Vírus v operačnej pamäti

Zpráva

balek · #1 Příspěvek od **balek** » 01 led 2013 13:47

Mam ruskojazycny system, tak nech vas neprekvapuje rustina... NOD objavil v operačnej pamati trojana. Co robit? Combfix? AKo?

Оперативная память = C:\Users\Роберт\Documents\Iterra\klsjwne.dll - модифицированный Win32/Kryptik.ARGA троянская программа - выбор действия отложен до завершения сканирования

balek · #2 Příspěvek od **balek** » 01 led 2013 20:33

Tu je log:
Лог утилиты random's system information tool 1.09 (автор: random/random)
Run by Роберт at 2013-01-01 23:31:02
Microsoft Windows 7 Домашняя расширенная Service Pack 1
Системный раздел C: размер 151 GB (52%) Свободно 292 GB
Total RAM: 3069 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:31:07, on 01.01.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\trend micro\Роберт.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQALL/35
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru/cnt/7829
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQALL/35
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQALL/35
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files (x86)\Translator\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Помощник по входу с помощью идентификатора Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files (x86)\Translator\WebIE.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
O3 - Toolbar: Поиск WebAlta - {fe704bf8-384b-44e1-8cf2-8dbeb3637a8a} - mscoree.dll (file missing)
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [multifon.exe] "C:\Program Files (x86)\MegaFon\MultiFon\multifon.exe" /dontstart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Роберт\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Добавить к существующему PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Добавить содержимое по ссылке в существующий файл PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Преобразовать в Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Преобразовать содержимое по ссылке в PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviќ prekladaи - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovnнk - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Preloћiќ &oznaиenэ text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Preloћiќ &strбnku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files (x86)\Translator\WebIE.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{824FB4FA-1D9E-47B1-AA77-1DBE3203E76F}: NameServer = 10.77.48.49 10.77.48.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{953DD3EA-31E9-4D48-B583-B704887A3A77}: NameServer = 10.77.48.49 10.77.48.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{D15B9EEB-A53D-42D5-949D-962102EDDBB9}: NameServer = 10.77.48.49 10.77.48.33
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MegaFon Modem. OUC (MegaFon Modem. RunOuc) - Unknown owner - C:\Program Files (x86)\MegaFon Modem\UpdateDog\ouc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16647 bytes

======Список процессов======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"taskhost.exe"
taskeng.exe {D3DB3EC8-B172-48C7-8672-90518D355BCC}
"C:\Windows\system32\Dwm.exe"
taskeng.exe {818F2FDE-5F01-46EF-9659-38AF262E31CF}
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\SysWOW64\svchost.exe -k netsvcs
"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service
C:\Windows\Explorer.EXE
"C:\ProgramData\DatacardService\DCSHelper.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\ProgramData\MegaFon Modem\OnlineUpdate\ouc.exe" "C:/Program Files (x86)/MegaFon Modem/UpdateDog/"
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2288
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe" /TUStart /pid:2208
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" http://home.webalta.ru/?new
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3612.1.218347849\1677622372" --gpu-vendor-id=0x10de --gpu-device-id=0x06ef --gpu-driver-vendor=NVIDIA --gpu-driver-version=8.17.12.7600 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --channel="3612.2.1549137022\563989289" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --channel="3612.3.1902433672\1924670536" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --channel="3612.4.1128009656\366508605" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Роберт\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromePI.dll" --lang=ru --channel="3612.5.1919314608\1903515527" /prefetch:4
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Роберт\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll" --lang=ru --channel="3612.6.262603518\1051682979" /prefetch:4
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll" --lang=ru --channel="3612.7.1468518399\1559598688" /prefetch:4
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.8.1379434727\475017096" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.9.1241579383\263540438" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.10.704327344\746763736" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.11.1407870250\1133859467" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.12.1172134840\2025229401" /prefetch:3
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.13.507437891\598661807" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.14.1316675784\1640767217" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.15.235521588\297049374" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3612.16.1581660604\958203395" --lang=ru --ignored=" --type=renderer " /prefetch:13
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.17.2126846747\195908741" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.18.1626419124\1281131017" /prefetch:3
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.19.1588239185\1964107013" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Роберт\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll" --lang=ru --channel="3612.21.1399655169\731970619" /prefetch:4
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3612.22.1492858252\1171509089" /prefetch:3
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Роберт\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" --lang=ru --channel="3612.23.834306696\1356590855" /prefetch:4
"C:\Users\Роберт\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
taskeng.exe {56383AE9-7E48-4FE4-BED2-3FD2D3331EC3}
"C:\DATA\INSTAL\Malware\RSITx64.exe"

======Папка назначеных зданий======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\Epson Printer Software Downloader.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3230796184-2078270539-655684660-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3230796184-2078270539-655684660-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3230796184-2078270539-655684660-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3230796184-2078270539-655684660-1000UA.job
C:\Windows\tasks\HPCeeScheduleForРоберт.job
C:\Windows\tasks\ReclaimerUpdateFiles_Роберт.job
C:\Windows\tasks\ReclaimerUpdateXML_Роберт.job
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Роберт.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.mail.ru/cnt/7829"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.21, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11"
prefs.js - "keyword.URL" - "http://go.mail.ru/search?fr=fftb&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\Windows\SysWOW64\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppl3260.dll
nppl3260.xpt
nprjplug.dll
nprpplugin.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
mailru.xml
ozonru.xml
priceru.xml
wikipedia-ru.xml
yandex-slovari.xml
yandex.xml

C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\extensions\
staged
yasearch@yandex.ru
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1392b8d2-5c05-419f-a8f6-b9f15a596612}
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\searchplugins\
mailru---.xml
webalta-search.xml
ybqs-yandex.xml

======Снимок реестра======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-14 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files (x86)\Freecorder\prxtbFree.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Program Files (x86)\Translator\WebIE.dll [2011-02-23 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-09-28 426736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-25 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу с помощью идентификатора Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-07-05 4018888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-25 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} -

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Program Files (x86)\Translator\WebIE.dll [2011-02-23 503808]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files (x86)\Freecorder\prxtbFree.dll [2011-05-09 176936]
{fe704bf8-384b-44e1-8cf2-8dbeb3637a8a} - Поиск WebAlta - C:\Windows\system32\mscoree.dll [2010-11-05 444752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 2096424]
"gmPoint"=C:\Program Files\Philips SPM 7800\gmPoint.exe [2009-07-22 68608]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-04-07 2839840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-14 171520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"multifon.exe"=C:\Program Files (x86)\MegaFon\MultiFon\multifon.exe [2010-12-10 5852672]
"Google Update"=C:\Users\Роберт\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-20 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\facebookmessenger.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hpwucli.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lightscribecontrolpanel.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lslauncher.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skypesetup.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yota.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======Ассоциации файлов======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======Список файлов и папок, созданных за последние 1 месяц======

2013-01-01 17:30:28 ----D---- C:\Program Files\trend micro
2013-01-01 17:30:27 ----D---- C:\rsit
2012-12-22 01:47:56 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2012-12-22 01:47:56 ----A---- C:\Windows\system32\atmlib.dll
2012-12-22 01:47:51 ----A---- C:\Windows\system32\atmfd.dll
2012-12-22 01:47:43 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2012-12-14 19:06:56 ----A---- C:\Windows\system32\mshtmled.dll
2012-12-14 19:06:55 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-12-14 19:06:55 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-12-14 19:06:54 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-12-14 19:06:53 ----A---- C:\Windows\SYSWOW64\url.dll
2012-12-14 19:06:53 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-12-14 19:06:53 ----A---- C:\Windows\system32\url.dll
2012-12-14 19:06:53 ----A---- C:\Windows\system32\ieUnatt.exe
2012-12-14 19:06:53 ----A---- C:\Windows\system32\ieui.dll
2012-12-14 19:06:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-12-14 19:06:51 ----A---- C:\Windows\system32\urlmon.dll
2012-12-14 19:06:50 ----A---- C:\Windows\system32\msfeeds.dll
2012-12-14 19:06:50 ----A---- C:\Windows\system32\jscript9.dll
2012-12-14 19:06:49 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-12-14 19:06:49 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-12-14 19:06:49 ----A---- C:\Windows\system32\wininet.dll
2012-12-14 19:06:48 ----A---- C:\Windows\system32\jsproxy.dll
2012-12-14 19:06:47 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-12-14 19:06:47 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-12-14 19:06:47 ----A---- C:\Windows\system32\vbscript.dll
2012-12-14 19:06:47 ----A---- C:\Windows\system32\jscript.dll
2012-12-14 19:06:46 ----A---- C:\Windows\system32\iertutil.dll
2012-12-14 19:06:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-12-14 19:06:45 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-12-14 19:06:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-12-14 19:06:37 ----A---- C:\Windows\system32\mshtml.dll
2012-12-14 19:06:36 ----A---- C:\Windows\system32\ieframe.dll
2012-12-14 19:06:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-12-14 02:16:43 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-12-14 02:16:43 ----A---- C:\Windows\system32\tzres.dll
2012-12-14 02:16:32 ----A---- C:\Windows\system32\win32k.sys
2012-12-14 02:16:22 ----A---- C:\Windows\system32\KernelBase.dll
2012-12-14 02:16:20 ----A---- C:\Windows\system32\winsrv.dll
2012-12-14 02:16:20 ----A---- C:\Windows\system32\kernel32.dll
2012-12-14 02:16:19 ----A---- C:\Windows\system32\conhost.exe
2012-12-14 02:16:18 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-12-14 02:16:17 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-12-14 02:16:15 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-12-14 02:16:15 ----A---- C:\Windows\system32\wow64win.dll
2012-12-14 02:16:15 ----A---- C:\Windows\system32\wow64.dll
2012-12-14 02:16:15 ----A---- C:\Windows\system32\ntvdm64.dll
2012-12-14 02:16:14 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-12-14 02:16:14 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-12-14 02:16:14 ----A---- C:\Windows\system32\wow64cpu.dll
2012-12-14 02:16:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-14 02:16:12 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-12-14 02:16:12 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-12-14 02:16:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-12-14 02:16:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-14 02:16:08 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-12-14 02:16:08 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-14 02:16:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-14 02:16:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-14 02:16:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-12-14 02:16:05 ----A---- C:\Windows\SYSWOW64\user.exe
2012-12-14 02:15:42 ----A---- C:\Windows\SYSWOW64\dpnet.dll
2012-12-14 02:15:42 ----A---- C:\Windows\system32\dpnet.dll
2012-12-11 21:22:31 ----D---- C:\ProgramData\Protexis
2012-12-11 21:22:26 ----D---- C:\Users\Роберт\AppData\Roaming\Corel
2012-12-11 21:14:18 ----D---- C:\Program Files (x86)\Microsoft SDKs
2012-12-11 21:14:11 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2012-12-11 21:10:53 ----D---- C:\ProgramData\Corel
2012-12-11 21:03:12 ----D---- C:\Program Files (x86)\Corel

======Список файлов и папок, измененных за последние 1 месяц======

2013-01-01 23:31:04 ----D---- C:\Windows\Temp
2013-01-01 23:27:55 ----D---- C:\Windows\Prefetch
2013-01-01 23:26:48 ----D---- C:\Windows\system32\Tasks
2013-01-01 17:30:28 ----RD---- C:\Program Files
2013-01-01 15:52:10 ----D---- C:\Windows\system32\config
2013-01-01 15:42:23 ----SHD---- C:\System Volume Information
2013-01-01 15:37:15 ----D---- C:\Windows\Tasks
2012-12-31 13:37:03 ----D---- C:\Windows\system32\DriverStore
2012-12-31 01:55:08 ----D---- C:\Users\Роберт\AppData\Roaming\Skype
2012-12-31 00:19:36 ----D---- C:\Windows\System32
2012-12-31 00:19:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-31 00:19:35 ----D---- C:\Windows\inf
2012-12-27 12:35:41 ----RSD---- C:\Windows\assembly
2012-12-22 13:50:39 ----D---- C:\Windows\winsxs
2012-12-22 13:46:56 ----D---- C:\Windows\SysWOW64
2012-12-22 01:48:24 ----D---- C:\Windows\system32\catroot
2012-12-22 01:48:19 ----D---- C:\Windows\system32\catroot2
2012-12-15 04:27:32 ----D---- C:\Windows\rescache
2012-12-14 19:31:40 ----D---- C:\Windows\SYSWOW64\ru-RU
2012-12-14 19:31:40 ----D---- C:\Windows\SYSWOW64\en-US
2012-12-14 19:31:40 ----D---- C:\Windows\system32\ru-RU
2012-12-14 19:31:40 ----D---- C:\Windows\system32\en-US
2012-12-14 19:31:35 ----D---- C:\Windows\AppPatch
2012-12-14 19:31:34 ----D---- C:\Windows\SYSWOW64\migration
2012-12-14 19:31:34 ----D---- C:\Program Files (x86)\Internet Explorer
2012-12-14 19:31:33 ----D---- C:\Windows\system32\migration
2012-12-14 19:31:29 ----D---- C:\Program Files\Internet Explorer
2012-12-14 19:17:47 ----D---- C:\Windows\Microsoft.NET
2012-12-14 19:15:06 ----SHD---- C:\Windows\Installer
2012-12-14 19:14:21 ----D---- C:\ProgramData\Microsoft Help
2012-12-14 19:09:09 ----A---- C:\Windows\system32\MRT.exe
2012-12-12 09:44:31 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-12-11 21:22:31 ----HD---- C:\ProgramData
2012-12-11 21:18:07 ----SD---- C:\Users\Роберт\AppData\Roaming\Microsoft
2012-12-11 21:18:07 ----SD---- C:\ProgramData\Microsoft
2012-12-11 21:14:18 ----D---- C:\Program Files (x86)
2012-12-11 21:12:29 ----D---- C:\Program Files (x86)\Common Files
2012-12-11 21:11:37 ----RSD---- C:\Windows\Fonts
2012-12-06 22:40:11 ----D---- C:\Program Files (x86)\Opera
2012-12-04 10:28:39 ----D---- C:\Users\Роберт\AppData\Roaming\EPSON
2012-12-04 01:40:14 ----D---- C:\DATA
2012-12-03 14:32:46 ----D---- C:\Windows

======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-04-07 163888]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-04-07 124760]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-08-02 32880]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-11-18 90112]
R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [2009-06-19 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbs64.sys [2009-06-19 14848]
R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmdm64.sys [2009-06-19 17408]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2007-08-13 202176]
R3 NETw5s64;Драйвер адаптера Intel(R) Wireless WiFi Link серии 5000 для Windows 7 64 Bit ; C:\Windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2009-06-27 83488]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-03-23 505344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 320560]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-08 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 DgiVecp;Team MFP Comm Driver; C:\Windows\System32\Drivers\DgiVecp.sys [2009-03-02 53816]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-11 1146880]
S3 athr;Расширяемый драйвер устройств беспроводной сети Atheros; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 C7xxUSB;Samsung CMC7xx USB Network Driver; C:\Windows\system32\DRIVERS\C7xUSB76.sys [2009-07-30 47616]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2012-11-18 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-11-18 13952]
S3 ewusbmbb;HUAWEI USB-WWAN miniport; C:\Windows\system32\DRIVERS\ewusbwwan.sys [2012-11-18 450048]
S3 gmhidlow;HID Mouse Lower Filter; C:\Windows\system32\DRIVERS\gmhidlow.sys [2009-07-01 14720]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-11-18 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-11-18 30720]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2012-11-18 238080]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2012-11-18 225920]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-11 6108416]
S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw1v64.sys [2009-07-21 7058432]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-11 5434368]
S3 NPF;WinPcap Packet Driver (NPF); C:\Windows\system32\drivers\NPF.sys [2009-10-20 47632]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-11 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-11 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-11 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Адаптер USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Драйвер USB-сканера; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-04-07 810120]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-08-25 1018472]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [2010-03-23 247808]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-18 2118976]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Служба Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2003-04-18 8192]
S2 MegaFon Modem. RunOuc;MegaFon Modem. OUC; C:\Program Files (x86)\MegaFon Modem\UpdateDog\ouc.exe [2012-11-18 240640]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 250808]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-04-07 42336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-24 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-05-23 655624]
S3 gupdatem;Служба Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Samsung UPD Service;Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [2010-08-09 166704]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]
S4 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S4 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2012-11-30 2224232]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-25 2214504]
S4 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

-----------------EOF-----------------

balek · #3 Příspěvek od **balek** » 02 led 2013 06:32

Tak - urobil som všetko, ako si povedal. Tu sú súbory...
Len tak mimochodom - posledný mesiac som zaregistroval, že počítač ledva stíha základné procesy, ktoré pred tým na začiatku neboli problémom a spokojne som mohol mať otvorených niekoľko veľkých programov ako Adobe Photoshop a Indesign a popri nich Word a iné a v pohode pracoval bez problemov. Teraz ledva otvoreny Chrome a Word a nestiha spomalene reakcie akoby nemal pamäte... nerozumiem tomu... Ak by si mi mohol pomoct. Dakujem.

balek · #4 Příspěvek od **balek** » 02 led 2013 21:17

Tu je log z Combofix...
Prosim, mozes mi pomoct s tou pomalostou pocitaca? Dik

ComboFix 13-01-02.01 - Роберт 02.01.2013 18:46:18.1.2 - x64
Microsoft Windows 7 Домашняя расширенная 6.1.7601.1.1251.7.1049.18.3069.1106 [GMT 4:00]
Running from: c:\users\Роберт\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\searchplugins\webalta-search.xml
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-12-02 to 2013-01-02 )))))))))))))))))))))))))))))))
.
.
2013-01-01 21:29 . 2013-01-01 21:29 512 ----a-w- C:\PhysicalMBR.bin
2013-01-01 13:30 . 2013-01-01 19:31 -------- d-----w- c:\program files\trend micro
2013-01-01 13:30 . 2013-01-01 13:30 -------- d-----w- C:\rsit
2013-01-01 11:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CCEA04F-3E71-4328-9F25-CDBF3B683329}\mpengine.dll
2012-12-27 08:35 . 2012-12-27 08:36 -------- d-----w- c:\users\Роберт\AppData\Local\Webalta Toolbar
2012-12-21 21:47 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 21:47 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 21:47 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:47 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 22:16 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 22:15 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 22:15 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-11 17:22 . 2012-12-11 17:22 -------- d-----w- c:\programdata\Protexis
2012-12-11 17:22 . 2012-12-11 17:22 -------- d-----w- c:\users\Роберт\AppData\Roaming\Corel
2012-12-11 17:14 . 2012-12-11 17:14 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-12-11 17:14 . 2012-12-11 17:15 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-12-11 17:12 . 2012-12-11 17:12 -------- d-----w- c:\program files (x86)\Common Files\Corel
2012-12-11 17:10 . 2012-12-11 17:10 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-12-11 17:10 . 2012-12-11 17:10 -------- d-----w- c:\programdata\Corel
2012-12-11 17:03 . 2012-12-11 17:03 -------- d-----w- c:\program files (x86)\Corel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:09 . 2010-05-23 06:07 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 05:44 . 2012-04-26 21:29 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 05:44 . 2011-07-02 00:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-17 21:20 . 2012-11-17 21:21 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-11-17 21:20 . 2012-11-17 21:21 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-11-17 21:20 . 2012-11-17 21:21 90112 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-11-17 21:20 . 2012-11-17 21:21 76800 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-11-17 21:20 . 2012-11-17 21:21 450048 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-11-17 21:20 . 2012-11-17 21:21 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-11-17 21:20 . 2012-11-17 21:21 30720 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-11-17 21:20 . 2012-11-17 21:21 238080 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-11-17 21:20 . 2012-11-17 21:21 225920 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-11-17 21:20 . 2012-11-17 21:21 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-11-17 21:20 . 2012-11-17 21:21 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-11-17 21:20 . 2012-11-17 21:21 104448 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-11-17 21:20 . 2012-11-17 21:21 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-11-17 21:20 . 2008-07-08 18:55 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-10-16 08:38 . 2012-11-28 07:56 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 07:56 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 07:56 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-19 20:01 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-19 20:01 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-19 20:01 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-19 20:01 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 22:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
"{fe704bf8-384b-44e1-8cf2-8dbeb3637a8a}"= "mscoree.dll" [2010-11-05 297808]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{fe704bf8-384b-44e1-8cf2-8dbeb3637a8a}]
[HKEY_CLASSES_ROOT\nsWebAlta.WebAltaSearchBar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"multifon.exe"="c:\program files (x86)\MegaFon\MultiFon\multifon.exe" [2010-12-10 5852672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe_ID0ENQBO"=c:\progra~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Guard.Mail.ru.gui"="c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run
"WirelessAssistant"=c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"QlbCtrl.exe"=c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MegaFon Modem. RunOuc;MegaFon Modem. OUC;c:\program files (x86)\MegaFon Modem\UpdateDog\ouc.exe [2012-11-17 240640]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-14 284016]
R3 C7xxUSB;Samsung CMC7xx USB Network Driver;c:\windows\system32\DRIVERS\C7xUSB76.sys [2009-07-30 47616]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-11-17 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-11-17 13952]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-11-17 450048]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-23 1038088]
R3 gmhidlow;HID Mouse Lower Filter;c:\windows\system32\DRIVERS\gmhidlow.sys [2009-07-01 14720]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-11-17 104448]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-11-17 30720]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-11-17 238080]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [2009-07-20 7058432]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R4 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2012-11-30 2224232]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 163888]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-04-07 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-07 124760]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-18 2118976]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-02 32880]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-11-17 90112]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [2009-06-19 16384]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [2009-06-19 14848]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [2009-06-19 17408]
S3 NETw5s64;Драйвер адаптера Intel(R) Wireless WiFi Link серии 5000 для Windows 7 64 Bit ;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-08 11856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 09:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 05:44]
.
2012-08-15 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 11:03]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 18:44]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 18:44]
.
2012-12-22 c:\windows\Tasks\HPCeeScheduleForРоберт.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 01:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gmPoint"="c:\program files\Philips SPM 7800\gmPoint.exe" [2009-07-22 68608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2839840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-14 171520]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.ru/cnt/7829
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://webalta.ru/search
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://webalta.ru/search
IE: &Экспорт в Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Добавить к существующему PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Добавить содержимое по ссылке в существующий файл PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Преобразовать в Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Преобразовать содержимое по ссылке в PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files (x86)\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\program files (x86)\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files (x86)\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files (x86)\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files (x86)\Translator\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{824FB4FA-1D9E-47B1-AA77-1DBE3203E76F}: NameServer = 10.77.48.49 10.77.48.33
TCP: Interfaces\{953DD3EA-31E9-4D48-B583-B704887A3A77}: NameServer = 10.77.48.49 10.77.48.33
TCP: Interfaces\{D15B9EEB-A53D-42D5-949D-962102EDDBB9}: NameServer = 10.77.48.49 10.77.48.33
FF - ProfilePath - c:\users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\
FF - prefs.js: browser.search.selectedEngine - РџРѕРёСЃРє@Mail.Ru
FF - prefs.js: browser.startup.homepage - hxxp://www.mail.ru/cnt/7829
FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?fr=fftb&q=
FF - ExtSQL: 2012-11-05 23:10; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Yota Access Service (Modems)]
"ImagePath"="\"C:/Program Files (x86)/Yota/Yota Access (Modems)/YotaAccessService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Yota Access Service (Modems)]
"ImagePath"="\"C:/Program Files (x86)/Yota/Yota Access (Modems)/YotaAccessService.exe\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\programdata\MegaFon Modem\OnlineUpdate\ouc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2013-01-02 19:11:31 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-02 15:11
.
Pre-Run: 159 230 746 624 байт свободно
Post-Run: 158 582 771 712 байт свободно
.
- - End Of File - - 093D8AA5BF6E0B1D663F14331C90BB6D

balek · #5 Příspěvek od **balek** » 02 led 2013 21:20

A tiez sa od času toho zavirenia objavuje v Chrome pri spustení stále ako nová stránka: hxxp://webalta.ru/search na ktorej som nikdy pred tým nebol...

balek · #6 Příspěvek od **balek** » 02 led 2013 23:27

Vysledok z testu na C:\Windows\system32\ntoskrnl.exe:

Antivirus Result Update
Agnitum - 20130102
AhnLab-V3 - 20130102
AntiVir - 20130102
Antiy-AVL - 20130102
Avast - 20130102
AVG - 20130102
BitDefender - 20130102
ByteHero - 20121226
CAT-QuickHeal - 20130102
ClamAV - 20130102
Commtouch - 20130102
Comodo - 20130102
DrWeb - 20130102
Emsisoft - 20130102
eSafe - 20130101
ESET-NOD32 - 20130102
F-Prot - 20130102
F-Secure - 20130102
Fortinet - 20130102
GData - 20130102
Ikarus - 20130102
Jiangmin - 20121221
K7AntiVirus - 20130102
Kaspersky - 20130102
Kingsoft - 20121225
Malwarebytes - 20130102
McAfee - 20130102
McAfee-GW-Edition - 20130102
Microsoft - 20130102
MicroWorld-eScan - 20130102
NANO-Antivirus - 20130102
Norman - 20130102
nProtect - 20130102
Panda - 20130102
PCTools - 20130102
Rising - 20121228
Sophos - 20130102
SUPERAntiSpyware - 20130102
Symantec - 20130102
TheHacker - 20130102
TotalDefense - 20130102
TrendMicro - 20130102
TrendMicro-HouseCall - 20130102
VBA32 - 20130102
VIPRE - 20130102
ViRobot - 20130102

balek · #7 Příspěvek od **balek** » 02 led 2013 23:31

Vysledok testu na druhý súbor ntoskrnl.exe:

Agnitum - 20130102
AhnLab-V3 - 20130102
AntiVir - 20130102
Antiy-AVL - 20130102
Avast - 20130102
AVG - 20130102
BitDefender - 20130102
ByteHero - 20121226
CAT-QuickHeal - 20130102
ClamAV - 20130102
Commtouch - 20130102
Comodo - 20130102
DrWeb - 20130102
Emsisoft - 20130102
eSafe - 20130101
ESET-NOD32 - 20130102
F-Prot - 20130102
F-Secure - 20130102
Fortinet - 20130102
GData - 20130102
Ikarus - 20130102
Jiangmin - 20121221
K7AntiVirus - 20130102
Kaspersky - 20130102
Kingsoft - 20121225
Malwarebytes - 20130102
McAfee - 20130102
McAfee-GW-Edition - 20130102
Microsoft - 20130102
MicroWorld-eScan - 20130102
NANO-Antivirus - 20130102
Norman - 20130102
nProtect - 20130102
Panda - 20130102
PCTools - 20130102
Rising - 20121228
Sophos - 20130102
SUPERAntiSpyware - 20130102
Symantec - 20130102
TheHacker - 20130102
TotalDefense - 20130102
TrendMicro - 20130102
TrendMicro-HouseCall - 20130102
VBA32 - 20130102
VIPRE - 20130102
ViRobot - 20130102

balek · #8 Příspěvek od **balek** » 02 led 2013 23:35

No pozri sa na toto C:\Users\Роберт\Documents\Iterra\klsjwne.dll - aj moj NOD mi to hlasil ako hrozbu:

Agnitum - 20130102
AhnLab-V3 Spyware/Win32.Zbot 20130102
AntiVir TR/Dldr.Vundo.J.302 20130102
Antiy-AVL - 20130102
Avast Win32:Downloader-RYG [Trj] 20130102
AVG Generic30.CAHR 20130102
BitDefender Gen:Variant.Kazy.117219 20130102
ByteHero - 20121226
CAT-QuickHeal - 20130102
ClamAV - 20130102
Commtouch - 20130102
Comodo UnclassifiedMalware 20130102
DrWeb Trojan.Mayachok.17994 20130102
Emsisoft - 20130102
eSafe - 20130101
ESET-NOD32 a variant of Win32/Kryptik.ARGA 20130102
F-Prot - 20130102
F-Secure Gen:Variant.Kazy.117219 20130102
Fortinet W32/Cidox.TEW!tr 20130102
GData Gen:Variant.Kazy.117219 20130102
Ikarus Backdoor.Win32.Cidox 20130102
Jiangmin - 20121221
K7AntiVirus Riskware 20130102
Kaspersky Trojan.Win32.Cidox.tew 20130102
Kingsoft - 20121225
Malwarebytes - 20130102
Microsoft TrojanDownloader:Win32/Vundo.J 20130102
MicroWorld-eScan Gen:Variant.Kazy.117219 20130102
NANO-Antivirus - 20130102
Norman - 20130102
nProtect - 20130102
Panda Trj/CI.A 20130102
PCTools - 20130102
Rising - 20121228
Sophos - 20130102
SUPERAntiSpyware Trojan.Agent/Gen-Frauder 20130102
Symantec WS.Reputation.1 20130102
TheHacker Trojan/Kryptik.arga 20130102
TotalDefense - 20130102
TrendMicro - 20130102
TrendMicro-HouseCall TROJ_GEN.R47H1LR 20130102
VBA32 - 20130102
VIPRE Virtumonde 20130102
ViRobot Trojan.Win32.A.Cidox.46592.FU 20130102

balek · #9 Příspěvek od **balek** » 02 led 2013 23:38

MbrScan Report:

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT           : Normal Boot
DATE           : 2013/01/03 (ISO 8601) at 02:37:24
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __SAMSUNG HM320II (2AC101C4)
BUS_TYPE       : (0x0B)  S-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR1 __Generic- Multi-Card (1.00)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0	298.1 Go  [Fixed] ==> HP Recovery Manager

MBR_MD5   : F85345673B9B63F57FE75EA647BA8928
MBR_SHA1  : 746402C4C9A2C120B4F82D5D505F3C7E2E0218EF

Device\Harddisk0\Partition1	199.0 Mo  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	285.6 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	12.31 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR1	30.23 Go  [Removable] ==> Unknown MBR Code

MBR_MD5   : 779C64AAB9A8A5A97D6C4CB750848A34
MBR_SHA1  : C988B59231085E1C48097DD8F9E1DAAFC71233CD

Device\Harddisk1\Partition1	30.23 Go  	0x0C FAT32 [LBA] 
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x03DEB000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BB3000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C91000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CF4000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00E06000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00EC6000
SIZE    : 776.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F88000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F98000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FEF000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00D52000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00D5C000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00D8F000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\isapnp.sys => Invisible on the disk
ADDRESS : 0x00D9C000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\mpio.sys => Invisible on the disk
ADDRESS : 0x00DA5000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00DCF000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00DE4000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00DED000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00C15000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\system32\drivers\intelide.sys => Invisible on the disk
ADDRESS : 0x00FF8000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x00C71000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\aliide.sys => Invisible on the disk
ADDRESS : 0x00C81000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdide.sys => Invisible on the disk
ADDRESS : 0x00C88000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\drivers\cmdide.sys => Invisible on the disk
ADDRESS : 0x010DC000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x010E4000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\msdsm.sys => Invisible on the disk
ADDRESS : 0x010FE000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\drivers\nvraid.sys => Invisible on the disk
ADDRESS : 0x01124000
SIZE    : 160.0 Ko

DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x0114C000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\drivers\pciide.sys => Invisible on the disk
ADDRESS : 0x0117C000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\drivers\viaide.sys => Invisible on the disk
ADDRESS : 0x01183000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\drivers\iaStorV.sys => Invisible on the disk
ADDRESS : 0x0120C000
SIZE    : 1.12 Mo

DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x0132A000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x01333000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lsi_sas.sys => Invisible on the disk
ADDRESS : 0x0135D000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\storport.sys => Invisible on the disk
ADDRESS : 0x0137A000
SIZE    : 396.0 Ko

DRIVER  : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x013DD000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\HpSAMD.sys => Invisible on the disk
ADDRESS : 0x013E8000
SIZE    : 92.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\adp94xx.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 492.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\adpahci.sys => Invisible on the disk
ADDRESS : 0x0107B000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\adpu320.sys => Invisible on the disk
ADDRESS : 0x0118B000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdsata.sys => Invisible on the disk
ADDRESS : 0x011BA000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\amdsbs.sys => Invisible on the disk
ADDRESS : 0x01469000
SIZE    : 284.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x014B0000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\arc.sys => Invisible on the disk
ADDRESS : 0x014BB000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\arcsas.sys => Invisible on the disk
ADDRESS : 0x014D4000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\elxstor.sys => Invisible on the disk
ADDRESS : 0x014EF000
SIZE    : 540.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\iirsp.sys => Invisible on the disk
ADDRESS : 0x01576000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lsi_fc.sys => Invisible on the disk
ADDRESS : 0x01587000
SIZE    : 124.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lsi_sas2.sys => Invisible on the disk
ADDRESS : 0x015A6000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lsi_scsi.sys => Invisible on the disk
ADDRESS : 0x015B9000
SIZE    : 124.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\megasas.sys => Invisible on the disk
ADDRESS : 0x015D8000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\MegaSR.sys => Invisible on the disk
ADDRESS : 0x01687000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nfrd960.sys => Invisible on the disk
ADDRESS : 0x0172B000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\nvstor.sys => Invisible on the disk
ADDRESS : 0x0173B000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ql2300.sys => Invisible on the disk
ADDRESS : 0x0181C000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\system32\DRIVERS\ql40xx.sys => Invisible on the disk
ADDRESS : 0x01766000
SIZE    : 380.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SiSRaid2.sys => Invisible on the disk
ADDRESS : 0x019C0000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\sisraid4.sys => Invisible on the disk
ADDRESS : 0x019CE000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\stexstor.sys => Invisible on the disk
ADDRESS : 0x019E6000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vsmraid.sys => Invisible on the disk
ADDRESS : 0x017C5000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01A5C000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01A00000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01CDD000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01D4F000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01D60000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01E5E000
SIZE    : 968.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01F50000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01FB0000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x02069000
SIZE    : 2.00 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x0226A000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wd.sys => Invisible on the disk
ADDRESS : 0x022B4000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x022BC000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x02308000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\drivers\sbp2port.sys => Invisible on the disk
ADDRESS : 0x02310000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x0232D000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x02367000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x02379000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x02382000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x023BC000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x02013000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x0203D000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x02046000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ehdrv.sys => Invisible on the disk
ADDRESS : 0x01FDA000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x0204D000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x01E00000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x01E25000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x0205B000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x023F7000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x01E35000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x01E3E000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x01E49000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01D6A000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01D8C000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01C00000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01C89000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x01CCE000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x01D99000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x01DA2000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x01DC8000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x01DDE000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x01A38000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x01A1B000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x0368A000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x036DB000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x036E7000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x036F2000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x03701000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x0371F000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x03730000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x03756000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x0376C000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
ADDRESS : 0x0FA1D000
SIZE    : 12.82 Mo

DRIVER  : C:\Windows\System32\Drivers\nvBridge.kmd => Invisible on the disk
ADDRESS : 0x106EE000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x106F0000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x03771000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk
ADDRESS : 0x107E4000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x03600000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x0FA00000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x03656000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\NETw5s64.sys => Invisible on the disk
ADDRESS : 0x04843000
SIZE    : 7.37 Mo

DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x04FA2000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x04FAF000
SIZE    : 200.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x04FE1000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HpqKbFiltr.sys => Invisible on the disk
ADDRESS : 0x04800000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x0480C000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x0528D000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x052E0000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x052E2000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x052F1000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x052FA000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\clwvd.sys => Invisible on the disk
ADDRESS : 0x0530A000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x05311000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x05354000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x0535A000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x05370000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x05394000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x053A0000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x053CF000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x05200000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x05221000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SCSIPORT.SYS => Invisible on the disk
ADDRESS : 0x037B7000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x0526B000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lgbtbs64.sys => Invisible on the disk
ADDRESS : 0x0526D000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x05277000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ew_jubusenum.sys => Invisible on the disk
ADDRESS : 0x0481B000
SIZE    : 112.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x05451000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x054AB000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lgvmdm64.sys => Invisible on the disk
ADDRESS : 0x054C0000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\modem.sys => Invisible on the disk
ADDRESS : 0x054CA000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lgbtpt64.sys => Invisible on the disk
ADDRESS : 0x054D9000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\stwrt64.sys => Invisible on the disk
ADDRESS : 0x054E2000
SIZE    : 508.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\portcls.sys => Invisible on the disk
ADDRESS : 0x05561000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\drmk.sys => Invisible on the disk
ADDRESS : 0x0559E000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\nvhda64v.sys => Invisible on the disk
ADDRESS : 0x055C0000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000A0000
SIZE    : 3.09 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x0543C000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x055D8000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x0164C000
SIZE    : 184.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x053EA000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00420000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x107F1000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x04837000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk
ADDRESS : 0x055F5000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00680000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x023D2000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\eamonm.sys => Invisible on the disk
ADDRESS : 0x03447000
SIZE    : 928.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x0352F000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x03544000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x03597000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x035AA000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x035C2000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x05CCD000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x05D96000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x05DB4000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwifimp.sys => Invisible on the disk
ADDRESS : 0x05DCC000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x05C00000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x05C2D000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x05C7B000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\epfwwfpr.sys => Invisible on the disk
ADDRESS : 0x05C9F000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x064B1000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x06557000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x06562000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\system32\Drivers\SSPORT.sys => Invisible on the disk
ADDRESS : 0x06593000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x0659B000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x06400000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x06A42000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x06B18000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x06B31000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\asyncmac.sys => Invisible on the disk
ADDRESS : 0x06A00000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x484F0000
SIZE    : 128.0 Ko

Device\Harddisk0\DR0 => XP MBR Code found in sector 1
Device\Harddisk0\DR0 => HP Recovery Manager found in sector 2
SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00   3À.Ð¼.|û.À.Ø.ô¿.
0x00000010   06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00   .¹..üó¤ê`.......
0x00000020   52 65 63 6F 76 65 72 79 4D 67 72 20 00 00 B9 23   RecoveryMgr ..¹#
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 0A   ................
0x00000050   00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF   ....W...........
0x00000060   86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75   .L½¾0.¬´.3ÛÍ..Àu
0x00000070   F5 E3 0B FE 06 13 06 53 53 E8 6D 00 EB 36 B8 12   õã.þ...SSèm.ë6¸.
0x00000080   5F 66 BA 51 50 48 5F CD 15 80 E3 01 74 20 EB 24   _fºQPH_Í..ã.t ë$
0x00000090   8B 16 6C 04 FA 66 A1 1C 06 BF 54 06 B1 03 F2 66   ..l.úf¡..¿T.±.òf
0x000000A0   AF FB 74 0A A1 3D 00 00 C2 83 F8 24 76 E6 B0 01   ¯ût.¡=..Â.ø$væ°.
0x000000B0   84 C0 75 1C BB C6 7D 66 8B 37 66 8B 3E 2C 06 66   .Àu.»Æ}f.7f.>,.f
0x000000C0   3B F7 74 07 80 C3 10 73 EE EB 05 BB 28 06 EB 10   ;÷t..Ã.sîë.»(.ë.
0x000000D0   BB C2 7D 80 7F FC 00 78 07 80 C3 10 73 F5 EB FE   »Â}..ü.x..Ã.sõëþ
0x000000E0   66 FF 77 04 E8 02 00 FF E4 C8 10 00 00 B4 08 B2   f.w.è...äÈ...´.²
0x000000F0   80 CD 13 8A C1 24 3F FE C6 8A D8 F6 E6 C0 E9 06   .Í..Á$?þÆ.ØöæÀé.
0x00000100   86 CD 41 91 F7 E1 39 56 06 8B 56 06 8B 46 04 73   .ÍA.÷á9V..V..F.s
0x00000110   1C F7 F1 91 92 F6 F3 86 CD C0 E1 06 02 CC 41 8A   .÷ñ..öó.ÍÀá..ÌA.
0x00000120   F0 B8 01 02 BB 00 7C 86 26 13 06 EB 14 83 C4 10   ð¸..».|.&..ë..Ä.
0x00000130   0E 0E 52 50 0E 68 00 7C 6A 01 6A 10 8B F4 B8 00   ..RP.h.|j.j..ô¸.
0x00000140   42 B2 80 CD 13 C9 C2 04 00 1E 50 53 0E 1F BB 1B   B².Í.ÉÂ...PS..».
0x00000150   06 A0 17 04 24 0F 88 47 04 E4 60 3C E0 74 1A 3C   ....$..G.ä`<àt.<
0x00000160   1D 74 10 3C 2A 74 0C 3C 36 74 08 3C 38 74 04 84   .t.<*t.<6t.<8t..
0x00000170   C0 79 06 66 83 27 00 EB 06 FE 07 02 1F 88 07 5B   Ày.f.'.ë.þ.....[
0x00000180   58 1F EA 00 00 00 00 00 00 00 00 00 00 00 00 00   X.ê.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 02 50 C0 30 00 00 80 20   .........PÀ0... 
0x000001C0   21 00 07 7E 25 19 00 08 00 00 00 38 06 00 00 7E   !..~%......8...~
0x000001D0   26 19 07 FE FF FF 00 40 06 00 00 C0 B2 23 00 FE   &..þ...@...À²#.þ
0x000001E0   FF FF 07 FE FF FF 00 00 B9 23 00 E0 89 01 00 00   ...þ....¹#.à....
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    fb              STI   
0x0008    8ec0            MOV ES, AX   
0x000A    8ed8            MOV DS, AX   
0x000C    8bf4            MOV SI, SP   
0x000E    bf 0006         MOV DI, 0x600   
0x0011    b9 0002         MOV CX, 0x200   
0x0014    fc              CLD   
0x0015    f3 a4           REP MOVSB   
0x0017    ea 6006 0000    JMP FAR 0x0:0x660   
0x001C    0000            ADD [BX+SI], AL   
0x001E    0000            ADD [BX+SI], AL   
0x0020    52              PUSH DX   
0x0021    65 636f 76      ARPL GS:[BX+0x76], BP   
0x0025    65              DB 0x65   
0x0025    65 72 79        JB 0xa1   
0x0028    4d              DEC BP   
0x0029    67              DB 0x67   
0x0029    67 72 20        JB 0x4c   
0x002C    0000            ADD [BX+SI], AL   
0x002E    b9 2300         MOV CX, 0x23   
0x0031    0000            ADD [BX+SI], AL   
0x0033    0000            ADD [BX+SI], AL   
0x0035    0000            ADD [BX+SI], AL   
0x0037    0000            ADD [BX+SI], AL   
0x0039    0000            ADD [BX+SI], AL   
0x003B    0000            ADD [BX+SI], AL   
0x003D    0000            ADD [BX+SI], AL   
0x003F    0000            ADD [BX+SI], AL   
0x0041    0000            ADD [BX+SI], AL   
0x0043    0000            ADD [BX+SI], AL   
0x0045    0000            ADD [BX+SI], AL   
0x0047    0000            ADD [BX+SI], AL   
0x0049    0000            ADD [BX+SI], AL   
0x004B    0000            ADD [BX+SI], AL   
0x004D    000d            ADD [DI], CL   
0x004F    0a00            OR AL, [BX+SI]   
0x0051    0000            ADD [BX+SI], AL   
0x0053    0057 00         ADD [BX+0x0], DL   
0x0056    0000            ADD [BX+SI], AL   
0x0058    ff              DB 0xff   
0x0059    ff              DB 0xff   
0x005A    ff              DB 0xff   
0x005B    ff              DB 0xff   
0x005C    ff              DB 0xff   
0x005D    ff              DB 0xff   
0x005E    ff              DB 0xff   
0x005F    ff86 4cbd       INC WORD [BP-0x42b4]   
0x0063    be 3006         MOV SI, 0x630   
0x0066    ac              LODSB   
0x0067    b4 0e           MOV AH, 0xe   
0x0069    33db            XOR BX, BX   
0x006B    cd 10           INT 0x10   
0x006D    0ac0            OR AL, AL   
0x006F    75 f5           JNZ 0x66   
0x0071    e3 0b           JCXZ 0x7e   
0x0073    fe06 1306       INC BYTE [0x613]   
0x0077    53              PUSH BX   
0x0078    53              PUSH BX   
0x0079    e8 6d00         CALL 0xe9   
0x007C    eb 36           JMP 0xb4   
0x007E    b8 125f         MOV AX, 0x5f12   
0x0081    66 ba 5150485f  MOV EDX, 0x5f485051   
0x0087    cd 15           INT 0x15   
0x0089    80e3 01         AND BL, 0x1   
0x008C    74 20           JZ 0xae   
0x008E    eb 24           JMP 0xb4   
0x0090    8b16 6c04       MOV DX, [0x46c]   
0x0094    fa              CLI   
0x0095    66 a1 1c06      MOV EAX, [0x61c]   
0x0099    bf 5406         MOV DI, 0x654   
0x009C    b1 03           MOV CL, 0x3   
0x009E    f2 66 af        REPNZ SCASD   
0x00A1    fb              STI   
0x00A2    74 0a           JZ 0xae   
0x00A4    a1 3d00         MOV AX, [0x3d]   
0x00A7    00c2            ADD DL, AL   
0x00A9    83f8 24         CMP AX, 0x24   
0x00AC    76 e6           JBE 0x94   
0x00AE    b0 01           MOV AL, 0x1   
0x00B0    84c0            TEST AL, AL   
0x00B2    75 1c           JNZ 0xd0   
0x00B4    bb c67d         MOV BX, 0x7dc6   
0x00B7    66 8b37         MOV ESI, [BX]   
0x00BA    66 8b3e 2c06    MOV EDI, [0x62c]   
0x00BF    66 3bf7         CMP ESI, EDI   
0x00C2    74 07           JZ 0xcb   
0x00C4    80c3 10         ADD BL, 0x10   
0x00C7    73 ee           JAE 0xb7   
0x00C9    eb 05           JMP 0xd0   
0x00CB    bb 2806         MOV BX, 0x628   
0x00CE    eb 10           JMP 0xe0   
0x00D0    bb c27d         MOV BX, 0x7dc2   
0x00D3    807f fc 00      CMP BYTE [BX-0x4], 0x0   
0x00D7    78 07           JS 0xe0   
0x00D9    80c3 10         ADD BL, 0x10   
0x00DC    73 f5           JAE 0xd3   
0x00DE    eb fe           JMP 0xde   
0x00E0    66 ff77 04      PUSH DWORD [BX+0x4]   
0x00E4    e8 0200         CALL 0xe9   
0x00E7    ffe4            JMP SP   
0x00E9    c8 1000 00      ENTER 0x10, 0x0   
0x00ED    b4 08           MOV AH, 0x8   
0x00EF    b2 80           MOV DL, 0x80   
0x00F1    cd 13           INT 0x13   
0x00F3    8ac1            MOV AL, CL   
0x00F5    24 3f           AND AL, 0x3f   
0x00F7    fec6            INC DH   
0x00F9    8ad8            MOV BL, AL   
0x00FB    f6e6            MUL DH   
0x00FD    c0e9 06         SHR CL, 0x6   
0x0100    86cd            XCHG CH, CL   
0x0102    41              INC CX   
0x0103    91              XCHG CX, AX   
0x0104    f7e1            MUL CX   
0x0106    3956 06         CMP [BP+0x6], DX   
0x0109    8b56 06         MOV DX, [BP+0x6]   
0x010C    8b46 04         MOV AX, [BP+0x4]   
0x010F    73 1c           JAE 0x12d   
0x0111    f7f1            DIV CX   
0x0113    91              XCHG CX, AX   
0x0114    92              XCHG DX, AX   
0x0115    f6f3            DIV BL   
0x0117    86cd            XCHG CH, CL   
0x0119    c0e1 06         SHL CL, 0x6   
0x011C    02cc            ADD CL, AH   
0x011E    41              INC CX   
0x011F    8af0            MOV DH, AL   
0x0121    b8 0102         MOV AX, 0x201   
0x0124    bb 007c         MOV BX, 0x7c00   
0x0127    8626 1306       XCHG [0x613], AH   
0x012B    eb 14           JMP 0x141   
0x012D    83c4 10         ADD SP, 0x10   
0x0130    0e              PUSH CS   
0x0131    0e              PUSH CS   
0x0132    52              PUSH DX   
0x0133    50              PUSH AX   
0x0134    0e              PUSH CS   
0x0135    68 007c         PUSH 0x7c00   
0x0138    6a 01           PUSH 0x1   
0x013A    6a 10           PUSH 0x10   
0x013C    8bf4            MOV SI, SP   
0x013E    b8 0042         MOV AX, 0x4200   
0x0141    b2 80           MOV DL, 0x80   
0x0143    cd 13           INT 0x13   
0x0145    c9              LEAVE   
0x0146    c2 0400         RET 0x4   
0x0149    1e              PUSH DS   
0x014A    50              PUSH AX   
0x014B    53              PUSH BX   
0x014C    0e              PUSH CS   
0x014D    1f              POP DS   
0x014E    bb 1b06         MOV BX, 0x61b   
0x0151    a0 1704         MOV AL, [0x417]   
0x0154    24 0f           AND AL, 0xf   
0x0156    8847 04         MOV [BX+0x4], AL   
0x0159    e4 60           IN AL, 0x60   
0x015B    3c e0           CMP AL, 0xe0   
0x015D    74 1a           JZ 0x179   
0x015F    3c 1d           CMP AL, 0x1d   
0x0161    74 10           JZ 0x173   
0x0163    3c 2a           CMP AL, 0x2a   
0x0165    74 0c           JZ 0x173   
0x0167    3c 36           CMP AL, 0x36   
0x0169    74 08           JZ 0x173   
0x016B    3c 38           CMP AL, 0x38   
0x016D    74 04           JZ 0x173   
0x016F    84c0            TEST AL, AL   
0x0171    79 06           JNS 0x179   
0x0173    66 8327 00      AND DWORD [BX], 0x0   
0x0177    eb 06           JMP 0x17f   
0x0179    fe07            INC BYTE [BX]   
0x017B    021f            ADD BL, [BX]   
0x017D    8807            MOV [BX], AL   
0x017F    5b              POP BX   
0x0180    58              POP AX   
0x0181    1f              POP DS   
0x0182    ea 0000 0000    JMP FAR 0x0:0x0   
0x0187    0000            ADD [BX+SI], AL   
0x0189    0000            ADD [BX+SI], AL   
0x018B    0000            ADD [BX+SI], AL   
0x018D    0000            ADD [BX+SI], AL   
0x018F    0000            ADD [BX+SI], AL   
0x0191    0000            ADD [BX+SI], AL   
0x0193    0000            ADD [BX+SI], AL   
0x0195    0000            ADD [BX+SI], AL   
0x0197    0000            ADD [BX+SI], AL   
0x0199    0000            ADD [BX+SI], AL   
0x019B    0000            ADD [BX+SI], AL   
0x019D    0000            ADD [BX+SI], AL   
0x019F    0000            ADD [BX+SI], AL   
0x01A1    0000            ADD [BX+SI], AL   
0x01A3    0000            ADD [BX+SI], AL   
0x01A5    0000            ADD [BX+SI], AL   
0x01A7    0000            ADD [BX+SI], AL   
0x01A9    0000            ADD [BX+SI], AL   
0x01AB    0000            ADD [BX+SI], AL   
0x01AD    0000            ADD [BX+SI], AL   
0x01AF    0000            ADD [BX+SI], AL   
0x01B1    0000            ADD [BX+SI], AL   
0x01B3    0000            ADD [BX+SI], AL   
0x01B5    0000            ADD [BX+SI], AL   
0x01B7    0002            ADD [BP+SI], AL   
0x01B9    50              PUSH AX   
0x01BA    c030 00         SAL BYTE [BX+SI], 0x0   
0x01BD    0080 2021       ADD [BX+SI+0x2120], AL   
0x01C1    0007            ADD [BX], AL   
0x01C3    7e 25           JLE 0x1ea   
0x01C5    1900            SBB [BX+SI], AX   
0x01C7    0800            OR [BX+SI], AL   
0x01C9    0000            ADD [BX+SI], AL   
0x01CB    3806 0000       CMP [0x0], AL   
0x01CF    7e 26           JLE 0x1f7   
0x01D1    1907            SBB [BX], AX   
0x01D3    fe              DB 0xfe   
0x01D4    ff              DB 0xff   
0x01D5    ff00            INC WORD [BX+SI]   
0x01D7    40              INC AX   
0x01D8    06              PUSH ES   
0x01D9    0000            ADD [BX+SI], AL   
0x01DB    c0b2 2300 fe    SAL BYTE [BP+SI+0x23], 0xfe   
0x01E0    ff              DB 0xff   
0x01E1    ff07            INC WORD [BX]   
0x01E3    fe              DB 0xfe   
0x01E4    ff              DB 0xff   
0x01E5    ff00            INC WORD [BX+SI]   
0x01E7    00b9 2300       ADD [BX+DI+0x23], BH   
0x01EB    e0 89           LOOPNZ 0x176   
0x01ED    0100            ADD [BX+SI], AX   
0x01EF    0000            ADD [BX+SI], AL   
0x01F1    0000            ADD [BX+SI], AL   
0x01F3    0000            ADD [BX+SI], AL   
0x01F5    0000            ADD [BX+SI], AL   
0x01F7    0000            ADD [BX+SI], AL   
0x01F9    0000            ADD [BX+SI], AL   
0x01FB    0000            ADD [BX+SI], AL   
0x01FD    0055 aa         ADD [DI-0x56], DL   


_______MBR   \Device\Harddisk1\DR1  

0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 82   ................
0x000001C0   03 00 0C FE FF FF 00 20 00 00 00 58 C7 03 00 00   ...þ... ...XÇ...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    0000            ADD [BX+SI], AL   
0x0002    0000            ADD [BX+SI], AL   
0x0004    0000            ADD [BX+SI], AL   
0x0006    0000            ADD [BX+SI], AL   
0x0008    0000            ADD [BX+SI], AL   
0x000A    0000            ADD [BX+SI], AL   
0x000C    0000            ADD [BX+SI], AL   
0x000E    0000            ADD [BX+SI], AL   
0x0010    0000            ADD [BX+SI], AL   
0x0012    0000            ADD [BX+SI], AL   
0x0014    0000            ADD [BX+SI], AL   
0x0016    0000            ADD [BX+SI], AL   
0x0018    0000            ADD [BX+SI], AL   
0x001A    0000            ADD [BX+SI], AL   
0x001C    0000            ADD [BX+SI], AL   
0x001E    0000            ADD [BX+SI], AL   
0x0020    0000            ADD [BX+SI], AL   
0x0022    0000            ADD [BX+SI], AL   
0x0024    0000            ADD [BX+SI], AL   
0x0026    0000            ADD [BX+SI], AL   
0x0028    0000            ADD [BX+SI], AL   
0x002A    0000            ADD [BX+SI], AL   
0x002C    0000            ADD [BX+SI], AL   
0x002E    0000            ADD [BX+SI], AL   
0x0030    0000            ADD [BX+SI], AL   
0x0032    0000            ADD [BX+SI], AL   
0x0034    0000            ADD [BX+SI], AL   
0x0036    0000            ADD [BX+SI], AL   
0x0038    0000            ADD [BX+SI], AL   
0x003A    0000            ADD [BX+SI], AL   
0x003C    0000            ADD [BX+SI], AL   
0x003E    0000            ADD [BX+SI], AL   
0x0040    0000            ADD [BX+SI], AL   
0x0042    0000            ADD [BX+SI], AL   
0x0044    0000            ADD [BX+SI], AL   
0x0046    0000            ADD [BX+SI], AL   
0x0048    0000            ADD [BX+SI], AL   
0x004A    0000            ADD [BX+SI], AL   
0x004C    0000            ADD [BX+SI], AL   
0x004E    0000            ADD [BX+SI], AL   
0x0050    0000            ADD [BX+SI], AL   
0x0052    0000            ADD [BX+SI], AL   
0x0054    0000            ADD [BX+SI], AL   
0x0056    0000            ADD [BX+SI], AL   
0x0058    0000            ADD [BX+SI], AL   
0x005A    0000            ADD [BX+SI], AL   
0x005C    0000            ADD [BX+SI], AL   
0x005E    0000            ADD [BX+SI], AL   
0x0060    0000            ADD [BX+SI], AL   
0x0062    0000            ADD [BX+SI], AL   
0x0064    0000            ADD [BX+SI], AL   
0x0066    0000            ADD [BX+SI], AL   
0x0068    0000            ADD [BX+SI], AL   
0x006A    0000            ADD [BX+SI], AL   
0x006C    0000            ADD [BX+SI], AL   
0x006E    0000            ADD [BX+SI], AL   
0x0070    0000            ADD [BX+SI], AL   
0x0072    0000            ADD [BX+SI], AL   
0x0074    0000            ADD [BX+SI], AL   
0x0076    0000            ADD [BX+SI], AL   
0x0078    0000            ADD [BX+SI], AL   
0x007A    0000            ADD [BX+SI], AL   
0x007C    0000            ADD [BX+SI], AL   
0x007E    0000            ADD [BX+SI], AL   
0x0080    0000            ADD [BX+SI], AL   
0x0082    0000            ADD [BX+SI], AL   
0x0084    0000            ADD [BX+SI], AL   
0x0086    0000            ADD [BX+SI], AL   
0x0088    0000            ADD [BX+SI], AL   
0x008A    0000            ADD [BX+SI], AL   
0x008C    0000            ADD [BX+SI], AL   
0x008E    0000            ADD [BX+SI], AL   
0x0090    0000            ADD [BX+SI], AL   
0x0092    0000            ADD [BX+SI], AL   
0x0094    0000            ADD [BX+SI], AL   
0x0096    0000            ADD [BX+SI], AL   
0x0098    0000            ADD [BX+SI], AL   
0x009A    0000            ADD [BX+SI], AL   
0x009C    0000            ADD [BX+SI], AL   
0x009E    0000            ADD [BX+SI], AL   
0x00A0    0000            ADD [BX+SI], AL   
0x00A2    0000            ADD [BX+SI], AL   
0x00A4    0000            ADD [BX+SI], AL   
0x00A6    0000            ADD [BX+SI], AL   
0x00A8    0000            ADD [BX+SI], AL   
0x00AA    0000            ADD [BX+SI], AL   
0x00AC    0000            ADD [BX+SI], AL   
0x00AE    0000            ADD [BX+SI], AL   
0x00B0    0000            ADD [BX+SI], AL   
0x00B2    0000            ADD [BX+SI], AL   
0x00B4    0000            ADD [BX+SI], AL   
0x00B6    0000            ADD [BX+SI], AL   
0x00B8    0000            ADD [BX+SI], AL   
0x00BA    0000            ADD [BX+SI], AL   
0x00BC    0000            ADD [BX+SI], AL   
0x00BE    0000            ADD [BX+SI], AL   
0x00C0    0000            ADD [BX+SI], AL   
0x00C2    0000            ADD [BX+SI], AL   
0x00C4    0000            ADD [BX+SI], AL   
0x00C6    0000            ADD [BX+SI], AL   
0x00C8    0000            ADD [BX+SI], AL   
0x00CA    0000            ADD [BX+SI], AL   
0x00CC    0000            ADD [BX+SI], AL   
0x00CE    0000            ADD [BX+SI], AL   
0x00D0    0000            ADD [BX+SI], AL   
0x00D2    0000            ADD [BX+SI], AL   
0x00D4    0000            ADD [BX+SI], AL   
0x00D6    0000            ADD [BX+SI], AL   
0x00D8    0000            ADD [BX+SI], AL   
0x00DA    0000            ADD [BX+SI], AL   
0x00DC    0000            ADD [BX+SI], AL   
0x00DE    0000            ADD [BX+SI], AL   
0x00E0    0000            ADD [BX+SI], AL   
0x00E2    0000            ADD [BX+SI], AL   
0x00E4    0000            ADD [BX+SI], AL   
0x00E6    0000            ADD [BX+SI], AL   
0x00E8    0000            ADD [BX+SI], AL   
0x00EA    0000            ADD [BX+SI], AL   
0x00EC    0000            ADD [BX+SI], AL   
0x00EE    0000            ADD [BX+SI], AL   
0x00F0    0000            ADD [BX+SI], AL   
0x00F2    0000            ADD [BX+SI], AL   
0x00F4    0000            ADD [BX+SI], AL   
0x00F6    0000            ADD [BX+SI], AL   
0x00F8    0000            ADD [BX+SI], AL   
0x00FA    0000            ADD [BX+SI], AL   
0x00FC    0000            ADD [BX+SI], AL   
0x00FE    0000            ADD [BX+SI], AL   
0x0100    0000            ADD [BX+SI], AL   
0x0102    0000            ADD [BX+SI], AL   
0x0104    0000            ADD [BX+SI], AL   
0x0106    0000            ADD [BX+SI], AL   
0x0108    0000            ADD [BX+SI], AL   
0x010A    0000            ADD [BX+SI], AL   
0x010C    0000            ADD [BX+SI], AL   
0x010E    0000            ADD [BX+SI], AL   
0x0110    0000            ADD [BX+SI], AL   
0x0112    0000            ADD [BX+SI], AL   
0x0114    0000            ADD [BX+SI], AL   
0x0116    0000            ADD [BX+SI], AL   
0x0118    0000            ADD [BX+SI], AL   
0x011A    0000            ADD [BX+SI], AL   
0x011C    0000            ADD [BX+SI], AL   
0x011E    0000            ADD [BX+SI], AL   
0x0120    0000            ADD [BX+SI], AL   
0x0122    0000            ADD [BX+SI], AL   
0x0124    0000            ADD [BX+SI], AL   
0x0126    0000            ADD [BX+SI], AL   
0x0128    0000            ADD [BX+SI], AL   
0x012A    0000            ADD [BX+SI], AL   
0x012C    0000            ADD [BX+SI], AL   
0x012E    0000            ADD [BX+SI], AL   
0x0130    0000            ADD [BX+SI], AL   
0x0132    0000            ADD [BX+SI], AL   
0x0134    0000            ADD [BX+SI], AL   
0x0136    0000            ADD [BX+SI], AL   
0x0138    0000            ADD [BX+SI], AL   
0x013A    0000            ADD [BX+SI], AL   
0x013C    0000            ADD [BX+SI], AL   
0x013E    0000            ADD [BX+SI], AL   
0x0140    0000            ADD [BX+SI], AL   
0x0142    0000            ADD [BX+SI], AL   
0x0144    0000            ADD [BX+SI], AL   
0x0146    0000            ADD [BX+SI], AL   
0x0148    0000            ADD [BX+SI], AL   
0x014A    0000            ADD [BX+SI], AL   
0x014C    0000            ADD [BX+SI], AL   
0x014E    0000            ADD [BX+SI], AL   
0x0150    0000            ADD [BX+SI], AL   
0x0152    0000            ADD [BX+SI], AL   
0x0154    0000            ADD [BX+SI], AL   
0x0156    0000            ADD [BX+SI], AL   
0x0158    0000            ADD [BX+SI], AL   
0x015A    0000            ADD [BX+SI], AL   
0x015C    0000            ADD [BX+SI], AL   
0x015E    0000            ADD [BX+SI], AL   
0x0160    0000            ADD [BX+SI], AL   
0x0162    0000            ADD [BX+SI], AL   
0x0164    0000            ADD [BX+SI], AL   
0x0166    0000            ADD [BX+SI], AL   
0x0168    0000            ADD [BX+SI], AL   
0x016A    0000            ADD [BX+SI], AL   
0x016C    0000            ADD [BX+SI], AL   
0x016E    0000            ADD [BX+SI], AL   
0x0170    0000            ADD [BX+SI], AL   
0x0172    0000            ADD [BX+SI], AL   
0x0174    0000            ADD [BX+SI], AL   
0x0176    0000            ADD [BX+SI], AL   
0x0178    0000            ADD [BX+SI], AL   
0x017A    0000            ADD [BX+SI], AL   
0x017C    0000            ADD [BX+SI], AL   
0x017E    0000            ADD [BX+SI], AL   
0x0180    0000            ADD [BX+SI], AL   
0x0182    0000            ADD [BX+SI], AL   
0x0184    0000            ADD [BX+SI], AL   
0x0186    0000            ADD [BX+SI], AL   
0x0188    0000            ADD [BX+SI], AL   
0x018A    0000            ADD [BX+SI], AL   
0x018C    0000            ADD [BX+SI], AL   
0x018E    0000            ADD [BX+SI], AL   
0x0190    0000            ADD [BX+SI], AL   
0x0192    0000            ADD [BX+SI], AL   
0x0194    0000            ADD [BX+SI], AL   
0x0196    0000            ADD [BX+SI], AL   
0x0198    0000            ADD [BX+SI], AL   
0x019A    0000            ADD [BX+SI], AL   
0x019C    0000            ADD [BX+SI], AL   
0x019E    0000            ADD [BX+SI], AL   
0x01A0    0000            ADD [BX+SI], AL   
0x01A2    0000            ADD [BX+SI], AL   
0x01A4    0000            ADD [BX+SI], AL   
0x01A6    0000            ADD [BX+SI], AL   
0x01A8    0000            ADD [BX+SI], AL   
0x01AA    0000            ADD [BX+SI], AL   
0x01AC    0000            ADD [BX+SI], AL   
0x01AE    0000            ADD [BX+SI], AL   
0x01B0    0000            ADD [BX+SI], AL   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0000            ADD [BX+SI], AL   
0x01B6    0000            ADD [BX+SI], AL   
0x01B8    0000            ADD [BX+SI], AL   
0x01BA    0000            ADD [BX+SI], AL   
0x01BC    0000            ADD [BX+SI], AL   
0x01BE    0082 0300       ADD [BP+SI+0x3], AL   
0x01C2    0c fe           OR AL, 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff00            INC WORD [BX+SI]   
0x01C7    2000            AND [BX+SI], AL   
0x01C9    0000            ADD [BX+SI], AL   
0x01CB    58              POP AX   
0x01CC    c703 0000       MOV WORD [BP+DI], 0x0   
0x01D0    0000            ADD [BX+SI], AL   
0x01D2    0000            ADD [BX+SI], AL   
0x01D4    0000            ADD [BX+SI], AL   
0x01D6    0000            ADD [BX+SI], AL   
0x01D8    0000            ADD [BX+SI], AL   
0x01DA    0000            ADD [BX+SI], AL   
0x01DC    0000            ADD [BX+SI], AL   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB

balek · #10 Příspěvek od **balek** » 02 led 2013 23:44

Subory Dump0:
Agnitum - 20130102
AntiVir - 20130102
Antiy-AVL - 20130102
Avast - 20130102
AVG - 20130102
BitDefender - 20130102
CAT-QuickHeal - 20130102
ClamAV - 20130102
Commtouch - 20130102
Comodo - 20130102
DrWeb - 20130102
Emsisoft - 20130102
eSafe - 20130101
ESET-NOD32 - 20130102
F-Prot - 20130102
F-Secure - 20130102
Fortinet - 20130102
GData - 20130102
Ikarus - 20130102
Jiangmin - 20121221
K7AntiVirus - 20130102
Kaspersky - 20130102
Kingsoft - 20121225
Malwarebytes - 20130102
McAfee - 20130102
McAfee-GW-Edition - 20130102
Microsoft - 20130102
MicroWorld-eScan - 20130102
NANO-Antivirus - 20130102
Norman - 20130102
nProtect - 20130102
Panda - 20130102
PCTools - 20130102
Rising - 20121228
Sophos - 20130102
SUPERAntiSpyware - 20130102
TheHacker - 20130102
TotalDefense - 20130102
TrendMicro - 20130102
TrendMicro-HouseCall - 20130102
VBA32 - 20130102
VIPRE - 20130102
ViRobot - 20130102

A subor Dump1
Agnitum - 20130102
AhnLab-V3 - 20130102
AntiVir - 20130102
Antiy-AVL - 20130102
Avast - 20130102
AVG - 20130102
BitDefender - 20130102
ByteHero - 20121226
CAT-QuickHeal - 20130102
ClamAV - 20130102
Commtouch - 20130102
Comodo - 20130102
DrWeb - 20130102
Emsisoft - 20130102
eSafe - 20130101
ESET-NOD32 - 20130102
F-Prot - 20130102
F-Secure - 20130102
Fortinet - 20130102
GData - 20130102
Ikarus - 20130102
Jiangmin - 20121221
K7AntiVirus - 20130102
Kaspersky - 20130102
Kingsoft - 20121225
Malwarebytes - 20130102
McAfee - 20130102
McAfee-GW-Edition - 20130102
Microsoft - 20130102
MicroWorld-eScan - 20130102
NANO-Antivirus - 20130102
Norman - 20130102
nProtect - 20130102
Panda - 20130102
PCTools - 20130102
Rising - 20121228
Sophos - 20130102
SUPERAntiSpyware - 20130102
Symantec - 20130102
TheHacker - 20130102
TotalDefense - 20130102
TrendMicro - 20130102
TrendMicro-HouseCall - 20130102
VBA32 - 20130102
VIPRE - 20130102
ViRobot - 20130102

balek · #11 Příspěvek od **balek** » 04 led 2013 03:05

Prepáč, včera som len tak ako vždy skúšal, či ten súbor Iterra\klsjwne.dll možno zmazať - predtým vždy vyhlasoval, že ho zmazať nemôže ani antivirak ani ja... myslel som, ze to znova odmietne... ale on ho zmazal, preto tam budes mat urcite ze ten subor neexistuje... Len aby si vedel, preco... Možno som to nemal, no len som to skusal a on ho zmazal...

Robert

Tu je log z CF:

ComboFix 13-01-02.01 - Роберт 04.01.2013 1:15.2.2 - x64
Microsoft Windows 7 Домашняя расширенная 6.1.7601.1.1251.7.1049.18.3069.1530 [GMT 4:00]
Running from: c:\users\Роберт\Desktop\ComboFix.exe
Command switches used :: c:\users\Роберт\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
c:\windows\system32\ntoskrnl.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 )))))))))))))))))))))))))))))))
.
.
2013-01-03 21:34 . 2013-01-03 21:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-03 21:34 . 2013-01-03 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-01 21:29 . 2013-01-01 21:29 512 ----a-w- C:\PhysicalMBR.bin
2013-01-01 13:30 . 2013-01-01 19:31 -------- d-----w- c:\program files\trend micro
2013-01-01 13:30 . 2013-01-01 13:30 -------- d-----w- C:\rsit
2013-01-01 11:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CCEA04F-3E71-4328-9F25-CDBF3B683329}\mpengine.dll
2012-12-27 08:35 . 2012-12-27 08:36 -------- d-----w- c:\users\Роберт\AppData\Local\Webalta Toolbar
2012-12-21 21:47 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 21:47 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 21:47 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:47 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 22:16 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 22:15 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 22:15 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-11 17:22 . 2012-12-11 17:22 -------- d-----w- c:\programdata\Protexis
2012-12-11 17:22 . 2012-12-11 17:22 -------- d-----w- c:\users\Роберт\AppData\Roaming\Corel
2012-12-11 17:14 . 2012-12-11 17:14 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-12-11 17:14 . 2012-12-11 17:15 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-12-11 17:12 . 2012-12-11 17:12 -------- d-----w- c:\program files (x86)\Common Files\Corel
2012-12-11 17:10 . 2012-12-11 17:10 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-12-11 17:10 . 2012-12-11 17:10 -------- d-----w- c:\programdata\Corel
2012-12-11 17:03 . 2012-12-11 17:03 -------- d-----w- c:\program files (x86)\Corel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:09 . 2010-05-23 06:07 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 05:44 . 2012-04-26 21:29 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 05:44 . 2011-07-02 00:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-17 21:20 . 2012-11-17 21:21 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-11-17 21:20 . 2012-11-17 21:21 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-11-17 21:20 . 2012-11-17 21:21 90112 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-11-17 21:20 . 2012-11-17 21:21 76800 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-11-17 21:20 . 2012-11-17 21:21 450048 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-11-17 21:20 . 2012-11-17 21:21 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-11-17 21:20 . 2012-11-17 21:21 30720 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-11-17 21:20 . 2012-11-17 21:21 238080 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-11-17 21:20 . 2012-11-17 21:21 225920 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-11-17 21:20 . 2012-11-17 21:21 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-11-17 21:20 . 2012-11-17 21:21 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-11-17 21:20 . 2012-11-17 21:21 104448 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-11-17 21:20 . 2012-11-17 21:21 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-11-17 21:20 . 2008-07-08 18:55 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-10-16 08:38 . 2012-11-28 07:56 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 07:56 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 07:56 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-19 20:01 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-19 20:01 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-19 20:01 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-19 20:01 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\SysWOW64\srvany.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 8192
Created time: 2010-05-23 07:03
Modified time: 2003-04-18 10:06
MD5: 4635935FC972C582632BF45C26BFCB0E
SHA1: 7C5329229042535FE56E74F1F246C6DA8CEA3BE8
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
"{fe704bf8-384b-44e1-8cf2-8dbeb3637a8a}"= "mscoree.dll" [2010-11-05 297808]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{fe704bf8-384b-44e1-8cf2-8dbeb3637a8a}]
[HKEY_CLASSES_ROOT\nsWebAlta.WebAltaSearchBar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"multifon.exe"="c:\program files (x86)\MegaFon\MultiFon\multifon.exe" [2010-12-10 5852672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe_ID0ENQBO"=c:\progra~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Guard.Mail.ru.gui"="c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run
"WirelessAssistant"=c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"QlbCtrl.exe"=c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MegaFon Modem. RunOuc;MegaFon Modem. OUC;c:\program files (x86)\MegaFon Modem\UpdateDog\ouc.exe [2012-11-17 240640]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-14 284016]
R3 C7xxUSB;Samsung CMC7xx USB Network Driver;c:\windows\system32\DRIVERS\C7xUSB76.sys [2009-07-30 47616]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-11-17 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-11-17 13952]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-11-17 450048]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-23 1038088]
R3 gmhidlow;HID Mouse Lower Filter;c:\windows\system32\DRIVERS\gmhidlow.sys [2009-07-01 14720]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-11-17 104448]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-11-17 30720]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-11-17 238080]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [2009-07-20 7058432]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R4 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2012-11-30 2224232]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 163888]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-04-07 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-07 124760]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-18 2118976]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-02 32880]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-11-17 90112]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [2009-06-19 16384]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [2009-06-19 14848]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [2009-06-19 17408]
S3 NETw5s64;Драйвер адаптера Intel(R) Wireless WiFi Link серии 5000 для Windows 7 64 Bit ;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-08 11856]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 09:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 05:44]
.
2012-08-15 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 11:03]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 18:44]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 18:44]
.
2012-12-22 c:\windows\Tasks\HPCeeScheduleForРоберт.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 01:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"gmPoint"="c:\program files\Philips SPM 7800\gmPoint.exe" [2009-07-22 68608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2839840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-14 171520]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.ru/cnt/7829
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://webalta.ru/search
IE: &Экспорт в Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Добавить к существующему PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Добавить содержимое по ссылке в существующий файл PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Преобразовать в Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Преобразовать содержимое по ссылке в PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files (x86)\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\program files (x86)\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files (x86)\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files (x86)\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files (x86)\Translator\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{824FB4FA-1D9E-47B1-AA77-1DBE3203E76F}: NameServer = 10.77.48.49 10.77.48.33
TCP: Interfaces\{953DD3EA-31E9-4D48-B583-B704887A3A77}: NameServer = 10.77.48.49 10.77.48.33
TCP: Interfaces\{D15B9EEB-A53D-42D5-949D-962102EDDBB9}: NameServer = 10.77.48.49 10.77.48.33
FF - ProfilePath - c:\users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\
FF - prefs.js: browser.search.selectedEngine - РџРѕРёСЃРє@Mail.Ru
FF - prefs.js: browser.startup.homepage - hxxp://www.mail.ru/cnt/7829
FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?fr=fftb&q=
FF - ExtSQL: 2012-11-05 23:10; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Yota Access Service (Modems)]
"ImagePath"="\"C:/Program Files (x86)/Yota/Yota Access (Modems)/YotaAccessService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Yota Access Service (Modems)]
"ImagePath"="\"C:/Program Files (x86)/Yota/Yota Access (Modems)/YotaAccessService.exe\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\programdata\MegaFon Modem\OnlineUpdate\ouc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2013-01-04 02:11:27 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-03 22:11
ComboFix2.txt 2013-01-02 15:11
.
Pre-Run: 158 240 231 424 байт свободно
Post-Run: 158 057 558 016 байт свободно
.
- - End Of File - - 73F9BE1CE975ED0E458336F9096A6185

balek · #12 Příspěvek od **balek** » 04 led 2013 22:36

Pri spúšťaní Windowsu mi začalo písať - jeden z diskov je poškodený - a mám len C - tak kontroluje konzistenciu disku C - začína vypisovat hlasku - cosi deleting mising 127 -- a vypisuje toho velmi vela... Radsej som to stopol... a pri každom restarte sa to objavuje po uvodnej obrazovke okna Windows - preskoci do ciernobieleho rezimu a scanuje disk C a vypisuje hlasky cosi o deletacii... Co to je? Sposobili to tie programy co spustam na tvoj povel? To by bolo velmi zle... neviem co mam s tym robit - zatial to preskakujem - hovori stlacte lubovolnu klavesu na preskocenie... ale to sa musi nejako opravit - je moznost opravit ten disk nejako cez nejaky program? Proste preskenovat a opravit aby to uz nevypisoval?

Adwcleaner S1:
# AdwCleaner v2.104 - Logfile created 01/04/2013 at 20:25:25
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Роберт - РОБЕРТ-ПК
# Boot Mode : Normal
# Running from : C:\DATA\INSTAL\Malware\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Freecorder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Deleted : C:\Users\Роберт\AppData\Local\Conduit
Folder Deleted : C:\Users\Роберт\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Роберт\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Роберт\AppData\LocalLow\Freecorder
Folder Deleted : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\Conduit
Folder Deleted : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\CT1060933
Folder Deleted : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\extensions\staged
Folder Deleted : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\Smartbar
Folder Deleted : C:\Users\Роберт\Documents\Freecorder

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2720081
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00E19F60-3D44-4782-90A8-8606F57795B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C666C631-E0B2-42AC-98D3-8E744C7587A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (ru)

File : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\prefs.js

C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\user.js ... Deleted !

Deleted : user_pref("CT1060933.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT1060933.1000082.state", "{\"state\":\"stopped\",\"text\":\"KFOG\",\"description\":\"KFO[...]
Deleted : user_pref("CT1060933.129677514212584059.APP_WIN_FEATURES", "resizable=no,scrollbars=no,titlebar=no,o[...]
Deleted : user_pref("CT1060933.129686665230467549.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll=no,savel[...]
Deleted : user_pref("CT1060933.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT1060933.FirstTime", "true");
Deleted : user_pref("CT1060933.FirstTimeFF3", "true");
Deleted : user_pref("CT1060933.UserID", "UN30708261954842164");
Deleted : user_pref("CT1060933.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT1060933.autoDisableScopes", 0);
Deleted : user_pref("CT1060933.autocompletepro_enable", "1");
Deleted : user_pref("CT1060933.autocompletepro_enable_auto", "1");
Deleted : user_pref("CT1060933.cbcountry_001", "RU");
Deleted : user_pref("CT1060933.cbfirsttime", "Sun Jun 17 2012 01:11:43 GMT+0400");
Deleted : user_pref("CT1060933.defaultSearch", "false");
Deleted : user_pref("CT1060933.embeddedsData", "[{\"appId\":\"128280995260143876\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT1060933.enableAlerts", "false");
Deleted : user_pref("CT1060933.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT1060933.firstTimeDialogOpened", "true");
Deleted : user_pref("CT1060933.fixPageNotFoundError", "true");
Deleted : user_pref("CT1060933.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT1060933.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT1060933.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT1060933.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.isNewTabEnabled", true);
Deleted : user_pref("CT1060933.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT1060933.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT1060933.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.google.com%[...]
Deleted : user_pref("CT1060933.openThankYouPage", "false");
Deleted : user_pref("CT1060933.openUninstallPage", "true");
Deleted : user_pref("CT1060933.search.searchAppId", "128280995260143876");
Deleted : user_pref("CT1060933.search.searchCount", "0");
Deleted : user_pref("CT1060933.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT1060933.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT1060933.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT1060933.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT1060933.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352358805676");
Deleted : user_pref("CT1060933.serviceLayer_services_appTracking_lastUpdate", "1352358803879");
Deleted : user_pref("CT1060933.serviceLayer_services_appsMetadata_lastUpdate", "1352358805372");
Deleted : user_pref("CT1060933.serviceLayer_services_clientErrorLog_lastUpdate", "1352358803840");
Deleted : user_pref("CT1060933.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352358805541");
Deleted : user_pref("CT1060933.serviceLayer_services_login_10.10.2.10_lastUpdate", "1352358803612");
Deleted : user_pref("CT1060933.serviceLayer_services_optimizer_lastUpdate", "1339881087561");
Deleted : user_pref("CT1060933.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352358805472");
Deleted : user_pref("CT1060933.serviceLayer_services_searchAPI_lastUpdate", "1352358805796");
Deleted : user_pref("CT1060933.serviceLayer_services_serviceMap_lastUpdate", "1352358803233");
Deleted : user_pref("CT1060933.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352358805046");
Deleted : user_pref("CT1060933.serviceLayer_services_toolbarSettings_lastUpdate", "1352358805602");
Deleted : user_pref("CT1060933.serviceLayer_services_translation_lastUpdate", "1352358804969");
Deleted : user_pref("CT1060933.settingsINI", true);
Deleted : user_pref("CT1060933.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT1060933.smartbar.CTID", "CT1060933");
Deleted : user_pref("CT1060933.smartbar.Uninstall", "0");
Deleted : user_pref("CT1060933.smartbar.toolbarName", "Freecorder ");
Deleted : user_pref("CT1060933.startPage", "false");
Deleted : user_pref("CT1060933.toolbarBornServerTime", "17-6-2012");
Deleted : user_pref("CT1060933.toolbarCurrentServerTime", "10-7-2012");
Deleted : user_pref("CT1060933.url_history0001", "hxxps://www.google.com:::clickhandler:::1340969825932,,,hxxp[...]
Deleted : user_pref("CT2720081.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2720081.CTID", "CT2720081");
Deleted : user_pref("CT2720081.CurrentServerDate", "25-10-2010");
Deleted : user_pref("CT2720081.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2720081.DownloadReferralCookieData", "");
Deleted : user_pref("CT2720081.EMailNotifierPollDate", "Mon Oct 25 2010 09:42:34 GMT+0400");
Deleted : user_pref("CT2720081.FeedLastCount129248891425073064", 200);
Deleted : user_pref("CT2720081.FeedPollDate129225116238185771", "Mon Oct 25 2010 09:27:34 GMT+0400");
Deleted : user_pref("CT2720081.FeedPollDate129225147492879732", "Mon Oct 25 2010 09:27:34 GMT+0400");
Deleted : user_pref("CT2720081.FeedPollDate129245643951202078", "Mon Oct 25 2010 09:27:34 GMT+0400");
Deleted : user_pref("CT2720081.FeedPollDate129245643951202084", "Mon Oct 25 2010 09:27:34 GMT+0400");
Deleted : user_pref("CT2720081.FeedTTL129225116238185771", 40);
Deleted : user_pref("CT2720081.FeedTTL129225147492879732", 40);
Deleted : user_pref("CT2720081.FeedTTL129245643951202078", 40);
Deleted : user_pref("CT2720081.FeedTTL129245643951202084", 40);
Deleted : user_pref("CT2720081.FirstServerDate", "10-10-2010");
Deleted : user_pref("CT2720081.FirstTime", true);
Deleted : user_pref("CT2720081.FirstTimeFF3", true);
Deleted : user_pref("CT2720081.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2720081.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2720081.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2720081.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2720081.Initialize", true);
Deleted : user_pref("CT2720081.InitializeCommonPrefs", true);
Deleted : user_pref("CT2720081.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2720081.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2720081.InstalledDate", "Sun Oct 10 2010 14:39:28 GMT+0400");
Deleted : user_pref("CT2720081.InvalidateCache", false);
Deleted : user_pref("CT2720081.IsGrouping", false);
Deleted : user_pref("CT2720081.IsMulticommunity", false);
Deleted : user_pref("CT2720081.IsOpenThankYouPage", false);
Deleted : user_pref("CT2720081.IsOpenUninstallPage", true);
Deleted : user_pref("CT2720081.LanguagePackLastCheckTime", "Mon Oct 25 2010 00:07:58 GMT+0400");
Deleted : user_pref("CT2720081.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2720081.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2720081.LastLogin_2.7.2.0", "Mon Oct 25 2010 09:27:34 GMT+0400");
Deleted : user_pref("CT2720081.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2720081.Locale", "en");
Deleted : user_pref("CT2720081.LoginCache", 4);
Deleted : user_pref("CT2720081.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2720081.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2720081.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2720081.RadioIsPodcast", false);
Deleted : user_pref("CT2720081.RadioLastCheckTime", "Sun Oct 24 2010 23:35:45 GMT+0400");
Deleted : user_pref("CT2720081.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2720081.RadioLastUpdateServer", "129248947734170000");
Deleted : user_pref("CT2720081.RadioMediaID", "21079850");
Deleted : user_pref("CT2720081.RadioMediaType", "Media Player");
Deleted : user_pref("CT2720081.RadioMenuSelectedID", "EBRadioMenu_CT272008121079850");
Deleted : user_pref("CT2720081.RadioStationName", "AHL%20-%20Grand%20Rapids%20Griffins");
Deleted : user_pref("CT2720081.RadioStationURL", "hxxp://cdncon.wm.llnwd.net/cdncon_neulion1_ahl_griffins?eid=[...]
Deleted : user_pref("CT2720081.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2720081.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2720081.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Deleted : user_pref("CT2720081.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2720081.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2720081.SearchInNewTabLastCheckTime", "Mon Oct 25 2010 00:07:56 GMT+0400");
Deleted : user_pref("CT2720081.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2720081.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2720081.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2720081.SettingsLastCheckTime", "Mon Oct 25 2010 09:27:34 GMT+0400");
Deleted : user_pref("CT2720081.SettingsLastUpdate", "1287507412");
Deleted : user_pref("CT2720081.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2720081.ThirdPartyComponentsLastCheck", "Sun Oct 10 2010 14:39:26 GMT+0400");
Deleted : user_pref("CT2720081.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2720081.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2720081.UserID", "UN24868216243432073");
Deleted : user_pref("CT2720081.ValidationData_Search", 0);
Deleted : user_pref("CT2720081.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2720081.WeatherNetwork", "");
Deleted : user_pref("CT2720081.WeatherPollDate", "Mon Oct 25 2010 09:27:35 GMT+0400");
Deleted : user_pref("CT2720081.WeatherUnit", "C");
Deleted : user_pref("CT2720081.alertChannelId", "1112366");
Deleted : user_pref("CT2720081.backendstorage.ct2720081ads1", "25374225323261647325323225334125354225374225323[...]
Deleted : user_pref("CT2720081.backendstorage.ct2720081current_term", "");
Deleted : user_pref("CT2720081.backendstorage.ct2720081sdate", "3235");
Deleted : user_pref("CT2720081.clientLogIsEnabled", false);
Deleted : user_pref("CT2720081.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2720081.myStuffEnabled", true);
Deleted : user_pref("CT2720081.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2720081.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2720081.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2720081.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2720081.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2720081");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2720081");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 720);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Oct 25 2010 00:07:56 GMT+0400");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Oct 25 2010 00:07:56 GMT+0400");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1283688156");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{2b1f5b55-8583-4f4b-9634-026f30cc27b4}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Oct 25 2010 00:07:57 GMT+0400");
Deleted : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Mon Oct 25 2010 09:27:37 GMT+0400[...]
Deleted : user_pref("CommunityToolbar.twitter.user_2557521.LastCheckTime", "Mon Oct 25 2010 09:27:37 GMT+0400"[...]
Deleted : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Mon Oct 25 2010 09:27:37 GMT+0400")[...]
Deleted : user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Mon Oct 25 2010 09:27:37 GMT+0400")[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Роберт\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.11.1661.0

File : C:\Users\Роберт\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [18518 octets] - [04/01/2013 20:24:11]
AdwCleaner[S1].txt - [18827 octets] - [04/01/2013 20:25:25]

########## EOF - C:\AdwCleaner[S1].txt - [18888 octets] ##########

balek · #13 Příspěvek od **balek** » 04 led 2013 22:37

Adwcleaner R1:

# AdwCleaner v2.104 - Logfile created 01/04/2013 at 20:24:11
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Роберт - РОБЕРТ-ПК
# Boot Mode : Normal
# Running from : C:\DATA\INSTAL\Malware\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Babylon
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Freecorder
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Found : C:\Users\Роберт\AppData\Local\Conduit
Folder Found : C:\Users\Роберт\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Users\Роберт\AppData\LocalLow\Conduit
Folder Found : C:\Users\Роберт\AppData\LocalLow\Freecorder
Folder Found : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\Conduit
Folder Found : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\CT1060933
Folder Found : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\extensions\staged
Folder Found : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\Smartbar
Folder Found : C:\Users\Роберт\Documents\Freecorder

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Freecorder
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2720081
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freecorder
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00E19F60-3D44-4782-90A8-8606F57795B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C666C631-E0B2-42AC-98D3-8E744C7587A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKU\S-1-5-21-3230796184-2078270539-655684660-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (ru)

File : C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\prefs.js

Found : user_pref("CT1060933.1000082.isPlayDisplay", "true");
Found : user_pref("CT1060933.1000082.state", "{\"state\":\"stopped\",\"text\":\"KFOG\",\"description\":\"KFO[...]
Found : user_pref("CT1060933.129677514212584059.APP_WIN_FEATURES", "resizable=no,scrollbars=no,titlebar=no,o[...]
Found : user_pref("CT1060933.129686665230467549.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll=no,savel[...]
Found : user_pref("CT1060933.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1060933.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT1060933.FirstTime", "true");
Found : user_pref("CT1060933.FirstTimeFF3", "true");
Found : user_pref("CT1060933.UserID", "UN30708261954842164");
Found : user_pref("CT1060933.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT1060933.autoDisableScopes", 0);
Found : user_pref("CT1060933.autocompletepro_enable", "1");
Found : user_pref("CT1060933.autocompletepro_enable_auto", "1");
Found : user_pref("CT1060933.cbcountry_001", "RU");
Found : user_pref("CT1060933.cbfirsttime", "Sun Jun 17 2012 01:11:43 GMT+0400");
Found : user_pref("CT1060933.defaultSearch", "false");
Found : user_pref("CT1060933.embeddedsData", "[{\"appId\":\"128280995260143876\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT1060933.enableAlerts", "false");
Found : user_pref("CT1060933.enableSearchFromAddressBar", "true");
Found : user_pref("CT1060933.firstTimeDialogOpened", "true");
Found : user_pref("CT1060933.fixPageNotFoundError", "true");
Found : user_pref("CT1060933.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT1060933.installId", "ConduitNSISIntegration");
Found : user_pref("CT1060933.installType", "ConduitNSISIntegration");
Found : user_pref("CT1060933.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1060933.isNewTabEnabled", true);
Found : user_pref("CT1060933.isPerformedSmartBarTransition", "true");
Found : user_pref("CT1060933.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT1060933.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.google.com%[...]
Found : user_pref("CT1060933.openThankYouPage", "false");
Found : user_pref("CT1060933.openUninstallPage", "true");
Found : user_pref("CT1060933.search.searchAppId", "128280995260143876");
Found : user_pref("CT1060933.search.searchCount", "0");
Found : user_pref("CT1060933.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT1060933.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1060933.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT1060933.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT1060933.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT1060933.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352358805676");
Found : user_pref("CT1060933.serviceLayer_services_appTracking_lastUpdate", "1352358803879");
Found : user_pref("CT1060933.serviceLayer_services_appsMetadata_lastUpdate", "1352358805372");
Found : user_pref("CT1060933.serviceLayer_services_clientErrorLog_lastUpdate", "1352358803840");
Found : user_pref("CT1060933.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352358805541");
Found : user_pref("CT1060933.serviceLayer_services_login_10.10.2.10_lastUpdate", "1352358803612");
Found : user_pref("CT1060933.serviceLayer_services_optimizer_lastUpdate", "1339881087561");
Found : user_pref("CT1060933.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352358805472");
Found : user_pref("CT1060933.serviceLayer_services_searchAPI_lastUpdate", "1352358805796");
Found : user_pref("CT1060933.serviceLayer_services_serviceMap_lastUpdate", "1352358803233");
Found : user_pref("CT1060933.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352358805046");
Found : user_pref("CT1060933.serviceLayer_services_toolbarSettings_lastUpdate", "1352358805602");
Found : user_pref("CT1060933.serviceLayer_services_translation_lastUpdate", "1352358804969");
Found : user_pref("CT1060933.settingsINI", true);
Found : user_pref("CT1060933.shouldFirstTimeDialog", "false");
Found : user_pref("CT1060933.smartbar.CTID", "CT1060933");
Found : user_pref("CT1060933.smartbar.Uninstall", "0");
Found : user_pref("CT1060933.smartbar.toolbarName", "Freecorder ");
Found : user_pref("CT1060933.startPage", "false");
Found : user_pref("CT1060933.toolbarBornServerTime", "17-6-2012");
Found : user_pref("CT1060933.toolbarCurrentServerTime", "10-7-2012");
Found : user_pref("CT1060933.url_history0001", "hxxps://www.google.com:::clickhandler:::1340969825932,,,hxxp[...]
Found : user_pref("CT2720081.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2720081.CTID", "CT2720081");
Found : user_pref("CT2720081.CurrentServerDate", "25-10-2010");
Found : user_pref("CT2720081.DialogsAlignMode", "LTR");
Found : user_pref("CT2720081.DownloadReferralCookieData", "");
Found : user_pref("CT2720081.EMailNotifierPollDate", "Mon Oct 25 2010 09:42:34 GMT+0400");
Found : user_pref("CT2720081.FeedLastCount129248891425073064", 200);
Found : user_pref("CT2720081.FeedPollDate129225116238185771", "Mon Oct 25 2010 09:27:34 GMT+0400");
Found : user_pref("CT2720081.FeedPollDate129225147492879732", "Mon Oct 25 2010 09:27:34 GMT+0400");
Found : user_pref("CT2720081.FeedPollDate129245643951202078", "Mon Oct 25 2010 09:27:34 GMT+0400");
Found : user_pref("CT2720081.FeedPollDate129245643951202084", "Mon Oct 25 2010 09:27:34 GMT+0400");
Found : user_pref("CT2720081.FeedTTL129225116238185771", 40);
Found : user_pref("CT2720081.FeedTTL129225147492879732", 40);
Found : user_pref("CT2720081.FeedTTL129245643951202078", 40);
Found : user_pref("CT2720081.FeedTTL129245643951202084", 40);
Found : user_pref("CT2720081.FirstServerDate", "10-10-2010");
Found : user_pref("CT2720081.FirstTime", true);
Found : user_pref("CT2720081.FirstTimeFF3", true);
Found : user_pref("CT2720081.FirstTimeSettingsDone", true);
Found : user_pref("CT2720081.FixPageNotFoundErrors", true);
Found : user_pref("CT2720081.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2720081.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2720081.Initialize", true);
Found : user_pref("CT2720081.InitializeCommonPrefs", true);
Found : user_pref("CT2720081.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2720081.InstallationType", "UnknownIntegration");
Found : user_pref("CT2720081.InstalledDate", "Sun Oct 10 2010 14:39:28 GMT+0400");
Found : user_pref("CT2720081.InvalidateCache", false);
Found : user_pref("CT2720081.IsGrouping", false);
Found : user_pref("CT2720081.IsMulticommunity", false);
Found : user_pref("CT2720081.IsOpenThankYouPage", false);
Found : user_pref("CT2720081.IsOpenUninstallPage", true);
Found : user_pref("CT2720081.LanguagePackLastCheckTime", "Mon Oct 25 2010 00:07:58 GMT+0400");
Found : user_pref("CT2720081.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2720081.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2720081.LastLogin_2.7.2.0", "Mon Oct 25 2010 09:27:34 GMT+0400");
Found : user_pref("CT2720081.LatestVersion", "2.7.2.0");
Found : user_pref("CT2720081.Locale", "en");
Found : user_pref("CT2720081.LoginCache", 4);
Found : user_pref("CT2720081.MCDetectTooltipHeight", "83");
Found : user_pref("CT2720081.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2720081.MCDetectTooltipWidth", "295");
Found : user_pref("CT2720081.RadioIsPodcast", false);
Found : user_pref("CT2720081.RadioLastCheckTime", "Sun Oct 24 2010 23:35:45 GMT+0400");
Found : user_pref("CT2720081.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2720081.RadioLastUpdateServer", "129248947734170000");
Found : user_pref("CT2720081.RadioMediaID", "21079850");
Found : user_pref("CT2720081.RadioMediaType", "Media Player");
Found : user_pref("CT2720081.RadioMenuSelectedID", "EBRadioMenu_CT272008121079850");
Found : user_pref("CT2720081.RadioStationName", "AHL%20-%20Grand%20Rapids%20Griffins");
Found : user_pref("CT2720081.RadioStationURL", "hxxp://cdncon.wm.llnwd.net/cdncon_neulion1_ahl_griffins?eid=[...]
Found : user_pref("CT2720081.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2720081.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2720081.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Found : user_pref("CT2720081.SearchInNewTabEnabled", true);
Found : user_pref("CT2720081.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2720081.SearchInNewTabLastCheckTime", "Mon Oct 25 2010 00:07:56 GMT+0400");
Found : user_pref("CT2720081.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2720081.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2720081.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2720081.SettingsLastCheckTime", "Mon Oct 25 2010 09:27:34 GMT+0400");
Found : user_pref("CT2720081.SettingsLastUpdate", "1287507412");
Found : user_pref("CT2720081.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2720081.ThirdPartyComponentsLastCheck", "Sun Oct 10 2010 14:39:26 GMT+0400");
Found : user_pref("CT2720081.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2720081.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2720081.UserID", "UN24868216243432073");
Found : user_pref("CT2720081.ValidationData_Search", 0);
Found : user_pref("CT2720081.ValidationData_Toolbar", 2);
Found : user_pref("CT2720081.WeatherNetwork", "");
Found : user_pref("CT2720081.WeatherPollDate", "Mon Oct 25 2010 09:27:35 GMT+0400");
Found : user_pref("CT2720081.WeatherUnit", "C");
Found : user_pref("CT2720081.alertChannelId", "1112366");
Found : user_pref("CT2720081.backendstorage.ct2720081ads1", "25374225323261647325323225334125354225374225323[...]
Found : user_pref("CT2720081.backendstorage.ct2720081current_term", "");
Found : user_pref("CT2720081.backendstorage.ct2720081sdate", "3235");
Found : user_pref("CT2720081.clientLogIsEnabled", false);
Found : user_pref("CT2720081.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2720081.myStuffEnabled", true);
Found : user_pref("CT2720081.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2720081.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2720081.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2720081.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2720081.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2720081");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2720081");
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 720);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Oct 25 2010 00:07:56 GMT+0400");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Oct 25 2010 00:07:56 GMT+0400");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1283688156");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{2b1f5b55-8583-4f4b-9634-026f30cc27b4}");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Oct 25 2010 00:07:57 GMT+0400");
Found : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Mon Oct 25 2010 09:27:37 GMT+0400[...]
Found : user_pref("CommunityToolbar.twitter.user_2557521.LastCheckTime", "Mon Oct 25 2010 09:27:37 GMT+0400"[...]
Found : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Mon Oct 25 2010 09:27:37 GMT+0400")[...]
Found : user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Mon Oct 25 2010 09:27:37 GMT+0400")[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Роберт\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.11.1661.0

File : C:\Users\Роберт\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [18391 octets] - [04/01/2013 20:24:11]

########## EOF - C:\AdwCleaner[R1].txt - [18452 octets] ##########

balek · #14 Příspěvek od **balek** » 04 led 2013 22:37

Log z RSIT:

Лог утилиты random's system information tool 1.09 (автор: random/random)
Run by Роберт at 2013-01-05 01:29:34
Microsoft Windows 7 Домашняя расширенная Service Pack 1
Системный раздел C: размер 150 GB (51%) Свободно 292 GB
Total RAM: 3069 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:29:38, on 05.01.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Роберт\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Роберт.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru/cnt/7829
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQALL/35
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQALL/35
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files (x86)\Translator\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Помощник по входу с помощью идентификатора Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files (x86)\Translator\WebIE.dll
O3 - Toolbar: Поиск WebAlta - {fe704bf8-384b-44e1-8cf2-8dbeb3637a8a} - mscoree.dll (file missing)
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [multifon.exe] "C:\Program Files (x86)\MegaFon\MultiFon\multifon.exe" /dontstart
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Добавить к существующему PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Добавить содержимое по ссылке в существующий файл PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Преобразовать в Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Преобразовать содержимое по ссылке в PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviќ prekladaи - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovnнk - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Preloћiќ &oznaиenэ text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files (x86)\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Preloћiќ &strбnku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files (x86)\Translator\WebIE.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{824FB4FA-1D9E-47B1-AA77-1DBE3203E76F}: NameServer = 10.77.48.49 10.77.48.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{953DD3EA-31E9-4D48-B583-B704887A3A77}: NameServer = 10.77.48.49 10.77.48.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{D15B9EEB-A53D-42D5-949D-962102EDDBB9}: NameServer = 10.77.48.49 10.77.48.33
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MegaFon Modem. OUC (MegaFon Modem. RunOuc) - Unknown owner - C:\Program Files (x86)\MegaFon Modem\UpdateDog\ouc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14828 bytes

======Список процессов======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\SysWOW64\svchost.exe -k netsvcs
"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service
"C:\ProgramData\MegaFon Modem\OnlineUpdate\ouc.exe" "C:/Program Files (x86)/MegaFon Modem/UpdateDog/"
taskeng.exe {F15707A9-10DB-45C2-BDF1-160342E7A4E9}
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\ProgramData\DatacardService\DCSHelper.exe"
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2540
rundll32 "C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOE.dll",CallFnc Global\EMH:0000067c:000006a0
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe" /TUStart /pid:2404
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" http://home.webalta.ru/?new
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4044.1.745477462\1272337644" --gpu-vendor-id=0x10de --gpu-device-id=0x06ef --gpu-driver-vendor=NVIDIA --gpu-driver-version=8.17.12.7600 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="4044.3.1420034412\1860052029" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="4044.4.1728541061\2003101839" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Роберт\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll" --lang=ru --channel="4044.5.1074932688\138750556" /prefetch:4
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll" --lang=ru --channel="4044.6.1651597182\1799212963" /prefetch:4
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4044.8.1660174818\1625392784" --lang=ru --ignored=" --type=renderer " /prefetch:13
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service --lang=ru
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi-broker --channel="4044.10.993911075\189609111" --lang=ru /prefetch:14
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="4044.12.1614616680\416920004" /prefetch:3
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Роберт\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" --lang=ru --channel="4044.13.1536619811\1582374748" /prefetch:4
"C:\Users\Роберт\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
"C:\Users\Роберт\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=ru --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="4044.16.1282346058\1847465202" /prefetch:3
"C:\Windows\system32\NOTEPAD.EXE" C:\DATA\INSTAL\Malware\RSIT Navod.txt
"C:\DATA\INSTAL\Malware\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Папка назначеных зданий======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\Epson Printer Software Downloader.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForРоберт.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.mail.ru/cnt/7829"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.21, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11"
prefs.js - "keyword.URL" - "http://go.mail.ru/search?fr=fftb&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\Windows\SysWOW64\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppl3260.dll
nppl3260.xpt
nprjplug.dll
nprpplugin.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
mailru.xml
ozonru.xml
priceru.xml
wikipedia-ru.xml
yandex-slovari.xml
yandex.xml

C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\extensions\
yasearch@yandex.ru
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

C:\Users\Роберт\AppData\Roaming\Mozilla\Firefox\Profiles\d839snsp.default\searchplugins\
mailru---.xml
ybqs-yandex.xml

======Снимок реестра======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-14 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Program Files (x86)\Translator\WebIE.dll [2011-02-23 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-09-28 426736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-25 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Помощник по входу с помощью идентификатора Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-07-05 4018888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-25 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} -

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Program Files (x86)\Translator\WebIE.dll [2011-02-23 503808]
{fe704bf8-384b-44e1-8cf2-8dbeb3637a8a} - Поиск WebAlta - C:\Windows\system32\mscoree.dll [2010-11-05 444752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 2096424]
"gmPoint"=C:\Program Files\Philips SPM 7800\gmPoint.exe [2009-07-22 68608]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-04-07 2839840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-14 171520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"multifon.exe"=C:\Program Files (x86)\MegaFon\MultiFon\multifon.exe [2010-12-10 5852672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======Ассоциации файлов======

.js - edit - C:\Windows\System32\Notepad.exe %1

======Список файлов и папок, созданных за последние 1 месяц======

2013-01-04 20:25:25 ----A---- C:\AdwCleaner[S1].txt
2013-01-04 20:24:11 ----A---- C:\AdwCleaner[R1].txt
2013-01-04 02:11:30 ----D---- C:\Windows\temp
2013-01-04 02:11:28 ----A---- C:\ComboFix.txt
2013-01-04 02:03:57 ----D---- C:\$RECYCLE.BIN
2013-01-02 18:42:48 ----A---- C:\Windows\zip.exe
2013-01-02 18:42:48 ----A---- C:\Windows\SWSC.exe
2013-01-02 18:42:48 ----A---- C:\Windows\SWREG.exe
2013-01-02 18:42:48 ----A---- C:\Windows\sed.exe
2013-01-02 18:42:48 ----A---- C:\Windows\PEV.exe
2013-01-02 18:42:48 ----A---- C:\Windows\NIRCMD.exe
2013-01-02 18:42:48 ----A---- C:\Windows\MBR.exe
2013-01-02 18:42:48 ----A---- C:\Windows\grep.exe
2013-01-02 18:37:00 ----D---- C:\Qoobox
2013-01-02 18:35:54 ----D---- C:\Windows\erdnt
2013-01-02 09:13:53 ----A---- C:\TDSSKiller.2.8.15.0_02.01.2013_09.13.53_log.txt
2013-01-01 17:30:28 ----D---- C:\Program Files\trend micro
2013-01-01 17:30:27 ----D---- C:\rsit
2012-12-22 01:47:56 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2012-12-22 01:47:56 ----A---- C:\Windows\system32\atmlib.dll
2012-12-22 01:47:51 ----A---- C:\Windows\system32\atmfd.dll
2012-12-22 01:47:43 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2012-12-14 19:06:56 ----A---- C:\Windows\system32\mshtmled.dll
2012-12-14 19:06:55 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-12-14 19:06:55 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-12-14 19:06:54 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-12-14 19:06:53 ----A---- C:\Windows\SYSWOW64\url.dll
2012-12-14 19:06:53 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-12-14 19:06:53 ----A---- C:\Windows\system32\url.dll
2012-12-14 19:06:53 ----A---- C:\Windows\system32\ieUnatt.exe
2012-12-14 19:06:53 ----A---- C:\Windows\system32\ieui.dll
2012-12-14 19:06:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-12-14 19:06:51 ----A---- C:\Windows\system32\urlmon.dll
2012-12-14 19:06:50 ----A---- C:\Windows\system32\msfeeds.dll
2012-12-14 19:06:50 ----A---- C:\Windows\system32\jscript9.dll
2012-12-14 19:06:49 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-12-14 19:06:49 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-12-14 19:06:49 ----A---- C:\Windows\system32\wininet.dll
2012-12-14 19:06:48 ----A---- C:\Windows\system32\jsproxy.dll
2012-12-14 19:06:47 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-12-14 19:06:47 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-12-14 19:06:47 ----A---- C:\Windows\system32\vbscript.dll
2012-12-14 19:06:47 ----A---- C:\Windows\system32\jscript.dll
2012-12-14 19:06:46 ----A---- C:\Windows\system32\iertutil.dll
2012-12-14 19:06:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-12-14 19:06:45 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-12-14 19:06:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-12-14 19:06:37 ----A---- C:\Windows\system32\mshtml.dll
2012-12-14 19:06:36 ----A---- C:\Windows\system32\ieframe.dll
2012-12-14 19:06:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-12-14 02:16:43 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-12-14 02:16:43 ----A---- C:\Windows\system32\tzres.dll
2012-12-14 02:16:32 ----A---- C:\Windows\system32\win32k.sys
2012-12-14 02:16:22 ----A---- C:\Windows\system32\KernelBase.dll
2012-12-14 02:16:20 ----A---- C:\Windows\system32\winsrv.dll
2012-12-14 02:16:20 ----A---- C:\Windows\system32\kernel32.dll
2012-12-14 02:16:19 ----A---- C:\Windows\system32\conhost.exe
2012-12-14 02:16:18 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-12-14 02:16:17 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-12-14 02:16:15 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-12-14 02:16:15 ----A---- C:\Windows\system32\wow64win.dll
2012-12-14 02:16:15 ----A---- C:\Windows\system32\wow64.dll
2012-12-14 02:16:15 ----A---- C:\Windows\system32\ntvdm64.dll
2012-12-14 02:16:14 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-12-14 02:16:14 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-12-14 02:16:14 ----A---- C:\Windows\system32\wow64cpu.dll
2012-12-14 02:16:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-14 02:16:12 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-12-14 02:16:12 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-12-14 02:16:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-12-14 02:16:11 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-14 02:16:10 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-14 02:16:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-12-14 02:16:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-14 02:16:08 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-12-14 02:16:08 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-14 02:16:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-14 02:16:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-14 02:16:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-12-14 02:16:06 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-12-14 02:16:05 ----A---- C:\Windows\SYSWOW64\user.exe
2012-12-14 02:15:42 ----A---- C:\Windows\SYSWOW64\dpnet.dll
2012-12-14 02:15:42 ----A---- C:\Windows\system32\dpnet.dll
2012-12-11 21:22:31 ----D---- C:\ProgramData\Protexis
2012-12-11 21:22:26 ----D---- C:\Users\Роберт\AppData\Roaming\Corel
2012-12-11 21:14:18 ----D---- C:\Program Files (x86)\Microsoft SDKs
2012-12-11 21:14:11 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2012-12-11 21:10:53 ----D---- C:\ProgramData\Corel
2012-12-11 21:03:12 ----D---- C:\Program Files (x86)\Corel

======Список файлов и папок, измененных за последние 1 месяц======

2013-01-05 01:29:38 ----D---- C:\Windows\Prefetch
2013-01-04 21:28:54 ----D---- C:\Windows\system32\config
2013-01-04 20:41:22 ----SHD---- C:\System Volume Information
2013-01-04 20:28:19 ----D---- C:\Windows\system32\Tasks
2013-01-04 20:25:26 ----D---- C:\Program Files (x86)
2013-01-04 18:49:36 ----D---- C:\Windows\System32
2013-01-04 18:49:36 ----D---- C:\Windows\inf
2013-01-04 18:49:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-04 17:51:03 ----D---- C:\Windows\system32\DriverStore
2013-01-04 02:11:31 ----D---- C:\Windows\system32\drivers
2013-01-04 02:11:30 ----D---- C:\Windows
2013-01-04 02:04:08 ----A---- C:\Windows\system.ini
2013-01-04 02:03:52 ----D---- C:\Windows\system32\drivers\etc
2013-01-04 01:22:58 ----D---- C:\Windows\SYSWOW64\drivers
2013-01-04 01:22:58 ----D---- C:\Windows\SysWOW64
2013-01-04 01:22:58 ----D---- C:\Windows\AppPatch
2013-01-04 01:22:57 ----D---- C:\Program Files (x86)\Common Files
2013-01-02 19:08:57 ----D---- C:\Windows\Tasks
2013-01-02 01:58:43 ----D---- C:\Users\Роберт\AppData\Roaming\Skype
2013-01-01 17:30:28 ----RD---- C:\Program Files
2012-12-27 12:35:41 ----RSD---- C:\Windows\assembly
2012-12-22 13:50:39 ----D---- C:\Windows\winsxs
2012-12-22 01:48:24 ----D---- C:\Windows\system32\catroot
2012-12-22 01:48:19 ----D---- C:\Windows\system32\catroot2
2012-12-15 04:27:32 ----D---- C:\Windows\rescache
2012-12-14 19:31:40 ----D---- C:\Windows\SYSWOW64\ru-RU
2012-12-14 19:31:40 ----D---- C:\Windows\SYSWOW64\en-US
2012-12-14 19:31:40 ----D---- C:\Windows\system32\ru-RU
2012-12-14 19:31:40 ----D---- C:\Windows\system32\en-US
2012-12-14 19:31:34 ----D---- C:\Windows\SYSWOW64\migration
2012-12-14 19:31:34 ----D---- C:\Program Files (x86)\Internet Explorer
2012-12-14 19:31:33 ----D---- C:\Windows\system32\migration
2012-12-14 19:31:29 ----D---- C:\Program Files\Internet Explorer
2012-12-14 19:17:47 ----D---- C:\Windows\Microsoft.NET
2012-12-14 19:15:06 ----SHD---- C:\Windows\Installer
2012-12-14 19:14:21 ----D---- C:\ProgramData\Microsoft Help
2012-12-14 19:09:09 ----A---- C:\Windows\system32\MRT.exe
2012-12-12 09:44:31 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-12-11 21:22:31 ----D---- C:\ProgramData
2012-12-11 21:18:07 ----SD---- C:\Users\Роберт\AppData\Roaming\Microsoft
2012-12-11 21:18:07 ----SD---- C:\ProgramData\Microsoft
2012-12-11 21:11:37 ----RSD---- C:\Windows\Fonts
2012-12-06 22:40:11 ----D---- C:\Program Files (x86)\Opera

======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-04-07 163888]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-04-07 124760]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-08-02 32880]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-11-18 90112]
R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [2009-06-19 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbs64.sys [2009-06-19 14848]
R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmdm64.sys [2009-06-19 17408]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2007-08-13 202176]
R3 NETw5s64;Драйвер адаптера Intel(R) Wireless WiFi Link серии 5000 для Windows 7 64 Bit ; C:\Windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2009-06-27 83488]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-03-23 505344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 320560]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-08 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 DgiVecp;Team MFP Comm Driver; C:\Windows\System32\Drivers\DgiVecp.sys [2009-03-02 53816]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-11 1146880]
S3 athr;Расширяемый драйвер устройств беспроводной сети Atheros; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 C7xxUSB;Samsung CMC7xx USB Network Driver; C:\Windows\system32\DRIVERS\C7xUSB76.sys [2009-07-30 47616]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2012-11-18 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-11-18 13952]
S3 ewusbmbb;HUAWEI USB-WWAN miniport; C:\Windows\system32\DRIVERS\ewusbwwan.sys [2012-11-18 450048]
S3 gmhidlow;HID Mouse Lower Filter; C:\Windows\system32\DRIVERS\gmhidlow.sys [2009-07-01 14720]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-11-18 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-11-18 30720]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2012-11-18 238080]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2012-11-18 225920]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-11 6108416]
S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw1v64.sys [2009-07-21 7058432]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-11 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-11 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-11 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-11 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Адаптер USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Драйвер USB-сканера; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-04-07 810120]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-08-25 1018472]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [2010-03-23 247808]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-18 2118976]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Служба Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2003-04-18 8192]
S2 MegaFon Modem. RunOuc;MegaFon Modem. OUC; C:\Program Files (x86)\MegaFon Modem\UpdateDog\ouc.exe [2012-11-18 240640]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 250808]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-04-07 42336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-24 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-05-23 655624]
S3 gupdatem;Служба Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Samsung UPD Service;Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [2010-08-09 166704]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]
S4 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S4 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2012-11-30 2224232]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-25 2214504]
S4 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

-----------------EOF-----------------

balek · #15 Příspěvek od **balek** » 06 led 2013 21:59

Dal som zoskenovat disk pomocou Tune UP - Disk Doctor - ten to potom znova urobil cez restart to isté, čoho som sa obával, ale nakoniec som ho nechal urobiť opravu toho disku C nakoniec ho opravil a vsetko vyzerá v pohode... Aj je rýchlejší, aj nehlási uz pri skanovani NODom nijaké viry... takže dúfam, že je to už v poriadku... Zatial nehlasi nijaky problem... Co ti mam teraz poslat, aby si sa pozrel, ci je uz vsetko v poriadku? Znova RSIT?

VIRY.CZ

Vírus v operačnej pamäti

Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti

Re: Vírus v operačnej pamäti