SPYWARE-RU.COM

Созданные ответы форума

Просмотр 5 сообщений - с 1 по 5 (из 5 всего)

Автор

Сообщения
3 января, 2009 в 7:31 пп в ответ на: Восстановление Win XP SP2 Проблема. #20685
vik a
Participant
- Темы:1
- Сообщений:6
@Valeri wrote:

Combofix подчистил компьютер.
Остались ли каки-либо проблемы ?

Спасибо!
Пока все ОК.
Осталось удалить утилиты.
3 января, 2009 в 12:30 пп в ответ на: Восстановление Win XP SP2 Проблема. #20683
vik a
Participant
- Темы:1
- Сообщений:6
Спасибо за помощь.Проблему я свою решил и с настройками разобрался.
Но, т.к. вероятность какой-нибудь заразы осталась высылаю логи.

ComboFix 09-01-01.02 — 1 2009-01-03 15:06:11.1 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.511.259 [GMT 3:00]
Running from: c:documents and settings1Рабочий столComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settings1Local SettingsTemporary Internet Files005B0CEE_9E44_4874_BB3A_AA90BF414B9B.gif
c:documents and settings1Local SettingsTemporary Internet Files01166880_8BC0_4d39_A5B3_2B79D15BD947.gif
c:documents and settings1Local SettingsTemporary Internet Files1F48DC7F-5AAB-4068-94FB-28260DD487DD.gif
c:documents and settings1Local SettingsTemporary Internet Files224C20AC-2B10-4f47-A087-071DF48FA255.gif
c:documents and settings1Local SettingsTemporary Internet FilesA9C3BB22_B095_4bb9_A4FD_1CB3643AF9A0.jpg
c:documents and settings1Local SettingsTemporary Internet FilesADED7C5B-E485-4485-8089-5F2E2DE42E91.gif
c:documents and settings1Local SettingsTemporary Internet FilesB12B218E_7A00_457d_BC82_2757D4C18CC1.gif
c:documents and settings1Local SettingsTemporary Internet FilesC82F82E3_1710_4965_ACF4_176308ED93A5.gif
c:documents and settings1Local SettingsTemporary Internet FilesD0FE389E_400B_440b_9071_2587A57961E3.gif
c:documents and settings1Local SettingsTemporary Internet FilesD376F538-6C5D-41ae-B596-C030BE6366B7.gif
c:documents and settings1Local SettingsTemporary Internet FilesDE6B7F39_B028_48ef_8D77_5471C7278A14.gif
c:documents and settings1Local SettingsTemporary Internet FilesE293A409_F14F_4c04_962F_4FE36C7CDD9F.jpg
c:documents and settings1Local SettingsTemporary Internet FilesE99CE768_8677_4652_B475_BA6BE092A64A.gif
c:documents and settings1Local SettingsTemporary Internet FilesF3FCCA3A_1396_4121_84BC_C7AA4524D721.gif
c:documents and settings1Local SettingsTemporary Internet FilesFE560CBF_28CF_4906_A438_C86C6CA84F93.gif
c:program filesFunWebProducts
c:program filesFunWebProductsScreenSaverImages007AA007.dat
c:program filesFunWebProductsScreenSaverImages007BA264.dat
c:program filesFunWebProductsScreenSaverImages007E41A7.dat
c:program filesFunWebProductsScreenSaverImages007FCC9D.dat
c:program filesFunWebProductsScreenSaverImages0080F2DD.dat
c:program filesFunWebProductsScreenSaverImages00CF2D89.dat
c:program filesFunWebProductsScreenSaverImages00CF442E.dat
c:program filesFunWebProductsScreenSaverImages00CF4E40.dat
c:program filesFunWebProductsScreenSaverImages00CF6A73.dat
c:program filesFunWebProductsScreenSaverImages00CF827F.dat
c:program filesFunWebProductsScreenSaverImages00CF977E.dat
c:program filesFunWebProductsScreenSaverImages00CFA9FC.dat
c:program filesFunWebProductsScreenSaverImages00CFC5C2.dat
c:program filesFunWebProductsScreenSaverImages017811CD.urr
c:program filesFunWebProductsScreenSaverImages017CEE5F.urr
c:program filesFunWebProductsScreenSaverImages03114FAC.dat
c:program filesFunWebProductsScreenSaverImages101x135007BA264.jpg
c:program filesFunWebProductsScreenSaverImages101x135007FCC9D.jpg
c:program filesFunWebProductsScreenSaverImages101x1350080F2DD.jpg
c:program filesFunWebProductsScreenSaverImages101x13500CF2D89.jpg
c:program filesFunWebProductsScreenSaverImages101x13500CF442E.jpg
c:program filesFunWebProductsScreenSaverImages101x13500CF4E40.jpg
c:program filesFunWebProductsScreenSaverImages101x13500CF6A73.jpg
c:program filesFunWebProductsScreenSaverImages101x13500CF827F.jpg
c:program filesFunWebProductsScreenSaverImages101x13500CF977E.jpg
c:program filesFunWebProductsScreenSaverImages101x13500CFA9FC.jpg
c:program filesFunWebProductsScreenSaverImages101x13500CFC5C2.jpg
c:program filesFunWebProductsScreenSaverImages101x13500D2B577.jpg
c:program filesFunWebProductsScreenSaverImagesf3wallpp.bmp
c:program filesFunWebProductsScreenSaverImageswrkparam.lst
c:program filesFunWebProductsShared01747945.dat
c:program filesMyWay
c:program filesMyWaymyBar1.binMYWAYPLUGINPROXY.CLASS
c:program filesMyWaymyBar1.binPARTNER.DAT
c:program filesMyWaymyBarCachefiles.ini
c:program filesMyWaymyBarHistorysearch
c:program filesMyWaySrchAstt1.binPARTNER.DAT
c:program filesMyWaySrchAsttCache000F0297
c:program filesMyWaySrchAsttCache0041647A
c:program filesMyWaySrchAsttCache02112473
c:program filesMyWaySrchAsttCachefiles.ini
c:program filesMyWebSearch
c:program filesMyWebSearchbarHistorysearch2
c:program filesMyWebSearchbarSettingsprevcfg2.htm
c:program filesMyWebSearchbarSettingss_bfeats.dat
c:program filesMyWebSearchbarSettingss_pid.dat
c:program filesMyWebSearchbarSettingssetting2.htm
c:program filesMyWebSearchbarSettingssettings.dat
c:windowsDownloaded Program Filesegdhtml_pack.inf
c:windowsmslagent
c:windowssimcss
c:windowssystem32AdCache
c:windowssystem32im64.dll
c:windowssystem32maxd64.exe
c:windowssystem32msegcompid.dll
c:windowssystem32mseggrpid.dll
c:windowssystem32TDSSmtvd.dat
c:windowssystem32vx.tll
c:windowswincomp
c:windowswinmgts
c:windowswintrim
c:windowswintrimacknowledged.mc2
c:windowswintrimCompManagerPersist.mc2
c:windowswintrimOrderPersist.mc2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

Legacy_TDSSSERV.SYS

Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-01 14:06 . 2009-01-01 14:06
d

c:program filesYandex
2009-01-01 14:06 . 2009-01-01 14:06 d

c:program filesPunto Switcher
2009-01-01 14:06 . 2009-01-01 14:06 d

c:program filesCommon FilesYandex
2008-12-30 21:04 . 2008-12-30 21:24 36,558 —a

C:backup.reg
2008-12-30 20:39 . 2008-12-30 20:39 d—hs—- C:FOUND.084
2008-12-30 19:34 . 2008-12-30 19:34 d—hs—- C:FOUND.083
2008-12-30 09:15 . 2008-12-30 09:15 d—hs—- C:FOUND.082
2008-12-30 00:35 . 2008-10-25 00:23 d—h

c:documents and settingsАдминистратор.COMPUTERШаблоны
2008-12-30 00:35 . 2008-10-25 00:23 d

c:documents and settingsАдминистратор.COMPUTERРабочий стол
2008-12-30 00:35 . 2008-10-25 00:23 d

c:documents and settingsАдминистратор.COMPUTERМои документы
2008-12-30 00:35 . 2008-10-25 00:23 dr

c:documents and settingsАдминистратор.COMPUTERГлавное меню
2008-12-30 00:35 . 2008-10-25 00:23 d

c:documents and settingsАдминистратор.COMPUTERИзбранное
2008-12-30 00:35 . 2008-12-30 00:35 d

c:documents and settingsАдминистратор.COMPUTER
2008-12-29 21:34 . 2008-12-29 21:34 d—hs—- C:FOUND.081
2008-12-29 09:17 . 2008-12-29 09:17 d

C:_OTMoveIt
2008-12-28 11:44 . 2008-12-28 11:44 d

C:rsit
2008-12-16 00:37 . 2008-12-16 00:37 d—hs—- C:FOUND.080
2008-12-15 20:29 . 2008-12-15 20:29 d

c:program filesDrWeb
2008-12-15 20:29 . 2008-12-15 20:50 77,824 —a

c:windowssystem32DRWEBSP.DLL
2008-12-14 21:55 . 2008-12-14 21:55 d—hs—- C:FOUND.079
2008-12-14 07:07 . 2008-12-14 07:07 0 —a

C:temp.html
2008-12-13 10:49 . 2008-12-13 10:49 d—hs—- C:FOUND.078
2008-12-11 20:39 . 2008-12-11 20:39 d

C:downloads
2008-12-08 23:00 . 2008-12-08 23:00 2,443 —a

c:windowssystem32%LocalXml%
2008-12-05 18:46 . 2008-12-05 18:46 d

c:documents and settingsUserApplication DataMSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 06:19 90,144 —sha-w c:windowssystem32driversfidbox.dat
2008-12-29 06:19 2,132 —sha-w c:windowssystem32driversfidbox.idx
2008-12-12 16:05 2,707 —-a-w c:windowssystem32TDSSlxwp.dll
2008-12-08 16:07 96,976 —-a-w c:windowssystem32driversklin.dat
2008-12-08 16:07 87,855 —-a-w c:windowssystem32driversklick.dat
2008-11-27 06:11 32 —sha-w c:windowssystem32driversfidbox2.idx
2008-11-27 06:11 32 —sha-w c:windowssystem32driversfidbox2.dat
2008-11-09 21:00 32,768 —-a-w c:documents and settings1MRAaway.dll
2005-04-04 18:04 7,168 —sha-w c:program filesThumbs.db
2003-04-15 17:27 793,536 —-a-w c:program fileswmpcdcs8.exe
2002-12-11 20:11 4,085,904 —-a-w c:program fileswmfdist.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-15 1561864]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2008-10-15 1561864]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-17 15360]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-16 735016]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584]
«H/PC Connection Agent»=»c:program filesMicrosoft ActiveSyncWCESCOMM.EXE» [2004-02-04 401491]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-09-01 479496]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
«ICQ Lite»=»c:program filesICQLiteICQLite.exe» [2006-12-07 3145308]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«WinampAgent»=»c:program filesWinampWinampa.exe» [2006-11-23 35840]
«UpdReg»=»c:windowsUpdReg.EXE» [2000-05-11 90112]
«SsAAD.exe»=»c:progra~1SonySONICS~1SsAAD.exe» [2005-01-24 81920]
«SpeedTouch USB Diagnostics»=»c:program filesThomsonSpeedTouch USBDragdiag.exe» [2004-01-26 866816]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2006-08-30 282624]
«PSDrvCheck»=»c:windowsSystem32PSDrvCheck.exe» [2003-08-28 396800]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-01-23 223232]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2005-05-12 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2005-05-12 6729728]
«Jet Detection»=»c:program filesCreativeSBLivePROGRAMADGJDet.exe» [2001-11-29 28672]
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2004-04-13 69632]
«ISUSPM Startup»=»c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe» [2004-04-17 196608]
«ICQ Lite»=»c:program filesICQLiteICQLite.exe» [2006-12-07 3145308]
«HPDJ Taskbar Utility»=»c:windowsSystem32spooldriversw32x863hpztsb06.exe» [2002-07-11 188416]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2005-02-16 49152]
«GismeteoTray»=»c:my downloadsПРОГИgismeteotraygismeteotray.exe» [2006-06-19 643584]
«WINDVDPatch»=»CTHELPER.EXE» [2002-07-02 c:windowssystem32CTHELPER.EXE]
«nwiz»=»nwiz.exe» [2005-05-12 c:windowssystem32nwiz.exe]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2004-08-17 c:windowssystem32bthprops.cpl]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3acm»= l3codecp.acm
«vidc.DIV3″= DivXc32.dll
«vidc.DIV4″= DivXc32f.dll
«msacm.l3radius»= l3codecp.acm
«msacm.ctmp3″= c:windowsSystem32ctmp3.acm
«MSACM.CEGSM»= mobilev.acm
«VIDC.AP41″= APmpg4v1.dll
«VIDC.D263″= xl_x263dec.dll
«VIDC.X264″= x264vfw.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Documents and Settings\1\Рабочий стол\Программы\UTORRENT.EXE»=
«c:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE»=
«c:\Program Files\ICQLite\ICQLite.exe»=

R0 prohlp01;StarForce Protection Helper Driver v1;c:windowssystem32driversprohlp01.sys [2002-11-22 60896]
R1 prodrv03;Star Force copy protection driver v3;??c:windowsSystem32driversprodrv03.sys [2002-12-26 115936]
R1 prodrv04;Star Force copy protection driver v4;c:windowssystem32driversprodrv04.sys [2004-02-06 114496]
R1 prodrv05;StarForce Protection Environment Driver v5;c:windowssystem32driversprodrv05.sys [2002-11-22 76704]
R2 Fileprot;Fileprot;c:windowssystem32driversFileprot.sys [2005-04-15 32491]
R2 litdpl;litdpl;c:windowssystem32DRIVERSlitdpl.sys [2003-05-22 4736]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32DRIVERSklfltdev.sys [2008-03-13 26640]
S0 ElbyVCD;ElbyVCD;c:windowssystem32DRIVERSElbyVCD.sys []
S2 nvTUNEP;nVidia WDM TVTuner;c:windowssystem32DRIVERSnvtunep.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:windowssystem32DRIVERSnvtvsnd.sys []
S3 ids0004C;ids0004C;??c:documents and settingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids0004C.sys []
S3 ids0005c;ids0005c;??c:documents and settingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids0005c.sys []
S3 ids00118;ids00118;??c:documents and settingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids00118.sys []
S3 ids0014f;ids0014f;??c:documents and settingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids0014f.sys []
S3 ids0015d;ids0015d;??c:documents and settingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids0015d.sys []
S3 ids00180;ids00180;??c:documents and settingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids00180.sys []
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32DRIVERSklim5.sys []
S3 PAC207;VideoCAM GE111;c:windowssystem32DRIVERSpfc027.sys []
.
Contents of the ‘Scheduled Tasks’ folder

2008-12-30 c:windowsTasks{383AAE4C-E0BC-492B-A00A-22F17D4FFDF7}_1-MBA0IZ7NQMPYA_1.job
— c:windowssystem32mobsync.exe [2004-08-17 11:04]

2009-01-02 c:windowsTasks{87BBF8CE-956A-4A9C-989C-E35FD29B8309}_1-MBA0IZ7NQMPYA_1.job
— c:windowssystem32mobsync.exe [2004-08-17 11:04]

2009-01-02 c:windowsTasks{536BA528-D2D3-4867-96C7-7A0596DF4E06}_1-MBA0IZ7NQMPYA_1.job
— c:windowssystem32mobsync.exe [2004-08-17 11:04]

2008-12-30 c:windowsTasks{BD13BF0B-55AB-4879-A583-3AFBBB480917}_ZEPHIR_1.job
— c:windowssystem32mobsync.exe [2004-08-17 11:04]

2009-01-02 c:windowsTasks{494D5839-CC75-45C0-8565-ACF24724DA7C}_ZEPHIR_1.job
— c:windowssystem32mobsync.exe [2004-08-17 11:04]

2009-01-02 c:windowsTasks{BBFF182A-CBA2-4498-8485-CA4A496D9F69}_ZEPHIR_1.job
— c:windowssystem32mobsync.exe [2004-08-17 11:04]
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-msnmsgr — c:program filesMSN Messengermsnmsgr.exe
HKCU-Run-DTClock181.exe — c:documents and settings1Рабочий столDTClockDTClock181.exe
HKCU-Run-AMP Agent — c:program filesCommon FilesARS CompanyAgentAgent.exe
HKLM-Run-MW1HelperStartUp — c:progra~1MAGICW~1MW1HEL~1.EXE
HKLM-Run-HELPER — c:windowssystem32russia.exe
HKLM-Run-FP Loader — loadfp.exe
Notify-WgaLogon — (no file)

.

Supplementary Scan

.
uStart Page = hxxp://www.yandex.ru/
uDefault_Search_URL = hxxp://start.traffer.ru
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://search.ruserv.com
uInternet Settings,ProxyServer = 169.229.50.12:8888
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search — http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm764DYRU
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Закачать &все при помощи ReGet Deluxe — c:program filesCommon FilesReGet SharedCC_All.htm
IE: Закачать при помощи Re&Get Deluxe — c:program filesCommon FilesReGet SharedCC_Link.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Настройка перевода — c:program filesX-Translator DIAMONDPROMTIE4options.htm
IE: Перевести — c:program filesX-Translator DIAMONDPROMTIE4translat.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: Перевести страницу — c:program filesX-Translator DIAMONDPROMTIE4page.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesX-Translator DIAMONDPROMTIE4promtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — c:program filesX-Translator DIAMONDPROMTIE4options.htm
Handler: rcdp.1C.rep — {79F2E69A-DE4D-461D-958B-FE830EF4246C} —
WinCE Filter: image/bmp — {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} — c:program filesMicrosoft ActiveSyncCENETFLT.DLL
WinCE Filter: image/gif — {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} — c:program filesMicrosoft ActiveSyncCENETFLT.DLL
WinCE Filter: image/jpeg — {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} — c:program filesMicrosoft ActiveSyncCENETFLT.DLL
WinCE Filter: image/xbm — {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} — c:program filesMicrosoft ActiveSyncCENETFLT.DLL
WinCE Filter: text/asp — {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} — c:program filesMicrosoft ActiveSyncCENETFLT.DLL
WinCE Filter: text/html — {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} — c:program filesMicrosoft ActiveSyncCENETFLT.DLL

c:windowsDownloaded Program FilesMISBH.dll — O16 -: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A}
hxxp://xtraz.icq.com/xtraz/activex/MISBH.cab
c:windowsDownloaded Program FilesMISBH.INF
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 15:10:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERSLocalServiceSoftwareMicrosoftActiveMoviedevenum{33D9A761-90C8-11D0-BD43-00A0C911CE86}3*NULL*4*NULL*D*NULL*S*NULL*P*NULL* *NULL*G*NULL*r*NULL*o*NULL*u*NULL*p*NULL* *NULL*T*NULL*r*NULL*u*NULL*e*NULL*S*NULL*p*NULL*e*NULL*e*NULL*c*NULL*h*NULL*»!]
«FriendlyName»=»DSP Group TrueSpeech™»
«CLSID»=»{6A08CF80-0E18-11CF-A24D-0020AFD79767}»
«FilterData»=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,
00,00,00,60,00,00,00,70,00,00,00,31,70,69,33,08,00,00,00,00,00,00,00,01,00,
00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,00,00,00,60,00,00,00,80,00,00,
00,61,75,64,73,00,00,10,00,80,00,00,aa,00,38,9b,71,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,22,00,00,00,00,00,10,00,80,00,00,aa,00,38,9b,71
«AcmId»=dword:00000022

[HKEY_USERSS-1-5-20SoftwareMicrosoftActiveMoviedevenum{33D9A761-90C8-11D0-BD43-00A0C911CE86}3*NULL*4*NULL*D*NULL*S*NULL*P*NULL* *NULL*G*NULL*r*NULL*o*NULL*u*NULL*p*NULL* *NULL*T*NULL*r*NULL*u*NULL*e*NULL*S*NULL*p*NULL*e*NULL*e*NULL*c*NULL*h*NULL*»!]
«FriendlyName»=»DSP Group TrueSpeech™»
«CLSID»=»{6A08CF80-0E18-11CF-A24D-0020AFD79767}»
«FilterData»=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,
00,00,00,60,00,00,00,70,00,00,00,31,70,69,33,08,00,00,00,00,00,00,00,01,00,
00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,00,00,00,60,00,00,00,80,00,00,
00,61,75,64,73,00,00,10,00,80,00,00,aa,00,38,9b,71,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,22,00,00,00,00,00,10,00,80,00,00,aa,00,38,9b,71
«AcmId»=dword:00000022

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.Default.DefaultG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — динь.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultAppGPFaultG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultCCSelectG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultCloseG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultCriticalBatteryAlarmG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — почти полная разрядка батарей.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultDeviceConnectG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — вставка оборудования.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultDeviceDisconnectG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — извлечение оборудования.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultDeviceFailG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — отказ оборудования.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultLowBatteryAlarmG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — низкий заряд батарей.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultMailBeepG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — уведомление.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultMaximizeG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultMenuCommandG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultMenuPopupG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultMinimizeG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultOpenG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultPrintCompleteG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultRestoreDownG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultRestoreUpG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultShowBandG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultSystemAsteriskG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — ошибка.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultSystemExclamationG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — восклицание.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultSystemExitG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»c:\Program Files\Ultimate GTA Vice City\Audio\TAX1_5.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultSystemHandG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»Windows XP — критическая ошибка.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultSystemNotificationG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — всплывающее сообщение.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultSystemQuestionG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultSystemStartG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»c:\Program Files\Ultimate GTA Vice City\Audio\piss_18.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultWindowsLogoffG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Выход из Windows XP.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesApps.DefaultWindowsLogonG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsExplorerActivatingDocumentG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsExplorerBlockedPopupG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»Windows XP — заблокированные всплывающие окна.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsExplorerEmptyRecycleBinG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — корзина.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsExplorerMoveMenuItemG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsExplorerNavigatingG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:»%SystemRoot%\media\Windows XP — пуск.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsExplorerSecurityBandG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»Windows XP — панель информации.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppskavKAV50_FinishG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppskavKAV50_InfectedG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\infected.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppskavKAV50_PasswordRequestG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\password.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppskavKAV50_StartG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppskavKAV50_TaskCompletedG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\finish.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsMSMSGSMSMSGS_ContactOnlineG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»c:\Program Files\Messenger\online.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsMSMSGSMSMSGS_NewAlertG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»c:\Program Files\Messenger\newalert.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsMSMSGSMSMSGS_NewMailG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»c:\Program Files\Messenger\newemail.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsMSMSGSMSMSGS_NewMessageG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»c:\Program Files\Messenger\type.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsReGetDxReGetDxCompletedG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»tada.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsReGetDxReGetDxDlClipAddG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsReGetDxReGetDxDlEndG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsReGetDxReGetDxDlErrorG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsReGetDxReGetDxDlFatalErrorG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»chord.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsReGetDxReGetDxDlPauseG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsReGetDxReGetDxDlStartG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsReGetDxReGetDxExitG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsReGetDxReGetDxStartG*NULL*T*NULL*A*NULL*0*NULL*H]
@=»»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsWcescommPegConnectConfirmG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»c:\Program Files\Microsoft ActiveSync\pegconn.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesAppsWcescommPegDisconnectConfirmG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»c:\Program Files\Microsoft ActiveSync\pegdisc.wav»

[HKEY_USERSS-1-5-21-1844237615-2000478354-839522115-1004AppEventsSchemesNamesG*NULL*T*NULL*A*NULL*0*NULL*H]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=»GTA»
.

Other Running Processes

.
c:windowsSYSTEM32DRIVERSCDAC11BA.EXE
c:windowsSYSTEM32CTSVCCDA.EXE
c:windowsSYSTEM32MSPMSPSV.EXE
c:program filesCOMMON FILESSONY SHAREDAVLIBSSSCSISV.EXE
c:my downloadsc:windowsSYSTEM32RUNDLL32.EXE
c:program filesPC CONNECTIVITY SOLUTIONSERVICELAYER.EXE
.
**************************************************************************
.
Completion time: 2009-01-03 15:12:38 — machine was rebooted
ComboFix-quarantined-files.txt 2009-01-03 12:12:38

Pre-Run: 30 839 750 656 байт свободно
Post-Run: 30,930,436,096 байт свободно

488 — E O F — 2008-10-17 17:49:09
30 декабря, 2008 в 6:34 пп в ответ на: Восстановление Win XP SP2 Проблема. #20680
vik a
Participant
- Темы:1
- Сообщений:6
Высылаю свежий лог.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: registry key «RegistryMachineSystemCurrentControlSetServicesis-11A3Hdrv» not found!
Deletion of driver «is-11A3Hdrv» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not exist

Completed script processing.

*******************

Finished! Terminate.
29 декабря, 2008 в 5:56 пп в ответ на: Восстановление Win XP SP2 Проблема. #20679
vik a
Participant
- Темы:1
- Сообщений:6
@Valeri wrote:

Скачайте программу Avenger кликнув по этой ссылке и распакуйте её на Рабочий стол.
Запустите Avenger, при это убедитесь что стоит галочка в пункте «Scan for rootkits» и нет галочки в пункте «Automatically disable any rootkits found». Уберите или поставьте галочки в случае необходимости.
Кликните Execute. Появится запрос о подтверждении ваших действий, нажмите Yes.
Avenger запуститься. В процессе работы возможны несколько перезагрузок компьютера.
По-окончании работы будет показан лог, пожалуйста вставьте его в ваш ответ.

Программа установилась на диск С, оттуда ее и запустил.
Лог прилагаю.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

p.s
Сегодня с утра вроде заработало » Восстановление системы», по крайней мере календарь реагировал
на вчерашнюю дату. С загрузкой в безопасном режиме без изменений.
28 декабря, 2008 в 6:25 пп в ответ на: Восстановление Win XP SP2 Проблема. #20677
vik a
Participant
- Темы:1
- Сообщений:6
Не могу пройти по ссылке. Страница не отоброжается. Сервер не найден.
Пытался при отключенном антивирусе, результаты те же. ❓
Все же удалось подключиться .
Высылаю логи.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service is-11A3Hdrv .
========== FILES ==========
C:WINDOWSsystem32DRIVERS14401859.sys moved successfully.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.7.2 log created on 12292008_091755

Files moved on Reboot…
File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.
Logfile of random’s system information tool 1.05 (written by random/random)
Run by 1 at 2008-12-29 09:24:05
Microsoft Windows XP Professional Service Pack 2
System drive C: has 30 GB (39%) free of 76 GB
Total RAM: 511 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:12, on 29.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32driversCDAC11BA.EXE
C:WINDOWSSystem32CTsvcCDA.exe
C:PROGRA~1DrWebspidernt.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesQuickTimeqttask.exe
C:My DownloadsПРОГИgismeteotraygismeteotray.exe
C:Program FilesDrWebDRWEBSCD.EXE
C:Program FilesDrWebspiderml.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1DrWebspiderui.exe
C:WINDOWSsystem32CTHELPER.EXE
C:Program FilesWinampWinampa.exe
C:PROGRA~1SonySONICS~1SsAAD.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb06.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE
C:Program FilesPunto Switcherps.exe
C:Program FilesMessengermsmsgs.exe
C:Documents and Settings1Рабочий столRSIT.exe
F:ВИКТОРкасперскийHijackThisHiJackThis1.exe

R1 — HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://start.traffer.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://start.traffer.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://google.icq.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.ruserv.com
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 169.229.50.12:8888
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: MraSearch Class — {30DA811B-BCBF-4aa7-B5E3-CEE0E03EF2B2} — C:WINDOWSSYSTEMMraSearch.dll (file missing)
O1 — Hosts: 198.65.164.171 ehttp.com
O1 — Hosts: 198.65.164.168 00hq.com
O1 — Hosts: 198.65.164.168 8ad.com
O1 — Hosts: 198.65.164.168 searchv.com
O1 — Hosts: 198.65.164.168 http://www.searchv.com
O1 — Hosts: 198.65.164.168 008k.com
O1 — Hosts: 198.65.164.168 http://www.008k.com
O2 — BHO: ClickCatcher MSIE handler — {16664845-0E00-11D2-8059-000000000000} — C:Program FilesCommon FilesReGet SharedCatcher.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.5.0_07binssv.dll
O3 — Toolbar: ReGet Bar — {17939A30-18E2-471E-9D3A-56DD725F1215} — C:Program FilesReGetDxiebar.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [GismeteoTray] C:My DownloadsПРОГИgismeteotraygismeteotray.exe
O4 — HKLM..Run: [DrWebScheduler] «C:Program FilesDrWebDRWEBSCD.EXE»
O4 — HKLM..Run: [SpIDerMail] «C:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DrWebspiderui.exe /agent
O4 — HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampWinampa.exe»
O4 — HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 — HKLM..Run: [SsAAD.exe] C:PROGRA~1SonySONICS~1SsAAD.exe
O4 — HKLM..Run: [SpeedTouch USB Diagnostics] «C:Program FilesThomsonSpeedTouch USBDragdiag.exe» /icon
O4 — HKLM..Run: [PSDrvCheck] C:WINDOWSSystem32PSDrvCheck.exe
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [MW1HelperStartUp] C:PROGRA~1MAGICW~1MW1HEL~1.EXE /partner MW1
O4 — HKLM..Run: [Jet Detection] «C:Program FilesCreativeSBLivePROGRAMADGJDet.exe»
O4 — HKLM..Run: [ISUSScheduler] «C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [ICQ Lite] «C:Program FilesICQLiteICQLite.exe» -minimize
O4 — HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb06.exe
O4 — HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [HELPER] C:WINDOWSsystem32russia.exe -N
O4 — HKLM..Run: [FP Loader] loadfp.exe
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE»
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [msnmsgr] «C:Program FilesMSN Messengermsnmsgr.exe» /background
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [DTClock181.exe] C:Documents and Settings1Рабочий столDTClockDTClock181.exe
O4 — HKCU..Run: [AMP Agent] C:Program FilesCommon FilesARS CompanyAgentAgent.exe
O4 — HKCU..RunOnce: [ICQ Lite] C:Program FilesICQLiteICQLite.exe -trayboot
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O8 — Extra context menu item: &Search — http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm764DYRU
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Закачать &все при помощи ReGet Deluxe — C:Program FilesCommon FilesReGet SharedCC_All.htm
O8 — Extra context menu item: Закачать при помощи Re&Get Deluxe — C:Program FilesCommon FilesReGet SharedCC_Link.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Настройка перевода — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm
O8 — Extra context menu item: Перевести — C:Program FilesX-Translator DIAMONDPROMTIE4translat.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O8 — Extra context menu item: Перевести страницу — C:Program FilesX-Translator DIAMONDPROMTIE4page.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_07binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_07binssv.dll
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:Program FilesMicrosoft ActiveSyncINETREPL.DLL
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:Program FilesMicrosoft ActiveSyncINETREPL.DLL
O9 — Extra ‘Tools’ menuitem: Create Mobile Favorite… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:Program FilesMicrosoft ActiveSyncINETREPL.DLL
O9 — Extra button: Перевод — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm
O9 — Extra ‘Tools’ menuitem: Настройка параметров перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: Mail.Ru Agent — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Documents and Settings1Application DataMail.RuAgentMAgent.exe (HKCU)
O9 — Extra button: Перевод — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm (HKCU)
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm (HKCU)
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm (HKCU)
O9 — Extra ‘Tools’ menuitem: Настройка перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm (HKCU)
O12 — Plugin for .pdf: C:Program FilesInternet ExplorerPLUGINSnppdf32.dll
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} — http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 — DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) — http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 — DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) — http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 — DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) — http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 — DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) — http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 — HKLMSystemCCSServicesTcpip..{378F99F0-8E1A-4C16-BD1A-92A7B55F02ED}: NameServer = 212.48.196.94 212.48.193.36 212.48.193.38
O18 — Protocol: rcdp.1C.rep — {79F2E69A-DE4D-461D-958B-FE830EF4246C} — C:PROGRA~11CREPE~1binRepAPP.dll (file missing)
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~2mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~2adialhk.dll,C:PROGRA~1KASPER~1KASPER~2kloehk.dll
O23 — Service: C-DillaCdaC11BA — Macrovision — C:WINDOWSSystem32driversCDAC11BA.EXE
O23 — Service: Creative Service for CDROM Access — Creative Technology Ltd — C:WINDOWSSystem32CTsvcCDA.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSSystem32mnmsrvc.exe
O23 — Service: MSCSPTISRV — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 — Service: PACSPTISVR — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DrWebspidernt.exe
O23 — Service: Sony SPTI Service (SPTISRV) — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 — Service: SonicStage SCSI Service (SSScsiSV) — Sony Corporation — C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 13956 bytes

======Scheduled tasks folder======

C:WINDOWStasks{383AAE4C-E0BC-492B-A00A-22F17D4FFDF7}_1-MBA0IZ7NQMPYA_1.job
C:WINDOWStasks{87BBF8CE-956A-4A9C-989C-E35FD29B8309}_1-MBA0IZ7NQMPYA_1.job
C:WINDOWStasks{536BA528-D2D3-4867-96C7-7A0596DF4E06}_1-MBA0IZ7NQMPYA_1.job
C:WINDOWStasks{BD13BF0B-55AB-4879-A583-3AFBBB480917}_ZEPHIR_1.job
C:WINDOWStasks{494D5839-CC75-45C0-8565-ACF24724DA7C}_ZEPHIR_1.job
C:WINDOWStasks{BBFF182A-CBA2-4498-8485-CA4A496D9F69}_ZEPHIR_1.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{16664845-0E00-11D2-8059-000000000000}]
ClickCatcher MSIE handler — C:Program FilesCommon FilesReGet SharedCatcher.dll [2005-03-08 294964]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.5.0_07binssv.dll [2006-05-03 434279]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{17939A30-18E2-471E-9D3A-56DD725F1215} — ReGet Bar — C:Program FilesReGetDxiebar.dll [2004-04-08 92160]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2007-04-02 694000]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2006-08-30 282624]
«GismeteoTray»=C:My DownloadsПРОГИgismeteotraygismeteotray.exe [2006-06-19 643584]
«DrWebScheduler»=C:Program FilesDrWebDRWEBSCD.EXE [2008-05-06 283888]
«SpIDerMail»=C:Program FilesDrWebspiderml.exe [2008-06-10 501080]
«SpIDerNT»=C:PROGRA~1DrWebspiderui.exe [2008-10-23 197896]
«WINDVDPatch»=C:WINDOWSsystem32CTHELPER.EXE [2002-07-02 24576]
«WinampAgent»=C:Program FilesWinampWinampa.exe [2006-11-23 35840]
«UpdReg»=C:WINDOWSUpdReg.EXE [2000-05-11 90112]
«SsAAD.exe»=C:PROGRA~1SonySONICS~1SsAAD.exe [2005-01-24 81920]
«SpeedTouch USB Diagnostics»=C:Program FilesThomsonSpeedTouch USBDragdiag.exe [2004-01-26 866816]
«PSDrvCheck»=C:WINDOWSSystem32PSDrvCheck.exe [2003-08-28 396800]
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-01-23 223232]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2005-05-12 86016]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2005-05-12 6729728]
«MW1HelperStartUp»=C:PROGRA~1MAGICW~1MW1HEL~1.EXE /partner MW1 []
«Jet Detection»=C:Program FilesCreativeSBLivePROGRAMADGJDet.exe [2001-11-29 28672]
«ISUSScheduler»=C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2004-04-13 69632]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2004-04-17 196608]
«ICQ Lite»=C:Program FilesICQLiteICQLite.exe [2006-12-07 3145308]
«HPDJ Taskbar Utility»=C:WINDOWSSystem32spooldriversw32x863hpztsb06.exe [2002-07-11 188416]
«HP Software Update»=C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2005-02-16 49152]
«HELPER»=C:WINDOWSsystem32russia.exe -N []
«FP Loader»=loadfp.exe []
«BluetoothAuthenticationAgent»=C:WINDOWSsystem32bthprops.cpl [2004-08-17 110592]
«AVP»=C:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe []
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE [2004-02-04 401491]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2003-11-12 207872]
«msnmsgr»=C:Program FilesMSN Messengermsnmsgr.exe /background []
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«DTClock181.exe»=C:Documents and Settings1Рабочий столDTClockDTClock181.exe []
«AMP Agent»=C:Program FilesCommon FilesARS CompanyAgentAgent.exe []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«ICQ Lite»=C:Program FilesICQLiteICQLite.exe [2006-12-07 3145308]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~2mzvkbd.dll,C:PROGRA~1KASPER~1KASPER~2adialhk.dll,C:PROGRA~1KASPER~1KASPER~2kloehk.dll»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=DF000000

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«»=
«NoDriveTypeAutoRun»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Documents and Settings1Рабочий столПрограммыUTORRENT.EXE»=»C:Documents and Settings1Рабочий столПрограммыUTORRENT.EXE:*:Enabled:µTorrent»
«C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE»=»C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»

======File associations======

.scr — open — «%1» /S «%3»

======List of files/folders created in the last 1 months======

2008-12-29 09:17:55 —-D—- C:_OTMoveIt
2008-12-28 11:44:22 —-D—- C:rsit
2008-12-16 00:37:28 —-SHD—- C:FOUND.080
2008-12-15 20:29:37 —-A—- C:WINDOWSsystem32DRWEBSP.DLL
2008-12-15 20:29:32 —-D—- C:Program FilesDrWeb
2008-12-15 20:28:41 —-D—- C:Documents and Settings1Application DataInstallShield
2008-12-14 21:55:10 —-SHD—- C:FOUND.079
2008-12-14 11:26:51 —-A—- C:sysinfo.txt
2008-12-13 10:49:14 —-SHD—- C:FOUND.078
2008-12-11 23:03:57 —-A—- C:WINDOWSSIGVERIF.TXT
2008-12-11 20:39:06 —-D—- C:downloads
2008-12-11 20:39:06 —-D—- C:Documents and Settings1Application DataGrabPro
2008-12-11 20:39:01 —-D—- C:Documents and Settings1Application DataOrbit
2008-12-05 00:15:09 —-D—- C:WINDOWSsystem32appmgmt

======List of files/folders modified in the last 1 months======

2008-12-29 09:21:22 —-A—- C:WINDOWS{00000002-00000000-00000001-00001102-00000002-80651102}.BAK
2008-12-29 09:19:12 —-A—- C:WINDOWSSchedLgU.Txt
2008-12-27 12:22:00 —-A—- C:WINDOWSntbtlog.txt
2008-12-25 07:49:38 —-A—- C:WINDOWSSystem.ini
2008-12-23 17:02:12 —-ASH—- C:boot.ini
2008-12-23 17:02:12 —-A—- C:WINDOWSwin.ini
2008-12-12 19:05:10 —-A—- C:WINDOWSsystem32TDSSlxwp.dll
2008-12-06 09:26:14 —-A—- C:WINDOWSsetuplog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Драйвер Intel процессора; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-17 40448]
R1 prodrv03;Star Force copy protection driver v3; ??C:WINDOWSSystem32driversprodrv03.sys []
R1 prodrv04;Star Force copy protection driver v4; C:WINDOWSSystem32driversprodrv04.sys [2004-02-06 114496]
R1 prodrv05;StarForce Protection Environment Driver v5; C:WINDOWSSystem32driversprodrv05.sys [2002-11-22 76704]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-08-09 53920]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-20 12032]
R2 CdaC15BA;CdaC15BA; ??C:WINDOWSSystem32driversCdaC15BA.SYS []
R2 enodpl;enodpl; C:WINDOWSSystem32DRIVERSenodpl.sys [2003-03-02 7552]
R2 Fileprot;Fileprot; C:WINDOWSsystem32driversFileprot.sys [2005-04-15 32491]
R2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2004-08-03 87424]
R2 litdpl;litdpl; C:WINDOWSSystem32DRIVERSlitdpl.sys [2002-10-13 4736]
R2 PfModNT;PfModNT; ??C:WINDOWSSystem32PfModNT.sys []
R2 SPIDER;SpIDer Guard File System Monitor; ??C:PROGRA~1DrWebspider.sys []
R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:WINDOWSsystem32DRIVERSalcan5wn.sys [2003-12-08 53600]
R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:WINDOWSsystem32DRIVERSalcaudsl.sys [2003-12-08 70688]
R3 ctac32k;Creative AC3 Software Decoder; C:WINDOWSSystem32driversctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:WINDOWSsystem32driversctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:WINDOWSSystem32driversctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:WINDOWSSystem32driversctsfm2k.sys [2002-07-19 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:WINDOWSSystem32driversemupia2k.sys [2002-07-19 156604]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:WINDOWSsystem32driversha10kx2k.sys [2002-07-24 998004]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2004-08-03 1897408]
R3 ossrv;Creative OS Services Driver; C:WINDOWSsystem32driversctoss2k.sys [2002-07-19 195432]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSSystem32DRIVERSusbprint.sys [2004-08-04 25856]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 ASPI32;ASPI32; C:WINDOWSsystem32driversASPI32.sys []
S1 is-11A3Hdrv;is-11A3Hdrv; C:WINDOWSsystem32DRIVERS14401859.sys []
S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:WINDOWSSystem32Driverstosrfcom.sys [2004-10-04 62799]
S2 nvcap;nVidia WDM Video Capture (universal); C:WINDOWSSystem32DRIVERSnvcap.sys [2002-06-07 106012]
S2 nvTUNEP;nVidia WDM TVTuner; C:WINDOWSSystem32DRIVERSnvtunep.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar; C:WINDOWSSystem32DRIVERSnvtvsnd.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar; C:WINDOWSSystem32DRIVERSNVxbar.sys []
S3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2002-08-02 659228]
S3 ati2mtag;ati2mtag; C:WINDOWSSystem32DRIVERSati2mtag.sys [2004-08-18 701440]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinrvxx.sys [2004-08-04 104960]
S3 BthEnum;Драйвер блока запроса Bluetooth; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Драйвер связи для модема Bluetooth; C:WINDOWSsystem32DRIVERSbthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2004-08-03 100992]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2004-08-17 274688]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSSystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 ctljystk;Игровой порт Creative SB Live!; C:WINDOWSSystem32DRIVERSctljystk.sys [2001-08-17 3712]
S3 GMSIPCI;GMSIPCI; ??E:INSTALLGMSIPCI.SYS []
S3 grmnusb;grmnusb; C:WINDOWSsystem32driversgrmnusb.sys [2003-09-23 7296]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-10-20 9600]
S3 ids0004C;ids0004C; ??C:Documents and SettingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids0004C.sys []
S3 ids0005c;ids0005c; ??C:Documents and SettingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids0005c.sys []
S3 ids00118;ids00118; ??C:Documents and SettingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids00118.sys []
S3 ids0014f;ids0014f; ??C:Documents and SettingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids0014f.sys []
S3 ids0015d;ids0015d; ??C:Documents and SettingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids0015d.sys []
S3 ids00180;ids00180; ??C:Documents and SettingsAll UsersApplication DataKaspersky Anti-Virus Personal5.0basesids00180.sys []
S3 KLIF;KLIF; ??C:WINDOWSsystem32driversklif.sys []
S3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys []
S3 ltmodem5;LT Modem Driver; C:WINDOWSSystem32DRIVERSltmdmnt.sys [2004-08-18 606940]
S3 MA-620;Mobile Action MA-660 USB Infrared Adapter; C:WINDOWSsystem32DRIVERSMA-620.sys [2003-03-25 27136]
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-20 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:WINDOWSsystem32DRIVERSMSIRCOMM.sys [2004-08-04 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSSystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSSystem32DRIVERSNdisIP.sys [2004-08-17 10880]
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-10-10 9216]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-10-10 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-10-10 138240]
S3 PAC207;VideoCAM GE111; C:WINDOWSsystem32DRIVERSpfc027.sys []
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-03 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSSystem32DRIVERSRTL8139.SYS []
S3 SANDRA;SANDRA; ??C:Program FilesSiSoftwareSiSoftware Sandra Professionalsandra.sys []
S3 sermouse;Драйвер мыши для посл. порта; C:WINDOWSsystem32DRIVERSsermouse.sys [2001-10-20 17920]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSSystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 StillCam;Драйвер цифровой фотокамеры для посл. порта; C:WINDOWSSystem32DRIVERSserscan.sys [2001-10-19 6912]
S3 streamip;BDA IPSink; C:WINDOWSSystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:WINDOWSsystem32driversToshidpt.sys [2002-10-16 2851]
S3 tosporte;Bluetooth Port Driver from Toshiba; C:WINDOWSsystem32DRIVERStosporte.sys [2005-01-08 51582]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:WINDOWSSystem32Driverstosrfbd.sys [2004-12-24 97792]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:WINDOWSSystem32Driverstosrfbnp.sys [2004-07-08 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:WINDOWSsystem32DRIVERSTosrfhid.sys [2004-11-15 50048]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:WINDOWSsystem32DRIVERStosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:WINDOWSsystem32driversTosRfSnd.sys [2004-12-15 50048]
S3 Tosrfusb;Bluetooth USB Controller; C:WINDOWSSystem32Driverstosrfusb.sys [2004-12-21 34816]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSSystem32DRIVERSusbscan.sys [2004-08-04 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2004-08-17 31872]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSSystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:WINDOWSSystem32driversCDAC11BA.EXE [2003-11-04 54784]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:WINDOWSSystem32CTsvcCDA.exe [1999-12-13 44032]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R2 SPIDERNT;SpIDer Guard for Windows; C:PROGRA~1DrWebspidernt.exe [2008-10-23 197896]
R2 WMDM PMSP Service;WMDM PMSP Service; C:WINDOWSSystem32MsPMSPSv.exe [2001-05-01 53248]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2006-11-06 210432]
R3 SSScsiSV;SonicStage SCSI Service; C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe [2005-01-24 69632]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe [2005-01-26 53337]
S3 PACSPTISVR;PACSPTISVR; C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe [2005-01-26 53337]
S3 SPTISRV;Sony SPTI Service; C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe [2005-01-26 69718]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]

EOF
Автор

Сообщения