[tokiosold]

При загрузке компьютера сразу оперативная память загружена от 700-1500 м.б
Иогда нод32 находит снова вирусы и трояны например вот сегодня :

C:Program FilesSateiraSCDBDataBurner.exe
Угроза:
вероятно модифицированный Win32/Hupigon троянская программа
Информация:
очищен удалением — изолирован

Вот свежий лог .

ComboFix 09-01-13.04 — Алексей 2009-01-19 19:30:01.2 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1251.1.1049.18.2046.1224 [GMT 3:00]
Running from: c:usersАлексейDesktopComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-13 09:07 . 2009-01-14 09:34 8,224 —a

---

c:windowsSystem32GDIPFONTCACHEV1.DAT
2009-01-13 09:04 . 2009-01-13 09:04 d

---

C:_OTMoveIt
2009-01-11 18:43 . 2009-01-11 18:44 d

---

C:rsit
2009-01-11 18:43 . 2009-01-14 09:37 d

---

c:program filestrend micro
2009-01-11 13:47 . 2009-01-11 13:47 d

---

c:program filesESET
2009-01-10 23:31 . 2009-01-10 23:31 d

---

c:usersАлексейDoctorWeb
2009-01-10 23:31 . 2009-01-10 23:31 d

---

c:usersАлексейDoctorWeb
2009-01-10 19:57 . 2009-01-10 19:57 d

---

c:usersAll UsersESET
2009-01-10 19:57 . 2009-01-10 19:57 d

---

c:programdataESET
2009-01-09 18:18 . 2009-01-10 19:52 d

---

c:usersAll UsersKaspersky Lab
2009-01-09 18:18 . 2009-01-10 19:52 d

---

c:programdataKaspersky Lab
2009-01-09 18:18 . 2009-01-09 18:18 d

---

c:program filesKaspersky Lab
2009-01-09 13:21 . 2009-01-09 18:16 d

---

c:program filesDrWeb for Windows
2009-01-06 11:32 . 2009-01-06 11:32 164 —a-s—- C:277014495065.kwm
2009-01-06 11:29 . 2009-01-06 14:08 d

---

c:usersАлексейAppDataRoamingWebMoney
2009-01-06 11:26 . 2009-01-09 14:08 d

---

c:program filesWebMoney
2009-01-02 19:51 . 2008-12-25 16:26 505,856 —a

---

c:windowsSystem32jucrosy.dll
2008-12-30 19:33 . 2008-12-30 19:33 107,888 —a

---

c:windowsSystem32CmdLineExt.dll
2008-12-30 19:31 . 2008-12-30 19:34 3,538 —a

---

c:windowsSystem32ealregsnapshot1.reg
2008-12-30 15:42 . 2008-12-30 15:42 d

---

c:usersАлексейAppDataRoamingCoreCodec
2008-12-30 15:41 . 2008-12-30 15:41 d

---

c:program filesCoreCodec
2008-12-30 15:29 . 2008-12-30 15:32 d

---

c:usersАлексейAppDataRoamingBSplayer PRO
2008-12-30 15:29 . 2008-12-30 15:32 d

---

c:program filesWebteh
2008-12-30 15:28 . 2008-12-30 15:28 d

---

c:usersАлексейAppDataRoamingVso
2008-12-30 15:28 . 2008-12-30 15:28 47,360 —a

---

c:usersАлексейAppDataRoamingpcouffin.sys
2008-12-30 11:59 . 2008-12-30 11:59 d

---

c:program filesAlcohol Soft
2008-12-29 13:47 . 2008-12-30 19:49 d

---

c:usersАлексейAppDataRoaminguTorrent
2008-12-27 15:42 . 2008-12-27 15:42 d

---

c:usersAll UsersForge of Games
2008-12-27 15:42 . 2008-12-27 15:42 d

---

c:programdataForge of Games
2008-12-24 09:51 . 2009-01-09 13:06 d

---

c:program filesOpenVPN
2008-12-24 09:12 . 2008-12-24 09:13 79 —a

---

c:windowswincmd.ini
2008-12-24 09:12 . 2008-12-24 09:13 11 —a

---

c:windowswcx_ftp.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 16:31 2,097,152 —sha-w c:usersАлексейntuser.dat
2009-01-19 16:31 2,097,152 —sha-w c:usersАлексейntuser.dat
2009-01-18 15:34 27,525 —-a-w c:usersАлексейAppDataRoamingnvModes.dat
2009-01-14 08:34

---

d

---

w c:program filesWinamp
2009-01-11 15:54

---

d—h—w c:program filesInstallShield Installation Information
2009-01-11 11:29

---

d

---

w c:programdataCyberLink
2009-01-10 17:08

---

d

---

w c:program filesAce Utilities
2009-01-10 15:42

---

d

---

w c:program filesICQToolbar
2009-01-09 11:16

---

d

---

w c:program filesMail.Ru
2009-01-09 09:59

---

d

---

w c:program filesCommon FilesSymantec Shared
2009-01-09 09:54

---

d

---

w c:programdataSymantec
2009-01-09 09:48

---

d

---

w c:program filesAcer GameZone
2009-01-06 11:10

---

d—a-w c:programdataTEMP
2009-01-06 11:08

---

d

---

w c:usersАлексейAppDataRoamingWebMoney
2009-01-03 16:50 53,312 —-a-w c:windowssystem32driverspssdklbf.sys
2009-01-03 16:50 36,928 —-a-w c:windowssystem32driverspssdk40.sys
2009-01-02 16:38

---

d-s—w c:usersАлексейAppDataRoamingMicrosoft
2008-12-30 16:49

---

d

---

w c:usersАлексейAppDataRoaminguTorrent
2008-12-30 12:42

---

d

---

w c:usersАлексейAppDataRoamingCoreCodec
2008-12-30 12:32

---

d

---

w c:usersАлексейAppDataRoamingBSplayer PRO
2008-12-30 12:28 47,360 —-a-w c:usersАлексейAppDataRoamingpcouffin.sys
2008-12-30 12:28

---

d

---

w c:usersАлексейAppDataRoamingVso
2008-12-21 12:11

---

d

---

w c:usersАлексейAppDataRoamingMra
2008-12-18 19:29

---

d

---

w c:program filesNIUtilites
2008-12-17 08:02

---

d

---

w c:program filesTotal Commander
2008-12-14 11:44

---

d

---

w c:program filesLaunch Manager
2008-12-09 20:26

---

d

---

w c:program filesCommon FilesAdobe
2008-12-09 20:25

---

d

---

w c:usersАлексейAppDataRoamingABBYY
2008-12-09 20:25

---

d

---

w c:program filesABBYY FineReader 8.0 Professional Edition
2008-12-09 15:56

---

d

---

w c:programdataMicrosoft Help
2008-12-09 15:56

---

d

---

w c:program filesMicrosoft Works
2008-12-02 08:51

---

d

---

w c:program filesCommon FilesINCA Shared
2008-11-26 06:00

---

d

---

w c:program filesICQ6
2008-01-27 08:39 174 —sha-w c:program filesdesktop.ini
.

((((((((((((((((((((((((((((( snapshot@2009-01-14_17.34.26,09 )))))))))))))))))))))))))))))))))))))))))
.
— 2009-01-14 06:34:15 2,048 —sha-w c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2009-01-18 15:31:35 2,048 —sha-w c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
— 2009-01-14 06:34:15 2,048 —sha-w c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
+ 2009-01-18 15:31:35 2,048 —sha-w c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
— 2009-01-14 06:35:50 262,144 —sha-w c:windowsServiceProfilesLocalServiceNTUSER.DAT
+ 2009-01-18 15:33:04 262,144 —sha-w c:windowsServiceProfilesLocalServiceNTUSER.DAT
+ 2009-01-18 15:33:04 262,144 —ha-w c:windowsServiceProfilesLocalServicentuser.dat.LOG1
— 2009-01-14 14:33:36 262,144 —sha-w c:windowsServiceProfilesNetworkServiceNTUSER.DAT
+ 2009-01-19 16:31:53 262,144 —sha-w c:windowsServiceProfilesNetworkServiceNTUSER.DAT
+ 2009-01-19 16:31:53 262,144 —ha-w c:windowsServiceProfilesNetworkServicentuser.dat.LOG1
— 2009-01-13 06:32:02 293,280 —-a-w c:windowsSystem32FNTCACHE.DAT
+ 2009-01-15 06:21:42 293,280 —-a-w c:windowsSystem32FNTCACHE.DAT
— 2009-01-14 06:38:01 111,608 —-a-w c:windowsSystem32perfc009.dat
+ 2009-01-18 15:37:20 111,608 —-a-w c:windowsSystem32perfc009.dat
— 2009-01-14 06:38:01 92,728 —-a-w c:windowsSystem32perfc019.dat
+ 2009-01-18 15:37:20 92,728 —-a-w c:windowsSystem32perfc019.dat
— 2009-01-14 06:38:01 627,972 —-a-w c:windowsSystem32perfh009.dat
+ 2009-01-18 15:37:20 627,972 —-a-w c:windowsSystem32perfh009.dat
— 2009-01-14 06:38:01 544,770 —-a-w c:windowsSystem32perfh019.dat
+ 2009-01-18 15:37:20 544,770 —-a-w c:windowsSystem32perfh019.dat
— 2009-01-14 06:36:01 12,698 —-a-w c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-145377016-3653138643-2277499019-1000_UserData.bin
+ 2009-01-18 15:33:21 12,794 —-a-w c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-145377016-3653138643-2277499019-1000_UserData.bin
— 2009-01-14 06:36:01 86,574 —-a-w c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
+ 2009-01-18 15:33:21 87,072 —-a-w c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
— 2009-01-14 06:36:00 51,526 —-a-w c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-18 15:33:20 51,558 —-a-w c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
— 2008-12-31 21:26:56 253,498 —-a-w c:windowsSystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-01-18 12:46:50 259,252 —-a-w c:windowsSystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Acer Tour Reminder»=»» [BU]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvSvc»=»c:windowssystem32nvsvc.dll» [2007-06-06 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-06-06 8433664]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-06-06 81920]
«PLFSet»=»c:windowsPLFSet.dll» [2007-04-24 45056]
«LManager»=»c:progra~1LAUNCH~1LManager.exe» [2007-06-27 752136]
«PlayMovie»=»c:program filesAcer Arcade DeluxePlay MoviePMVService.exe» [2007-05-24 206952]
«Apoint»=»c:program filesApoint2KApoint.exe» [2007-06-06 159744]
«Acer Tour Reminder»=»c:acerAcerTourReminder.exe» [2007-05-22 151552]
«WarReg_PopUp»=»c:acerWR_PopUpWarReg_PopUp.exe» [2006-11-05 57344]
«AGEIA PhysX SysTray»=»c:program filesAGEIA TechnologiesTrayIcon.exe» [2006-08-16 339968]
«MAgent»=»c:program filesMail.RuAgentmagent.exe» [2008-12-30 5598392]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-05-18 c:windowsRtHDVCpl.exe]

c:usersЂ«ҐЄбҐ©AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Total Commander.lnk — c:program filesTotal CommanderTotalcmd.exe [2007-01-25 1058000]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2007-04-24 723760]
Empowering Technology Launcher.lnk — c:acerEmpowering TechnologyeAPLauncher.exe [2007-07-25 535336]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{0AB6AA10-2899-4AAE-B95A-00BF0AD7E07F}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{0051D2E8-75A1-4F10-9B6B-43D246E6EF2C}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{BEA29ADC-339D-41BC-8549-AAB4CF82F88A}»= c:program filesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:Acer Arcade Deluxe
«{04FBB8F3-F47F-4DD3-BAC9-529D73412977}»= c:program filesAcer Arcade DeluxeVideoMagicianVideoMagician.exe:VideoMagician
«{422054AD-F895-470C-861E-079C1682AEC0}»= c:program filesAcer Arcade DeluxeHomeMediaHomeMedia.exe:HomeMedia
«{5265B909-B8C0-4D57-ADE1-43D0C4AFAA14}»= c:program filesAcer Arcade DeluxeDV WizardDV Wizard.exe:DV Wizard
«{EEA226EE-3C66-43EC-A3DB-208715D7F07E}»= c:program filesAcer Arcade DeluxeDVDivineDVDivine.exe:DVDivine
«{C47D6D9C-2E20-4271-B18A-6B4E599ABA77}»= c:program filesAcer Arcade DeluxePlay MoviePlayMovie.exe:Play Movie
«{4ABB90FD-DAE5-4D7A-A7D0-F03FF6BF04B3}»= c:program filesAcer Arcade DeluxePlay MoviePMVService.exe:Play Movie Resident Program
«TCP Query User{9500DA2D-38C5-406A-A886-AC59C5AB5618}c:\program files\total commander\totalcmd.exe»= UDP:c:program filestotal commandertotalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
«UDP Query User{63802B17-310D-410F-AAA7-257A8D0E0E55}c:\program files\total commander\totalcmd.exe»= TCP:c:program filestotal commandertotalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
«TCP Query User{75F2AC23-EB36-44C5-AFA7-7D1997F4304A}d:\games\scell4\scda-offline\system\splintercell4.exe»= UDP:d:gamesscell4scda-offlinesystemsplintercell4.exe:SplinterCell4
«UDP Query User{3FA0F056-B72A-4D29-9CBB-C047A4D379E8}d:\games\scell4\scda-offline\system\splintercell4.exe»= TCP:d:gamesscell4scda-offlinesystemsplintercell4.exe:SplinterCell4
«TCP Query User{0AA19723-A5BE-4E7F-BF3C-434344C68D44}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{0CEC5A32-CC2F-4DB1-84BC-63EDF9A9AFF2}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{ADB420CC-5DA6-4AE0-AE22-6612CBBD21A7}c:\games\cs mz\hl.exe»= UDP:c:gamescs mzhl.exe:Half-Life Launcher
«UDP Query User{74B7A204-12B3-44C9-B787-0F156DA4C19D}c:\games\cs mz\hl.exe»= TCP:c:gamescs mzhl.exe:Half-Life Launcher
«{F2B9F686-93F3-4DAC-87D4-E7FB5941700E}»= UDP:c:gamesLa 2 mzsysteml2.exe:l2.exe
«{9F6670DC-7903-43A7-8D97-A65111DB19AB}»= TCP:c:gamesLa 2 mzsysteml2.exe:l2.exe

[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicyRestrictedServicesStaticSystem]
«DFSR-1″= RPort=5722|UDP:%SystemRoot%system32svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
«EnableFirewall»= 0 (0x0)
«DisabledInterfaces»= {9E591596-01B8-40C9-AD8D-83BC39F8C7D8}

R1 epfwtdir;epfwtdir;c:windowsSystem32driversepfwtdir.sys [2008-07-01 34312]
R3 enecir;ENE CIR Receiver;c:windowsSystem32driversenecir.sys [2007-07-25 32256]
R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:program filesAcer Arcade DeluxePlay Movie000.fcl [2007-08-30 09:31:37 13560]
R4 ALaunchService;ALaunch Service;c:acerALaunchALaunchSvc.exe [2007-07-25 50688]
R4 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
S3 PsSdk40;PsSdk40;c:windowsSystem32driverspssdk40.sys [2008-11-02 36928]
S3 PsSdkLBF;PsSdkLBF;c:windowsSystem32driverspssdklbf.sys [2008-11-02 53312]
S3 tap0901;TAP-Win32 Adapter V9;c:windowsSystem32driverstap0901.sys [2008-08-01 25216]

— Other Services/Drivers In Memory —

*NewlyCreated* — NPKCRYPT
*Deregistered* — KernelPort
*Deregistered* — sptd

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
.
.

---

Supplementary Scan

---

.
uStart Page = http://www.mail.ru
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://ru.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Отправить изображение на &устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: Отправить страницу на &устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 19:32:01
Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘Explorer.exe'(5544)
c:windowssystem32btmmhook.dll
.
Completion time: 2009-01-19 19:33:40
ComboFix-quarantined-files.txt 2009-01-19 16:33:37
ComboFix2.txt 2009-01-14 14:35:40

Pre-Run: 25 075 675 136 байт свободно
Post-Run: 25,057,009,664 байт свободно

220 — E O F — 2008-10-19 12:24:03

[tokiosold]

Нет проблема не исчезла. Эх. 😕

[tokiosold]

ComboFix 09-01-13.04 — Алексей 2009-01-14 17:31:34.1 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1251.1.1049.18.2046.1432 [GMT 3:00]
Running from: c:usersАлексейDesktopComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:acerEmpowering TechnologyeRecoveryAutorunSW1TVtunerLiteonResources_desktop.ini
c:drvTVtunerLiteonResources_desktop.ini
c:usersАлексейAppDataRoaminginst.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-13 09:07 . 2009-01-14 09:34 8,224 —a

---

c:windowsSystem32GDIPFONTCACHEV1.DAT
2009-01-13 09:04 . 2009-01-13 09:04 d

---

C:_OTMoveIt
2009-01-11 18:43 . 2009-01-11 18:44 d

---

C:rsit
2009-01-11 18:43 . 2009-01-14 09:37 d

---

c:program filestrend micro
2009-01-11 13:47 . 2009-01-11 13:47 d

---

c:program filesESET
2009-01-10 23:31 . 2009-01-10 23:31 d

---

c:usersАлексейDoctorWeb
2009-01-10 23:31 . 2009-01-10 23:31 d

---

c:usersАлексейDoctorWeb
2009-01-10 19:57 . 2009-01-10 19:57 d

---

c:usersAll UsersESET
2009-01-10 19:57 . 2009-01-10 19:57 d

---

c:programdataESET
2009-01-09 18:18 . 2009-01-10 19:52 d

---

c:usersAll UsersKaspersky Lab
2009-01-09 18:18 . 2009-01-10 19:52 d

---

c:programdataKaspersky Lab
2009-01-09 18:18 . 2009-01-09 18:18 d

---

c:program filesKaspersky Lab
2009-01-09 13:21 . 2009-01-09 18:16 d

---

c:program filesDrWeb for Windows
2009-01-06 11:32 . 2009-01-06 11:32 164 —a-s—- C:277014495065.kwm
2009-01-06 11:29 . 2009-01-06 14:08 d

---

c:usersАлексейAppDataRoamingWebMoney
2009-01-06 11:26 . 2009-01-09 14:08 d

---

c:program filesWebMoney
2009-01-02 19:51 . 2008-12-25 16:26 505,856 —a

---

c:windowsSystem32jucrosy.dll
2008-12-30 19:33 . 2008-12-30 19:33 107,888 —a

---

c:windowsSystem32CmdLineExt.dll
2008-12-30 19:31 . 2008-12-30 19:34 3,538 —a

---

c:windowsSystem32ealregsnapshot1.reg
2008-12-30 15:42 . 2008-12-30 15:42 d

---

c:usersАлексейAppDataRoamingCoreCodec
2008-12-30 15:41 . 2008-12-30 15:41 d

---

c:program filesCoreCodec
2008-12-30 15:29 . 2008-12-30 15:32 d

---

c:usersАлексейAppDataRoamingBSplayer PRO
2008-12-30 15:29 . 2008-12-30 15:32 d

---

c:program filesWebteh
2008-12-30 15:28 . 2008-12-30 15:28 d

---

c:usersАлексейAppDataRoamingVso
2008-12-30 15:28 . 2008-12-30 15:28 47,360 —a

---

c:usersАлексейAppDataRoamingpcouffin.sys
2008-12-30 11:59 . 2008-12-30 11:59 d

---

c:program filesAlcohol Soft
2008-12-29 13:47 . 2008-12-30 19:49 d

---

c:usersАлексейAppDataRoaminguTorrent
2008-12-27 15:42 . 2008-12-27 15:42 d

---

c:usersAll UsersForge of Games
2008-12-27 15:42 . 2008-12-27 15:42 d

---

c:programdataForge of Games
2008-12-24 09:51 . 2009-01-09 13:06 d

---

c:program filesOpenVPN
2008-12-24 09:12 . 2008-12-24 09:13 79 —a

---

c:windowswincmd.ini
2008-12-24 09:12 . 2008-12-24 09:13 11 —a

---

c:windowswcx_ftp.ini
2008-12-18 22:32 . 2008-12-21 15:11 d

---

c:usersАлексейAppDataRoamingMra
2008-12-18 22:31 . 2009-01-09 14:16 d

---

c:program filesMail.Ru
2008-12-18 22:29 . 2008-12-18 22:29 d

---

c:program filesNIUtilites

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 14:32 2,097,152 —sha-w c:usersАлексейntuser.dat
2009-01-14 14:32 2,097,152 —sha-w c:usersАлексейntuser.dat
2009-01-14 08:34

---

d

---

w c:program filesWinamp
2009-01-14 06:34 27,525 —-a-w c:usersАлексейAppDataRoamingnvModes.dat
2009-01-11 15:54

---

d—h—w c:program filesInstallShield Installation Information
2009-01-11 11:29

---

d

---

w c:programdataCyberLink
2009-01-10 17:08

---

d

---

w c:program filesAce Utilities
2009-01-10 15:42

---

d

---

w c:program filesICQToolbar
2009-01-09 09:59

---

d

---

w c:program filesCommon FilesSymantec Shared
2009-01-09 09:54

---

d

---

w c:programdataSymantec
2009-01-09 09:48

---

d

---

w c:program filesAcer GameZone
2009-01-06 11:10

---

d—a-w c:programdataTEMP
2009-01-06 11:08

---

d

---

w c:usersАлексейAppDataRoamingWebMoney
2009-01-03 16:50 53,312 —-a-w c:windowssystem32driverspssdklbf.sys
2009-01-03 16:50 36,928 —-a-w c:windowssystem32driverspssdk40.sys
2009-01-02 16:38

---

d-s—w c:usersАлексейAppDataRoamingMicrosoft
2008-12-30 16:49

---

d

---

w c:usersАлексейAppDataRoaminguTorrent
2008-12-30 12:42

---

d

---

w c:usersАлексейAppDataRoamingCoreCodec
2008-12-30 12:32

---

d

---

w c:usersАлексейAppDataRoamingBSplayer PRO
2008-12-30 12:28 47,360 —-a-w c:usersАлексейAppDataRoamingpcouffin.sys
2008-12-30 12:28

---

d

---

w c:usersАлексейAppDataRoamingVso
2008-12-21 12:11

---

d

---

w c:usersАлексейAppDataRoamingMra
2008-12-17 08:02

---

d

---

w c:program filesTotal Commander
2008-12-14 11:44

---

d

---

w c:program filesLaunch Manager
2008-12-09 20:26

---

d

---

w c:program filesCommon FilesAdobe
2008-12-09 20:25

---

d

---

w c:usersАлексейAppDataRoamingABBYY
2008-12-09 20:25

---

d

---

w c:program filesABBYY FineReader 8.0 Professional Edition
2008-12-09 15:56

---

d

---

w c:programdataMicrosoft Help
2008-12-09 15:56

---

d

---

w c:program filesMicrosoft Works
2008-12-02 08:51

---

d

---

w c:program filesCommon FilesINCA Shared
2008-11-26 06:00

---

d

---

w c:program filesICQ6
2008-01-27 08:39 174 —sha-w c:program filesdesktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvSvc»=»c:windowssystem32nvsvc.dll» [2007-06-06 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-06-06 8433664]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-06-06 81920]
«PLFSet»=»c:windowsPLFSet.dll» [2007-04-24 45056]
«LManager»=»c:progra~1LAUNCH~1LManager.exe» [2007-06-27 752136]
«PlayMovie»=»c:program filesAcer Arcade DeluxePlay MoviePMVService.exe» [2007-05-24 206952]
«Apoint»=»c:program filesApoint2KApoint.exe» [2007-06-06 159744]
«Acer Tour Reminder»=»c:acerAcerTourReminder.exe» [2007-05-22 151552]
«WarReg_PopUp»=»c:acerWR_PopUpWarReg_PopUp.exe» [2006-11-05 57344]
«AGEIA PhysX SysTray»=»c:program filesAGEIA TechnologiesTrayIcon.exe» [2006-08-16 339968]
«MAgent»=»c:program filesMail.RuAgentmagent.exe» [2008-12-30 5598392]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-05-18 c:windowsRtHDVCpl.exe]

c:usersЂ«ҐЄбҐ©AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Total Commander.lnk — c:program filesTotal CommanderTotalcmd.exe [2007-01-25 1058000]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2007-04-24 723760]
Empowering Technology Launcher.lnk — c:acerEmpowering TechnologyeAPLauncher.exe [2007-07-25 535336]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableLUA»= 0 (0x0)

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{0AB6AA10-2899-4AAE-B95A-00BF0AD7E07F}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{0051D2E8-75A1-4F10-9B6B-43D246E6EF2C}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{BEA29ADC-339D-41BC-8549-AAB4CF82F88A}»= c:program filesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:Acer Arcade Deluxe
«{04FBB8F3-F47F-4DD3-BAC9-529D73412977}»= c:program filesAcer Arcade DeluxeVideoMagicianVideoMagician.exe:VideoMagician
«{422054AD-F895-470C-861E-079C1682AEC0}»= c:program filesAcer Arcade DeluxeHomeMediaHomeMedia.exe:HomeMedia
«{5265B909-B8C0-4D57-ADE1-43D0C4AFAA14}»= c:program filesAcer Arcade DeluxeDV WizardDV Wizard.exe:DV Wizard
«{EEA226EE-3C66-43EC-A3DB-208715D7F07E}»= c:program filesAcer Arcade DeluxeDVDivineDVDivine.exe:DVDivine
«{C47D6D9C-2E20-4271-B18A-6B4E599ABA77}»= c:program filesAcer Arcade DeluxePlay MoviePlayMovie.exe:Play Movie
«{4ABB90FD-DAE5-4D7A-A7D0-F03FF6BF04B3}»= c:program filesAcer Arcade DeluxePlay MoviePMVService.exe:Play Movie Resident Program
«TCP Query User{9500DA2D-38C5-406A-A886-AC59C5AB5618}c:\program files\total commander\totalcmd.exe»= UDP:c:program filestotal commandertotalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
«UDP Query User{63802B17-310D-410F-AAA7-257A8D0E0E55}c:\program files\total commander\totalcmd.exe»= TCP:c:program filestotal commandertotalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
«TCP Query User{75F2AC23-EB36-44C5-AFA7-7D1997F4304A}d:\games\scell4\scda-offline\system\splintercell4.exe»= UDP:d:gamesscell4scda-offlinesystemsplintercell4.exe:SplinterCell4
«UDP Query User{3FA0F056-B72A-4D29-9CBB-C047A4D379E8}d:\games\scell4\scda-offline\system\splintercell4.exe»= TCP:d:gamesscell4scda-offlinesystemsplintercell4.exe:SplinterCell4
«TCP Query User{0AA19723-A5BE-4E7F-BF3C-434344C68D44}c:\program files\icq6\icq.exe»= UDP:c:program filesicq6icq.exe:ICQ Library
«UDP Query User{0CEC5A32-CC2F-4DB1-84BC-63EDF9A9AFF2}c:\program files\icq6\icq.exe»= TCP:c:program filesicq6icq.exe:ICQ Library
«TCP Query User{ADB420CC-5DA6-4AE0-AE22-6612CBBD21A7}c:\games\cs mz\hl.exe»= UDP:c:gamescs mzhl.exe:Half-Life Launcher
«UDP Query User{74B7A204-12B3-44C9-B787-0F156DA4C19D}c:\games\cs mz\hl.exe»= TCP:c:gamescs mzhl.exe:Half-Life Launcher

[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicyRestrictedServicesStaticSystem]
«DFSR-1″= RPort=5722|UDP:%SystemRoot%system32svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
«DisabledInterfaces»= {9E591596-01B8-40C9-AD8D-83BC39F8C7D8}

R1 epfwtdir;epfwtdir;c:windowsSystem32driversepfwtdir.sys [2008-07-01 34312]
R3 enecir;ENE CIR Receiver;c:windowsSystem32driversenecir.sys [2007-07-25 32256]
R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:program filesAcer Arcade DeluxePlay Movie000.fcl [2007-08-30 09:31:37 13560]
R4 ALaunchService;ALaunch Service;c:acerALaunchALaunchSvc.exe [2007-07-25 50688]
R4 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
S3 PsSdk40;PsSdk40;c:windowsSystem32driverspssdk40.sys [2008-11-02 36928]
S3 PsSdkLBF;PsSdkLBF;c:windowsSystem32driverspssdklbf.sys [2008-11-02 53312]
S3 tap0901;TAP-Win32 Adapter V9;c:windowsSystem32driverstap0901.sys [2008-08-01 25216]

— Other Services/Drivers In Memory —

*Deregistered* — KernelPort
*Deregistered* — sptd

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-Acer Tour Reminder — (no file)
HKLM-Run-ALaunch — c:acerALaunchAlaunchClient.exe
HKLM-Run-SetPanel — c:acerAPanelAPanel.cmd
HKLM-Run-ICSDCLT — c:windowsrundll32.exe

.

---

Supplementary Scan

---

.
uStart Page = http://www.mail.ru
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://ru.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Отправить изображение на &устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: Отправить страницу на &устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 17:33:52
Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-14 17:35:39
ComboFix-quarantined-files.txt 2009-01-14 14:35:37

Pre-Run: 36 064 231 424 байт свободно
Post-Run: 35,997,401,088 байт свободно

191 — E O F — 2008-10-19 12:24:03

[tokiosold]

Все выполнил.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\Acer Tour deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\eRecoveryService deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\ati2sgav deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Acer Tour Reminder deleted successfully.
========== FILES ==========
File/Folder C:Windowssystem32kongxsg.exe not found.
File/Folder c:kongxsg.exe not found.
File/Folder C:Windowssystem32ati2sgav.exe not found.
========== COMMANDS ==========
File delete failed. C:Users7C4~1AppDataLocalTempRtkBtMnt.exe scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 01142009_093244

Files moved on Reboot…
C:Users7C4~1AppDataLocalTempRtkBtMnt.exe moved successfully.

Logfile of random’s system information tool 1.05 (written by random/random)
Run by Алексей at 2009-01-14 09:36:58
Microsoft® Windows Vista™ Home Premium
System drive C: has 35 GB (48%) free of 71 GB
Total RAM: 2046 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:29, on 14.01.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:WindowsSystem32rundll32.exe
C:Program FilesLaunch ManagerLManager.exe
C:WindowsSystem32rundll32.exe
C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe
C:Program FilesApoint2KApoint.exe
C:Program FilesAGEIA TechnologiesTrayIcon.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesApoint2KApMsgFwd.exe
C:Program FilesApoint2KApntex.exe
C:Users7C4~1AppDataLocalTempRtkBtMnt.exe
C:WindowsSystem32mobsync.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:AcerEmpowering TechnologyeRecoveryERAGENT.EXE
C:Program FilesOperaOpera.exe
C:UsersАлексейDesktopKAVRSIT.exe
C:Program Filestrend microАлексей.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ru.intl.acer.yahoo.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ru.intl.acer.yahoo.com
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — (no file)
R3 — URLSearchHook: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll
O1 — Hosts: ::1 localhost
O2 — BHO: XTTBPos00 — {055FD26D-3A88-4e15-963D-DC8493744B1D} — C:PROGRA~1ICQTOO~1toolbaru.dll
O3 — Toolbar: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [ALaunch] C:AcerALaunchAlaunchClient.exe
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [PLFSet] rundll32.exe C:WindowsPLFSet.dll,PLFDefSetting
O4 — HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 — HKLM..Run: [PlayMovie] «C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe»
O4 — HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 — HKLM..Run: [Acer Tour Reminder] C:AcerAcerTourReminder.exe
O4 — HKLM..Run: [WarReg_PopUp] C:AcerWR_PopUpWarReg_PopUp.exe
O4 — HKLM..Run: [SetPanel] C:AcerAPanelAPanel.cmd
O4 — HKLM..Run: [AGEIA PhysX SysTray] «C:Program FilesAGEIA TechnologiesTrayIcon.exe»
O4 — HKLM..Run: [ICSDCLT] C:Windowsrundll32.exe C:Windowssystem32icsdclt.dll,ICSClient
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentmagent.exe -LM
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: Total Commander.lnk = C:Program FilesTotal CommanderTotalcmd.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: Empowering Technology Launcher.lnk = ?
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Отправить изображение на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: Отправить страницу на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O13 — Gopher Prefix:
O23 — Service: ALaunch Service (ALaunchService) — Unknown owner — C:AcerALaunchALaunchSvc.exe
O23 — Service: Symantec Lic NetConnect service (CLTNetCnService) — Unknown owner — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (file missing)
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: eRecovery Service (eRecoveryService) — Acer Inc. — C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: MobilityService — Unknown owner — C:AcerMobility CenterMobilityService.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exe

—
End of file — 7320 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class — C:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQ Toolbar — C:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2007-07-25 1006264]
«ALaunch»=C:AcerALaunchAlaunchClient.exe []
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2007-05-18 4468736]
«NvSvc»=C:Windowssystem32nvsvc.dll [2007-06-06 86016]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2007-06-06 8433664]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2007-06-06 81920]
«PLFSet»=C:WindowsPLFSet.dll [2007-04-24 45056]
«LManager»=C:PROGRA~1LAUNCH~1LManager.exe [2007-06-27 752136]
«PlayMovie»=C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe [2007-05-24 206952]
«Apoint»=C:Program FilesApoint2KApoint.exe [2007-06-06 159744]
«Acer Tour Reminder»=C:AcerAcerTourReminder.exe [2007-05-22 151552]
«WarReg_PopUp»=C:AcerWR_PopUpWarReg_PopUp.exe [2006-11-05 57344]
«SetPanel»=C:AcerAPanelAPanel.cmd []
«AGEIA PhysX SysTray»=C:Program FilesAGEIA TechnologiesTrayIcon.exe [2006-08-16 339968]
«ICSDCLT»=C:Windowsrundll32.exe C:Windowssystem32icsdclt.dll []
«MAgent»=C:Program FilesMail.RuAgentmagent.exe [2008-12-30 5598392]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Acer Tour Reminder»= []

C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
Empowering Technology Launcher.lnk — C:AcerEmpowering TechnologyeAPLauncher.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXE

C:UsersАлексейAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Total Commander.lnk — C:Program FilesTotal CommanderTotalcmd.exe

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

======List of files/folders created in the last 1 months======

2009-01-13 09:04:08 —-D—- C:_OTMoveIt
2009-01-11 18:53:11 —-SHD—- C:Config.Msi
2009-01-11 18:43:18 —-D—- C:rsit
2009-01-11 18:43:18 —-D—- C:Program Filestrend micro
2009-01-11 13:47:05 —-D—- C:Program FilesESET
2009-01-10 19:57:39 —-D—- C:ProgramDataESET
2009-01-09 18:18:23 —-D—- C:ProgramDataKaspersky Lab
2009-01-09 18:18:23 —-D—- C:Program FilesKaspersky Lab
2009-01-09 17:34:49 —-A—- C:Windowsntbtlog.txt
2009-01-09 13:21:53 —-D—- C:Program FilesDrWeb for Windows
2009-01-06 11:29:46 —-D—- C:UsersАлексейAppDataRoamingWebMoney
2009-01-06 11:26:24 —-D—- C:Program FilesWebMoney
2009-01-02 19:51:06 —-A—- C:Windowssystem32jucrosy.dll
2008-12-30 19:33:24 —-A—- C:Windowssystem32CmdLineExt.dll
2008-12-30 15:42:45 —-D—- C:UsersАлексейAppDataRoamingCoreCodec
2008-12-30 15:41:39 —-D—- C:Program FilesCoreCodec
2008-12-30 15:29:40 —-D—- C:UsersАлексейAppDataRoamingBSplayer PRO
2008-12-30 15:29:38 —-D—- C:Program FilesWebteh
2008-12-30 15:28:07 —-D—- C:UsersАлексейAppDataRoamingVso
2008-12-30 15:28:07 —-A—- C:UsersАлексейAppDataRoaminginst.exe
2008-12-30 11:59:31 —-D—- C:Program FilesAlcohol Soft
2008-12-29 13:47:35 —-D—- C:UsersАлексейAppDataRoaminguTorrent
2008-12-27 15:42:25 —-D—- C:ProgramDataForge of Games
2008-12-24 09:51:26 —-D—- C:Program FilesOpenVPN
2008-12-24 09:12:53 —-A—- C:Windowswincmd.ini
2008-12-24 09:12:53 —-A—- C:Windowswcx_ftp.ini
2008-12-18 22:32:06 —-D—- C:UsersАлексейAppDataRoamingMra
2008-12-18 22:31:52 —-D—- C:Program FilesMail.Ru
2008-12-18 22:29:27 —-D—- C:Program FilesNIUtilites

======List of files/folders modified in the last 1 months======

2009-01-14 09:37:27 —-D—- C:WindowsTemp
2009-01-14 09:32:50 —-A—- C:Windowswinamp.ini
2009-01-14 09:27:24 —-D—- C:WindowsSystem32
2009-01-14 09:27:24 —-D—- C:Windowsinf
2009-01-14 09:27:24 —-A—- C:Windowssystem32PerfStringBackup.INI
2009-01-13 13:58:21 —-SHD—- C:System Volume Information
2009-01-13 09:32:42 —-D—- C:Windowssystem32catroot2
2009-01-11 18:54:57 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-11 18:54:46 —-D—- C:Windowssystem32drivers
2009-01-11 18:53:27 —-SHD—- C:WindowsInstaller
2009-01-11 18:43:18 —-RD—- C:Program Files
2009-01-11 18:34:25 —-D—- C:Games
2009-01-11 16:19:57 —-D—- C:Видео
2009-01-11 14:29:25 —-D—- C:MyWorks
2009-01-11 14:29:20 —-D—- C:ProgramDataCyberLink
2009-01-10 20:16:47 —-D—- C:Fraps
2009-01-10 20:08:52 —-D—- C:Program FilesAce Utilities
2009-01-10 19:57:39 —-HD—- C:ProgramData
2009-01-10 19:49:43 —-D—- C:Windowssystem32catroot
2009-01-10 18:42:12 —-D—- C:Program FilesICQToolbar
2009-01-10 09:37:27 —-D—- C:Windows
2009-01-09 12:59:17 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-01-09 12:54:20 —-D—- C:ProgramDataSymantec
2009-01-09 12:53:57 —-D—- C:Program FilesCommon Files
2009-01-09 12:52:49 —-RSD—- C:Windowsassembly
2009-01-09 12:48:44 —-D—- C:Program FilesAcer GameZone
2009-01-06 14:10:53 —-AD—- C:ProgramDataTEMP
2009-01-03 20:35:43 —-A—- C:Windowsl2control.ini
2009-01-02 19:57:20 —-D—- C:WindowsPrefetch
2009-01-02 19:38:41 —-SD—- C:UsersАлексейAppDataRoamingMicrosoft
2008-12-30 19:19:10 —-D—- C:Program FilesInternet Explorer
2008-12-22 13:06:35 —-D—- C:WindowsMinidump
2008-12-17 11:02:53 —-D—- C:Program FilesTotal Commander

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DritekPortIO;Dritek General Port I/O; ??C:PROGRA~1LAUNCH~1DPortIO.sys [2006-11-02 20112]
R1 easdrv;easdrv; C:Windowssystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:Windowssystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; ??C:Program FilesAcer Arcade DeluxePlay Movie00.fcl [2006-11-02 13560]
R2 eamon;EAMON; C:Windowssystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 int15;int15; ??C:AcerEmpowering TechnologyeRecoveryint15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2007-05-17 12672]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2007-05-17 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:Windowssystem32DRIVERSApfiltr.sys [2007-06-14 154624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:Windowssystem32DRIVERSathr.sys [2007-06-18 737280]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Microsoft); C:Windowssystem32DRIVERSCmBatt.sys [2008-01-27 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:Windowssystem32DRIVERSDKbFltr.sys [2006-11-02 21264]
R3 enecir;ENE CIR Receiver; C:Windowssystem32DRIVERSenecir.sys [2007-05-16 32256]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2007-05-17 985600]
R3 HSXHWAZL;HSXHWAZL; C:Windowssystem32DRIVERSHSXHWAZL.sys [2007-05-17 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2007-05-18 1775712]
R3 NTIDrvr;Upper Class Filter Driver; C:Windowssystem32DRIVERSNTIDrvr.sys [2007-07-25 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:Windowssystem32DRIVERSnvmfdx32.sys [2007-05-17 1059112]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2007-06-06 7120768]
R3 nvsmu;nvsmu; C:Windowssystem32DRIVERSnvsmu.sys [2007-05-17 12032]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2007-07-25 82432]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:Windowssystem32DRIVERSsnp2uvc.sys [2007-02-07 1729152]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2007-05-17 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32DRIVERSwmiacpi.sys [2008-01-27 11264]
R3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2006-11-02 82560]
S3 ao46woar;ao46woar; C:Windowssystem32driversao46woar.sys []
S3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2007-08-30 19456]
S3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2006-11-02 92160]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2007-08-30 220160]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2007-08-30 29184]
S3 btwaudio;Аудиоустройствоi Bluetooth; C:Windowssystem32driversbtwaudio.sys [2007-05-17 79664]
S3 btwavdt;Bluetooth AVDT Service; C:Windowssystem32driversbtwavdt.sys [2007-05-17 81200]
S3 btwrchid;btwrchid; C:Windowssystem32DRIVERSbtwrchid.sys [2007-05-17 16432]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:Windowssystem32DRIVERSVSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2006-11-02 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2006-11-02 6016]
S3 NPPTNT2;NPPTNT2; ??C:Windowssystem32npptNT2.sys [2005-01-03 4682]
S3 PsSdk40;PsSdk40; ??C:Windowssystem32Driverspssdk40.sys [2009-01-03 36928]
S3 PsSdkLBF;PsSdkLBF; ??C:Windowssystem32Driverspssdklbf.sys [2009-01-03 53312]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2006-11-02 49664]
S3 tap0901;TAP-Win32 Adapter V9; C:Windowssystem32DRIVERStap0901.sys [2008-08-01 25216]
S3 TSP;TSP; ??C:Windowssystem32driversklif.sys []
S4 UIUSys;Conexant Setup API; C:Windowssystem32DRIVERSUIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ALaunchService;ALaunch Service; C:AcerALaunchALaunchSvc.exe [2007-01-26 50688]
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2006-11-02 22016]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 eRecoveryService;eRecovery Service; C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe [2007-07-03 53248]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:AcerMobility CenterMobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2007-01-23 266343]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2007-05-17 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe /h ccCommon []
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:Program FilesSonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:Program FilesSonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlagent.EXE [2002-12-17 311872]

---

EOF

---

Все равно загрузка оперативки 1 гиг(((

[tokiosold]

Доброе утро.
Программа Flash Disinfector не запустилась. ( не пойму почему )
Остальное выполнил

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service usprserv stopped successfully.
Service usprserv deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{01a51280-0f9b-11dd-a26c-001b38505442}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{450241f3-a57e-11dd-bc02-001b38505442}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{62fe099c-6ad3-11dd-a7cf-001b38505442}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d8cc55d5-8e37-11dd-9c5d-001b38505442}\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:Users7C4~1AppDataLocalTempRtkBtMnt.exe scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 01132009_090408

Files moved on Reboot…
C:Users7C4~1AppDataLocalTempRtkBtMnt.exe moved successfully.

Logfile of random’s system information tool 1.05 (written by random/random)
Run by Алексей at 2009-01-13 09:15:19
Microsoft® Windows Vista™ Home Premium
System drive C: has 35 GB (49%) free of 71 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:26, on 13.01.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowsnotepad.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:WindowsSystem32rundll32.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe
C:Program FilesApoint2KApoint.exe
C:WindowsSystem32rundll32.exe
C:Program FilesApoint2KApMsgFwd.exe
C:Program FilesAGEIA TechnologiesTrayIcon.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesApoint2KApntex.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesTotal CommanderTotalcmd.exe
C:Users7C4~1AppDataLocalTempRtkBtMnt.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:AcerEmpowering TechnologyeRecoveryERAGENT.EXE
C:WindowsSystem32mobsync.exe
C:Program FilesOperaOpera.exe
C:Windowssystem32conime.exe
C:Windowssystem32Taskmgr.exe
C:UsersАлексейDesktopKAVRSIT.exe
C:Program Filestrend microАлексей.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ru.intl.acer.yahoo.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ru.intl.acer.yahoo.com
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — (no file)
R3 — URLSearchHook: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll
O1 — Hosts: ::1 localhost
O2 — BHO: XTTBPos00 — {055FD26D-3A88-4e15-963D-DC8493744B1D} — C:PROGRA~1ICQTOO~1toolbaru.dll
O2 — BHO: (no name) — {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} — (no file)
O3 — Toolbar: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [ALaunch] C:AcerALaunchAlaunchClient.exe
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [PLFSet] rundll32.exe C:WindowsPLFSet.dll,PLFDefSetting
O4 — HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 — HKLM..Run: [PlayMovie] «C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe»
O4 — HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 — HKLM..Run: [Acer Tour Reminder] C:AcerAcerTourReminder.exe
O4 — HKLM..Run: [WarReg_PopUp] C:AcerWR_PopUpWarReg_PopUp.exe
O4 — HKLM..Run: [SetPanel] C:AcerAPanelAPanel.cmd
O4 — HKLM..Run: [AGEIA PhysX SysTray] «C:Program FilesAGEIA TechnologiesTrayIcon.exe»
O4 — HKLM..Run: [ICSDCLT] C:Windowsrundll32.exe C:Windowssystem32icsdclt.dll,ICSClient
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentmagent.exe -LM
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..PoliciesExplorerRun: [ati2sgav] «C:Windowssystem32ati2sgav.exe»
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: Total Commander.lnk = C:Program FilesTotal CommanderTotalcmd.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: Empowering Technology Launcher.lnk = ?
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Отправить изображение на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: Отправить страницу на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O13 — Gopher Prefix:
O23 — Service: ALaunch Service (ALaunchService) — Unknown owner — C:AcerALaunchALaunchSvc.exe
O23 — Service: Symantec Lic NetConnect service (CLTNetCnService) — Unknown owner — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (file missing)
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: eRecovery Service (eRecoveryService) — Acer Inc. — C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: MobilityService — Unknown owner — C:AcerMobility CenterMobilityService.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exe

—
End of file — 7613 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class — C:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQ Toolbar — C:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2007-07-25 1006264]
«ALaunch»=C:AcerALaunchAlaunchClient.exe []
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2007-05-18 4468736]
«Acer Tour»= []
«NvSvc»=C:Windowssystem32nvsvc.dll [2007-06-06 86016]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2007-06-06 8433664]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2007-06-06 81920]
«PLFSet»=C:WindowsPLFSet.dll [2007-04-24 45056]
«LManager»=C:PROGRA~1LAUNCH~1LManager.exe [2007-06-27 752136]
«PlayMovie»=C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe [2007-05-24 206952]
«Apoint»=C:Program FilesApoint2KApoint.exe [2007-06-06 159744]
«eRecoveryService»= []
«Acer Tour Reminder»=C:AcerAcerTourReminder.exe [2007-05-22 151552]
«WarReg_PopUp»=C:AcerWR_PopUpWarReg_PopUp.exe [2006-11-05 57344]
«SetPanel»=C:AcerAPanelAPanel.cmd []
«AGEIA PhysX SysTray»=C:Program FilesAGEIA TechnologiesTrayIcon.exe [2006-08-16 339968]
«ICSDCLT»=C:Windowsrundll32.exe C:Windowssystem32icsdclt.dll []
«MAgent»=C:Program FilesMail.RuAgentmagent.exe [2008-12-30 5598392]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
«ati2sgav»=C:Windowssystem32ati2sgav.exe []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Acer Tour Reminder»= []

C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
Empowering Technology Launcher.lnk — C:AcerEmpowering TechnologyeAPLauncher.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXE

C:UsersАлексейAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Total Commander.lnk — C:Program FilesTotal CommanderTotalcmd.exe

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d8cc55d5-8e37-11dd-9c5d-001b38505442}]
shellAutoRuncommand — kongxsg.exe
shellexplorecommand — kongxsg.exe
shellopencommand — kongxsg.exe

======List of files/folders created in the last 1 months======

2009-01-13 09:04:08 —-D—- C:_OTMoveIt
2009-01-11 18:53:11 —-SHD—- C:Config.Msi
2009-01-11 18:43:18 —-D—- C:rsit
2009-01-11 18:43:18 —-D—- C:Program Filestrend micro
2009-01-11 13:47:05 —-D—- C:Program FilesESET
2009-01-10 19:57:39 —-D—- C:ProgramDataESET
2009-01-09 18:18:23 —-D—- C:ProgramDataKaspersky Lab
2009-01-09 18:18:23 —-D—- C:Program FilesKaspersky Lab
2009-01-09 17:34:49 —-A—- C:Windowsntbtlog.txt
2009-01-09 13:21:53 —-D—- C:Program FilesDrWeb for Windows
2009-01-06 11:29:46 —-D—- C:UsersАлексейAppDataRoamingWebMoney
2009-01-06 11:26:24 —-D—- C:Program FilesWebMoney
2009-01-02 19:51:06 —-A—- C:Windowssystem32jucrosy.dll
2008-12-30 19:33:24 —-A—- C:Windowssystem32CmdLineExt.dll
2008-12-30 15:42:45 —-D—- C:UsersАлексейAppDataRoamingCoreCodec
2008-12-30 15:41:39 —-D—- C:Program FilesCoreCodec
2008-12-30 15:29:40 —-D—- C:UsersАлексейAppDataRoamingBSplayer PRO
2008-12-30 15:29:38 —-D—- C:Program FilesWebteh
2008-12-30 15:28:07 —-D—- C:UsersАлексейAppDataRoamingVso
2008-12-30 15:28:07 —-A—- C:UsersАлексейAppDataRoaminginst.exe
2008-12-30 11:59:31 —-D—- C:Program FilesAlcohol Soft
2008-12-29 13:47:35 —-D—- C:UsersАлексейAppDataRoaminguTorrent
2008-12-27 15:42:25 —-D—- C:ProgramDataForge of Games
2008-12-24 09:51:26 —-D—- C:Program FilesOpenVPN
2008-12-24 09:12:53 —-A—- C:Windowswincmd.ini
2008-12-24 09:12:53 —-A—- C:Windowswcx_ftp.ini
2008-12-18 22:32:06 —-D—- C:UsersАлексейAppDataRoamingMra
2008-12-18 22:31:52 —-D—- C:Program FilesMail.Ru
2008-12-18 22:29:27 —-D—- C:Program FilesNIUtilites

======List of files/folders modified in the last 1 months======

2009-01-13 09:15:22 —-D—- C:WindowsTemp
2009-01-13 09:12:30 —-D—- C:WindowsSystem32
2009-01-13 09:12:29 —-D—- C:Windowsinf
2009-01-13 09:12:29 —-A—- C:Windowssystem32PerfStringBackup.INI
2009-01-12 00:35:48 —-A—- C:Windowswinamp.ini
2009-01-11 18:54:57 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-11 18:54:46 —-D—- C:Windowssystem32drivers
2009-01-11 18:53:27 —-SHD—- C:WindowsInstaller
2009-01-11 18:51:48 —-SHD—- C:System Volume Information
2009-01-11 18:43:18 —-RD—- C:Program Files
2009-01-11 18:34:25 —-D—- C:Games
2009-01-11 16:19:57 —-D—- C:Видео
2009-01-11 14:29:25 —-D—- C:MyWorks
2009-01-11 14:29:20 —-D—- C:ProgramDataCyberLink
2009-01-10 20:16:47 —-D—- C:Fraps
2009-01-10 20:08:52 —-D—- C:Program FilesAce Utilities
2009-01-10 19:57:39 —-HD—- C:ProgramData
2009-01-10 19:49:43 —-D—- C:Windowssystem32catroot
2009-01-10 18:42:12 —-D—- C:Program FilesICQToolbar
2009-01-10 09:37:27 —-D—- C:Windows
2009-01-09 12:59:17 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-01-09 12:54:20 —-D—- C:ProgramDataSymantec
2009-01-09 12:53:57 —-D—- C:Program FilesCommon Files
2009-01-09 12:52:49 —-RSD—- C:Windowsassembly
2009-01-09 12:48:44 —-D—- C:Program FilesAcer GameZone
2009-01-09 12:12:03 —-D—- C:Windowssystem32catroot2
2009-01-06 14:10:53 —-AD—- C:ProgramDataTEMP
2009-01-03 20:35:43 —-A—- C:Windowsl2control.ini
2009-01-02 19:57:20 —-D—- C:WindowsPrefetch
2009-01-02 19:38:41 —-SD—- C:UsersАлексейAppDataRoamingMicrosoft
2008-12-30 19:19:10 —-D—- C:Program FilesInternet Explorer
2008-12-22 13:06:35 —-D—- C:WindowsMinidump
2008-12-17 11:02:53 —-D—- C:Program FilesTotal Commander
2008-12-14 14:44:38 —-D—- C:Program FilesLaunch Manager

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DritekPortIO;Dritek General Port I/O; ??C:PROGRA~1LAUNCH~1DPortIO.sys [2006-11-02 20112]
R1 easdrv;easdrv; C:Windowssystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:Windowssystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; ??C:Program FilesAcer Arcade DeluxePlay Movie00.fcl [2006-11-02 13560]
R2 eamon;EAMON; C:Windowssystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 int15;int15; ??C:AcerEmpowering TechnologyeRecoveryint15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2007-05-17 12672]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2007-05-17 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:Windowssystem32DRIVERSApfiltr.sys [2007-06-14 154624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:Windowssystem32DRIVERSathr.sys [2007-06-18 737280]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Microsoft); C:Windowssystem32DRIVERSCmBatt.sys [2008-01-27 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:Windowssystem32DRIVERSDKbFltr.sys [2006-11-02 21264]
R3 enecir;ENE CIR Receiver; C:Windowssystem32DRIVERSenecir.sys [2007-05-16 32256]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2007-05-17 985600]
R3 HSXHWAZL;HSXHWAZL; C:Windowssystem32DRIVERSHSXHWAZL.sys [2007-05-17 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2007-05-18 1775712]
R3 NTIDrvr;Upper Class Filter Driver; C:Windowssystem32DRIVERSNTIDrvr.sys [2007-07-25 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:Windowssystem32DRIVERSnvmfdx32.sys [2007-05-17 1059112]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2007-06-06 7120768]
R3 nvsmu;nvsmu; C:Windowssystem32DRIVERSnvsmu.sys [2007-05-17 12032]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2007-07-25 82432]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:Windowssystem32DRIVERSsnp2uvc.sys [2007-02-07 1729152]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2007-05-17 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32DRIVERSwmiacpi.sys [2008-01-27 11264]
R3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2006-11-02 82560]
S3 a6aae8rh;a6aae8rh; C:Windowssystem32driversa6aae8rh.sys []
S3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2007-08-30 19456]
S3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2006-11-02 92160]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2007-08-30 220160]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2007-08-30 29184]
S3 btwaudio;Аудиоустройствоi Bluetooth; C:Windowssystem32driversbtwaudio.sys [2007-05-17 79664]
S3 btwavdt;Bluetooth AVDT Service; C:Windowssystem32driversbtwavdt.sys [2007-05-17 81200]
S3 btwrchid;btwrchid; C:Windowssystem32DRIVERSbtwrchid.sys [2007-05-17 16432]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:Windowssystem32DRIVERSVSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2006-11-02 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2006-11-02 6016]
S3 NPPTNT2;NPPTNT2; ??C:Windowssystem32npptNT2.sys [2005-01-03 4682]
S3 PsSdk40;PsSdk40; ??C:Windowssystem32Driverspssdk40.sys [2009-01-03 36928]
S3 PsSdkLBF;PsSdkLBF; ??C:Windowssystem32Driverspssdklbf.sys [2009-01-03 53312]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2006-11-02 49664]
S3 tap0901;TAP-Win32 Adapter V9; C:Windowssystem32DRIVERStap0901.sys [2008-08-01 25216]
S3 TSP;TSP; ??C:Windowssystem32driversklif.sys []
S4 UIUSys;Conexant Setup API; C:Windowssystem32DRIVERSUIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ALaunchService;ALaunch Service; C:AcerALaunchALaunchSvc.exe [2007-01-26 50688]
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2006-11-02 22016]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 eRecoveryService;eRecovery Service; C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe [2007-07-03 53248]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:AcerMobility CenterMobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2007-01-23 266343]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2007-05-17 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe /h ccCommon []
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:Program FilesSonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:Program FilesSonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlagent.EXE [2002-12-17 311872]

---

EOF

---

[tokiosold]

Logfile of random’s system information tool 1.05 (written by random/random)
Run by Алексей at 2009-01-11 18:43:18
Microsoft® Windows Vista™ Home Premium
System drive C: has 37 GB (51%) free of 71 GB
Total RAM: 2046 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:58, on 11.01.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:AcerEmpowering TechnologyeDataSecurityeDSLoader.exe
C:WindowsSystem32rundll32.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe
C:Program FilesApoint2KApoint.exe
C:Program FilesAGEIA TechnologiesTrayIcon.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:WindowsSystem32mobsync.exe
C:WindowsSystem32rundll32.exe
C:AcerEmpowering TechnologyENETENMTRAY.EXE
C:Program FilesApoint2KApMsgFwd.exe
C:Program FilesApoint2KApntex.exe
C:AcerEmpowering TechnologyEPOWEREPOWER_DMC.EXE
C:AcerEmpowering TechnologyeRecoveryERAGENT.EXE
C:Users7C4~1AppDataLocalTempRtkBtMnt.exe
c:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe
C:Windowssystem32conime.exe
C:Program FilesOperaOpera.exe
C:UsersАлексейDesktopKAVRSIT.exe
C:Program Filestrend microАлексей.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ru.intl.acer.yahoo.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ru.intl.acer.yahoo.com
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — (no file)
R3 — URLSearchHook: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll
O1 — Hosts: ::1 localhost
O2 — BHO: XTTBPos00 — {055FD26D-3A88-4e15-963D-DC8493744B1D} — C:PROGRA~1ICQTOO~1toolbaru.dll
O2 — BHO: ShowBarObj Class — {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} — C:Windowssystem32ActiveToolBand.dll
O3 — Toolbar: Acer eDataSecurity Management — {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} — C:Windowssystem32eDStoolbar.dll
O3 — Toolbar: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll
O4 — HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 — HKLM..Run: [ALaunch] C:AcerALaunchAlaunchClient.exe
O4 — HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 — HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
O4 — HKLM..Run: [eAudio] «C:AcerEmpowering TechnologyeAudioeAudio.exe»
O4 — HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [PLFSet] rundll32.exe C:WindowsPLFSet.dll,PLFDefSetting
O4 — HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 — HKLM..Run: [PlayMovie] «C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe»
O4 — HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 — HKLM..Run: [Acer Tour Reminder] C:AcerAcerTourReminder.exe
O4 — HKLM..Run: [WarReg_PopUp] C:AcerWR_PopUpWarReg_PopUp.exe
O4 — HKLM..Run: [SetPanel] C:AcerAPanelAPanel.cmd
O4 — HKLM..Run: [AGEIA PhysX SysTray] «C:Program FilesAGEIA TechnologiesTrayIcon.exe»
O4 — HKLM..Run: [ICSDCLT] C:Windowsrundll32.exe C:Windowssystem32icsdclt.dll,ICSClient
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentmagent.exe -LM
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..PoliciesExplorerRun: [ati2sgav] «C:Windowssystem32ati2sgav.exe»
O4 — HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 — Startup: Total Commander.lnk = C:Program FilesTotal CommanderTotalcmd.exe
O4 — Global Startup: BTTray.lnk = ?
O4 — Global Startup: Empowering Technology Launcher.lnk = ?
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Отправить изображение на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: Отправить страницу на &устройство Bluetooth… — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra ‘Tools’ menuitem: @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O10 — Unknown file in Winsock LSP: jucrosy.dll
O10 — Unknown file in Winsock LSP: jucrosy.dll
O10 — Unknown file in Winsock LSP: jucrosy.dll
O10 — Unknown file in Winsock LSP: jucrosy.dll
O10 — Unknown file in Winsock LSP: jucrosy.dll
O10 — Unknown file in Winsock LSP: jucrosy.dll
O10 — Unknown file in Winsock LSP: jucrosy.dll
O10 — Unknown file in Winsock LSP: jucrosy.dll
O10 — Unknown file in Winsock LSP: jucrosy.dll
O10 — Unknown file in Winsock LSP: jucrosy.dll
O10 — Unknown file in Winsock LSP: jucrosy.dll
O10 — Unknown file in Winsock LSP: jucrosy.dll
O13 — Gopher Prefix:
O23 — Service: ALaunch Service (ALaunchService) — Unknown owner — C:AcerALaunchALaunchSvc.exe
O23 — Service: Symantec Lic NetConnect service (CLTNetCnService) — Unknown owner — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (file missing)
O23 — Service: eDSService.exe (eDataSecurity Service) — HiTRSUT — C:AcerEmpowering TechnologyeDataSecurityeDSService.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: eLock Service (eLockService) — Acer Inc. — C:AcerEmpowering TechnologyeLockServiceeLockServ.exe
O23 — Service: eNet Service — Acer Inc. — C:AcerEmpowering TechnologyeNeteNet Service.exe
O23 — Service: eRecovery Service (eRecoveryService) — Acer Inc. — C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe
O23 — Service: eSettings Service (eSettingsService) — Unknown owner — C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: MobilityService — Unknown owner — C:AcerMobility CenterMobilityService.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 — Service: ePower Service (WMIService) — acer — C:AcerEmpowering TechnologyePowerePowerSvc.exe
O23 — Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) — Корпорация Майкрософт — C:Windowssystem32SearchIndexer.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:Windowssystem32DRIVERSxaudio.exe

—
End of file — 9220 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class — C:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class — C:Windowssystem32ActiveToolBand.dll [2007-04-25 299008]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} — Acer eDataSecurity Management — C:Windowssystem32eDStoolbar.dll [2007-04-25 151552]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQ Toolbar — C:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2007-07-25 1006264]
«ALaunch»=C:AcerALaunchAlaunchClient.exe []
«RtHDVCpl»=C:WindowsRtHDVCpl.exe [2007-05-18 4468736]
«eDataSecurity Loader»=C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe [2007-04-25 457216]
«eAudio»=C:AcerEmpowering TechnologyeAudioeAudio.exe [2007-06-11 1286144]
«Acer Tour»= []
«NvSvc»=C:Windowssystem32nvsvc.dll [2007-06-06 86016]
«NvCplDaemon»=C:Windowssystem32NvCpl.dll [2007-06-06 8433664]
«NvMediaCenter»=C:Windowssystem32NvMcTray.dll [2007-06-06 81920]
«PLFSet»=C:WindowsPLFSet.dll [2007-04-24 45056]
«LManager»=C:PROGRA~1LAUNCH~1LManager.exe [2007-06-27 752136]
«PlayMovie»=C:Program FilesAcer Arcade DeluxePlay MoviePMVService.exe [2007-05-24 206952]
«Apoint»=C:Program FilesApoint2KApoint.exe [2007-06-06 159744]
«eRecoveryService»= []
«Acer Tour Reminder»=C:AcerAcerTourReminder.exe [2007-05-22 151552]
«WarReg_PopUp»=C:AcerWR_PopUpWarReg_PopUp.exe [2006-11-05 57344]
«SetPanel»=C:AcerAPanelAPanel.cmd []
«AGEIA PhysX SysTray»=C:Program FilesAGEIA TechnologiesTrayIcon.exe [2006-08-16 339968]
«ICSDCLT»=C:Windowsrundll32.exe C:Windowssystem32icsdclt.dll []
«MAgent»=C:Program FilesMail.RuAgentmagent.exe [2008-12-30 5598392]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
«ati2sgav»=C:Windowssystem32ati2sgav.exe []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Acer Tour Reminder»= []

C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
Empowering Technology Launcher.lnk — C:AcerEmpowering TechnologyeAPLauncher.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXE

C:UsersАлексейAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Total Commander.lnk — C:Program FilesTotal CommanderTotalcmd.exe

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«EnableLUA»=0
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{01a51280-0f9b-11dd-a26c-001b38505442}]
shellAutoRuncommand — F:
shellopencommand — rundll32.exe .desktop.dll,InstallM

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{450241f3-a57e-11dd-bc02-001b38505442}]
shellAutoRuncommand — G:RECYCLERS-1-6-21-2434476501-1644491937-600003330-1213autorunme.exe
shellopencommand — G:RECYCLERS-1-6-21-2434476501-1644491937-600003330-1213autorunme.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{62fe099c-6ad3-11dd-a7cf-001b38505442}]
shellAutoRuncommand — G:RECYCLERS-1-6-21-2434476501-1644491937-600003330-1213autorunme.exe
shellopencommand — G:RECYCLERS-1-6-21-2434476501-1644491937-600003330-1213autorunme.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d8cc55d5-8e37-11dd-9c5d-001b38505442}]
shellAutoRuncommand — kongxsg.exe
shellexplorecommand — kongxsg.exe
shellopencommand — kongxsg.exe

======List of files/folders created in the last 1 months======

2009-01-11 18:43:18 —-D—- C:rsit
2009-01-11 18:43:18 —-D—- C:Program Filestrend micro
2009-01-11 13:47:05 —-D—- C:Program FilesESET
2009-01-10 19:57:39 —-D—- C:ProgramDataESET
2009-01-09 18:18:23 —-D—- C:ProgramDataKaspersky Lab
2009-01-09 18:18:23 —-D—- C:Program FilesKaspersky Lab
2009-01-09 17:34:49 —-A—- C:Windowsntbtlog.txt
2009-01-09 13:21:53 —-D—- C:Program FilesDrWeb for Windows
2009-01-06 11:29:46 —-D—- C:UsersАлексейAppDataRoamingWebMoney
2009-01-06 11:26:24 —-D—- C:Program FilesWebMoney
2009-01-02 19:51:06 —-A—- C:Windowssystem32jucrosy.dll
2008-12-30 19:33:24 —-A—- C:Windowssystem32CmdLineExt.dll
2008-12-30 15:42:45 —-D—- C:UsersАлексейAppDataRoamingCoreCodec
2008-12-30 15:41:39 —-D—- C:Program FilesCoreCodec
2008-12-30 15:29:40 —-D—- C:UsersАлексейAppDataRoamingBSplayer PRO
2008-12-30 15:29:38 —-D—- C:Program FilesWebteh
2008-12-30 15:28:07 —-D—- C:UsersАлексейAppDataRoamingVso
2008-12-30 15:28:07 —-A—- C:UsersАлексейAppDataRoaminginst.exe
2008-12-30 11:59:31 —-D—- C:Program FilesAlcohol Soft
2008-12-29 13:47:35 —-D—- C:UsersАлексейAppDataRoaminguTorrent
2008-12-27 15:42:25 —-D—- C:ProgramDataForge of Games
2008-12-24 09:51:26 —-D—- C:Program FilesOpenVPN
2008-12-24 09:12:53 —-A—- C:Windowswincmd.ini
2008-12-24 09:12:53 —-A—- C:Windowswcx_ftp.ini
2008-12-18 22:32:06 —-D—- C:UsersАлексейAppDataRoamingMra
2008-12-18 22:31:52 —-D—- C:Program FilesMail.Ru
2008-12-18 22:29:27 —-D—- C:Program FilesNIUtilites

======List of files/folders modified in the last 1 months======

2009-01-11 18:43:52 —-D—- C:WindowsTemp
2009-01-11 18:43:18 —-RD—- C:Program Files
2009-01-11 18:34:25 —-D—- C:Games
2009-01-11 16:19:57 —-D—- C:Видео
2009-01-11 14:29:25 —-D—- C:MyWorks
2009-01-11 14:29:20 —-D—- C:ProgramDataCyberLink
2009-01-11 14:08:06 —-D—- C:WindowsSystem32
2009-01-11 14:08:06 —-D—- C:Windowsinf
2009-01-11 14:08:06 —-A—- C:Windowssystem32PerfStringBackup.INI
2009-01-11 13:50:58 —-SHD—- C:System Volume Information
2009-01-11 13:48:23 —-SHD—- C:WindowsInstaller
2009-01-11 13:48:09 —-D—- C:Windowssystem32drivers
2009-01-10 23:19:50 —-A—- C:Windowswinamp.ini
2009-01-10 20:16:47 —-D—- C:Fraps
2009-01-10 20:08:52 —-D—- C:Program FilesAce Utilities
2009-01-10 19:57:39 —-HD—- C:ProgramData
2009-01-10 19:49:43 —-D—- C:Windowssystem32catroot
2009-01-10 18:42:12 —-D—- C:Program FilesICQToolbar
2009-01-10 09:37:27 —-D—- C:Windows
2009-01-09 12:59:17 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-01-09 12:54:20 —-D—- C:ProgramDataSymantec
2009-01-09 12:53:57 —-D—- C:Program FilesCommon Files
2009-01-09 12:52:49 —-RSD—- C:Windowsassembly
2009-01-09 12:48:44 —-D—- C:Program FilesAcer GameZone
2009-01-09 12:12:03 —-D—- C:Windowssystem32catroot2
2009-01-06 14:10:53 —-AD—- C:ProgramDataTEMP
2009-01-03 20:35:43 —-A—- C:Windowsl2control.ini
2009-01-02 19:57:20 —-D—- C:WindowsPrefetch
2009-01-02 19:38:41 —-SD—- C:UsersАлексейAppDataRoamingMicrosoft
2009-01-01 10:40:50 —-HD—- C:Program FilesInstallShield Installation Information
2008-12-30 19:19:10 —-D—- C:Program FilesInternet Explorer
2008-12-22 13:06:35 —-D—- C:WindowsMinidump
2008-12-17 11:02:53 —-D—- C:Program FilesTotal Commander
2008-12-14 14:44:38 —-D—- C:Program FilesLaunch Manager

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DritekPortIO;Dritek General Port I/O; ??C:PROGRA~1LAUNCH~1DPortIO.sys [2006-11-02 20112]
R1 easdrv;easdrv; C:Windowssystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:Windowssystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; ??C:Program FilesAcer Arcade DeluxePlay Movie00.fcl [2006-11-02 13560]
R2 eamon;EAMON; C:Windowssystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 int15;int15; ??C:AcerEmpowering TechnologyeRecoveryint15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2007-05-17 12672]
R2 rimmptsk;rimmptsk; C:Windowssystem32DRIVERSrimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:Windowssystem32DRIVERSrimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:Windowssystem32DRIVERSrixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2007-05-17 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:Windowssystem32DRIVERSApfiltr.sys [2007-06-14 154624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:Windowssystem32DRIVERSathr.sys [2007-06-18 737280]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Microsoft); C:Windowssystem32DRIVERSCmBatt.sys [2008-01-27 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:Windowssystem32DRIVERSDKbFltr.sys [2006-11-02 21264]
R3 enecir;ENE CIR Receiver; C:Windowssystem32DRIVERSenecir.sys [2007-05-16 32256]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2007-05-17 985600]
R3 HSXHWAZL;HSXHWAZL; C:Windowssystem32DRIVERSHSXHWAZL.sys [2007-05-17 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2007-05-18 1775712]
R3 NTIDrvr;Upper Class Filter Driver; C:Windowssystem32DRIVERSNTIDrvr.sys [2007-07-25 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:Windowssystem32DRIVERSnvmfdx32.sys [2007-05-17 1059112]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2007-06-06 7120768]
R3 nvsmu;nvsmu; C:Windowssystem32DRIVERSnvsmu.sys [2007-05-17 12032]
R3 sdbus;sdbus; C:Windowssystem32DRIVERSsdbus.sys [2007-07-25 82432]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:Windowssystem32DRIVERSsnp2uvc.sys [2007-02-07 1729152]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2007-05-17 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32DRIVERSwmiacpi.sys [2008-01-27 11264]
S3 a2vyoiol;a2vyoiol; C:Windowssystem32driversa2vyoiol.sys []
S3 BthEnum;Служба перечислителя Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2007-08-30 19456]
S3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2006-11-02 92160]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2007-08-30 220160]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2007-08-30 29184]
S3 btwaudio;Аудиоустройствоi Bluetooth; C:Windowssystem32driversbtwaudio.sys [2007-05-17 79664]
S3 btwavdt;Bluetooth AVDT Service; C:Windowssystem32driversbtwavdt.sys [2007-05-17 81200]
S3 btwrchid;btwrchid; C:Windowssystem32DRIVERSbtwrchid.sys [2007-05-17 16432]
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:Windowssystem32DRIVERSVSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2006-11-02 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2006-11-02 6016]
S3 NPPTNT2;NPPTNT2; ??C:Windowssystem32npptNT2.sys [2005-01-03 4682]
S3 PsSdk40;PsSdk40; ??C:Windowssystem32Driverspssdk40.sys [2009-01-03 36928]
S3 PsSdkLBF;PsSdkLBF; ??C:Windowssystem32Driverspssdklbf.sys [2009-01-03 53312]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:Windowssystem32DRIVERSrfcomm.sys [2006-11-02 49664]
S3 tap0901;TAP-Win32 Adapter V9; C:Windowssystem32DRIVERStap0901.sys [2008-08-01 25216]
S3 TSP;TSP; ??C:Windowssystem32driversklif.sys []
S3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2006-11-02 82560]
S4 UIUSys;Conexant Setup API; C:Windowssystem32DRIVERSUIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ALaunchService;ALaunch Service; C:AcerALaunchALaunchSvc.exe [2007-01-26 50688]
R2 eDataSecurity Service;eDSService.exe; C:AcerEmpowering TechnologyeDataSecurityeDSService.exe [2007-04-25 457512]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 eLockService;eLock Service; C:AcerEmpowering TechnologyeLockServiceeLockServ.exe [2007-04-23 24576]
R2 eNet Service;eNet Service; C:AcerEmpowering TechnologyeNeteNet Service.exe [2007-06-13 135168]
R2 eRecoveryService;eRecovery Service; C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe [2007-07-03 53248]
R2 eSettingsService;eSettings Service; C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe [2007-06-28 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:AcerMobility CenterMobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2007-01-23 266343]
R2 WMIService;ePower Service; C:AcerEmpowering TechnologyePowerePowerSvc.exe [2007-06-13 167936]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2007-05-17 386560]
S2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2006-11-02 22016]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe /h ccCommon []
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:Program FilesSonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:Program FilesSonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlagent.EXE [2002-12-17 311872]
S3 usprserv;User Privilege Service; C:WindowsSystem32svchost.exe [2006-11-02 22016]

---

EOF

---

info.txt logfile of random’s system information tool 1.05 2009-01-11 18:44:02

======Uninstall list======

—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{31403E22-2FDB-452F-AE9E-20854633226D}Setup.exe» -uninst
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A450831D-25F6-4F42-9662-D000B25E0D82}setup.exe» -uninstall
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{AA4BF92B-2AAF-11DA-9D78-000129760D75}setup.exe» -uninstall
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B145EC69-66F5-11D8-9D75-000129760D75}setup.exe» -uninstall
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B804C424-B66D-447A-84BD-C6B88C392C3A}setup.exe» -uninstall
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F79A208D-D929-11D9-9D77-000129760D75}setup.exe» -uninstall
ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
Acer Arcade Deluxe—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}setup.exe» -uninstall
Acer Crystal Eye webcam—>C:Program FilesInstallShield Installation Information{399C37FB-08AF-493B-BFED-20FBD85EDF7F}setup.exe -runfromtemp -l0x0009 -removeonly -u
Acer Crystal Eye webcam—>C:Program FilesInstallShield Installation Information{AA047D7C-5E7C-4878-B75C-77589151B563}setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{57265292-228A-41FA-9AEC-4620CBCC2739}Setup.exe» -uninstall
Acer eDataSecurity Management—>C:AcerEmpowering TechnologyeDataSecurityeDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}setup.exe» -l0x19 -removeonly
Acer Empowering Technology—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{AB6097D9-D722-4987-BD9E-A076E2848EE2}setup.exe» -l0x19 -removeonly
Acer eNet Management—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C06554A1-2C1E-4D20-B613-EE62C79927CC}setup.exe» -l0x19 -removeonly
Acer ePower Management—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{58E5844B-7CE2-413D-83D1-99294BF6C74F}setup.exe» -l0x19 -removeonly
Acer ePresentation Management—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{BF839132-BD43-4056-ACBF-4377F4A88E2A}setup.exe» -l0x9 -removeonly
Acer eSettings Management—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{CE65A9A0-9686-45C6-9098-3C9543A412F0}setup.exe» -l0x19 -removeonly
Acer GridVista—>C:WindowsUnInst32.exe GridV.UNI
Acer Mobility Center Plug-In—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{11316260-6666-467B-AC34-183FCB5D4335}setup.exe» -l0x9 -removeonly
Acer ScreenSaver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}setup.exe» -l0x9 -removeonly
Acer Tour—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{94389919-B0AA-4882-9BE8-9F0B004ECA35}setup.exe» -l0x9 -removeonly
Adobe Flash Player 10 Plugin—>C:Windowssystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player 9 ActiveX—>C:Windowssystem32MacromedFlashFlashUtil9b.exe -uninstallDelete
AGEIA PhysX v2.5.1—>»C:Program FilesAGEIA Technologiesuninstall.exe»
ALPS Touch Pad Driver—>C:Program FilesApoint2KUninstap.exe ADDREMOVE
Counter-Strike 1.6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime90Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}Setup.exe» -l0x19
EAX4 Unified Redist—>MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
ESET NOD32 Antivirus—>MsiExec.exe /I{FAC088DD-FE02-430D-85AD-7CF5AD669619}
HDAUDIO Soft Data Fax Modem with SmartCP—>C:Program FilesCONEXANTCNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118UIU32m.exe -U -Ic:ReleaseFoxconn51338AcrZUn32z.inf
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
ICQ Toolbar—>regsvr32 /u /s «C:PROGRA~1ICQTOO~1toolbaru.dll»
ICQ6—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
K-Lite Mega Codec Pack 3.9.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
Launch Manager—>C:WindowsUnInst32.exe LManager.UNI
Mail.Ru Агент 5.3 (сборка 2552, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)—>MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works—>MsiExec.exe /I{737E2345-2897-4B75-9C9B-D541F7394D6B}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)—>MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NI Mail Agent—>»C:Program FilesNIUtilitesNIMailAgentuninstall.exe»
NTI Backup NOW! 4.7—>»C:Program FilesInstallShield Installation Information{67ADE9AF-5CD9-4089-8825-55DE4B366799}setup.exe» -removeonly
NTI CD & DVD-Maker—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1049 CDM7
NVIDIA Drivers—>C:Windowssystem32NVUNINST.EXE UninstallGUI
Opera 9.20—>MsiExec.exe /X{FC0C72DD-A491-43FF-B377-67273E4D94D7}
PowerProducer 3.72—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B7A0CE06-068E-11D6-97FD-0050BACBF861}Setup.EXE» -uninstall
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}setup.exe» -l0x19 -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{59F6A514-9813-47A3-948C-8A155460CC2A}setup.exe» -l0x19 anything
Sony Media Manager 2.2—>MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
Sony Vegas 7.0—>MsiExec.exe /X{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}
TeamSpeak 2 RC2—>»C:Program FilesTeamspeak2_RC2unins000.exe»
Total Commander 7.00 PowerPack—>»C:Program FilesTotal Commanderuninstall.exe»
WebMoney Keeper Classic 3.6.0.6—>»C:Program FilesWebMoneyUninstall.exe» «C:Program FilesWebMoneyinstall.log» -u
WIDCOMM Bluetooth Software 6.0.1.5000—>MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Xfire (remove only)—>»C:Program FilesXfireuninst.exe»
Архиватор WinRAR (только удаление)—>C:Program FilesWinRARuninstall.exe
Панель управления mediazona.ru для Opera—>»C:Program FilesOperaunins000.exe»

======Hosts File======

10.253.0.35 l2authd.lineage2.com

======Security center information======

AV: ESET NOD32 Antivirus 3.0
AS: ESET NOD32 Antivirus 3.0
AS: Защитник Windows

System event log

Computer Name: МегаМозг
Event Code: 1103
Message: Компьютеру успешно назначен сетевой адрес, и теперь он может подключаться к другим компьютерам.
Record Number: 91859
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090111152148.000000-000
Event Type: Сведения
User:

Computer Name: МегаМозг
Event Code: 1103
Message: Компьютеру успешно назначен сетевой адрес, и теперь он может подключаться к другим компьютерам.
Record Number: 91860
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090111152648.000000-000
Event Type: Сведения
User:

Computer Name: МегаМозг
Event Code: 1103
Message: Компьютеру успешно назначен сетевой адрес, и теперь он может подключаться к другим компьютерам.
Record Number: 91861
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090111153148.000000-000
Event Type: Сведения
User:

Computer Name: МегаМозг
Event Code: 1103
Message: Компьютеру успешно назначен сетевой адрес, и теперь он может подключаться к другим компьютерам.
Record Number: 91862
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090111153648.000000-000
Event Type: Сведения
User:

Computer Name: МегаМозг
Event Code: 1103
Message: Компьютеру успешно назначен сетевой адрес, и теперь он может подключаться к другим компьютерам.
Record Number: 91863
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090111154148.000000-000
Event Type: Сведения
User:

Application event log

Computer Name: МегаМозг
Event Code: 1000
Message: Сбойное приложение hl.exe, версия 1.1.1.1, штамп времени 0x3fd11900, сбойный модуль serverbrowser.dll_unloaded, версия 0.0.0.0, штамп времени 0x3ffc6311, код исключения 0xc0000005, смещение ошибки 0x0d4776e0, ИД процесса 0x252c, время запуска приложения 0x01c973ec20532ba2.
Record Number: 55968
Source Name: Application Error
Time Written: 20090111125750.000000-000
Event Type: Ошибка
User:

Computer Name: МегаМозг
Event Code: 1001
Message: Черпак ошибки 636773611, тип 1
Имя события: APPCRASH
Ответ: Отсутствует
Идентификатор CAB: 0

Сигнатура проблемы:
P1: hl.exe
P2: 1.1.1.1
P3: 3fd11900
P4: serverbrowser.dll_unloaded
P5: 0.0.0.0
P6: 3ffc6311
P7: c0000005
P8: 0d4776e0
P9:
P10:

Вложенные файлы:
C:UsersАлексейAppDataLocalTempWERB1A4.tmp.version.txt

Эти файлы можно найти здесь:
C:UsersАлексейAppDataLocalMicrosoftWindowsWERReportArchiveReport2480f25b
Record Number: 55969
Source Name: Windows Error Reporting
Time Written: 20090111125807.000000-000
Event Type: Сведения
User:

Computer Name: МегаМозг
Event Code: 1000
Message: Сбойное приложение l2.exe, версия 0.0.0.0, штамп времени 0x46775bd6, сбойный модуль D3DDrv.dll, версия 0.0.0.0, штамп времени 0x46d50390, код исключения 0xc0000005, смещение ошибки 0x000319d6, ИД процесса 0x3588, время запуска приложения 0x01c974025d205922.
Record Number: 55970
Source Name: Application Error
Time Written: 20090111154001.000000-000
Event Type: Ошибка
User:

Computer Name: МегаМозг
Event Code: 1001
Message: Черпак ошибки 518243235, тип 1
Имя события: APPCRASH
Ответ: Отсутствует
Идентификатор CAB: 0

Сигнатура проблемы:
P1: l2.exe
P2: 0.0.0.0
P3: 46775bd6
P4: D3DDrv.dll
P5: 0.0.0.0
P6: 46d50390
P7: c0000005
P8: 000319d6
P9:
P10:

Вложенные файлы:
C:UsersАлексейAppDataLocalTempWER2E93.tmp.version.txt

Эти файлы можно найти здесь:
C:UsersАлексейAppDataLocalMicrosoftWindowsWERReportArchiveReport369ec41e
Record Number: 55971
Source Name: Windows Error Reporting
Time Written: 20090111154145.000000-000
Event Type: Сведения
User:

Computer Name: МегаМозг
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 55972
Source Name: LightScribeService
Time Written: 20090111154400.000000-000
Event Type: Сведения
User:

Security event log

Computer Name: МегаМозг
Event Code: 4672
Message: Новому сеансу входа назначены специальные привилегии.

Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: SYSTEM
Домен учетной записи: NT AUTHORITY
Код входа: 0x3e7

Привилегии: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 21628
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081126172516.884549-000
Event Type: Аудит выполнен успешно
User:

Computer Name: МегаМозг
Event Code: 4648
Message: Выполнена попытка входа в систему с явным указанием учетных данных.

Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: МЕГАМОЗГ$
Домен учетной записи: MSHOME
Код входа: 0x3e7
GUID входа: {00000000-0000-0000-0000-000000000000}

Были использованы учетные данные следующей учетной записи:
Имя учетной записи: SYSTEM
Домен учетной записи: NT AUTHORITY
GUID входа: {00000000-0000-0000-0000-000000000000}

Целевой сервер:
Имя целевого сервера: localhost
Дополнительные сведения: localhost

Сведения о процессе:
Идентификатор процесса: 0x2a8
Имя процесса: C:WindowsSystem32services.exe

Сведения о сети:
Сетевой адрес: —
Порт: —

Данное событие возникает, когда процесс пытается выполнить вход с учетной записью, явно указав ее учетные данные. Это обычно происходит при использовании конфигураций пакетного типа, например назначенных задач, или выполнении команды RUNAS.
Record Number: 21629
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081126172516.946950-000
Event Type: Аудит выполнен успешно
User:

Computer Name: МегаМозг
Event Code: 4624
Message: Вход с учетной записью выполнен успешно.

Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: МЕГАМОЗГ$
Домен учетной записи: MSHOME
Код входа: 0x3e7

Тип входа: 5

Новый вход:
ИД безопасности: S-1-5-18
Имя учетной записи: SYSTEM
Домен учетной записи: NT AUTHORITY
Код входа: 0x3e7
GUID входа: {00000000-0000-0000-0000-000000000000}

Сведения о процессе:
Идентификатор процесса: 0x2a8
Имя процесса: C:WindowsSystem32services.exe

Сведения о сети:
Имя рабочей станции:
Сетевой адрес источника: —
Порт источника: —

Сведения о проверке подлинности:
Процесс входа: Advapi
Пакет проверки подлинности: Negotiate
Промежуточные службы: —
Имя пакета (только NTLM): —
Длина ключа: 0

Данное событие возникает при создании сеанса входа. Оно создается в системе, вход в которую выполнен.

Поля «Субъект» указывают на учетную запись локальной системы, запросившую вход. Обычно это служба, например служба «Сервер», или локальный процесс, такой как Winlogon.exe или Services.exe.

В поле «Тип входа» указан тип выполненного входа. Самыми распространенными являются типы 2 (интерактивный) и 3 (сетевой).

Поля «Новый вход» указывают на учетную запись, для которой создан новый сеанс входа, то есть на учетную запись, с которой выполнен вход.

В полях, которые относятся к сети, указан источник запроса на удаленный вход. Имя рабочей станции доступно не всегда, и в некоторых случаях это поле может оставаться незаполненным.

Поля сведений о проверке подлинности содержат подробные данные о конкретном запросе на вход.
— GUID входа — это уникальный идентификатор, который позволяет сопоставить данное событие с событием KDC.
— В поле «Промежуточные службы» указано, какие промежуточные службы участвовали в данном запросе на вход.
— Поле «Имя пакета» указывает на подпротокол, использованный с протоколами NTLM.
— Поле «Длина ключа» содержит длину созданного ключа сеанса. Это поле может иметь значение «0», если ключ сеанса не запрашивался.
Record Number: 21630
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081126172516.946950-000
Event Type: Аудит выполнен успешно
User:

Computer Name: МегаМозг
Event Code: 4672
Message: Новому сеансу входа назначены специальные привилегии.

Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: SYSTEM
Домен учетной записи: NT AUTHORITY
Код входа: 0x3e7

Привилегии: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 21631
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081126172516.946950-000
Event Type: Аудит выполнен успешно
User:

Computer Name: МегаМозг
Event Code: 5056
Message: Выполнена криптографическая самопроверка.

Предмет:
Идентификатор безопасности: S-1-5-18
Имя учетной записи: МЕГАМОЗГ$
Домен учетной записи: MSHOME
Идентификатор входа в систему: 0x3e7

Модуль: ncrypt.dll

Код возврата: 0x0
Record Number: 21632
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081126172517.461753-000
Event Type: Аудит выполнен успешно
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesMicrosoft SQL Server80ToolsBinn
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
«PROCESSOR_ARCHITECTURE»=x86
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«USERNAME»=SYSTEM
«windir»=%SystemRoot%
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
«PROCESSOR_REVISION»=6801
«NUMBER_OF_PROCESSORS»=2

---

EOF

---

[Автор]

Сообщения