Форум программистов, компьютерный форум, киберфорум
Windows Vista
Войти
Регистрация
Восстановить пароль
 
Рейтинг 4.70/10: Рейтинг темы: голосов - 10, средняя оценка - 4.70
1 / 1 / 0
Регистрация: 05.01.2014
Сообщений: 11
1

Установка любых программ заканчивается неуспехом

09.01.2014, 17:56. Показов 2047. Ответов 12
Метки нет (Все метки)

не ставится.вот такое пишет
0
Миниатюры
Установка любых программ заканчивается неуспехом  
Programming
Эксперт
94731 / 64177 / 26122
Регистрация: 12.04.2006
Сообщений: 116,782
09.01.2014, 17:56
Ответы с готовыми решениями:

Установка любых программ запрещена на основании системной политики
ПОМОГИТЕ ПОЖАЛУЙСТА!!! ЧТО-ТО НАХИМИЧИЛ В ДОЧКИНОМ КОМПЕ! СКОРО ПРИЕДЕТ И МЕНЯ ГРОХНЕТ! Ситуация...

Установка VirtualBox заканчивается с ошибкой
Устанавливается до определенного момента потом пишет: oracle VM VirtualBox 4.1.6 Setup Wizard ended...

Установка Deus Ex Human Revolution не заканчивается
начинаю устанавливать игру с диска, доходит до 28% и скидавает. системные требования в...

Как программно запретить через реестр запуск любых программ
Здравствуйте, можете подсказать как программно запретить через реестр запуск любых программ?

__________________
12
1 / 1 / 0
Регистрация: 05.01.2014
Сообщений: 11
09.01.2014, 18:00  [ТС] 2
комбофикс в том числе.проблемы с установщиком виндоус были-вообще не запускался.сейчас запускается.были проблемы с центром управления сетями и общим доступом-ошибка приложения-сервера.центр висел и ни одна кнопка не работала.сделал.перерегистрацию dll и msi делал через cmd.exe.но программы не ставятся.выдает что не удается найти файл scuo 11.cab.установщик виндоус пытается установить office 2003.что это не знаю.знаю одно где то намудрил.сейчас еще и телефон перестал видеть.до этого слетело по принтера.пишет в cmd.exe что перерегистрация прошла успешно когда вводил команды для перерегистрации dll и msi.принтер не ставится до сих пор.пробовал установить джава-удалено.пытался установить антивирус аваст-не ставится.скопировал логи.я не программист поэтому ничего не понимаю в них.помогите вот логи аваст.хотел написать в службу поддержки аваст-не отправляется-пишет соединение было сброшено!
Кликните здесь для просмотра всего текста
11:59:53Infoinstcont[6084,3360]--
11:59:53Infoinstcont[6084,3360]2014/01/09 11:59:53 START: Avast installer/updater
11:59:53Infoinstup[6084,3360]Command: '"C:\TEMP\_av_iup.tm~a05236\instup.exe" /sfx /sfx_type:lite /sfxstorage:"C:\TEMP\_av_iup.tm~a05236" /edition:1 /prod:ais '
11:59:53Infoinstup[6084,3360]CPU: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz,2
11:59:53Infoinstup[6084,3360]OS: Windows Vista ver 6.0, build 6002, sp 2.0 [Service Pack 2]
11:59:53Infoinstup[6084,3360]Memory: 55% load. Phys:907364/2025920K free, Page:2873260/4194303K free, Virt:2022324/2097024K free
11:59:53Infoinstup[6084,3360]DISKs: C:\ - 12GB free / 142GB total
11:59:53Infoinstup[6084,3360]DISKs: D:\ - 1GB free / 6GB total
11:59:53Infoinstup[6084,3360]Running module version: '9.0.2011.263'
11:59:53Infosimutex[6084,3360]Checking for the mutex ownership.
11:59:55Infoguiwizard[6084,3360]Setup gui was successfully started.
11:59:55Infoinstupcore[6084,3360]Setup update has started.
11:59:55Infoservers[6084,3360]Server definition(s) loaded for 'C:\TEMP\_av_iup.tm~a05236\servers.def': 29 (maintenance:0)
11:59:55Infoservers[6084,3360]ChooseServer: selected server 'Download s3815768 AVAST9 Server' with current url 'http://s3815768.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
11:59:57Infoservers[6084,3360]ChooseServer: selected server 'Download s5852999 AVAST9 Server' with current url 'http://s5852999.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
11:59:59Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://s3815768.u.avast.com/iavs9x/servers.def.vpx'. Next try: 1
12:00:02Infoservers[6084,3360]ChooseServer: selected server 'Download z3934960 AVAST9 Server' with current url 'http://z3934960.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:04Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://s5852999.u.avast.com/iavs9x/servers.def.vpx'. Next try: 2
12:00:06Infoservers[6084,3360]ChooseServer: selected server 'Download c1386590 AVAST9 Server' with current url 'http://c1386590.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:08Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://z3934960.u.avast.com/iavs9x/servers.def.vpx'. Next try: 3
12:00:10Infoservers[6084,3360]ChooseServer: selected server 'Download t9351054 AVAST9 Server' with current url 'http://t9351054.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:12Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://c1386590.u.avast.com/iavs9x/servers.def.vpx'. Next try: 4
12:00:14Infoservers[6084,3360]ChooseServer: selected server 'Download f2941034 AVAST9 Server' with current url 'http://f2941034.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:16Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://t9351054.u.avast.com/iavs9x/servers.def.vpx'. Next try: 5
12:00:18Infoservers[6084,3360]ChooseServer: selected server 'Download n8092405 AVAST9 Server' with current url 'http://n8092405.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:20Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://f2941034.u.avast.com/iavs9x/servers.def.vpx'. Next try: 6
12:00:22Infoservers[6084,3360]ChooseServer: selected server 'Download s5416424 AVAST9 Server' with current url 'http://s5416424.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:24Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://n8092405.u.avast.com/iavs9x/servers.def.vpx'. Next try: 7
12:00:27Infoservers[6084,3360]ChooseServer: selected server 'Download z3934960 AVAST9 Server' with current url 'http://z3934960.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:29Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://s5416424.u.avast.com/iavs9x/servers.def.vpx'. Next try: 8
12:00:31Infoservers[6084,3360]ChooseServer: selected server 'Download s5416424 AVAST9 Server' with current url 'http://s5416424.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:33Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://z3934960.u.avast.com/iavs9x/servers.def.vpx'. Next try: 9
12:00:35Infoservers[6084,3360]ChooseServer: selected server 'Download b1755710 AVAST9 Server' with current url 'http://b1755710.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:37Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://s5416424.u.avast.com/iavs9x/servers.def.vpx'. Next try: 10
12:00:37Errorpkgengine[6084,3360]DownloadPackage(download): 'C:\TEMP\_av_iup.tm~a05236\servers.def.vpx', ip: unknown, has failed with code: 41222 (0x0000A106) [Host unreachable]
12:00:37Infoservers[6084,3360]ChooseServer: selected server 'Download k7115678 AVAST9 Server' with current url 'http://k7115678.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:39Infoservers[6084,3360]ChooseServer: selected server 'Download g4585870 AVAST9 Server' with current url 'http://g4585870.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:41Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://k7115678.u.avast.com/iavs9x/prod-ais.vpx'. Next try: 1
12:00:43Infoservers[6084,3360]ChooseServer: selected server 'Download c7937379 AVAST9 Server' with current url 'http://c7937379.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:45Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://g4585870.u.avast.com/iavs9x/prod-ais.vpx'. Next try: 2
12:00:48Infoservers[6084,3360]ChooseServer: selected server 'Download z9348662 AVAST9 Server' with current url 'http://z9348662.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:50Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://c7937379.u.avast.com/iavs9x/prod-ais.vpx'. Next try: 3
12:00:52Infoservers[6084,3360]ChooseServer: selected server 'Download x4627714 AVAST9 Server' with current url 'http://x4627714.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:54Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://z9348662.u.avast.com/iavs9x/prod-ais.vpx'. Next try: 4
12:00:56Infoservers[6084,3360]ChooseServer: selected server 'Download z9348662 AVAST9 Server' with current url 'http://z9348662.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:00:58Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://x4627714.u.avast.com/iavs9x/prod-ais.vpx'. Next try: 5
12:01:00Infoservers[6084,3360]ChooseServer: selected server 'Download b3789125 AVAST9 Server' with current url 'http://b3789125.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:01:02Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://z9348662.u.avast.com/iavs9x/prod-ais.vpx'. Next try: 6
12:01:04Infoservers[6084,3360]ChooseServer: selected server 'Download r9948030 AVAST9 Server' with current url 'http://r9948030.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:01:06Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://b3789125.u.avast.com/iavs9x/prod-ais.vpx'. Next try: 7
12:01:08Infoservers[6084,3360]ChooseServer: selected server 'Download n8092405 AVAST9 Server' with current url 'http://n8092405.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:01:10Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://r9948030.u.avast.com/iavs9x/prod-ais.vpx'. Next try: 8
12:01:12Infoservers[6084,3360]ChooseServer: selected server 'Download x4627714 AVAST9 Server' with current url 'http://x4627714.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:01:14Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://n8092405.u.avast.com/iavs9x/prod-ais.vpx'. Next try: 9
12:01:17Infoservers[6084,3360]ChooseServer: selected server 'Download m5738266 AVAST9 Server' with current url 'http://m5738266.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
12:01:19Errordldwrap[6084,3360]GetFileWithRetry: An error 41222 (0x0000A106) [Host unreachable] has occured when downloading a file from 'http://x4627714.u.avast.com/iavs9x/prod-ais.vpx'. Next try: 10
12:01:19Errorpkgengine[6084,3360]DownloadPackage(download): 'C:\TEMP\_av_iup.tm~a05236\prod-ais.vpx', ip: unknown, has failed with code: 41222 (0x0000A106) [Host unreachable]
12:01:19Errorpkgengine[6084,3360]LoadLatestProdAndParts: download product file 'prod-ais.vpx' has failed. Status: 41222 (0x0000A106) [Host unreachable]
ПОМОГИТЕ
0
Модератор
Эксперт Windows
7549 / 3268 / 233
Регистрация: 25.10.2010
Сообщений: 13,337
09.01.2014, 18:13 3
Запускать установку с правами администратора пробовали?
Попробуйте этот Windows Installer 4.5
0
1 / 1 / 0
Регистрация: 05.01.2014
Сообщений: 11
09.01.2014, 18:41  [ТС] 4
наверное это логи по которым вы господа программисты сможете понять что же я натворил в компе.и надеюсь помочь.уже месяц бьюсь и ничего не получается.вот результат.
Кликните здесь для просмотра всего текста
ComboFix 14-01-04.03 - Ольга 09.01.2014 18:13:07.1.2 - x86
Running from: c:\users\+ы№ур\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files\Adobe Systems,inc
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPly.xpi
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyIE64.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\DealPlyUpdateVer.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\WinZip Driver Updater
c:\program files\WinZip Driver Updater\Chinese_rcp.ini
c:\program files\WinZip Driver Updater\Danish_rcp.ini
c:\program files\WinZip Driver Updater\difxapi.dll
c:\program files\WinZip Driver Updater\difxapi64.dll
c:\program files\WinZip Driver Updater\Dutch_rcp.ini
c:\program files\WinZip Driver Updater\eng_rcp.ini
c:\program files\WinZip Driver Updater\Finnish_rcp_fi.ini
c:\program files\WinZip Driver Updater\French_rcp.ini
c:\program files\WinZip Driver Updater\German_rcp.ini
c:\program files\WinZip Driver Updater\install_left.bmp
c:\program files\WinZip Driver Updater\isxdl.dll
c:\program files\WinZip Driver Updater\Italian_rcp.ini
c:\program files\WinZip Driver Updater\Japanese_rcp.ini
c:\program files\WinZip Driver Updater\Norwegian_rcp.ini
c:\program files\WinZip Driver Updater\Portuguese_rcp.ini
c:\program files\WinZip Driver Updater\russian_rcp_ru.ini
c:\program files\WinZip Driver Updater\Spanish_rcp.ini
c:\program files\WinZip Driver Updater\Swedish_rcp.ini
c:\program files\WinZip Driver Updater\unins000.dat
c:\program files\WinZip Driver Updater\unins000.exe
c:\program files\WinZip Driver Updater\unins000.msg
c:\program files\WinZip Driver Updater\unrar.dll
c:\program files\WinZip Driver Updater\updater\amd64Helper\difxapi.dll
c:\program files\WinZip Driver Updater\updater\amd64Helper\DriverUpdateHelper64.exe
c:\program files\WinZip Driver Updater\updater\amd64Helper\DriverUpdateHelper64.manifest
c:\program files\WinZip Driver Updater\updater\extract\7z.dll
c:\program files\WinZip Driver Updater\updater\extract\7z.exe
c:\program files\WinZip Driver Updater\updater\extract\copying.txt
c:\program files\WinZip Driver Updater\updater\extract\History.txt
c:\program files\WinZip Driver Updater\updater\extract\license.txt
c:\program files\WinZip Driver Updater\updater\extract\readme.txt
c:\program files\WinZip Driver Updater\WDUUninstall.exe
c:\users\Ольга\AppData\Local\.#
c:\users\Ольга\AppData\Local\Temp\mcse32_00.dll
c:\users\Ольга\AppData\Local\TempDIR
c:\users\Ольга\AppData\Local\TempDIR\downloader.exe
c:\users\Ольга\AppData\Local\TempDIR\list-bullet.bmp
c:\users\Ольга\AppData\Local\TempDIR\PIP2672_NDV_.exe
c:\users\Ольга\AppData\Local\TempDIR\yandex_browser_setup.bm p
c:\users\Ольга\AppData\Roaming\winxarj
c:\users\Ольга\AppData\Roaming\winxarj\a.htm
c:\users\Ольга\AppData\Roaming\winxarj\after.png
c:\users\Ольга\AppData\Roaming\winxarj\aview
c:\users\Ольга\AppData\Roaming\winxarj\dir.png
c:\users\Ольга\AppData\Roaming\winxarj\dot.gif
c:\users\Ольга\AppData\Roaming\winxarj\htmlayout.dll
c:\users\Ольга\AppData\Roaming\winxarj\logo.png
c:\users\Ольга\AppData\Roaming\winxarj\logo2.png
c:\users\Ольга\AppData\Roaming\winxarj\MyriadWebPro-Condensed.ttf
c:\users\Ольга\AppData\Roaming\winxarj\rules.css
c:\users\Ольга\AppData\Roaming\winxarj\sb-h-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-h-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-scroll-back.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-scroll-base.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-scroll-slider.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-v-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-v-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxarj\scroll.css
c:\users\Ольга\AppData\Roaming\winxrar
c:\users\Ольга\AppData\Roaming\winxrar\after.png
c:\users\Ольга\AppData\Roaming\winxrar\dot.gif
c:\users\Ольга\AppData\Roaming\winxrar\htmlayout.dll
c:\users\Ольга\AppData\Roaming\winxrar\key
c:\users\Ольга\AppData\Roaming\winxrar\logo.png
c:\users\Ольга\AppData\Roaming\winxrar\logo2.png
c:\users\Ольга\AppData\Roaming\winxrar\MyriadWebPro-Condensed.ttf
c:\users\Ольга\AppData\Roaming\winxrar\rules.css
c:\users\Ольга\AppData\Roaming\winxrar\sb-h-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-h-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-scroll-back.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-scroll-base.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-scroll-slider.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-v-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-v-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxrar\scroll.css
c:\users\Ольга\AppData\Roaming\winxrar\sview
c:\users\Ольга\Desktop\Setup.exe
c:\users\Public\Uninstall.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\operaprefs_fixed.ini
c:\windows\system32\roboot.exe
c:\windows\system32\settings.ini
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-12-09 to 2014-01-09 )))))))))))))))))))))))))))))))
.
.
2014-01-09 14:18 . 2014-01-09 14:18 -------- d-----w- c:\users\Ольга\AppData\Local\temp
2014-01-09 14:18 . 2014-01-09 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-09 12:27 . 2014-01-09 12:27 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1048A06-F395-45B5-B7C8-09F1F99AC5D5}\MpKsle44199ca.sys
2014-01-09 09:40 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1048A06-F395-45B5-B7C8-09F1F99AC5D5}\mpengine.dll
2014-01-09 09:35 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-08 23:26 . 2014-01-08 23:26 -------- dc----w- C:\514f87ec84a094716068
2014-01-08 21:48 . 2014-01-08 21:48 0 ----a-w- c:\users\Ольга\regdll.bat
2014-01-08 21:16 . 2014-01-08 21:50 1020784 -c--a-w- C:\regdll.bat
2014-01-06 21:32 . 2014-01-06 21:32 -------- dc----w- C:\64f9b4534f4ddeb024326cb845
2014-01-05 22:03 . 2014-01-05 22:03 -------- d-----w- c:\program files\RegWorks
2014-01-05 16:31 . 2014-01-05 16:31 -------- d-----w- c:\users\Ольга\Rar$DRa0.431
2014-01-05 16:27 . 2014-01-05 18:21 -------- d-----w- c:\users\Ольга\mozilla-temp-files
2014-01-05 16:24 . 2014-01-05 16:24 -------- d-----w- c:\users\Ольга\WPDNSE
2014-01-05 15:30 . 2014-01-05 15:30 -------- d-----w- c:\users\Ольга\Low
2014-01-05 15:29 . 2014-01-05 15:29 206752 ----a-w- c:\users\Ольга\4981B3FC18.sys
2014-01-05 15:23 . 2013-05-22 14:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-01-05 14:58 . 2014-01-05 14:59 -------- d-----w- c:\users\Ольга\is45637729
2014-01-05 14:57 . 2014-01-05 14:58 -------- d-----w- c:\users\Ольга\ish20129136
2014-01-05 14:57 . 2014-01-05 14:57 -------- d-----w- c:\users\Ольга\ish20104691
2014-01-05 14:42 . 2014-01-05 18:20 -------- d-----w- c:\users\Ольга\acro_rd_dir
2014-01-05 14:06 . 2014-01-05 14:06 1285 ----atw- c:\users\Ольга\MARCDCF.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1342 ----atw- c:\users\Ольга\MARC843.tmp
2014-01-05 09:40 . 2014-01-05 09:40 -------- d-----w- c:\windows\system32\config\systemprofile\KB2604121_10.0.3031 9
2014-01-05 09:40 . 2014-01-05 09:40 -------- d-----w- c:\windows\system32\config\systemprofile\KB2468871v2_10.0.30 319
2014-01-05 09:36 . 2014-01-05 09:36 -------- d-----w- c:\users\Ольга\{D5878294-C113-43c5-A24F-FC333C52015A}
2014-01-05 09:27 . 2014-01-05 09:27 -------- d-----w- c:\users\Ольга\iobit-db-license-tmp
2014-01-05 09:25 . 2014-01-05 09:25 0 ----a-w- c:\windows\system32\config\systemprofile\~2F4B.tmp
2014-01-04 21:16 . 2014-01-04 21:16 -------- d-----w- c:\users\Ольга\OIS
2014-01-01 16:37 . 2014-01-01 16:39 -------- dc----w- C:\977b80be5dd493dc6e05df98a5d26431
2013-12-29 17:30 . 2013-12-29 17:30 -------- d-----w- c:\users\Ольга\AppData\Roaming\Malwarebytes
2013-12-29 17:28 . 2013-12-29 17:28 -------- d-----w- c:\programdata\Malwarebytes
2013-12-29 17:28 . 2013-12-29 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-29 17:28 . 2013-04-04 10:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-29 16:32 . 2013-12-29 16:32 -------- dc----w- C:\c8a979d671045a920a
2013-12-28 21:39 . 2013-12-28 21:39 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-12-28 21:39 . 2013-12-28 21:39 454288 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2013-12-28 21:39 . 2013-12-28 21:39 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2013-12-28 21:19 . 2013-05-22 14:49 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-28 19:52 . 2014-01-04 21:54 -------- d-----w- c:\programdata\ProductData
2013-12-28 19:52 . 2013-12-28 19:52 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-28 19:52 . 2013-12-28 20:47 -------- d-----w- c:\users\Ольга\AppData\Roaming\Obnovi Soft
2013-12-28 19:52 . 2014-01-05 22:13 -------- d-----w- c:\programdata\IObit
2013-12-28 19:50 . 2013-12-28 19:50 -------- d-----w- c:\program files\Obnovi Soft
2013-12-28 19:50 . 2013-12-28 22:19 -------- d-----w- c:\program files\IObit
2013-12-28 19:50 . 2013-12-28 21:19 -------- d-----w- c:\users\Ольга\AppData\Roaming\IObit
2013-12-24 22:21 . 2013-12-24 22:21 -------- d-----w- c:\program files\DLLSuite
2013-12-24 21:39 . 2013-12-24 21:39 -------- d-----w- c:\windows\system32\CatRoot_bak
2013-12-24 21:04 . 2013-12-24 21:04 -------- dc----w- C:\555fcbb4ebe616e9b0dec339df49
2013-12-24 19:57 . 2013-12-24 19:57 -------- d-----w- c:\users\Ольга\AppData\Local\ElevatedDiagnostics
2013-12-21 18:34 . 2013-12-21 18:34 -------- d-----w- c:\users\Ольга\AppData\Roaming\OpenOffice
2013-12-21 18:33 . 2013-12-21 18:33 -------- d-----w- c:\program files\LibreOffice 4
2013-12-21 18:15 . 2013-12-21 18:17 -------- d-----w- c:\program files\OpenOffice 4
2013-12-20 21:00 . 2013-12-20 21:00 -------- d-----w- c:\users\Ольга\AppData\Roaming\DigitalSites
2013-12-19 22:57 . 2013-12-19 22:57 -------- d-----w- c:\windows\Migration
2013-12-19 22:51 . 2013-12-19 22:52 -------- d-----w- c:\users\Ольга\AppData\Local\MigWiz
2013-12-13 17:37 . 2013-11-14 22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-13 17:36 . 2013-11-14 23:18 757488 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-12-13 17:36 . 2013-11-14 22:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-12-13 17:36 . 2013-11-14 22:43 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-12-13 17:36 . 2013-11-14 22:43 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-12-13 17:36 . 2013-11-14 22:44 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-12-13 17:36 . 2013-11-14 22:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-12 09:24 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 09:23 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 09:23 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 09:23 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 09:23 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 09:23 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 09:23 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 09:23 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 09:23 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 09:23 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-08 21:48 . 2014-01-08 21:48 0 ----a-w- c:\users\Ольга\regdll.bat
2014-01-08 21:48 . 2014-01-08 21:48 0 ----a-w- c:\users\Ольга\regdll.bat
2014-01-05 15:29 . 2014-01-05 15:29 206752 ----a-w- c:\users\Ольга\4981B3FC18.sys
2014-01-05 15:29 . 2014-01-05 15:29 206752 ----a-w- c:\users\Ольга\4981B3FC18.sys
2014-01-05 14:06 . 2014-01-05 14:06 1285 ----atw- c:\users\Ольга\MARCDCF.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1285 ----atw- c:\users\Ольга\MARCDCF.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1342 ----atw- c:\users\Ольга\MARC843.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1342 ----atw- c:\users\Ольга\MARC843.tmp
2013-12-28 21:28 . 2011-02-11 15:26 138808 ----a-w- c:\windows\system32\igfxtray.exe
2013-12-28 21:28 . 2008-06-17 13:39 268856 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-12-28 21:28 . 2008-06-12 18:07 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2013-12-28 21:28 . 2008-06-12 18:06 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-12-28 21:28 . 2008-06-12 18:10 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-12-28 21:28 . 2011-02-11 14:40 828928 ----a-w- c:\windows\system32\igfxress.dll
2013-12-28 21:28 . 2011-02-11 14:41 195584 ----a-w- c:\windows\system32\igfxpph.dll
2013-12-28 21:28 . 2008-06-17 13:39 173624 ----a-w- c:\windows\system32\igfxpers.exe
2013-12-28 21:28 . 2009-03-25 05:33 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2013-12-28 21:28 . 2008-06-12 18:06 228864 ----a-w- c:\windows\system32\igfxdev.dll
2013-12-28 21:28 . 2009-03-25 05:39 4896768 ----a-w- c:\windows\system32\igdumd32.dll
2013-12-28 21:28 . 2008-06-12 18:06 95232 ----a-w- c:\windows\system32\hccutils.dll
2013-12-20 23:06 . 2008-06-24 07:00 94208 ----a-w- c:\users\Public\Govoritkomp.exe
2013-12-20 22:34 . 2009-04-02 22:21 57344 ----a-w- c:\programdata\VistaLib32.dll
2013-12-20 22:31 . 2004-08-03 06:53 413696 ----a-w- c:\programdata\Microsoft\Windows\Templates\msvcp60.dll
2013-12-12 11:01 . 2012-05-27 15:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-12 11:01 . 2012-03-07 20:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-10-02 16:43 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 02:13 . 2008-01-21 02:32 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-12-28 19:52 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersio n\Run]
"AlterGeoUpdater"="c:\programdata\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe" [2012-04-06 29728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,userinit.ex e"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 17:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FromDocToPDF Search Scope Monitor]
2013-06-14 21:34 44784 ----a-w- c:\progra~1\FROMDO~2\bar\1.bin\65SrchMn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2013-12-28 21:28 172088 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 19:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2013-12-28 21:28 138808 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
2013-12-13 13:44 1573184 ----a-w- c:\program files\IObit\IObit Malware Fighter\IMF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2013-12-20 20:19 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-09-30 22:23 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-01-27 07:11 947152 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-12-21 13:56 1090040 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2013-12-28 21:28 173624 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-09-01 06:41 499768 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Обнови Софт]
2013-02-03 19:34 182880 ----a-w- c:\program files\Obnovi Soft\ObnoviSoft.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2798522785-2103284568-3630386765-1000]
"EnableNotificationsRef"=dword:00000004
.
R3 36A4C0AF8;36A4C0AF8;c:\windows\Temp\36A4C0AF8.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE44199CA
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 08:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService. exe [2012-05-27 11:01]
.
2014-01-09 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-12-28 07:01]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{5A1D5BFE-4F94-42BA-814F-F1AC3D487D29}.job
- c:\windows\system32\msfeedssync.exe [2011-04-11 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=47656
mStart Page = hxxp://www.smaxi.net
uSearchAssistant = hxxp://webalta.ru/search
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{E9081A99-0747-4271-8FD8-A578F7496063}: NameServer = 84.53.200.24,84.53.199.254
FF - ProfilePath - c:\users\Ольга\AppData\Roaming\Mozilla\Firefox\Profiles\2tn9 z5fl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?clid=47656
FF - ExtSQL: 2013-12-29 04:53; ascsurfingprotection@iobit.com; c:\users\Ольга\AppData\Roaming\Mozilla\Firefox\Profiles \2tn9z5fl.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-12-29 04:53; iobitapps@mybrowserbar.com; c:\program files\IObit Apps Toolbar\FF
FF - ExtSQL: 2013-12-29 06:02; adsremoval@adsremoval.net; c:\users\Ольга\AppData\Roaming\Mozilla\Firefox\Profiles \2tn9z5fl.default\extensions\adsremoval@adsremoval.net
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{64A9418A-B6B1-4112-B75C-E61633C9A31F} - c:\users\8A0A~1\AppData\Local\Temp\mcse32_00.dll
ShellIconOverlayIdentifiers-{6A2E142B-EA63-433A-AC05-5223CBD26E65} - c:\users\8A0A~1\AppData\Local\Temp\mcse32_00.dll
ShellIconOverlayIdentifiers-{6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} - c:\users\8A0A~1\AppData\Local\Temp\mcse32_00.dll
MSConfigStartUp-Guard.Mail.ru - c:\program files\Mail.Ru\Guard\GuardMailRu.exe
MSConfigStartUp-OutpostFeedBack - c:\program files\Agnitum\Outpost Firewall\feedback.exe
MSConfigStartUp-OutpostMonitor - c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe
AddRemove-HP Imaging Device Functions - c:\digital imaging\DeviceManagement\hpzscr01.exe
AddRemove-V-Ray for 3dsmax 2009 for x86 - c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\wininstaller.exe-uninstall=c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\install.log
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4. 5.50938\RUS\\Setup.exe
AddRemove-{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1 - c:\program files\WinZip Driver Updater\unins000.exe
AddRemove-Русификатор Outpost Firewall Free 1.1 - c:\program files\Agnitum\Outpost Firewall\Uninstall.exe
AddRemove-820107548.portal.qtrax.com - c:\program files\Microsoft Silverlight\4.1.10329.0\Silverlight.Configuration.exe
AddRemove-MailRuUpdater - c:\users\Ольга\AppData\Local\Mail.Ru\MailRuUpdater.exe
.
.
.
************************************************************ **************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-09 18:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************************ **************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2798522785-2103284568-3630386765-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50A5FC80-6B2E-770F-89E6-A175EC943223}*]
@Allowed: (Read) (RestrictedCode)
"lbpfkjkcmlhmgbnpeondgplnhbmamlkicmoannoihekebpnmongejjia"=h ex:65,61,65,70,66,
6c,63,6a,61,70,00,6e
"lbpfkjkcmlhmgbopdlemmkoiafjlpnkpjghnhmkmccpamfilojjjhhnm"=h ex:6b,61,70,6f,63,
63,68,65,66,65,66,6e,6f,61,68,63,6e,70,6c,67,65,6c,00,00
.
[HKEY_USERS\S-1-5-21-2798522785-2103284568-3630386765-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0293ED1-CE69-BB39-E2B3-A896993C96BC}*]
@Allowed: (Read) (RestrictedCode)
"napcbnfkpohepljedkolonpleike"=hex:6b,61,70,6e,6e,6b,61,61,6 c,69,63,68,6a,62,
6b,6c,70,6c,66,6e,65,6f,00,00
"napcbnfkpoheplgeihfjnbiioikn"=hex:65,61,68,6c,69,65,67,6d,6 a,65,00,68
.
[HKEY_USERS\S-1-5-21-2798522785-2103284568-3630386765-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:6f,be,aa,d3,86,90,df,39,11,2c,d8,4d,43,7a,6f, 78,2b,f7,01,0e,7e,
99,8c,e1,2f,a8,e9,0e,bd,8a,66,67,a4,56,8f,b8,02,0f,12,8a,84, 27,13,30,e6,72,\
"rkeysecu"=hex:6c,80,ac,62,41,8e,1b,89,b3,c5,0b,33,7e,42,38, 03
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b8
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-01-09 18:24:28
ComboFix-quarantined-files.txt 2014-01-09 14:24
.
Pre-Run: 12*926*578*688 байт свободно
Post-Run: 22*355*636*224 байт свободно
.
- - End Of File - - D8BC6B538D886147CF949DAF081D27C1
85D751F0E41B8E520AEE8C07A8DA777B


Добавлено через 5 минут
Windows Installer 4.5 загружал.не ставится.комбофикс запустил.результат вот.
Кликните здесь для просмотра всего текста
ComboFix 14-01-04.03 - Ольга 09.01.2014 18:13:07.1.2 - x86
Running from: c:\users\+ы№ур\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files\Adobe Systems,inc
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPly.xpi
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyIE64.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\DealPlyUpdateVer.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\WinZip Driver Updater
c:\program files\WinZip Driver Updater\Chinese_rcp.ini
c:\program files\WinZip Driver Updater\Danish_rcp.ini
c:\program files\WinZip Driver Updater\difxapi.dll
c:\program files\WinZip Driver Updater\difxapi64.dll
c:\program files\WinZip Driver Updater\Dutch_rcp.ini
c:\program files\WinZip Driver Updater\eng_rcp.ini
c:\program files\WinZip Driver Updater\Finnish_rcp_fi.ini
c:\program files\WinZip Driver Updater\French_rcp.ini
c:\program files\WinZip Driver Updater\German_rcp.ini
c:\program files\WinZip Driver Updater\install_left.bmp
c:\program files\WinZip Driver Updater\isxdl.dll
c:\program files\WinZip Driver Updater\Italian_rcp.ini
c:\program files\WinZip Driver Updater\Japanese_rcp.ini
c:\program files\WinZip Driver Updater\Norwegian_rcp.ini
c:\program files\WinZip Driver Updater\Portuguese_rcp.ini
c:\program files\WinZip Driver Updater\russian_rcp_ru.ini
c:\program files\WinZip Driver Updater\Spanish_rcp.ini
c:\program files\WinZip Driver Updater\Swedish_rcp.ini
c:\program files\WinZip Driver Updater\unins000.dat
c:\program files\WinZip Driver Updater\unins000.exe
c:\program files\WinZip Driver Updater\unins000.msg
c:\program files\WinZip Driver Updater\unrar.dll
c:\program files\WinZip Driver Updater\updater\amd64Helper\difxapi.dll
c:\program files\WinZip Driver Updater\updater\amd64Helper\DriverUpdateHelper64.exe
c:\program files\WinZip Driver Updater\updater\amd64Helper\DriverUpdateHelper64.manifest
c:\program files\WinZip Driver Updater\updater\extract\7z.dll
c:\program files\WinZip Driver Updater\updater\extract\7z.exe
c:\program files\WinZip Driver Updater\updater\extract\copying.txt
c:\program files\WinZip Driver Updater\updater\extract\History.txt
c:\program files\WinZip Driver Updater\updater\extract\license.txt
c:\program files\WinZip Driver Updater\updater\extract\readme.txt
c:\program files\WinZip Driver Updater\WDUUninstall.exe
c:\users\Ольга\AppData\Local\.#
c:\users\Ольга\AppData\Local\Temp\mcse32_00.dll
c:\users\Ольга\AppData\Local\TempDIR
c:\users\Ольга\AppData\Local\TempDIR\downloader.exe
c:\users\Ольга\AppData\Local\TempDIR\list-bullet.bmp
c:\users\Ольга\AppData\Local\TempDIR\PIP2672_NDV_.exe
c:\users\Ольга\AppData\Local\TempDIR\yandex_browser_setup.bm p
c:\users\Ольга\AppData\Roaming\winxarj
c:\users\Ольга\AppData\Roaming\winxarj\a.htm
c:\users\Ольга\AppData\Roaming\winxarj\after.png
c:\users\Ольга\AppData\Roaming\winxarj\aview
c:\users\Ольга\AppData\Roaming\winxarj\dir.png
c:\users\Ольга\AppData\Roaming\winxarj\dot.gif
c:\users\Ольга\AppData\Roaming\winxarj\htmlayout.dll
c:\users\Ольга\AppData\Roaming\winxarj\logo.png
c:\users\Ольга\AppData\Roaming\winxarj\logo2.png
c:\users\Ольга\AppData\Roaming\winxarj\MyriadWebPro-Condensed.ttf
c:\users\Ольга\AppData\Roaming\winxarj\rules.css
c:\users\Ольга\AppData\Roaming\winxarj\sb-h-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-h-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-scroll-back.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-scroll-base.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-scroll-slider.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-v-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-v-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxarj\scroll.css
c:\users\Ольга\AppData\Roaming\winxrar
c:\users\Ольга\AppData\Roaming\winxrar\after.png
c:\users\Ольга\AppData\Roaming\winxrar\dot.gif
c:\users\Ольга\AppData\Roaming\winxrar\htmlayout.dll
c:\users\Ольга\AppData\Roaming\winxrar\key
c:\users\Ольга\AppData\Roaming\winxrar\logo.png
c:\users\Ольга\AppData\Roaming\winxrar\logo2.png
c:\users\Ольга\AppData\Roaming\winxrar\MyriadWebPro-Condensed.ttf
c:\users\Ольга\AppData\Roaming\winxrar\rules.css
c:\users\Ольга\AppData\Roaming\winxrar\sb-h-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-h-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-scroll-back.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-scroll-base.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-scroll-slider.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-v-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-v-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxrar\scroll.css
c:\users\Ольга\AppData\Roaming\winxrar\sview
c:\users\Ольга\Desktop\Setup.exe
c:\users\Public\Uninstall.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\operaprefs_fixed.ini
c:\windows\system32\roboot.exe
c:\windows\system32\settings.ini
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-12-09 to 2014-01-09 )))))))))))))))))))))))))))))))
.
.
2014-01-09 14:18 . 2014-01-09 14:18 -------- d-----w- c:\users\Ольга\AppData\Local\temp
2014-01-09 14:18 . 2014-01-09 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-09 12:27 . 2014-01-09 12:27 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1048A06-F395-45B5-B7C8-09F1F99AC5D5}\MpKsle44199ca.sys
2014-01-09 09:40 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1048A06-F395-45B5-B7C8-09F1F99AC5D5}\mpengine.dll
2014-01-09 09:35 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-08 23:26 . 2014-01-08 23:26 -------- dc----w- C:\514f87ec84a094716068
2014-01-08 21:48 . 2014-01-08 21:48 0 ----a-w- c:\users\Ольга\regdll.bat
2014-01-08 21:16 . 2014-01-08 21:50 1020784 -c--a-w- C:\regdll.bat
2014-01-06 21:32 . 2014-01-06 21:32 -------- dc----w- C:\64f9b4534f4ddeb024326cb845
2014-01-05 22:03 . 2014-01-05 22:03 -------- d-----w- c:\program files\RegWorks
2014-01-05 16:31 . 2014-01-05 16:31 -------- d-----w- c:\users\Ольга\Rar$DRa0.431
2014-01-05 16:27 . 2014-01-05 18:21 -------- d-----w- c:\users\Ольга\mozilla-temp-files
2014-01-05 16:24 . 2014-01-05 16:24 -------- d-----w- c:\users\Ольга\WPDNSE
2014-01-05 15:30 . 2014-01-05 15:30 -------- d-----w- c:\users\Ольга\Low
2014-01-05 15:29 . 2014-01-05 15:29 206752 ----a-w- c:\users\Ольга\4981B3FC18.sys
2014-01-05 15:23 . 2013-05-22 14:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-01-05 14:58 . 2014-01-05 14:59 -------- d-----w- c:\users\Ольга\is45637729
2014-01-05 14:57 . 2014-01-05 14:58 -------- d-----w- c:\users\Ольга\ish20129136
2014-01-05 14:57 . 2014-01-05 14:57 -------- d-----w- c:\users\Ольга\ish20104691
2014-01-05 14:42 . 2014-01-05 18:20 -------- d-----w- c:\users\Ольга\acro_rd_dir
2014-01-05 14:06 . 2014-01-05 14:06 1285 ----atw- c:\users\Ольга\MARCDCF.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1342 ----atw- c:\users\Ольга\MARC843.tmp
2014-01-05 09:40 . 2014-01-05 09:40 -------- d-----w- c:\windows\system32\config\systemprofile\KB2604121_10.0.3031 9
2014-01-05 09:40 . 2014-01-05 09:40 -------- d-----w- c:\windows\system32\config\systemprofile\KB2468871v2_10.0.30 319
2014-01-05 09:36 . 2014-01-05 09:36 -------- d-----w- c:\users\Ольга\{D5878294-C113-43c5-A24F-FC333C52015A}
2014-01-05 09:27 . 2014-01-05 09:27 -------- d-----w- c:\users\Ольга\iobit-db-license-tmp
2014-01-05 09:25 . 2014-01-05 09:25 0 ----a-w- c:\windows\system32\config\systemprofile\~2F4B.tmp
2014-01-04 21:16 . 2014-01-04 21:16 -------- d-----w- c:\users\Ольга\OIS
2014-01-01 16:37 . 2014-01-01 16:39 -------- dc----w- C:\977b80be5dd493dc6e05df98a5d26431
2013-12-29 17:30 . 2013-12-29 17:30 -------- d-----w- c:\users\Ольга\AppData\Roaming\Malwarebytes
2013-12-29 17:28 . 2013-12-29 17:28 -------- d-----w- c:\programdata\Malwarebytes
2013-12-29 17:28 . 2013-12-29 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-29 17:28 . 2013-04-04 10:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-29 16:32 . 2013-12-29 16:32 -------- dc----w- C:\c8a979d671045a920a
2013-12-28 21:39 . 2013-12-28 21:39 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-12-28 21:39 . 2013-12-28 21:39 454288 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2013-12-28 21:39 . 2013-12-28 21:39 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2013-12-28 21:19 . 2013-05-22 14:49 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-28 19:52 . 2014-01-04 21:54 -------- d-----w- c:\programdata\ProductData
2013-12-28 19:52 . 2013-12-28 19:52 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-28 19:52 . 2013-12-28 20:47 -------- d-----w- c:\users\Ольга\AppData\Roaming\Obnovi Soft
2013-12-28 19:52 . 2014-01-05 22:13 -------- d-----w- c:\programdata\IObit
2013-12-28 19:50 . 2013-12-28 19:50 -------- d-----w- c:\program files\Obnovi Soft
2013-12-28 19:50 . 2013-12-28 22:19 -------- d-----w- c:\program files\IObit
2013-12-28 19:50 . 2013-12-28 21:19 -------- d-----w- c:\users\Ольга\AppData\Roaming\IObit
2013-12-24 22:21 . 2013-12-24 22:21 -------- d-----w- c:\program files\DLLSuite
2013-12-24 21:39 . 2013-12-24 21:39 -------- d-----w- c:\windows\system32\CatRoot_bak
2013-12-24 21:04 . 2013-12-24 21:04 -------- dc----w- C:\555fcbb4ebe616e9b0dec339df49
2013-12-24 19:57 . 2013-12-24 19:57 -------- d-----w- c:\users\Ольга\AppData\Local\ElevatedDiagnostics
2013-12-21 18:34 . 2013-12-21 18:34 -------- d-----w- c:\users\Ольга\AppData\Roaming\OpenOffice
2013-12-21 18:33 . 2013-12-21 18:33 -------- d-----w- c:\program files\LibreOffice 4
2013-12-21 18:15 . 2013-12-21 18:17 -------- d-----w- c:\program files\OpenOffice 4
2013-12-20 21:00 . 2013-12-20 21:00 -------- d-----w- c:\users\Ольга\AppData\Roaming\DigitalSites
2013-12-19 22:57 . 2013-12-19 22:57 -------- d-----w- c:\windows\Migration
2013-12-19 22:51 . 2013-12-19 22:52 -------- d-----w- c:\users\Ольга\AppData\Local\MigWiz
2013-12-13 17:37 . 2013-11-14 22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-13 17:36 . 2013-11-14 23:18 757488 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-12-13 17:36 . 2013-11-14 22:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-12-13 17:36 . 2013-11-14 22:43 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-12-13 17:36 . 2013-11-14 22:43 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-12-13 17:36 . 2013-11-14 22:44 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-12-13 17:36 . 2013-11-14 22:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-12 09:24 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 09:23 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 09:23 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 09:23 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 09:23 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 09:23 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 09:23 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 09:23 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 09:23 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 09:23 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-08 21:48 . 2014-01-08 21:48 0 ----a-w- c:\users\Ольга\regdll.bat
2014-01-08 21:48 . 2014-01-08 21:48 0 ----a-w- c:\users\Ольга\regdll.bat
2014-01-05 15:29 . 2014-01-05 15:29 206752 ----a-w- c:\users\Ольга\4981B3FC18.sys
2014-01-05 15:29 . 2014-01-05 15:29 206752 ----a-w- c:\users\Ольга\4981B3FC18.sys
2014-01-05 14:06 . 2014-01-05 14:06 1285 ----atw- c:\users\Ольга\MARCDCF.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1285 ----atw- c:\users\Ольга\MARCDCF.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1342 ----atw- c:\users\Ольга\MARC843.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1342 ----atw- c:\users\Ольга\MARC843.tmp
2013-12-28 21:28 . 2011-02-11 15:26 138808 ----a-w- c:\windows\system32\igfxtray.exe
2013-12-28 21:28 . 2008-06-17 13:39 268856 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-12-28 21:28 . 2008-06-12 18:07 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2013-12-28 21:28 . 2008-06-12 18:06 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-12-28 21:28 . 2008-06-12 18:10 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-12-28 21:28 . 2011-02-11 14:40 828928 ----a-w- c:\windows\system32\igfxress.dll
2013-12-28 21:28 . 2011-02-11 14:41 195584 ----a-w- c:\windows\system32\igfxpph.dll
2013-12-28 21:28 . 2008-06-17 13:39 173624 ----a-w- c:\windows\system32\igfxpers.exe
2013-12-28 21:28 . 2009-03-25 05:33 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2013-12-28 21:28 . 2008-06-12 18:06 228864 ----a-w- c:\windows\system32\igfxdev.dll
2013-12-28 21:28 . 2009-03-25 05:39 4896768 ----a-w- c:\windows\system32\igdumd32.dll
2013-12-28 21:28 . 2008-06-12 18:06 95232 ----a-w- c:\windows\system32\hccutils.dll
2013-12-20 23:06 . 2008-06-24 07:00 94208 ----a-w- c:\users\Public\Govoritkomp.exe
2013-12-20 22:34 . 2009-04-02 22:21 57344 ----a-w- c:\programdata\VistaLib32.dll
2013-12-20 22:31 . 2004-08-03 06:53 413696 ----a-w- c:\programdata\Microsoft\Windows\Templates\msvcp60.dll
2013-12-12 11:01 . 2012-05-27 15:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-12 11:01 . 2012-03-07 20:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-10-02 16:43 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 02:13 . 2008-01-21 02:32 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-12-28 19:52 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersio n\Run]
"AlterGeoUpdater"="c:\programdata\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe" [2012-04-06 29728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,userinit.ex e"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 17:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FromDocToPDF Search Scope Monitor]
2013-06-14 21:34 44784 ----a-w- c:\progra~1\FROMDO~2\bar\1.bin\65SrchMn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2013-12-28 21:28 172088 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 19:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2013-12-28 21:28 138808 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
2013-12-13 13:44 1573184 ----a-w- c:\program files\IObit\IObit Malware Fighter\IMF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2013-12-20 20:19 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-09-30 22:23 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-01-27 07:11 947152 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-12-21 13:56 1090040 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2013-12-28 21:28 173624 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-09-01 06:41 499768 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Обнови Софт]
2013-02-03 19:34 182880 ----a-w- c:\program files\Obnovi Soft\ObnoviSoft.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2798522785-2103284568-3630386765-1000]
"EnableNotificationsRef"=dword:00000004
.
R3 36A4C0AF8;36A4C0AF8;c:\windows\Temp\36A4C0AF8.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE44199CA
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 08:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService. exe [2012-05-27 11:01]
.
2014-01-09 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-12-28 07:01]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{5A1D5BFE-4F94-42BA-814F-F1AC3D487D29}.job
- c:\windows\system32\msfeedssync.exe [2011-04-11 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=47656
mStart Page = hxxp://www.smaxi.net
uSearchAssistant = hxxp://webalta.ru/search
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{E9081A99-0747-4271-8FD8-A578F7496063}: NameServer = 84.53.200.24,84.53.199.254
FF - ProfilePath - c:\users\Ольга\AppData\Roaming\Mozilla\Firefox\Profiles\2tn9 z5fl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?clid=47656
FF - ExtSQL: 2013-12-29 04:53; ascsurfingprotection@iobit.com; c:\users\Ольга\AppData\Roaming\Mozilla\Firefox\Profiles \2tn9z5fl.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-12-29 04:53; iobitapps@mybrowserbar.com; c:\program files\IObit Apps Toolbar\FF
FF - ExtSQL: 2013-12-29 06:02; adsremoval@adsremoval.net; c:\users\Ольга\AppData\Roaming\Mozilla\Firefox\Profiles \2tn9z5fl.default\extensions\adsremoval@adsremoval.net
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{64A9418A-B6B1-4112-B75C-E61633C9A31F} - c:\users\8A0A~1\AppData\Local\Temp\mcse32_00.dll
ShellIconOverlayIdentifiers-{6A2E142B-EA63-433A-AC05-5223CBD26E65} - c:\users\8A0A~1\AppData\Local\Temp\mcse32_00.dll
ShellIconOverlayIdentifiers-{6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} - c:\users\8A0A~1\AppData\Local\Temp\mcse32_00.dll
MSConfigStartUp-Guard.Mail.ru - c:\program files\Mail.Ru\Guard\GuardMailRu.exe
MSConfigStartUp-OutpostFeedBack - c:\program files\Agnitum\Outpost Firewall\feedback.exe
MSConfigStartUp-OutpostMonitor - c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe
AddRemove-HP Imaging Device Functions - c:\digital imaging\DeviceManagement\hpzscr01.exe
AddRemove-V-Ray for 3dsmax 2009 for x86 - c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\wininstaller.exe-uninstall=c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\install.log
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4. 5.50938\RUS\\Setup.exe
AddRemove-{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1 - c:\program files\WinZip Driver Updater\unins000.exe
AddRemove-Русификатор Outpost Firewall Free 1.1 - c:\program files\Agnitum\Outpost Firewall\Uninstall.exe
AddRemove-820107548.portal.qtrax.com - c:\program files\Microsoft Silverlight\4.1.10329.0\Silverlight.Configuration.exe
AddRemove-MailRuUpdater - c:\users\Ольга\AppData\Local\Mail.Ru\MailRuUpdater.exe
.
.
.
************************************************************ **************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-09 18:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************************ **************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2798522785-2103284568-3630386765-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50A5FC80-6B2E-770F-89E6-A175EC943223}*]
@Allowed: (Read) (RestrictedCode)
"lbpfkjkcmlhmgbnpeondgplnhbmamlkicmoannoihekebpnmongejjia"=h ex:65,61,65,70,66,
6c,63,6a,61,70,00,6e
"lbpfkjkcmlhmgbopdlemmkoiafjlpnkpjghnhmkmccpamfilojjjhhnm"=h ex:6b,61,70,6f,63,
63,68,65,66,65,66,6e,6f,61,68,63,6e,70,6c,67,65,6c,00,00
.
[HKEY_USERS\S-1-5-21-2798522785-2103284568-3630386765-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0293ED1-CE69-BB39-E2B3-A896993C96BC}*]
@Allowed: (Read) (RestrictedCode)
"napcbnfkpohepljedkolonpleike"=hex:6b,61,70,6e,6e,6b,61,61,6 c,69,63,68,6a,62,
6b,6c,70,6c,66,6e,65,6f,00,00
"napcbnfkpoheplgeihfjnbiioikn"=hex:65,61,68,6c,69,65,67,6d,6 a,65,00,68
.
[HKEY_USERS\S-1-5-21-2798522785-2103284568-3630386765-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:6f,be,aa,d3,86,90,df,39,11,2c,d8,4d,43,7a,6f, 78,2b,f7,01,0e,7e,
99,8c,e1,2f,a8,e9,0e,bd,8a,66,67,a4,56,8f,b8,02,0f,12,8a,84, 27,13,30,e6,72,\
"rkeysecu"=hex:6c,80,ac,62,41,8e,1b,89,b3,c5,0b,33,7e,42,38, 03
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b8
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-01-09 18:24:28
ComboFix-quarantined-files.txt 2014-01-09 14:24
.
Pre-Run: 12*926*578*688 байт свободно
Post-Run: 22*355*636*224 байт свободно
.
- - End Of File - - D8BC6B538D886147CF949DAF081D27C1
85D751F0E41B8E520AEE8C07A8DA777B

Добавлено через 15 секунд
Windows Installer 4.5 загружал.не ставится.комбофикс запустил.результат вот.ComboFix 14-01-04.03 - Ольга 09.01.2014 18:13:07.1.2 - x86
Running from: c:\users\+ы№ур\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files\Adobe Systems,inc
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPly.xpi
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyIE64.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\DealPlyUpdateVer.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\WinZip Driver Updater
c:\program files\WinZip Driver Updater\Chinese_rcp.ini
c:\program files\WinZip Driver Updater\Danish_rcp.ini
c:\program files\WinZip Driver Updater\difxapi.dll
c:\program files\WinZip Driver Updater\difxapi64.dll
c:\program files\WinZip Driver Updater\Dutch_rcp.ini
c:\program files\WinZip Driver Updater\eng_rcp.ini
c:\program files\WinZip Driver Updater\Finnish_rcp_fi.ini
c:\program files\WinZip Driver Updater\French_rcp.ini
c:\program files\WinZip Driver Updater\German_rcp.ini
c:\program files\WinZip Driver Updater\install_left.bmp
c:\program files\WinZip Driver Updater\isxdl.dll
c:\program files\WinZip Driver Updater\Italian_rcp.ini
c:\program files\WinZip Driver Updater\Japanese_rcp.ini
c:\program files\WinZip Driver Updater\Norwegian_rcp.ini
c:\program files\WinZip Driver Updater\Portuguese_rcp.ini
c:\program files\WinZip Driver Updater\russian_rcp_ru.ini
c:\program files\WinZip Driver Updater\Spanish_rcp.ini
c:\program files\WinZip Driver Updater\Swedish_rcp.ini
c:\program files\WinZip Driver Updater\unins000.dat
c:\program files\WinZip Driver Updater\unins000.exe
c:\program files\WinZip Driver Updater\unins000.msg
c:\program files\WinZip Driver Updater\unrar.dll
c:\program files\WinZip Driver Updater\updater\amd64Helper\difxapi.dll
c:\program files\WinZip Driver Updater\updater\amd64Helper\DriverUpdateHelper64.exe
c:\program files\WinZip Driver Updater\updater\amd64Helper\DriverUpdateHelper64.manifest
c:\program files\WinZip Driver Updater\updater\extract\7z.dll
c:\program files\WinZip Driver Updater\updater\extract\7z.exe
c:\program files\WinZip Driver Updater\updater\extract\copying.txt
c:\program files\WinZip Driver Updater\updater\extract\History.txt
c:\program files\WinZip Driver Updater\updater\extract\license.txt
c:\program files\WinZip Driver Updater\updater\extract\readme.txt
c:\program files\WinZip Driver Updater\WDUUninstall.exe
c:\users\Ольга\AppData\Local\.#
c:\users\Ольга\AppData\Local\Temp\mcse32_00.dll
c:\users\Ольга\AppData\Local\TempDIR
c:\users\Ольга\AppData\Local\TempDIR\downloader.exe
c:\users\Ольга\AppData\Local\TempDIR\list-bullet.bmp
c:\users\Ольга\AppData\Local\TempDIR\PIP2672_NDV_.exe
c:\users\Ольга\AppData\Local\TempDIR\yandex_browser_setup.bm p
c:\users\Ольга\AppData\Roaming\winxarj
c:\users\Ольга\AppData\Roaming\winxarj\a.htm
c:\users\Ольга\AppData\Roaming\winxarj\after.png
c:\users\Ольга\AppData\Roaming\winxarj\aview
c:\users\Ольга\AppData\Roaming\winxarj\dir.png
c:\users\Ольга\AppData\Roaming\winxarj\dot.gif
c:\users\Ольга\AppData\Roaming\winxarj\htmlayout.dll
c:\users\Ольга\AppData\Roaming\winxarj\logo.png
c:\users\Ольга\AppData\Roaming\winxarj\logo2.png
c:\users\Ольга\AppData\Roaming\winxarj\MyriadWebPro-Condensed.ttf
c:\users\Ольга\AppData\Roaming\winxarj\rules.css
c:\users\Ольга\AppData\Roaming\winxarj\sb-h-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-h-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-scroll-back.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-scroll-base.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-scroll-slider.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-v-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxarj\sb-v-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxarj\scroll.css
c:\users\Ольга\AppData\Roaming\winxrar
c:\users\Ольга\AppData\Roaming\winxrar\after.png
c:\users\Ольга\AppData\Roaming\winxrar\dot.gif
c:\users\Ольга\AppData\Roaming\winxrar\htmlayout.dll
c:\users\Ольга\AppData\Roaming\winxrar\key
c:\users\Ольга\AppData\Roaming\winxrar\logo.png
c:\users\Ольга\AppData\Roaming\winxrar\logo2.png
c:\users\Ольга\AppData\Roaming\winxrar\MyriadWebPro-Condensed.ttf
c:\users\Ольга\AppData\Roaming\winxrar\rules.css
c:\users\Ольга\AppData\Roaming\winxrar\sb-h-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-h-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-scroll-back.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-scroll-base.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-scroll-slider.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-v-scroll-next.png
c:\users\Ольга\AppData\Roaming\winxrar\sb-v-scroll-prev.png
c:\users\Ольга\AppData\Roaming\winxrar\scroll.css
c:\users\Ольга\AppData\Roaming\winxrar\sview
c:\users\Ольга\Desktop\Setup.exe
c:\users\Public\Uninstall.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\operaprefs_fixed.ini
c:\windows\system32\roboot.exe
c:\windows\system32\settings.ini
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-12-09 to 2014-01-09 )))))))))))))))))))))))))))))))
.
.
2014-01-09 14:18 . 2014-01-09 14:18 -------- d-----w- c:\users\Ольга\AppData\Local\temp
2014-01-09 14:18 . 2014-01-09 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-09 12:27 . 2014-01-09 12:27 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1048A06-F395-45B5-B7C8-09F1F99AC5D5}\MpKsle44199ca.sys
2014-01-09 09:40 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1048A06-F395-45B5-B7C8-09F1F99AC5D5}\mpengine.dll
2014-01-09 09:35 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-08 23:26 . 2014-01-08 23:26 -------- dc----w- C:\514f87ec84a094716068
2014-01-08 21:48 . 2014-01-08 21:48 0 ----a-w- c:\users\Ольга\regdll.bat
2014-01-08 21:16 . 2014-01-08 21:50 1020784 -c--a-w- C:\regdll.bat
2014-01-06 21:32 . 2014-01-06 21:32 -------- dc----w- C:\64f9b4534f4ddeb024326cb845
2014-01-05 22:03 . 2014-01-05 22:03 -------- d-----w- c:\program files\RegWorks
2014-01-05 16:31 . 2014-01-05 16:31 -------- d-----w- c:\users\Ольга\Rar$DRa0.431
2014-01-05 16:27 . 2014-01-05 18:21 -------- d-----w- c:\users\Ольга\mozilla-temp-files
2014-01-05 16:24 . 2014-01-05 16:24 -------- d-----w- c:\users\Ольга\WPDNSE
2014-01-05 15:30 . 2014-01-05 15:30 -------- d-----w- c:\users\Ольга\Low
2014-01-05 15:29 . 2014-01-05 15:29 206752 ----a-w- c:\users\Ольга\4981B3FC18.sys
2014-01-05 15:23 . 2013-05-22 14:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-01-05 14:58 . 2014-01-05 14:59 -------- d-----w- c:\users\Ольга\is45637729
2014-01-05 14:57 . 2014-01-05 14:58 -------- d-----w- c:\users\Ольга\ish20129136
2014-01-05 14:57 . 2014-01-05 14:57 -------- d-----w- c:\users\Ольга\ish20104691
2014-01-05 14:42 . 2014-01-05 18:20 -------- d-----w- c:\users\Ольга\acro_rd_dir
2014-01-05 14:06 . 2014-01-05 14:06 1285 ----atw- c:\users\Ольга\MARCDCF.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1342 ----atw- c:\users\Ольга\MARC843.tmp
2014-01-05 09:40 . 2014-01-05 09:40 -------- d-----w- c:\windows\system32\config\systemprofile\KB2604121_10.0.3031 9
2014-01-05 09:40 . 2014-01-05 09:40 -------- d-----w- c:\windows\system32\config\systemprofile\KB2468871v2_10.0.30 319
2014-01-05 09:36 . 2014-01-05 09:36 -------- d-----w- c:\users\Ольга\{D5878294-C113-43c5-A24F-FC333C52015A}
2014-01-05 09:27 . 2014-01-05 09:27 -------- d-----w- c:\users\Ольга\iobit-db-license-tmp
2014-01-05 09:25 . 2014-01-05 09:25 0 ----a-w- c:\windows\system32\config\systemprofile\~2F4B.tmp
2014-01-04 21:16 . 2014-01-04 21:16 -------- d-----w- c:\users\Ольга\OIS
2014-01-01 16:37 . 2014-01-01 16:39 -------- dc----w- C:\977b80be5dd493dc6e05df98a5d26431
2013-12-29 17:30 . 2013-12-29 17:30 -------- d-----w- c:\users\Ольга\AppData\Roaming\Malwarebytes
2013-12-29 17:28 . 2013-12-29 17:28 -------- d-----w- c:\programdata\Malwarebytes
2013-12-29 17:28 . 2013-12-29 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-29 17:28 . 2013-04-04 10:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-29 16:32 . 2013-12-29 16:32 -------- dc----w- C:\c8a979d671045a920a
2013-12-28 21:39 . 2013-12-28 21:39 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-12-28 21:39 . 2013-12-28 21:39 454288 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2013-12-28 21:39 . 2013-12-28 21:39 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2013-12-28 21:19 . 2013-05-22 14:49 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-28 19:52 . 2014-01-04 21:54 -------- d-----w- c:\programdata\ProductData
2013-12-28 19:52 . 2013-12-28 19:52 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-28 19:52 . 2013-12-28 20:47 -------- d-----w- c:\users\Ольга\AppData\Roaming\Obnovi Soft
2013-12-28 19:52 . 2014-01-05 22:13 -------- d-----w- c:\programdata\IObit
2013-12-28 19:50 . 2013-12-28 19:50 -------- d-----w- c:\program files\Obnovi Soft
2013-12-28 19:50 . 2013-12-28 22:19 -------- d-----w- c:\program files\IObit
2013-12-28 19:50 . 2013-12-28 21:19 -------- d-----w- c:\users\Ольга\AppData\Roaming\IObit
2013-12-24 22:21 . 2013-12-24 22:21 -------- d-----w- c:\program files\DLLSuite
2013-12-24 21:39 . 2013-12-24 21:39 -------- d-----w- c:\windows\system32\CatRoot_bak
2013-12-24 21:04 . 2013-12-24 21:04 -------- dc----w- C:\555fcbb4ebe616e9b0dec339df49
2013-12-24 19:57 . 2013-12-24 19:57 -------- d-----w- c:\users\Ольга\AppData\Local\ElevatedDiagnostics
2013-12-21 18:34 . 2013-12-21 18:34 -------- d-----w- c:\users\Ольга\AppData\Roaming\OpenOffice
2013-12-21 18:33 . 2013-12-21 18:33 -------- d-----w- c:\program files\LibreOffice 4
2013-12-21 18:15 . 2013-12-21 18:17 -------- d-----w- c:\program files\OpenOffice 4
2013-12-20 21:00 . 2013-12-20 21:00 -------- d-----w- c:\users\Ольга\AppData\Roaming\DigitalSites
2013-12-19 22:57 . 2013-12-19 22:57 -------- d-----w- c:\windows\Migration
2013-12-19 22:51 . 2013-12-19 22:52 -------- d-----w- c:\users\Ольга\AppData\Local\MigWiz
2013-12-13 17:37 . 2013-11-14 22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-13 17:36 . 2013-11-14 23:18 757488 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-12-13 17:36 . 2013-11-14 22:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-12-13 17:36 . 2013-11-14 22:43 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-12-13 17:36 . 2013-11-14 22:43 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-12-13 17:36 . 2013-11-14 22:44 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-12-13 17:36 . 2013-11-14 22:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-12 09:24 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 09:23 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 09:23 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 09:23 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 09:23 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 09:23 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 09:23 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 09:23 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 09:23 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 09:23 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-08 21:48 . 2014-01-08 21:48 0 ----a-w- c:\users\Ольга\regdll.bat
2014-01-08 21:48 . 2014-01-08 21:48 0 ----a-w- c:\users\Ольга\regdll.bat
2014-01-05 15:29 . 2014-01-05 15:29 206752 ----a-w- c:\users\Ольга\4981B3FC18.sys
2014-01-05 15:29 . 2014-01-05 15:29 206752 ----a-w- c:\users\Ольга\4981B3FC18.sys
2014-01-05 14:06 . 2014-01-05 14:06 1285 ----atw- c:\users\Ольга\MARCDCF.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1285 ----atw- c:\users\Ольга\MARCDCF.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1342 ----atw- c:\users\Ольга\MARC843.tmp
2014-01-05 14:06 . 2014-01-05 14:06 1342 ----atw- c:\users\Ольга\MARC843.tmp
2013-12-28 21:28 . 2011-02-11 15:26 138808 ----a-w- c:\windows\system32\igfxtray.exe
2013-12-28 21:28 . 2008-06-17 13:39 268856 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-12-28 21:28 . 2008-06-12 18:07 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2013-12-28 21:28 . 2008-06-12 18:06 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-12-28 21:28 . 2008-06-12 18:10 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-12-28 21:28 . 2011-02-11 14:40 828928 ----a-w- c:\windows\system32\igfxress.dll
2013-12-28 21:28 . 2011-02-11 14:41 195584 ----a-w- c:\windows\system32\igfxpph.dll
2013-12-28 21:28 . 2008-06-17 13:39 173624 ----a-w- c:\windows\system32\igfxpers.exe
2013-12-28 21:28 . 2009-03-25 05:33 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2013-12-28 21:28 . 2008-06-12 18:06 228864 ----a-w- c:\windows\system32\igfxdev.dll
2013-12-28 21:28 . 2009-03-25 05:39 4896768 ----a-w- c:\windows\system32\igdumd32.dll
2013-12-28 21:28 . 2008-06-12 18:06 95232 ----a-w- c:\windows\system32\hccutils.dll
2013-12-20 23:06 . 2008-06-24 07:00 94208 ----a-w- c:\users\Public\Govoritkomp.exe
2013-12-20 22:34 . 2009-04-02 22:21 57344 ----a-w- c:\programdata\VistaLib32.dll
2013-12-20 22:31 . 2004-08-03 06:53 413696 ----a-w- c:\programdata\Microsoft\Windows\Templates\msvcp60.dll
2013-12-12 11:01 . 2012-05-27 15:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-12 11:01 . 2012-03-07 20:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-10-02 16:43 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 02:13 . 2008-01-21 02:32 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-12-28 19:52 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersio n\Run]
"AlterGeoUpdater"="c:\programdata\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe" [2012-04-06 29728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,userinit.ex e"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 17:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FromDocToPDF Search Scope Monitor]
2013-06-14 21:34 44784 ----a-w- c:\progra~1\FROMDO~2\bar\1.bin\65SrchMn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2013-12-28 21:28 172088 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 19:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2013-12-28 21:28 138808 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
2013-12-13 13:44 1573184 ----a-w- c:\program files\IObit\IObit Malware Fighter\IMF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2013-12-20 20:19 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-09-30 22:23 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-01-27 07:11 947152 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-12-21 13:56 1090040 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2013-12-28 21:28 173624 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-09-01 06:41 499768 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Обнови Софт]
2013-02-03 19:34 182880 ----a-w- c:\program files\Obnovi Soft\ObnoviSoft.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2798522785-2103284568-3630386765-1000]
"EnableNotificationsRef"=dword:00000004
.
R3 36A4C0AF8;36A4C0AF8;c:\windows\Temp\36A4C0AF8.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE44199CA
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 08:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService. exe [2012-05-27 11:01]
.
2014-01-09 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-12-28 07:01]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{5A1D5BFE-4F94-42BA-814F-F1AC3D487D29}.job
- c:\windows\system32\msfeedssync.exe [2011-04-11 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=47656
mStart Page = hxxp://www.smaxi.net
uSearchAssistant = hxxp://webalta.ru/search
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{E9081A99-0747-4271-8FD8-A578F7496063}: NameServer = 84.53.200.24,84.53.199.254
FF - ProfilePath - c:\users\Ольга\AppData\Roaming\Mozilla\Firefox\Profiles\2tn9 z5fl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?clid=47656
FF - ExtSQL: 2013-12-29 04:53; ascsurfingprotection@iobit.com; c:\users\Ольга\AppData\Roaming\Mozilla\Firefox\Profiles \2tn9z5fl.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-12-29 04:53; iobitapps@mybrowserbar.com; c:\program files\IObit Apps Toolbar\FF
FF - ExtSQL: 2013-12-29 06:02; adsremoval@adsremoval.net; c:\users\Ольга\AppData\Roaming\Mozilla\Firefox\Profiles \2tn9z5fl.default\extensions\adsremoval@adsremoval.net
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{64A9418A-B6B1-4112-B75C-E61633C9A31F} - c:\users\8A0A~1\AppData\Local\Temp\mcse32_00.dll
ShellIconOverlayIdentifiers-{6A2E142B-EA63-433A-AC05-5223CBD26E65} - c:\users\8A0A~1\AppData\Local\Temp\mcse32_00.dll
ShellIconOverlayIdentifiers-{6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} - c:\users\8A0A~1\AppData\Local\Temp\mcse32_00.dll
MSConfigStartUp-Guard.Mail.ru - c:\program files\Mail.Ru\Guard\GuardMailRu.exe
MSConfigStartUp-OutpostFeedBack - c:\program files\Agnitum\Outpost Firewall\feedback.exe
MSConfigStartUp-OutpostMonitor - c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe
AddRemove-HP Imaging Device Functions - c:\digital imaging\DeviceManagement\hpzscr01.exe
AddRemove-V-Ray for 3dsmax 2009 for x86 - c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\wininstaller.exe-uninstall=c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\install.log
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4. 5.50938\RUS\\Setup.exe
AddRemove-{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1 - c:\program files\WinZip Driver Updater\unins000.exe
AddRemove-Русификатор Outpost Firewall Free 1.1 - c:\program files\Agnitum\Outpost Firewall\Uninstall.exe
AddRemove-820107548.portal.qtrax.com - c:\program files\Microsoft Silverlight\4.1.10329.0\Silverlight.Configuration.exe
AddRemove-MailRuUpdater - c:\users\Ольга\AppData\Local\Mail.Ru\MailRuUpdater.exe
.
.
.
************************************************************ **************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-09 18:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************************ **************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2798522785-2103284568-3630386765-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50A5FC80-6B2E-770F-89E6-A175EC943223}*]
@Allowed: (Read) (RestrictedCode)
"lbpfkjkcmlhmgbnpeondgplnhbmamlkicmoannoihekebpnmongejjia"=h ex:65,61,65,70,66,
6c,63,6a,61,70,00,6e
"lbpfkjkcmlhmgbopdlemmkoiafjlpnkpjghnhmkmccpamfilojjjhhnm"=h ex:6b,61,70,6f,63,
63,68,65,66,65,66,6e,6f,61,68,63,6e,70,6c,67,65,6c,00,00
.
[HKEY_USERS\S-1-5-21-2798522785-2103284568-3630386765-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0293ED1-CE69-BB39-E2B3-A896993C96BC}*]
@Allowed: (Read) (RestrictedCode)
"napcbnfkpohepljedkolonpleike"=hex:6b,61,70,6e,6e,6b,61,61,6 c,69,63,68,6a,62,
6b,6c,70,6c,66,6e,65,6f,00,00
"napcbnfkpoheplgeihfjnbiioikn"=hex:65,61,68,6c,69,65,67,6d,6 a,65,00,68
.
[HKEY_USERS\S-1-5-21-2798522785-2103284568-3630386765-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:6f,be,aa,d3,86,90,df,39,11,2c,d8,4d,43,7a,6f, 78,2b,f7,01,0e,7e,
99,8c,e1,2f,a8,e9,0e,bd,8a,66,67,a4,56,8f,b8,02,0f,12,8a,84, 27,13,30,e6,72,\
"rkeysecu"=hex:6c,80,ac,62,41,8e,1b,89,b3,c5,0b,33,7e,42,38, 03
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b8
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-01-09 18:24:28
ComboFix-quarantined-files.txt 2014-01-09 14:24
.
Pre-Run: 12*926*578*688 байт свободно
Post-Run: 22*355*636*224 байт свободно
.
- - End Of File - - D8BC6B538D886147CF949DAF081D27C1
85D751F0E41B8E520AEE8C07A8DA777B
0
Модератор
Эксперт Windows
7549 / 3268 / 233
Регистрация: 25.10.2010
Сообщений: 13,337
09.01.2014, 19:15 5
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,userinit.ex e"
uSearchAssistant = hxxp://webalta.ru/search
А не вири ли у Вас на компе?
http://www.freedrweb.com/livecd/ попробуйте проверить
1
1 / 1 / 0
Регистрация: 05.01.2014
Сообщений: 11
09.01.2014, 19:35  [ТС] 6
Цитата Сообщение от Persk Посмотреть сообщение
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,userinit.ex e"
uSearchAssistant = hxxp://webalta.ru/search
А не вири ли у Вас на компе?
http://www.freedrweb.com/livecd/ попробуйте проверить
на ноуте дисковод не работает.отдельно дисковода нет.что делать?ведь этот файл надо записать на диск.а возможности такой нет.помогите
0
Почетный модератор
Эксперт по компьютерным сетямЭксперт Windows
28023 / 15750 / 971
Регистрация: 15.09.2009
Сообщений: 67,775
Записей в блоге: 78
09.01.2014, 19:39 7
есть аналог для флешки.
1
1 / 1 / 0
Регистрация: 05.01.2014
Сообщений: 11
09.01.2014, 19:43  [ТС] 8
Цитата Сообщение от magirus Посмотреть сообщение
есть аналог для флешки.
дайте пожалуйста ссылку
0
Почетный модератор
Эксперт по компьютерным сетямЭксперт Windows
28023 / 15750 / 971
Регистрация: 15.09.2009
Сообщений: 67,775
Записей в блоге: 78
09.01.2014, 19:44 9
на сайте доктора веба.
1
Модератор
Эксперт Windows
7549 / 3268 / 233
Регистрация: 25.10.2010
Сообщений: 13,337
09.01.2014, 19:50 10
http://www.freedrweb.com/liveusb
0
1 / 1 / 0
Регистрация: 05.01.2014
Сообщений: 11
09.01.2014, 20:03  [ТС] 11
Цитата Сообщение от and1978 Посмотреть сообщение
на ноуте дисковод не работает.отдельно дисковода нет.что делать?ведь этот файл надо записать на диск.а возможности такой нет.помогите
как запустить теперь со флэшки?там папка и текстовый документ.качал на флэшку.

Добавлено через 1 минуту
Цитата Сообщение от Persk Посмотреть сообщение
как запустить теперь со флэшки?там папка и текстовый документ.качал на флэшку.
0
Модератор
Эксперт HardwareЭксперт Windows
14387 / 7339 / 648
Регистрация: 03.01.2012
Сообщений: 30,260
10.01.2014, 12:19 12
http://www.freedrweb.com/liveusb/how_it_works/
Если вы, батенька, даже ссылку перед своим носом на открытой странице ДоктораВэба не видите, наверное, вам есть смысл не вмешиваться самому, а обратиться к специалисту...
0
0 / 0 / 0
Регистрация: 09.01.2014
Сообщений: 21
13.01.2014, 22:15 13
Это из за косячного обновления виндовз, точнее косячных пакетов. Их надо удалить. винда оригинальная или сборка?
0
IT_Exp
Эксперт
87844 / 49110 / 22898
Регистрация: 17.06.2006
Сообщений: 92,604
13.01.2014, 22:15

Заказываю контрольные, курсовые, дипломные работы и диссертации здесь.

Windows XP виснет при старте любых программ с сетевого диска
УВАЖАЕМЫЕ ФОРУМЧАНЕ ПОМОГИТЕ ПОЖАЛУЙСТА!!! Опишу подробнее. Есть сеть (с доменами и т.д. если это...

В панели управления в меню "Установка и удаление программ"пропали значки установленных программ
Таже самая беда. В панели управления в меню "Установка и удаление программ"пропали значки...

Исчезли столбцы даты установки и типа программ в "Установка и удаление программ"
Исчезли даты уставноки и тип программ. Просто пусто, пытался откатить и гуглить. Первое не помогло,...

При открытии любых программ и также игр в полноэкранном режиме, происходит сворачивание этих окон
в чем проблема?

Установка Microsoft SQL Server 2017 (2019) заканчивается ошибкой У установщика недостаточно прав для доступа к каталогу
Установка заканчивается ошибкой (текст из Лог-файла): "У установщика недостаточно прав для...

Установка программ
Где можно найти готовые для установки пакеты программ для слакваре?


Искать еще темы с ответами

Или воспользуйтесь поиском по форуму:
13
Ответ Создать тему
Опции темы

КиберФорум - форум программистов, компьютерный форум, программирование
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.