Созданные ответы форума
-
Сообщения
-
вот логи RSIТ:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2010-03-20 21:26:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (5%) free of 50 GB
Total RAM: 2047 MB (70% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:54, on 20.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:MATLAB6p5webserverbinwin32matlabserver.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSPixArtPAC7302Monitor.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
E:IcqICQ6.5ICQ.exe
C:Program FilesSteamSteam.exe
D:СережаprogramRSIT.exe
C:Program Filestrend microHijackThisAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {855F3B16-6D32-4fe6-8A56-BBB695989046} — (no file)
O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [PAC7302_Monitor] C:WINDOWSPixArtPAC7302Monitor.exe
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Crawler Search — tbr:iemenu
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Передать на удаленную закачку DM — C:Program FilesDownload Masterremdown.htm
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232392041796
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232392023953
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} — file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O17 — HKLMSystemCCSServicesTcpip..{DB1A5B64-2A47-45DB-8229-94171839A0A8}: NameServer = 195.248.191.67,195.248.191.72
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — C:PROGRA~1CrawlerToolbarctbr.dll
O23 — Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Logitech Bluetooth Service (LBTServ) — Logitech, Inc. — C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe
O23 — Service: MATLAB Server (matlabserver) — Unknown owner — C:MATLAB6p5webserverbinwin32matlabserver.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7417 bytes======Scheduled tasks folder======
C:WINDOWStasksAt1.job
C:WINDOWStasksAt10.job
C:WINDOWStasksAt11.job
C:WINDOWStasksAt12.job
C:WINDOWStasksAt13.job
C:WINDOWStasksAt14.job
C:WINDOWStasksAt15.job
C:WINDOWStasksAt16.job
C:WINDOWStasksAt17.job
C:WINDOWStasksAt18.job
C:WINDOWStasksAt19.job
C:WINDOWStasksAt2.job
C:WINDOWStasksAt20.job
C:WINDOWStasksAt21.job
C:WINDOWStasksAt22.job
C:WINDOWStasksAt23.job
C:WINDOWStasksAt24.job
C:WINDOWStasksAt3.job
C:WINDOWStasksAt4.job
C:WINDOWStasksAt5.job
C:WINDOWStasksAt6.job
C:WINDOWStasksAt7.job
C:WINDOWStasksAt8.job
C:WINDOWStasksAt9.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Kernel and Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2009-06-17 55824]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2007-06-13 528384]
«PAC7302_Monitor»=C:WINDOWSPixArtPAC7302Monitor.exe [2006-11-03 319488][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
C:WINDOWSALCMTR.EXE [2008-06-08 69632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUSGamerOSD]
C:Program FilesASUSGamerOSDGamerOSD.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKillCopy]
C:WINDOWSsystem32killcopy.exe [2008-06-08 1185792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
C:Program FilesLClockLClock.exe [2008-06-08 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]
C:Program FilesAheadNero BackItUpNBJ.exe [2008-06-08 2048000][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2008-06-08 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
RTHDCPL.EXE [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSidebar]
C:Program FilesWindows Sidebarsidebar.exe [2007-02-26 1254912][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
C:WINDOWSSkyTel.EXE [2008-06-08 2879488][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
C:Program FilesUnlockerUnlockerAssistant.exe []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Logitech SetPoint.lnk — C:Program FilesLogitechSetPointSetPoint.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2009-12-11 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyLBTWlgn]
c:program filescommon fileslogishrdbluetoothLBTWlgn.dll [2009-07-20 72208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaec.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys2e49644d]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys3115e3fc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys462d66b]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys6d2e64e4]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaec.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys2e49644d]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys3115e3fc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys462d66b]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys6d2e64e4]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:WINDOWSsystem32dpnsvr.exe»=»C:WINDOWSsystem32dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«E:GamesCounterhl.exe»=»E:GamesCounterhl.exe:*:Enabled:Half-Life Launcher»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«E:GamesFar Cry 2binFarCry2.exe»=»E:GamesFar Cry 2binFarCry2.exe:*:Enabled:Far Cry 2»
«E:GamesFar Cry 2binFC2Launcher.exe»=»E:GamesFar Cry 2binFC2Launcher.exe:*:Enabled:Far Cry 2 Updater»
«E:GamesFar Cry 2binFC2Editor.exe»=»E:GamesFar Cry 2binFC2Editor.exe:*:Enabled:Editor»
«E:GamesTDUexeTestDriveUnlimited.exe»=»E:GamesTDUexeTestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited»
«E:GamesCALLiw3mp.exe»=»E:GamesCALLiw3mp.exe:*:Enabled:Call of Duty(R) 4 — Modern Warfare(TM)»
«E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe»=»E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe:*:Disabled:nfsuclient_alkar»
«E:GamesNeed For Speed Undergroundspeed.exe»=»E:GamesNeed For Speed Undergroundspeed.exe:*:Enabled:speed»
«E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe»=»E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe:*:Disabled:pandora»
«E:IcqICQ6.5ICQ.exe»=»E:IcqICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesSopCastSopCast.exe»=»C:Program FilesSopCastSopCast.exe:*:Enabled:SopCast Main Application»
«E:GamesCounterhltv.exe»=»E:GamesCounterhltv.exe:*:Enabled:HLTV Launcher»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe»=»C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe:*:Enabled:SopCast Adver»
«E:GamesProEvoSocpes2010.exe»=»E:GamesProEvoSocpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«C:Documents and SettingsAdminРабочий столpes2010.exe»=»C:Documents and SettingsAdminРабочий столpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«E:GamesFallout 3Fallout3.exe»=»E:GamesFallout 3Fallout3.exe:*:Enabled:Fallout 3»
«E:GamesDIRT 2dirt2_game.exe»=»E:GamesDIRT 2dirt2_game.exe:*:Enabled:DiRT2»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======File associations======
.scr — open —
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2010-03-18 17:58:01 —-A—- C:WINDOWSsystem32cmd.exe
2010-03-18 16:25:08 —-A—- C:WINDOWScFosSpeed_Setup_Log.txt
2010-03-13 16:02:10 —-D—- C:Documents and SettingsAdminApplication DataXilisoft Corporation
2010-03-13 16:01:25 —-D—- C:Program FilesXilisoft
2010-03-13 02:08:43 —-D—- C:Program FilesExtra Video Converter Pro
2010-03-13 01:55:25 —-A—- C:WINDOWSsystem32SkinCrafter.dll
2010-03-13 01:55:24 —-A—- C:WINDOWSsystem32viscomwave.dll
2010-03-13 01:55:24 —-A—- C:WINDOWSsystem32viscomqtde.dll
2010-03-13 01:40:15 —-D—- C:Documents and SettingsAdminApplication DataMOVAVI
2010-02-27 13:32:46 —-D—- C:Documents and SettingsAdminApplication DataLogitech
2010-02-27 13:31:51 —-HDC—- C:WINDOWS$NtUninstallWdf01005$
2010-02-27 13:30:55 —-A—- C:WINDOWSsystem32BtCoreIf.dll
2010-02-27 13:30:51 —-A—- C:WINDOWSsystem32KemXML.dll
2010-02-27 13:30:51 —-A—- C:WINDOWSsystem32KemWnd.dll
2010-02-27 13:30:51 —-A—- C:WINDOWSsystem32KemUtil.dll
2010-02-27 13:30:51 —-A—- C:WINDOWSsystem32kemutb.dll
2010-02-27 13:30:26 —-D—- C:Program FilesLogitech
2010-02-26 18:56:26 —-A—- C:WINDOWSsystem32sfcfiles.dll
2010-02-26 18:48:50 —-D—- C:Program FilesCommon FilesLogishrd
2010-02-25 21:17:36 —-D—- C:Documents and SettingsAdminApplication DataYahoo!
2010-02-25 21:16:25 —-D—- C:Program FilesCommon FilesScanner
2010-02-25 21:16:22 —-A—- C:WINDOWSsystem32msxml3a.dll
2010-02-25 21:14:06 —-D—- C:Documents and SettingsAll UsersApplication DataLogitech
2010-02-25 21:14:00 —-D—- C:Program FilesCommon FilesLogitech
2010-02-25 21:13:35 —-D—- C:Documents and SettingsAll UsersApplication DataLogiShrd
2010-02-25 18:32:10 —-D—- C:Documents and SettingsAdminApplication DataMalwarebytes
2010-02-25 18:32:06 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2010-02-25 18:32:05 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2010-02-23 16:53:58 —-D—- C:Program FilesSpybot — Search & Destroy
2010-02-23 16:53:58 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2010-02-22 13:40:04 —-D—- C:rsit
2010-02-21 19:25:56 —-A—- C:WINDOWSsubinacl.exe
2010-02-21 14:36:28 —-A—- C:WINDOWSsystem320setup.exe======List of files/folders modified in the last 1 months======
2010-03-20 21:01:27 —-D—- C:Program FilesSteam
2010-03-20 20:00:00 —-A—- C:WINDOWSSchedLgU.Txt
2010-03-20 17:48:00 —-D—- C:Documents and SettingsAdminApplication DataICQ
2010-03-20 17:47:43 —-D—- C:WINDOWStemp
2010-03-20 17:43:53 —-D—- C:WINDOWSsystem32CatRoot2
2010-03-20 10:03:34 —-A—- C:WINDOWSNeroDigital.ini
2010-03-20 09:48:35 —-A—- C:WINDOWSwin.ini
2010-03-20 08:38:34 —-D—- C:WINDOWSsystem32drivers
2010-03-20 08:38:31 —-D—- C:WINDOWS
2010-03-20 00:37:46 —-D—- C:Documents and SettingsAdminApplication DataSkype
2010-03-19 19:21:12 —-D—- C:Documents and SettingsAdminApplication DataskypePM
2010-03-18 18:12:08 —-D—- C:Program Files
2010-03-18 18:11:58 —-HD—- C:WINDOWSinf
2010-03-18 18:11:48 —-D—- C:WINDOWSsystem32
2010-03-18 17:58:06 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-03-15 21:06:27 —-D—- C:Program FilesABBYY FineReader 9.0
2010-03-14 17:53:12 —-D—- C:WINDOWSl2schemas
2010-03-14 17:53:03 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2010-03-14 17:35:03 —-D—- C:Program FilesInternet Explorer
2010-03-14 15:08:22 —-D—- C:Program FilesHfs
2010-03-13 01:51:06 —-SHD—- C:WINDOWSInstaller
2010-03-11 07:48:58 —-SHD—- C:RECYCLER
2010-03-07 18:07:25 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2010-03-07 15:28:31 —-D—- C:Program FilesNokia
2010-03-06 12:45:46 —-D—- C:WINDOWSWinSxS
2010-03-06 12:44:28 —-D—- C:WINDOWSsystem32DirectX
2010-03-06 12:44:04 —-D—- C:WINDOWSSxsCaPendDel
2010-03-05 17:47:22 —-SD—- C:WINDOWSTasks
2010-03-05 17:45:29 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2010-03-04 09:19:44 —-D—- C:Program FilesAdobe
2010-03-03 15:01:22 —-D—- C:WINDOWSrepair
2010-02-27 13:30:33 —-HD—- C:Program FilesInstallShield Installation Information
2010-02-27 13:24:03 —-D—- C:WINDOWSsystem32mui
2010-02-27 13:24:03 —-D—- C:Program FilesWindows NT
2010-02-26 18:48:50 —-D—- C:Program FilesCommon Files
2010-02-26 00:45:53 —-D—- C:Program FilesWindows Media Player
2010-02-25 21:14:59 —-DC—- C:WINDOWSsystem32DRVSTORE
2010-02-25 21:14:36 —-D—- C:WINDOWSsystem32CatRoot
2010-02-25 20:22:36 —-D—- C:WINDOWSCache
2010-02-25 19:31:23 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2010-02-25 18:41:28 —-RD—- C:WINDOWSOffline Web Pages
2010-02-23 14:03:29 —-D—- C:Program Filestrend micro
2010-02-22 13:40:11 —-D—- C:програм
2010-02-21 23:04:11 —-D—- C:WINDOWSMinidump
2010-02-21 22:51:51 —-D—- C:Program FilesCcleaner
2010-02-21 18:56:36 —-D—- C:Program FilesBRS
2010-02-21 18:55:48 —-D—- C:Program FilesSMSDV
2010-02-21 18:55:42 —-D—- C:Program FilesOutlook Express
2010-02-21 18:47:23 —-D—- C:Program FilesQIP.Online
2010-02-21 18:28:39 —-D—- C:Program FilesUnlocker
2010-02-21 18:23:25 —-D—- C:Documents and SettingsAdminApplication DataUniblue
2010-02-21 17:19:56 —-D—- C:Program FilesVistaDriveIcon======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 43520]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-02-06 93336]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-10-07 80576]
R1 uzg4njgz;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzg4njgz.sys []
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-02-06 113448]
R2 LBeepKE;LBeepKE; C:WINDOWSSystem32DriversLBeepKE.sys [2009-06-17 10384]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 AmdLLD;AMD Low Level Device Driver; C:WINDOWSsystem32DRIVERSAmdLLD.sys [2006-11-01 33280]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2009-12-11 4525056]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversAtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-01-03 4412928]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:WINDOWSsystem32DRIVERSLHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLMouFilt.Sys [2009-06-17 37392]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2007-06-28 20480]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2008-04-07 10368]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 a23zjdks;a23zjdks; C:WINDOWSsystem32driversa23zjdks.sys []
S3 aq7ojnjt;aq7ojnjt; C:WINDOWSsystem32driversaq7ojnjt.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:WINDOWSsystem32driversasusgsb.sys [2007-07-12 12416]
S3 catchme;catchme; ??C:DOCUME~1AdminLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2009-09-28 25280]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:WINDOWSSystem32DriversLUsbFilt.Sys [2009-06-17 28560]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 PAC7302;iLook 310; C:WINDOWSsystem32DRIVERSPAC7302.SYS [2007-10-29 458112]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:WINDOWSsystem32DRIVERSs816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:WINDOWSsystem32DRIVERSs816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:WINDOWSsystem32DRIVERSs816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DaulCamera; C:WINDOWSSystem32DriversCapt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
S3 Video3D;ASUS Video3D Service; C:WINDOWSSystem32DriversVideo3D32.sys []
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2007-06-18 38528]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sfc;sfc; C:WINDOWSsystem32driverssfc.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2008-04-14 73472]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2008-10-27 759072]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2009-12-11 602112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2009-08-16 222968]
R2 matlabserver;MATLAB Server; C:MATLAB6p5webserverbinwin32matlabserver.exe [2002-06-18 503808]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-07-01 75064]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-06-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2008-06-08 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe [2009-07-20 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-06-08 441344]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2008-06-08 145408]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2008-06-08 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
RSIT выдал только один лог:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2010-02-28 11:53:08
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (5%) free of 50 GB
Total RAM: 2047 MB (74% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:20, on 28.02.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:MATLAB6p5webserverbinwin32matlabserver.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesOperaOpera.exe
D:СережаprogramRSIT.exe
C:Program Filestrend microHijackThisAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {855F3B16-6D32-4fe6-8A56-BBB695989046} — (no file)
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: &Yahoo! Toolbar Helper — {02478D38-C3F9-4efb-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: Logitech . Регистрация Продукта.lnk = C:Program FilesCommon FilesLogishrdeRegSetPointeReg.exe
O4 — Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Crawler Search — tbr:iemenu
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Передать на удаленную закачку DM — C:Program FilesDownload Masterremdown.htm
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: (no name) — Cmdmapping — (no file) (HKCU)
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232392041796
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232392023953
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} — file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O17 — HKLMSystemCCSServicesTcpip..{DB1A5B64-2A47-45DB-8229-94171839A0A8}: NameServer = 195.248.191.67,195.248.191.72
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — C:PROGRA~1CrawlerToolbarctbr.dll
O23 — Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Logitech Bluetooth Service (LBTServ) — Logitech, Inc. — C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe
O23 — Service: MATLAB Server (matlabserver) — Unknown owner — C:MATLAB6p5webserverbinwin32matlabserver.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7992 bytes======Scheduled tasks folder======
C:WINDOWStasksAt169.job
C:WINDOWStasksAt170.job
C:WINDOWStasksAt171.job
C:WINDOWStasksAt172.job
C:WINDOWStasksAt173.job
C:WINDOWStasksAt174.job
C:WINDOWStasksAt175.job
C:WINDOWStasksAt176.job
C:WINDOWStasksAt177.job
C:WINDOWStasksAt178.job
C:WINDOWStasksAt179.job
C:WINDOWStasksAt180.job
C:WINDOWStasksAt181.job
C:WINDOWStasksAt182.job
C:WINDOWStasksAt183.job
C:WINDOWStasksAt184.job
C:WINDOWStasksAt185.job
C:WINDOWStasksAt186.job
C:WINDOWStasksAt187.job
C:WINDOWStasksAt188.job
C:WINDOWStasksAt189.job
C:WINDOWStasksAt190.job
C:WINDOWStasksAt191.job
C:WINDOWStasksAt192.job
C:WINDOWStasksAt9.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2007-03-20 803864][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2009-01-26 1879896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — Yahoo! Toolbar — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2007-03-20 803864][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Kernel and Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2009-06-17 55824][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2009-03-05 2260480][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
C:WINDOWSALCMTR.EXE [2008-06-08 69632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUSGamerOSD]
C:Program FilesASUSGamerOSDGamerOSD.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKillCopy]
C:WINDOWSsystem32killcopy.exe [2008-06-08 1185792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
C:Program FilesLClockLClock.exe [2008-06-08 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]
C:Program FilesAheadNero BackItUpNBJ.exe [2008-06-08 2048000][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2008-06-08 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
RTHDCPL.EXE [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSidebar]
C:Program FilesWindows Sidebarsidebar.exe [2007-02-26 1254912][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
C:WINDOWSSkyTel.EXE [2008-06-08 2879488][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2010-02-18 57344][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
C:Program FilesUnlockerUnlockerAssistant.exe [2010-02-18 57344]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Logitech SetPoint.lnk — C:Program FilesLogitechSetPointSetPoint.exeC:Documents and SettingsAdminГлавное менюПрограммыАвтозагрузка
Logitech . Регистрация Продукта.lnk — C:Program FilesCommon FilesLogishrdeRegSetPointeReg.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2009-12-11 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyLBTWlgn]
c:program filescommon fileslogishrdbluetoothLBTWlgn.dll [2009-07-20 72208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaec.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys2e49644d]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys3115e3fc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys462d66b]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys6d2e64e4]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaec.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys2e49644d]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys3115e3fc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys462d66b]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys6d2e64e4]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:WINDOWSsystem32dpnsvr.exe»=»C:WINDOWSsystem32dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«E:GamesCounterhl.exe»=»E:GamesCounterhl.exe:*:Enabled:Half-Life Launcher»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«E:GamesFar Cry 2binFarCry2.exe»=»E:GamesFar Cry 2binFarCry2.exe:*:Enabled:Far Cry 2»
«E:GamesFar Cry 2binFC2Launcher.exe»=»E:GamesFar Cry 2binFC2Launcher.exe:*:Enabled:Far Cry 2 Updater»
«E:GamesFar Cry 2binFC2Editor.exe»=»E:GamesFar Cry 2binFC2Editor.exe:*:Enabled:Editor»
«E:GamesTDUexeTestDriveUnlimited.exe»=»E:GamesTDUexeTestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited»
«E:GamesCALLiw3mp.exe»=»E:GamesCALLiw3mp.exe:*:Enabled:Call of Duty(R) 4 — Modern Warfare(TM)»
«E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe»=»E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe:*:Disabled:nfsuclient_alkar»
«E:GamesNeed For Speed Undergroundspeed.exe»=»E:GamesNeed For Speed Undergroundspeed.exe:*:Enabled:speed»
«E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe»=»E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe:*:Disabled:pandora»
«E:IcqICQ6.5ICQ.exe»=»E:IcqICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesSopCastSopCast.exe»=»C:Program FilesSopCastSopCast.exe:*:Enabled:SopCast Main Application»
«E:GamesCounterhltv.exe»=»E:GamesCounterhltv.exe:*:Enabled:HLTV Launcher»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe»=»C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe:*:Enabled:SopCast Adver»
«E:GamesProEvoSocpes2010.exe»=»E:GamesProEvoSocpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«C:Documents and SettingsAdminРабочий столpes2010.exe»=»C:Documents and SettingsAdminРабочий столpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«E:GamesFallout 3Fallout3.exe»=»E:GamesFallout 3Fallout3.exe:*:Enabled:Fallout 3»
«E:GamesDIRT 2dirt2_game.exe»=»E:GamesDIRT 2dirt2_game.exe:*:Enabled:DiRT2»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======File associations======
.scr — open —
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2010-02-27 13:32:46 —-D—- C:Documents and SettingsAdminApplication DataLogitech
2010-02-27 13:31:51 —-HDC—- C:WINDOWS$NtUninstallWdf01005$
2010-02-27 13:30:55 —-A—- C:WINDOWSsystem32BtCoreIf.dll
2010-02-27 13:30:51 —-A—- C:WINDOWSsystem32KemXML.dll
2010-02-27 13:30:51 —-A—- C:WINDOWSsystem32KemWnd.dll
2010-02-27 13:30:51 —-A—- C:WINDOWSsystem32KemUtil.dll
2010-02-27 13:30:51 —-A—- C:WINDOWSsystem32kemutb.dll
2010-02-27 13:30:26 —-D—- C:Program FilesLogitech
2010-02-26 18:56:26 —-A—- C:WINDOWSsystem32sfcfiles.dll
2010-02-26 18:48:50 —-D—- C:Program FilesCommon FilesLogishrd
2010-02-25 21:17:36 —-D—- C:Documents and SettingsAll UsersApplication DataYahoo! Companion
2010-02-25 21:17:36 —-D—- C:Documents and SettingsAdminApplication DataYahoo!
2010-02-25 21:16:25 —-D—- C:Program FilesCommon FilesScanner
2010-02-25 21:16:22 —-A—- C:WINDOWSsystem32msxml3a.dll
2010-02-25 21:16:10 —-D—- C:Program FilesYahoo!
2010-02-25 21:14:06 —-D—- C:Documents and SettingsAll UsersApplication DataLogitech
2010-02-25 21:14:00 —-D—- C:Program FilesCommon FilesLogitech
2010-02-25 21:13:35 —-D—- C:Documents and SettingsAll UsersApplication DataLogiShrd
2010-02-25 18:32:10 —-D—- C:Documents and SettingsAdminApplication DataMalwarebytes
2010-02-25 18:32:06 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2010-02-25 18:32:05 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2010-02-23 16:53:58 —-D—- C:Program FilesSpybot — Search & Destroy
2010-02-23 16:53:58 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2010-02-22 13:40:04 —-D—- C:rsit
2010-02-21 19:25:56 —-A—- C:WINDOWSsubinacl.exe
2010-02-21 14:36:28 —-A—- C:WINDOWSsystem320setup.exe
2010-02-18 21:31:03 —-A—- C:WINDOWSsystem3210setup.exe
2010-02-18 18:50:30 —-RASH—- C:WINDOWSccdrive32 .exe
2010-02-08 16:34:00 —-D—- C:Documents and SettingsAll UsersApplication DataATI
2010-02-08 16:31:17 —-A—- C:WINDOWSsystem32Oemdspif.dll
2010-02-08 16:31:17 —-A—- C:WINDOWSsystem32ATIDEMGX.dll
2010-02-08 16:31:17 —-A—- C:WINDOWSsystem32ati2cqag.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ativvaxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ativcoxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32atitvo32.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ATIODCLI.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32atimpc32.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ATIDDC.DLL
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32aticalrt.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32aticaldd.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32atibtmon.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32Ati2mdxx.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2evxx.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2evxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2edxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2dvag.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32amdpcom32.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atipdlxx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atiok3x2.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atioglxx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32ATIODE.exe
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atikvmag.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atiiiexx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32aticalcl.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atiadlxx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32ati3duag.dll
2010-02-07 18:51:23 —-D—- C:Program FilesMovavi Видео Конвертер 9
2010-02-06 22:32:31 —-HDC—- C:WINDOWS$NtUninstallXPSEPSCLP$
2010-02-06 16:50:00 —-A—- C:WINDOWSsystem32Remover.ini
2010-02-06 16:50:00 —-A—- C:WINDOWSsystem32Remove.exe
2010-02-06 16:49:59 —-A—- C:WINDOWSsystem32CoInst_071029.dll
2010-02-06 16:49:57 —-A—- C:WINDOWSsystem32SP7302.ini
2010-02-06 16:49:56 —-A—- C:WINDOWSsystem32P7302USD.dll
2010-02-06 16:49:55 —-D—- C:WINDOWSPixArt
2010-02-06 16:49:55 —-D—- C:Program FilesCommon FilesiLook 310
2010-02-03 12:22:24 —-A—- C:WINDOWSsystem32sfuYaTY.exe
2010-02-03 12:22:17 —-D—- C:Program FilesCommon Fileswm
2010-01-29 20:26:15 —-D—- C:Documents and SettingsAdminApplication DataVentrilo======List of files/folders modified in the last 1 months======
2010-02-28 11:49:55 —-D—- C:WINDOWStemp
2010-02-28 11:45:11 —-D—- C:WINDOWSsystem32
2010-02-28 11:45:11 —-D—- C:WINDOWS
2010-02-28 11:44:49 —-SD—- C:WINDOWSTasks
2010-02-28 11:38:13 —-A—- C:WINDOWSNeroDigital.ini
2010-02-28 11:29:06 —-D—- C:Program FilesABBYY FineReader 9.0
2010-02-28 10:58:25 —-SHD—- C:RECYCLER
2010-02-28 10:52:50 —-D—- C:Program FilesSteam
2010-02-28 10:52:36 —-D—- C:WINDOWSsystem32CatRoot2
2010-02-28 02:11:07 —-A—- C:WINDOWSSchedLgU.Txt
2010-02-28 02:11:01 —-D—- C:Documents and SettingsAdminApplication DataSkype
2010-02-27 17:07:54 —-D—- C:Documents and SettingsAdminApplication DataskypePM
2010-02-27 13:32:18 —-SHD—- C:WINDOWSInstaller
2010-02-27 13:32:06 —-HD—- C:WINDOWSinf
2010-02-27 13:32:06 —-D—- C:WINDOWSsystem32drivers
2010-02-27 13:31:30 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-02-27 13:30:33 —-HD—- C:Program FilesInstallShield Installation Information
2010-02-27 13:30:26 —-D—- C:Program Files
2010-02-27 13:24:03 —-D—- C:Program FilesWindows NT
2010-02-27 10:08:31 —-D—- C:Documents and SettingsAdminApplication DataICQ
2010-02-26 18:48:50 —-D—- C:Program FilesCommon Files
2010-02-26 00:45:53 —-D—- C:Program FilesWindows Media Player
2010-02-25 21:14:59 —-DC—- C:WINDOWSsystem32DRVSTORE
2010-02-25 21:14:36 —-D—- C:WINDOWSsystem32CatRoot
2010-02-25 19:31:23 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2010-02-23 14:03:29 —-D—- C:Program Filestrend micro
2010-02-22 22:27:53 —-D—- C:Program FilesInternet Explorer
2010-02-22 22:27:14 —-D—- C:Program FilesAdobe
2010-02-22 13:40:11 —-D—- C:програм
2010-02-21 23:04:11 —-D—- C:WINDOWSMinidump
2010-02-21 22:51:51 —-D—- C:Program FilesCcleaner
2010-02-21 18:56:36 —-D—- C:Program FilesBRS
2010-02-21 18:55:48 —-D—- C:Program FilesSMSDV
2010-02-21 18:55:42 —-D—- C:Program FilesOutlook Express
2010-02-21 18:47:23 —-D—- C:Program FilesQIP.Online
2010-02-21 18:28:39 —-D—- C:Program FilesUnlocker
2010-02-21 18:23:25 —-D—- C:Documents and SettingsAdminApplication DataUniblue
2010-02-21 17:19:56 —-D—- C:Program FilesVistaDriveIcon
2010-02-21 15:55:36 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2010-02-18 18:49:21 —-A—- C:WINDOWS.6454514883229033.exe
2010-02-18 18:49:01 —-D—- C:Program FilesDAEMON Tools Lite
2010-02-18 09:18:20 —-A—- C:WINDOWSmatlab.ini
2010-02-18 07:47:32 —-D—- C:Program FilesVolumeControl
2010-02-08 16:35:13 —-D—- C:Program FilesATI
2010-02-08 16:32:00 —-D—- C:WINDOWSWinSxS
2010-02-08 16:31:52 —-D—- C:Program FilesATI Technologies
2010-02-08 16:23:01 —-A—- C:WINDOWSWININIT.INI
2010-02-07 00:11:19 —-D—- C:WINDOWSMicrosoft.NET
2010-02-06 22:32:24 —-RSD—- C:WINDOWSassembly
2010-02-06 17:02:45 —-D—- C:Кино
2010-02-06 16:51:05 —-A—- C:WINDOWSwin.ini
2010-02-06 16:51:01 —-D—- C:WINDOWStwain_32
2010-02-05 13:51:24 —-D—- C:Program FilesDownload Master======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 43520]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-02-06 93336]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-10-07 80576]
R1 uzg4njgz;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzg4njgz.sys []
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-02-06 113448]
R2 LBeepKE;LBeepKE; C:WINDOWSSystem32DriversLBeepKE.sys [2009-06-17 10384]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 AmdLLD;AMD Low Level Device Driver; C:WINDOWSsystem32DRIVERSAmdLLD.sys [2006-11-01 33280]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2009-12-11 4525056]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversAtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-01-03 4412928]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:WINDOWSsystem32DRIVERSLHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLMouFilt.Sys [2009-06-17 37392]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2007-06-28 20480]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2008-04-07 10368]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 a5ol7k1j;a5ol7k1j; C:WINDOWSsystem32driversa5ol7k1j.sys []
S3 a81074ed;a81074ed; C:WINDOWSsystem32driversa81074ed.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:WINDOWSsystem32driversasusgsb.sys [2007-07-12 12416]
S3 catchme;catchme; ??C:DOCUME~1AdminLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2009-09-28 25280]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 PAC7302;iLook 310; C:WINDOWSsystem32DRIVERSPAC7302.SYS [2007-10-29 458112]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:WINDOWSsystem32DRIVERSs816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:WINDOWSsystem32DRIVERSs816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:WINDOWSsystem32DRIVERSs816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DaulCamera; C:WINDOWSSystem32DriversCapt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
S3 Video3D;ASUS Video3D Service; C:WINDOWSSystem32DriversVideo3D32.sys []
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2007-06-18 38528]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sfc;sfc; C:WINDOWSsystem32driverssfc.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2008-04-14 73472]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2008-10-27 759072]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2009-12-11 602112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2009-08-16 222968]
R2 matlabserver;MATLAB Server; C:MATLAB6p5webserverbinwin32matlabserver.exe [2002-06-18 503808]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-07-01 75064]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-06-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2008-06-08 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe [2009-07-20 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-06-08 441344]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2008-06-08 145408]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2008-06-08 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
Ничего не изменилось, на сайты как не заходило так и не заходит.
Вот log OTM:All processes killed
========== SERVICES/DRIVERS ==========
No service named dwshd was found to stop!
No service named dwshd was found to delete!
No service named sfc was found to stop!
No service named sfc was found to delete!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifym64dll not found.
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\GootkitSSO deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaec.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys2e49644d deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys3115e3fc deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys462d66b deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaec.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys2e49644d deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys3115e3fc deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys462d66b deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{920d1d18-e7bf-11dc-ac5a-001bfc77011d} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{920d1d18-e7bf-11dc-ac5a-001bfc77011d} not found.
========== FILES ==========
File/Folder C:Documents and SettingsAdminГлавное менюПрограммыАвтозагрузкаihaupd32.exe not found.
File/Folder C:Documents and SettingsAdminГлавное менюПрограммыАвтозагрузкаsystem.exe not found.
C:Documents and SettingsAdminГлавное менюПрограммыАвтозагрузкаsystem.exe645 moved successfully.
C:Documents and SettingsAdminГлавное менюПрограммыАвтозагрузкаsystem.exe803 moved successfully.
C:WINDOWStasksAt1.job moved successfully.
C:WINDOWStasksAt10.job moved successfully.
C:WINDOWStasksAt11.job moved successfully.
C:WINDOWStasksAt12.job moved successfully.
C:WINDOWStasksAt13.job moved successfully.
C:WINDOWStasksAt14.job moved successfully.
C:WINDOWStasksAt15.job moved successfully.
C:WINDOWStasksAt16.job moved successfully.
C:WINDOWStasksAt17.job moved successfully.
C:WINDOWStasksAt18.job moved successfully.
C:WINDOWStasksAt19.job moved successfully.
C:WINDOWStasksAt2.job moved successfully.
C:WINDOWStasksAt20.job moved successfully.
C:WINDOWStasksAt21.job moved successfully.
C:WINDOWStasksAt22.job moved successfully.
C:WINDOWStasksAt23.job moved successfully.
C:WINDOWStasksAt24.job moved successfully.
C:WINDOWStasksAt3.job moved successfully.
C:WINDOWStasksAt4.job moved successfully.
C:WINDOWStasksAt5.job moved successfully.
C:WINDOWStasksAt6.job moved successfully.
C:WINDOWStasksAt7.job moved successfully.
C:WINDOWStasksAt8.job moved successfully.
========== COMMANDS ==========[EMPTYTEMP]
User: Admin
->Temp folder emptied: 15671261 bytes
->Temporary Internet Files folder emptied: 13333801 bytes
->Java cache emptied: 0 bytesUser: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytesUser: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 62741 bytesUser: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 19095497 bytes%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2133863 bytes
%systemroot%System32 .tmp files removed: 3243949 bytes
Windows Temp folder emptied: 66031 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 518375 bytes
RecycleBin emptied: 2891870 bytesTotal Files Cleaned = 54,38 mb
OTM by OldTimer — Version 3.1.2.0 log created on 02282010_114448
Files moved on Reboot…
Registry entries deleted on Reboot…
Спасибо что ответили.Кстати забыл сказать что практически все 185 зараженных файлов находились в C:Docume~1……temp.
1.log RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2010-02-22 13:40:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (6%) free of 50 GB
Total RAM: 2047 MB (73% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:11, on 22.02.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:MATLAB6p5webserverbinwin32matlabserver.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Documents and SettingsAdminГлавное менюПрограммыАвтозагрузкаsystem.exe
C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftints.exe
C:Program FilesOperaOpera.exe
D:СережаRSIT.exe
C:програмAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {855F3B16-6D32-4fe6-8A56-BBB695989046} — (no file)
O4 — HKLM..PoliciesExplorerRun: [Microsoft Driver Setup] C:WINDOWSccdrive32.exe
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: ihaupd32.exe
O4 — Startup: system.exe
O4 — Startup: system.exe645
O4 — Startup: system.exe803
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Crawler Search — tbr:iemenu
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Передать на удаленную закачку DM — C:Program FilesDownload Masterremdown.htm
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232392041796
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232392023953
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} — file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O17 — HKLMSystemCCSServicesTcpip..{DB1A5B64-2A47-45DB-8229-94171839A0A8}: NameServer = 195.248.191.67,195.248.191.72
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — C:PROGRA~1CrawlerToolbarctbr.dll
O20 — Winlogon Notify: m64dll — m64dll.dll (file missing)
O21 — SSODL: GootkitSSO — {1DBD9CCF-639C-4261-B24C-EFEC8E57D01B} — (no file)
O23 — Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: MATLAB Server (matlabserver) — Unknown owner — C:MATLAB6p5webserverbinwin32matlabserver.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 6985 bytes======Scheduled tasks folder======
C:WINDOWStasksAt1.job
C:WINDOWStasksAt10.job
C:WINDOWStasksAt11.job
C:WINDOWStasksAt12.job
C:WINDOWStasksAt13.job
C:WINDOWStasksAt14.job
C:WINDOWStasksAt15.job
C:WINDOWStasksAt16.job
C:WINDOWStasksAt17.job
C:WINDOWStasksAt18.job
C:WINDOWStasksAt19.job
C:WINDOWStasksAt2.job
C:WINDOWStasksAt20.job
C:WINDOWStasksAt21.job
C:WINDOWStasksAt22.job
C:WINDOWStasksAt23.job
C:WINDOWStasksAt24.job
C:WINDOWStasksAt3.job
C:WINDOWStasksAt4.job
C:WINDOWStasksAt5.job
C:WINDOWStasksAt6.job
C:WINDOWStasksAt7.job
C:WINDOWStasksAt8.job
C:WINDOWStasksAt9.job======Registry dump======
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
«Microsoft Driver Setup»=C:WINDOWSccdrive32.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
C:WINDOWSALCMTR.EXE [2008-06-08 69632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUSGamerOSD]
C:Program FilesASUSGamerOSDGamerOSD.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKillCopy]
C:WINDOWSsystem32killcopy.exe [2008-06-08 1185792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
C:Program FilesLClockLClock.exe [2008-06-08 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]
C:Program FilesAheadNero BackItUpNBJ.exe [2008-06-08 2048000][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2008-06-08 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
RTHDCPL.EXE [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSidebar]
C:Program FilesWindows Sidebarsidebar.exe [2007-02-26 1254912][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
C:WINDOWSSkyTel.EXE [2008-06-08 2879488][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2010-02-18 57344][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
C:Program FilesUnlockerUnlockerAssistant.exe [2010-02-18 57344]C:Documents and SettingsAdminГлавное менюПрограммыАвтозагрузка
ihaupd32.exe
system.exe
system.exe645
system.exe803[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2009-12-11 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifym64dll]
m64dll.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616]
GootkitSSO — {1DBD9CCF-639C-4261-B24C-EFEC8E57D01B}[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaec.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys2e49644d]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys3115e3fc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys462d66b]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaec.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys2e49644d]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys3115e3fc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys462d66b]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:WINDOWSsystem32dpnsvr.exe»=»C:WINDOWSsystem32dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«E:GamesCounterhl.exe»=»E:GamesCounterhl.exe:*:Enabled:Half-Life Launcher»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«E:GamesFar Cry 2binFarCry2.exe»=»E:GamesFar Cry 2binFarCry2.exe:*:Enabled:Far Cry 2»
«E:GamesFar Cry 2binFC2Launcher.exe»=»E:GamesFar Cry 2binFC2Launcher.exe:*:Enabled:Far Cry 2 Updater»
«E:GamesFar Cry 2binFC2Editor.exe»=»E:GamesFar Cry 2binFC2Editor.exe:*:Enabled:Editor»
«E:GamesTDUexeTestDriveUnlimited.exe»=»E:GamesTDUexeTestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited»
«E:GamesCALLiw3mp.exe»=»E:GamesCALLiw3mp.exe:*:Enabled:Call of Duty(R) 4 — Modern Warfare(TM)»
«E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe»=»E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe:*:Disabled:nfsuclient_alkar»
«E:GamesNeed For Speed Undergroundspeed.exe»=»E:GamesNeed For Speed Undergroundspeed.exe:*:Enabled:speed»
«E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe»=»E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe:*:Disabled:pandora»
«E:IcqICQ6.5ICQ.exe»=»E:IcqICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesSopCastSopCast.exe»=»C:Program FilesSopCastSopCast.exe:*:Enabled:SopCast Main Application»
«E:GamesCounterhltv.exe»=»E:GamesCounterhltv.exe:*:Enabled:HLTV Launcher»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe»=»C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe:*:Enabled:SopCast Adver»
«E:GamesProEvoSocpes2010.exe»=»E:GamesProEvoSocpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«C:Documents and SettingsAdminРабочий столpes2010.exe»=»C:Documents and SettingsAdminРабочий столpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«E:GamesFallout 3Fallout3.exe»=»E:GamesFallout 3Fallout3.exe:*:Enabled:Fallout 3»
«E:GamesDIRT 2dirt2_game.exe»=»E:GamesDIRT 2dirt2_game.exe:*:Enabled:DiRT2»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{920d1d18-e7bf-11dc-ac5a-001bfc77011d}]
shellAutoRuncommand — M:ZALJUBIT///dousiju.exe
shellexplorecommand — M:ZALJUBIT///dousiju.exe
shellopencommand — M:ZALJUBIT///dousiju.exe======File associations======
.scr — open —
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2010-02-22 13:40:04 —-D—- C:rsit
2010-02-21 19:25:56 —-A—- C:WINDOWSsubinacl.exe
2010-02-21 14:36:28 —-A—- C:WINDOWSsystem320setup.exe
2010-02-18 21:31:03 —-A—- C:WINDOWSsystem3210setup.exe
2010-02-18 18:50:30 —-RASH—- C:WINDOWSccdrive32 .exe
2010-02-08 16:34:00 —-D—- C:Documents and SettingsAll UsersApplication DataATI
2010-02-08 16:31:17 —-A—- C:WINDOWSsystem32Oemdspif.dll
2010-02-08 16:31:17 —-A—- C:WINDOWSsystem32ATIDEMGX.dll
2010-02-08 16:31:17 —-A—- C:WINDOWSsystem32ati2cqag.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ativvaxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ativcoxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32atitvo32.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ATIODCLI.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32atimpc32.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ATIDDC.DLL
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32aticalrt.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32aticaldd.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32atibtmon.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32Ati2mdxx.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2evxx.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2evxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2edxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2dvag.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32amdpcom32.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atipdlxx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atiok3x2.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atioglxx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32ATIODE.exe
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atikvmag.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atiiiexx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32aticalcl.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atiadlxx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32ati3duag.dll
2010-02-07 18:51:23 —-D—- C:Program FilesMovavi Видео Конвертер 9
2010-02-06 22:32:31 —-HDC—- C:WINDOWS$NtUninstallXPSEPSCLP$
2010-02-06 16:50:00 —-A—- C:WINDOWSsystem32Remover.ini
2010-02-06 16:50:00 —-A—- C:WINDOWSsystem32Remove.exe
2010-02-06 16:49:59 —-A—- C:WINDOWSsystem32CoInst_071029.dll
2010-02-06 16:49:57 —-A—- C:WINDOWSsystem32SP7302.ini
2010-02-06 16:49:56 —-A—- C:WINDOWSsystem32P7302USD.dll
2010-02-06 16:49:55 —-D—- C:WINDOWSPixArt
2010-02-06 16:49:55 —-D—- C:Program FilesCommon FilesiLook 310
2010-02-03 12:22:24 —-A—- C:WINDOWSsystem32sfuYaTY.exe
2010-02-03 12:22:17 —-D—- C:Program FilesCommon Fileswm
2010-02-03 12:22:17 —-A—- C:Program FilesCommon Fileskeylog.txt
2010-01-29 20:26:15 —-D—- C:Documents and SettingsAdminApplication DataVentrilo
2010-01-27 22:35:39 —-D—- C:Program FilesSteam======List of files/folders modified in the last 1 months======
2010-02-22 13:40:07 —-D—- C:програм
2010-02-22 13:35:18 —-D—- C:WINDOWSsystem32CatRoot2
2010-02-22 00:37:56 —-A—- C:WINDOWSSchedLgU.Txt
2010-02-21 23:11:23 —-D—- C:WINDOWS
2010-02-21 23:10:14 —-D—- C:WINDOWSsystem32drivers
2010-02-21 23:04:11 —-D—- C:WINDOWSMinidump
2010-02-21 23:04:10 —-D—- C:WINDOWStemp
2010-02-21 22:51:51 —-D—- C:Program FilesCcleaner
2010-02-21 22:40:40 —-D—- C:Program Files
2010-02-21 21:55:41 —-D—- C:WINDOWSsystem32
2010-02-21 20:15:00 —-A—- C:WINDOWSNeroDigital.ini
2010-02-21 19:15:19 —-SHD—- C:RECYCLER
2010-02-21 18:56:36 —-D—- C:Program FilesBRS
2010-02-21 18:55:48 —-D—- C:Program FilesSMSDV
2010-02-21 18:55:42 —-D—- C:Program FilesOutlook Express
2010-02-21 18:47:23 —-D—- C:Program FilesQIP.Online
2010-02-21 18:28:47 —-D—- C:Program FilesWindows Media Player
2010-02-21 18:28:39 —-D—- C:Program FilesUnlocker
2010-02-21 18:27:40 —-D—- C:Program FilesWindows NT
2010-02-21 18:23:25 —-D—- C:Documents and SettingsAdminApplication DataUniblue
2010-02-21 17:19:56 —-D—- C:Program FilesVistaDriveIcon
2010-02-21 17:19:55 —-D—- C:Program FilesInternet Explorer
2010-02-21 15:55:36 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2010-02-21 10:46:29 —-SD—- C:WINDOWSTasks
2010-02-21 00:33:53 —-D—- C:Documents and SettingsAdminApplication DataSkype
2010-02-20 21:56:31 —-D—- C:Documents and SettingsAdminApplication DataskypePM
2010-02-18 18:49:21 —-A—- C:WINDOWS.6454514883229033.exe
2010-02-18 18:49:01 —-D—- C:Program FilesDAEMON Tools Lite
2010-02-18 09:24:03 —-D—- C:Program FilesABBYY FineReader 9.0
2010-02-18 09:18:20 —-A—- C:WINDOWSmatlab.ini
2010-02-18 07:48:07 —-D—- C:Program FilesAdobe
2010-02-18 07:47:32 —-D—- C:Program FilesVolumeControl
2010-02-08 16:35:13 —-SHD—- C:WINDOWSInstaller
2010-02-08 16:35:13 —-D—- C:Program FilesATI
2010-02-08 16:32:00 —-D—- C:WINDOWSWinSxS
2010-02-08 16:31:52 —-D—- C:Program FilesATI Technologies
2010-02-08 16:31:31 —-HD—- C:WINDOWSinf
2010-02-08 16:31:18 —-D—- C:WINDOWSsystem32CatRoot
2010-02-08 16:31:14 —-DC—- C:WINDOWSsystem32DRVSTORE
2010-02-08 16:23:01 —-A—- C:WINDOWSWININIT.INI
2010-02-07 00:11:19 —-D—- C:WINDOWSMicrosoft.NET
2010-02-06 22:32:24 —-RSD—- C:WINDOWSassembly
2010-02-06 17:02:45 —-D—- C:Кино
2010-02-06 16:51:05 —-A—- C:WINDOWSwin.ini
2010-02-06 16:51:01 —-D—- C:WINDOWStwain_32
2010-02-06 16:49:55 —-D—- C:Program FilesCommon Files
2010-02-06 16:49:52 —-HD—- C:Program FilesInstallShield Installation Information
2010-02-05 13:51:24 —-D—- C:Program FilesDownload Master======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 43520]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-02-06 93336]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-10-07 80576]
R1 uzg4njgz;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzg4njgz.sys []
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-02-06 113448]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 AmdLLD;AMD Low Level Device Driver; C:WINDOWSsystem32DRIVERSAmdLLD.sys [2006-11-01 33280]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2009-12-11 4525056]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversAtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-01-03 4412928]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2007-06-28 20480]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2008-04-07 10368]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 afklguyg;afklguyg; C:WINDOWSsystem32driversafklguyg.sys []
S3 ah5x41ih;ah5x41ih; C:WINDOWSsystem32driversah5x41ih.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:WINDOWSsystem32driversasusgsb.sys [2007-07-12 12416]
S3 catchme;catchme; ??C:DOCUME~1AdminLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2009-09-28 25280]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 PAC7302;iLook 310; C:WINDOWSsystem32DRIVERSPAC7302.SYS [2007-10-29 458112]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:WINDOWSsystem32DRIVERSs816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:WINDOWSsystem32DRIVERSs816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:WINDOWSsystem32DRIVERSs816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DaulCamera; C:WINDOWSSystem32DriversCapt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
S3 Video3D;ASUS Video3D Service; C:WINDOWSSystem32DriversVideo3D32.sys []
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2007-06-18 38528]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sfc;sfc; C:WINDOWSsystem32driverssfc.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2008-04-14 73472]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2008-10-27 759072]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2009-12-11 602112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2009-08-16 222968]
R2 matlabserver;MATLAB Server; C:MATLAB6p5webserverbinwin32matlabserver.exe [2002-06-18 503808]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-07-01 75064]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-06-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2008-06-08 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-06-08 441344]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2008-06-08 145408]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2008-06-08 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
2.log RSIT:
info.txt logfile of random’s system information tool 1.06 2010-02-22 13:40:14
======Uninstall list======
—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {744C859F-C225-48A9-A524-4DED432F36C7}
—>MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 9.0 Professional Edition—>MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
ACDSee 9 Photo Manager—>MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Ad-Aware SE Personal—>C:PROGRA~1LavasoftAD-AWA~1UNWISE.EXE C:PROGRA~1LavasoftAD-AWA~1INSTALL.LOG
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player—>C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.2—>MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks Runtime—>C:WINDOWSIsUninst.exe -f»C:Program FilesWexTechAnswerWorksUninst.isu»
Assassins Creed—>»E:GamesAssassins Creedunins000.exe»
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AusLogics Disk Defrag—>»C:Program FilesAusLogics Disk Defragunins000.exe»
Autodesk DWF Viewer—>C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove
Background changer 2.0.8.0—>»C:Program FilesBackground changerunins000.exe»
Call of Duty — Modern Warfare 2—>»E:GamesCall of Duty — Modern Warfare 2unins000.exe»
Call of Duty(R) 4 — Modern Warfare(TM) 1.6 Patch—>C:Program FilesInstallShield Installation Information{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 — Modern Warfare(TM)—>C:Program FilesInstallShield Installation Information{E48469CC-635E-4FD5-A122-1497C286D217}setup.exe -runfromtemp -l0x0409
Catalyst Control Center — Branding—>MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA}
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
Ccleaner 2.03.532—>»C:Program FilesCcleanerunins000.exe»
Counter-Strike 1.6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime90Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{13B792AA-C078-43A4-8A3A-8B12D629940D}Setup.exe» -l0x19
Counter-Strike Steamworks Beta—>»C:Program FilesSteamsteam.exe» steam://uninstall/150
Counter-Strike(TM)—>MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike—>»C:Program FilesSteamsteam.exe» steam://uninstall/10
Crawler Toolbar with Web Security Guard—>C:PROGRA~1CrawlerToolbarCToolbar.exe uninst
Daemon Tools LIte—>»C:Program FilesDaemon Tools LiteUninst.exe»
Dead Space™—>MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
DiRT2—>»C:Program FilesInstallShield Installation Information{52D1D62C-FEAB-4580-849E-1DB624BADBBD}setup.exe» -runfromtemp -l0x0009 -removeonly
Disc2Phone—>MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
Download Master version 5.6.1.1185—>»C:Program FilesDownload Masterunins000.exe»
Dual-Core Optimizer—>MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
EA SPORTS online 2008—>C:Program FilesEA SPORTSEA SPORTS onlineEASOUNInstaller.exe
EAX Unified—>C:WINDOWSIsUninst.exe -f»C:Program FilesCreativeEAX UnifiedUninst.isu»
eBay Icon—>C:Documents and SettingsAdminApplication DataDesktopiconuninst.exe
Etymonix SoftReel—>C:WINDOWSISUNINST.EXE -f»C:Program FilesEtymonixSoftReelUninst.isu» -c»C:Program FilesEtymonixSoftReeliscustom.dll»
Far Cry 2—>»C:Program FilesInstallShield Installation Information{F2835483-37F2-4123-B4FE-0E77D58447F2}setup.exe» -runfromtemp -l0x0009 -removeonly
FAR file manager—>C:Program FilesFarUninstall.exe
FIFA 2008—>»E:GamesFIFA 2008unins000.exe»
Foxit Reader 2.2 — DJ Mogarych’s pack—>»C:Program FilesFoxit Readerunins000.exe»
Grand Theft Auto IV v1.0.3.1—>»E:GamesGrand Theft Auto IVunins000.exe»
Guitar Pro 4.0—>C:PROGRA~1GUITAR~1UNWISE.EXE C:PROGRA~1GUITAR~1INSTALL.LOG
Hamachi 1.0.3.0—>C:Program FilesHamachiuninstall.exe
HijackThis 2.0.2—>»C:програмHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
ICE Book Reader Professional v8.9.2 Russian—>»C:Program FilesICE Book Reader Professional Russianunins000.exe»
ICQ Toolbar—>C:Program FilesICQ6ToolbarICQUnToolbar.exe
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
iLook 310—>»C:Program FilesInstallShield Installation Information{7EF900F4-61A8-4D95-8A65-488D3BECA206}setup.exe» -runfromtemp -l0x0019 -removeonly
iSnooker—>E:GamesснукерiSnookerUninstall.exe
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.4.0 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
LClock—>C:Program FilesLClockUninstall.exe
Light Alloy 4.3—>C:Program FilesLight Alloyuninst.exe
Ligos Indeo XP v.5.2 codec—>RunDLL32.exe advpack.dll,LaunchINFSection indeoxp.inf, UnInstall
Mathcad 11 Enterprise Edition—>MsiExec.exe /I{DE4386F2-ECDE-493E-B8BE-9861A9A7D069}
MATLAB 6.5—>C:MATLAB6p5uninstalluninstall.exe C:MATLAB6p5
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{34AB2437-1B34-3E2D-9DE8-3E2D35335B3F}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{CFF15B94-E062-3701-869A-4CDF4590461E}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack — rus—>MsiExec.exe /I{95E44F11-19F0-39EA-A894-792E054AA1CF}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows — LIVE—>MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Standard 2007—>MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Стандартный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall STANDARD /dll OSETUP.DLL
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
Movavi Видео Конвертер 9—>MsiExec.exe /I{A6B4FD51-7721-4E66-8EB0-0A904E22B14C}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)—>MsiExec.exe /I{8FCE7820-08DF-4663-AF5B-B190EF387C4B}
MyDsc2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{83D96ED0-98AA-4515-8DDC-816F3EFDD104}Setup.exe» -l0x9
Need For Speed Underground 2—>»C:GamesNeed For Speed Underground 2unins000.exe»
Need For Speed Underground—>E:GamesNEEDFO~1UNWISE.EXE E:GamesNEEDFO~1INSTALL.LOG
Nero 6—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver—>MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
NVIDIA Drivers—>C:WINDOWSsystem32nvunrm.exe UninstallGUI
NVIDIA PhysX—>MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OpenAL—>»C:Program FilesOpenALOpenALwEAX.exe» /U
Paint.NET v3.20—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFPaintDN.inf,Uninstall
PC Connectivity Solution—>MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PunkBuster Services—>C:WINDOWSsystem32pbsvc.exe -u
QIP.Online—>C:Program FilesQIP.OnlineUninstall.exe
RadioClicker LITE—>»C:Program FilesRadioClicker LITEunins000.exe»
RadioClicker PRO—>»C:Program FilesRadioClicker PROunins000.exe»
Rapture3D 2.3.22 Game—>»C:Program FilesBRSunins000.exe»
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}setup.exe» -l0x19 -removeonly
Right Click Image Converter—>»C:Program FilesKristanixRight Click Image Converteruninstall.exe»
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB958437)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Office 2007 (KB936514)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Outlook 2007 (KB946983)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sina Web TV—>C:PROGRA~1sinaSINAWE~1302~1.9BEUNWISE.EXE C:PROGRA~1sinaSINAWE~1302~1.9BEInstall.LOG
Skype™ 4.1—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SMSDV v.1.6.b (22 сен 2007г.)—>»C:Program FilesSMSDVunins000.exe»
SnagIt 8—>MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sony Ericsson Device Data—>MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers—>MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite—>C:WINDOWSInstaller{D6BF6477-8369-489F-8DE6-3731F4B88560}setup.exe /uninstall
Sony Ericsson PC Suite—>MsiExec.exe /I{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}
SopCast 1.1.2—>C:Program FilesSopCastuninst.exe
Steam(TM)—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Test Drive Unlimited—>C:Program FilesInstallShield Installation Information{8B43248F-5FAA-40CE-978E-95D3C5F12355}setup.exe
TV Player Classic 5.1—>»C:Program FilesTVPlayerClassicunins000.exe»
TVUPlayer 2.4.0.1—>C:Program FilesTVUPlayeruninst.exe
UltraISO Premium (only 32bit) V8.6.5.2160 Rus—>»C:Program FilesUltraISOunins000.exe»
Undelete Plus 2.94—>»C:Program FilesTouchStoneSoftwareUndeletePlusunins000.exe»
Uniblue RegistryBooster 2009—>»C:Documents and SettingsAll UsersApplication Data{92E7A367-8E12-4830-AA70-29C32E331A81}Uniblue RegistryBooster.exe» REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009—>C:Documents and SettingsAll UsersApplication Data{92E7A367-8E12-4830-AA70-29C32E331A81}Uniblue RegistryBooster.exe
Uninstall Tool—>»C:Program FilesUninstall Toolunins000.exe»
Unlocker 1.8.8—>C:Program FilesUnlockeruninst.exe
Update for Office 2007 (KB934391)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Player Firefox Plugin—>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Xfire (remove only)—>»C:Program FilesXfireuninst.exe»
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
XviD MPEG-4 Video Codec—>C:WINDOWSsystem32rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:WINDOWSINFxvid.inf
АвтоСправочник—>C:WINDOWSuninst.exe -f»C:Program FilesAutoDealerFreewareDeIsL1.isu» -c»C:Program FilesAutoDealerFreeware_ISREG32.DLL»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Боковая панель Windows—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFSidebar.inf,DefaultUnInstall
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Казаки — Снова Война—>C:WINDOWSuna2setup.exe
Обновление безопасности для Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Пакет драйверов Windows — Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)—>C:PROGRA~1DIFX7B44739871F4D539FA473F57A832EA4B6A59EF06DPInst.exe /d /u C:WINDOWSsystem32DRVSTOREamdk8_5F4DE5B38BD0C6463F94F7534C8C84D5EACE412Damdk8.inf
Пакет драйверов Windows — Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4pccswpddriver.inf
Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_F12A08B6F776984A95553486F64C541356F86E38pccs_bluetooth.inf
Преферанс—>»C:Program FilesBukaPreferenceuninstall.exe»
Снукер v1.2—>»C:Program Filesabsolutist.ruСнукерunins000.exe»
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»
Удалить Winamp—>»C:Program FilesWinampunins000.exe»
Языковой пакет Microsoft .NET Framework 3.5 — RUS—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack — russetup.exe=====HijackThis Backups=====
R3 — URLSearchHook: (no name) — — (no file) [2009-11-28]
O20 — AppInit_DLLs: C:WINDOWSsystem32zsfwz.dll [2009-11-28]Hosts File Missing
======Security center information======AV: ESET NOD32 Antivirus 4.0 (outdated)
FW: AGAVA Firewall (disabled)======System event log======
Computer Name: MICROSOF-561F28
Event Code: 104
Message: Ошибка в процессе инициализации восстановления системы.Record Number: 31163
Source Name: SRService
Time Written: 20100129191350.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 4226
Message: Достигнут предел безопасности для TCP/IP, налагаемый на количество попыток одновременных TCP-подключений.Record Number: 31157
Source Name: Tcpip
Time Written: 20100129174721.000000+120
Event Type: warning
User:Computer Name: MICROSOF-561F28
Event Code: 7023
Message: Служба «Служба восстановления системы» завершена из-за ошибки
Не удается найти указанный файл.Record Number: 31124
Source Name: Service Control Manager
Time Written: 20100129094825.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 104
Message: Ошибка в процессе инициализации восстановления системы.Record Number: 31121
Source Name: SRService
Time Written: 20100129094756.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 4226
Message: Достигнут предел безопасности для TCP/IP, налагаемый на количество попыток одновременных TCP-подключений.Record Number: 31116
Source Name: Tcpip
Time Written: 20100128223002.000000+120
Event Type: warning
User:=====Application event log=====
Computer Name: MICROSOF-561F28
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.Record Number: 5164
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090920183349.000000+180
Event Type: warning
User:Computer Name: MICROSOF-561F28
Event Code: 1020
Message: Обновление до метабазы IIS было прервано, так как на этом компьютере IIS либо не установлен, либо отключен. Чтобы настроить ASP.NET для выполнения в IIS, установите или включите IIS и повторно зарегистрируйте ASP.NET командой aspnet_regiis.exe /i.Record Number: 5147
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090920183232.000000+180
Event Type: warning
User:Computer Name: MICROSOF-561F28
Event Code: 1517
Message: Реестр пользователя MICROSOF-561F28Admin был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.
Record Number: 5081
Source Name: Userenv
Time Written: 20090918151058.000000+180
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-561F28
Event Code: 0
Message:
Record Number: 5077
Source Name: matlabserver
Time Written: 20090917225631.000000+180
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 1013
Message: Product: Wolfenstein — This installation cannot be run by directly launching the MSI package. You must run setup.exe.Record Number: 4934
Source Name: MsiInstaller
Time Written: 20090820124350.000000+180
Event Type: error
User: MICROSOF-561F28Admin======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC;C:MATLAB6P5BINWIN32;C:Program FilesCommon FilesAutodesk Shared;;C:PROGRA~1COMMON~1AUTODE~1;C:Program FilesCommon FilesTeleca Shared
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=6b02
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«cdrom»=F:
EOF
.Кстати забыл сказать что практически все 185 зараженных файлов находились в C:Docume~1……temp.
1.log RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2010-02-22 13:40:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (6%) free of 50 GB
Total RAM: 2047 MB (73% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:11, on 22.02.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:MATLAB6p5webserverbinwin32matlabserver.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Documents and SettingsAdminГлавное менюПрограммыАвтозагрузкаsystem.exe
C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftints.exe
C:Program FilesOperaOpera.exe
D:СережаRSIT.exe
C:програмAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {855F3B16-6D32-4fe6-8A56-BBB695989046} — (no file)
O4 — HKLM..PoliciesExplorerRun: [Microsoft Driver Setup] C:WINDOWSccdrive32.exe
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: ihaupd32.exe
O4 — Startup: system.exe
O4 — Startup: system.exe645
O4 — Startup: system.exe803
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Crawler Search — tbr:iemenu
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Передать на удаленную закачку DM — C:Program FilesDownload Masterremdown.htm
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232392041796
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232392023953
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} — file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O17 — HKLMSystemCCSServicesTcpip..{DB1A5B64-2A47-45DB-8229-94171839A0A8}: NameServer = 195.248.191.67,195.248.191.72
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — C:PROGRA~1CrawlerToolbarctbr.dll
O20 — Winlogon Notify: m64dll — m64dll.dll (file missing)
O21 — SSODL: GootkitSSO — {1DBD9CCF-639C-4261-B24C-EFEC8E57D01B} — (no file)
O23 — Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: MATLAB Server (matlabserver) — Unknown owner — C:MATLAB6p5webserverbinwin32matlabserver.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 6985 bytes======Scheduled tasks folder======
C:WINDOWStasksAt1.job
C:WINDOWStasksAt10.job
C:WINDOWStasksAt11.job
C:WINDOWStasksAt12.job
C:WINDOWStasksAt13.job
C:WINDOWStasksAt14.job
C:WINDOWStasksAt15.job
C:WINDOWStasksAt16.job
C:WINDOWStasksAt17.job
C:WINDOWStasksAt18.job
C:WINDOWStasksAt19.job
C:WINDOWStasksAt2.job
C:WINDOWStasksAt20.job
C:WINDOWStasksAt21.job
C:WINDOWStasksAt22.job
C:WINDOWStasksAt23.job
C:WINDOWStasksAt24.job
C:WINDOWStasksAt3.job
C:WINDOWStasksAt4.job
C:WINDOWStasksAt5.job
C:WINDOWStasksAt6.job
C:WINDOWStasksAt7.job
C:WINDOWStasksAt8.job
C:WINDOWStasksAt9.job======Registry dump======
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
«Microsoft Driver Setup»=C:WINDOWSccdrive32.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
C:WINDOWSALCMTR.EXE [2008-06-08 69632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUSGamerOSD]
C:Program FilesASUSGamerOSDGamerOSD.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKillCopy]
C:WINDOWSsystem32killcopy.exe [2008-06-08 1185792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
C:Program FilesLClockLClock.exe [2008-06-08 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]
C:Program FilesAheadNero BackItUpNBJ.exe [2008-06-08 2048000][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2008-06-08 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
RTHDCPL.EXE [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSidebar]
C:Program FilesWindows Sidebarsidebar.exe [2007-02-26 1254912][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
C:WINDOWSSkyTel.EXE [2008-06-08 2879488][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2010-02-18 57344][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
C:Program FilesUnlockerUnlockerAssistant.exe [2010-02-18 57344]C:Documents and SettingsAdminГлавное менюПрограммыАвтозагрузка
ihaupd32.exe
system.exe
system.exe645
system.exe803[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2009-12-11 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifym64dll]
m64dll.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616]
GootkitSSO — {1DBD9CCF-639C-4261-B24C-EFEC8E57D01B}[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaec.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys2e49644d]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys3115e3fc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys462d66b]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaec.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys2e49644d]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys3115e3fc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys462d66b]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:WINDOWSsystem32dpnsvr.exe»=»C:WINDOWSsystem32dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«E:GamesCounterhl.exe»=»E:GamesCounterhl.exe:*:Enabled:Half-Life Launcher»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«E:GamesFar Cry 2binFarCry2.exe»=»E:GamesFar Cry 2binFarCry2.exe:*:Enabled:Far Cry 2»
«E:GamesFar Cry 2binFC2Launcher.exe»=»E:GamesFar Cry 2binFC2Launcher.exe:*:Enabled:Far Cry 2 Updater»
«E:GamesFar Cry 2binFC2Editor.exe»=»E:GamesFar Cry 2binFC2Editor.exe:*:Enabled:Editor»
«E:GamesTDUexeTestDriveUnlimited.exe»=»E:GamesTDUexeTestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited»
«E:GamesCALLiw3mp.exe»=»E:GamesCALLiw3mp.exe:*:Enabled:Call of Duty(R) 4 — Modern Warfare(TM)»
«E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe»=»E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe:*:Disabled:nfsuclient_alkar»
«E:GamesNeed For Speed Undergroundspeed.exe»=»E:GamesNeed For Speed Undergroundspeed.exe:*:Enabled:speed»
«E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe»=»E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe:*:Disabled:pandora»
«E:IcqICQ6.5ICQ.exe»=»E:IcqICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesSopCastSopCast.exe»=»C:Program FilesSopCastSopCast.exe:*:Enabled:SopCast Main Application»
«E:GamesCounterhltv.exe»=»E:GamesCounterhltv.exe:*:Enabled:HLTV Launcher»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe»=»C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe:*:Enabled:SopCast Adver»
«E:GamesProEvoSocpes2010.exe»=»E:GamesProEvoSocpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«C:Documents and SettingsAdminРабочий столpes2010.exe»=»C:Documents and SettingsAdminРабочий столpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«E:GamesFallout 3Fallout3.exe»=»E:GamesFallout 3Fallout3.exe:*:Enabled:Fallout 3»
«E:GamesDIRT 2dirt2_game.exe»=»E:GamesDIRT 2dirt2_game.exe:*:Enabled:DiRT2»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{920d1d18-e7bf-11dc-ac5a-001bfc77011d}]
shellAutoRuncommand — M:ZALJUBIT///dousiju.exe
shellexplorecommand — M:ZALJUBIT///dousiju.exe
shellopencommand — M:ZALJUBIT///dousiju.exe======File associations======
.scr — open —
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2010-02-22 13:40:04 —-D—- C:rsit
2010-02-21 19:25:56 —-A—- C:WINDOWSsubinacl.exe
2010-02-21 14:36:28 —-A—- C:WINDOWSsystem320setup.exe
2010-02-18 21:31:03 —-A—- C:WINDOWSsystem3210setup.exe
2010-02-18 18:50:30 —-RASH—- C:WINDOWSccdrive32 .exe
2010-02-08 16:34:00 —-D—- C:Documents and SettingsAll UsersApplication DataATI
2010-02-08 16:31:17 —-A—- C:WINDOWSsystem32Oemdspif.dll
2010-02-08 16:31:17 —-A—- C:WINDOWSsystem32ATIDEMGX.dll
2010-02-08 16:31:17 —-A—- C:WINDOWSsystem32ati2cqag.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ativvaxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ativcoxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32atitvo32.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ATIODCLI.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32atimpc32.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ATIDDC.DLL
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32aticalrt.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32aticaldd.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32atibtmon.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32Ati2mdxx.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2evxx.exe
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2evxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2edxx.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32ati2dvag.dll
2010-02-08 16:31:16 —-A—- C:WINDOWSsystem32amdpcom32.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atipdlxx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atiok3x2.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atioglxx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32ATIODE.exe
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atikvmag.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atiiiexx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32aticalcl.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32atiadlxx.dll
2010-02-08 16:31:15 —-A—- C:WINDOWSsystem32ati3duag.dll
2010-02-07 18:51:23 —-D—- C:Program FilesMovavi Видео Конвертер 9
2010-02-06 22:32:31 —-HDC—- C:WINDOWS$NtUninstallXPSEPSCLP$
2010-02-06 16:50:00 —-A—- C:WINDOWSsystem32Remover.ini
2010-02-06 16:50:00 —-A—- C:WINDOWSsystem32Remove.exe
2010-02-06 16:49:59 —-A—- C:WINDOWSsystem32CoInst_071029.dll
2010-02-06 16:49:57 —-A—- C:WINDOWSsystem32SP7302.ini
2010-02-06 16:49:56 —-A—- C:WINDOWSsystem32P7302USD.dll
2010-02-06 16:49:55 —-D—- C:WINDOWSPixArt
2010-02-06 16:49:55 —-D—- C:Program FilesCommon FilesiLook 310
2010-02-03 12:22:24 —-A—- C:WINDOWSsystem32sfuYaTY.exe
2010-02-03 12:22:17 —-D—- C:Program FilesCommon Fileswm
2010-02-03 12:22:17 —-A—- C:Program FilesCommon Fileskeylog.txt
2010-01-29 20:26:15 —-D—- C:Documents and SettingsAdminApplication DataVentrilo
2010-01-27 22:35:39 —-D—- C:Program FilesSteam======List of files/folders modified in the last 1 months======
2010-02-22 13:40:07 —-D—- C:програм
2010-02-22 13:35:18 —-D—- C:WINDOWSsystem32CatRoot2
2010-02-22 00:37:56 —-A—- C:WINDOWSSchedLgU.Txt
2010-02-21 23:11:23 —-D—- C:WINDOWS
2010-02-21 23:10:14 —-D—- C:WINDOWSsystem32drivers
2010-02-21 23:04:11 —-D—- C:WINDOWSMinidump
2010-02-21 23:04:10 —-D—- C:WINDOWStemp
2010-02-21 22:51:51 —-D—- C:Program FilesCcleaner
2010-02-21 22:40:40 —-D—- C:Program Files
2010-02-21 21:55:41 —-D—- C:WINDOWSsystem32
2010-02-21 20:15:00 —-A—- C:WINDOWSNeroDigital.ini
2010-02-21 19:15:19 —-SHD—- C:RECYCLER
2010-02-21 18:56:36 —-D—- C:Program FilesBRS
2010-02-21 18:55:48 —-D—- C:Program FilesSMSDV
2010-02-21 18:55:42 —-D—- C:Program FilesOutlook Express
2010-02-21 18:47:23 —-D—- C:Program FilesQIP.Online
2010-02-21 18:28:47 —-D—- C:Program FilesWindows Media Player
2010-02-21 18:28:39 —-D—- C:Program FilesUnlocker
2010-02-21 18:27:40 —-D—- C:Program FilesWindows NT
2010-02-21 18:23:25 —-D—- C:Documents and SettingsAdminApplication DataUniblue
2010-02-21 17:19:56 —-D—- C:Program FilesVistaDriveIcon
2010-02-21 17:19:55 —-D—- C:Program FilesInternet Explorer
2010-02-21 15:55:36 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2010-02-21 10:46:29 —-SD—- C:WINDOWSTasks
2010-02-21 00:33:53 —-D—- C:Documents and SettingsAdminApplication DataSkype
2010-02-20 21:56:31 —-D—- C:Documents and SettingsAdminApplication DataskypePM
2010-02-18 18:49:21 —-A—- C:WINDOWS.6454514883229033.exe
2010-02-18 18:49:01 —-D—- C:Program FilesDAEMON Tools Lite
2010-02-18 09:24:03 —-D—- C:Program FilesABBYY FineReader 9.0
2010-02-18 09:18:20 —-A—- C:WINDOWSmatlab.ini
2010-02-18 07:48:07 —-D—- C:Program FilesAdobe
2010-02-18 07:47:32 —-D—- C:Program FilesVolumeControl
2010-02-08 16:35:13 —-SHD—- C:WINDOWSInstaller
2010-02-08 16:35:13 —-D—- C:Program FilesATI
2010-02-08 16:32:00 —-D—- C:WINDOWSWinSxS
2010-02-08 16:31:52 —-D—- C:Program FilesATI Technologies
2010-02-08 16:31:31 —-HD—- C:WINDOWSinf
2010-02-08 16:31:18 —-D—- C:WINDOWSsystem32CatRoot
2010-02-08 16:31:14 —-DC—- C:WINDOWSsystem32DRVSTORE
2010-02-08 16:23:01 —-A—- C:WINDOWSWININIT.INI
2010-02-07 00:11:19 —-D—- C:WINDOWSMicrosoft.NET
2010-02-06 22:32:24 —-RSD—- C:WINDOWSassembly
2010-02-06 17:02:45 —-D—- C:Кино
2010-02-06 16:51:05 —-A—- C:WINDOWSwin.ini
2010-02-06 16:51:01 —-D—- C:WINDOWStwain_32
2010-02-06 16:49:55 —-D—- C:Program FilesCommon Files
2010-02-06 16:49:52 —-HD—- C:Program FilesInstallShield Installation Information
2010-02-05 13:51:24 —-D—- C:Program FilesDownload Master======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 43520]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-02-06 93336]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-10-07 80576]
R1 uzg4njgz;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzg4njgz.sys []
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-02-06 113448]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 AmdLLD;AMD Low Level Device Driver; C:WINDOWSsystem32DRIVERSAmdLLD.sys [2006-11-01 33280]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2009-12-11 4525056]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversAtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-01-03 4412928]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2007-06-28 20480]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2008-04-07 10368]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 afklguyg;afklguyg; C:WINDOWSsystem32driversafklguyg.sys []
S3 ah5x41ih;ah5x41ih; C:WINDOWSsystem32driversah5x41ih.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:WINDOWSsystem32driversasusgsb.sys [2007-07-12 12416]
S3 catchme;catchme; ??C:DOCUME~1AdminLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2009-09-28 25280]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 PAC7302;iLook 310; C:WINDOWSsystem32DRIVERSPAC7302.SYS [2007-10-29 458112]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:WINDOWSsystem32DRIVERSs816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:WINDOWSsystem32DRIVERSs816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:WINDOWSsystem32DRIVERSs816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DaulCamera; C:WINDOWSSystem32DriversCapt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
S3 Video3D;ASUS Video3D Service; C:WINDOWSSystem32DriversVideo3D32.sys []
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2007-06-18 38528]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sfc;sfc; C:WINDOWSsystem32driverssfc.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2008-04-14 73472]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2008-10-27 759072]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2009-12-11 602112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2009-08-16 222968]
R2 matlabserver;MATLAB Server; C:MATLAB6p5webserverbinwin32matlabserver.exe [2002-06-18 503808]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-07-01 75064]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-06-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2008-06-08 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-06-08 441344]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2008-06-08 145408]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2008-06-08 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
2.log RSIT:
info.txt logfile of random’s system information tool 1.06 2010-02-22 13:40:14
======Uninstall list======
—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {744C859F-C225-48A9-A524-4DED432F36C7}
—>MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 9.0 Professional Edition—>MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
ACDSee 9 Photo Manager—>MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Ad-Aware SE Personal—>C:PROGRA~1LavasoftAD-AWA~1UNWISE.EXE C:PROGRA~1LavasoftAD-AWA~1INSTALL.LOG
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player—>C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.2—>MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks Runtime—>C:WINDOWSIsUninst.exe -f»C:Program FilesWexTechAnswerWorksUninst.isu»
Assassins Creed—>»E:GamesAssassins Creedunins000.exe»
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AusLogics Disk Defrag—>»C:Program FilesAusLogics Disk Defragunins000.exe»
Autodesk DWF Viewer—>C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove
Background changer 2.0.8.0—>»C:Program FilesBackground changerunins000.exe»
Call of Duty — Modern Warfare 2—>»E:GamesCall of Duty — Modern Warfare 2unins000.exe»
Call of Duty(R) 4 — Modern Warfare(TM) 1.6 Patch—>C:Program FilesInstallShield Installation Information{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 — Modern Warfare(TM)—>C:Program FilesInstallShield Installation Information{E48469CC-635E-4FD5-A122-1497C286D217}setup.exe -runfromtemp -l0x0409
Catalyst Control Center — Branding—>MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA}
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
Ccleaner 2.03.532—>»C:Program FilesCcleanerunins000.exe»
Counter-Strike 1.6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime90Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{13B792AA-C078-43A4-8A3A-8B12D629940D}Setup.exe» -l0x19
Counter-Strike Steamworks Beta—>»C:Program FilesSteamsteam.exe» steam://uninstall/150
Counter-Strike(TM)—>MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike—>»C:Program FilesSteamsteam.exe» steam://uninstall/10
Crawler Toolbar with Web Security Guard—>C:PROGRA~1CrawlerToolbarCToolbar.exe uninst
Daemon Tools LIte—>»C:Program FilesDaemon Tools LiteUninst.exe»
Dead Space™—>MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
DiRT2—>»C:Program FilesInstallShield Installation Information{52D1D62C-FEAB-4580-849E-1DB624BADBBD}setup.exe» -runfromtemp -l0x0009 -removeonly
Disc2Phone—>MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
Download Master version 5.6.1.1185—>»C:Program FilesDownload Masterunins000.exe»
Dual-Core Optimizer—>MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
EA SPORTS online 2008—>C:Program FilesEA SPORTSEA SPORTS onlineEASOUNInstaller.exe
EAX Unified—>C:WINDOWSIsUninst.exe -f»C:Program FilesCreativeEAX UnifiedUninst.isu»
eBay Icon—>C:Documents and SettingsAdminApplication DataDesktopiconuninst.exe
Etymonix SoftReel—>C:WINDOWSISUNINST.EXE -f»C:Program FilesEtymonixSoftReelUninst.isu» -c»C:Program FilesEtymonixSoftReeliscustom.dll»
Far Cry 2—>»C:Program FilesInstallShield Installation Information{F2835483-37F2-4123-B4FE-0E77D58447F2}setup.exe» -runfromtemp -l0x0009 -removeonly
FAR file manager—>C:Program FilesFarUninstall.exe
FIFA 2008—>»E:GamesFIFA 2008unins000.exe»
Foxit Reader 2.2 — DJ Mogarych’s pack—>»C:Program FilesFoxit Readerunins000.exe»
Grand Theft Auto IV v1.0.3.1—>»E:GamesGrand Theft Auto IVunins000.exe»
Guitar Pro 4.0—>C:PROGRA~1GUITAR~1UNWISE.EXE C:PROGRA~1GUITAR~1INSTALL.LOG
Hamachi 1.0.3.0—>C:Program FilesHamachiuninstall.exe
HijackThis 2.0.2—>»C:програмHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
ICE Book Reader Professional v8.9.2 Russian—>»C:Program FilesICE Book Reader Professional Russianunins000.exe»
ICQ Toolbar—>C:Program FilesICQ6ToolbarICQUnToolbar.exe
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
iLook 310—>»C:Program FilesInstallShield Installation Information{7EF900F4-61A8-4D95-8A65-488D3BECA206}setup.exe» -runfromtemp -l0x0019 -removeonly
iSnooker—>E:GamesснукерiSnookerUninstall.exe
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.4.0 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
LClock—>C:Program FilesLClockUninstall.exe
Light Alloy 4.3—>C:Program FilesLight Alloyuninst.exe
Ligos Indeo XP v.5.2 codec—>RunDLL32.exe advpack.dll,LaunchINFSection indeoxp.inf, UnInstall
Mathcad 11 Enterprise Edition—>MsiExec.exe /I{DE4386F2-ECDE-493E-B8BE-9861A9A7D069}
MATLAB 6.5—>C:MATLAB6p5uninstalluninstall.exe C:MATLAB6p5
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{34AB2437-1B34-3E2D-9DE8-3E2D35335B3F}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{CFF15B94-E062-3701-869A-4CDF4590461E}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack — rus—>MsiExec.exe /I{95E44F11-19F0-39EA-A894-792E054AA1CF}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows — LIVE—>MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Standard 2007—>MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Стандартный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall STANDARD /dll OSETUP.DLL
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
Movavi Видео Конвертер 9—>MsiExec.exe /I{A6B4FD51-7721-4E66-8EB0-0A904E22B14C}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)—>MsiExec.exe /I{8FCE7820-08DF-4663-AF5B-B190EF387C4B}
MyDsc2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{83D96ED0-98AA-4515-8DDC-816F3EFDD104}Setup.exe» -l0x9
Need For Speed Underground 2—>»C:GamesNeed For Speed Underground 2unins000.exe»
Need For Speed Underground—>E:GamesNEEDFO~1UNWISE.EXE E:GamesNEEDFO~1INSTALL.LOG
Nero 6—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver—>MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
NVIDIA Drivers—>C:WINDOWSsystem32nvunrm.exe UninstallGUI
NVIDIA PhysX—>MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OpenAL—>»C:Program FilesOpenALOpenALwEAX.exe» /U
Paint.NET v3.20—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFPaintDN.inf,Uninstall
PC Connectivity Solution—>MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PunkBuster Services—>C:WINDOWSsystem32pbsvc.exe -u
QIP.Online—>C:Program FilesQIP.OnlineUninstall.exe
RadioClicker LITE—>»C:Program FilesRadioClicker LITEunins000.exe»
RadioClicker PRO—>»C:Program FilesRadioClicker PROunins000.exe»
Rapture3D 2.3.22 Game—>»C:Program FilesBRSunins000.exe»
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}setup.exe» -l0x19 -removeonly
Right Click Image Converter—>»C:Program FilesKristanixRight Click Image Converteruninstall.exe»
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB958437)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Office 2007 (KB936514)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Outlook 2007 (KB946983)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sina Web TV—>C:PROGRA~1sinaSINAWE~1302~1.9BEUNWISE.EXE C:PROGRA~1sinaSINAWE~1302~1.9BEInstall.LOG
Skype™ 4.1—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SMSDV v.1.6.b (22 сен 2007г.)—>»C:Program FilesSMSDVunins000.exe»
SnagIt 8—>MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sony Ericsson Device Data—>MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers—>MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite—>C:WINDOWSInstaller{D6BF6477-8369-489F-8DE6-3731F4B88560}setup.exe /uninstall
Sony Ericsson PC Suite—>MsiExec.exe /I{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}
SopCast 1.1.2—>C:Program FilesSopCastuninst.exe
Steam(TM)—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Test Drive Unlimited—>C:Program FilesInstallShield Installation Information{8B43248F-5FAA-40CE-978E-95D3C5F12355}setup.exe
TV Player Classic 5.1—>»C:Program FilesTVPlayerClassicunins000.exe»
TVUPlayer 2.4.0.1—>C:Program FilesTVUPlayeruninst.exe
UltraISO Premium (only 32bit) V8.6.5.2160 Rus—>»C:Program FilesUltraISOunins000.exe»
Undelete Plus 2.94—>»C:Program FilesTouchStoneSoftwareUndeletePlusunins000.exe»
Uniblue RegistryBooster 2009—>»C:Documents and SettingsAll UsersApplication Data{92E7A367-8E12-4830-AA70-29C32E331A81}Uniblue RegistryBooster.exe» REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009—>C:Documents and SettingsAll UsersApplication Data{92E7A367-8E12-4830-AA70-29C32E331A81}Uniblue RegistryBooster.exe
Uninstall Tool—>»C:Program FilesUninstall Toolunins000.exe»
Unlocker 1.8.8—>C:Program FilesUnlockeruninst.exe
Update for Office 2007 (KB934391)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Player Firefox Plugin—>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Xfire (remove only)—>»C:Program FilesXfireuninst.exe»
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
XviD MPEG-4 Video Codec—>C:WINDOWSsystem32rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:WINDOWSINFxvid.inf
АвтоСправочник—>C:WINDOWSuninst.exe -f»C:Program FilesAutoDealerFreewareDeIsL1.isu» -c»C:Program FilesAutoDealerFreeware_ISREG32.DLL»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Боковая панель Windows—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFSidebar.inf,DefaultUnInstall
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Казаки — Снова Война—>C:WINDOWSuna2setup.exe
Обновление безопасности для Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Пакет драйверов Windows — Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)—>C:PROGRA~1DIFX7B44739871F4D539FA473F57A832EA4B6A59EF06DPInst.exe /d /u C:WINDOWSsystem32DRVSTOREamdk8_5F4DE5B38BD0C6463F94F7534C8C84D5EACE412Damdk8.inf
Пакет драйверов Windows — Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4pccswpddriver.inf
Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_F12A08B6F776984A95553486F64C541356F86E38pccs_bluetooth.inf
Преферанс—>»C:Program FilesBukaPreferenceuninstall.exe»
Снукер v1.2—>»C:Program Filesabsolutist.ruСнукерunins000.exe»
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»
Удалить Winamp—>»C:Program FilesWinampunins000.exe»
Языковой пакет Microsoft .NET Framework 3.5 — RUS—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack — russetup.exe=====HijackThis Backups=====
R3 — URLSearchHook: (no name) — — (no file) [2009-11-28]
O20 — AppInit_DLLs: C:WINDOWSsystem32zsfwz.dll [2009-11-28]Hosts File Missing
======Security center information======AV: ESET NOD32 Antivirus 4.0 (outdated)
FW: AGAVA Firewall (disabled)======System event log======
Computer Name: MICROSOF-561F28
Event Code: 104
Message: Ошибка в процессе инициализации восстановления системы.Record Number: 31163
Source Name: SRService
Time Written: 20100129191350.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 4226
Message: Достигнут предел безопасности для TCP/IP, налагаемый на количество попыток одновременных TCP-подключений.Record Number: 31157
Source Name: Tcpip
Time Written: 20100129174721.000000+120
Event Type: warning
User:Computer Name: MICROSOF-561F28
Event Code: 7023
Message: Служба «Служба восстановления системы» завершена из-за ошибки
Не удается найти указанный файл.Record Number: 31124
Source Name: Service Control Manager
Time Written: 20100129094825.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 104
Message: Ошибка в процессе инициализации восстановления системы.Record Number: 31121
Source Name: SRService
Time Written: 20100129094756.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 4226
Message: Достигнут предел безопасности для TCP/IP, налагаемый на количество попыток одновременных TCP-подключений.Record Number: 31116
Source Name: Tcpip
Time Written: 20100128223002.000000+120
Event Type: warning
User:=====Application event log=====
Computer Name: MICROSOF-561F28
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.Record Number: 5164
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090920183349.000000+180
Event Type: warning
User:Computer Name: MICROSOF-561F28
Event Code: 1020
Message: Обновление до метабазы IIS было прервано, так как на этом компьютере IIS либо не установлен, либо отключен. Чтобы настроить ASP.NET для выполнения в IIS, установите или включите IIS и повторно зарегистрируйте ASP.NET командой aspnet_regiis.exe /i.Record Number: 5147
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090920183232.000000+180
Event Type: warning
User:Computer Name: MICROSOF-561F28
Event Code: 1517
Message: Реестр пользователя MICROSOF-561F28Admin был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.
Record Number: 5081
Source Name: Userenv
Time Written: 20090918151058.000000+180
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-561F28
Event Code: 0
Message:
Record Number: 5077
Source Name: matlabserver
Time Written: 20090917225631.000000+180
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 1013
Message: Product: Wolfenstein — This installation cannot be run by directly launching the MSI package. You must run setup.exe.Record Number: 4934
Source Name: MsiInstaller
Time Written: 20090820124350.000000+180
Event Type: error
User: MICROSOF-561F28Admin======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC;C:MATLAB6P5BINWIN32;C:Program FilesCommon FilesAutodesk Shared;;C:PROGRA~1COMMON~1AUTODE~1;C:Program FilesCommon FilesTeleca Shared
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=6b02
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«cdrom»=F:
EOF
Вот логи RSIT
я просканировал Hijackthis -ом и там нашло очень интересный файл winlogon notify:m64dll.dll (file missing)по моему єто вирус мне его удалять или нет подскажите пожалуйста.Еще при запуске компьютера просит откріть файл system.exe645 ( в автозагрузке находятся system.exe645, system.exe803, system,ihaupd32) убирать их оттуда или нет??Я проверил комп Malwarebytes anti malware помогло , классная прога ,игры перестали лагать и видео до конца грузится,но на сайты антивирусов по прежнему не заходит помогите.
Плиз ответтье мне , какое ПО лучше, у меня щас стоит AGAVA AntiSpy, AGAVA Firewall, AGAVA SpamProtexx. Ето норм или нет .Скажите что лучше установить.Заранее спасибо. 🙂
спасибо за советы, но я уже вроде удалил баннер с помощю Hijackthis .кстати как раз после удаления файла zsfwz.dll банер исчез))
пытаюсь удалить — ввожу в выполнить combofix /u , а оно не удаляется а запускается и опять начинает сканировать!
переустонавливал , то же самое ( помогите плиз 🙁
