Созданные ответы форума
-
Сообщения
-
Добрый день, Валерий! 🙂
Восстановить драйвера сетевых плат без переустановки не удалось… Видимо, я в панике очень старательно жала на все кнопочки… И что-то все-таки повредила или удалила 🙄 Сейчас все ок! Надеюсь, что Вы подтвердите, что у меня все в порядке и чисто. 🙂Logfile of random’s system information tool 1.06 (written by random/random)
Run by Таня at 2009-05-16 21:59:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 62 GB (89%) free of 70 GB
Total RAM: 2047 MB (78% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:18, on 16.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:Program FilesJavajre1.5.0_06binjusched.exe
C:WINDOWSRTHDCPL.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesWinampwinampa.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsТаняРабочий столRSIT.exe
C:Program Filestrend microТаня.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsТаняApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.5.0_06binssv.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsТаняApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O4 — HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
O4 — HKLM..Run: [motoregcheck] C:Program FilesCommon FilesMotorolaBroadbandSB5101RegCheck.exe
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_06binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_06binssv.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242481240468
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242481331250
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7987 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.5.0_06binssv.dll [2005-11-10 184423][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsТаняApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-02-12 119808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SunJavaUpdateSched»=C:Program FilesJavajre1.5.0_06binjusched.exe [2005-11-10 36975]
«motoregcheck»=C:Program FilesCommon FilesMotorolaBroadbandSB5101RegCheck.exe [2004-09-30 1439426]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-10-16 16855552]
«SkyTel»=C:WINDOWSSkyTel.EXE [2007-10-11 1826816]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2009-03-09 37888][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«Download Master»=C:Program FilesDownload Masterdmaster.exe [2008-09-17 3294720][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-06-03 139264][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-05-16 21:59:05 —-D—- C:rsit
2009-05-16 21:59:05 —-D—- C:Program Filestrend micro
2009-05-16 21:09:49 —-D—- C:Documents and SettingsТаняApplication DataQIP.Online
2009-05-16 20:30:18 —-D—- C:Documents and SettingsТаняApplication DataFastStone
2009-05-16 20:30:14 —-D—- C:Program FilesFastStone Image Viewer
2009-05-16 20:27:42 —-D—- C:Downloads
2009-05-16 20:27:26 —-D—- C:Documents and SettingsТаняApplication DataDownload Master
2009-05-16 20:26:39 —-D—- C:Program FilesDownload Master
2009-05-16 20:16:42 —-A—- C:WINDOWSsystem32h323log.txt
2009-05-16 20:13:50 —-A—- C:WINDOWSsystem32usbui.dll
2009-05-16 20:13:45 —-D—- C:Documents and SettingsТаняApplication DataArtweaver
2009-05-16 20:13:11 —-A—- C:WINDOWSimsins.BAK
2009-05-16 20:13:09 —-SHD—- C:WINDOWSInstaller
2009-05-16 20:13:09 —-D—- C:Program FilesCommon FilesODBC
2009-05-16 20:13:09 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-05-16 20:13:09 —-A—- C:WINDOWSODBCINST.INI
2009-05-16 20:13:06 —-RD—- C:Program Files
2009-05-16 20:13:06 —-D—- C:Program FilesCommon FilesSpeechEngines
2009-05-16 20:13:06 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-05-16 20:13:06 —-D—- C:Program FilesCommon Files
2009-05-16 20:13:03 —-RA—- C:WINDOWSsystem32kbdtuq.dll
2009-05-16 20:13:03 —-RA—- C:WINDOWSsystem32kbdtuf.dll
2009-05-16 20:13:03 —-RA—- C:WINDOWSsystem32kbdazel.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdhept.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdhela3.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdhela2.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdhe319.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdhe220.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdgkl.dll
2009-05-16 20:13:01 —-RA—- C:WINDOWSsystem32kbdhe.dll
2009-05-16 20:13:00 —-RA—- C:WINDOWSsystem32kbdlv1.dll
2009-05-16 20:13:00 —-RA—- C:WINDOWSsystem32kbdlv.dll
2009-05-16 20:13:00 —-RA—- C:WINDOWSsystem32kbdlt1.dll
2009-05-16 20:13:00 —-RA—- C:WINDOWSsystem32kbdlt.dll
2009-05-16 20:13:00 —-RA—- C:WINDOWSsystem32kbdest.dll
2009-05-16 20:12:59 —-RA—- C:WINDOWSsystem32kbdsl1.dll
2009-05-16 20:12:59 —-RA—- C:WINDOWSsystem32kbdsl.dll
2009-05-16 20:12:59 —-RA—- C:WINDOWSsystem32kbdro.dll
2009-05-16 20:12:59 —-RA—- C:WINDOWSsystem32kbdpl1.dll
2009-05-16 20:12:59 —-RA—- C:WINDOWSsystem32kbdpl.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdycl.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdhu1.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdhu.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdcz2.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdcz1.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdcz.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdcr.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32KBDAL.DLL
2009-05-16 20:12:56 —-A—- C:WINDOWSsystem32kbdmon.dll
2009-05-16 20:12:56 —-A—- C:WINDOWSsystem32kbdkyr.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdycc.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbduzb.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdur.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdtat.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdkaz.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdbu.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdblr.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdaze.dll
2009-05-16 20:12:54 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-05-16 20:12:54 —-A—- C:WINDOWSsystem32irclass.dll
2009-05-16 20:12:54 —-A—- C:WINDOWSsystem32EqnClass.Dll
2009-05-16 20:12:54 —-A—- C:WINDOWSsystem32dgsetup.dll
2009-05-16 20:12:54 —-A—- C:WINDOWSsystem32dgrpsetu.dll
2009-05-16 20:12:52 —-N—- C:WINDOWSsystem32CONFIG.TMP
2009-05-16 20:12:52 —-A—- C:WINDOWSTASKMAN.EXE
2009-05-16 20:12:51 —-A—- C:WINDOWSsystem32batt.dll
2009-05-16 20:12:49 —-A—- C:WINDOWSnotepad.exe
2009-05-16 20:12:48 —-A—- C:WINDOWSsystem32storprop.dll
2009-05-16 20:12:41 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET3D.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET3C.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET3B.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET3A.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET39.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET38.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET37.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET36.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET35.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET34.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET33.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET32.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET31.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET30.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2F.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2E.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2D.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2C.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2B.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2A.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET29.tmp
2009-05-16 20:11:28 —-RA—- C:WINDOWSSET28.tmp
2009-05-16 20:11:28 —-RA—- C:WINDOWSSET27.tmp
2009-05-16 20:11:28 —-RA—- C:WINDOWSSET26.tmp
2009-05-16 20:11:28 —-RA—- C:WINDOWSSET25.tmp
2009-05-16 20:11:27 —-RA—- C:WINDOWSSET24.tmp
2009-05-16 20:11:26 —-RA—- C:WINDOWSSET23.tmp
2009-05-16 20:11:25 —-RA—- C:WINDOWSSET22.tmp
2009-05-16 20:11:25 —-RA—- C:WINDOWSSET21.tmp
2009-05-16 20:10:54 —-RA—- C:WINDOWSSET8.tmp
2009-05-16 20:10:52 —-RA—- C:WINDOWSSET4.tmp
2009-05-16 20:10:51 —-RA—- C:WINDOWSSET3.tmp
2009-05-16 20:10:47 —-D—- C:WINDOWSsystem32CatRoot2
2009-05-16 20:10:47 —-D—- C:WINDOWSsystem32CatRoot
2009-05-16 20:10:42 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-05-16 20:10:23 —-A—- C:WINDOWSsetuplog.txt
2009-05-16 20:10:21 —-D—- C:Documents and Settings
2009-05-16 20:10:20 —-SHD—- C:System Volume Information
2009-05-16 20:09:21 —-SH—- C:boot.ini
2009-05-16 20:04:30 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-05-16 20:04:30 —-RSD—- C:WINDOWSFonts
2009-05-16 20:04:30 —-RD—- C:WINDOWSWeb
2009-05-16 20:04:30 —-HD—- C:WINDOWSinf
2009-05-16 20:04:30 —-D—- C:WINDOWSWinSxS
2009-05-16 20:04:30 —-D—- C:WINDOWStwain_32
2009-05-16 20:04:30 —-D—- C:WINDOWSTemp
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32wins
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32wbem
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32usmt
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32spool
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32ShellExt
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32Setup
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32ras
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32oobe
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32npp
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32mui
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32inetsrv
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32IME
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32icsxml
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32ias
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32export
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32drivers
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32dhcp
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32config
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem323com_dmi
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem323076
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem322052
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321054
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321049
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321042
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321041
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321037
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321033
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321031
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321028
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321025
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem
2009-05-16 20:04:30 —-D—- C:WINDOWSsecurity
2009-05-16 20:04:30 —-D—- C:WINDOWSResources
2009-05-16 20:04:30 —-D—- C:WINDOWSrepair
2009-05-16 20:04:30 —-D—- C:WINDOWSProvisioning
2009-05-16 20:04:30 —-D—- C:WINDOWSPeerNet
2009-05-16 20:04:30 —-D—- C:WINDOWSpchealth
2009-05-16 20:04:30 —-D—- C:WINDOWSmui
2009-05-16 20:04:30 —-D—- C:WINDOWSmsapps
2009-05-16 20:04:30 —-D—- C:WINDOWSmsagent
2009-05-16 20:04:30 —-D—- C:WINDOWSMedia
2009-05-16 20:04:30 —-D—- C:WINDOWSjava
2009-05-16 20:04:30 —-D—- C:WINDOWSime
2009-05-16 20:04:30 —-D—- C:WINDOWSHelp
2009-05-16 20:04:30 —-D—- C:WINDOWSDriver Cache
2009-05-16 20:04:30 —-D—- C:WINDOWSDebug
2009-05-16 20:04:30 —-D—- C:WINDOWSCursors
2009-05-16 20:04:30 —-D—- C:WINDOWSConnection Wizard
2009-05-16 20:04:30 —-D—- C:WINDOWSConfig
2009-05-16 20:04:30 —-D—- C:WINDOWSAppPatch
2009-05-16 20:04:30 —-D—- C:WINDOWSaddins
2009-05-16 20:04:30 —-D—- C:WINDOWS
2009-05-16 19:50:38 —-A—- C:WINDOWSsystem32rmoc3260.dll
2009-05-16 19:50:38 —-A—- C:WINDOWSsystem32pndx5032.dll
2009-05-16 19:50:38 —-A—- C:WINDOWSsystem32pndx5016.dll
2009-05-16 19:50:38 —-A—- C:WINDOWSsystem32pncrt.dll
2009-05-16 19:50:37 —-A—- C:WINDOWSsystem32unrar.dll
2009-05-16 19:50:34 —-A—- C:WINDOWSsystem32yv12vfw.dll
2009-05-16 19:50:34 —-A—- C:WINDOWSsystem32xvidvfw.dll
2009-05-16 19:50:34 —-A—- C:WINDOWSsystem32xvidcore.dll
2009-05-16 19:50:33 —-A—- C:WINDOWSsystem32qt-dx331.dll
2009-05-16 19:50:33 —-A—- C:WINDOWSsystem32dpl100.dll
2009-05-16 19:50:32 —-A—- C:WINDOWSsystem32divx.dll
2009-05-16 19:50:31 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2009-05-16 19:50:31 —-A—- C:WINDOWSsystem32ff_vfw.dll
2009-05-16 19:50:29 —-A—- C:WINDOWSsystem32pthreadGC2.dll
2009-05-16 19:50:28 —-D—- C:Program FilesK-Lite Codec Pack
2009-05-16 19:50:28 —-D—- C:Documents and SettingsТаняApplication DataReal
2009-05-16 19:50:28 —-D—- C:Documents and SettingsAll UsersApplication DataReal
2009-05-16 19:49:23 —-D—- C:Program Filescodek
2009-05-16 19:41:15 —-D—- C:Program Files7-Zip
2009-05-16 19:36:16 —-D—- C:WINDOWSRegisteredPackages
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32vxblock.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxwave.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxsfs.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxmas.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxinsa64.exe
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxhpinst.exe
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxdrv.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxcpya64.exe
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxafs.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32px.dll
2009-05-16 19:35:33 —-D—- C:Program FilesWinamp
2009-05-16 19:35:33 —-D—- C:Documents and SettingsТаняApplication DataWinamp
2009-05-16 19:33:36 —-D—- C:Documents and SettingsТаняApplication DataQIP
2009-05-16 19:33:16 —-D—- C:Program FilesQIP Infium
2009-05-16 19:32:17 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-05-16 19:32:10 —-D—- C:Program FilesAdobe
2009-05-16 19:24:02 —-A—- C:WINDOWSsystem32NeroCheck.exe
2009-05-16 19:23:43 —-D—- C:Program FilesCommon FilesNero
2009-05-16 19:23:06 —-N—- C:WINDOWSUNNeroVision.exe
2009-05-16 19:23:05 —-N—- C:WINDOWSsystem32msxml3a.dll
2009-05-16 19:22:36 —-N—- C:WINDOWSsystem32TwnLib4.dll
2009-05-16 19:22:36 —-D—- C:Documents and SettingsAll UsersApplication DataAhead
2009-05-16 19:22:35 —-N—- C:WINDOWSsystem32ImagXRA7.dll
2009-05-16 19:22:35 —-N—- C:WINDOWSsystem32ImagXR7.dll
2009-05-16 19:22:35 —-N—- C:WINDOWSsystem32ImagXpr7.dll
2009-05-16 19:22:35 —-N—- C:WINDOWSsystem32ImagX7.dll
2009-05-16 19:22:34 —-N—- C:WINDOWSsystem32picn20.dll
2009-05-16 19:22:34 —-A—- C:WINDOWSsystem32TwnLib20.dll
2009-05-16 19:22:28 —-D—- C:Program FilesCommon FilesAhead
2009-05-16 19:22:26 —-D—- C:Program FilesAhead
2009-05-16 19:18:43 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-05-16 19:18:43 —-A—- C:WINDOWSsystem32mucltui.dll
2009-05-16 19:15:35 —-D—- C:Program FilesMicrosoft Works
2009-05-16 19:15:24 —-D—- C:Program FilesMicrosoft Visual Studio
2009-05-16 19:15:24 —-D—- C:Program FilesCommon FilesDESIGNER
2009-05-16 19:15:10 —-D—- C:Program FilesMicrosoft.NET
2009-05-16 19:13:53 —-D—- C:WINDOWSSHELLNEW
2009-05-16 19:13:40 —-D—- C:Program FilesMicrosoft Office
2009-05-16 19:13:40 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-05-16 19:13:22 —-RHD—- C:MSOCache
2009-05-16 19:09:06 —-SHD—- C:RECYCLER
2009-05-16 19:08:34 —-A—- C:Program FilesUninstall Spy Blocker.dll
2009-05-16 19:00:39 —-AD—- C:Program FilesZoneAlarmSB
2009-05-16 18:59:45 —-D—- C:Documents and SettingsAll UsersApplication DataMailFrontier
2009-05-16 18:59:36 —-A—- C:WINDOWSsystem32SpOrder.dll
2009-05-16 18:59:18 —-D—- C:WINDOWSsystem32ZoneLabs
2009-05-16 18:58:02 —-D—- C:WINDOWSInternet Logs
2009-05-16 18:54:06 —-D—- C:WINDOWSie8updates
2009-05-16 18:53:58 —-D—- C:WINDOWSWBEM
2009-05-16 18:53:13 —-HDC—- C:WINDOWSie8
2009-05-16 18:52:48 —-A—- C:WINDOWSsystem32MRT.exe
2009-05-16 18:52:09 —-HDC—- C:WINDOWS$NtUninstallKB963027$
2009-05-16 18:52:05 —-HDC—- C:WINDOWS$NtUninstallKB959426$
2009-05-16 18:52:02 —-HDC—- C:WINDOWS$NtUninstallKB960803$
2009-05-16 18:51:57 —-HDC—- C:WINDOWS$NtUninstallKB952004$
2009-05-16 18:51:48 —-HDC—- C:WINDOWS$NtUninstallKB956572$
2009-05-16 18:51:44 —-HDC—- C:WINDOWS$NtUninstallKB961373$
2009-05-16 18:51:40 —-HDC—- C:WINDOWS$NtUninstallKB923561$
2009-05-16 18:51:35 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-05-16 18:51:32 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-05-16 18:51:30 —-HDC—- C:WINDOWS$NtUninstallKB938464-v2$
2009-05-16 18:51:26 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-05-16 18:51:23 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-05-16 18:51:20 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-05-16 18:51:17 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-05-16 18:51:13 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-05-16 18:51:10 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2009-05-16 18:51:07 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-05-16 18:51:03 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-05-16 18:51:00 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-05-16 18:50:56 —-HDC—- C:WINDOWS$NtUninstallKB954459$
2009-05-16 18:50:53 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-05-16 18:50:49 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-05-16 18:50:46 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2009-05-16 18:50:43 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-05-16 18:50:40 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-05-16 18:50:37 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-05-16 18:50:33 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2009-05-16 18:50:29 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-05-16 18:50:24 —-HDC—- C:WINDOWS$NtUninstallKB951978$
2009-05-16 18:50:21 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-05-16 18:50:18 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-05-16 18:50:12 —-HDC—- C:WINDOWS$NtUninstallKB950760$
2009-05-16 18:33:10 —-A—- C:WINDOWSsystem32MSVCR71.dll
2009-05-16 18:33:10 —-A—- C:WINDOWSsystem32MSVCP71.dll
2009-05-16 18:33:10 —-A—- C:WINDOWSsystem32MFC71.dll
2009-05-16 18:33:10 —-A—- C:WINDOWSsystem32aswBoot.exe
2009-05-16 18:33:06 —-D—- C:Program FilesAlwil Software
2009-05-16 18:06:47 —-D—- C:WINDOWSPrefetch
2009-05-16 18:03:41 —-D—- C:WINDOWSsystem32ru-ru
2009-05-16 18:03:41 —-D—- C:WINDOWSsystem32ru
2009-05-16 18:03:41 —-D—- C:WINDOWSsystem32bits
2009-05-16 18:03:41 —-D—- C:WINDOWSl2schemas
2009-05-16 18:02:56 —-D—- C:WINDOWSServicePackFiles
2009-05-16 18:01:48 —-D—- C:WINDOWSnetwork diagnostic
2009-05-16 17:59:55 —-HDC—- C:WINDOWS$NtServicePackUninstall$
2009-05-16 17:59:55 —-D—- C:WINDOWSEHome
2009-05-16 17:51:05 —-A—- C:WINDOWSsystem32wpa.bak
2009-05-16 17:47:09 —-D—- C:Documents and SettingsAll UsersApplication DataWindows Genuine Advantage
2009-05-16 17:44:32 —-D—- C:WINDOWSsystem32PreInstall
2009-05-16 17:44:31 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2009-05-16 17:41:16 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-05-16 17:41:16 —-A—- C:WINDOWSsystem32wups2.dll
2009-05-16 17:41:16 —-A—- C:WINDOWSsystem32wucltui.dll.mui
2009-05-16 17:41:16 —-A—- C:WINDOWSsystem32wuaueng.dll.mui
2009-05-16 17:41:16 —-A—- C:WINDOWSsystem32wuapi.dll.mui
2009-05-16 17:26:08 —-D—- C:WINDOWSsystem32Lang
2009-05-16 17:24:41 —-A—- C:WINDOWSsystem32ChCfg.exe
2009-05-16 17:24:28 —-D—- C:WINDOWSsystem32RTCOM
2009-05-16 17:24:16 —-A—- C:WINDOWSSoundMan.exe
2009-05-16 17:24:16 —-A—- C:WINDOWSSkyTel.exe
2009-05-16 17:24:16 —-A—- C:WINDOWSRtlUpd.exe
2009-05-16 17:24:16 —-A—- C:WINDOWSRTLCPL.exe
2009-05-16 17:24:12 —-A—- C:WINDOWSRTHDCPL.exe
2009-05-16 17:24:12 —-A—- C:WINDOWSMicCal.exe
2009-05-16 17:24:11 —-A—- C:WINDOWSalcwzrd.exe
2009-05-16 17:24:11 —-A—- C:WINDOWSAlcmtr.exe
2009-05-16 17:24:06 —-A—- C:WINDOWSRtlExUpd.dll
2009-05-16 17:24:06 —-A—- C:WINDOWSHideWin.exe
2009-05-16 17:24:01 —-D—- C:Program FilesCommon FilesInstallShield
2009-05-16 17:22:58 —-HD—- C:Program FilesInstallShield Installation Information
2009-05-16 17:22:58 —-D—- C:WINDOWSOPTIONS
2009-05-16 17:22:58 —-D—- C:Program FilesRealtek
2009-05-16 17:22:51 —-D—- C:Documents and SettingsТаняApplication DataInstallShield
2009-05-16 17:22:10 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-05-16 17:22:08 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-05-16 17:22:08 —-D—- C:Program FilesIntel
2009-05-16 17:22:08 —-A—- C:WINDOWSsystem32CSVer.dll
2009-05-16 17:22:01 —-D—- C:Intel
2009-05-16 16:52:49 —-D—- C:Program FilesCommon FilesMotorola
2009-05-16 16:42:06 —-D—- C:Program FilesCommon FilesAdobe
2009-05-16 16:37:34 —-RA—- C:WINDOWSsystem32atiiiexx.dll
2009-05-16 16:37:33 —-RA—- C:WINDOWSsystem32ATIDEMGX.dll
2009-05-16 16:31:11 —-A—- C:WINDOWSsystem32ksuser.dll
2009-05-16 16:31:00 —-A—- C:WINDOWSsystem32wmpns.dll
2009-05-16 16:30:59 —-D—- C:Documents and SettingsТаняApplication DataIdentities
2009-05-16 16:30:57 —-HD—- C:Program FilesUninstall Information
2009-05-16 16:29:36 —-RSD—- C:WINDOWSassembly
2009-05-16 16:29:36 —-D—- C:WINDOWSsystem32URTTemp
2009-05-16 16:29:36 —-D—- C:WINDOWSMicrosoft.NET
2009-05-16 16:29:28 —-SD—- C:Documents and SettingsТаняApplication DataMicrosoft
2009-05-16 16:29:28 —-ASH—- C:Documents and SettingsТаняApplication Datadesktop.ini
2009-05-16 16:28:42 —-D—- C:WINDOWSSoftwareDistribution
2009-05-16 16:28:39 —-SD—- C:WINDOWSsystem32Microsoft
2009-05-16 16:28:39 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-16 16:25:31 —-D—- C:WINDOWSsystem32xircom
2009-05-16 16:25:31 —-D—- C:Program Filesxerox
2009-05-16 16:25:31 —-D—- C:Program Filesmicrosoft frontpage
2009-05-16 16:24:49 —-A—- C:WINDOWSsystem32javaws.exe
2009-05-16 16:24:49 —-A—- C:WINDOWSsystem32javaw.exe
2009-05-16 16:24:49 —-A—- C:WINDOWSsystem32java.exe
2009-05-16 16:24:28 —-D—- C:Program FilesJava
2009-05-16 16:24:27 —-D—- C:Program FilesCommon FilesJava
2009-05-16 16:24:17 —-D—- C:WINDOWSfsc
2009-05-16 16:24:15 —-D—- C:AddOn
2009-05-16 16:24:14 —-A—- C:WINDOWSsystem32OEMINFO.INI
2009-05-16 16:21:30 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-05-16 16:21:14 —-N—- C:WINDOWSsystem32spmsg.dll
2009-05-16 16:21:13 —-HD—- C:WINDOWS$hf_mig$
2009-05-16 16:21:02 —-A—- C:WINDOWScontrol.ini
2009-05-16 16:21:02 —-A—- C:AUTOEXEC.BAT
2009-05-16 16:20:54 —-A—- C:WINDOWSOEWABLog.txt
2009-05-16 16:20:50 —-A—- C:WINDOWSsystem32mapi32.dll
2009-05-16 16:20:16 —-RD—- C:WINDOWSOffline Web Pages
2009-05-16 16:20:15 —-SD—- C:WINDOWSDownloaded Program Files
2009-05-16 16:20:15 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2009-05-16 16:20:11 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-05-16 16:20:08 —-HD—- C:Program FilesWindowsUpdate
2009-05-16 16:20:05 —-D—- C:Program FilesOnline Services
2009-05-16 16:19:52 —-D—- C:WINDOWSsystem32DirectX
2009-05-16 16:19:35 —-A—- C:WINDOWSsystem32atrace.dll
2009-05-16 16:19:33 —-A—- C:WINDOWSsystem32desktop.ini
2009-05-16 16:19:33 —-A—- C:WINDOWSdesktop.ini
2009-05-16 16:19:27 —-A—- C:WINDOWSsystem32nmevtmsg.dll
2009-05-16 16:19:26 —-A—- C:WINDOWSsystem32acctres.dll
2009-05-16 16:19:25 —-D—- C:Program FilesCommon FilesServices
2009-05-16 16:19:23 —-SD—- C:WINDOWSTasks
2009-05-16 16:19:23 —-A—- C:WINDOWSsystem32icfgnt5.dll
2009-05-16 16:19:22 —-D—- C:Program FilesCommon FilesMSSoap
2009-05-16 16:19:19 —-D—- C:WINDOWSsystem32Macromed
2009-05-16 16:19:19 —-D—- C:WINDOWSsrchasst
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuweb.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wups.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wucltui.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuauserv.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuaueng1.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuaueng.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuauclt1.exe
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuauclt.exe
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuapi.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32bitsprx3.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32bitsprx2.dll
2009-05-16 16:19:15 —-A—- C:WINDOWSsystem32qmgrprxy.dll
2009-05-16 16:19:15 —-A—- C:WINDOWSsystem32qmgr.dll
2009-05-16 16:19:12 —-D—- C:Program FilesMovie Maker
2009-05-16 16:19:09 —-A—- C:WINDOWSsystem32safrslv.dll
2009-05-16 16:19:09 —-A—- C:WINDOWSsystem32safrdm.dll
2009-05-16 16:19:09 —-A—- C:WINDOWSsystem32safrcdlg.dll
2009-05-16 16:19:09 —-A—- C:WINDOWSsystem32racpldlg.dll
2009-05-16 16:19:06 —-D—- C:WINDOWSsystem32Restore
2009-05-16 16:19:06 —-A—- C:WINDOWSsystem32srsvc.dll
2009-05-16 16:19:06 —-A—- C:WINDOWSsystem32srrstr.dll
2009-05-16 16:19:06 —-A—- C:WINDOWSsystem32srclient.dll
2009-05-16 16:19:06 —-A—- C:WINDOWSsystem32fltmc.exe
2009-05-16 16:19:06 —-A—- C:WINDOWSsystem32fltlib.dll
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32nmmkcert.dll
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32msconf.dll
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32mnmsrvc.exe
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32mnmdd.dll
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32isrdbg32.dll
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32ils.dll
2009-05-16 16:19:03 —-D—- C:Program FilesNetMeeting
2009-05-16 16:19:03 —-A—- C:WINDOWSsystem32msoert2.dll
2009-05-16 16:19:02 —-A—- C:WINDOWSsystem32msoeacct.dll
2009-05-16 16:19:02 —-A—- C:WINDOWSsystem32inetres.dll
2009-05-16 16:19:02 —-A—- C:WINDOWSsystem32inetcomm.dll
2009-05-16 16:19:00 —-D—- C:Program FilesOutlook Express
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32schedsvc.dll
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32mstinit.exe
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32mstask.dll
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32isign32.dll
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32icwphbk.dll
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32icwdial.dll
2009-05-16 16:18:59 —-A—- C:WINDOWSsystem32inetcfg.dll
2009-05-16 16:18:55 —-D—- C:Program FilesCommon FilesSystem
2009-05-16 16:18:51 —-D—- C:Program FilesInternet Explorer
2009-05-16 16:18:41 —-D—- C:Program FilesComPlus Applications
2009-05-16 16:18:40 —-A—- C:WINDOWSvbaddin.ini
2009-05-16 16:18:40 —-A—- C:WINDOWSvb.ini
2009-05-16 16:18:35 —-D—- C:WINDOWSRegistration
2009-05-16 16:18:14 —-D—- C:Program FilesWindows Media Player
2009-05-16 16:18:09 —-D—- C:Program FilesMessenger
2009-05-16 16:18:06 —-D—- C:Program FilesMSN Gaming Zone
2009-05-16 16:18:06 —-A—- C:WINDOWSsystem32write.exe
2009-05-16 16:17:59 —-A—- C:WINDOWSsystem32sndvol32.exe
2009-05-16 16:17:58 —-A—- C:WINDOWSsystem32winchat.exe
2009-05-16 16:17:58 —-A—- C:WINDOWSsystem32hticons.dll
2009-05-16 16:17:58 —-A—- C:WINDOWSsystem32avwav.dll
2009-05-16 16:17:58 —-A—- C:WINDOWSsystem32avtapi.dll
2009-05-16 16:17:58 —-A—- C:WINDOWSsystem32avmeter.dll
2009-05-16 16:17:52 —-A—- C:WINDOWSsystem32getuname.dll
2009-05-16 16:17:51 —-A—- C:WINDOWSsystem32winmine.exe
2009-05-16 16:17:51 —-A—- C:WINDOWSsystem32sol.exe
2009-05-16 16:17:51 —-A—- C:WINDOWSsystem32mshearts.exe
2009-05-16 16:17:51 —-A—- C:WINDOWSsystem32charmap.exe
2009-05-16 16:17:51 —-A—- C:WINDOWSsystem32calc.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32usrlogon.cmd
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32tsshutdn.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32tslabels.ini
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32tskill.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32tsdiscon.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32tscon.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32shadow.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32rwinsta.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32reset.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32freecell.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32regini.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32rdpcfgex.dll
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32qwinsta.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32qappsrv.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32msg.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32msdtcprf.ini
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32logoff.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32cdmodem.dll
2009-05-16 16:17:48 —-RA—- C:WINDOWSsystem32comrepl.dll
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32stclient.dll
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32mtxlegih.dll
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32mtxex.dll
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32mtxdm.dll
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32dcomcnfg.exe
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32comaddin.dll
2009-05-16 16:17:47 —-A—- C:WINDOWSsystem32comsnap.dll
2009-05-16 16:17:44 —-A—- C:WINDOWSsystem32wmimgmt.msc
2009-05-16 16:17:43 —-A—- C:WINDOWSsystem32accwiz.exe
2009-05-16 16:17:42 —-D—- C:Program FilesWindows NT
2009-05-16 16:17:42 —-A—- C:WINDOWSsystem32sndrec32.exe
2009-05-16 16:17:42 —-A—- C:WINDOWSsystem32mspaint.exe
2009-05-16 16:17:42 —-A—- C:WINDOWSsystem32mplay32.exe
2009-05-16 16:17:42 —-A—- C:WINDOWSsystem32hypertrm.dll
2009-05-16 16:17:42 —-A—- C:WINDOWSsystem32clipbrd.exe
2009-05-16 16:17:41 —-A—- C:WINDOWSsystem32tscfgwmi.dll
2009-05-16 16:17:41 —-A—- C:WINDOWSsystem32spider.exe
2009-05-16 16:17:41 —-A—- C:WINDOWSsystem32mstscax.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32tscupgrd.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32termsrv.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32sessmgr.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32remotepg.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdshost.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdsaddin.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdpwsx.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdpsnd.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdpclip.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdchost.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32qprocess.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32mstsc.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32icaapi.dll
2009-05-16 16:17:39 —-RA—- C:WINDOWSsystem32mtxoci.dll
2009-05-16 16:17:39 —-RA—- C:WINDOWSsystem32msdtcuiu.dll
2009-05-16 16:17:39 —-RA—- C:WINDOWSsystem32msdtcprx.dll
2009-05-16 16:17:39 —-D—- C:WINDOWSsystem32MsDtc
2009-05-16 16:17:39 —-A—- C:WINDOWSsystem32cfgbkend.dll
2009-05-16 16:17:38 —-RA—- C:WINDOWSsystem32xolehlp.dll
2009-05-16 16:17:38 —-RA—- C:WINDOWSsystem32msdtctm.dll
2009-05-16 16:17:38 —-A—- C:WINDOWSsystem32msdtclog.dll
2009-05-16 16:17:38 —-A—- C:WINDOWSsystem32msdtc.exe
2009-05-16 16:17:37 —-RA—- C:WINDOWSsystem32colbact.dll
2009-05-16 16:17:37 —-RA—- C:WINDOWSsystem32clbcatex.dll
2009-05-16 16:17:37 —-RA—- C:WINDOWSsystem32catsrvut.dll
2009-05-16 16:17:37 —-RA—- C:WINDOWSsystem32catsrv.dll
2009-05-16 16:17:37 —-D—- C:WINDOWSsystem32Com
2009-05-16 16:17:37 —-A—- C:WINDOWSsystem32catsrvps.dll
2009-05-16 16:17:36 —-RA—- C:WINDOWSsystem32comuid.dll
2009-05-16 16:17:36 —-RA—- C:WINDOWSsystem32comsvcs.dll
2009-05-16 16:17:36 —-RA—- C:WINDOWSsystem32clbcatq.dll
2009-05-16 16:17:32 —-A—- C:WINDOWSsystem32servdeps.dll
2009-05-16 16:17:32 —-A—- C:WINDOWSsystem32mmfutil.dll
2009-05-16 16:17:32 —-A—- C:WINDOWSsystem32licwmi.dll
2009-05-16 16:17:31 —-A—- C:WINDOWSsystem32cmprops.dll======List of files/folders modified in the last 1 months======
2009-05-16 20:13:05 —-A—- C:WINDOWSsystem.ini
2009-05-16 19:14:02 —-A—- C:WINDOWSwin.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 BIOS;BIOS; ??C:WINDOWSsystem32driversBIOS.sys []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-06-03 3100160]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:WINDOWSsystem32driversAtiHdmi.sys [2007-11-14 84992]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-10-16 4615168]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-01-03 105856]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-06-03 552960]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
EOF
info.txt logfile of random’s system information tool 1.06 2009-05-16 21:59:19
======Uninstall list======
—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
50 FREE MP3s +1 Free Audiobook!—>»C:Program FilesWinampeMusicUninst-eMusic-promotion.exe»
7-Zip 4.65—>»C:Program Files7-ZipUninstall.exe»
Adobe Reader 9.1 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A91000000001}
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
Download Master version 5.5.6.1139—>»C:Program FilesDownload Masterunins000.exe»
FastStone Image Viewer 3.2—>C:Program FilesFastStone Image Vieweruninst.exe
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
J2SE Runtime Environment 5.0 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
K-Lite Mega Codec Pack 4.7.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
Microsoft .NET Framework 1.1 Hotfix (KB928366)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Basic 2007—>MsiExec.exe /X{91120000-0013-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Базовый 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall BASICR /dll OSETUP.DLL
Nero Suite—>C:Program FilesCommon FilesNeroUninstallSetupx.exe /uninstall ExtraUninstallID=»»
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}setup.exe -runfromtemp -l0x0019 -removeonly
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923789)—>C:WINDOWSsystem32MacroMedFlashgenuinst.exe C:WINDOWSsystem32MacroMedFlashKB923789.inf
Обновление безопасности для Windows XP (KB938464-v2)—>»C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961373)—>»C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB963027)—>»C:WINDOWS$NtUninstallKB963027$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление для Windows Internet Explorer 8 (KB969497)—>»C:WINDOWSie8updatesKB969497-IE8spuninstspuninst.exe»
Обновление для Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Обновление для Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090515-0]
======System event log======
Computer Name: 02D7623668974E8
Event Code: 15007
Message: Резервирование пространства имен URL с префиксом «http://*:2869/» было добавлено успешно.Record Number: 5
Source Name: HTTP
Time Written: 20090516162007.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 6011
Message: NetBIOS-имя и имя DNS-узла этого компьютера были изменены с «MACHINENAME» на «02D7623668974E8».Record Number: 4
Source Name: EventLog
Time Written: 20090516161649.000000+240
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 2
Message: При проверке, что DeviceSerial0 является последовательным портом, обнаружена и будет использоваться прямая очередь.Record Number: 3
Source Name: Serial
Time Written: 20090516201046.000000+240
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 6005
Message: Запущена служба журнала событий.Record Number: 2
Source Name: EventLog
Time Written: 20090516201026.000000+240
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.Record Number: 1
Source Name: EventLog
Time Written: 20090516201026.000000+240
Event Type: информация
User:=====Application event log=====
Computer Name: 02D7623668974E8
Event Code: 1000
Message: Счетчики производительности для службы ContentIndex (ContentIndex) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20090516161815.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20090516161814.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20090516161724.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20090516161659.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20090516161658.000000+240
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Здравствуйте, Валерий! 🙂
Долго думала, в какой же момент я лоханулась… ❓ Поняла… Когда лечила флэшку и карту памяти. Для «особо одаренных» было примечание:Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
К сожалению значение некоторых фраз понимаешь тогда, когда уже поздно… Почему-то я решила, что одного раза запуска программы достаточно…. 🙄 Сегодня несколько раз запускала, что бы флэшку с картой очистить… Вроде бы избавилась от рассадника заразы. Спасибо Вам еще раз за помощь, постараюсь больше не допускать ошибок. 😀
Добрый день, Валерий! 🙂
Не долго я радовалась хорошей работе компа… Вс-таки что-то сделала не так. На этот раз все сломала капитально… Начлось с того, что решила на PSP закачать новую игрушку. Подключила карту памяти в картридер и тут Аваст начал сходить с ума… 😯 Сначала он начал верещать, что на диске I (эта карта памяти) autorun.inf троян, попытки удалити или что-нить сделать не получались, через мнгновение на диске С в драйверах обнаружилось с пару десятков руткитов, которые тоже не удалялись и не лечились. (это все произошло настолько быстро, что я растерялась и вверглась в панику…) Карту памяти вытащила, но было уже поздно, одной минуты хватило, что бы полетели все драйвера: ATI, все звуковые, видео и игровые ус-ва, стандартный контроллер гибких дисков, порт принтера, Intel (R) 82801G (ICH7 Family) USB2 Enhanced Host Controller-27CC, все сетевые платы, драйвер Microsoft System Management BIOS, драйвера шины UAA, устройство обнавления микропрограмм, джостик, весь картридер… 🙄 Не могу получить IP адрес, техподдержка Акадо, промучившись, вынесла вердикт, что это что-то с системой.
Эта карта памяти проходила дизинфекцию вместе с флэшкой, наверное что-то не так сделала… Нада Винд переустанавливать? Или новый комп купить? 🙂Еще раз добрый день! 🙂
Сейчас комп работает отлично! Везде меня пускают, ничего не крякает и не выскакивают никакие предупреждающие таблички! ВСЕ ПРОСТО СУПЕР! СПАСИБО БОЛЬШОЕ-ПРЕБОЛЬШОЕ !!! 😀 А почему у меня колонки комп не видит? А что мне делать с загруженными программами? А можно я пришлю RSIT от второго компа? 🙄Здравствуйте Валерий!
Задачи все усложняются… Надеюсь, что все сделала правильно… Точнее, что-то я сделала не так, но надеюсь, что это не смертельно… 🙄 Судя по логу, что-то не так с консолью восстановления… И что теперь будет? Лог:ComboFix 09-05-11.08 — Admin 12.05.2009 21:27.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1624 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAdminApplication Datawiaserva.log
c:documents and settingsLocalServiceApplication Datasysproc64
c:documents and settingsLocalServiceApplication Datasysproc64sysproc32.sys
c:documents and settingsLocalServiceApplication Datatwain_32
c:documents and settingsLocalServiceApplication Datatwain_32user.ds
c:program filesCommon Filessvchost.exe
c:program filesInternet Explorerrundll32
c:windowssystem32oembios.exe
c:windowssystem32sysproc64
c:windowssystem32sysproc64sysproc32.sys
c:windowssystem32sysproc64sysproc32.sys.cla
c:windowssystem32sysproc64sysproc86.sys
c:windowssystem32twain_32
c:windowssystem32twain_32local.ds
c:windowssystem32twain_32user.ds
c:windowssystem32twain_32user.ds.cla
c:windowssystem32wincreate.exe.
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.2009-05-12 17:28 . 2009-05-12 17:28
d-sh—w c:windowssystem32sysproc64
2009-05-11 17:21 . 2009-05-11 17:21
d
w C:_OTMoveIt
2009-05-10 16:51 . 2009-05-10 16:51
d-sh—w c:documents and settingsLocalServiceIETldCache
2009-05-08 12:27 . 2009-05-08 12:27
d
w c:windowsSun
2009-05-08 11:06 . 2009-05-08 11:06
d—h—w c:windowssystem32GroupPolicy
2009-05-07 17:47 . 2009-05-11 17:34
d
w c:program filestrend micro
2009-05-07 17:47 . 2009-05-07 17:47
d
w C:rsit
2009-05-07 17:01 . 2009-05-07 17:01
d
w c:documents and settingsAll UsersШаблоны
2009-05-07 16:05 . 2009-05-08 16:04 664 —-a-w c:windowssystem32d3d9caps.dat
2009-05-07 15:35 . 2008-10-16 10:06 268648 —-a-w c:windowssystem32mucltui.dll
2009-05-07 15:35 . 2007-07-30 16:18 207736 —-a-w c:windowssystem32muweb.dll
2009-05-07 15:35 . 2008-05-20 15:41 203096 —-a-w c:windowssystem32wuweb.dll
2009-05-07 15:35 . 2008-10-16 10:09 43544 —-a-w c:windowssystem32wups2.dll
2009-05-07 15:35 . 2008-10-16 10:08 34328 -c—a-w c:windowssystem32dllcachewups.dll
2009-05-07 15:35 . 2008-10-16 10:08 34328 —-a-w c:windowssystem32wups.dll
2009-05-07 15:35 . 2008-05-20 15:41 325976 —-a-w c:windowssystem32wucltui.dll
2009-05-07 15:35 . 2008-05-20 15:41 1712984 —-a-w c:windowssystem32wuaueng.dll
2009-05-07 15:35 . 2008-05-20 15:55 80216 —-a-w c:windowssystem32wuauclt.exe
2009-05-07 15:35 . 2008-05-20 15:55 596824 —-a-w c:windowssystem32wuapi.dll
2009-05-07 15:35 . 2008-05-20 15:41 92504 —-a-w c:windowssystem32cdm.dll
2009-05-07 12:39 . 2009-05-07 12:39
d-sh—w c:documents and settingsAdminPrivacIE
2009-05-07 12:39 . 2009-05-07 12:39
d-sh—w c:documents and settingsAdminIETldCache
2009-05-07 12:38 . 2009-05-07 12:38
d-sh—w c:windowssystem32configsystemprofileIETldCache
2009-05-07 12:35 . 2009-05-07 12:35
d
w c:windowsie8updates
2009-05-07 12:35 . 2009-05-07 15:47
d—h—w c:windows$hf_mig$
2009-05-07 12:34 . 2009-01-07 14:21 26144 —-a-w c:windowssystem32spupdsvc.exe
2009-05-07 12:33 . 2009-05-07 12:34
dc-h—w c:windowsie8
2009-05-07 12:31 . 2009-02-28 04:55 105984 -c—-w c:windowssystem32dllcacheiecompat.dll
2009-05-07 12:26 . 2009-05-07 12:26 17028448 —-a-w c:program filesIE8-WindowsXP-x86-RUS.exe
2009-05-05 06:03 . 2009-05-05 06:03
d
w C:Downloads
2009-05-05 06:03 . 2009-05-05 07:23
d
w c:documents and settingsAdminApplication DataDownload Master
2009-05-05 06:02 . 2009-05-05 06:02
d
w c:program filesDownload Master
2009-05-05 06:00 . 2009-05-05 06:00 5679033 —-a-w c:program filesdmaster.exe
2009-05-03 10:25 . 2009-05-03 10:25
d
w c:documents and settingsAdminLocal SettingsApplication DataНовый Импульс Центр
2009-04-30 15:54 . 2009-04-30 15:54
d
w c:documents and settingsAdminLocal SettingsApplication DataSTARGAZE_IMAGE_CACHE
2009-04-30 15:54 . 2009-04-30 15:54
d
w c:documents and settingsAll UsersApplication DataAlawar Stargaze
2009-04-30 15:54 . 2009-04-30 15:54
d
w c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-04-30 15:53 . 2009-05-06 10:23
d
w c:program filesAlawar.ru
2009-04-30 15:53 . 2009-04-30 15:53 63502968 —-a-w c:program filesAlawarRuMasyanasTabloidAdventuresRus_4.exe
2009-04-30 13:17 . 2009-04-30 13:17
d
w c:documents and settingsAdminApplication DataMedia Player Classic
2009-04-30 06:04 . 2009-04-30 06:04
d
w c:program filesFormatFactory
2009-04-30 06:02 . 2009-04-30 06:02 17005555 —-a-w c:program filesFFSetup185.zip
2009-04-27 09:30 . 2009-04-27 09:30
d
w c:windowssystem32Lang
2009-04-27 09:30 . 2009-04-27 09:30
d
w c:documents and settingsAdminApplication DataATI
2009-04-26 16:52 . 2009-05-10 16:10
d
w c:windowssystem32NtmsData
2009-04-26 16:44 . 2009-04-26 16:44
d
w c:documents and settingsAdminLocal SettingsApplication DataPmcc
2009-04-25 16:28 . 2009-04-25 16:28
d
w c:documents and settingsAdminApplication DataPmcc
2009-04-25 16:28 . 2009-04-25 16:28
d
w c:program filesPmcc
2009-04-25 15:41 . 2009-04-25 15:41
d
w c:program filesAlwil Software
2009-04-24 14:10 . 2009-04-24 14:10
d
w c:documents and settingsAdminApplication DataShape games
2009-04-24 14:05 . 2009-04-24 14:05 32371585 —-a-w c:program filesparanormal_rus.exe
2009-04-22 16:57 . 2009-04-22 16:57
d
w c:program filesESET
2009-04-21 11:04 . 2009-04-21 11:04
d
w c:windowsLogs
2009-04-20 18:00 . 2009-04-20 18:00
d
w c:documents and settingsAll UsersApplication DataElectronic Arts
2009-04-19 20:26 . 2009-04-19 20:26
d
w c:program filesElectronic Arts
2009-04-19 20:26 . 2009-04-19 20:26
d
w C:ProgramData
2009-04-19 20:25 . 2009-04-19 20:25
d
w c:documents and settingsAdminLocal SettingsApplication DataDownloaded Installations
2009-04-19 20:08 . 2009-04-19 20:08
d
w c:program filesEA Sports
2009-04-18 09:19 . 2009-04-18 09:19
d
w c:program filesNikita
2009-04-16 13:27 . 2009-04-16 13:27
d
w c:documents and settingsAdminApplication DataGogii Games
2009-04-16 13:27 . 2009-04-24 14:10
d
w C:Игры от NevoSoft
2009-04-16 13:26 . 2009-04-16 13:26 95940088 —-a-w c:program filesbook_of_legends_rus.exe
2009-04-15 15:54 . 2009-04-15 15:54
d
w c:documents and settingsAdminApplication Datarambler.ru
2009-04-15 15:53 . 2009-04-16 16:43
d
w c:program filesRambler Assistant
2009-04-15 15:53 . 2009-04-15 17:12
d
w c:documents and settingsAdminApplication DataICQ
2009-04-15 15:53 . 2009-04-15 15:55
d
w c:program filesICQ6.5
2009-04-15 15:51 . 2009-04-15 15:51 16442944 —-a-w c:program filesinstall_rambler_icq65.exe
2009-04-13 16:23 . 2009-04-13 16:23
d
w c:program files1C.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 17:26 . 2008-11-22 17:28 64368 —-a-w c:documents and settingsAdminLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-08 11:54 . 2008-04-15 12:00 77082 —-a-w c:windowssystem32perfc019.dat
2009-05-08 11:54 . 2008-04-15 12:00 449004 —-a-w c:windowssystem32perfh019.dat
2009-05-07 16:09 . 2009-01-04 12:30
d
w c:program filesUtkonos
2009-05-07 15:15 . 2008-05-20 15:54 1497088 —-a-w c:windowssystem32setupapi.dll
2009-05-05 06:03 . 2008-11-22 17:38
d
w c:program filesOpera
2009-04-25 16:30 . 2008-11-22 17:29
d
w c:program filesRealtek
2009-04-25 16:07 . 2009-04-03 03:49 100 —s-a-w c:windowssystem323360381096.dat
2009-04-22 16:56 . 2009-04-22 16:56 35194880 —-a-w c:program fileseav_nt32_rus.msi
2009-04-19 20:25 . 2008-11-22 17:19
d
w c:program filesCommon FilesInstallShield
2009-04-15 15:54 . 2008-11-22 17:19
d—h—w c:program filesInstallShield Installation Information
2009-04-10 11:54 . 2009-04-10 11:54 15436579 —-a-w c:program filesRPL_09._tfile.ru_.exe
2009-04-06 08:14 . 2009-04-06 08:14
d
w c:program filesQIP
2009-04-06 08:14 . 2009-04-06 08:13 2231090 —-a-w c:program filesqip8092.exe
2009-04-03 09:39 . 2009-04-02 08:54
d
w c:program filesCall of Duty
2009-03-28 19:36 . 2009-03-28 19:36
d
w c:program filesGroove Games
2009-03-08 00:34 . 2008-05-20 15:54 914944 —-a-w c:windowssystem32wininet.dll
2009-03-08 00:34 . 2008-05-20 15:48 43008 —-a-w c:windowssystem32licmgr10.dll
2009-03-08 00:33 . 2008-05-20 15:48 18944 —-a-w c:windowssystem32corpol.dll
2009-03-08 00:33 . 2008-05-20 15:48 420352 —-a-w c:windowssystem32vbscript.dll
2009-03-08 00:32 . 2008-05-20 15:48 72704 —-a-w c:windowssystem32admparse.dll
2009-03-08 00:32 . 2008-05-20 15:48 71680 —-a-w c:windowssystem32iesetup.dll
2009-03-08 00:31 . 2008-04-15 12:00 34816 —-a-w c:windowssystem32imgutil.dll
2009-03-08 00:31 . 2008-05-20 15:48 48128 —-a-w c:windowssystem32mshtmler.dll
2009-03-08 00:31 . 2008-05-20 15:48 45568 —-a-w c:windowssystem32mshta.exe
2009-03-08 00:22 . 2008-05-20 15:48 156160 —-a-w c:windowssystem32msls31.dll
2009-01-04 12:30 . 2009-01-04 12:30 4780927 —-a-w c:program filesInstallMicro.zip
2009-01-04 12:28 . 2009-01-04 12:28 10546375 —-a-w c:program filesUpdate.zip
.
Sigcheck
[-] 2008-05-20 15:54 579072 23B7D3F3F5EC8FEEA75EC381C71CBD5E c:windowssystem32user32.dll[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windowsSoftwareDistributionDownload8811f08beda44a8d3c249b9d00773202sp3gdrtcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:windowsSoftwareDistributionDownload8811f08beda44a8d3c249b9d00773202sp3qfetcpip.sys
[-] 2008-05-20 15:52 361344 030DC4D48CC2B894FEE2F390D8E66AD5 c:windowssystem32driverstcpip.sys[-] 2008-05-20 15:53 1721344 DC5D73A9809B66026231A9D49DE6987F c:windowsexplorer.exe
[-] 2008-05-20 15:53 30208 AE0DB25EE10900C73D923AD5880564CF c:windowssystem32ctfmon.exe
[-] 2008-05-20 15:55 80216 5F38B1B965527C6F5C30DEDAB0AB0550 c:windowssystem32wuauclt.exe
[-] 2008-05-20 16:29 1571840 46D60730EE2DF438750B38370425BC74 c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«EA Core»=»c:program filesElectronic ArtsEADMCore.exe» [2009-03-28 3325952]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2009-04-24 3777536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«AmlMaple»=»c:program filesAmlMapleAmlMaple.exe» [2008-04-24 91648]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-01-21 61440]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«NevoDRM»=»c:игры от nevosoftNevoDRMNevoDRM.exe» [2008-12-11 41984]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.exe [2007-10-16 16855552]
«SkyTel»=»SkyTel.EXE» — c:windowsSkyTel.exe [2007-10-11 1826816][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-05-20 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512]
«IE7_012″=»advpack.dll» — c:windowssystem32advpack.dll [2009-03-08 128512][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«Userinit»=»c:windowssystem32userinit.exe,c:windowssystem32oembios.exe,»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Electronic Arts\EADM\Core.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [25.04.2009 19:41 114768]
R1 BIOS;BIOS;c:windowssystem32driversBIOS.sys [22.11.2008 21:28 13696]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [25.04.2009 19:41 20560]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:windowssystem32driversAtiHdmi.sys [22.11.2008 21:20 84992]— Other Services/Drivers In Memory —
*NewlyCreated* — DRMKAUD
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8544eed6-b987-11dd-88e5-00e04d8ce554}]
ShellAutoRuncommand — c:windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
ShellExplorecommand — K:system.exe
ShellOpencommand — K:system.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9ac00742-b8cf-11dd-88d9-806d6172696f}]
ShellAutoRuncommand — E:Autorun.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 21:28
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1275210071-308236825-1177238915-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
«88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,2d,3f,fe,92,23,1b,49,b0,cf,dd,
«2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,2d,3f,fe,92,23,1b,49,b0,cf,dd,
«6256FFB019F8FDFBD36745B06F4540E9AEAF222A25″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,2d,3f,fe,92,23,1b,49,b0,cf,dd,
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(672)
c:windowssystem32SETUPAPI.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll— — — — — — — > ‘lsass.exe'(736)
c:windowssystem32setupapi.dll
.
Completion time: 2009-05-12 21:29
ComboFix-quarantined-files.txt 2009-05-12 17:29Pre-Run: 32 724 893 696 байт свободно
Post-Run: 32 772 743 168 байт свободноCurrent=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
240Комп стал работать намного быстрее… 🙂 Давно он так не работал, спасибо! 🙂 Но в Панеле управления все-равно никуда не пускают, кроме Администр., Шрифты и Сетевое подключение.
Тут у меня дочка настойчиво интересуется: Где учат на анти-хакеров? Что ребенку ответить, что бы выглядить достойно? 🙄RSIT лог:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-05-11 21:34:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (62%) free of 50 GB
Total RAM: 2047 MB (80% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:19, on 11.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSexplorer.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program FilesAmlMapleAmlMaple.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Игры от NevoSoftNevoDRMrun.exe
C:Program FilesElectronic ArtsEADMCore.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32oembios.exe,
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [AmlMaple] C:Program FilesAmlMapleAmlMaple.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [NevoDRM] «C:Игры от NevoSoftNevoDRMNevoDRM.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [EA Core] «C:Program FilesElectronic ArtsEADMCore.exe» -silent
O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) — http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231929639_795f076bdd4ff27edc9b562d60a948bd&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Планировщик заданий (Schedule) — Unknown owner — C:WINDOWSsystem32driversservices.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 8561 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-01-14 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2009-04-16 158208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-01-14 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-01-14 73728][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«AmlMaple»=C:Program FilesAmlMapleAmlMaple.exe [2008-04-25 91648]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-01-21 61440]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-10-16 16855552]
«SkyTel»=C:WINDOWSSkyTel.EXE [2007-10-11 1826816]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000]
«NevoDRM»=C:Игры от NevoSoftNevoDRMNevoDRM.exe [2008-12-11 41984][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-05-20 30208]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«EA Core»=C:Program FilesElectronic ArtsEADMCore.exe [2009-03-29 3325952]
«Download Master»=C:Program FilesDownload Masterdmaster.exe [2009-04-24 3777536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-06-03 139264][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesElectronic ArtsEADMCore.exe»=»C:Program FilesElectronic ArtsEADMCore.exe:*:Disabled:EA Download Manager»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Disabled:ICQ»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8544eed6-b987-11dd-88e5-00e04d8ce554}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shellExplorecommand — K:system.exe
shellOpencommand — K:system.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9ac00742-b8cf-11dd-88d9-806d6172696f}]
shellAutoRuncommand — E:Autorun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9ac00746-b8cf-11dd-88d9-806d6172696f}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shellExplorecommand — I:system.exe
shellOpencommand — I:system.exe======List of files/folders created in the last 1 months======
2009-05-11 21:21:36 —-D—- C:_OTMoveIt
2009-05-11 21:13:24 —-RASHD—- C:autorun.inf
2009-05-08 16:27:50 —-D—- C:WINDOWSSun
2009-05-08 15:06:05 —-HD—- C:WINDOWSsystem32GroupPolicy
2009-05-07 21:47:40 —-D—- C:rsit
2009-05-07 21:47:40 —-D—- C:Program Filestrend micro
2009-05-07 21:00:06 —-D—- C:WINDOWSsystem32DirectX
2009-05-07 19:42:13 —-D—- C:WINDOWSsystem32PreInstall
2009-05-07 19:42:12 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2009-05-07 19:35:21 —-A—- C:WINDOWSsystem32muweb.dll
2009-05-07 19:35:21 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-05-07 19:35:21 —-A—- C:WINDOWSsystem32mucltui.dll
2009-05-07 19:35:16 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-05-07 19:35:16 —-A—- C:WINDOWSsystem32wuweb.dll
2009-05-07 19:35:16 —-A—- C:WINDOWSsystem32wups2.dll
2009-05-07 19:35:16 —-A—- C:WINDOWSsystem32wups.dll
2009-05-07 19:35:16 —-A—- C:WINDOWSsystem32wucltui.dll
2009-05-07 19:35:16 —-A—- C:WINDOWSsystem32wuaueng.dll
2009-05-07 19:35:15 —-A—- C:WINDOWSsystem32wuauclt.exe
2009-05-07 19:35:15 —-A—- C:WINDOWSsystem32wuapi.dll
2009-05-07 19:35:15 —-A—- C:WINDOWSsystem32cdm.dll
2009-05-07 19:17:21 —-A—- C:WINDOWSsetuplog.txt
2009-05-07 16:35:31 —-HD—- C:WINDOWS$hf_mig$
2009-05-07 16:35:31 —-D—- C:WINDOWSie8updates
2009-05-07 16:34:32 —-N—- C:WINDOWSsystem32spmsg.dll
2009-05-07 16:34:29 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-05-07 16:33:27 —-HDC—- C:WINDOWSie8
2009-05-07 16:32:04 —-A—- C:WINDOWSsystem32MRT.exe
2009-05-07 16:26:30 —-A—- C:Program FilesIE8-WindowsXP-x86-RUS.exe
2009-05-07 14:33:15 —-A—- C:WINDOWSsystem32wincreate.exe
2009-05-07 13:40:55 —-A—- C:WINDOWSsystem32redirect_key.txt
2009-05-07 13:26:35 —-A—- C:WINDOWSntbtlog.txt
2009-05-07 10:40:54 —-A—- C:WINDOWSsystem32mess_add.txt
2009-05-05 10:03:35 —-D—- C:Downloads
2009-05-05 10:03:07 —-D—- C:Documents and SettingsAdminApplication DataDownload Master
2009-05-05 10:02:28 —-D—- C:Program FilesDownload Master
2009-05-05 10:00:50 —-A—- C:Program Filesdmaster.exe
2009-05-02 10:04:08 —-SHD—- C:WINDOWSsystem32sysproc64
2009-04-30 19:54:20 —-D—- C:Documents and SettingsAll UsersApplication DataAlawar Stargaze
2009-04-30 19:54:16 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-04-30 19:53:31 —-D—- C:Program FilesAlawar.ru
2009-04-30 19:53:08 —-A—- C:Program FilesAlawarRuMasyanasTabloidAdventuresRus_4.exe
2009-04-30 17:17:48 —-D—- C:Documents and SettingsAdminApplication DataMedia Player Classic
2009-04-30 10:04:14 —-D—- C:Program FilesFormatFactory
2009-04-30 10:04:06 —-D—- C:Documents and SettingsAdminApplication DataWinRAR
2009-04-27 13:30:28 —-D—- C:WINDOWSsystem32Lang
2009-04-27 13:30:14 —-D—- C:Documents and SettingsAdminApplication DataATI
2009-04-26 20:52:11 —-D—- C:WINDOWSsystem32NtmsData
2009-04-25 20:28:30 —-D—- C:Documents and SettingsAdminApplication DataPmcc
2009-04-25 20:28:23 —-D—- C:Program FilesPmcc
2009-04-25 19:41:32 —-A—- C:WINDOWSsystem32aswBoot.exe
2009-04-25 19:41:30 —-D—- C:Program FilesAlwil Software
2009-04-25 16:54:29 —-AH—- C:Program FilesCommon Filessvchost.exe
2009-04-24 18:10:50 —-D—- C:Documents and SettingsAdminApplication DataShape games
2009-04-24 18:05:33 —-A—- C:Program Filesparanormal_rus.exe
2009-04-22 20:57:18 —-D—- C:Program FilesESET
2009-04-21 15:05:21 —-A—- C:WINDOWSsystem32d3dx10_40.dll
2009-04-21 15:05:21 —-A—- C:WINDOWSsystem32D3DCompiler_40.dll
2009-04-21 15:05:20 —-A—- C:WINDOWSsystem32XAudio2_3.dll
2009-04-21 15:05:20 —-A—- C:WINDOWSsystem32XAPOFX1_2.dll
2009-04-21 15:05:20 —-A—- C:WINDOWSsystem32xactengine3_3.dll
2009-04-21 15:05:20 —-A—- C:WINDOWSsystem32X3DAudio1_5.dll
2009-04-21 15:05:20 —-A—- C:WINDOWSsystem32D3DX9_40.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32XAudio2_2.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32XAPOFX1_1.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32xactengine3_2.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32D3DX9_39.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32d3dx10_39.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32D3DCompiler_39.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32XAudio2_1.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32XAPOFX1_0.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32xactengine3_1.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32X3DAudio1_4.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32d3dx10_38.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32D3DCompiler_38.dll
2009-04-21 15:05:17 —-A—- C:WINDOWSsystem32D3DX9_38.dll
2009-04-21 15:04:40 —-D—- C:WINDOWSLogs
2009-04-20 22:00:36 —-D—- C:Documents and SettingsAll UsersApplication DataElectronic Arts
2009-04-20 00:26:17 —-D—- C:Program FilesElectronic Arts
2009-04-20 00:26:15 —-D—- C:ProgramData
2009-04-20 00:08:54 —-D—- C:Program FilesEA Sports
2009-04-18 13:19:41 —-D—- C:Program FilesNikita
2009-04-16 17:27:45 —-D—- C:Documents and SettingsAdminApplication DataGogii Games
2009-04-16 17:27:24 —-D—- C:Игры от NevoSoft
2009-04-16 17:26:01 —-A—- C:Program Filesbook_of_legends_rus.exe
2009-04-15 19:54:00 —-D—- C:Documents and SettingsAdminApplication Datarambler.ru
2009-04-15 19:53:59 —-D—- C:Program FilesRambler Assistant
2009-04-15 19:53:59 —-D—- C:Documents and SettingsAdminApplication DataMozilla
2009-04-15 19:53:27 —-D—- C:Documents and SettingsAdminApplication DataICQ
2009-04-15 19:53:09 —-D—- C:Program FilesICQ6.5
2009-04-15 19:51:51 —-A—- C:Program Filesinstall_rambler_icq65.exe
2009-04-13 20:23:51 —-D—- C:Program Files1C
2009-04-13 12:11:47 —-SHD—- C:WINDOWSsystem32twain_32======List of files/folders modified in the last 1 months======
2009-05-11 21:26:00 —-D—- C:WINDOWSTemp
2009-05-11 21:25:50 —-D—- C:WINDOWSsystem32
2009-05-11 21:24:26 —-D—- C:WINDOWSsystem32CatRoot2
2009-05-11 21:21:50 —-D—- C:WINDOWSsystem32drivers
2009-05-11 21:21:50 —-D—- C:WINDOWS
2009-05-10 19:55:01 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-05-10 15:44:46 —-A—- C:WINDOWSNeroDigital.ini
2009-05-10 14:39:06 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-05-08 20:35:35 —-D—- C:WINDOWSNetwork Diagnostic
2009-05-08 20:04:52 —-D—- C:WINDOWSsystem32config
2009-05-08 15:54:30 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-05-07 21:47:40 —-RD—- C:Program Files
2009-05-07 21:43:08 —-HD—- C:WINDOWSinf
2009-05-07 21:20:18 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-05-07 21:02:23 —-SHD—- C:WINDOWSInstaller
2009-05-07 20:09:50 —-D—- C:Program FilesUtkonos
2009-05-07 19:35:17 —-D—- C:WINDOWSHelp
2009-05-07 19:15:35 —-A—- C:WINDOWSsystem32setupapi.dll
2009-05-07 16:37:08 —-D—- C:WINDOWSsystem32ru-ru
2009-05-07 16:37:07 —-D—- C:WINDOWSMedia
2009-05-07 16:37:07 —-D—- C:Program FilesInternet Explorer
2009-05-07 16:35:33 —-A—- C:WINDOWSimsins.BAK
2009-05-07 16:32:05 —-D—- C:WINDOWSDebug
2009-05-05 10:03:35 —-D—- C:Program FilesOpera
2009-05-01 13:22:24 —-D—- C:WINDOWSsystem32Restore
2009-04-30 19:07:43 —-D—- C:WINDOWSsystem32wbem
2009-04-30 11:10:03 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-04-27 13:30:21 —-D—- C:WINDOWSSoftwareDistribution
2009-04-26 20:42:44 —-D—- C:Program FilesWinRAR
2009-04-26 20:41:21 —-D—- C:WINDOWSsystem32spool
2009-04-25 20:30:37 —-D—- C:WINDOWSWinSxS
2009-04-25 20:30:37 —-D—- C:WINDOWSsystem32oobe
2009-04-25 20:30:37 —-D—- C:WINDOWSsystem32mui
2009-04-25 20:30:37 —-D—- C:WINDOWSsystem32inetsrv
2009-04-25 20:30:36 —-D—- C:WINDOWSRegistration
2009-04-25 20:30:35 —-RSD—- C:WINDOWSassembly
2009-04-25 20:30:35 —-D—- C:WINDOWSpchealth
2009-04-25 20:30:35 —-D—- C:WINDOWSime
2009-04-25 20:30:30 —-D—- C:Program FilesWindows Media Player
2009-04-25 20:30:25 —-D—- C:Program FilesRealtek
2009-04-25 20:30:23 —-D—- C:Program FilesCommon Files
2009-04-25 20:30:21 —-D—- C:Documents and SettingsAdminApplication DataAdobe
2009-04-20 00:25:58 —-D—- C:Program FilesCommon FilesInstallShield
2009-04-15 19:54:01 —-HD—- C:Program FilesInstallShield Installation Information======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 BIOS;BIOS; ??C:WINDOWSsystem32driversBIOS.sys []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-06-03 3100160]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-01-03 105856]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-05-20 30336]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-05-20 59520]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-05-20 20608]
S3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:WINDOWSsystem32driversAtiHdmi.sys [2007-11-14 84992]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-10-16 4615168]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-06-03 552960]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-01-14 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
S2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-06-02 593920]
S2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
EOF
И снова здравствуйте! 🙂
Продолжаю выполнять инструкции… Еще хочу извинится за нарушения Правил форума ( в начале нашего общения ) … Извините, я не специально и не со зла… 🙂 Итак, MovedFiles лог:========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
ServiceDriver Nups stopped successfully.
ServiceDriver Nups deleted successfully.
ServiceDriver Nups stopped successfully.
ServiceDriver DcomLaunchDcomLaunch deleted successfully.
ServiceDriver Nups stopped successfully.
ServiceDriver msupdate deleted successfully.
ServiceDriver Nups stopped successfully.
ServiceDriver usprserv deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8544eed6-b987-11dd-88e5-00e04d8ce554}\ deleted successfully.
========== FILES ==========
File move failed. C:WINDOWSsystem32mssrv32.exe scheduled to be moved on reboot.
C:WINDOWSmssrvc moved successfully.
File move failed. C:WINDOWSsystem32oembios.exe scheduled to be moved on reboot.
File/Folder C:WINDOWSsystem32actmoviem.exe not found.
C:WINDOWSSystem32DRIVERSnups.sys moved successfully.
K:system.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~1AdminLOCALS~1Temp~DF5B24.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1AdminLOCALS~1Temp~DF5B53.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1AdminLOCALS~1Temp~DF5C03.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1AdminLOCALS~1Temp~DF5C30.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsAdminLocal SettingsTemporary Internet FilesContent.IE5X4ZJC8ESviewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempPerflib_Perfdata_528.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 05112009_212136
Files moved on Reboot…
C:WINDOWSsystem32mssrv32.exe moved successfully.
File move failed. C:WINDOWSsystem32oembios.exe scheduled to be moved on reboot.
File C:DOCUME~1AdminLOCALS~1Temp~DF5B24.tmp not found!
File C:DOCUME~1AdminLOCALS~1Temp~DF5B53.tmp not found!
File C:DOCUME~1AdminLOCALS~1Temp~DF5C03.tmp not found!
File C:DOCUME~1AdminLOCALS~1Temp~DF5C30.tmp not found!
C:Documents and SettingsAdminLocal SettingsTemporary Internet FilesContent.IE5X4ZJC8ESviewtopic[1].htm moved successfully.
File C:WINDOWStempPerflib_Perfdata_528.dat not found!P.S.: С Интернетом теперь вообще никаких проблем нет!!! Огромное СПАСИБО!!! 😀
Осталась одна: В Панеле управления никуда меня не пускают, кроме Администрирование и Шрифты. ((( Я даже не знаю, с этой проблемой к Вам или нет… Если раньше выскакивала табличка, что в setupapi.dll отсутствует s, то сейчас просто короткий гудок и все. ATI неожиданно вчера починился сам собой, но зато звук пропал…))) Проблемы с драйверами шины Microsoft UAA для High Definition Audio (информация о конфигурации повреждена). Все остальное работает хорошо. Я очень рада! Еще раз большое спасибо! 😀Доброго времени суток, уважаемый Админ!!!
Все сделала… Результат:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-05-10 20:55:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (61%) free of 50 GB
Total RAM: 2047 MB (83% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:04, on 10.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSexplorer.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program FilesAmlMapleAmlMaple.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32oembios.exe,
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [AmlMaple] C:Program FilesAmlMapleAmlMaple.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [NevoDRM] «C:Игры от NevoSoftNevoDRMNevoDRM.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [EA Core] «C:Program FilesElectronic ArtsEADMCore.exe» -silent
O4 — HKCU..Run: [Download Master] C:Program FilesDownload Masterdmaster.exe -autorun
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) — http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231929639_795f076bdd4ff27edc9b562d60a948bd&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Запуск серверных процессов DCOM DcomLaunchDcomLaunch (DcomLaunchDcomLaunch) — Unknown owner — C:WINDOWSsystem32actmoviem.exe (file missing)
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Microsoft security update service (msupdate) — Unknown owner — c:windowssystem32mssrv32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Планировщик заданий (Schedule) — Unknown owner — C:WINDOWSsystem32driversservices.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 8704 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-01-14 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2009-04-16 158208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-01-14 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-01-14 73728][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«AmlMaple»=C:Program FilesAmlMapleAmlMaple.exe [2008-04-25 91648]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-01-21 61440]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-10-16 16855552]
«SkyTel»=C:WINDOWSSkyTel.EXE [2007-10-11 1826816]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000]
«NevoDRM»=C:Игры от NevoSoftNevoDRMNevoDRM.exe [2008-12-11 41984][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-05-20 30208]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«EA Core»=C:Program FilesElectronic ArtsEADMCore.exe [2009-03-29 3325952]
«Download Master»=C:Program FilesDownload Masterdmaster.exe [2009-04-24 3777536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-06-03 139264][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesElectronic ArtsEADMCore.exe»=»C:Program FilesElectronic ArtsEADMCore.exe:*:Disabled:EA Download Manager»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Disabled:ICQ»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8544eed6-b987-11dd-88e5-00e04d8ce554}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shellExplorecommand — K:system.exe
shellOpencommand — K:system.exe======List of files/folders created in the last 1 months======
2009-05-08 21:35:31 —-A—- C:WINDOWSsystem32mssrv32.exe
2009-05-08 21:35:30 —-D—- C:WINDOWSmssrvc
2009-05-08 16:27:50 —-D—- C:WINDOWSSun
2009-05-08 15:06:05 —-HD—- C:WINDOWSsystem32GroupPolicy
2009-05-07 21:47:40 —-D—- C:rsit
2009-05-07 21:47:40 —-D—- C:Program Filestrend micro
2009-05-07 21:00:06 —-D—- C:WINDOWSsystem32DirectX
2009-05-07 19:42:13 —-D—- C:WINDOWSsystem32PreInstall
2009-05-07 19:42:12 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2009-05-07 19:35:21 —-A—- C:WINDOWSsystem32muweb.dll
2009-05-07 19:35:21 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-05-07 19:35:21 —-A—- C:WINDOWSsystem32mucltui.dll
2009-05-07 19:35:16 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-05-07 19:35:16 —-A—- C:WINDOWSsystem32wuweb.dll
2009-05-07 19:35:16 —-A—- C:WINDOWSsystem32wups2.dll
2009-05-07 19:35:16 —-A—- C:WINDOWSsystem32wups.dll
2009-05-07 19:35:16 —-A—- C:WINDOWSsystem32wucltui.dll
2009-05-07 19:35:16 —-A—- C:WINDOWSsystem32wuaueng.dll
2009-05-07 19:35:15 —-A—- C:WINDOWSsystem32wuauclt.exe
2009-05-07 19:35:15 —-A—- C:WINDOWSsystem32wuapi.dll
2009-05-07 19:35:15 —-A—- C:WINDOWSsystem32cdm.dll
2009-05-07 19:17:21 —-A—- C:WINDOWSsetuplog.txt
2009-05-07 16:35:31 —-HD—- C:WINDOWS$hf_mig$
2009-05-07 16:35:31 —-D—- C:WINDOWSie8updates
2009-05-07 16:34:32 —-N—- C:WINDOWSsystem32spmsg.dll
2009-05-07 16:34:29 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-05-07 16:33:27 —-HDC—- C:WINDOWSie8
2009-05-07 16:32:04 —-A—- C:WINDOWSsystem32MRT.exe
2009-05-07 16:26:30 —-A—- C:Program FilesIE8-WindowsXP-x86-RUS.exe
2009-05-07 14:33:15 —-A—- C:WINDOWSsystem32wincreate.exe
2009-05-07 13:40:55 —-A—- C:WINDOWSsystem32redirect_key.txt
2009-05-07 13:26:35 —-A—- C:WINDOWSntbtlog.txt
2009-05-07 10:40:54 —-A—- C:WINDOWSsystem32mess_add.txt
2009-05-05 10:03:35 —-D—- C:Downloads
2009-05-05 10:03:07 —-D—- C:Documents and SettingsAdminApplication DataDownload Master
2009-05-05 10:02:28 —-D—- C:Program FilesDownload Master
2009-05-05 10:00:50 —-A—- C:Program Filesdmaster.exe
2009-05-02 10:04:08 —-SHD—- C:WINDOWSsystem32sysproc64
2009-04-30 19:54:20 —-D—- C:Documents and SettingsAll UsersApplication DataAlawar Stargaze
2009-04-30 19:54:16 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-04-30 19:53:31 —-D—- C:Program FilesAlawar.ru
2009-04-30 19:53:08 —-A—- C:Program FilesAlawarRuMasyanasTabloidAdventuresRus_4.exe
2009-04-30 17:17:48 —-D—- C:Documents and SettingsAdminApplication DataMedia Player Classic
2009-04-30 10:04:14 —-D—- C:Program FilesFormatFactory
2009-04-30 10:04:06 —-D—- C:Documents and SettingsAdminApplication DataWinRAR
2009-04-27 13:30:28 —-D—- C:WINDOWSsystem32Lang
2009-04-27 13:30:14 —-D—- C:Documents and SettingsAdminApplication DataATI
2009-04-26 20:52:11 —-D—- C:WINDOWSsystem32NtmsData
2009-04-25 20:28:30 —-D—- C:Documents and SettingsAdminApplication DataPmcc
2009-04-25 20:28:23 —-D—- C:Program FilesPmcc
2009-04-25 19:41:32 —-A—- C:WINDOWSsystem32aswBoot.exe
2009-04-25 19:41:30 —-D—- C:Program FilesAlwil Software
2009-04-25 16:54:29 —-AH—- C:Program FilesCommon Filessvchost.exe
2009-04-24 18:10:50 —-D—- C:Documents and SettingsAdminApplication DataShape games
2009-04-24 18:05:33 —-A—- C:Program Filesparanormal_rus.exe
2009-04-22 20:57:18 —-D—- C:Program FilesESET
2009-04-21 15:05:21 —-A—- C:WINDOWSsystem32d3dx10_40.dll
2009-04-21 15:05:21 —-A—- C:WINDOWSsystem32D3DCompiler_40.dll
2009-04-21 15:05:20 —-A—- C:WINDOWSsystem32XAudio2_3.dll
2009-04-21 15:05:20 —-A—- C:WINDOWSsystem32XAPOFX1_2.dll
2009-04-21 15:05:20 —-A—- C:WINDOWSsystem32xactengine3_3.dll
2009-04-21 15:05:20 —-A—- C:WINDOWSsystem32X3DAudio1_5.dll
2009-04-21 15:05:20 —-A—- C:WINDOWSsystem32D3DX9_40.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32XAudio2_2.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32XAPOFX1_1.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32xactengine3_2.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32D3DX9_39.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32d3dx10_39.dll
2009-04-21 15:05:19 —-A—- C:WINDOWSsystem32D3DCompiler_39.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32XAudio2_1.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32XAPOFX1_0.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32xactengine3_1.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32X3DAudio1_4.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32d3dx10_38.dll
2009-04-21 15:05:18 —-A—- C:WINDOWSsystem32D3DCompiler_38.dll
2009-04-21 15:05:17 —-A—- C:WINDOWSsystem32D3DX9_38.dll
2009-04-21 15:04:40 —-D—- C:WINDOWSLogs
2009-04-20 22:00:36 —-D—- C:Documents and SettingsAll UsersApplication DataElectronic Arts
2009-04-20 00:26:17 —-D—- C:Program FilesElectronic Arts
2009-04-20 00:26:15 —-D—- C:ProgramData
2009-04-20 00:08:54 —-D—- C:Program FilesEA Sports
2009-04-18 13:19:41 —-D—- C:Program FilesNikita
2009-04-16 17:27:45 —-D—- C:Documents and SettingsAdminApplication DataGogii Games
2009-04-16 17:27:24 —-D—- C:Игры от NevoSoft
2009-04-16 17:26:01 —-A—- C:Program Filesbook_of_legends_rus.exe
2009-04-15 19:54:00 —-D—- C:Documents and SettingsAdminApplication Datarambler.ru
2009-04-15 19:53:59 —-D—- C:Program FilesRambler Assistant
2009-04-15 19:53:59 —-D—- C:Documents and SettingsAdminApplication DataMozilla
2009-04-15 19:53:27 —-D—- C:Documents and SettingsAdminApplication DataICQ
2009-04-15 19:53:09 —-D—- C:Program FilesICQ6.5
2009-04-15 19:51:51 —-A—- C:Program Filesinstall_rambler_icq65.exe
2009-04-13 20:23:51 —-D—- C:Program Files1C
2009-04-13 12:11:47 —-SHD—- C:WINDOWSsystem32twain_32======List of files/folders modified in the last 1 months======
2009-05-10 20:51:25 —-D—- C:WINDOWSTemp
2009-05-10 20:50:12 —-D—- C:WINDOWSsystem32CatRoot2
2009-05-10 19:55:01 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-05-10 19:54:56 —-D—- C:WINDOWSsystem32drivers
2009-05-10 15:44:46 —-A—- C:WINDOWSNeroDigital.ini
2009-05-10 15:20:41 —-D—- C:WINDOWSsystem32
2009-05-10 14:39:06 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-05-08 21:35:30 —-D—- C:WINDOWS
2009-05-08 20:35:35 —-D—- C:WINDOWSNetwork Diagnostic
2009-05-08 20:04:52 —-D—- C:WINDOWSsystem32config
2009-05-08 15:54:30 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-05-07 21:47:40 —-RD—- C:Program Files
2009-05-07 21:43:08 —-HD—- C:WINDOWSinf
2009-05-07 21:20:18 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-05-07 21:02:23 —-SHD—- C:WINDOWSInstaller
2009-05-07 20:09:50 —-D—- C:Program FilesUtkonos
2009-05-07 19:35:17 —-D—- C:WINDOWSHelp
2009-05-07 19:15:35 —-A—- C:WINDOWSsystem32setupapi.dll
2009-05-07 16:37:08 —-D—- C:WINDOWSsystem32ru-ru
2009-05-07 16:37:07 —-D—- C:WINDOWSMedia
2009-05-07 16:37:07 —-D—- C:Program FilesInternet Explorer
2009-05-07 16:35:33 —-A—- C:WINDOWSimsins.BAK
2009-05-07 16:32:05 —-D—- C:WINDOWSDebug
2009-05-05 10:03:35 —-D—- C:Program FilesOpera
2009-05-01 13:22:24 —-D—- C:WINDOWSsystem32Restore
2009-04-30 19:07:43 —-D—- C:WINDOWSsystem32wbem
2009-04-30 11:10:03 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-04-27 13:30:21 —-D—- C:WINDOWSSoftwareDistribution
2009-04-26 20:42:44 —-D—- C:Program FilesWinRAR
2009-04-26 20:41:21 —-D—- C:WINDOWSsystem32spool
2009-04-25 20:30:37 —-D—- C:WINDOWSWinSxS
2009-04-25 20:30:37 —-D—- C:WINDOWSsystem32oobe
2009-04-25 20:30:37 —-D—- C:WINDOWSsystem32mui
2009-04-25 20:30:37 —-D—- C:WINDOWSsystem32inetsrv
2009-04-25 20:30:36 —-D—- C:WINDOWSRegistration
2009-04-25 20:30:35 —-RSD—- C:WINDOWSassembly
2009-04-25 20:30:35 —-D—- C:WINDOWSpchealth
2009-04-25 20:30:35 —-D—- C:WINDOWSime
2009-04-25 20:30:30 —-D—- C:Program FilesWindows Media Player
2009-04-25 20:30:25 —-D—- C:Program FilesRealtek
2009-04-25 20:30:23 —-D—- C:Program FilesCommon Files
2009-04-25 20:30:21 —-D—- C:Documents and SettingsAdminApplication DataAdobe
2009-04-20 00:25:58 —-D—- C:Program FilesCommon FilesInstallShield
2009-04-15 19:54:01 —-HD—- C:Program FilesInstallShield Installation Information======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 BIOS;BIOS; ??C:WINDOWSsystem32driversBIOS.sys []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R2 Nups;Nups; ??C:WINDOWSSystem32DRIVERSnups.sys []
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-06-03 3100160]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-05-20 30336]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-05-20 59520]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-05-20 20608]
S3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:WINDOWSsystem32driversAtiHdmi.sys [2007-11-14 84992]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-10-16 4615168]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-01-03 105856]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-06-03 552960]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-01-14 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
S2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-06-02 593920]
S2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
S2 DcomLaunchDcomLaunch;Запуск серверных процессов DCOM DcomLaunchDcomLaunch; C:WINDOWSsystem32actmoviem.exe srv []
S2 msupdate;Microsoft security update service; c:windowssystem32mssrv32.exe [2009-05-08 29696]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:WINDOWSSystem32svchost.exe [2008-04-15 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
EOF
Проверила Касперский он-лайн. Нашел 7 вирусов, что смогла, удалила. Осталось только это:
8 Май 2009 г.
Операционная система: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Версия Kaspersky Online Scanner: 7.0.26.13
Последнее обновление баз: Friday, May 08, 2009 15:54:18
Количество записей в базах: 2145711Параметры проверки
проверять, используя следующие базы расширенные
Проверять архивы да
Проверять почтовые базы даОбласть проверки Папка
C:WINDOWSСтатистика проверки
Проверено объектов 14570
Обнаружено угроз 2
Обнаружено зараженных объектов 2
Обнаружено подозрительных объектов 0
Время проверки 00:05:03Имя файла Имя угрозы Количество угроз
C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE55W7CN3FC96[1].exe Зараженный: Trojan-Downloader.Win32.Small.jre 1C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5XGG8QFJPDDD[1].exe Зараженный: Backdoor.Win32.Kbot.ht 1
Выбранная область проверена.
Может поможет в решении проблемы…P.S. Удалось загрузиться в безопасном режиме. Включила антивирус. Он нашел Maiware руткит-ген от -6.05.2009 (свежачок…))), 4 штуки, потом сообщил, что вирус в операционке, удалил оттуда 2 руткита. Далее перезагрузил комп и о, чудо! Винд. заработал, правда с вывеской, что графический драйвер ATI не установлен или работает неправильно, с диска не обнавляется, пишет, что Ошибка в setupapi.dll, отсутствует: s. Кстати в безопасном режиме проверила ATI, работает нормально… С инетом проблемы все теже… описанные выше… Подскажите, что мне делать? ))) Спасибо. )))
И еще:
info.txt logfile of random’s system information tool 1.06 2009-05-07 21:47:57
======Uninstall list======
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 8 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A81200000003}
AmlMaple—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFAmlMaple.inf,Uninstall
ATI — Утилита деинсталляции—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI AVIVO Codecs—>MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe» -l0x0
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder—>MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard—>MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
Baku—>MsiExec.exe /I{8B50D8A6-A179-48D2-B5CC-FC6810F1057E}
Download Master version 5.5.11.1167—>»C:Program FilesDownload Masterunins000.exe»
EA Download Manager—>C:Program FilesElectronic ArtsEADMUninstall.exe
FIFA 09—>MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
FormatFactory 1.85—>C:Program FilesFormatFactoryuninst.exe
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 11—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Mega Codec Pack 3.9.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 6—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NevoSoft Book of Legends (remove only)—>»C:Игры от NevoSoftBook of Legendsuninstall.exe»
NevoSoft Paranormal (remove only)—>»C:Игры от NevoSoftParanormaluninstall.exe»
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
Opera 9.27—>MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
Paint.NET v3.31—>rundll32.exe advpack.dll,LaunchINFSection PaintDN.inf,Uninstall
Rambler-Ассистент—>»C:Program FilesRambler Assistantuninstall.exe»
‘Rappelz’—>»D:Rappelzunins000.exe»
‘Rappelz’—>»D:МОИ ДОКУМЕНТЫRappelzunins000.exe»
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}setup.exe -runfromtemp -l0x0019 -removeonly
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
Total Commander (Remove or Repair)—>c:totalcmdtcuninst.exe
Vista Drive Icon—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Масяня под желтым прессом—>C:Program FilesAlawar.ruМасяня под желтым прессомUninstall.exe
Обновление для Windows Internet Explorer 8 (KB968220)—>»C:WINDOWSie8updatesKB968220-IE8spuninstspuninst.exe»
Обновление для Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
Терминал резервирования товаров—>C:Program FilesUtkonosuninstall.exe======Hosts File======
213.182.197.229 mail.ru
213.182.197.229 http://www.mail.ru
213.182.197.229 http://www.yandex.ru
213.182.197.229 yandex.ru
213.182.197.229 http://www.vkontakte.ru
213.182.197.229 vkontakte.ru
213.182.197.229 http://www.odnoklassniki.ru
213.182.197.229 odnoklassniki.ru
213.182.197.229 google.ru
213.182.197.229 http://www.google.ru======System event log======
Computer Name: MICROSOF-47BC47
Event Code: 7009
Message: Таймаут (30000 мс) ожидания для подключения службы ESET Service.Record Number: 7427
Source Name: Service Control Manager
Time Written: 20090422210502.000000+240
Event Type: ошибка
User:Computer Name: MICROSOF-47BC47
Event Code: 7000
Message: Сбой при запуске службы «ESET Service» из-за ошибки
Служба не ответила на запрос своевременно.Record Number: 7426
Source Name: Service Control Manager
Time Written: 20090422210457.000000+240
Event Type: ошибка
User:Computer Name: MICROSOF-47BC47
Event Code: 7009
Message: Таймаут (30000 мс) ожидания для подключения службы ESET Service.Record Number: 7425
Source Name: Service Control Manager
Time Written: 20090422210457.000000+240
Event Type: ошибка
User:Computer Name: MICROSOF-47BC47
Event Code: 7000
Message: Сбой при запуске службы «ESET Service» из-за ошибки
Служба не ответила на запрос своевременно.Record Number: 7424
Source Name: Service Control Manager
Time Written: 20090422210451.000000+240
Event Type: ошибка
User:Computer Name: MICROSOF-47BC47
Event Code: 7009
Message: Таймаут (30000 мс) ожидания для подключения службы ESET Service.Record Number: 7423
Source Name: Service Control Manager
Time Written: 20090422210451.000000+240
Event Type: ошибка
User:=====Application event log=====
Computer Name: MICROSOF-47BC47
Event Code: 105
Message: The service was started.Record Number: 284
Source Name: ATI Smart
Time Written: 20090302152828.000000+180
Event Type: информация
User:Computer Name: MICROSOF-47BC47
Event Code: 105
Message: The service was started.Record Number: 283
Source Name: ATI Smart
Time Written: 20090302132623.000000+180
Event Type: информация
User:Computer Name: MICROSOF-47BC47
Event Code: 105
Message: The service was started.Record Number: 282
Source Name: ATI Smart
Time Written: 20090301161649.000000+180
Event Type: информация
User:Computer Name: MICROSOF-47BC47
Event Code: 105
Message: The service was started.Record Number: 281
Source Name: ATI Smart
Time Written: 20090228204558.000000+180
Event Type: информация
User:Computer Name: MICROSOF-47BC47
Event Code: 105
Message: The service was started.Record Number: 280
Source Name: ATI Smart
Time Written: 20090228152053.000000+180
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI.ACECore-Static
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
