Лог утилиты random's system information tool 1.08 (автор: random/random) Run by slir at 2011-08-17 21:02:49 Microsoft Windows XP Professional Service Pack 2 Системный раздел C: размер 77 GB (50%) Свободно 153 GB Total RAM: 3063 MB (77% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:03:09, on 17.08.2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Shadow Defender\DefenderDaemon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\Program Files\Ad Muncher\AdMunch.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Far\Far.exe C:\Program Files\Avant Browser\avant.exe C:\RSit\RSIT.exe C:\Program Files\trend micro\slir.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yandex.ru/?clid=135239 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gismeteo.ru/city/legacy/4478 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll O1 - Hosts: 95.129.248.90 launcher.l2.ru O1 - Hosts: 109.105.130.68 patch.l2.ru O1 - Hosts: 95.129.248.195 gameguard.l2.ru O1 - Hosts: 95.129.248.196 auth.l2.ru O1 - Hosts: 109.105.130.129 geo.l2.ru O1 - Hosts: 195.58.1.117 La2authd.lineage2.com O1 - Hosts: 195.58.1.117 l2authd.lineage2.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Shadow Defender Daemon] "C:\Program Files\Shadow Defender\DefenderDaemon.exe" /auto O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Добавить в Анти-Баннер - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files\Download Master\dmieall.htm O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files\Download Master\dmie.htm O8 - Extra context menu item: Передать на удаленную закачку DM - C:\Program Files\Download Master\remdown.htm O9 - Extra button: &Виртуальная клавиатура - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe O9 - Extra button: Проверка ссы&лок - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU) O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://etp.roseltorg.ru/files/capicom.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7E43F76C-E593-461A-9A09-A8198BF1EC17}: NameServer = 195.38.32.3,195.38.33.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{97F436AA-0663-4C45-B165-C28E76FD4006}: NameServer = 10.1.3.5 O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll O21 - SSODL: MyDllLoade - {69502F20-E8CD-11D5-A784-0050BF44BD3B} - E:\tlf_new\Win_Coder\BdeInst.dll O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Anti-Virus Service (avp) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Professional\nmsaccessu.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Корпорация Майкрософт - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: Transbase TECDOC CD 1_2011 Service - Unknown owner - H:\TECDOC_CD\1_2011\db\tbmux32.exe (file missing) O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 10311 bytes ======Папка назначеных зданий====== C:\WINDOWS\tasks\ParetoLogic Registration3.job C:\WINDOWS\tasks\ParetoLogic Update Version3.job C:\WINDOWS\tasks\XoftSpySE.job ======Снимок реестра====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [2010-10-05 68280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9961627E-4059-41B4-8E0E-A7D6B3854ADF}] IE 4.x-6.x BHO for Download Master - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll [2009-04-16 158208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}] QIPBHO Class - C:\Program Files\Internet Explorer\qipsearchbar.dll [2009-07-09 150768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-03 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [2010-10-05 191160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-03 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Shadow Defender Daemon"=C:\Program Files\Shadow Defender\DefenderDaemon.exe [2008-09-24 192455] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-02 365336] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184] "HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-07-15 33636352] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920] "Ad Muncher"=C:\Program Files\Ad Muncher\AdMunch.exe [2011-05-23 535752] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe /background [] C:\Documents and Settings\All Users.WINDOWS\Главное меню\Программы\Автозагрузка Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2010-10-05 228024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] MyDllLoade - {69502F20-E8CD-11D5-A784-0050BF44BD3B} - E:\tlf_new\Win_Coder\BdeInst.dll [2000-01-27 3853824] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "E:\My Downloads\TVUPlayer_2.5.2.1.1944_Portable\TVUPlayer_2.5.2.1.1944_Portable\tvuplayer.exe"="E:\My Downloads\TVUPlayer_2.5.2.1.1944_Portable\TVUPlayer_2.5.2.1.1944_Portable\tvuplayer.exe:*:Enabled:TVUPlayer Component" "C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe" "C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe:*:Enabled:Kaspersky Anti-Virus" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\My Downloads\malwarebytes_portable_1[1].29_multilang\malwarebytes_portable_1.29_multilang\App\Malwarebytes\mbam.exe"="E:\My Downloads\malwarebytes_portable_1[1].29_multilang\malwarebytes_portable_1.29_multilang\App\Malwarebytes\mbam.exe:*:Enabled:Malwarebytes" "C:\Downloads\AdAwarePortable\AdAwarePortable\App\AdAware\Ad-Aware.exe"="C:\Downloads\AdAwarePortable\AdAwarePortable\App\AdAware\Ad-Aware.exe:*:Enabled:AdAware" "E:\My Downloads\Daum_PotPlayer_1.5.26332b_Portable\Daum_PotPlayer_1.5.26332b_Portable\PotPlayer_1.5.26332b_Portable_RUS\PotPlayer.exe"="E:\My Downloads\Daum_PotPlayer_1.5.26332b_Portable\Daum_PotPlayer_1.5.26332b_Portable\PotPlayer_1.5.26332b_Portable_RUS\PotPlayer.exe:*:Enabled:PotPlayer (32-разрядная версия)" "E:\My Downloads\Daum_PotPlayer_1.5.26384b_Portable\Daum_PotPlayer_1.5.26384b_Portable\Daum_PotPlayer_1.5.26384b_Portable_Rus\PotPlayer.exe"="E:\My Downloads\Daum_PotPlayer_1.5.26384b_Portable\Daum_PotPlayer_1.5.26384b_Portable\Daum_PotPlayer_1.5.26384b_Portable_Rus\PotPlayer.exe:*:Enabled:PotPlayer (32-разрядная версия)" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" ======Список файлов и папок, созданных за последние 3 месяца====== 2011-08-14 18:36:30 ----D---- C:\Posilka 2011-08-14 15:38:11 ----D---- C:\O-Zone_Forum 2011-08-14 15:28:14 ----D---- C:\Gmer 2011-08-07 10:42:42 ----D---- C:\HijackThis 2011-08-02 19:34:28 ----D---- C:\ad__muncher 2011-07-31 14:16:30 ----D---- C:\RemoveIT 2011-07-24 19:28:27 ----D---- C:\ATF-Cleaner 2011-07-24 19:26:55 ----D---- C:\RSit 2011-07-21 08:11:19 ----D---- C:\WINDOWS\XSxS 2011-07-19 07:10:31 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\Avant Downloader 2011-06-29 19:01:22 ----D---- C:\Program Files\Monkey's Audio 2011-06-29 19:01:22 ----A---- C:\WINDOWS\system32\MACDll.dll 2011-06-25 15:22:35 ----D---- C:\key 2011-06-25 14:24:15 ----D---- C:\navigator 2011-06-19 17:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB909394$ 2011-06-19 17:00:11 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys 2011-06-19 17:00:11 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys 2011-06-19 17:00:04 ----D---- C:\Program Files\Microsoft ActiveSync 2011-06-12 10:26:52 ----A---- C:\TDSSKiller.2.5.4.0_12.06.2011_10.26.52_log.txt 2011-05-29 21:49:34 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\STDUConverter 2011-05-29 21:32:15 ----A---- C:\WINDOWS\DjVuPro.INI 2011-05-28 21:56:21 ----A---- C:\WINDOWS\crw.ini ======Список файлов и папок, измененных за последние 3 месяца====== 2011-08-17 21:02:59 ----D---- C:\Temp 2011-08-17 21:02:59 ----D---- C:\Program Files\trend micro 2011-08-17 19:55:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2011-08-17 19:54:34 ----D---- C:\WINDOWS\temp 2011-08-17 19:52:37 ----D---- C:\WINDOWS\Minidump 2011-08-17 19:52:37 ----D---- C:\WINDOWS 2011-08-17 19:52:25 ----D---- C:\WINDOWS\system32\drivers 2011-08-16 22:21:01 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\uTorrent 2011-08-16 07:55:02 ----D---- C:\Program Files\TVPlayerClassic 2011-08-15 22:24:07 ----D---- C:\LineageII 2011-08-15 22:23:08 ----D---- C:\WINDOWS\system32\CatRoot2 2011-08-14 16:57:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-08-14 15:27:00 ----D---- C:\Hijack 2011-08-09 20:33:15 ----D---- C:\Program Files\Spyware Terminator 2011-08-09 20:33:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator 2011-08-09 20:27:17 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\Spyware Terminator 2011-08-07 13:38:32 ----D---- C:\Program Files\Messenger 2011-08-07 10:28:54 ----D---- C:\Мои документы 2011-08-07 10:17:01 ----D---- C:\Flash_I 2011-07-25 21:37:18 ----D---- C:\Tmp 2011-07-25 20:21:35 ----D---- C:\pesni 2011-07-22 07:46:29 ----D---- C:\Program Files\Avant Browser 2011-07-21 08:24:43 ----D---- C:\WINDOWS\system32 2011-07-19 07:10:21 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\Avant Profiles 2011-06-30 09:20:27 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2011-06-29 22:46:47 ----D---- C:\cob2011 2011-06-29 19:01:22 ----D---- C:\Program Files 2011-06-29 18:31:45 ----A---- C:\WINDOWS\cdplayer.ini 2011-06-29 18:30:25 ----A---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ss.ini 2011-06-25 14:27:30 ----HD---- C:\WINDOWS\inf 2011-06-22 20:48:13 ----SHD---- C:\WINDOWS\Installer 2011-06-22 20:48:00 ----D---- C:\WINDOWS\Help 2011-06-19 17:00:05 ----D---- C:\Program Files\Common Files\Microsoft Shared 2011-06-19 17:00:04 ----D---- C:\WINDOWS\WinSxS 2011-05-29 21:49:49 ----D---- C:\musor 2011-05-29 21:21:39 ----D---- C:\Documents and Settings 2011-05-23 06:50:07 ----D---- C:\Program Files\Ad Muncher 2011-05-20 22:01:41 ----D---- C:\La2 ======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)====== R0 diskpt;diskpt; C:\WINDOWS\system32\drivers\diskpt.sys [2008-09-24 182260] R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2009-07-18 93096] R0 kl1;kl1; C:\WINDOWS\system32\drivers\kl1.sys [2010-06-09 132184] R0 mv61xx;mv61xx; C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2008-06-24 150568] R0 ohci1394;VIA OHCI-совместимый IEEE 1394 хост-контроллер; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-02-11 717296] R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400] R1 intelppm;Драйвер Intel процессора; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 40448] R1 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys [2010-06-09 11352] R1 klif;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-10-01 475736] R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys [] R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [] R1 uzexmtm1;AVZ-RK Kernel Driver; \??\C:\WINDOWS\system32\Drivers\uzexmtm1.sys [] R2 irda;ИК-протокол IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424] R3 Arp1394;Протокол клиента 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 EL90XBC;3Com EtherLink XL 90XB/C, драйвер адаптера; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Драйвер класса HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2010-05-07 32856] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-11-02 19472] R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2004-08-17 63744] R3 mouhid;Драйвер мыши HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-19 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;Сетевой драйвер 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-04 47360] R3 Rasirda;Минипорт WAN (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-06-05 142336] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-07-10 1381632] S1 kbdhid;Драйвер клавиатуры HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848] S3 atgrxxk7;atgrxxk7; C:\WINDOWS\system32\drivers\atgrxxk7.sys [] S3 ax6t0sgl;ax6t0sgl; C:\WINDOWS\system32\drivers\ax6t0sgl.sys [] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [] S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2011-01-04 18120] S3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016] S3 npkcrypt;npkcrypt; \??\C:\La2\system\npkcrypt.sys [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567] S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys [] S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys [] S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408] S3 SIVDRIVER;SIV Kernel Driver; \??\C:\WINDOWS\system32\Drivers\SIVX32.sys [] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2010-06-06 5632] S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\Drivers\TVicHW32.sys [] S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbscan;Драйвер USB-сканера; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S3 wanusb;D-Link DSL-200 USB ADSL WAN Modem; C:\WINDOWS\system32\DRIVERS\gwausb.sys [2005-09-22 158592] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys [2009-09-01 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys [2009-09-01 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys [2009-09-01 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys [2009-09-01 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys [2009-09-01 25704] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [] S4 HWiNFO32;HWiNFO32 Kernel Driver; \??\F:\hw\HWiNFO32.SYS [] S4 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [] S4 npkycryp;npkycryp; \??\C:\La2\system\npkycryp.sys [] ======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)====== R2 avp;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-02 365336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-03 153376] R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216] R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-27 488960] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] S2 Irmon;Монитор инфракрасной связи; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336] S2 NMSAccessU;NMSAccessU; C:\Program Files\BurnAware Professional\nmsaccessu.exe [2008-05-03 71096] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-07-12 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-01-07 4192928] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544] S3 Transbase TECDOC CD 1_2011 Service;Transbase TECDOC CD 1_2011 Service; H:\TECDOC_CD\1_2011\db\tbmux32.exe [] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336] S3 XoftSpyService;XoftSpyService; C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe [2009-08-29 582424] S4 2GIS UpdateClientService;2GIS UpdateClientService; C:\Program Files\2gis\UpdateClientWin32\UpdateClientService.exe [2008-09-17 1134592] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] -----------------EOF-----------------