Созданные ответы форума
-
Сообщения
-
@Valeri wrote:
Обновите Java, у вас устаревшая версия. Прочитайте эту инструкцию: Как обновить Java.
http://java.sun.com/javase/downloads/index.jsp
А вот из этого списка что именно нужно поставить?Вроде все хорошо, большое спасибо 🙂
Всякие backup-файлы, созданные этими программами, можно удалять?@Valeri wrote:
И ещё, у вас на компьютере присутствуют два блокнона: notepad.exe и notepad2.exe.
Причём по умолчанию используется второй.
Вы сами устанавливали какой-либо расширенный блокнот ?Нет, по-моему, не устанавливал.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!Error: file «C:WINDOWSsystem32bky.exe» not found!
Deletion of file «C:WINDOWSsystem32bky.exe» failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
—> the object does not existFile «C:WINDOWSsystem32ntos.exe» deleted successfully.
Registry value «HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun|bky» deleted successfully.Completed script processing.
*******************
Finished! Terminate.
++++++++++++++++++++++++++
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Administrator at 2008-12-29 20:07:29
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (37%) free of 31 GB
Total RAM: 2031 MB (75% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:32, on 29.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesEsetnod32kui.exe
C:WINDOWSLogi_MwX.Exe
C:WINDOWSvVX6000.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesICQPlusvplus.exe
C:Program FilesRay AdamsATI Tray Toolsatitray.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
C:Program FilesMicrosoft LifeCamMSCamSvc.exe
C:Program FilesEsetnod32krn.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32UAService7.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesFarFar.exe
E:RSIT.exe
E:Administrator.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.ag.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 220.225.196.123:80
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32ntos.exe,
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: (no name) — {7E853D72-626A-48EC-A868-BA8D5E23E045} — (no file)
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentmagent.exe -LM
O4 — HKLM..Run: [LifeCam] «C:Program FilesMicrosoft LifeCamLifeExp.exe»
O4 — HKLM..Run: [VX6000] C:WINDOWSvVX6000.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [ICQ Plus] «C:Program FilesICQPlusvplus.exe»
O4 — HKCU..Run: [AtiTrayTools] «C:Program FilesRay AdamsATI Tray Toolsatitray.exe»
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesBitTorrent_DNAdna.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [TaskSwitchXP] C:Program FilesTaskSwitchXPTaskSwitchXP.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [Free Download Manager] C:Program FilesFree Download Managerfdm.exe -autorun (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1Office10EXCEL.EXE/3000
O8 — Extra context menu item: Download all with Free Download Manager — file://C:Program FilesFree Download Managerdlall.htm
O8 — Extra context menu item: Download selected with Free Download Manager — file://C:Program FilesFree Download Managerdlselected.htm
O8 — Extra context menu item: Download with Free Download Manager — file://C:Program FilesFree Download Managerdllink.htm
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Найти в базе игр &AG.ru — http://www.ag.ru/outer.htm
O8 — Extra context menu item: Найти на &AG.ru — http://www.ag.ru/searcher_new.htm
O9 — Extra button: ICQ Pro — {6224f700-cba3-4071-b251-47cb894244cd} — C:Program FilesICQICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ — {6224f700-cba3-4071-b251-47cb894244cd} — C:Program FilesICQICQ.exe
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) — http://dl.tvunetworks.com/TVUAx.cab
O16 — DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) — https://w3s.webmoney.ru/WMAcceptor.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207943162906
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207943120296
O17 — HKLMSystemCCSServicesTcpip..{9895A07E-EF6F-4A7F-82C9-28C1D54EA051}: NameServer = 213.234.192.7 85.21.192.5
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — C:WINDOWSSystem32appdrvrem01.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: iPodService — Apple Computer, Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: Kerio Personal Firewall 4 (KPF4) — Kerio Technologies — C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: Helldorado Drivers Auto Removal (pr2ajy2b) (pr2ajy2b) — Playten Interactive — C:WINDOWSsystem32pr2ajy2b.exe
O23 — Service: SecuROM User Access Service (V7) (UserAccess7) — Sony DADC Austria AG. — C:WINDOWSsystem32UAService7.exe—
End of file — 9001 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2007-06-25 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-09-11 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2007-06-25 2427968][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-05-01 843776]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2006-04-10 729088]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2007-09-15 949376]
«Logitech Utility»=C:WINDOWSLogi_MwX.Exe [2003-12-17 19968]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2007-05-09 155648]
«MAgent»=C:Program FilesMail.RuAgentmagent.exe [2008-03-10 4523776]
«LifeCam»=C:Program FilesMicrosoft LifeCamLifeExp.exe [2006-06-30 269104]
«VX6000″=C:WINDOWSvVX6000.exe [2006-06-30 994096][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«ICQ Plus»=C:Program FilesICQPlusvplus.exe [2002-12-04 11776]
«AtiTrayTools»=C:Program FilesRay AdamsATI Tray Toolsatitray.exe [2007-05-22 521128]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-08-02 68856]
«BitTorrent DNA»=C:Program FilesBitTorrent_DNAdna.exe []
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2005-12-20 278528][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
C:Program FilesMail.RuAgentMAgent.exe [2008-03-10 4523776][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeqttask.exe [2007-05-09 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:PROGRA~1MICROS~1Office10OSA.EXE [2001-02-13 83360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-10-29 143360][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableCAD»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«DisableCAD»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoInstrumentation»=1
«NoSMHelp»=1
«DisableCAD»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«ForceClassicControlPanel»=
«MemCheckBoxInRunDlg»=
«DisableCAD»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«E:LASRLASR.exe»=»E:LASRLASR.exe:*:Enabled:LASR»
«C:PROGRA~1bobaboba2PODCAS~1.EXE»=»C:PROGRA~1bobaboba2PODCAS~1.EXE:*:Enabled:Share Streaming»
«C:Program Filesbobaboba2PodcastBar.exe»=»C:Program Filesbobaboba2PodcastBar.exe:*:Enabled:Share Streaming»
«C:Program FilesPPMateppmate.exe»=»C:Program FilesPPMateppmate.exe:*:Enabled:PPMate»
«C:Program FilesPPMateppmnet.exe»=»C:Program FilesPPMateppmnet.exe:*:Enabled:PPMate»
«C:Program FilesKerioPersonal Firewall 4kpf4gui.exe»=»C:Program FilesKerioPersonal Firewall 4kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 — GUI»
«C:Program FilesBitTorrent_DNAdna.exe»=»C:Program FilesBitTorrent_DNAdna.exe:*:Enabled:BitTorrent DNA»
«C:Program FilesBitTorrentbittorrent.exe»=»C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesMicrosoft LifeCamLifeCam.exe»=»C:Program FilesMicrosoft LifeCamLifeCam.exe:*:Enabled:LifeCam.exe»
«C:Program FilesMicrosoft LifeCamLifeExp.exe»=»C:Program FilesMicrosoft LifeCamLifeExp.exe:*:Enabled:LifeExp.exe»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveMessengerlivecall.exe»=»C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)»
«C:Documents and SettingsAdministratorfvxb.exe»=»C:Documents and SettingsAdministratorfvxb.exe:*:Enabled:ENABLE»
«C:WINDOWSsystem32bky.exe»=»C:WINDOWSsystem32bky.exe:*:Enabled:ENABLE»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveMessengerlivecall.exe»=»C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)»======File associations======
.bat — edit — C:WINDOWSsystem32NOTEPAD2.EXE %1
.cmd — edit — C:WINDOWSsystem32NOTEPAD2.EXE %1
.inf — open — C:WINDOWSsystem32NOTEPAD2.EXE %1
.ini — open — C:WINDOWSsystem32NOTEPAD2.EXE %1
.js — edit — C:WINDOWSsystem32Notepad2.exe %1
.reg — edit — C:WINDOWSsystem32NOTEPAD2.EXE %1
.txt — open — C:WINDOWSsystem32NOTEPAD2.EXE %1
.vbs — edit — C:WINDOWSsystem32Notepad2.exe %1======List of files/folders created in the last 1 months======
2008-12-29 20:07:29 —-D—- C:rsit
2008-12-29 20:00:56 —-D—- C:Avenger
2008-12-29 20:00:56 —-A—- C:avenger.txt
2008-12-28 19:56:30 —-D—- C:Program Filestrend micro
2008-12-05 02:57:51 —-D—- C:Documents and SettingsAll UsersApplication DataMumboJumbo
2008-12-04 03:11:16 —-A—- C:WINDOWSsystem32d3dx10_40.dll
2008-12-04 03:11:16 —-A—- C:WINDOWSsystem32D3DCompiler_40.dll
2008-12-04 03:11:15 —-A—- C:WINDOWSsystem32D3DX9_40.dll
2008-12-04 03:11:13 —-A—- C:WINDOWSsystem32XAudio2_3.dll
2008-12-04 03:11:13 —-A—- C:WINDOWSsystem32XAPOFX1_2.dll
2008-12-04 03:11:11 —-A—- C:WINDOWSsystem32xactengine3_3.dll
2008-12-04 03:11:10 —-A—- C:WINDOWSsystem32X3DAudio1_5.dll
2008-12-04 03:09:25 —-D—- C:DirectX
2008-12-04 00:16:39 —-HD—- C:WINDOWSsystem32GroupPolicy
2008-12-03 21:54:01 —-D—- C:Documents and SettingsAdministratorApplication DataskypePM
2008-12-03 21:53:02 —-D—- C:Documents and SettingsAdministratorApplication DataSkype
2008-12-03 21:52:47 —-D—- C:Program FilesSkype
2008-12-03 21:52:47 —-D—- C:Program FilesCommon FilesSkype
2008-12-03 21:52:44 —-D—- C:Documents and SettingsAll UsersApplication DataSkype======List of files/folders modified in the last 1 months======
2008-12-29 20:02:23 —-D—- C:WINDOWSTemp
2008-12-29 20:00:56 —-D—- C:WINDOWSsystem32drivers
2008-12-29 20:00:56 —-D—- C:WINDOWSsystem32
2008-12-29 20:00:56 —-D—- C:WINDOWS
2008-12-29 20:00:18 —-A—- C:WINDOWSSchedLgU.Txt
2008-12-29 19:59:35 —-D—- C:WINDOWSPrefetch
2008-12-29 09:23:33 —-D—- C:Program FilesMozilla Firefox
2008-12-29 02:42:30 —-D—- C:Program FilesICQ
2008-12-29 02:40:12 —-D—- C:Program FilesLight Alloy
2008-12-29 01:34:19 —-D—- C:Program FilesSteam
2008-12-28 21:16:54 —-D—- C:downloads
2008-12-28 19:56:30 —-RD—- C:Program Files
2008-12-28 18:05:22 —-D—- C:Documents and SettingsAdministratorApplication DataGoTView
2008-12-28 17:18:12 —-D—- C:Program FilesGoTView
2008-12-28 01:24:46 —-D—- C:WINDOWSsystem32CatRoot2
2008-12-28 01:21:19 —-A—- C:WINDOWSNeroDigital.ini
2008-12-27 17:28:15 —-A—- C:WINDOWSModemLog_Standard 33600 bps Modem.txt
2008-12-22 21:13:49 —-A—- C:WINDOWSwinamp.ini
2008-12-21 14:39:35 —-SHD—- C:WINDOWSsystem32wsnpoem
2008-12-15 19:57:58 —-SHD—- C:WINDOWSCSC
2008-12-14 19:12:14 —-D—- C:Program FilesTVUPlayer
2008-12-06 23:51:32 —-D—- C:WINDOWSsystem32DirectX
2008-12-06 23:51:31 —-HD—- C:WINDOWSinf
2008-12-06 23:51:20 —-RSD—- C:WINDOWSassembly
2008-12-04 00:22:29 —-D—- C:WINDOWSsecurity
2008-12-03 21:52:52 —-SHD—- C:WINDOWSInstaller
2008-12-03 21:52:47 —-D—- C:Program FilesCommon Files
2008-12-01 20:01:11 —-D—- C:Program FilesFar======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 appdrv01;Application Driver (01); C:WINDOWSSystem32Driversappdrv01.sys [2008-04-26 2004072]
R1 atitray;atitray; ??C:Program FilesRay AdamsATI Tray Toolsatitray.sys []
R1 fwdrv;Firewall Driver; C:WINDOWSsystem32driversfwdrv.sys [2004-11-02 262144]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2005-10-15 36096]
R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2007-09-15 15424]
R1 vmm;Virtual Machine Monitor; ??C:WINDOWSsystem32Driversvmm.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2007-09-15 512096]
R2 atksgt;atksgt; C:WINDOWSsystem32DRIVERSatksgt.sys [2008-10-08 279712]
R2 lirsgt;lirsgt; C:WINDOWSsystem32DRIVERSlirsgt.sys [2008-10-08 25888]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2006-05-02 229376]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-04-27 93824]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
R3 BridgeMP;MAC Bridge Miniport; C:WINDOWSsystem32DRIVERSbridge.sys [2004-08-03 71552]
R3 GEARAspiWDM;GEAR CDRom Filter; C:WINDOWSSYSTEM32DRIVERSGEARAspiWDM.sys [2005-03-07 14408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-10-13 138752]
R3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-23 9600]
R3 iComp;GOTVIEW DVD2 FM USB Encoder; C:WINDOWSsystem32DRIVERSp2usbwdm.sys [2007-05-23 1565120]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 Pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2003-09-19 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-06-28 81920]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2005-10-15 31744]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2005-08-01 27008]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-09-16 57856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:WINDOWSsystem32DRIVERSVMNetSrv.sys [2007-01-29 59280]
R3 VX6000;Microsoft LifeCam VX-6000; C:WINDOWSsystem32DRIVERSVX6000Xp.sys [2006-06-30 2383152]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780}; ??C:WINDOWSTEMP1559.tmp []
S3 a5dzj02i;a5dzj02i; C:WINDOWSsystem32driversa5dzj02i.sys []
S3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2005-11-28 60800]
S3 Bridge;MAC Bridge; C:WINDOWSsystem32DRIVERSbridge.sys [2004-08-03 71552]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 ctljystk;Creative SBLive! Gameport; C:WINDOWSsystem32DRIVERSctljystk.sys [2001-08-17 3712]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys []
S3 emu10k;Creative SB Live! (WDM); C:WINDOWSsystem32driversemu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:WINDOWSsystem32driversctlfacem.sys [2001-08-17 6912]
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:WINDOWSsystem32DRIVERSL8042pr2.Sys [2003-12-17 51729]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLHidFlt2.Sys [2003-12-17 25505]
S3 LHidUsb;Logitech USB Receiver device driver; C:WINDOWSSystem32DriversLHidUsb.Sys [2003-12-17 37887]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:WINDOWSsystem32DRIVERSLMouFlt2.Sys [2003-12-17 70801]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2005-11-28 61824]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:WINDOWSsystem32driverssfmanm.sys [2001-08-17 36480]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 sony_ssm.sys;sony_ssm.sys; ??C:DOCUME~1ADMINI~1LOCALS~1Tempsony_ssm.sys []
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-12-28 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 zdcdcdrv;ZyXEL USB modem Driver; C:WINDOWSsystem32DRIVERSzdcdcdrv.sys [2004-08-14 17664]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2006-03-30 96341]
R2 KPF4;Kerio Personal Firewall 4; C:Program FilesKerioPersonal Firewall 4kpf4ss.exe [2004-10-27 1912832]
R2 MSCamSvc;MSCamSvc; C:Program FilesMicrosoft LifeCamMSCamSvc.exe [2006-06-30 187184]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2007-09-15 552064]
R2 UserAccess7;SecuROM User Access Service (V7); C:WINDOWSsystem32UAService7.exe [2007-07-24 217088]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WINDOWSSystem32appdrvrem01.exe [2008-04-26 304528]
S2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
S2 pr2ajy2b;Helldorado Drivers Auto Removal (pr2ajy2b); C:WINDOWSsystem32pr2ajy2b.exe [2007-08-07 411000]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-06-25 138168]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:Program FilesiPodbiniPodService.exe [2005-12-20 323584]
S3 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-11-24 38912]
S3 usnjsvc;Служба Messenger Sharing Folders USN Journal Reader; C:Program FilesWindows LiveMessengerusnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:Program FilesWindows LiveinstallerWLSetupSvc.exe [2007-10-25 266240]
EOF
info.txt logfile of random’s system information tool 1.05 2008-12-29 20:07:33
======Uninstall list======
—>MsiExec /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 6.0.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Reader 7.0.5—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AGEIA GAME System Software—>MsiExec.exe /I{DEDF2885-0086-4534-9912-F9B97377ED07}
AsusUpdate—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{587178E7-B1DF-494E-9838-FA4DD36E873C}setup.exe» -l0x9
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audiosurf—>»C:Program FilesSteamsteam.exe» steam://uninstall/12900
Blazing Angels Squadrons of WWII—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2CBE667E-1193-47DC-852E-2CB4747C12E3}Setup.exe» -l0x19 -removeonly
Bookworm Adventures Deluxe 1.0—>C:Program FilesPopCap GamesBookworm Adventures DeluxePopUninstall.exe «C:Program FilesPopCap GamesBookworm Adventures DeluxeInstall.log»
Canon Camera Access Library—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCALUninst.ini»
Canon Camera Support Core Library—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCSCLIBUninst.ini»
Canon Camera Window DC_DV 5 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDVCUninst.ini»
Canon Camera Window DC_DV 6 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDVC6Uninst.ini»
Canon Camera Window MC 6 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowMCUninst.ini»
Canon G.726 WMP-Decoder—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonG726DecoderG726DecUnInstall.ini»
Canon MovieEdit Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramMVWUninst.ini»
Canon RAW Image Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonRAW Image TaskUninst.ini»
Canon RemoteCapture Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowRemoteCaptureTask DCUninst.ini»
Canon Utilities EOS Utility—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonEOS UtilityUninst.ini»
Canon Utilities PhotoStitch—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonPhotoStitchUninst.ini»
Canon Utilities ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramUninst.ini»
Download Master version 5.5.1.1107—>»C:Program FilesDownload Masterunins000.exe»
EPSON Attach To Email—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3D78F2A2-C893-4ABD-B5FE-AD7011837755}SETUP.EXE» -l0x19 UNINST
EPSON File Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2EB81825-E9EE-44F4-8F51-1240C3898DC6}Setup.exe» -l0x19 UNINST
EPSON Printer Software—>C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
EPSON Scan Assistant—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}Setup.exe» -l0x19 -u
FAR file manager—>C:Program FilesFarUninstall.exe
FLV Player 1.3.3—>»C:Program FilesFLVPlayeruninstall.exe»
Football Manager 2007—>E:Football Manager 2007uninstallUninstall FM 2007.exe
Fraps (remove only)—>»C:Frapsuninstall.exe»
Free Download Manager 2.1—>»C:Program FilesFree Download Managerunins000.exe»
Google Toolbar for Internet Explorer—>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer—>regsvr32 /u /s «c:program filesgooglegoogletoolbar1.dll»
Google Video Player—>»C:Program FilesGoogleGoogle Video PlayerUninstall.exe»
GoTView (удалить)—>»C:Program FilesGoTViewuninstall.exe»
HellSpeed—>C:Program FilesInstallShield Installation Information{0218C3B3-84FA-4217-A6AF-F86BBFFBD08B}setup.exe -runfromtemp -l0x0019 -removeonly
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
HyperSnap-DX—>C:WINDOWSUnHSDX.bat
ICQ Plus—>C:PROGRA~1ICQPlusUNWISE.EXE C:PROGRA~1ICQPlusINSTALL.LOG
ICQ—>C:PROGRA~1ICQICQUninstall.EXE
Indeo® software—>C:WINDOWSIsUninst.exe -f»C:Program FilesIntelIndeoUninst.isu»
InterVideo WinDVD Creator 2—>»C:Program FilesInstallShield Installation Information{2FCE4FC5-6930-40E7-A4F1-F862207424EF}setup.exe» REMOVEALL
iPod for Windows 2005-03-23—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2006-01-10—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
J2SE Runtime Environment 5.0 Update 5—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Kerio Personal Firewall—>MsiExec.exe /X{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
King’s Bounty: Легенда о Рыцаре—>»E:King’s Bounty. Легенда о Рыцареunins000.exe»
K-Lite Codec Pack 2.85 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
Left 4 Dead—>»C:Program FilesSteamsteam.exe» steam://uninstall/500
Light Alloy 2.4—>C:WINDOWSmuninst.exe «Light Alloy 2.4»
Logitech MouseWare 9.79.1 —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5809E7CF-4DCF-11D4-9875-00105ACE7734}Setup.exe» -l0x9 -l0009 UNINSTALL
Mail.Ru Агент 4.9 (сборка 1863, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft LifeCam—>MsiExec.exe /X{4DEE75B1-B201-4DA3-A50F-007CDB00DA23}
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Virtual PC 2007—>MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mount&Blade—>E:Mount&Bladeuninstall.exe
Mozilla Firefox (2.0.0.20)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
Mozilla Thunderbird (1.5)—>C:WINDOWSUninstallThunderbird.exe /ua «1.5 (en-US)»
MSXML 6.0 Parser (KB927977)—>MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NOD32 antivirus system—>C:Program FilesEsetSetupsetup.exe /UNINSTALL
NOD32 FiX v1.9—>»C:Program FilesEsetunins000.exe»
NVIDIA PhysX v8.04.25—>MsiExec.exe /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
PictureMate PM260_290 Руководство—>C:Program FilesEPSONTPMANUALPM260_290RUSUSE_GDOCUNINS.EXE
pMetro 1.26—>»C:Program FilespMetrounins000.exe»
QuickTime—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Ray Adams ATI Tray Tools—>»C:Program FilesRay AdamsATI Tray Toolsuninstall.exe»
Real Alternative 1.45—>»C:Program FilesReal Alternativeunins000.exe»
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}Setup.exe» -l0x19 -removeonly
RegShot 1.7—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFUberPack.inf,reguninstall
Sidi 1.0—>»C:Program FilesSidiunins000.exe»
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SopCast 1.1.2—>C:Program FilesSopCastuninst.exe
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}Setup.exe» -l0x19 -removeonly
Steam—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stellarium 0.9.1—>»C:Program FilesStellariumunins000.exe»
Test Drive Unlimited—>MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
The Bat!—>C:WINDOWStbat_del.exe
Trials 2 Second Edition—>E:Trials 2 Second EditionUninstall.exe
TVUPlayer 2.3.3.2—>C:Program FilesTVUPlayeruninst.exe
VideoLAN VLC media player 0.8.6c—>C:Program FilesVideoLANVLCuninstall.exe
WebMoney Keeper Classic 3.6.0.2—>»C:Program FilesWebMoneyUninstall.exe» «C:Program FilesWebMoneyinstall.log» -u
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Live installer—>MsiExec.exe /X{61C981F9-FF8A-46EC-B6FE-FF8B293F36D3}
Windows Live Messenger—>MsiExec.exe /X{087B2CCA-0F1C-4434-B7C6-6B5E0EFD31BC}
WinRAR archiver—>C:Program FilesWinRARuninstall.exe
Xvid 1.1.2 final uninstall—>»C:Program FilesXvidunins000.exe»
yuPlay client 0.3.9—>»C:Program FilesyuPlayunins000.exe»
Десперадо 3: Схватка в прериях—>»E:Десперадо 3unins000.exe»=====HijackThis Backups=====
F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:Documents and SettingsAdministratorfvxb.exe s,C:WINDOWSsystem32ntos.exe,
R3 — Default URLSearchHook is missing
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32ntos.exe,======Hosts File======
127.0.0.1 cureit.ru
127.0.0.1 drweb.com
127.0.0.1 drweb.com.ua
127.0.0.1 dr-web.ru
127.0.0.1 freedrweb.com
127.0.0.1 new-download.drweb.com
127.0.0.1 support.drweb.com
127.0.0.1 forum.drweb.com
127.0.0.1 download.drweb.com
127.0.0.1 eset.comSecuritycenter WMI appears to be broken
System event log
Computer Name: AG-REDGUARD
Event Code: 7036
Message: The HTTP SSL service entered the running state.Record Number: 30005
Source Name: Service Control Manager
Time Written: 20081126075333.000000+180
Event Type: information
User:Computer Name: AG-REDGUARD
Event Code: 7035
Message: The HTTP SSL service was successfully sent a start control.Record Number: 30004
Source Name: Service Control Manager
Time Written: 20081126075333.000000+180
Event Type: information
User: NT AUTHORITYLOCAL SERVICEComputer Name: AG-REDGUARD
Event Code: 7036
Message: The Universal Plug and Play Device Host service entered the running state.Record Number: 30003
Source Name: Service Control Manager
Time Written: 20081126075333.000000+180
Event Type: information
User:Computer Name: AG-REDGUARD
Event Code: 7036
Message: The Remote Access Auto Connection Manager service entered the running state.Record Number: 30002
Source Name: Service Control Manager
Time Written: 20081126075333.000000+180
Event Type: information
User:Computer Name: AG-REDGUARD
Event Code: 7035
Message: The Universal Plug and Play Device Host service was successfully sent a start control.Record Number: 30001
Source Name: Service Control Manager
Time Written: 20081126075333.000000+180
Event Type: information
User: NT AUTHORITYSYSTEMApplication event log
Computer Name: AG-REDGUARD
Event Code: 105
Message: The service was started.Record Number: 386
Source Name: ATI Smart
Time Written: 20070427203729.000000+240
Event Type: information
User:Computer Name: AG-REDGUARD
Event Code: 1000
Message: Faulting application mom.exe, version 2.0.0.0, stamp 451d2648, faulting module imon.dll, version 2.51.8.0, stamp 42d24c73, debug? 0, fault address 0x0000d039.Record Number: 385
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20070426204909.000000+240
Event Type: error
User:Computer Name: AG-REDGUARD
Event Code: 1000
Message: Faulting application ccc.exe, version 2.0.0.0, stamp 451d264f, faulting module imon.dll, version 2.51.8.0, stamp 42d24c73, debug? 0, fault address 0x0000d039.Record Number: 384
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20070426204909.000000+240
Event Type: error
User:Computer Name: AG-REDGUARD
Event Code: 105
Message: The service was started.Record Number: 383
Source Name: ATI Smart
Time Written: 20070426204816.000000+240
Event Type: information
User:Computer Name: AG-REDGUARD
Event Code: 1000
Message: Faulting application ccc.exe, version 2.0.0.0, stamp 451d264f, faulting module imon.dll, version 2.51.8.0, stamp 42d24c73, debug? 0, fault address 0x0000d039.Record Number: 382
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20070425194604.000000+240
Event Type: error
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI.ACECore-Static;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 2, GenuineIntel
«PROCESSOR_REVISION»=0f02
«NUMBER_OF_PROCESSORS»=2
«DEVMGR_SHOW_DETAILS»=1
«DEVMGR_SHOW_NONPRESENT_DEVICES»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=C:Program FilesJavajre1.5.0_05libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.5.0_05libextQTJava.zip
EOF
@Valeri wrote:
То что видимого вреда нет, это ни о чём не говорит. Возможно ваш компьютер использовался как спам машина или для заражения других компьютеров.
А файрвол в таком случае не сработал бы?
Жду от вас OTMoveIt3 лог, свежий RSIT лог и содержимое файлов File.txt и File1.txt.
Вот:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C248BEB0-911F-4464-8F2B-5990F082A7D5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\bky» not found.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\advap32 deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\5T19I3B27A deleted successfully.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders\»SecurityProviders»|»msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll» /E : value set successfully!
========== FILES ==========
File/Folder C:Documents and SettingsAdministratorfvxb.exe not found.
File/Folder C:WINDOWSsystem32ntos.exe not found.
File/Folder C:WINDOWSsystem32atmf.dll not found.
File/Folder C:WINDOWSsystem32bky.exe not found.
File/Folder C:DOCUME~1ADMINI~1LOCALS~1Temploader.exe not found.
File/Folder C:WINDOWScsrs.exe not found.
File/Folder c:windowssystem32msansspc.dll not found.
C:Documents and SettingsAll UsersStart MenuProgramsStartupMS-0812-upd271848.exe moved successfully.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.7.2 log created on 12282008_211916
Files moved on Reboot…
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat moved successfully.+++++++++++++++++
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Administrator at 2008-12-28 21:29:34
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (38%) free of 31 GB
Total RAM: 2031 MB (76% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:38, on 28.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSnotepad.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesEsetnod32kui.exe
C:WINDOWSLogi_MwX.Exe
C:WINDOWSvVX6000.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesICQPlusvplus.exe
C:Program FilesRay AdamsATI Tray Toolsatitray.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
C:Program FilesMicrosoft LifeCamMSCamSvc.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32UAService7.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32wuauclt.exe
C:Program FilesFarFar.exe
E:RSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
E:Administrator.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.ag.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 220.225.196.123:80
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32ntos.exe,
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: (no name) — {7E853D72-626A-48EC-A868-BA8D5E23E045} — (no file)
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentmagent.exe -LM
O4 — HKLM..Run: [LifeCam] «C:Program FilesMicrosoft LifeCamLifeExp.exe»
O4 — HKLM..Run: [VX6000] C:WINDOWSvVX6000.exe
O4 — HKLM..Run: [bky] C:WINDOWSsystem32bky.exe u
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [ICQ Plus] «C:Program FilesICQPlusvplus.exe»
O4 — HKCU..Run: [AtiTrayTools] «C:Program FilesRay AdamsATI Tray Toolsatitray.exe»
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesBitTorrent_DNAdna.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [TaskSwitchXP] C:Program FilesTaskSwitchXPTaskSwitchXP.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [Free Download Manager] C:Program FilesFree Download Managerfdm.exe -autorun (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1Office10EXCEL.EXE/3000
O8 — Extra context menu item: Download all with Free Download Manager — file://C:Program FilesFree Download Managerdlall.htm
O8 — Extra context menu item: Download selected with Free Download Manager — file://C:Program FilesFree Download Managerdlselected.htm
O8 — Extra context menu item: Download with Free Download Manager — file://C:Program FilesFree Download Managerdllink.htm
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Найти в базе игр &AG.ru — http://www.ag.ru/outer.htm
O8 — Extra context menu item: Найти на &AG.ru — http://www.ag.ru/searcher_new.htm
O9 — Extra button: ICQ Pro — {6224f700-cba3-4071-b251-47cb894244cd} — C:Program FilesICQICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ — {6224f700-cba3-4071-b251-47cb894244cd} — C:Program FilesICQICQ.exe
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) — http://dl.tvunetworks.com/TVUAx.cab
O16 — DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) — https://w3s.webmoney.ru/WMAcceptor.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207943162906
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207943120296
O17 — HKLMSystemCCSServicesTcpip..{9895A07E-EF6F-4A7F-82C9-28C1D54EA051}: NameServer = 213.234.192.7 85.21.192.5
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — C:WINDOWSSystem32appdrvrem01.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: iPodService — Apple Computer, Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: Kerio Personal Firewall 4 (KPF4) — Kerio Technologies — C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: Helldorado Drivers Auto Removal (pr2ajy2b) (pr2ajy2b) — Playten Interactive — C:WINDOWSsystem32pr2ajy2b.exe
O23 — Service: SecuROM User Access Service (V7) (UserAccess7) — Sony DADC Austria AG. — C:WINDOWSsystem32UAService7.exe—
End of file — 9279 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2007-06-25 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-09-11 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2007-06-25 2427968][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-05-01 843776]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2006-04-10 729088]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2007-09-15 949376]
«Logitech Utility»=C:WINDOWSLogi_MwX.Exe [2003-12-17 19968]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2007-05-09 155648]
«MAgent»=C:Program FilesMail.RuAgentmagent.exe [2008-03-10 4523776]
«LifeCam»=C:Program FilesMicrosoft LifeCamLifeExp.exe [2006-06-30 269104]
«VX6000″=C:WINDOWSvVX6000.exe [2006-06-30 994096]
«bky»=C:WINDOWSsystem32bky.exe u [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«ICQ Plus»=C:Program FilesICQPlusvplus.exe [2002-12-04 11776]
«AtiTrayTools»=C:Program FilesRay AdamsATI Tray Toolsatitray.exe [2007-05-22 521128]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-08-02 68856]
«BitTorrent DNA»=C:Program FilesBitTorrent_DNAdna.exe []
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2005-12-20 278528][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
C:Program FilesMail.RuAgentMAgent.exe [2008-03-10 4523776][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeqttask.exe [2007-05-09 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:PROGRA~1MICROS~1Office10OSA.EXE [2001-02-13 83360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-10-29 143360][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableCAD»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«DisableCAD»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoInstrumentation»=1
«NoSMHelp»=1
«DisableCAD»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«ForceClassicControlPanel»=
«MemCheckBoxInRunDlg»=
«DisableCAD»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«E:LASRLASR.exe»=»E:LASRLASR.exe:*:Enabled:LASR»
«C:PROGRA~1bobaboba2PODCAS~1.EXE»=»C:PROGRA~1bobaboba2PODCAS~1.EXE:*:Enabled:Share Streaming»
«C:Program Filesbobaboba2PodcastBar.exe»=»C:Program Filesbobaboba2PodcastBar.exe:*:Enabled:Share Streaming»
«C:Program FilesPPMateppmate.exe»=»C:Program FilesPPMateppmate.exe:*:Enabled:PPMate»
«C:Program FilesPPMateppmnet.exe»=»C:Program FilesPPMateppmnet.exe:*:Enabled:PPMate»
«C:Program FilesKerioPersonal Firewall 4kpf4gui.exe»=»C:Program FilesKerioPersonal Firewall 4kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 — GUI»
«C:Program FilesBitTorrent_DNAdna.exe»=»C:Program FilesBitTorrent_DNAdna.exe:*:Enabled:BitTorrent DNA»
«C:Program FilesBitTorrentbittorrent.exe»=»C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesMicrosoft LifeCamLifeCam.exe»=»C:Program FilesMicrosoft LifeCamLifeCam.exe:*:Enabled:LifeCam.exe»
«C:Program FilesMicrosoft LifeCamLifeExp.exe»=»C:Program FilesMicrosoft LifeCamLifeExp.exe:*:Enabled:LifeExp.exe»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveMessengerlivecall.exe»=»C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)»
«C:Documents and SettingsAdministratorfvxb.exe»=»C:Documents and SettingsAdministratorfvxb.exe:*:Enabled:ENABLE»
«C:WINDOWSsystem32bky.exe»=»C:WINDOWSsystem32bky.exe:*:Enabled:ENABLE»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveMessengerlivecall.exe»=»C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)»======File associations======
.bat — edit — C:WINDOWSsystem32NOTEPAD2.EXE %1
.cmd — edit — C:WINDOWSsystem32NOTEPAD2.EXE %1
.inf — open — C:WINDOWSsystem32NOTEPAD2.EXE %1
.ini — open — C:WINDOWSsystem32NOTEPAD2.EXE %1
.js — edit — C:WINDOWSsystem32Notepad2.exe %1
.reg — edit — C:WINDOWSsystem32NOTEPAD2.EXE %1
.txt — open — C:WINDOWSsystem32NOTEPAD2.EXE %1
.vbs — edit — C:WINDOWSsystem32Notepad2.exe %1======List of files/folders created in the last 1 months======
2008-12-28 21:29:34 —-D—- C:rsit
2008-12-28 19:56:30 —-D—- C:Program Filestrend micro
2008-12-05 02:57:51 —-D—- C:Documents and SettingsAll UsersApplication DataMumboJumbo
2008-12-04 03:11:16 —-A—- C:WINDOWSsystem32d3dx10_40.dll
2008-12-04 03:11:16 —-A—- C:WINDOWSsystem32D3DCompiler_40.dll
2008-12-04 03:11:15 —-A—- C:WINDOWSsystem32D3DX9_40.dll
2008-12-04 03:11:13 —-A—- C:WINDOWSsystem32XAudio2_3.dll
2008-12-04 03:11:13 —-A—- C:WINDOWSsystem32XAPOFX1_2.dll
2008-12-04 03:11:11 —-A—- C:WINDOWSsystem32xactengine3_3.dll
2008-12-04 03:11:10 —-A—- C:WINDOWSsystem32X3DAudio1_5.dll
2008-12-04 03:09:25 —-D—- C:DirectX
2008-12-04 00:16:39 —-HD—- C:WINDOWSsystem32GroupPolicy
2008-12-03 21:54:01 —-D—- C:Documents and SettingsAdministratorApplication DataskypePM
2008-12-03 21:53:02 —-D—- C:Documents and SettingsAdministratorApplication DataSkype
2008-12-03 21:52:47 —-D—- C:Program FilesSkype
2008-12-03 21:52:47 —-D—- C:Program FilesCommon FilesSkype
2008-12-03 21:52:44 —-D—- C:Documents and SettingsAll UsersApplication DataSkype======List of files/folders modified in the last 1 months======
2008-12-28 21:27:25 —-D—- C:WINDOWSTemp
2008-12-28 21:26:19 —-D—- C:WINDOWSPrefetch
2008-12-28 21:22:28 —-A—- C:WINDOWSSchedLgU.Txt
2008-12-28 21:16:54 —-D—- C:downloads
2008-12-28 21:16:01 —-D—- C:Program FilesMozilla Firefox
2008-12-28 21:13:08 —-D—- C:Program FilesICQ
2008-12-28 20:48:02 —-D—- C:Program FilesSteam
2008-12-28 19:56:30 —-RD—- C:Program Files
2008-12-28 18:05:22 —-D—- C:Documents and SettingsAdministratorApplication DataGoTView
2008-12-28 17:18:12 —-D—- C:Program FilesGoTView
2008-12-28 15:25:05 —-D—- C:WINDOWSsystem32
2008-12-28 13:29:02 —-D—- C:WINDOWSsystem32drivers
2008-12-28 01:24:46 —-D—- C:WINDOWSsystem32CatRoot2
2008-12-28 01:21:19 —-A—- C:WINDOWSNeroDigital.ini
2008-12-27 17:28:15 —-A—- C:WINDOWSModemLog_Standard 33600 bps Modem.txt
2008-12-22 21:13:49 —-A—- C:WINDOWSwinamp.ini
2008-12-20 20:43:07 —-D—- C:WINDOWS
2008-12-15 19:57:58 —-SHD—- C:WINDOWSCSC
2008-12-14 19:12:14 —-D—- C:Program FilesTVUPlayer
2008-12-13 20:39:35 —-D—- C:Program FilesLight Alloy
2008-12-06 23:51:32 —-D—- C:WINDOWSsystem32DirectX
2008-12-06 23:51:31 —-HD—- C:WINDOWSinf
2008-12-06 23:51:20 —-RSD—- C:WINDOWSassembly
2008-12-04 00:22:29 —-D—- C:WINDOWSsecurity
2008-12-03 21:52:52 —-SHD—- C:WINDOWSInstaller
2008-12-03 21:52:47 —-D—- C:Program FilesCommon Files
2008-12-01 20:01:11 —-D—- C:Program FilesFar
2008-11-29 00:20:26 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2008-11-29 00:20:16 —-D—- C:Program FilesAGEIA Technologies
2008-11-29 00:19:56 —-DC—- C:WINDOWSsystem32DRVSTORE
2008-11-29 00:15:30 —-HD—- C:Program FilesInstallShield Installation Information======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 appdrv01;Application Driver (01); C:WINDOWSSystem32Driversappdrv01.sys [2008-04-26 2004072]
R1 atitray;atitray; ??C:Program FilesRay AdamsATI Tray Toolsatitray.sys []
R1 fwdrv;Firewall Driver; C:WINDOWSsystem32driversfwdrv.sys [2004-11-02 262144]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2005-10-15 36096]
R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2007-09-15 15424]
R1 vmm;Virtual Machine Monitor; ??C:WINDOWSsystem32Driversvmm.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2007-09-15 512096]
R2 atksgt;atksgt; C:WINDOWSsystem32DRIVERSatksgt.sys [2008-10-08 279712]
R2 lirsgt;lirsgt; C:WINDOWSsystem32DRIVERSlirsgt.sys [2008-10-08 25888]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2006-05-02 229376]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-04-27 93824]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
R3 BridgeMP;MAC Bridge Miniport; C:WINDOWSsystem32DRIVERSbridge.sys [2004-08-03 71552]
R3 GEARAspiWDM;GEAR CDRom Filter; C:WINDOWSSYSTEM32DRIVERSGEARAspiWDM.sys [2005-03-07 14408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-10-13 138752]
R3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-23 9600]
R3 iComp;GOTVIEW DVD2 FM USB Encoder; C:WINDOWSsystem32DRIVERSp2usbwdm.sys [2007-05-23 1565120]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 Pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2003-09-19 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-06-28 81920]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2005-10-15 31744]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2005-08-01 27008]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-09-16 57856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:WINDOWSsystem32DRIVERSVMNetSrv.sys [2007-01-29 59280]
R3 VX6000;Microsoft LifeCam VX-6000; C:WINDOWSsystem32DRIVERSVX6000Xp.sys [2006-06-30 2383152]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780}; ??C:WINDOWSTEMP1559.tmp []
S3 a84tvzbp;a84tvzbp; C:WINDOWSsystem32driversa84tvzbp.sys []
S3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2005-11-28 60800]
S3 Bridge;MAC Bridge; C:WINDOWSsystem32DRIVERSbridge.sys [2004-08-03 71552]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 ctljystk;Creative SBLive! Gameport; C:WINDOWSsystem32DRIVERSctljystk.sys [2001-08-17 3712]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys []
S3 emu10k;Creative SB Live! (WDM); C:WINDOWSsystem32driversemu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:WINDOWSsystem32driversctlfacem.sys [2001-08-17 6912]
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:WINDOWSsystem32DRIVERSL8042pr2.Sys [2003-12-17 51729]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLHidFlt2.Sys [2003-12-17 25505]
S3 LHidUsb;Logitech USB Receiver device driver; C:WINDOWSSystem32DriversLHidUsb.Sys [2003-12-17 37887]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:WINDOWSsystem32DRIVERSLMouFlt2.Sys [2003-12-17 70801]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2005-11-28 61824]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:WINDOWSsystem32driverssfmanm.sys [2001-08-17 36480]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 sony_ssm.sys;sony_ssm.sys; ??C:DOCUME~1ADMINI~1LOCALS~1Tempsony_ssm.sys []
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-12-28 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 zdcdcdrv;ZyXEL USB modem Driver; C:WINDOWSsystem32DRIVERSzdcdcdrv.sys [2004-08-14 17664]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2006-03-30 96341]
R2 KPF4;Kerio Personal Firewall 4; C:Program FilesKerioPersonal Firewall 4kpf4ss.exe [2004-10-27 1912832]
R2 MSCamSvc;MSCamSvc; C:Program FilesMicrosoft LifeCamMSCamSvc.exe [2006-06-30 187184]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2007-09-15 552064]
R2 UserAccess7;SecuROM User Access Service (V7); C:WINDOWSsystem32UAService7.exe [2007-07-24 217088]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WINDOWSSystem32appdrvrem01.exe [2008-04-26 304528]
S2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
S2 pr2ajy2b;Helldorado Drivers Auto Removal (pr2ajy2b); C:WINDOWSsystem32pr2ajy2b.exe [2007-08-07 411000]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-06-25 138168]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:Program FilesiPodbiniPodService.exe [2005-12-20 323584]
S3 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-11-24 38912]
S3 usnjsvc;Служба Messenger Sharing Folders USN Journal Reader; C:Program FilesWindows LiveMessengerusnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:Program FilesWindows LiveinstallerWLSetupSvc.exe [2007-10-25 266240]
EOF
info.txt logfile of random’s system information tool 1.05 2008-12-28 21:29:39======Uninstall list======
—>MsiExec /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 6.0.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Reader 7.0.5—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AGEIA GAME System Software—>MsiExec.exe /I{DEDF2885-0086-4534-9912-F9B97377ED07}
AsusUpdate—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{587178E7-B1DF-494E-9838-FA4DD36E873C}setup.exe» -l0x9
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audiosurf—>»C:Program FilesSteamsteam.exe» steam://uninstall/12900
Blazing Angels Squadrons of WWII—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2CBE667E-1193-47DC-852E-2CB4747C12E3}Setup.exe» -l0x19 -removeonly
Bookworm Adventures Deluxe 1.0—>C:Program FilesPopCap GamesBookworm Adventures DeluxePopUninstall.exe «C:Program FilesPopCap GamesBookworm Adventures DeluxeInstall.log»
Canon Camera Access Library—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCALUninst.ini»
Canon Camera Support Core Library—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCSCLIBUninst.ini»
Canon Camera Window DC_DV 5 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDVCUninst.ini»
Canon Camera Window DC_DV 6 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDVC6Uninst.ini»
Canon Camera Window MC 6 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowMCUninst.ini»
Canon G.726 WMP-Decoder—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonG726DecoderG726DecUnInstall.ini»
Canon MovieEdit Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramMVWUninst.ini»
Canon RAW Image Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonRAW Image TaskUninst.ini»
Canon RemoteCapture Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowRemoteCaptureTask DCUninst.ini»
Canon Utilities EOS Utility—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonEOS UtilityUninst.ini»
Canon Utilities PhotoStitch—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonPhotoStitchUninst.ini»
Canon Utilities ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramUninst.ini»
Download Master version 5.5.1.1107—>»C:Program FilesDownload Masterunins000.exe»
EPSON Attach To Email—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3D78F2A2-C893-4ABD-B5FE-AD7011837755}SETUP.EXE» -l0x19 UNINST
EPSON File Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2EB81825-E9EE-44F4-8F51-1240C3898DC6}Setup.exe» -l0x19 UNINST
EPSON Printer Software—>C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
EPSON Scan Assistant—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}Setup.exe» -l0x19 -u
FAR file manager—>C:Program FilesFarUninstall.exe
FLV Player 1.3.3—>»C:Program FilesFLVPlayeruninstall.exe»
Football Manager 2007—>E:Football Manager 2007uninstallUninstall FM 2007.exe
Fraps (remove only)—>»C:Frapsuninstall.exe»
Free Download Manager 2.1—>»C:Program FilesFree Download Managerunins000.exe»
Google Toolbar for Internet Explorer—>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer—>regsvr32 /u /s «c:program filesgooglegoogletoolbar1.dll»
Google Video Player—>»C:Program FilesGoogleGoogle Video PlayerUninstall.exe»
GoTView (удалить)—>»C:Program FilesGoTViewuninstall.exe»
HellSpeed—>C:Program FilesInstallShield Installation Information{0218C3B3-84FA-4217-A6AF-F86BBFFBD08B}setup.exe -runfromtemp -l0x0019 -removeonly
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
HyperSnap-DX—>C:WINDOWSUnHSDX.bat
ICQ Plus—>C:PROGRA~1ICQPlusUNWISE.EXE C:PROGRA~1ICQPlusINSTALL.LOG
ICQ—>C:PROGRA~1ICQICQUninstall.EXE
Indeo® software—>C:WINDOWSIsUninst.exe -f»C:Program FilesIntelIndeoUninst.isu»
InterVideo WinDVD Creator 2—>»C:Program FilesInstallShield Installation Information{2FCE4FC5-6930-40E7-A4F1-F862207424EF}setup.exe» REMOVEALL
iPod for Windows 2005-03-23—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2006-01-10—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
J2SE Runtime Environment 5.0 Update 5—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Kerio Personal Firewall—>MsiExec.exe /X{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
King’s Bounty: Легенда о Рыцаре—>»E:King’s Bounty. Легенда о Рыцареunins000.exe»
K-Lite Codec Pack 2.85 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
Left 4 Dead—>»C:Program FilesSteamsteam.exe» steam://uninstall/500
Light Alloy 2.4—>C:WINDOWSmuninst.exe «Light Alloy 2.4»
Logitech MouseWare 9.79.1 —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5809E7CF-4DCF-11D4-9875-00105ACE7734}Setup.exe» -l0x9 -l0009 UNINSTALL
Mail.Ru Агент 4.9 (сборка 1863, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft LifeCam—>MsiExec.exe /X{4DEE75B1-B201-4DA3-A50F-007CDB00DA23}
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Virtual PC 2007—>MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mount&Blade—>E:Mount&Bladeuninstall.exe
Mozilla Firefox (2.0.0.20)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
Mozilla Thunderbird (1.5)—>C:WINDOWSUninstallThunderbird.exe /ua «1.5 (en-US)»
MSXML 6.0 Parser (KB927977)—>MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NOD32 antivirus system—>C:Program FilesEsetSetupsetup.exe /UNINSTALL
NOD32 FiX v1.9—>»C:Program FilesEsetunins000.exe»
NVIDIA PhysX v8.04.25—>MsiExec.exe /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
PictureMate PM260_290 Руководство—>C:Program FilesEPSONTPMANUALPM260_290RUSUSE_GDOCUNINS.EXE
pMetro 1.26—>»C:Program FilespMetrounins000.exe»
QuickTime—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Ray Adams ATI Tray Tools—>»C:Program FilesRay AdamsATI Tray Toolsuninstall.exe»
Real Alternative 1.45—>»C:Program FilesReal Alternativeunins000.exe»
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}Setup.exe» -l0x19 -removeonly
RegShot 1.7—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFUberPack.inf,reguninstall
Sidi 1.0—>»C:Program FilesSidiunins000.exe»
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SopCast 1.1.2—>C:Program FilesSopCastuninst.exe
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}Setup.exe» -l0x19 -removeonly
Steam—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stellarium 0.9.1—>»C:Program FilesStellariumunins000.exe»
Test Drive Unlimited—>MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
The Bat!—>C:WINDOWStbat_del.exe
Trials 2 Second Edition—>E:Trials 2 Second EditionUninstall.exe
TVUPlayer 2.3.3.2—>C:Program FilesTVUPlayeruninst.exe
VideoLAN VLC media player 0.8.6c—>C:Program FilesVideoLANVLCuninstall.exe
WebMoney Keeper Classic 3.6.0.2—>»C:Program FilesWebMoneyUninstall.exe» «C:Program FilesWebMoneyinstall.log» -u
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Live installer—>MsiExec.exe /X{61C981F9-FF8A-46EC-B6FE-FF8B293F36D3}
Windows Live Messenger—>MsiExec.exe /X{087B2CCA-0F1C-4434-B7C6-6B5E0EFD31BC}
WinRAR archiver—>C:Program FilesWinRARuninstall.exe
Xvid 1.1.2 final uninstall—>»C:Program FilesXvidunins000.exe»
yuPlay client 0.3.9—>»C:Program FilesyuPlayunins000.exe»
Десперадо 3: Схватка в прериях—>»E:Десперадо 3unins000.exe»=====HijackThis Backups=====
F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:Documents and SettingsAdministratorfvxb.exe s,C:WINDOWSsystem32ntos.exe,
R3 — Default URLSearchHook is missing======Hosts File======
127.0.0.1 cureit.ru
127.0.0.1 drweb.com
127.0.0.1 drweb.com.ua
127.0.0.1 dr-web.ru
127.0.0.1 freedrweb.com
127.0.0.1 new-download.drweb.com
127.0.0.1 support.drweb.com
127.0.0.1 forum.drweb.com
127.0.0.1 download.drweb.com
127.0.0.1 eset.comSecuritycenter WMI appears to be broken
System event log
Computer Name: AG-REDGUARD
Event Code: 1
Message: Protection Synchronization Driver detected an internal error, contact the customer support service.Record Number: 29944
Source Name: ps6ajy2b
Time Written: 20081125194454.000000+180
Event Type: error
User:Computer Name: AG-REDGUARD
Event Code: 1
Message: Protection Synchronization Driver detected an internal error, contact the customer support service.Record Number: 29943
Source Name: ps6ajy2b
Time Written: 20081125194454.000000+180
Event Type: error
User:Computer Name: AG-REDGUARD
Event Code: 1
Message: Protection Synchronization Driver detected an internal error, contact the customer support service.Record Number: 29942
Source Name: ps6ajy2b
Time Written: 20081125194454.000000+180
Event Type: error
User:Computer Name: AG-REDGUARD
Event Code: 1
Message: Protection Synchronization Driver detected an internal error, contact the customer support service.Record Number: 29941
Source Name: ps6ajy2b
Time Written: 20081125194454.000000+180
Event Type: error
User:Computer Name: AG-REDGUARD
Event Code: 1
Message: Protection Synchronization Driver detected an internal error, contact the customer support service.Record Number: 29940
Source Name: ps6ajy2b
Time Written: 20081125194454.000000+180
Event Type: error
User:Application event log
Computer Name: AG-REDGUARD
Event Code: 105
Message: The service was started.Record Number: 383
Source Name: ATI Smart
Time Written: 20070426204816.000000+240
Event Type: information
User:Computer Name: AG-REDGUARD
Event Code: 1000
Message: Faulting application ccc.exe, version 2.0.0.0, stamp 451d264f, faulting module imon.dll, version 2.51.8.0, stamp 42d24c73, debug? 0, fault address 0x0000d039.Record Number: 382
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20070425194604.000000+240
Event Type: error
User:Computer Name: AG-REDGUARD
Event Code: 1000
Message: Faulting application mom.exe, version 2.0.0.0, stamp 451d2648, faulting module imon.dll, version 2.51.8.0, stamp 42d24c73, debug? 0, fault address 0x0000d039.Record Number: 381
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20070425194604.000000+240
Event Type: error
User:Computer Name: AG-REDGUARD
Event Code: 105
Message: The service was started.Record Number: 380
Source Name: ATI Smart
Time Written: 20070425194526.000000+240
Event Type: information
User:Computer Name: AG-REDGUARD
Event Code: 1517
Message: Windows saved user AG-REDGUARDAdministrator registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 379
Source Name: Userenv
Time Written: 20070425022120.000000+240
Event Type: warning
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI.ACECore-Static;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 2, GenuineIntel
«PROCESSOR_REVISION»=0f02
«NUMBER_OF_PROCESSORS»=2
«DEVMGR_SHOW_DETAILS»=1
«DEVMGR_SHOW_NONPRESENT_DEVICES»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=C:Program FilesJavajre1.5.0_05libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.5.0_05libextQTJava.zip
EOF
++++++++++++++++++++++File.txt
Volume in drive C has no label.
Volume Serial Number is E00B-13CEDirectory of C:WINDOWS
03.08.2004 22:56 69я120 NOTEPAD.EXE
1 File(s) 69я120 bytesDirectory of C:WINDOWSsystem32
03.08.2004 22:56 69я120 notepad.exe
1 File(s) 69я120 bytesFile1.txt
Volume in drive C has no label.
Volume Serial Number is E00B-13CEDirectory of C:WINDOWSsystem32
26.11.2005 06:43 417я792 Notepad2.EXE
1 File(s) 417я792 bytesТолько сейчас прочел советы в прикрепленной теме, сорри. Дополняю свой пост.
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Administrator at 2008-12-28 19:58:23
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (29%) free of 31 GB
Total RAM: 2031 MB (71% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:25, on 28.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesEsetnod32kui.exe
C:WINDOWSLogi_MwX.Exe
C:WINDOWSvVX6000.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesICQPlusvplus.exe
C:Program FilesRay AdamsATI Tray Toolsatitray.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
C:Program FilesMicrosoft LifeCamMSCamSvc.exe
C:Program FilesEsetnod32krn.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32UAService7.exe
C:Program FilesCanonCALCALMAIN.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesICQIcq.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:Program FilesFarFar.exe
E:RSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microAdministrator.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.ag.ru/
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 220.225.196.123:80
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 — Default URLSearchHook is missing
F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:Documents and SettingsAdministratorfvxb.exe s,C:WINDOWSsystem32ntos.exe,
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: (no name) — {7E853D72-626A-48EC-A868-BA8D5E23E045} — (no file)
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 — BHO: (no name) — {C248BEB0-911F-4464-8F2B-5990F082A7D5} — C:WINDOWSsystem32atmf.dll (file missing)
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [SoundMAX] «C:Program FilesAnalog DevicesSoundMAXSmax4.exe» /tray
O4 — HKLM..Run: [nod32kui] «C:Program FilesEsetnod32kui.exe» /WAITSERVICE
O4 — HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentmagent.exe -LM
O4 — HKLM..Run: [LifeCam] «C:Program FilesMicrosoft LifeCamLifeExp.exe»
O4 — HKLM..Run: [VX6000] C:WINDOWSvVX6000.exe
O4 — HKLM..Run: [bky] C:WINDOWSsystem32bky.exe u
O4 — HKLM..Run: [advap32] «C:DOCUME~1ADMINI~1LOCALS~1Temploader.exe» /r
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [ICQ Plus] «C:Program FilesICQPlusvplus.exe»
O4 — HKCU..Run: [AtiTrayTools] «C:Program FilesRay AdamsATI Tray Toolsatitray.exe»
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesBitTorrent_DNAdna.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..RunOnce: [ICQ] C:Program FilesICQIcq.exe -trayboot
O4 — HKLM..PoliciesExplorerRun: [5T19I3B27A] C:WINDOWScsrs.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [TaskSwitchXP] C:Program FilesTaskSwitchXPTaskSwitchXP.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [Free Download Manager] C:Program FilesFree Download Managerfdm.exe -autorun (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘Default user’)
O4 — Global Startup: MS-0812-upd271848.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1Office10EXCEL.EXE/3000
O8 — Extra context menu item: Download all with Free Download Manager — file://C:Program FilesFree Download Managerdlall.htm
O8 — Extra context menu item: Download selected with Free Download Manager — file://C:Program FilesFree Download Managerdlselected.htm
O8 — Extra context menu item: Download with Free Download Manager — file://C:Program FilesFree Download Managerdllink.htm
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Найти в базе игр &AG.ru — http://www.ag.ru/outer.htm
O8 — Extra context menu item: Найти на &AG.ru — http://www.ag.ru/searcher_new.htm
O9 — Extra button: ICQ Pro — {6224f700-cba3-4071-b251-47cb894244cd} — C:Program FilesICQICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ — {6224f700-cba3-4071-b251-47cb894244cd} — C:Program FilesICQICQ.exe
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) — http://dl.tvunetworks.com/TVUAx.cab
O16 — DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) — https://w3s.webmoney.ru/WMAcceptor.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207943162906
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207943120296
O17 — HKLMSystemCCSServicesTcpip..{9895A07E-EF6F-4A7F-82C9-28C1D54EA051}: NameServer = 213.234.192.7 85.21.192.5
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — C:WINDOWSSystem32appdrvrem01.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: iPodService — Apple Computer, Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: Kerio Personal Firewall 4 (KPF4) — Kerio Technologies — C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
O23 — Service: NOD32 Kernel Service (NOD32krn) — Eset — C:Program FilesEsetnod32krn.exe
O23 — Service: Helldorado Drivers Auto Removal (pr2ajy2b) (pr2ajy2b) — Playten Interactive — C:WINDOWSsystem32pr2ajy2b.exe
O23 — Service: SecuROM User Access Service (V7) (UserAccess7) — Sony DADC Austria AG. — C:WINDOWSsystem32UAService7.exe—
End of file — 9691 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2007-06-25 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-09-11 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C248BEB0-911F-4464-8F2B-5990F082A7D5}]
C:WINDOWSsystem32atmf.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2007-06-25 2427968][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-05-01 843776]
«SoundMAX»=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2006-04-10 729088]
«nod32kui»=C:Program FilesEsetnod32kui.exe [2007-09-15 949376]
«Logitech Utility»=C:WINDOWSLogi_MwX.Exe [2003-12-17 19968]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2007-05-09 155648]
«MAgent»=C:Program FilesMail.RuAgentmagent.exe [2008-03-10 4523776]
«LifeCam»=C:Program FilesMicrosoft LifeCamLifeExp.exe [2006-06-30 269104]
«VX6000″=C:WINDOWSvVX6000.exe [2006-06-30 994096]
«bky»=C:WINDOWSsystem32bky.exe u []
«advap32″=C:DOCUME~1ADMINI~1LOCALS~1Temploader.exe /r [][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
«5T19I3B27A»=C:WINDOWScsrs.exe [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«ICQ Plus»=C:Program FilesICQPlusvplus.exe [2002-12-04 11776]
«AtiTrayTools»=C:Program FilesRay AdamsATI Tray Toolsatitray.exe [2007-05-22 521128]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-08-02 68856]
«BitTorrent DNA»=C:Program FilesBitTorrent_DNAdna.exe []
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«ICQ»=C:Program FilesICQIcq.exe [2003-01-21 2089541][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2005-12-20 278528][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
C:Program FilesMail.RuAgentMAgent.exe [2008-03-10 4523776][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeqttask.exe [2007-05-09 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:PROGRA~1MICROS~1Office10OSA.EXE [2001-02-13 83360]C:Documents and SettingsAll UsersStart MenuProgramsStartup
MS-0812-upd271848.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-10-29 143360][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableCAD»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«DisableCAD»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoInstrumentation»=1
«NoSMHelp»=1
«DisableCAD»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«ForceClassicControlPanel»=
«MemCheckBoxInRunDlg»=
«DisableCAD»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«E:LASRLASR.exe»=»E:LASRLASR.exe:*:Enabled:LASR»
«C:PROGRA~1bobaboba2PODCAS~1.EXE»=»C:PROGRA~1bobaboba2PODCAS~1.EXE:*:Enabled:Share Streaming»
«C:Program Filesbobaboba2PodcastBar.exe»=»C:Program Filesbobaboba2PodcastBar.exe:*:Enabled:Share Streaming»
«C:Program FilesPPMateppmate.exe»=»C:Program FilesPPMateppmate.exe:*:Enabled:PPMate»
«C:Program FilesPPMateppmnet.exe»=»C:Program FilesPPMateppmnet.exe:*:Enabled:PPMate»
«C:Program FilesKerioPersonal Firewall 4kpf4gui.exe»=»C:Program FilesKerioPersonal Firewall 4kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 — GUI»
«C:Program FilesBitTorrent_DNAdna.exe»=»C:Program FilesBitTorrent_DNAdna.exe:*:Enabled:BitTorrent DNA»
«C:Program FilesBitTorrentbittorrent.exe»=»C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesMicrosoft LifeCamLifeCam.exe»=»C:Program FilesMicrosoft LifeCamLifeCam.exe:*:Enabled:LifeCam.exe»
«C:Program FilesMicrosoft LifeCamLifeExp.exe»=»C:Program FilesMicrosoft LifeCamLifeExp.exe:*:Enabled:LifeExp.exe»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveMessengerlivecall.exe»=»C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)»
«C:Documents and SettingsAdministratorfvxb.exe»=»C:Documents and SettingsAdministratorfvxb.exe:*:Enabled:ENABLE»
«C:WINDOWSsystem32bky.exe»=»C:WINDOWSsystem32bky.exe:*:Enabled:ENABLE»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesWindows LiveMessengerlivecall.exe»=»C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a6c641c4-d0e8-11db-beff-806d6172696f}]
shellAutoRuncommand — F:setup.exe======File associations======
.bat — edit — C:WINDOWSsystem32NOTEPAD2.EXE %1
.cmd — edit — C:WINDOWSsystem32NOTEPAD2.EXE %1
.inf — open — C:WINDOWSsystem32NOTEPAD2.EXE %1
.ini — open — C:WINDOWSsystem32NOTEPAD2.EXE %1
.js — edit — C:WINDOWSsystem32Notepad2.exe %1
.reg — edit — C:WINDOWSsystem32NOTEPAD2.EXE %1
.txt — open — C:WINDOWSsystem32NOTEPAD2.EXE %1
.vbs — edit — C:WINDOWSsystem32Notepad2.exe %1======List of files/folders created in the last 1 months======
2008-12-28 19:56:30 —-D—- C:rsit
2008-12-28 19:56:30 —-D—- C:Program Filestrend micro
2008-12-05 02:57:51 —-D—- C:Documents and SettingsAll UsersApplication DataMumboJumbo
2008-12-04 03:11:16 —-A—- C:WINDOWSsystem32d3dx10_40.dll
2008-12-04 03:11:16 —-A—- C:WINDOWSsystem32D3DCompiler_40.dll
2008-12-04 03:11:15 —-A—- C:WINDOWSsystem32D3DX9_40.dll
2008-12-04 03:11:13 —-A—- C:WINDOWSsystem32XAudio2_3.dll
2008-12-04 03:11:13 —-A—- C:WINDOWSsystem32XAPOFX1_2.dll
2008-12-04 03:11:11 —-A—- C:WINDOWSsystem32xactengine3_3.dll
2008-12-04 03:11:10 —-A—- C:WINDOWSsystem32X3DAudio1_5.dll
2008-12-04 03:09:25 —-D—- C:DirectX
2008-12-04 00:16:39 —-HD—- C:WINDOWSsystem32GroupPolicy
2008-12-03 21:54:01 —-D—- C:Documents and SettingsAdministratorApplication DataskypePM
2008-12-03 21:53:02 —-D—- C:Documents and SettingsAdministratorApplication DataSkype
2008-12-03 21:52:47 —-D—- C:Program FilesSkype
2008-12-03 21:52:47 —-D—- C:Program FilesCommon FilesSkype
2008-12-03 21:52:44 —-D—- C:Documents and SettingsAll UsersApplication DataSkype======List of files/folders modified in the last 1 months======
2008-12-28 19:56:30 —-RD—- C:Program Files
2008-12-28 19:54:10 —-D—- C:WINDOWSTemp
2008-12-28 18:28:15 —-D—- C:WINDOWSPrefetch
2008-12-28 18:05:22 —-D—- C:Documents and SettingsAdministratorApplication DataGoTView
2008-12-28 17:18:12 —-D—- C:Program FilesGoTView
2008-12-28 15:25:05 —-D—- C:WINDOWSsystem32
2008-12-28 14:58:57 —-D—- C:Program FilesMozilla Firefox
2008-12-28 14:44:32 —-A—- C:WINDOWSSchedLgU.Txt
2008-12-28 14:09:55 —-D—- C:Program FilesSteam
2008-12-28 13:29:02 —-D—- C:WINDOWSsystem32drivers
2008-12-28 04:31:25 —-D—- C:Program FilesICQ
2008-12-28 01:24:46 —-D—- C:WINDOWSsystem32CatRoot2
2008-12-28 01:21:19 —-A—- C:WINDOWSNeroDigital.ini
2008-12-27 17:28:15 —-A—- C:WINDOWSModemLog_Standard 33600 bps Modem.txt
2008-12-22 21:13:49 —-A—- C:WINDOWSwinamp.ini
2008-12-20 20:43:07 —-D—- C:WINDOWS
2008-12-15 19:57:58 —-SHD—- C:WINDOWSCSC
2008-12-14 19:12:14 —-D—- C:Program FilesTVUPlayer
2008-12-13 20:39:35 —-D—- C:Program FilesLight Alloy
2008-12-06 23:51:32 —-D—- C:WINDOWSsystem32DirectX
2008-12-06 23:51:31 —-HD—- C:WINDOWSinf
2008-12-06 23:51:20 —-RSD—- C:WINDOWSassembly
2008-12-04 00:22:29 —-D—- C:WINDOWSsecurity
2008-12-03 21:52:52 —-SHD—- C:WINDOWSInstaller
2008-12-03 21:52:47 —-D—- C:Program FilesCommon Files
2008-12-01 20:01:11 —-D—- C:Program FilesFar
2008-11-29 00:20:26 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2008-11-29 00:20:16 —-D—- C:Program FilesAGEIA Technologies
2008-11-29 00:19:56 —-DC—- C:WINDOWSsystem32DRVSTORE
2008-11-29 00:15:30 —-HD—- C:Program FilesInstallShield Installation Information======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 appdrv01;Application Driver (01); C:WINDOWSSystem32Driversappdrv01.sys [2008-04-26 2004072]
R1 atitray;atitray; ??C:Program FilesRay AdamsATI Tray Toolsatitray.sys []
R1 fwdrv;Firewall Driver; C:WINDOWSsystem32driversfwdrv.sys [2004-11-02 262144]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2005-10-15 36096]
R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2007-09-15 15424]
R1 vmm;Virtual Machine Monitor; ??C:WINDOWSsystem32Driversvmm.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2007-09-15 512096]
R2 atksgt;atksgt; C:WINDOWSsystem32DRIVERSatksgt.sys [2008-10-08 279712]
R2 lirsgt;lirsgt; C:WINDOWSsystem32DRIVERSlirsgt.sys [2008-10-08 25888]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2006-05-02 229376]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-04-27 93824]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
R3 BridgeMP;MAC Bridge Miniport; C:WINDOWSsystem32DRIVERSbridge.sys [2004-08-03 71552]
R3 GEARAspiWDM;GEAR CDRom Filter; C:WINDOWSSYSTEM32DRIVERSGEARAspiWDM.sys [2005-03-07 14408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-10-13 138752]
R3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-23 9600]
R3 iComp;GOTVIEW DVD2 FM USB Encoder; C:WINDOWSsystem32DRIVERSp2usbwdm.sys [2007-05-23 1565120]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 Pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2003-09-19 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-06-28 81920]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2005-10-15 31744]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2005-08-01 27008]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-09-16 57856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:WINDOWSsystem32DRIVERSVMNetSrv.sys [2007-01-29 59280]
R3 VX6000;Microsoft LifeCam VX-6000; C:WINDOWSsystem32DRIVERSVX6000Xp.sys [2006-06-30 2383152]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780}; ??C:WINDOWSTEMP1559.tmp []
S3 ak18in1g;ak18in1g; C:WINDOWSsystem32driversak18in1g.sys []
S3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2005-11-28 60800]
S3 Bridge;MAC Bridge; C:WINDOWSsystem32DRIVERSbridge.sys [2004-08-03 71552]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 ctljystk;Creative SBLive! Gameport; C:WINDOWSsystem32DRIVERSctljystk.sys [2001-08-17 3712]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys []
S3 emu10k;Creative SB Live! (WDM); C:WINDOWSsystem32driversemu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:WINDOWSsystem32driversctlfacem.sys [2001-08-17 6912]
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:WINDOWSsystem32DRIVERSL8042pr2.Sys [2003-12-17 51729]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLHidFlt2.Sys [2003-12-17 25505]
S3 LHidUsb;Logitech USB Receiver device driver; C:WINDOWSSystem32DriversLHidUsb.Sys [2003-12-17 37887]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:WINDOWSsystem32DRIVERSLMouFlt2.Sys [2003-12-17 70801]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2005-11-28 61824]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:WINDOWSsystem32driverssfmanm.sys [2001-08-17 36480]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 sony_ssm.sys;sony_ssm.sys; ??C:DOCUME~1ADMINI~1LOCALS~1Tempsony_ssm.sys []
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-12-28 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 zdcdcdrv;ZyXEL USB modem Driver; C:WINDOWSsystem32DRIVERSzdcdcdrv.sys [2004-08-14 17664]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2006-03-30 96341]
R2 KPF4;Kerio Personal Firewall 4; C:Program FilesKerioPersonal Firewall 4kpf4ss.exe [2004-10-27 1912832]
R2 MSCamSvc;MSCamSvc; C:Program FilesMicrosoft LifeCamMSCamSvc.exe [2006-06-30 187184]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2007-09-15 552064]
R2 UserAccess7;SecuROM User Access Service (V7); C:WINDOWSsystem32UAService7.exe [2007-07-24 217088]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WINDOWSSystem32appdrvrem01.exe [2008-04-26 304528]
S2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
S2 pr2ajy2b;Helldorado Drivers Auto Removal (pr2ajy2b); C:WINDOWSsystem32pr2ajy2b.exe [2007-08-07 411000]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-06-25 138168]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:Program FilesiPodbiniPodService.exe [2005-12-20 323584]
S3 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-11-24 38912]
S3 usnjsvc;Служба Messenger Sharing Folders USN Journal Reader; C:Program FilesWindows LiveMessengerusnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:Program FilesWindows LiveinstallerWLSetupSvc.exe [2007-10-25 266240]
EOF
info.txt logfile of random’s system information tool 1.05 2008-12-28 19:56:45======Uninstall list======
—>MsiExec /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 6.0.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Reader 7.0.5—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AGEIA GAME System Software—>MsiExec.exe /I{DEDF2885-0086-4534-9912-F9B97377ED07}
AsusUpdate—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{587178E7-B1DF-494E-9838-FA4DD36E873C}setup.exe» -l0x9
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audiosurf—>»C:Program FilesSteamsteam.exe» steam://uninstall/12900
Blazing Angels Squadrons of WWII—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2CBE667E-1193-47DC-852E-2CB4747C12E3}Setup.exe» -l0x19 -removeonly
Bookworm Adventures Deluxe 1.0—>C:Program FilesPopCap GamesBookworm Adventures DeluxePopUninstall.exe «C:Program FilesPopCap GamesBookworm Adventures DeluxeInstall.log»
Canon Camera Access Library—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCALUninst.ini»
Canon Camera Support Core Library—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCSCLIBUninst.ini»
Canon Camera Window DC_DV 5 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDVCUninst.ini»
Canon Camera Window DC_DV 6 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDVC6Uninst.ini»
Canon Camera Window MC 6 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowMCUninst.ini»
Canon G.726 WMP-Decoder—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonG726DecoderG726DecUnInstall.ini»
Canon MovieEdit Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramMVWUninst.ini»
Canon RAW Image Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonRAW Image TaskUninst.ini»
Canon RemoteCapture Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonCameraWindowRemoteCaptureTask DCUninst.ini»
Canon Utilities EOS Utility—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonEOS UtilityUninst.ini»
Canon Utilities PhotoStitch—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonPhotoStitchUninst.ini»
Canon Utilities ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.1.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramUninst.ini»
Download Master version 5.5.1.1107—>»C:Program FilesDownload Masterunins000.exe»
EPSON Attach To Email—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3D78F2A2-C893-4ABD-B5FE-AD7011837755}SETUP.EXE» -l0x19 UNINST
EPSON File Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2EB81825-E9EE-44F4-8F51-1240C3898DC6}Setup.exe» -l0x19 UNINST
EPSON Printer Software—>C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
EPSON Scan Assistant—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}Setup.exe» -l0x19 -u
FAR file manager—>C:Program FilesFarUninstall.exe
FLV Player 1.3.3—>»C:Program FilesFLVPlayeruninstall.exe»
Football Manager 2007—>E:Football Manager 2007uninstallUninstall FM 2007.exe
Fraps (remove only)—>»C:Frapsuninstall.exe»
Free Download Manager 2.1—>»C:Program FilesFree Download Managerunins000.exe»
Google Toolbar for Internet Explorer—>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer—>regsvr32 /u /s «c:program filesgooglegoogletoolbar1.dll»
Google Video Player—>»C:Program FilesGoogleGoogle Video PlayerUninstall.exe»
GoTView (удалить)—>»C:Program FilesGoTViewuninstall.exe»
HellSpeed—>C:Program FilesInstallShield Installation Information{0218C3B3-84FA-4217-A6AF-F86BBFFBD08B}setup.exe -runfromtemp -l0x0019 -removeonly
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
HyperSnap-DX—>C:WINDOWSUnHSDX.bat
ICQ Plus—>C:PROGRA~1ICQPlusUNWISE.EXE C:PROGRA~1ICQPlusINSTALL.LOG
ICQ—>C:PROGRA~1ICQICQUninstall.EXE
Indeo® software—>C:WINDOWSIsUninst.exe -f»C:Program FilesIntelIndeoUninst.isu»
InterVideo WinDVD Creator 2—>»C:Program FilesInstallShield Installation Information{2FCE4FC5-6930-40E7-A4F1-F862207424EF}setup.exe» REMOVEALL
iPod for Windows 2005-03-23—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2006-01-10—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
J2SE Runtime Environment 5.0 Update 5—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Kerio Personal Firewall—>MsiExec.exe /X{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
King’s Bounty: Легенда о Рыцаре—>»E:King’s Bounty. Легенда о Рыцареunins000.exe»
K-Lite Codec Pack 2.85 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
Left 4 Dead—>»C:Program FilesSteamsteam.exe» steam://uninstall/500
Light Alloy 2.4—>C:WINDOWSmuninst.exe «Light Alloy 2.4»
Logitech MouseWare 9.79.1 —>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5809E7CF-4DCF-11D4-9875-00105ACE7734}Setup.exe» -l0x9 -l0009 UNINSTALL
Mail.Ru Агент 4.9 (сборка 1863, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft LifeCam—>MsiExec.exe /X{4DEE75B1-B201-4DA3-A50F-007CDB00DA23}
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Virtual PC 2007—>MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mount&Blade—>E:Mount&Bladeuninstall.exe
Mozilla Firefox (2.0.0.20)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
Mozilla Thunderbird (1.5)—>C:WINDOWSUninstallThunderbird.exe /ua «1.5 (en-US)»
MSXML 6.0 Parser (KB927977)—>MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NOD32 antivirus system—>C:Program FilesEsetSetupsetup.exe /UNINSTALL
NOD32 FiX v1.9—>»C:Program FilesEsetunins000.exe»
NVIDIA PhysX v8.04.25—>MsiExec.exe /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
PictureMate PM260_290 Руководство—>C:Program FilesEPSONTPMANUALPM260_290RUSUSE_GDOCUNINS.EXE
pMetro 1.26—>»C:Program FilespMetrounins000.exe»
QuickTime—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Ray Adams ATI Tray Tools—>»C:Program FilesRay AdamsATI Tray Toolsuninstall.exe»
Real Alternative 1.45—>»C:Program FilesReal Alternativeunins000.exe»
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}Setup.exe» -l0x19 -removeonly
RegShot 1.7—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFUberPack.inf,reguninstall
Sidi 1.0—>»C:Program FilesSidiunins000.exe»
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SopCast 1.1.2—>C:Program FilesSopCastuninst.exe
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}Setup.exe» -l0x19 -removeonly
Steam—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stellarium 0.9.1—>»C:Program FilesStellariumunins000.exe»
Test Drive Unlimited—>MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
The Bat!—>C:WINDOWStbat_del.exe
Trials 2 Second Edition—>E:Trials 2 Second EditionUninstall.exe
TVUPlayer 2.3.3.2—>C:Program FilesTVUPlayeruninst.exe
VideoLAN VLC media player 0.8.6c—>C:Program FilesVideoLANVLCuninstall.exe
WebMoney Keeper Classic 3.6.0.2—>»C:Program FilesWebMoneyUninstall.exe» «C:Program FilesWebMoneyinstall.log» -u
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Live installer—>MsiExec.exe /X{61C981F9-FF8A-46EC-B6FE-FF8B293F36D3}
Windows Live Messenger—>MsiExec.exe /X{087B2CCA-0F1C-4434-B7C6-6B5E0EFD31BC}
WinRAR archiver—>C:Program FilesWinRARuninstall.exe
Xvid 1.1.2 final uninstall—>»C:Program FilesXvidunins000.exe»
yuPlay client 0.3.9—>»C:Program FilesyuPlayunins000.exe»
Десперадо 3: Схватка в прериях—>»E:Десперадо 3unins000.exe»======Hosts File======
127.0.0.1 cureit.ru
127.0.0.1 drweb.com
127.0.0.1 drweb.com.ua
127.0.0.1 dr-web.ru
127.0.0.1 freedrweb.com
127.0.0.1 new-download.drweb.com
127.0.0.1 support.drweb.com
127.0.0.1 forum.drweb.com
127.0.0.1 download.drweb.com
127.0.0.1 eset.comSecuritycenter WMI appears to be broken
System event log
Computer Name: AG-REDGUARD
Event Code: 7036
Message: The Universal Plug and Play Device Host service entered the running state.Record Number: 29918
Source Name: Service Control Manager
Time Written: 20081125075514.000000+180
Event Type: information
User:Computer Name: AG-REDGUARD
Event Code: 7036
Message: The Remote Access Auto Connection Manager service entered the running state.Record Number: 29917
Source Name: Service Control Manager
Time Written: 20081125075514.000000+180
Event Type: information
User:Computer Name: AG-REDGUARD
Event Code: 7035
Message: The Universal Plug and Play Device Host service was successfully sent a start control.Record Number: 29916
Source Name: Service Control Manager
Time Written: 20081125075514.000000+180
Event Type: information
User: NT AUTHORITYSYSTEMComputer Name: AG-REDGUARD
Event Code: 7035
Message: The Remote Access Auto Connection Manager service was successfully sent a start control.Record Number: 29915
Source Name: Service Control Manager
Time Written: 20081125075514.000000+180
Event Type: information
User: NT AUTHORITYSYSTEMComputer Name: AG-REDGUARD
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.Record Number: 29914
Source Name: Service Control Manager
Time Written: 20081125075514.000000+180
Event Type: information
User:Application event log
Computer Name: AG-REDGUARD
Event Code: 105
Message: The service was started.Record Number: 383
Source Name: ATI Smart
Time Written: 20070426204816.000000+240
Event Type: information
User:Computer Name: AG-REDGUARD
Event Code: 1000
Message: Faulting application ccc.exe, version 2.0.0.0, stamp 451d264f, faulting module imon.dll, version 2.51.8.0, stamp 42d24c73, debug? 0, fault address 0x0000d039.Record Number: 382
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20070425194604.000000+240
Event Type: error
User:Computer Name: AG-REDGUARD
Event Code: 1000
Message: Faulting application mom.exe, version 2.0.0.0, stamp 451d2648, faulting module imon.dll, version 2.51.8.0, stamp 42d24c73, debug? 0, fault address 0x0000d039.Record Number: 381
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20070425194604.000000+240
Event Type: error
User:Computer Name: AG-REDGUARD
Event Code: 105
Message: The service was started.Record Number: 380
Source Name: ATI Smart
Time Written: 20070425194526.000000+240
Event Type: information
User:Computer Name: AG-REDGUARD
Event Code: 1517
Message: Windows saved user AG-REDGUARDAdministrator registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 379
Source Name: Userenv
Time Written: 20070425022120.000000+240
Event Type: warning
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI.ACECore-Static;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 2, GenuineIntel
«PROCESSOR_REVISION»=0f02
«NUMBER_OF_PROCESSORS»=2
«DEVMGR_SHOW_DETAILS»=1
«DEVMGR_SHOW_NONPRESENT_DEVICES»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=C:Program FilesJavajre1.5.0_05libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.5.0_05libextQTJava.zip
EOF
