Созданные ответы форума
-
Сообщения
-
ComboFix 10-07-30.01 — IT-Master 30.07.2010 23:01:39.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.1023.663 [GMT 4:00]
Running from: c:windowsTEMPRar$EX00.188ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:desktop.ini
c:profile’sAll UsersГлавное менюПрограммыVKSaver
c:profile’sAll UsersГлавное менюПрограммыVKSaverReadme.txt.lnk
c:profile’sAll UsersГлавное менюПрограммыVKSaverUninstall.lnk
c:profile’sAll UsersГлавное менюПрограммыVKSaverVKSaver.lnk
c:profile’sAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:profile’sAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:profile’sIT-MasterApplication DataAdSubscribe
c:profile’sIT-MasterApplication DataAdSubscribeAdSubscribe.dat
c:profile’sIT-MasterApplication DataAdSubscribeFeedfeed.xml
c:profile’sIT-MasterApplication DataKaspersky_Key_Finder_(KKF
c:profile’sIT-MasterApplication DataKaspersky_Key_Finder_(KKFKaspersky_Key_Finder_1.4._Url_g25zx4axhrssgp1ohnuore1phlfcyn0r1.4.1.0user.config
c:program filesCommon Fileskeylog.txt
c:program filesFieryAds
c:program filesInternet ExplorerqiPSearchbar.dll
c:program filesVKSaver
c:program filesVKSaverReadme.txt
c:program filesVKSaveruninstall.exe
c:program filesVKSaverVKSaverUI.exe
c:program filesVKSaverVKSaverUpdater.exe
c:windowssystemoeminfo.ini
c:windowssystem32c8WGVh7.exe
c:windowssystem32fygdarM.exe
c:windowssystem32Lvmt7xp.exe
c:windowssystem32NhRYWQN.exe
c:windowssystem32sFymL9N.exe
c:windowssystem32Thumbs.db
c:windowssystem32vksaver.dll
c:windowssystem32vNxSmPB.exe
c:windowssystem32zip32.dll
c:windowsTempWPDNSE
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.2010-07-30 18:48 . 2010-07-30 18:48 399360 —-a-w- c:windowssystem32CF2821.exe
2010-07-30 11:36 . 2010-07-30 11:36
d
w- c:program filesPassware
2010-07-30 06:09 . 2010-07-30 06:09 99840 —-a-w- c:windowssystem32eEe54MU.exe
2010-07-29 10:53 . 2010-07-29 10:53
d
w- C:_OTM
2010-07-27 12:46 . 2010-07-29 11:11
d
w- c:program filestrend micro
2010-07-27 12:46 . 2010-07-27 12:47
d
w- C:rsit.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 11:56 . 2008-04-04 17:23
d
w- c:profile’sIT-MasterApplication DataICQ
2010-07-04 14:16 . 2010-06-30 14:30
d
w- c:program filesТаня Гроттер и Магический контрабас
2010-07-03 17:46 . 2009-06-18 15:19
d
w- c:program filesOpera
2010-06-27 16:11 . 2010-06-27 16:11 102912 —-a-w- c:windowssystem32CWQNH1k.exe
2010-06-27 13:17 . 2010-06-27 13:17 111616 —-a-w- c:windowssystem32QFc4euv.exe
2010-06-27 06:58 . 2010-06-27 06:58 111104 —-a-w- c:windowssystem32vgYrPjB.exe
2010-06-26 08:11 . 2010-06-26 08:11 111104 —-a-w- c:windowssystem324rC6bh8.exe
2010-06-25 10:56 . 2010-06-25 10:56 111104 —-a-w- c:windowssystem32kMCIiX3.exe
2010-06-24 05:02 . 2010-06-24 05:02 118272 —-a-w- c:windowssystem32zFyj42B.exe
2010-06-24 04:29 . 2010-04-14 18:36
d
w- c:program filesICQ7.1
2010-06-22 08:30 . 2010-06-22 08:30 114688 —-a-w- c:windowssystem32cgpq8bX.exe
2010-06-22 08:14 . 2010-06-22 08:14 114688 —-a-w- c:windowssystem32UAngkzq.exe
2010-06-22 08:13 . 2010-06-22 08:13 89078 —-a-w- c:windowssystem32tkvOOxa.exe
2010-06-22 08:12 . 2010-06-22 08:12 106496 —-a-w- c:windowssystem32L81kNLO.exe
2010-06-21 16:11 . 2010-06-21 16:11 116736 —-a-w- c:windowssystem32VH8I9iB.exe
2010-06-21 06:45 . 2010-06-21 06:45 116736 —-a-w- c:windowssystem32ca1zA83.exe
2010-06-21 06:25 . 2010-06-21 06:25 116736 —-a-w- c:windowssystem32D1dlI5M.exe
2010-06-21 06:25 . 2010-06-21 06:25 116736 —-a-w- c:windowssystem32GyDgDiD.exe
2010-06-21 06:23 . 2010-06-21 06:23 110080 —-a-w- c:windowssystem32jYJZrtt.exe
2010-06-16 11:39 . 2010-06-16 11:39 99328 —-a-w- c:windowssystem32EYUP9ay.exe
2010-06-16 07:32 . 2010-06-16 07:32 99328 —-a-w- c:windowssystem32Y2Q6XpJ.exe
2010-06-10 10:10 . 2001-10-20 09:00 82542 —-a-w- c:windowssystem32perfc019.dat
2010-06-10 10:10 . 2001-10-20 09:00 478098 —-a-w- c:windowssystem32perfh019.dat
2010-06-10 09:38 . 2010-03-14 14:27
d
w- c:program filesPCGAME
2010-06-10 09:16 . 2010-06-10 09:01
d
w- c:program filesThe Sims 3
2010-06-09 08:51 . 2008-02-19 15:31 1048576 —ha-w- c:profile’sГостьNTUSER.DAT
2010-06-06 14:11 . 2010-06-06 14:11 106496 —-a-w- c:windowssystem322hUgv3y.exe
2010-06-06 14:10 . 2010-06-06 14:10 47616 —-a-w- c:windowssystem32V0jL36Q.exe
2010-06-05 13:29 . 2010-06-05 13:29
d
w- c:program filesSLS2
2010-05-03 11:55 . 2009-10-08 10:44 56 —-a-w- c:windowsusing_tbl.dat
2006-11-18 17:17 . 2009-09-15 14:14 1685400 —-a-w- c:program filesdaemon408-x64.exe
2006-11-18 17:17 . 2009-09-15 14:14 1512856 —-a-w- c:program filesdaemon408-x86.exe
.
Sigcheck
[-] 2008-06-22 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:windowssystem32driverstcpip.sys[-] 2008-06-22 . 67A98D1398BB2C794A4BEF4B98A05151 . 80728 . . [7.1.6001.65] . . c:windowssystem32wuauclt.exe
[-] 2008-06-22 . 04B7472B0B9C2F6831F7ADC6723B46B3 . 2137600 . . [5.1.2600.5586] . . c:windowssystem32ntoskrnl.exe
[-] 2008-06-22 . D3D95DEDC976F35AB5D96BDACC9ADE5B . 588288 . . [5.1.2600.5512] . . c:windowssystem32user32.dll
[-] 2008-06-22 . 89C73F82F2CBFB490CA7333F600D168B . 1609216 . . [6.00.2900.5512] . . c:windowsexplorer.exe
[-] 2008-06-22 . F5EC0D558ED09EDBCC3E7A6DE33B5273 . 1571840 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
[-] 2008-06-22 . 26C16B843E1A87205F4945207A843965 . 30208 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe
[-] 2008-06-22 . 3E2ED20BD4A3EBA2FF74E0AA8F21A91D . 2016256 . . [5.1.2600.5586] . . c:windowssystem32ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-24 8729864][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-24 8729864][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2004-11-13 205824]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2009-05-06 3777536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SkyTel»=»SkyTel.EXE» [2006-05-16 2879488]
«SSBkgdUpdate»=»c:program filesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» [2003-10-14 155648]
«PaperPort PTD»=»c:program filesScanSoftPaperPortpptd40nt.exe» [2006-03-01 36864]
«IndexSearch»=»c:program filesScanSoftPaperPortIndexSearch.exe» [2006-03-01 40960]
«PPort10reminder»=»c:program filesScanSoftPaperPortEREGEreg.exe» [2005-06-03 729088]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-14 110592]
«Gainward»=»c:program filesVDOToolTBPanel.exe» [2007-04-23 2165536]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2006-09-26 35328]
«RTHDCPL»=»RTHDCPL.EXE» [2007-01-30 16116224]
«nwiz»=»nwiz.exe» [2009-04-30 1657376]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2009-04-30 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-04-30 13750272]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-03-19 2029640]
«UVS11 Preload»=»c:program filesUlead SystemsUlead VideoStudio 11uvPL.exe» [2007-03-03 341488][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«VisualTaskTips»=»c:program filesVisualTaskTipsVisualTaskTips.exe» [2008-02-27 61440]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«tscuninstall»=»c:windowssystem32tscupgrd.exe» [2004-08-17 44544]
«nltide_3″=»advpack.dll» [2009-03-08 128512]
«IE7_012″=»advpack.dll» [2009-03-08 128512]
«IE7_013″=»rebuild.exe» [2007-11-01 114280][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMMyPictures»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMMyPictures»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoSMHelp»= 1 (0x1)
«ForceClassicControlPanel»= 1 (0x1)
«NoResolveTrack»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwarepoliciesmicrosoftwindowswindowsupdateau]
«NoAutoUpdate»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«Userinit»=»c:windowssystem32userinit.exe,\?globalrootsystemrootsystem32V0jL36Q.exe,\?globalrootsystemrootsystem322hUgv3y.exe,»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *??????OODBS[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«Gainward»=c:program filesVDOToolTBPanel.exe /A
«NvMediaCenter»=RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
«nwiz»=nwiz.exe /install[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\The Sims 3\Game\Bin\TS3.exe»=
«c:\Program Files\Opera\opera.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«1739:TCP»= 1739:TCP:qjagois
«7265:TCP»= 7265:TCPR0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 16:46 63352]
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [19.03.2009 12:44 107256]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [19.03.2009 12:45 93848]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [19.03.2009 12:44 731840]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [14.04.2010 22:38 246520]
S2 byznnusti;Config Microsoft;c:windowssystem32svchost.exe -k netsvcs [14.04.2008 22:41 14336]
S2 ogolrvxr;Driver Universal;c:windowssystem32svchost.exe -k netsvcs [14.04.2008 22:41 14336]
S3 block_reader;MPR DRV;??c:program filesMulti Password Recoveryblock_reader.sys —> c:program filesMulti Password Recoveryblock_reader.sys [?]
S3 BTCOMM;BTCOMM;c:windowssystem32driversBtcomm.sys —> c:windowssystem32driversBtcomm.sys [?]
S3 BTKRNBDG;Bluetooth COM Bridge;c:windowssystem32DRIVERSbtkrnbdg.sys —> c:windowssystem32DRIVERSbtkrnbdg.sys [?]
S3 FLASHSYS;FLASHSYS;??d:utilitymsiDualCoreCenterFLASHSYS.sys —> d:utilitymsiDualCoreCenterFLASHSYS.sys [?]
S3 vad_multi;Windigo Virtual Audio Device (WDM);c:windowssystem32driversvadmulti.sys —> c:windowssystem32driversvadmulti.sys [?]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [29.11.2007 14:07 721904]— Other Services/Drivers In Memory —
*Deregistered* — uphcleanhlp
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
ogolrvxr
.
Contents of the ‘Scheduled Tasks’ folder2010-07-19 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 08:34]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=47540
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1Microsoft OfficeOFFICE11EXCEL.EXE/3000
IE: Online-словари — c:program filesPRMT8PRMTIEoda.htm
IE: Автоматически определить шаблон тематики — c:program filesPRMT8PRMTIEaot.htm
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Настроить параметры перевода — c:program filesPRMT8PRMTIEoptions.htm
IE: Незнакомые слова — c:program filesPRMT8PRMTIEinfopanel.htm
IE: Открыть словарную статью — c:program filesPRMT8PRMTIEaddentry.htm
IE: Перевести — c:program filesPRMT8PRMTIEtranslat.htm
IE: Перевести страницу — c:program filesPRMT8PRMTIEpage.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
IE: Поиск в Интернете — c:program filesPRMT8PRMTIEsearch.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} — c:program filesICQ7.1ICQ.exe
Handler: rcdp.1C.rep — {79F2E69A-DE4D-461D-958B-FE830EF4246C} — c:progra~11C RepetitorbinRepAPP.dll
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-Tutor.exe — c:program filesABBYY Lingvo 12Tutor.exe
HKLM-Run-VKSaverUpdater — c:program filesVKSaverVKSaverUpdater.exe
AddRemove-CounterStrike — Condition Zero — c:gamesCounterStrikeCondition ZeroUNWISE.EXE
AddRemove-ShockwaveFlash — c:windowssystem32MacromedFlashFlashUtil9c.exe
AddRemove-VKSaver — c:program filesVKSaveruninstall.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 23:08
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x86FD28E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf755ff28
DriverACPI -> ACPI.sys @ 0xf73f2cb8
Driveratapi -> sfsync02.sys @ 0xf77abd60
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
DeviceHarddisk0DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf727dbb0
PacketIndicateHandler -> NDIS.sys @ 0xf728ab21
SendHandler -> NDIS.sys @ 0xf726887b
user & kernel MBR OK**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.Default.Default#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Стандартный звук.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultAppGPFault#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultCCSelect#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultClose#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultCriticalBatteryAlarm#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Battery Critical.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultDeviceConnect#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Подключение устройства.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultDeviceDisconnect#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Отключение устройства.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultDeviceFail#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Ошибка подключения устройства.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultLowBatteryAlarm#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Battery Low.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultMailBeep#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Уведомление о получении почты.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultMaximize#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultMenuCommand#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Menu Command.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultMenuPopup#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultMinimize#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Information Bar.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultOpen#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultPrintComplete#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Печать завершена.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultRestoreDown#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Restore.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultRestoreUp#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Restore.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultShowBand#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemAsterisk#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Звездочка.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemExclamation#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Восклицание.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemExit#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Завершение работы Windows.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemHand#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Критическая ошибка.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemNotification#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Системное уведомление.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemQuestion#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Вопрос.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultSystemStart#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Запуск Windows.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultWindowsLogoff#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Выход из Windows.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesApps.DefaultWindowsLogon#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Вход в Windows.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsdevenvVS_BreakpointHit#@00*nC]
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerActivatingDocument#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerBlockedPopup#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Pop-up Blocked.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerEmptyRecycleBin#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Recycle.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerFeedDiscovered#@00*nC]
@=»Windows Feed Discovered.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerMoveMenuItem#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerNavigating#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Start.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerSearchProviderDiscovered#@00*nC]
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsExplorerSecurityBand#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows Vista Information Bar.wav»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsmse7VS_BuildCanceled#@00*nC]
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsmse7VS_BuildFailed#@00*nC]
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesAppsmse7VS_BuildSucceeded#@00*nC]
@=»»[HKEY_USERSS-1-5-21-436374069-57989841-725345543-500AppEventsSchemesNames#@00*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Ура»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(908)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(972)
c:windowssystem32setupapi.dll
.
Completion time: 2010-07-30 23:10:08
ComboFix-quarantined-files.txt 2010-07-30 19:10Pre-Run: 27,592,138,752 байт свободно
Post-Run: 27,658,465,280 байт свободно— — End Of File — — A93F644B1FE2D74840D07A658020BAD2
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks\{16664848-0E00-11D2-8059-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{16664848-0E00-11D2-8059-000000000000} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CF272101-7F6E-4CF2-9453-B4C5D2FC32C0} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CF272101-7F6E-4CF2-9453-B4C5D2FC32C0} not found.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5682988e-84f1-11de-89a9-0019dbaa118f} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{5682988e-84f1-11de-89a9-0019dbaa118f} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6def00cc-6405-11de-8954-0019dbaa118f} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{6def00cc-6405-11de-8954-0019dbaa118f} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b3d4e2fc-8721-11de-89b3-0019dbaa118f} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{b3d4e2fc-8721-11de-89b3-0019dbaa118f} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d0dbfe18-e06e-11dc-84f8-0019dbaa118f} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{d0dbfe18-e06e-11dc-84f8-0019dbaa118f} not found.
========== FILES ==========
C:WINDOWStasksWindowsCheck.job moved successfully.
C:WINDOWSsystem32kgHTra2.exe moved successfully.
C:WINDOWSsystem32hehpik.exe moved successfully.
C:WINDOWSsystem32cnFeuxC.exe moved successfully.
C:WINDOWSsystem32rwLbGX6.exe moved successfully.
C:WINDOWSsystem32OkvhiVN.exe moved successfully.
C:WINDOWSsystem32XxaPizt.exe moved successfully.
C:WINDOWSsystem32QsW03nt.exe moved successfully.
C:WINDOWSsystem32ZNRIfBc.exe moved successfully.
C:WINDOWSsystem32LHrUALh.exe moved successfully.
C:WINDOWSsystem32LavgDwd.exe moved successfully.
C:WINDOWSsystem32fK2pei1.exe moved successfully.
C:WINDOWSsystem32datculu.exe moved successfully.
C:WINDOWSsystem32lvsqps.exe moved successfully.
C:WINDOWSsystem32XYLOFWS.exe moved successfully.
C:WINDOWSsystem32qnkAJon.exe moved successfully.
C:WINDOWSsystem32h4Z8WBe.exe moved successfully.
C:WINDOWSsystem32peahnvp.exe moved successfully.
C:WINDOWSsystem32rjxemg.exe moved successfully.
C:WINDOWSsystem32ddjtjhw.exe moved successfully.
C:WINDOWSsystem32gajucd.exe moved successfully.
C:WINDOWSsystem32AS6xBaB.exe moved successfully.
C:WINDOWSsystem32JJlQG4N.exe moved successfully.
C:WINDOWSsystem32hbngghe.exe moved successfully.
C:WINDOWSsystem32hkexhu.exe moved successfully.
C:WINDOWSsystem32U2uAnWN.exe moved successfully.
C:WINDOWSsystem32BZpKWN5.exe moved successfully.
C:WINDOWSsystem32tFgC3E7.exe moved successfully.
C:WINDOWSsystem32B6llFdB.exe moved successfully.
C:WINDOWSsystem32fvrwlgz.exe moved successfully.
C:WINDOWSsystem32etuasy.exe moved successfully.
C:WINDOWSsystem32ElmNhCT.exe moved successfully.
C:WINDOWSsystem32XBYknIt.exe moved successfully.
C:WINDOWSsystem322FMV3QG.exe moved successfully.
C:WINDOWSsystem32SXrwhdy.exe moved successfully.
C:WINDOWSsystem325MVNZmV.exe moved successfully.
C:WINDOWSsystem32lVdBNVp.exe moved successfully.
C:WINDOWSsystem32m51lhGk.exe moved successfully.
C:WINDOWSsystem32Q8tlQ6N.exe moved successfully.
C:WINDOWSsystem32O9lLc2H.exe moved successfully.
C:WINDOWSsystem32uOAXdIu.exe moved successfully.
C:WINDOWSsystem32kcdh63A.exe moved successfully.
C:WINDOWSsystem32Zz0iYmX.exe moved successfully.
C:WINDOWSsystem32kGWHg69.exe moved successfully.
C:WINDOWSsystem32PM8KRwn.exe moved successfully.
C:WINDOWSsystem32Y5IPQft.exe moved successfully.
C:WINDOWSsystem32U3mh2O1.exe moved successfully.
C:WINDOWSsystem32NCndeAY.exe moved successfully.
C:WINDOWSsystem32SnQyby7.exe moved successfully.
C:WINDOWSsystem32XmrrVm8.exe moved successfully.
C:WINDOWSsystem32Q350tNt.exe moved successfully.
C:WINDOWSsystem32rozuvO1.exe moved successfully.
C:WINDOWSsystem3245lnP6j.exe moved successfully.
C:WINDOWSsystem32yL0cPnN.exe moved successfully.
C:WINDOWSsystem32QUDmW4K.exe moved successfully.
C:WINDOWSsystem328MFaG1E.exe moved successfully.
C:WINDOWSsystem32VZThNUc.exe moved successfully.
C:WINDOWSsystem32qwoq9i8.exe moved successfully.
C:WINDOWSsystem32L98xMg6.exe moved successfully.
C:WINDOWSsystem32VWl4j94.exe moved successfully.
C:WINDOWSsystem32R4GXYE3.exe moved successfully.
========== COMMANDS ==========[EMPTYTEMP]
User: 11
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65727412 bytes
->Flash cache emptied: 1528 bytesUser: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytesUser: IT-Master
->Temporary Internet Files folder emptied: 405195446 bytes
->Java cache emptied: 1021743 bytes
->FireFox cache emptied: 88348499 bytes
->Opera cache emptied: 72 bytes
->Flash cache emptied: 112611 bytesUser: LocalService
->Temporary Internet Files folder emptied: 3100573 bytesUser: NetworkService
->Temporary Internet Files folder emptied: 1763382 bytesUser: Гость
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 109929 bytesUser: Манюня
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4595379 bytes
%systemroot%System32 .tmp files removed: 2352717 bytes
%systemroot%System32dllcache .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10683861957 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 581522 bytes
RecycleBin emptied: 0 bytesTotal Files Cleaned = 10,735.00 mb
OTM by OldTimer — Version 3.1.12.0 log created on 07292010_145325
Files moved on Reboot…
Registry entries deleted on Reboot…
Logfile of random’s system information tool 1.06 (written by random/random)
Run by IT-Master at 2010-07-29 15:11:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (22%) free of 120 GB
Total RAM: 1023 MB (48% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:07, on 29.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32savedump.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSnotepad.exe
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesVDOToolTBPanel.exe
C:Program FilesWinampwinampa.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesVKSaverVKSaverUpdater.exe
C:Program FilesPunto Switcherps.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesDownload Masterdmaster.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:WINDOWSsystem32oodag.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:WINDOWSsystem32uphclean.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesOperaopera.exe
C:ProFile’sIT-MasterРабочий столRSIT.exe
C:Program Filestrend microIT-Master.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://start.qip.ru/
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=47540
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer предоставлен: QIP.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Program FilesInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,\?globalrootsystemrootsystem32V0jL36Q.exe,\?globalrootsystemrootsystem322hUgv3y.exe,
O2 — BHO: IE7Pro — {00011268-E188-40DF-A514-835FCD78B1BF} — C:Program FilesIEProIEPro.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.5.0_11binssv.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1Download Masterdmiehlp.dll
O2 — BHO: QIPBHO — {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} — C:Program FilesInternet Explorerqipsearchbar.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4FE6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [SSBkgdUpdate] «C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» -Embedding -boot
O4 — HKLM..Run: [PaperPort PTD] «C:Program FilesScanSoftPaperPortpptd40nt.exe»
O4 — HKLM..Run: [IndexSearch] «C:Program FilesScanSoftPaperPortIndexSearch.exe»
O4 — HKLM..Run: [PPort10reminder] «C:Program FilesScanSoftPaperPortEREGEreg.exe» -r «C:ProFile’sAll UsersApplication DataScanSoftPaperPort10ConfigEregereg.ini»
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [Gainward] C:Program FilesVDOToolTBPanel.exe /A
O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [UVS11 Preload] C:Program FilesUlead SystemsUlead VideoStudio 11uvPL.exe
O4 — HKLM..Run: [VKSaverUpdater] C:Program FilesVKSaverVKSaverUpdater.exe
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
O4 — HKCU..Run: [Tutor.exe] «C:Program FilesABBYY Lingvo 12Tutor.exe» /AS
O4 — HKUSS-1-5-19..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [VisualTaskTips] C:Program FilesVisualTaskTipsVisualTaskTips.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [VisualTaskTips] C:Program FilesVisualTaskTipsVisualTaskTips.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1Microsoft OfficeOFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Online-словари — C:Program FilesPRMT8PRMTIEoda.htm
O8 — Extra context menu item: Автоматически определить шаблон тематики — C:Program FilesPRMT8PRMTIEaot.htm
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Настроить параметры перевода — C:Program FilesPRMT8PRMTIEoptions.htm
O8 — Extra context menu item: Незнакомые слова — C:Program FilesPRMT8PRMTIEinfopanel.htm
O8 — Extra context menu item: Открыть словарную статью — C:Program FilesPRMT8PRMTIEaddentry.htm
O8 — Extra context menu item: Перевести — C:Program FilesPRMT8PRMTIEtranslat.htm
O8 — Extra context menu item: Перевести страницу — C:Program FilesPRMT8PRMTIEpage.htm
O8 — Extra context menu item: Передать на удаленную закачку DM — C:Program FilesDownload Masterremdown.htm
O8 — Extra context menu item: Поиск в Интернете — C:Program FilesPRMT8PRMTIEsearch.htm
O9 — Extra button: IE7Pro Preferences — {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} — C:Program FilesIEProIEPro.dll
O9 — Extra ‘Tools’ menuitem: IE7Pro Preferences — {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} — C:Program FilesIEProIEPro.dll
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_11binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_11binssv.dll
O9 — Extra button: ICQ7.1 — {71BFC818-0CED-42D6-9C87-5142918957EE} — C:Program FilesICQ7.1ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ7.1 — {71BFC818-0CED-42D6-9C87-5142918957EE} — C:Program FilesICQ7.1ICQ.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: QIP 2005 — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIPqip.exe (HKCU)
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O17 — HKLMSystemCCSServicesTcpip..{2172F464-9812-4919-A5DA-EE1041EDA865}: NameServer = 212.96.104.129 212.96.96.38
O18 — Protocol: rcdp.1C.rep — {79F2E69A-DE4D-461D-958B-FE830EF4246C} — C:PROGRA~11C RepetitorbinRepAPP.dll
O20 — AppInit_DLLs: C:WINDOWSsystem32vksaver.dll
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Capture Device Service — InterVideo Inc. — C:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: O&O Defrag — O&O Software GmbH — C:WINDOWSsystem32oodag.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem01.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Ulead Burning Helper (UleadBurningHelper) — Ulead Systems, Inc. — C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O24 — Desktop Component 0: (no name) — file:///C:/WINDOWS/TEMP/msohtml1/01/clip_image002.jpg—
End of file — 12313 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO — C:Program FilesIEProIEPro.dll [2008-05-20 736360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.5.0_11binssv.dll [2006-12-15 440056][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1Download Masterdmiehlp.dll [2009-04-16 158208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class — C:Program FilesInternet Explorerqipsearchbar.dll [2009-07-09 150768][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-12-10 929224]
{855F3B16-6D32-4FE6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2010-01-03 1019128]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-12-24 8729864][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«SSBkgdUpdate»=C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe [2003-10-14 155648]
«PaperPort PTD»=C:Program FilesScanSoftPaperPortpptd40nt.exe [2006-03-01 36864]
«IndexSearch»=C:Program FilesScanSoftPaperPortIndexSearch.exe [2006-03-01 40960]
«PPort10reminder»=C:Program FilesScanSoftPaperPortEREGEreg.exe [2005-06-03 729088]
«BluetoothAuthenticationAgent»=bthprops.cpl,,BluetoothAuthenticationAgent []
«Gainward»=C:Program FilesVDOToolTBPanel.exe [2007-04-23 2165536]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2006-09-26 35328]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-01-30 16116224]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2009-05-01 86016]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2009-05-01 13750272]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2009-03-19 2029640]
«UVS11 Preload»=C:Program FilesUlead SystemsUlead VideoStudio 11uvPL.exe [2007-03-03 341488]
«VKSaverUpdater»=C:Program FilesVKSaverVKSaverUpdater.exe [2010-03-06 56832]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2004-11-13 205824]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-06-22 30208]
«Download Master»=C:Program FilesDownload Masterdmaster.exe [2009-05-06 3777536]
«Tutor.exe»=C:Program FilesABBYY Lingvo 12Tutor.exe /AS [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:WINDOWSsystem32vksaver.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSMMyPictures»=1
«NoSMConfigurePrograms»=1
«NoSMHelp»=1
«NoStartMenuPinnedList»=1
«ForceClassicControlPanel»=1
«NoResolveTrack»=1
«NoResolveSearch»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesThe Sims 3GameBinTS3.exe»=»C:Program FilesThe Sims 3GameBinTS3.exe:*:Disabled:Sims3»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesICQ7.1ICQ.exe»=»C:Program FilesICQ7.1ICQ.exe:*:Enabled:ICQ7.1»
«C:Program FilesICQ7.1aolload.exe»=»C:Program FilesICQ7.1aolload.exe:*:Enabled:aolload.exe»======File associations======
.bat — edit — C:Program FilesSyCraft GroupGuardTotal CommanderContentSoftBredBred3_2k.exe «%1»
.cmd — edit — C:Program FilesSyCraft GroupGuardTotal CommanderContentSoftBredBred3_2k.exe «%1»
.inf — open — C:Program FilesSyCraft GroupGuardTotal CommanderContentSoftBredBred3_2k.exe «%1»
.ini — open — notepad.exe %1
.txt — open — notepad.exe %1======List of files/folders created in the last 1 months======
2010-07-29 14:53:25 —-D—- C:_OTM
2010-07-29 12:51:48 —-A—- C:WINDOWSsystem32Lvmt7xp.exe
2010-07-29 12:10:18 —-A—- C:WINDOWSsystem32sFymL9N.exe
2010-07-28 13:18:13 —-A—- C:WINDOWSsystem32vNxSmPB.exe
2010-07-27 16:46:56 —-D—- C:Program Filestrend micro
2010-07-27 16:46:53 —-D—- C:rsit
2010-06-30 18:30:10 —-D—- C:Program FilesТаня Гроттер и Магический контрабас
2010-06-30 17:36:48 —-HD—- C:WINDOWSPIF======List of files/folders modified in the last 1 months======
2010-07-29 15:11:04 —-D—- C:WINDOWSTemp
2010-07-29 15:07:44 —-A—- C:WINDOWSDFC.INI
2010-07-29 15:06:48 —-D—- C:WINDOWSsystem32drivers
2010-07-29 14:59:04 —-D—- C:WINDOWSsystem32
2010-07-29 14:59:04 —-D—- C:WINDOWS
2010-07-29 14:53:26 —-SD—- C:WINDOWSTasks
2010-07-29 14:49:56 —-D—- C:WINDOWSPrefetch
2010-07-29 14:29:00 —-A—- C:Program FilesCommon Fileskeylog.txt
2010-07-29 14:20:10 —-D—- C:ProFile’sIT-MasterApplication DataICQ
2010-07-28 22:23:58 —-A—- C:WINDOWSSchedLgU.Txt
2010-07-28 12:20:18 —-A—- C:WINDOWSNeroDigital.ini
2010-07-28 12:01:19 —-SHD—- C:System Volume Information
2010-07-28 12:01:19 —-D—- C:WINDOWSsystem32Restore
2010-07-27 16:46:56 —-D—- C:Program Files
2010-07-13 20:00:35 —-A—- C:WINDOWSsystem32MPLAYERC.INI
2010-07-12 22:05:10 —-D—- C:WINDOWSsystem32CatRoot2
2010-07-03 21:46:31 —-SHD—- C:WINDOWSInstaller
2010-07-03 21:46:28 —-D—- C:Program FilesOpera======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-03-19 107256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-03-19 93848]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R1 Tcpip6;Драйвер протокола IPv6 (Microsoft); C:WINDOWSsystem32DRIVERStcpip6.sys [2008-04-14 225664]
R2 atksgt;atksgt; C:WINDOWSsystem32DRIVERSatksgt.sys [2007-11-22 278728]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-03-19 113960]
R2 lirsgt;lirsgt; C:WINDOWSsystem32DRIVERSlirsgt.sys [2007-11-22 25416]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2006-06-19 12672]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-10-20 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-10-20 55936]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-06-05 62336]
R2 TBPanel;TBPanel; C:WINDOWSsystem32driversTBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERSHSF_DPV.sys [2006-11-08 989696]
R3 HSFHWBS2;HSFHWBS2; C:WINDOWSsystem32DRIVERSHSFHWBS2.sys [2006-11-08 257408]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-01-30 4474368]
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-04-30 8055584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-02-06 90880]
R3 tunmp;Драйвер адаптера минипорта Microsoft Tun; C:WINDOWSsystem32DRIVERStunmp.sys [2008-06-22 12288]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-06-22 32384]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-06-22 30336]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-06-22 59520]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-06-22 25856]
R3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-06-22 15104]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-06-22 20608]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSF_CNXT.sys [2006-11-08 730112]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
S2 nvcap;nVidia WDM Video Capture (universal); C:WINDOWSsystem32DRIVERSnvcap.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar; C:WINDOWSsystem32DRIVERSNVxbar.sys []
S3 BTCOMM;BTCOMM; C:WINDOWSsystem32driversBtcomm.sys []
S3 BthEnum;Драйвер блока запроса Bluetooth; C:WINDOWSsystem32DRIVERSBthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Драйвер связи для модема Bluetooth; C:WINDOWSsystem32DRIVERSbthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2008-04-14 101120]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2008-06-22 272512]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2008-04-14 18944]
S3 BTKRNBDG;Bluetooth COM Bridge; C:WINDOWSsystem32DRIVERSbtkrnbdg.sys []
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-06-22 17024]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys []
S3 FLASHSYS;FLASHSYS; ??D:utilitymsiDualCoreCenterFLASHSYS.sys []
S3 GMSIPCI;GMSIPCI; ??D:INSTALLGMSIPCI.SYS []
S3 HidBth;Минипорт Bluetooth HID Microsoft; C:WINDOWSsystem32DRIVERShidbth.sys [2008-04-14 25728]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:WINDOWSsystem32DRIVERSk750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSk750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:WINDOWSsystem32DRIVERSk750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:WINDOWSsystem32DRIVERSk750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:WINDOWSsystem32DRIVERSk750obex.sys []
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-06-22 12160]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-06-22 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-06-22 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-06-22 10880]
S3 nm;Драйвер сетевого монитора; C:WINDOWSsystem32DRIVERSNMnt.sys [2008-04-14 40320]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2008-04-14 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-06-22 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:WINDOWSsystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:WINDOWSsystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-06-22 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:WINDOWSsystem32DRIVERSSymIM.sys []
S3 SymIMMP;SymIMMP; C:WINDOWSsystem32DRIVERSSymIM.sys []
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 vad_multi;Windigo Virtual Audio Device (WDM); C:WINDOWSsystem32driversvadmulti.sys []
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2007-06-18 38528]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-06-22 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-20 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Служба поддержки IPv6; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 Capture Device Service;Capture Device Service; C:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe [2007-03-06 198168]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-03-19 731840]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2010-01-03 246520]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2009-05-01 168004]
R2 O&O Defrag;O&O Defrag; C:WINDOWSsystem32oodag.exe [2005-05-11 225280]
R2 UleadBurningHelper;Ulead Burning Helper; C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe [2007-03-03 67056]
R2 UPHClean;User Profile Hive Cleanup; C:WINDOWSsystem32uphclean.exe [2006-01-16 241725]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:WINDOWSsystem32sfrem01.exe [2006-07-05 358008]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-03-19 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-05-21 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
