- This topic has 5 ответов, 2 участника, and was last updated 15 years, 5 months назад by
.
-
Сообщения
-
Касперский его определяет как HEUR Trojan.Script.Generic предлагает закинуть его в карантин и все — ни удаляет и ни лечит. Подскажите как эту заразу вывести 🙄
Logfile of random’s system information tool 1.06 (written by random/random)
Run by acer at 2010-03-25 13:03:03
Microsoft Windows 7 Ultimate
System drive C: has 19 GB (19%) free of 100 GB
Total RAM: 1978 MB (39% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:25, on 25.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskhost.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:Program FilesSearch SettingsSearchSettings.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
c:program filescommon filesinstallshieldupdateserviceisuspm.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesMozilla Sunbirdsunbird.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceagent.exe
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesPunto Switcherpunto.exe
C:Program FilesClassic ShellClassicStartMenu.exe
C:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesThe Bat!thebat.exe
C:Program FilesQuickTimeQuickTimePlayer.exe
C:Windowssystem32taskhost.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe
C:Program FilesMaxthonMaxthon.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtblfs.exe
C:Program FilesICQ6.5ICQ.exe
C:Program FilesPhotoFiltre Studio Xpfstudiox.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersacerDownloadsRSIT.exe
C:Program Filestrend microacer.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.infobank.by/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: SearchSettings Class — {E312764E-7706-43F1-8DAB-FCDD2B1E416D} — C:Program FilesSearch SettingsSearchSettings.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: ExplorerBHO Class — {449D0D6E-2412-4E61-B68F-1CB625CD9E52} — C:Program FilesClassic ShellClassicExplorer.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2010ievkbd.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: Google Gears Helper — {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} — C:Program FilesGoogleGoogle GearsInternet Explorer.5.33.0gears.dll (file missing)
O2 — BHO: SearchSettings Class — {E312764E-7706-43F1-8DAB-FCDD2B1E416D} — C:Program FilesSearch SettingsSearchSettings.dll
O2 — BHO: link filter bho — {E33CF602-D945-461A-83F0-819F76A199F8} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O3 — Toolbar: Классическая панель — {553891B7-A0D5-4526-BE18-D3CE461D6310} — C:Program FilesClassic ShellClassicExplorer.dll
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe»
O4 — HKLM..Run: [OrderReminder] C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
O4 — HKLM..Run: [ISUSScheduler] «C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 — HKLM..Run: [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [SearchSettings] C:Program FilesSearch SettingsSearchSettings.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKCU..Run: [thebat_startup] C:Program FilesThe Bat!thebat.exe
O4 — HKCU..Run: [ISUSPM Startup] «c:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe» -startup
O4 — HKCU..Run: [YandexDesktopSearch] «C:Program FilesYandexDesktopyandesk.exe»
O4 — HKCU..Run: [Google Update] «C:UsersacerAppDataLocalGoogleUpdateGoogleUpdate.exe» /c
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User ‘система’)
O4 — HKUS.DEFAULT..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User ‘Default user’)
O4 — Startup: OpenOffice.org 3.2.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 — Startup: Punto Switcher.lnk = C:Program FilesPunto Switcherpunto.exe
O4 — Startup: Классическое меню.lnk = C:Program FilesClassic ShellClassicStartMenu.exe
O4 — Global Startup: Mozilla Sunbird (2).lnk = C:Program FilesMozilla Sunbirdsunbird.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MIF5BA~1OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Add to WebSite-Watcher — C:UsersacerAppDataRoamingaignesWebSite-Watcherconfigsettingswswie.htm
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MIF5BA~1Office12EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2010ie_banner_deny.htm
O9 — Extra button: (no name) — {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} — C:Program FilesGoogleGoogle GearsInternet Explorer.5.33.0gears.dll (file missing)
O9 — Extra ‘Tools’ menuitem: &Настройки Gears — {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} — C:Program FilesGoogleGoogle GearsInternet Explorer.5.33.0gears.dll (file missing)
O9 — Extra button: &Виртуальная клавиатура — {4248FE82-7FCB-46AC-B270-339F08212110} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O9 — Extra button: (no name) — {64964764-1101-4bbd-8891-B56B1A53B9B3} — C:Program FilesClassic ShellClassicExplorer.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MIF5BA~1OFFICE11REFIEBAR.DLL
O9 — Extra button: Проверка ссы&лок — {CCF151D8-D089-449F-A5A4-D9909053F20F} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O13 — Gopher Prefix:
O16 — DPF: {1774D1BA-41E2-4158-9498-07971BF4A381} (sign Class) — https://www.sbsibank.by/sign.cab
O17 — HKLMSystemCCSServicesTcpip..{BB022323-AFD3-4004-9457-531BB9AFF24C}: NameServer = 82.209.240.241,82.209.243.241
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O23 — Service: Application Updater — Spigot, Inc. — C:Program FilesApplication UpdaterApplicationUpdater.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe
O23 — Service: Firebird Guardian — DefaultInstance (FirebirdGuardianDefaultInstance) — Firebird Project — C:Program FilesFirebirdFirebird_2_1binfbguard.exe
O23 — Service: Firebird Server — DefaultInstance (FirebirdServerDefaultInstance) — Firebird Project — C:Program FilesFirebirdFirebird_2_1binfbserver.exe
O23 — Service: Google Update Service (gupdate) (gupdate) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe—
End of file — 9211 bytes======Scheduled tasks folder======
C:WindowstasksGoogleUpdateTaskMachineCore.job
C:WindowstasksGoogleUpdateTaskMachineUA.job
C:WindowstasksGoogleUpdateTaskUserS-1-5-21-4156278907-1805287538-812559914-1000Core.job
C:WindowstasksGoogleUpdateTaskUserS-1-5-21-4156278907-1805287538-812559914-1000UA.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-12-21 75200][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class — C:Program FilesClassic ShellClassicExplorer.dll [2010-01-27 203776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2010ievkbd.dll [2009-10-20 68112][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-03-02 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper — C:Program FilesGoogleGoogle GearsInternet Explorer.5.33.0gears.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class — C:Program FilesSearch SettingsSearchSettings.dll [2009-12-16 1109504][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll [2009-10-20 268816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} — Классическая панель — C:Program FilesClassic ShellClassicExplorer.dll [2010-01-27 203776][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2008-05-02 15872]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe [2009-10-20 340456]
«OrderReminder»=C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe [2006-01-30 98304]
«ISUSScheduler»=C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-08-11 81920]
«Apoint»=C:Program FilesApoint2KApoint.exe [2009-06-12 221184]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2009-06-18 1537320]
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-01-23 223232]
«SearchSettings»=C:Program FilesSearch SettingsSearchSettings.exe [2009-12-16 975360]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-12-22 35760]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-01-11 246504][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«thebat_startup»=C:Program FilesThe Bat!thebat.exe [2008-08-14 6647144]
«ISUSPM Startup»=c:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe [2005-08-11 249856]
«YandexDesktopSearch»=C:Program FilesYandexDesktopyandesk.exe []
«Google Update»=C:UsersacerAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-01-24 135664]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2009-07-14 1173504][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2009-10-25 3520256]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Mozilla Sunbird (2).lnk — C:Program FilesMozilla Sunbirdsunbird.exeC:UsersacerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
OpenOffice.org 3.2.lnk — C:Program FilesOpenOffice.org 3programquickstart.exe
Punto Switcher.lnk — C:Program FilesPunto Switcherpunto.exe
Классическое меню.lnk — C:Program FilesClassic ShellClassicStartMenu.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:Windowssystem32klogon.dll [2009-10-20 219664][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WebCheck — {E6FB5E20-DE35-11CF-9C87-00AA005127ED}[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=credssp.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalAppInfo]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalAppMgmt]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBase]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBoot Bus Extender]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBoot file system]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalCryptSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalDcomLaunch]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalEFS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalEventLog]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalFile system]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalFilter]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHelpSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalKeyIso]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalNetlogon]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalNTDS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPCI Configuration]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPlugPlay]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPNP Filter]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPower]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPrimary disk]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalProfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalRpcEptMapper]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalRpcSs]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsacsvr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSCSI Class]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsermouse.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSWPRV]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSystem Bus Extender]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTabletInputService]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTBS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTrustedInstaller]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalVDS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvga.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvgasave.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvmms]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvolmgr.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvolmgrx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinMgmt]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWudfPf]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWudfRd]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWudfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkAFD]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkAppInfo]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkAppMgmt]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkBase]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkBFE]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkBoot Bus Extender]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkBoot file system]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkbowser]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkBrowser]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkCryptSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDcomLaunch]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdfsc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDhcp]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDnsCache]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDot3Svc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkEaphost]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkEFS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkEventLog]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkFile system]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkFilter]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkHelpSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkIKEEXT]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkipnat.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkKeyIso]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkLanmanServer]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkLanmanWorkstation]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkLmHosts]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMessenger]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMPSDrv]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMPSSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmrxsmb]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmrxsmb10]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmrxsmb20]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNativeWifiP]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNDIS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNDIS Wrapper]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkndiscap]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNdisuio]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetBIOS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetBIOSGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetBT]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetDDEGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetlogon]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetMan]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknetprofm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetwork]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetworkProvider]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNlaSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNsi]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknsiproxy.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNTDS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPCI Configuration]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPlugPlay]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPNP Filter]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPNP_TDI]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPolicyAgent]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPower]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPrimary disk]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkProfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkrdbss]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkrdpencdd.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkrdsessmgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkRpcEptMapper]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkRpcSs]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksacsvr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSCardSvr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSCSI Class]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksermouse.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSharedAccess]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkStreams Drivers]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSWPRV]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSystem Bus Extender]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTabletInputService]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTBS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTcpip]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTDI]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTrustedInstaller]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkVaultSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkVDS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvga.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvgasave.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvmms]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvolmgr.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvolmgrx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinDefend]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinMgmt]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWlansvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfPf]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfRd]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfUsbccidDriver]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«ConsentPromptBehaviorAdmin»=0
«ConsentPromptBehaviorUser»=3
«EnableLUA»=0
«EnableUIADesktopToggle»=0
«PromptOnSecureDesktop»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======File associations======
.ini — open — «C:Program FilesNotepad++notepad++.exe» «%1»
.js — edit — C:WindowsSystem32Notepad.exe %1
.js — open — C:WindowsSystem32WScript.exe «%1» %*
.txt — open — «C:Program FilesNotepad++notepad++.exe» «%1»======List of files/folders created in the last 1 months======
2010-03-24 12:11:47 —-D—- C:Program Filestrend micro
2010-03-24 12:11:45 —-D—- C:rsit
2010-03-18 11:08:43 —-D—- C:Цыбулько
2010-03-14 08:53:04 —-D—- C:UsersacerAppDataRoaminggtk-2.0
2010-03-14 08:41:54 —-D—- C:Program FilesDia
2010-03-02 07:27:36 —-D—- C:UsersacerAppDataRoamingOpenOffice.org
2010-03-02 07:24:52 —-D—- C:Program FilesJRE
2010-03-02 07:24:44 —-D—- C:Program FilesOpenOffice.org 3
2010-03-02 07:24:16 —-D—- C:ProgramDataSun
2010-03-02 07:24:15 —-D—- C:Program FilesCommon FilesJava
2010-03-02 07:24:03 —-A—- C:Windowssystem32javaws.exe
2010-03-02 07:24:03 —-A—- C:Windowssystem32javaw.exe
2010-03-02 07:24:03 —-A—- C:Windowssystem32java.exe
2010-03-02 07:24:03 —-A—- C:Windowssystem32deploytk.dll
2010-03-02 07:23:47 —-D—- C:Program FilesJava
2010-03-02 07:22:42 —-D—- C:OpenOffice.org 3.2 (ru) Installation Files======List of files/folders modified in the last 1 months======
2010-03-25 13:03:10 —-D—- C:WindowsTemp
2010-03-25 12:35:05 —-D—- C:Экспертное мнение
2010-03-25 12:23:48 —-D—- C:WindowsSystem32
2010-03-25 12:23:48 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-03-25 12:23:47 —-D—- C:Windowsinf
2010-03-25 11:26:45 —-D—- C:WindowsPrefetch
2010-03-24 20:03:34 —-RD—- C:fotoWork
2010-03-24 12:11:47 —-RD—- C:Program Files
2010-03-23 21:43:25 —-D—- C:UsersacerAppDataRoaminguTorrent
2010-03-23 11:14:34 —-D—- C:Program FilesMozilla Firefox
2010-03-23 09:32:05 —-RD—- C:Инфобанк
2010-03-22 20:09:48 —-D—- C:Аудиокниги
2010-03-22 09:17:02 —-D—- C:Program FilesMaxthon
2010-03-22 00:51:01 —-D—- C:Windowssystem32config
2010-03-21 19:00:41 —-SHD—- C:System Volume Information
2010-03-20 09:17:14 —-D—- C:UsersacerAppDataRoamingeSMI
2010-03-20 00:27:41 —-D—- C:install
2010-03-19 10:17:53 —-D—- C:Program FilesDebitInfo
2010-03-19 10:17:41 —-D—- C:Windows
2010-03-18 17:41:18 —-D—- C:ProgramDataKaspersky Lab
2010-03-18 02:51:51 —-SHD—- C:WindowsInstaller
2010-03-17 14:27:35 —-D—- C:UsersacerAppDataRoamingSkype
2010-03-17 09:53:30 —-D—- C:UsersacerAppDataRoamingskypePM
2010-03-14 08:19:39 —-D—- C:Windowssystem32wdi
2010-03-13 11:21:38 —-D—- C:WindowsMinidump
2010-03-09 22:20:36 —-D—- C:UsersacerAppDataRoamingICQ
2010-03-09 14:39:05 —-D—- C:WindowsModemLogs
2010-03-07 18:00:59 —-D—- C:Windowswinsxs
2010-03-07 15:42:44 —-D—- C:w202
2010-03-06 04:55:12 —-D—- C:Program FilesGoogle
2010-03-04 08:46:50 —-A—- C:UsersacerAppDataRoamingex_log.txt
2010-03-02 07:25:40 —-RSD—- C:Windowsassembly
2010-03-02 07:24:59 —-RSD—- C:WindowsFonts
2010-03-02 07:24:16 —-HD—- C:ProgramData
2010-03-02 07:24:15 —-D—- C:Program FilesCommon FilesЗдравствуйте, добро пожаловать на Spyware-ru форум.
Проверим ваш компьютер с помощью программы которая ищет руткиты.
Скачайте программу GMER кликнув по этой ссылке.
Распакуйте программу на ваш рабочий стол.
Отключите Интернет и все антивирусы.
Запустите программу.
В правой части программы, в небольшом окошке будут перечислены все ваши диски, пожалуйста выделите их галочками.
Кликните по кнопке Scan.
Когда сканирование закончится, кликните по кнопке Copy.
Запустите Блокнот (Пуск -> Выполнить, введите notepad и нажмите Enter).
Вставьте результаты сканирования в блокнот (CTRL + V). Сохраните получившийся файл на ваш рабочий стол.Скачайте сканер RSIT кликнув по этой ссылке и сохраните файл на вашем рабочем столе.
* Дважды кликните по скачанному файлу.
* Если у вас есть файрвал (firewall) и он покажет, что программа RSIT пытается выйти в Интернет, то разрешите ей.
* Кликните по кнопке Continue.
* Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).Вставьте GMER лог и оба RSIT лога (их содержимое) в ваш ответ. Каждый лог в отдельное сообщение.
вот то что показала программа gmer
GMER 1.0.15.15281 — http://www.gmer.net
Rootkit scan 2010-03-29 18:49:24
Windows 6.1.7600
Running: gmer.exe; Driver: C:UsersacerAppDataLocalTempkggdrpob.sys—- System — GMER 1.0.15 —-
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8D444BD0]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8D44652C]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8D446782]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8D4469FC]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8D445450]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8D445B32]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8D445F3C]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8D4455F8]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8D445E14]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8D4447D6]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8D445CD0]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8D444992]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8D44606E]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8D447CB0]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8D4450EE]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8D4451EE]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8D445D72]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8D4476A2]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8D448672]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8D445752]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8D447734]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8D447D64]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8D445FDE]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8D4454D2]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8D445EAC]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8D444DD6]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8D447CDA]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8D446110]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8D444CFA]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8D446C3E]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8D44807C]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8D4479CA]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8D44649A]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8D446360]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8D447442]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8D448554]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8D44586C]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8D44530C]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8D446CF2]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8D44782E]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8D4481BC]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8D4482A0]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8D4483C8]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8D4475CE]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8D444F4E]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8D444EA4]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8D447F32]
SSDT SystemRootsystem32DRIVERSklif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8D44502E]INT 0x1F SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A30AF8
INT 0x37 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A30104
INT 0xC1 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A303F4
INT 0xD1 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A18634
INT 0xD2 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A18898
INT 0xDF SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A301DC
INT 0xE1 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A30958
INT 0xE3 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A306F8
INT 0xFD SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A30F2C
INT 0xFE SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A311A8—- Kernel code sections — GMER 1.0.15 —-
.text ntkrnlpa.exe!ZwSaveKeyEx + 13DD 82A90609 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB5052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, …] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 230 82ABC810 4 Bytes [D0, 4B, 44, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 258 82ABC838 8 Bytes [2C, 65, 44, 8D, 82, 67, 44, …]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82ABC87C 4 Bytes [FC, 69, 44, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 2C8 82ABC8A8 4 Bytes [50, 54, 44, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 2EC 82ABC8CC 4 Bytes [32, 5B, 44, 8D]
.text …
.text peauth.sys 96813C9D 28 Bytes [C4, 2F, 08, 0E, 17, 2C, B6, …]
.text peauth.sys 96813CC1 28 Bytes [C4, 2F, 08, 0E, 17, 2C, B6, …]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9699A000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, …]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9699A123 629 Bytes [55, 99, 96, FE, 05, 34, 55, …]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9699A399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, …]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9699A3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, …]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 9699A4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, …]
PAGE …—- User code sections — GMER 1.0.15 —-
.text C:WindowsExplorer.EXE[2492] SHELL32.dll!SHFileOperationW 750596B8 5 Bytes JMP 10001102 C:Program FilesUnlockerUnlockerHook.dll
—- User IAT/EAT — GMER 1.0.15 —-
IAT C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe[668] @ C:Windowssystem32USER32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe[668] @ C:Windowssystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe[668] @ C:Windowssystem32ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe[668] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe[744] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe[744] @ C:Windowssystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe[744] @ C:Windowssystem32USER32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe[744] @ C:Windowssystem32ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe[744] @ C:Windowssystem32WININET.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe[744] @ C:Windowssystem32CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[2492] @ C:WindowsExplorer.EXE [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[2492] @ C:Windowssystem32ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[2492] @ C:Windowssystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[2492] @ C:Windowssystem32USER32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[2492] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[2492] @ C:Windowssystem32ole32.dll [msvcrt.dll!free] [6C7411EB] C:WindowsAppPatchAcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[2492] @ C:Windowssystem32Secur32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[2492] @ C:Windowssystem32CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[2492] @ C:Windowssystem32WININET.dll [KERNEL32.dll!GetProcAddress] [74C55D3D] C:Windowssystem32apphelp.dll (Клиентская библиотека совместимости приложений/Microsoft Corporation)—- Devices — GMER 1.0.15 —-
AttachedDevice Driverkbdclass DeviceKeyboardClass0 Wdf01000.sys (Среда выполнения платформы драйвера режима ядра/Microsoft Corporation)
AttachedDevice Driverkbdclass DeviceKeyboardClass1 Wdf01000.sys (Среда выполнения платформы драйвера режима ядра/Microsoft Corporation)
AttachedDevice Drivertdx DeviceTcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice Drivervolmgr DeviceHarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)Device DriverACPI_HAL Device000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice Drivertdx DeviceUdp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice Drivertdx DeviceRawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)—- Threads — GMER 1.0.15 —-
Thread System [4:3124] 969A7F2E
—- Registry — GMER 1.0.15 —-
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@»4C4=4=0454;4L4=4K494 0000440404?4B0454@4 Microsoft Teredo 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@200440404?4B0454@4 Microsoft 006to004 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@200440404?4B0454@4 0010454A4?4@4>0424>0444=4>494 A0454B484 Atheros AR005B9003 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@200440404?4B0454@4 Microsoft ISATAP 1?2?3?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@»4C4=4=0454;4L4=4K494 0000440404?4B0454@4 Microsoft Teredo 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@200440404?4B0454@4 Microsoft 006to004 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@200440404?4B0454@4 0010454A4?4@4>0424>0444=4>494 A0454B484 Atheros AR005B9003 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@200440404?4B0454@4 Microsoft ISATAP 1?2?3?—- EOF — GMER 1.0.15 —-
а вот эта прога до середины нормально а потом выдает ошибку и один файл лога
Logfile of random’s system information tool 1.06 (written by random/random)
Run by acer at 2010-03-29 18:52:28
Microsoft Windows 7 Ultimate
System drive C: has 15 GB (15%) free of 100 GB
Total RAM: 1978 MB (63% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:30, on 29.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: NormalRunning processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskhost.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:Program FilesSearch SettingsSearchSettings.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesPunto Switcherpunto.exe
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesClassic ShellClassicStartMenu.exe
C:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesNotepad++notepad++.exe
C:UsersacerDesktopRSIT(3).exe
C:Program Filestrend microacer.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.infobank.by/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: SearchSettings Class — {E312764E-7706-43F1-8DAB-FCDD2B1E416D} — C:Program FilesSearch SettingsSearchSettings.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: ExplorerBHO Class — {449D0D6E-2412-4E61-B68F-1CB625CD9E52} — C:Program FilesClassic ShellClassicExplorer.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2010ievkbd.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: Google Gears Helper — {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} — C:Program FilesGoogleGoogle GearsInternet Explorer.5.33.0gears.dll (file missing)
O2 — BHO: SearchSettings Class — {E312764E-7706-43F1-8DAB-FCDD2B1E416D} — C:Program FilesSearch SettingsSearchSettings.dll
O2 — BHO: link filter bho — {E33CF602-D945-461A-83F0-819F76A199F8} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O3 — Toolbar: Классическая панель — {553891B7-A0D5-4526-BE18-D3CE461D6310} — C:Program FilesClassic ShellClassicExplorer.dll
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe»
O4 — HKLM..Run: [OrderReminder] C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
O4 — HKLM..Run: [ISUSScheduler] «C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 — HKLM..Run: [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [SearchSettings] C:Program FilesSearch SettingsSearchSettings.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKCU..Run: [thebat_startup] C:Program FilesThe Bat!thebat.exe
O4 — HKCU..Run: [ISUSPM Startup] «C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe» -startup
O4 — HKCU..Run: [YandexDesktopSearch] «C:Program FilesYandexDesktopyandesk.exe»
O4 — HKCU..Run: [Google Update] «C:UsersacerAppDataLocalGoogleUpdateGoogleUpdate.exe» /c
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User ‘система’)
O4 — HKUS.DEFAULT..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User ‘Default user’)
O4 — Startup: OpenOffice.org 3.2.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 — Startup: Punto Switcher.lnk = C:Program FilesPunto Switcherpunto.exe
O4 — Startup: Классическое меню.lnk = C:Program FilesClassic ShellClassicStartMenu.exe
O4 — Global Startup: Mozilla Sunbird (2).lnk = C:Program FilesMozilla Sunbirdsunbird.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MIF5BA~1OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Add to WebSite-Watcher — C:UsersacerAppDataRoamingaignesWebSite-Watcherconfigsettingswswie.htm
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MIF5BA~1Office12EXCEL.EXE/3000
O9 — Extra button: (no name) — {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} — C:Program FilesGoogleGoogle GearsInternet Explorer.5.33.0gears.dll (file missing)
O9 — Extra ‘Tools’ menuitem: &Настройки Gears — {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} — C:Program FilesGoogleGoogle GearsInternet Explorer.5.33.0gears.dll (file missing)
O9 — Extra button: &Виртуальная клавиатура — {4248FE82-7FCB-46AC-B270-339F08212110} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O9 — Extra button: (no name) — {64964764-1101-4bbd-8891-B56B1A53B9B3} — C:Program FilesClassic ShellClassicExplorer.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MIF5BA~1OFFICE11REFIEBAR.DLL
O9 — Extra button: Проверка ссы&лок — {CCF151D8-D089-449F-A5A4-D9909053F20F} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O13 — Gopher Prefix:
O16 — DPF: {1774D1BA-41E2-4158-9498-07971BF4A381} (sign Class) — https://www.sbsibank.by/sign.cab
O17 — HKLMSystemCCSServicesTcpip..{BB022323-AFD3-4004-9457-531BB9AFF24C}: NameServer = 82.209.240.241,82.209.243.241
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O23 — Service: Application Updater — Spigot, Inc. — C:Program FilesApplication UpdaterApplicationUpdater.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe
O23 — Service: Firebird Guardian — DefaultInstance (FirebirdGuardianDefaultInstance) — Firebird Project — C:Program FilesFirebirdFirebird_2_1binfbguard.exe
O23 — Service: Firebird Server — DefaultInstance (FirebirdServerDefaultInstance) — Firebird Project — C:Program FilesFirebirdFirebird_2_1binfbserver.exe
O23 — Service: Google Update Service (gupdate) (gupdate) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe—
End of file — 8318 bytes======Scheduled tasks folder======
C:WindowstasksGoogleUpdateTaskMachineCore.job
C:WindowstasksGoogleUpdateTaskMachineUA.job
C:WindowstasksGoogleUpdateTaskUserS-1-5-21-4156278907-1805287538-812559914-1000Core.job
C:WindowstasksGoogleUpdateTaskUserS-1-5-21-4156278907-1805287538-812559914-1000UA.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-12-21 75200][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class — C:Program FilesClassic ShellClassicExplorer.dll [2010-01-27 203776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2010ievkbd.dll [2009-10-20 68112][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-03-02 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper — C:Program FilesGoogleGoogle GearsInternet Explorer.5.33.0gears.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class — C:Program FilesSearch SettingsSearchSettings.dll [2009-12-16 1109504][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll [2009-10-20 268816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} — Классическая панель — C:Program FilesClassic ShellClassicExplorer.dll [2010-01-27 203776][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2008-05-02 15872]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe [2009-10-20 340456]
«OrderReminder»=C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe [2006-01-30 98304]
«ISUSScheduler»=C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-08-11 81920]
«Apoint»=C:Program FilesApoint2KApoint.exe [2009-06-12 221184]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2009-06-18 1537320]
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-01-23 223232]
«SearchSettings»=C:Program FilesSearch SettingsSearchSettings.exe [2009-12-16 975360]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-12-22 35760]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-01-11 246504][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«thebat_startup»=C:Program FilesThe Bat!thebat.exe [2008-08-14 6647144]
«ISUSPM Startup»=C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe [2005-08-11 249856]
«YandexDesktopSearch»=C:Program FilesYandexDesktopyandesk.exe []
«Google Update»=C:UsersacerAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-01-24 135664][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2009-10-25 3520256]C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Mozilla Sunbird (2).lnk — C:Program FilesMozilla Sunbirdsunbird.exeC:UsersacerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
OpenOffice.org 3.2.lnk — C:Program FilesOpenOffice.org 3programquickstart.exe
Punto Switcher.lnk — C:Program FilesPunto Switcherpunto.exe
Классическое меню.lnk — C:Program FilesClassic ShellClassicStartMenu.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:Windowssystem32klogon.dll [2009-10-20 219664][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WebCheck — {E6FB5E20-DE35-11CF-9C87-00AA005127ED}[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=credssp.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalAppInfo]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalAppMgmt]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBase]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBoot Bus Extender]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBoot file system]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalCryptSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalDcomLaunch]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalEFS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalEventLog]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalFile system]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalFilter]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHelpSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalKeyIso]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalNetlogon]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalNTDS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPCI Configuration]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPlugPlay]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPNP Filter]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPower]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPrimary disk]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalProfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalRpcEptMapper]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalRpcSs]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsacsvr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSCSI Class]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsermouse.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSWPRV]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSystem Bus Extender]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTabletInputService]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTBS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTrustedInstaller]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalVDS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvga.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvgasave.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvmms]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvolmgr.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvolmgrx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinMgmt]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWudfPf]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWudfRd]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWudfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkAFD]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkAppInfo]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkAppMgmt]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkBase]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkBFE]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkBoot Bus Extender]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkBoot file system]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkbowser]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkBrowser]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkCryptSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDcomLaunch]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdfsc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDhcp]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDnsCache]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkDot3Svc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkEaphost]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkEFS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkEventLog]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkFile system]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkFilter]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkHelpSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkIKEEXT]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkipnat.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkKeyIso]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkLanmanServer]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkLanmanWorkstation]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkLmHosts]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMessenger]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMPSDrv]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMPSSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmrxsmb]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmrxsmb10]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmrxsmb20]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNativeWifiP]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNDIS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNDIS Wrapper]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkndiscap]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNdisuio]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetBIOS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetBIOSGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetBT]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetDDEGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetlogon]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetMan]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknetprofm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetwork]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNetworkProvider]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNlaSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNsi]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknsiproxy.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkNTDS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPCI Configuration]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPlugPlay]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPNP Filter]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPNP_TDI]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPolicyAgent]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPower]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPrimary disk]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkProfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkrdbss]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkrdpencdd.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkrdsessmgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkRpcEptMapper]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkRpcSs]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksacsvr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSCardSvr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSCSI Class]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksermouse.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSharedAccess]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkStreams Drivers]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSWPRV]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSystem Bus Extender]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTabletInputService]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTBS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTcpip]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTDI]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTrustedInstaller]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkVaultSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkVDS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvga.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvgasave.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvmms]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvolmgr.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkvolmgrx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinDefend]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinMgmt]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWlansvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfPf]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfRd]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfUsbccidDriver]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«ConsentPromptBehaviorAdmin»=0
«ConsentPromptBehaviorUser»=3
«EnableLUA»=0
«EnableUIADesktopToggle»=0
«PromptOnSecureDesktop»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======File associations======
.ini — open — «C:Program FilesNotepad++notepad++.exe» «%1»
.js — edit — C:WindowsSystem32Notepad.exe %1
.js — open — C:WindowsSystem32WScript.exe «%1» %*
.txt — open — «C:Program FilesNotepad++notepad++.exe» «%1»======List of files/folders created in the last 1 months======
2010-03-29 12:23:18 —-D—- C:WindowsSun
2010-03-26 14:57:35 —-D—- C:белгазпром
2010-03-24 13:11:47 —-D—- C:Program Filestrend micro
2010-03-24 13:11:45 —-D—- C:rsit
2010-03-14 09:53:04 —-D—- C:UsersacerAppDataRoaminggtk-2.0
2010-03-14 09:41:54 —-D—- C:Program FilesDia
2010-03-02 08:27:36 —-D—- C:UsersacerAppDataRoamingOpenOffice.org
2010-03-02 08:24:52 —-D—- C:Program FilesJRE
2010-03-02 08:24:44 —-D—- C:Program FilesOpenOffice.org 3
2010-03-02 08:24:16 —-D—- C:ProgramDataSun
2010-03-02 08:24:15 —-D—- C:Program FilesCommon FilesJava
2010-03-02 08:24:03 —-A—- C:Windowssystem32javaws.exe
2010-03-02 08:24:03 —-A—- C:Windowssystem32javaw.exe
2010-03-02 08:24:03 —-A—- C:Windowssystem32java.exe
2010-03-02 08:24:03 —-A—- C:Windowssystem32deploytk.dll
2010-03-02 08:23:47 —-D—- C:Program FilesJava
2010-03-02 08:22:42 —-D—- C:OpenOffice.org 3.2 (ru) Installation Files======List of files/folders modified in the last 1 months======
2010-03-29 18:52:29 —-D—- C:WindowsTemp
2010-03-29 18:50:21 —-D—- C:WindowsPrefetch
2010-03-29 18:35:09 —-D—- C:ProgramDataKaspersky Lab
2010-03-29 18:34:23 —-D—- C:WindowsSystem32
2010-03-29 18:34:23 —-D—- C:Windowsinf
2010-03-29 18:34:23 —-A—- C:Windowssystem32PerfStringBackup.INI
2010-03-29 18:17:55 —-D—- C:Экспертное мнение
2010-03-29 12:23:18 —-D—- C:Windows
2010-03-29 11:42:17 —-D—- C:UsersacerAppDataRoaminguTorrent
2010-03-29 11:38:01 —-D—- C:UsersacerAppDataRoamingICQ
2010-03-29 04:00:58 —-D—- C:Windowssystem32config
2010-03-28 19:00:25 —-SHD—- C:System Volume Information
2010-03-28 10:57:56 —-D—- C:Program FilesMozilla Firefox
2010-03-28 01:47:56 —-D—- C:UsersacerAppDataRoamingeSMI
2010-03-27 11:10:52 —-D—- C:Аудиокниги
2010-03-26 19:21:16 —-RD—- C:Инфобанк
2010-03-26 19:18:56 —-RD—- C:Program Files
2010-03-25 15:12:21 —-D—- C:WindowsMinidump
2010-03-25 15:12:21 —-D—- C:Windowsdebug
2010-03-24 21:03:34 —-RD—- C:fotoWork
2010-03-22 10:17:02 —-D—- C:Program FilesMaxthon
2010-03-20 01:27:41 —-D—- C:install
2010-03-19 11:17:53 —-D—- C:Program FilesDebitInfo
2010-03-18 03:51:51 —-SHD—- C:WindowsInstaller
2010-03-17 15:27:35 —-D—- C:UsersacerAppDataRoamingSkype
2010-03-17 10:53:30 —-D—- C:UsersacerAppDataRoamingskypePM
2010-03-14 09:19:39 —-D—- C:Windowssystem32wdi
2010-03-09 15:39:05 —-D—- C:WindowsModemLogs
2010-03-07 19:00:59 —-D—- C:Windowswinsxs
2010-03-07 16:42:44 —-D—- C:w202
2010-03-06 05:55:12 —-D—- C:Program FilesGoogle
2010-03-04 09:46:50 —-A—- C:UsersacerAppDataRoamingex_log.txt
2010-03-02 08:25:40 —-RSD—- C:Windowsassembly
2010-03-02 08:24:59 —-RSD—- C:WindowsFonts
2010-03-02 08:24:16 —-HD—- C:ProgramData
2010-03-02 08:24:15 —-D—- C:Program FilesCommon Files
- Для ответа в этой теме необходимо авторизоваться.
