:WindowsSystem32driversnod32drv.sys [18.06.2009 14:09:17 15424]
R2 ConfigFree Service;ConfigFree Service;C:Program FilesToshibaConfigFreeCFSvcs.exe [25.12.2007 12:07:14 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:Program FilesToshibaSMARTLogServiceTosIPCSrv.exe [03.12.2007 16:03:52 126976]
R3 FwLnk;FwLnk Driver;C:WindowsSystem32driversFwLnk.sys [23.04.2008 13:37:10 7168]
S3 hwusbfake;Huawei DataCard USB Fake;C:WindowsSystem32driversewusbfake.sys [04.09.2009 23:02:14 103040][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the ‘Scheduled Tasks’ folder2009-07-14 C:WindowsTasksMcDefragTask.job
— c:PROGRA~1mcafeemqcQcConsol.exe [2009-05-24 13:49:09 . 2009-01-09 06:53:12]2009-09-30 C:WindowsTasksMcQcTask.job
— c:PROGRA~1mcafeemqcQcConsol.exe [2009-05-24 13:49:09 . 2009-01-09 06:53:12]2009-11-28 C:WindowsTasksUser_Feed_Synchronization-{A16FFCB4-7386-461B-A288-7584F6B4358A}.job
— C:Windowssystem32msfeedssync.exe [2009-10-16 03:27:27 . 2009-08-27 03:41:45]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=123048
IE: &Экспорт в Microsoft Excel — C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
IE: Поиск@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesmail.rusputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} — http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?RU
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} — http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
Handler: base64 — {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} — C:Program FilesGet-Styles 2.0ietdataprotocol.dll
Handler: chrome — {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} — C:Program FilesGet-Styles 2.0ietdataprotocol.dll
FF — ProfilePath — C:UsersСветулькаAppDataRoamingMozillaFirefoxProfilesaw4m0u30.default
FF — prefs.js: browser.startup.homepage — hxxp://yandex.ru/?clid=123049
FF — prefs.js: keyword.URL — hxxp://yandex.ru/yandsearch?clid=123045&text=
FF — component: C:UsersСветулькаAppDataRoamingMozillaFirefoxProfilesaw4m0u30.defaultextensions{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}componentsFFExternalAlert.dll
FF — plugin: C:Program FilesVistaCodecPackrmbrowserpluginsnppl3260.dll
FF — plugin: C:Program FilesVistaCodecPackrmbrowserpluginsnprpjplug.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension—- FIREFOX POLICIES —-
C:Program FilesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl3.rsa_seed_sha», true);
.
— — — — ORPHANS REMOVED — — — —AddRemove-Activation Assistant for the 2007 Microsoft Office suites — C:ProgramData{174892B1-CBE7-44F5-86FF-AB555EFD73A3}Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-TCPMP — C:WindowsWindowsMobileTCPMPUninstall.exe TCPMPCombofix лог был вставлен не полностью, перезапустите программу и получившийся лог вставьте в ваше следующее сообщение.
- Для ответа в этой теме необходимо авторизоваться.
