Созданные ответы форума
-
Сообщения
-
http://www.virustotal.com/file-scan/report.html?id=74de057f768beb42de17ffc4b8a56100f0bed85947ecacaef111e3d3ec997950-1282453829
http://www.virustotal.com/file-scan/report.html?id=2b02e22d2d6b8cfde428132ef148e8f50dcaec55bcedcb9fdf32f80a0aea6832-1282510087
http://www.virustotal.com/file-scan/report.html?id=af19c930f984cbd4cd7a5a16e74e4bd86c495b0376ce0a0faeab368e456a80a2-1276194629
http://www.virustotal.com/file-scan/report.html?id=9a69eafb4544fb1e4eb3b2083a3a73e31ad3bc26b92d19b22528a03e103babd4-1282510965первый файл — древний антивирь какой-то…. на нем проверялка виснет
ComboFix 10-08-18.04 — German 21.08.2010 16:38:19.3.2 — x86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.7.1049.18.2047.1175 [GMT 4:00]
Running from: c:documents and settingsGermanРабочий столComboFix.exe
Command switches used :: c:documents and settingsGermanРабочий столCFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}FILE ::
«c:windowsTasksScheduled Update for Ask Toolbar.job»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:program filesAsk.com
c:program filesAsk.comcobrand.ico
c:program filesAsk.comconfig.xml
c:program filesAsk.comfavicon.ico
c:program filesAsk.comfv_1afa.ico
c:program filesAsk.comGenericAskToolbar.dll
c:program filesAsk.commupcfg.xml
c:program filesAsk.comSaUpdate.exe
c:program filesAsk.comUpdateTask.exe
c:windowsTasksScheduled Update for Ask Toolbar.job
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
c:windowssystem32winlogon.exe . . . is infected!!.
((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.2010-08-14 15:04 . 2010-08-14 15:04
d
w- C:rsit
2010-08-09 18:09 . 2010-08-09 18:09
d
w- c:program filesiPod
2010-08-09 18:09 . 2010-08-09 18:11
d
w- c:program filesiTunes
2010-08-02 05:43 . 2010-08-02 05:43
d
w- c:program filesCommon FilesJava
2010-07-27 17:16 . 2007-11-08 12:26 1164728 —-a-w- c:windowssystem32NMSDVDXU.dll
2010-07-27 17:16 . 2010-07-27 17:16
d
w- c:documents and settingsGermanApplication DataLG Electronics
2010-07-27 17:15 . 2010-07-27 17:16
d
w- c:program filesLG Electronics.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 12:38 . 2009-10-21 14:56
d
w- c:documents and settingsGermanApplication DataSkype
2010-08-21 12:07 . 2009-10-21 15:02
d
w- c:documents and settingsGermanApplication DataskypePM
2010-08-20 17:32 . 2009-06-17 18:06
d
w- c:documents and settingsGermanApplication DataThe Bat!
2010-08-18 05:28 . 2009-07-10 05:50
d
w- c:program filesOpera
2010-08-14 15:04 . 2009-07-29 18:30
d
w- c:program filesTrend Micro
2010-08-12 14:13 . 2009-06-19 10:11
d
w- c:documents and settingsAll UsersApplication DatanView_Profiles
2010-08-10 19:25 . 2009-06-17 21:11
d
w- c:documents and settingsAll UsersApplication DataSonic
2010-08-09 18:09 . 2009-06-22 17:58
d
w- c:program filesCommon FilesApple
2010-08-09 18:01 . 2010-08-09 18:01 73000 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheiTunes 9.2.1.5SetupAdmin.exe
2010-08-09 18:00 . 2009-06-17 20:07
d
w- c:program filesSafari
2010-08-09 17:57 . 2010-08-09 17:57 72488 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheSafari 5.33.17.8SetupAdmin.exe
2010-08-04 10:50 . 2010-08-04 10:50 503808 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-2917284f-nmsvcp71.dll
2010-08-04 10:50 . 2010-08-04 10:50 499712 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-2917284f-njmc.dll
2010-08-04 10:50 . 2010-08-04 10:50 348160 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-2917284f-nmsvcr71.dll
2010-08-04 10:50 . 2010-08-04 10:50 61440 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.0424488892a-2d317ec0-ndecora-sse.dll
2010-08-04 10:50 . 2010-08-04 10:50 12800 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.0424488892a-2d317ec0-ndecora-d3d.dll
2010-08-02 05:43 . 2009-06-20 22:56
d
w- c:program filesJava
2010-07-27 17:15 . 2009-06-17 17:45
d—h—w- c:program filesInstallShield Installation Information
2010-07-18 08:36 . 2009-06-20 15:20 33212 —ha-w- c:windowssystem32mlfcache.dat
2010-07-17 01:00 . 2010-04-20 20:10 423656 —-a-w- c:windowssystem32deployJava1.dll
2010-07-16 09:50 . 2010-07-16 09:50
d
w- c:documents and settingsGermanApplication DataMy Games
2010-07-16 09:50 . 2004-07-17 10:36 163644 —-a-w- c:windowssystem32driverssecdrv.sys
2010-07-16 09:43 . 2009-06-17 16:48 42184 —-a-w- c:documents and settingsGermanLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-07-09 08:42 . 2010-02-15 14:13 69222840 —-a-w- c:documents and settingsGermanApplication DataNokiaOvi SuiteSoftware UpdaterNokiaOviSuite2Installer.exe
2010-07-04 00:41 . 2009-08-04 18:21 1704528 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-07-01 17:32 . 2010-05-31 20:03
d
w- c:documents and settingsGermanApplication DataQipGuard
2010-07-01 17:30 . 2009-06-17 17:59
d
w- c:program filesQIP Infium
2010-06-27 17:55 . 2010-06-27 17:55
d
w- c:program filesQIP
2010-06-27 17:42 . 2010-06-27 17:42
d
w- c:program filesQIP 2010
2010-06-26 08:35 . 2009-06-21 18:42
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-06-22 22:08 . 2009-08-06 00:58
d
w- c:program filesGoogle
2010-06-21 17:59 . 2010-06-21 17:59 71992 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheSafari 5.33.16.0SetupAdmin.exe
2010-06-10 11:07 . 2010-05-31 20:02 127440 —-a-w- c:documents and settingsGermanApplication DataMozillaFirefoxProfilesy8vhokyw.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
2010-06-10 11:07 . 2010-05-31 20:03 190416 —-a-w- c:documents and settingsGermanApplication DataQipGuardQipGuard.exe
2010-06-10 11:07 . 2010-05-31 20:03 280440 —-a-w- c:documents and settingsGermanApplication DataQipGuardsqlite3.dll
2010-06-10 11:07 . 2010-05-31 20:03 48080 —-a-w- c:documents and settingsGermanApplication DataMicrosoftInternet Explorerqstatsrv.dll
2010-06-10 11:07 . 2010-05-31 20:03 20944 —-a-w- c:documents and settingsGermanApplication DataQipGuardchrome.dll
2010-06-03 20:54 . 2010-06-03 20:54 2944904 —-a-w- c:documents and settingsGermanApplication DataMozillaFirefoxProfilesy8vhokyw.defaultextensionstoolbar@ask.comchrometempaskToolbar.exe
2010-05-27 07:50 . 2010-05-27 07:50 503808 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-678beb51-nmsvcp71.dll
2010-05-27 07:50 . 2010-05-27 07:50 499712 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-678beb51-njmc.dll
2010-05-27 07:50 . 2010-05-27 07:50 348160 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-678beb51-nmsvcr71.dll
2010-05-27 07:50 . 2010-05-27 07:50 61440 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.0505535ab32-7f49b3e5-ndecora-sse.dll
2010-05-27 07:50 . 2010-05-27 07:50 12800 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.0505535ab32-7f49b3e5-ndecora-d3d.dll
2010-05-25 13:52 . 2001-10-20 12:00 88404 —-a-w- c:windowssystem32perfc019.dat
2010-05-25 13:52 . 2001-10-20 12:00 493976 —-a-w- c:windowssystem32perfh019.dat
2010-05-24 19:11 . 2010-05-24 19:11 3351812 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}InstallerCommonCustomActionsmsxml6Exec.exe
2010-05-24 19:11 . 2010-05-24 19:11 36864 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}InstallerCommonCustomActionsSleep.exe
2010-05-24 19:10 . 2010-05-24 19:10 3203453 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}InstallerCommonCustomActionsvcredistExec.exe
2010-05-24 19:10 . 2010-05-24 19:12 35768328 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}NokiaSoftwareUpdaterSetup_ru.exe
2010-03-31 08:31 . 2010-03-31 08:18 35859752 —-a-w- c:program files42fs4hff.exe
2009-11-09 10:30 . 2009-06-20 22:53 21377872 —-a-w- c:program fileslaunch.exe
2009-07-21 19:19 . 2009-07-09 23:15 3 —-a-w- c:program filesCommon Filestime.cv
2009-06-20 23:22 . 2009-06-20 23:22 4649 —-a-w- c:program filesCommon Filesunins000.dat
2009-06-20 23:21 . 2009-06-20 23:22 1214827 —-a-w- c:program filesCommon Filesunins000.exe
2004-07-22 06:51 . 2004-07-22 06:51 3432656 —-a-w- c:program filesManagedDX.CAB
2004-07-19 18:58 . 2004-07-19 18:58 1156363 —-a-w- c:program filesBDANT.cab
2004-07-19 18:53 . 2004-07-19 18:53 976020 —-a-w- c:program filesBDAXP.cab
2004-07-09 10:17 . 2004-07-09 10:17 13265040 —-a-w- c:program filesdxnt.cab
2004-07-09 05:13 . 2004-07-09 05:13 15493481 —-a-w- c:program filesDirectX.cab
2004-07-09 05:13 . 2004-07-09 05:13 703080 —-a-w- c:program filesBDA.cab
2004-07-09 00:08 . 2004-07-09 00:08 472576 —-a-w- c:program filesdxsetup.exe
2004-07-09 00:08 . 2004-07-09 00:08 2242560 —-a-w- c:program filesdsetup32.dll
2004-07-08 23:03 . 2004-07-08 23:03 62976 —-a-w- c:program filesDSETUP.dll
2003-11-13 12:31 . 2003-11-13 12:31 1388544 —-a-w- c:program filesSFX Machine LT.dll
2003-11-05 17:37 . 2003-11-05 17:37 11838 —-a-w- c:program filesSFX Machine LT Read Me.rtf
.(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.— c:program files42fs4hff.exe —
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 35859752
Created time: 2010-03-31 08:18
Modified time: 2010-03-31 08:31
MD5: 67011E26BB55FC0EECD84CA7CC2FEC22
SHA1: F796BB2A77A3C72BE1DB44989A438FBE943CC246— c:program filesCommon Filestime.cv —
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 3
Created time: 2009-07-09 23:15
Modified time: 2009-07-21 19:19
MD5: ABA3B6FD5D186D28E06FF97135CADE7F
SHA1: 0707DCC10EC1CFEE92B537A96FAAB0A38F7BC5A1— c:program filesCommon Filesunins000.dat —
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 4649
Created time: 2009-06-20 23:22
Modified time: 2009-06-20 23:22
MD5: 2CE2A38D967D4D697E255CAD4546A70A
SHA1: 84AB867C58C7B85C5EAE7BF0D9B03E2EBD26D8BE— c:program filesCommon Filesunins000.exe —
Company:
File Description: Setup/Uninstall
File Version: 51.1048.0.0
Product Name:
Copyright:
Original Filename:
File size: 1214827
Created time: 2009-06-20 23:22
Modified time: 2009-06-20 23:21
MD5: 2CA5CAD1CE8AF35BE3427EA05C1F4493
SHA1: 4F7AD79B23F8A2749D1AC805CB31A676BDDCF865— c:program fileslaunch.exe —
Company: Doctor Web, Ltd.
File Description: Dr.Web® CureIt!®
File Version: 5.0.2.11099
Product Name: Dr.Web CureIt!
Copyright: © Doctor Web, Ltd., 2004-2009
Original Filename: cureit.exe
File size: 21377872
Created time: 2009-06-20 22:53
Modified time: 2009-11-09 10:30
MD5: EA54F8E3D398E29816F7A5347183A5F1
SHA1: F5EA7411C5C4EF8705DBE87525A9456240F85CCC—- Directory of c:program filesZards softwareStartup Defender —-
2009-07-29 22:27 . 2009-07-29 22:27 0 —-a-w- c:program filesZards softwareStartup DefenderBanPrc.dat
2009-07-29 22:27 . 2009-07-29 22:27 64148 —-a-w- c:program filesZards softwareStartup Defenderuninst.exe
2009-07-29 22:27 . 2009-07-29 22:27 54 —-a-w- c:program filesZards softwareStartup DefenderStartup Defender .url
2009-01-26 02:45 . 2009-01-26 02:45 1045504 —-a-w- c:program filesZards softwareStartup DefenderStartup Defender.exe
2008-04-09 22:11 . 2008-04-09 22:11 10370 —-a-w- c:program filesZards softwareStartup DefenderStartup Defender.exe.manifest
2008-03-27 19:36 . 2008-03-27 19:36 49152 —-a-w- c:program filesZards softwareStartup DefenderInterop.IWshRuntimeLibrary.dll
2008-03-27 19:36 . 2008-03-27 19:36 49152 —-a-w- c:program filesZards softwareStartup DefenderInterop.Shell32.dll
2008-03-13 03:14 . 2008-03-13 03:14 1150 —-a-w- c:program filesZards softwareStartup Defenderstop.ico
2008-03-13 03:13 . 2008-03-13 03:13 1150 —-a-w- c:program filesZards softwareStartup Defenderstart.ico
2007-03-09 21:44 . 2007-03-09 21:44 4643 —-a-w- c:program filesZards softwareStartup DefenderLicense.txt
Sigcheck
[-] 2009-06-17 . BC260ED748748149DB05B29B256A0500 . 503808 . . [5.1.2600.2180] . . c:windowssystem32winlogon.exe[-] 2007-02-06 . BA6FBEBD54BA6F80A330C4BE69A137F8 . 1548288 . . [5.1.2600.2180] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-20_07.16.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-21 12:50 . 2010-08-21 12:50 16384 c:windowstempPerflib_Perfdata_4ec.dat
+ 2009-10-01 08:51 . 2010-08-20 07:49 25214 c:windowsInstaller{3829960D-73DA-479B-BBE1-BF0FBC35999B}PeaceShieldIcon.exe
— 2009-10-01 08:51 . 2009-10-01 08:51 25214 c:windowsInstaller{3829960D-73DA-479B-BBE1-BF0FBC35999B}PeaceShieldIcon.exe
+ 2009-10-01 08:51 . 2010-08-20 07:49 34304 c:windowsInstaller{3829960D-73DA-479B-BBE1-BF0FBC35999B}Icon3829960D.exe
— 2009-10-01 08:51 . 2009-10-01 08:51 34304 c:windowsInstaller{3829960D-73DA-479B-BBE1-BF0FBC35999B}Icon3829960D.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«YandexDesktopSearch»=»c:program filesYandexDesktopyandesk.exe» [2007-12-10 7456256]
«SetDefaultMIDI»=»MIDIDef.exe» [2008-03-20 31232]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2007-12-13 1688872]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2007-08-01 222592]
«RocketDock»=»c:program filesRocketDockRocketDock.exe» [2007-09-02 495616]
«Google Update»=»c:documents and settingsGermanLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2009-07-15 133104]
«EDLauncher»=»c:program filesPRMT8PRMTEDEDLauncher.exe» [2007-08-17 122880]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2010-05-13 26192168]
«EA Core»=»c:program filesElectronic ArtsEADMCore.exe» [2009-09-03 3342336]
«NokiaOviSuite2″=»c:program filesNokiaNokia Ovi SuiteNokiaOviSuite.exe» [2010-02-24 385928]
«QIP Internet Guardian»=»c:documents and settingsGermanApplication DataQipGuardQipGuard.exe» [2010-06-10 190416]
«Infium»=»c:program filesQIP 2010qip.exe» [2010-06-16 5813200]
«QIP2005″=»c:program filesQIPqip.exe» [2009-08-13 3276288][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«EssSpkPhone»=»essspk1.exe -c» [X]
«NokiaMServer»=»c:program filesCommon FilesNokiaMPlatformNokiaMServer» [X]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-10-07 13574144]
«nwiz»=»nwiz.exe» [2008-10-07 1630208]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-10-07 86016]
«CTHelper»=»CTHELPER.EXE» [2008-03-20 23040]
«CTxfiHlp»=»CTXFIHLP.EXE» [2008-03-20 23552]
«UpdReg»=»c:windowsUpdReg.EXE» [2000-05-10 90112]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2007-12-03 2213160]
«RoxWatchTray»=»c:program filesCommon FilesRoxio Shared11.0SharedCOMRoxWatchTray11.exe» [2008-08-13 240112]
«CPMonitor»=»c:program filesRoxio Creator 20095.0CPMonitor.exe» [2008-08-09 80368]
«WheelMouse»=»c:program filesA4TechMouseAmoumain.exe» [2008-03-05 188416]
«H2O»=»c:program filesSyncroSoftPosH2Ocledx.exe» [2007-12-11 307200]
«adstopper»=»c:program filesAdStoperAdStopperTrayApp.exe» [2009-07-21 588800]
«DDKL»=»c:program filesKeyLogmsdtsf.exe» [2007-06-15 2809856]
«MDDiskProtect.exe»=»c:program filesMediafourMacDriveMDDiskProtect.exe» [2005-03-27 94208]
«MediafourGettingStartedWithMacDrive6″=»c:program filesMediafourMacDriveMacDrive.exe» [2005-03-27 86016]
«Mediafour Mac Volume Notifications»=»c:program filesCommon FilesMediafourMACVNTFY.EXE» [2005-03-27 61440]
«RTHDCPL»=»RTHDCPL.EXE» [2009-09-22 18749440]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2010-06-20 35760]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-06-09 976832]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2010-03-17 421888]
«NokiaMusic FastStart»=»c:program filesNokiaOvi PlayerNokiaOviPlayer.exe» [2010-03-04 2192672]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2010-04-07 2145000]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-05-14 248552]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2010-07-21 141608][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsGermanѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Punto Switcher.lnk — c:program filesYandexPunto Switcherpunto.exe [2009-8-27 831272]
Startup Defender.lnk — c:program filesZards softwareStartup DefenderStartup Defender.exe [2009-1-26 1045504][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyMacDrive-iTunes compatibility]
2005-03-27 18:18 61440 —-a-r- c:program filesCommon FilesMediafourMacDriveiTunesPatch.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«h:\Games\Sid Meier’s Civilization 4\Civilization4.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 MDPMGRNT;MDPMGRNT;c:windowssystem32driversMDPMGRNT.SYS [27.03.2005 22:18 44404]
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [14.05.2009 15:47 114984]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [14.05.2009 15:49 95872]
R1 MDFSYSNT;MDFSYSNT;c:windowssystem32driversMDFSYSNT.SYS [27.03.2005 22:18 277352]
R1 prodrv04;Star Force copy protection driver v4;c:windowssystem32driversprodrv04.sys [08.08.2009 19:14 114496]
R2 ekrn;ESET Service;c:program filesEsetESET NOD32 Antivirusekrn.exe [07.04.2010 21:07 810120]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:windowssystem32driversAmps2prt.sys [19.06.2009 14:21 14336]
R3 CLEDX;Team H2O CLEDX service;c:windowssystem32driverscledx.sys [21.06.2009 21:53 33792]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [23.06.2010 2:02 136176]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:program filesRoxio Creator 2009Digital Home 11RoxioUpnpService11.exe [14.08.2008 0:25 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:program filesCommon FilesRoxio Shared11.0SharedCOMRoxLiveShare11.exe [14.08.2008 0:24 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:program filesCommon FilesRoxio Shared11.0SharedCOMRoxWatch11.exe [14.08.2008 0:24 170480]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [28.10.2009 21:08 1684736]
S3 COMMONFX.SYS;COMMONFX.SYS;c:windowssystem32driversCOMMONFX.sys [20.03.2008 17:23 98328]
S3 COMMONFX;COMMONFX;c:windowssystem32driversCOMMONFX.sys [20.03.2008 17:23 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:windowssystem32driversCT20XUT.sys [20.03.2008 17:36 171032]
S3 CT20XUT;CT20XUT;c:windowssystem32driversCT20XUT.sys [20.03.2008 17:36 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:windowssystem32driversCTAUDFX.sys [20.03.2008 17:23 528920]
S3 CTAUDFX;CTAUDFX;c:windowssystem32driversCTAUDFX.sys [20.03.2008 17:23 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:windowssystem32driversCTEAPSFX.sys [20.03.2008 17:26 163352]
S3 CTEAPSFX;CTEAPSFX;c:windowssystem32driversCTEAPSFX.sys [20.03.2008 17:26 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:windowssystem32driversCTEDSPFX.sys [20.03.2008 17:32 259096]
S3 CTEDSPFX;CTEDSPFX;c:windowssystem32driversCTEDSPFX.sys [20.03.2008 17:32 259096]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:windowssystem32driversCTEDSPIO.sys [20.03.2008 17:38 134168]
S3 CTEDSPIO;CTEDSPIO;c:windowssystem32driversCTEDSPIO.sys [20.03.2008 17:38 134168]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:windowssystem32driversCTEDSPSY.sys [20.03.2008 17:37 309784]
S3 CTEDSPSY;CTEDSPSY;c:windowssystem32driversCTEDSPSY.sys [20.03.2008 17:37 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:windowssystem32driversCTERFXFX.sys [20.03.2008 17:36 99352]
S3 CTERFXFX;CTERFXFX;c:windowssystem32driversCTERFXFX.sys [20.03.2008 17:36 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:windowssystem32driversCTEXFIFX.sys [20.03.2008 17:40 1324056]
S3 CTEXFIFX;CTEXFIFX;c:windowssystem32driversCTEXFIFX.sys [20.03.2008 17:40 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:windowssystem32driversCTHWIUT.sys [20.03.2008 17:37 72728]
S3 CTHWIUT;CTHWIUT;c:windowssystem32driversCTHWIUT.sys [20.03.2008 17:37 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:windowssystem32driversCTSBLFX.sys [20.03.2008 17:25 534040]
S3 CTSBLFX;CTSBLFX;c:windowssystem32driversCTSBLFX.sys [20.03.2008 17:25 534040]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:program filesRoxio Creator 2009Digital Home 11RoxioUPnPRenderer11.exe [14.08.2008 0:25 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:program filesCommon FilesRoxio Shared11.0SharedCOMRoxMediaDB11.exe [14.08.2008 0:23 1124848]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [18.06.2009 0:37 685816]
.
Contents of the ‘Scheduled Tasks’ folder2010-08-16 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 08:34]2010-08-21 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-06-22 22:01]2010-08-21 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-06-22 22:01]2010-08-20 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-790525478-583907252-725345543-1004Core.job
— c:documents and settingsGermanLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-07-15 21:36]2010-08-21 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-790525478-583907252-725345543-1004UA.job
— c:documents and settingsGermanLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-07-15 21:36]
.
.
Supplementary Scan
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsGermanApplication DataMozillaFirefoxProfilesy8vhokyw.default
FF — prefs.js: browser.search.selectedEngine — Ask.com
FF — prefs.js: browser.startup.homepage — hxxp://qip.ru
FF — component: c:documents and settingsGermanApplication DataMozillaFirefoxProfilesy8vhokyw.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
FF — component: c:program filesNokiaNokia Ovi SuiteConnectorsBookmarks ConnectorFirefoxExtensioncomponentsFirefoxExtension.dll
FF — plugin: c:documents and settingsGermanApplication DataMozillaFirefoxProfilesy8vhokyw.defaultextensionsfirefox@tvunetworks.compluginsnpTVUAx.dll
FF — plugin: c:documents and settingsGermanLocal SettingsApplication DataGoogleUpdate1.2.183.29npGoogleOneClick8.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — plugin: c:program filesJavajre6binnew_pluginnpdeployJava1.dll—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbaam7a8h», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.buffer.cache.count», 24);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.buffer.cache.size», 4096);
c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.
— — — — ORPHANS REMOVED — — — —URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} — c:program filesAsk.comGenericAskToolbar.dll
ShellIconOverlayIdentifiers-Mediafour Mac Volume Icons — (no file)**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 16:51
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(724)
c:program filesCommon FilesMediafourMacDriveiTunesPatch.dll— — — — — — — > ‘explorer.exe'(3656)
c:program filesRocketDockRocketDock.dll
c:program filesYandexPunto Switcherpshook.dll
c:program filesPRMT8PRMTEDEDSel.dll
c:windowssystem32nview.dll
c:windowssystem32NVWRSRU.DLL
c:program filesCommon FilesMediafourMACVICON.DLL
c:windowssystem32MSCTF.dll
c:windowssystem32ctagent.dll
c:windowssystem32WPDShServiceObj.dll
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:program filesJavajre6binjqs.exe
c:program filesNeroNero8Nero BackItUpNBService.exe
c:windowssystem32nvsvc32.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:windowssystem32rundll32.exe
c:windowssystem32wscntfy.exe
c:windowssystem32RUNDLL32.EXE
c:windowssystem32CTHELPER.EXE
c:windowssystem32rundll32.exe
c:program filesCreative ProfessionalDigital Audio SystemE-MU PatchMix DSPEmuPatchMixDSP.exe
c:windowsRTHDCPL.EXE
c:program filesCommon FilesNokiaMPlatformNokiaMServer.exe
c:windowssystem32wbemwmiapsrv.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:program filesPRMT8PRMTEDprmedsvr.exe
c:program filesiPodbiniPodService.exe
c:program filesCommon FilesNokiaNoAnokiaaserver.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
c:program filesPC Connectivity SolutionTransportsNclUSBSrv.exe
c:program filesPC Connectivity SolutionTransportsNclRSSrv.exe
c:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Completion time: 2010-08-21 16:56:29 — machine was rebooted
ComboFix-quarantined-files.txt 2010-08-21 12:56
ComboFix2.txt 2010-08-20 07:17Pre-Run: 6 036 934 656 байт свободно
Post-Run: 6 005 014 528 байт свободно— — End Of File — — 049BB5CCF88CCBE5373F840A38800A09
ComboFix 10-08-18.04 — German 20.08.2010 11:09:42.2.2 — x86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.7.1049.18.2047.1544 [GMT 4:00]
Running from: c:documents and settingsGermanРабочий столComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
c:windowssystem32winlogon.exe . . . is infected!!.
((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.2010-08-14 15:04 . 2010-08-14 15:04
d
w- C:rsit
2010-08-09 18:09 . 2010-08-09 18:09
d
w- c:program filesiPod
2010-08-09 18:09 . 2010-08-09 18:11
d
w- c:program filesiTunes
2010-08-09 18:01 . 2010-08-09 18:01 73000 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheiTunes 9.2.1.5SetupAdmin.exe
2010-08-09 17:57 . 2010-08-09 17:57 72488 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheSafari 5.33.17.8SetupAdmin.exe
2010-08-04 10:50 . 2010-08-04 10:50 503808 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-2917284f-nmsvcp71.dll
2010-08-04 10:50 . 2010-08-04 10:50 499712 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-2917284f-njmc.dll
2010-08-04 10:50 . 2010-08-04 10:50 348160 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-2917284f-nmsvcr71.dll
2010-08-04 10:50 . 2010-08-04 10:50 61440 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.0424488892a-2d317ec0-ndecora-sse.dll
2010-08-04 10:50 . 2010-08-04 10:50 12800 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.0424488892a-2d317ec0-ndecora-d3d.dll
2010-08-02 05:43 . 2010-08-02 05:43
d
w- c:program filesCommon FilesJava
2010-07-27 17:16 . 2007-11-08 12:26 1164728 —-a-w- c:windowssystem32NMSDVDXU.dll
2010-07-27 17:16 . 2010-07-27 17:16
d
w- c:documents and settingsGermanApplication DataLG Electronics
2010-07-27 17:15 . 2010-07-27 17:16
d
w- c:program filesLG Electronics.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 07:03 . 2009-10-21 14:56
d
w- c:documents and settingsGermanApplication DataSkype
2010-08-20 06:15 . 2009-10-21 15:02
d
w- c:documents and settingsGermanApplication DataskypePM
2010-08-18 05:28 . 2009-07-10 05:50
d
w- c:program filesOpera
2010-08-17 20:10 . 2009-06-17 18:06
d
w- c:documents and settingsGermanApplication DataThe Bat!
2010-08-14 15:04 . 2009-07-29 18:30
d
w- c:program filesTrend Micro
2010-08-12 14:13 . 2009-06-19 10:11
d
w- c:documents and settingsAll UsersApplication DatanView_Profiles
2010-08-10 19:25 . 2009-06-17 21:11
d
w- c:documents and settingsAll UsersApplication DataSonic
2010-08-09 18:09 . 2009-06-22 17:58
d
w- c:program filesCommon FilesApple
2010-08-09 18:00 . 2009-06-17 20:07
d
w- c:program filesSafari
2010-08-02 05:43 . 2009-06-20 22:56
d
w- c:program filesJava
2010-07-27 17:15 . 2009-06-17 17:45
d—h—w- c:program filesInstallShield Installation Information
2010-07-18 08:36 . 2009-06-20 15:20 33212 —ha-w- c:windowssystem32mlfcache.dat
2010-07-17 01:00 . 2010-04-20 20:10 423656 —-a-w- c:windowssystem32deployJava1.dll
2010-07-16 09:50 . 2010-07-16 09:50
d
w- c:documents and settingsGermanApplication DataMy Games
2010-07-16 09:50 . 2004-07-17 10:36 163644 —-a-w- c:windowssystem32driverssecdrv.sys
2010-07-16 09:43 . 2009-06-17 16:48 42184 —-a-w- c:documents and settingsGermanLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-07-09 08:42 . 2010-02-15 14:13 69222840 —-a-w- c:documents and settingsGermanApplication DataNokiaOvi SuiteSoftware UpdaterNokiaOviSuite2Installer.exe
2010-07-04 00:41 . 2009-08-04 18:21 1704528 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-07-01 17:32 . 2010-05-31 20:03
d
w- c:documents and settingsGermanApplication DataQipGuard
2010-07-01 17:30 . 2009-06-17 17:59
d
w- c:program filesQIP Infium
2010-06-27 17:55 . 2010-06-27 17:55
d
w- c:program filesQIP
2010-06-27 17:42 . 2010-06-27 17:42
d
w- c:program filesQIP 2010
2010-06-26 08:35 . 2009-06-21 18:42
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-06-22 22:08 . 2009-08-06 00:58
d
w- c:program filesGoogle
2010-06-21 18:17 . 2010-06-21 18:17
d
w- c:program filesBonjour
2010-06-21 17:59 . 2010-06-21 17:59 71992 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheSafari 5.33.16.0SetupAdmin.exe
2010-06-21 09:47 . 2009-06-21 17:43
d
w- c:program filesEset
2010-06-10 11:07 . 2010-05-31 20:02 127440 —-a-w- c:documents and settingsGermanApplication DataMozillaFirefoxProfilesy8vhokyw.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
2010-06-10 11:07 . 2010-05-31 20:03 190416 —-a-w- c:documents and settingsGermanApplication DataQipGuardQipGuard.exe
2010-06-10 11:07 . 2010-05-31 20:03 280440 —-a-w- c:documents and settingsGermanApplication DataQipGuardsqlite3.dll
2010-06-10 11:07 . 2010-05-31 20:03 48080 —-a-w- c:documents and settingsGermanApplication DataMicrosoftInternet Explorerqstatsrv.dll
2010-06-10 11:07 . 2010-05-31 20:03 20944 —-a-w- c:documents and settingsGermanApplication DataQipGuardchrome.dll
2010-06-03 20:54 . 2010-06-03 20:54 2944904 —-a-w- c:documents and settingsGermanApplication DataMozillaFirefoxProfilesy8vhokyw.defaultextensionstoolbar@ask.comchrometempaskToolbar.exe
2010-05-27 07:50 . 2010-05-27 07:50 503808 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-678beb51-nmsvcp71.dll
2010-05-27 07:50 . 2010-05-27 07:50 499712 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-678beb51-njmc.dll
2010-05-27 07:50 . 2010-05-27 07:50 348160 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-678beb51-nmsvcr71.dll
2010-05-27 07:50 . 2010-05-27 07:50 61440 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.0505535ab32-7f49b3e5-ndecora-sse.dll
2010-05-27 07:50 . 2010-05-27 07:50 12800 —-a-w- c:documents and settingsGermanApplication DataSunJavaDeploymentSystemCache6.0505535ab32-7f49b3e5-ndecora-d3d.dll
2010-05-25 13:52 . 2001-10-20 12:00 88404 —-a-w- c:windowssystem32perfc019.dat
2010-05-25 13:52 . 2001-10-20 12:00 493976 —-a-w- c:windowssystem32perfh019.dat
2010-05-24 19:11 . 2010-05-24 19:11 3351812 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}InstallerCommonCustomActionsmsxml6Exec.exe
2010-05-24 19:11 . 2010-05-24 19:11 36864 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}InstallerCommonCustomActionsSleep.exe
2010-05-24 19:10 . 2010-05-24 19:10 3203453 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}InstallerCommonCustomActionsvcredistExec.exe
2010-05-24 19:10 . 2010-05-24 19:12 35768328 —-a-w- c:documents and settingsAll UsersApplication DataInstallations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}NokiaSoftwareUpdaterSetup_ru.exe
2010-03-31 08:31 . 2010-03-31 08:18 35859752 —-a-w- c:program files42fs4hff.exe
2009-11-09 10:30 . 2009-06-20 22:53 21377872 —-a-w- c:program fileslaunch.exe
2009-07-21 19:19 . 2009-07-09 23:15 3 —-a-w- c:program filesCommon Filestime.cv
2009-06-20 23:22 . 2009-06-20 23:22 4649 —-a-w- c:program filesCommon Filesunins000.dat
2009-06-20 23:21 . 2009-06-20 23:22 1214827 —-a-w- c:program filesCommon Filesunins000.exe
2004-07-22 06:51 . 2004-07-22 06:51 3432656 —-a-w- c:program filesManagedDX.CAB
2004-07-19 18:58 . 2004-07-19 18:58 1156363 —-a-w- c:program filesBDANT.cab
2004-07-19 18:53 . 2004-07-19 18:53 976020 —-a-w- c:program filesBDAXP.cab
2004-07-09 10:17 . 2004-07-09 10:17 13265040 —-a-w- c:program filesdxnt.cab
2004-07-09 05:13 . 2004-07-09 05:13 15493481 —-a-w- c:program filesDirectX.cab
2004-07-09 05:13 . 2004-07-09 05:13 703080 —-a-w- c:program filesBDA.cab
2004-07-09 00:08 . 2004-07-09 00:08 472576 —-a-w- c:program filesdxsetup.exe
2004-07-09 00:08 . 2004-07-09 00:08 2242560 —-a-w- c:program filesdsetup32.dll
2004-07-08 23:03 . 2004-07-08 23:03 62976 —-a-w- c:program filesDSETUP.dll
2003-11-13 12:31 . 2003-11-13 12:31 1388544 —-a-w- c:program filesSFX Machine LT.dll
2003-11-05 17:37 . 2003-11-05 17:37 11838 —-a-w- c:program filesSFX Machine LT Read Me.rtf
.
Sigcheck
[-] 2009-06-17 . BC260ED748748149DB05B29B256A0500 . 503808 . . [5.1.2600.2180] . . c:windowssystem32winlogon.exe[-] 2007-02-06 . BA6FBEBD54BA6F80A330C4BE69A137F8 . 1548288 . . [5.1.2600.2180] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{00000000-6E41-4FD3-8538-502F5495E5FC}»= «c:program filesAsk.comGenericAskToolbar.dll» [2010-05-26 1385864][HKEY_CLASSES_ROOTclsid{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 11:23 1385864 —-a-w- c:program filesAsk.comGenericAskToolbar.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2010-05-26 1385864][HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{D4027C7F-154A-4066-A1AD-4243D8127440}»= «c:program filesAsk.comGenericAskToolbar.dll» [2010-05-26 1385864][HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«YandexDesktopSearch»=»c:program filesYandexDesktopyandesk.exe» [2007-12-10 7456256]
«SetDefaultMIDI»=»MIDIDef.exe» [2008-03-20 31232]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2007-12-13 1688872]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2007-08-01 222592]
«RocketDock»=»c:program filesRocketDockRocketDock.exe» [2007-09-02 495616]
«Google Update»=»c:documents and settingsGermanLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2009-07-15 133104]
«EDLauncher»=»c:program filesPRMT8PRMTEDEDLauncher.exe» [2007-08-17 122880]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2010-05-13 26192168]
«EA Core»=»c:program filesElectronic ArtsEADMCore.exe» [2009-09-03 3342336]
«NokiaOviSuite2″=»c:program filesNokiaNokia Ovi SuiteNokiaOviSuite.exe» [2010-02-24 385928]
«QIP Internet Guardian»=»c:documents and settingsGermanApplication DataQipGuardQipGuard.exe» [2010-06-10 190416]
«Infium»=»c:program filesQIP 2010qip.exe» [2010-06-16 5813200]
«QIP2005″=»c:program filesQIPqip.exe» [2009-08-13 3276288][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«EssSpkPhone»=»essspk1.exe -c» [X]
«NokiaMServer»=»c:program filesCommon FilesNokiaMPlatformNokiaMServer» [X]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-10-07 13574144]
«nwiz»=»nwiz.exe» [2008-10-07 1630208]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-10-07 86016]
«CTHelper»=»CTHELPER.EXE» [2008-03-20 23040]
«CTxfiHlp»=»CTXFIHLP.EXE» [2008-03-20 23552]
«UpdReg»=»c:windowsUpdReg.EXE» [2000-05-10 90112]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«NBKeyScan»=»c:program filesNeroNero8Nero BackItUpNBKeyScan.exe» [2007-12-03 2213160]
«RoxWatchTray»=»c:program filesCommon FilesRoxio Shared11.0SharedCOMRoxWatchTray11.exe» [2008-08-13 240112]
«CPMonitor»=»c:program filesRoxio Creator 20095.0CPMonitor.exe» [2008-08-09 80368]
«WheelMouse»=»c:program filesA4TechMouseAmoumain.exe» [2008-03-05 188416]
«H2O»=»c:program filesSyncroSoftPosH2Ocledx.exe» [2007-12-11 307200]
«adstopper»=»c:program filesAdStoperAdStopperTrayApp.exe» [2009-07-21 588800]
«DDKL»=»c:program filesKeyLogmsdtsf.exe» [2007-06-15 2809856]
«MDDiskProtect.exe»=»c:program filesMediafourMacDriveMDDiskProtect.exe» [2005-03-27 94208]
«MediafourGettingStartedWithMacDrive6″=»c:program filesMediafourMacDriveMacDrive.exe» [2005-03-27 86016]
«Mediafour Mac Volume Notifications»=»c:program filesCommon FilesMediafourMACVNTFY.EXE» [2005-03-27 61440]
«RTHDCPL»=»RTHDCPL.EXE» [2009-09-22 18749440]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2010-06-20 35760]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-06-09 976832]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2010-03-17 421888]
«NokiaMusic FastStart»=»c:program filesNokiaOvi PlayerNokiaOviPlayer.exe» [2010-03-04 2192672]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2010-04-07 2145000]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-05-14 248552]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2010-07-21 141608][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsGermanѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Punto Switcher.lnk — c:program filesYandexPunto Switcherpunto.exe [2009-8-27 831272]
Startup Defender.lnk — c:program filesZards softwareStartup DefenderStartup Defender.exe [2009-1-26 1045504][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyMacDrive-iTunes compatibility]
2005-03-27 18:18 61440 —-a-r- c:program filesCommon FilesMediafourMacDriveiTunesPatch.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Opera\opera.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«h:\Games\Sid Meier’s Civilization 4\Civilization4.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 MDPMGRNT;MDPMGRNT;c:windowssystem32driversMDPMGRNT.SYS [27.03.2005 22:18 44404]
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [14.05.2009 15:47 114984]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [14.05.2009 15:49 95872]
R1 MDFSYSNT;MDFSYSNT;c:windowssystem32driversMDFSYSNT.SYS [27.03.2005 22:18 277352]
R1 prodrv04;Star Force copy protection driver v4;c:windowssystem32driversprodrv04.sys [08.08.2009 19:14 114496]
R2 ekrn;ESET Service;c:program filesEsetESET NOD32 Antivirusekrn.exe [07.04.2010 21:07 810120]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:windowssystem32driversAmps2prt.sys [19.06.2009 14:21 14336]
R3 CLEDX;Team H2O CLEDX service;c:windowssystem32driverscledx.sys [21.06.2009 21:53 33792]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [23.06.2010 2:02 136176]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:program filesRoxio Creator 2009Digital Home 11RoxioUpnpService11.exe [14.08.2008 0:25 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:program filesCommon FilesRoxio Shared11.0SharedCOMRoxLiveShare11.exe [14.08.2008 0:24 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:program filesCommon FilesRoxio Shared11.0SharedCOMRoxWatch11.exe [14.08.2008 0:24 170480]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [28.10.2009 21:08 1684736]
S3 COMMONFX.SYS;COMMONFX.SYS;c:windowssystem32driversCOMMONFX.sys [20.03.2008 17:23 98328]
S3 COMMONFX;COMMONFX;c:windowssystem32driversCOMMONFX.sys [20.03.2008 17:23 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:windowssystem32driversCT20XUT.sys [20.03.2008 17:36 171032]
S3 CT20XUT;CT20XUT;c:windowssystem32driversCT20XUT.sys [20.03.2008 17:36 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:windowssystem32driversCTAUDFX.sys [20.03.2008 17:23 528920]
S3 CTAUDFX;CTAUDFX;c:windowssystem32driversCTAUDFX.sys [20.03.2008 17:23 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:windowssystem32driversCTEAPSFX.sys [20.03.2008 17:26 163352]
S3 CTEAPSFX;CTEAPSFX;c:windowssystem32driversCTEAPSFX.sys [20.03.2008 17:26 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:windowssystem32driversCTEDSPFX.sys [20.03.2008 17:32 259096]
S3 CTEDSPFX;CTEDSPFX;c:windowssystem32driversCTEDSPFX.sys [20.03.2008 17:32 259096]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:windowssystem32driversCTEDSPIO.sys [20.03.2008 17:38 134168]
S3 CTEDSPIO;CTEDSPIO;c:windowssystem32driversCTEDSPIO.sys [20.03.2008 17:38 134168]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:windowssystem32driversCTEDSPSY.sys [20.03.2008 17:37 309784]
S3 CTEDSPSY;CTEDSPSY;c:windowssystem32driversCTEDSPSY.sys [20.03.2008 17:37 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:windowssystem32driversCTERFXFX.sys [20.03.2008 17:36 99352]
S3 CTERFXFX;CTERFXFX;c:windowssystem32driversCTERFXFX.sys [20.03.2008 17:36 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:windowssystem32driversCTEXFIFX.sys [20.03.2008 17:40 1324056]
S3 CTEXFIFX;CTEXFIFX;c:windowssystem32driversCTEXFIFX.sys [20.03.2008 17:40 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:windowssystem32driversCTHWIUT.sys [20.03.2008 17:37 72728]
S3 CTHWIUT;CTHWIUT;c:windowssystem32driversCTHWIUT.sys [20.03.2008 17:37 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:windowssystem32driversCTSBLFX.sys [20.03.2008 17:25 534040]
S3 CTSBLFX;CTSBLFX;c:windowssystem32driversCTSBLFX.sys [20.03.2008 17:25 534040]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:program filesRoxio Creator 2009Digital Home 11RoxioUPnPRenderer11.exe [14.08.2008 0:25 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:program filesCommon FilesRoxio Shared11.0SharedCOMRoxMediaDB11.exe [14.08.2008 0:23 1124848]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [18.06.2009 0:37 685816]
.
Contents of the ‘Scheduled Tasks’ folder2010-08-16 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 08:34]2010-08-20 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-06-22 22:01]2010-08-19 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-06-22 22:01]2010-08-17 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-790525478-583907252-725345543-1004Core.job
— c:documents and settingsGermanLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-07-15 21:36]2010-08-20 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-790525478-583907252-725345543-1004UA.job
— c:documents and settingsGermanLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-07-15 21:36]2010-08-20 c:windowsTasksScheduled Update for Ask Toolbar.job
— c:program filesAsk.comUpdateTask.exe [2010-05-26 11:23]
.
.
Supplementary Scan
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsGermanApplication DataMozillaFirefoxProfilesy8vhokyw.default
FF — prefs.js: browser.search.selectedEngine — Ask.com
FF — prefs.js: browser.startup.homepage — hxxp://qip.ru
FF — component: c:documents and settingsGermanApplication DataMozillaFirefoxProfilesy8vhokyw.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
FF — component: c:program filesNokiaNokia Ovi SuiteConnectorsBookmarks ConnectorFirefoxExtensioncomponentsFirefoxExtension.dll
FF — plugin: c:documents and settingsGermanApplication DataMozillaFirefoxProfilesy8vhokyw.defaultextensionsfirefox@tvunetworks.compluginsnpTVUAx.dll
FF — plugin: c:documents and settingsGermanLocal SettingsApplication DataGoogleUpdate1.2.183.29npGoogleOneClick8.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — plugin: c:program filesJavajre6binnew_pluginnpdeployJava1.dll—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbaam7a8h», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.buffer.cache.count», 24);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.buffer.cache.size», 4096);
c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.
— — — — ORPHANS REMOVED — — — —URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} — c:program filesAskTBarSrchAstt1.binA5SRCHAS.DLL
ShellIconOverlayIdentifiers-Mediafour Mac Volume Icons — (no file)**************************************************************************
scanning hidden processes …scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files:**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(720)
c:program filesCommon FilesMediafourMacDriveiTunesPatch.dll
.
Completion time: 2010-08-20 11:17:51
ComboFix-quarantined-files.txt 2010-08-20 07:17Pre-Run: 7 551 250 432 байт свободно
Post-Run: 7 537 602 560 байт свободно— — End Of File — — AF3DD534E6EF5AD7497540F598C387AC
Logfile of random’s system information tool 1.08 (written by random/random)
Run by German at 2010-08-14 19:04:27
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 7 GB (25%) free of 30 GB
Total RAM: 2047 MB (48% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:04:32, on 14.08.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesRoxio Creator 20095.0CPMonitor.exe
C:Program FilesSyncroSoftPosH2Ocledx.exe
C:Program FilesAdStoperAdStopperTrayApp.exe
C:Program FilesKeyLogmsdtsf.exe
C:Program FilesMediafourMacDriveMDDiskProtect.exe
C:Program FilesCommon FilesMediafourMACVNTFY.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesCommon FilesNokiaMPlatformNokiaMServer.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesYandexDesktopyandesk.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesRocketDockRocketDock.exe
C:Program FilesPRMT8PRMTEDEDLauncher.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesNokiaNokia Ovi SuiteNokiaOviSuite.exe
C:Documents and SettingsGermanApplication DataQipGuardQipGuard.exe
C:Program FilesQIP 2010qip.exe
C:Program FilesQIPqip.exe
C:Program FilesYandexPunto Switcherpunto.exe
C:Program FilesZards softwareStartup DefenderStartup Defender.exe
C:Program FilesCreative ProfessionalDigital Audio SystemE-MU PatchMix DSPEmuPatchMixDSP.exe
C:Program FilesPRMT8PRMTEDprmedsvr.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNokiaNoAnokiaaserver.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesOperaopera.exe
C:Program FilesSafariSafari.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Documents and SettingsGermanРабочий столRSIT.exe
C:Program Filestrend microGerman.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: UrlSearchHook Class — {00000000-6E41-4FD3-8538-502F5495E5FC} — C:Program FilesAsk.comGenericAskToolbar.dll
R3 — URLSearchHook: (no name) — {9CB65206-89C4-402c-BA80-02D8C59F9B1D} — C:Program FilesAskTBarSrchAstt1.binA5SRCHAS.DLL (file missing)
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Ask Search Assistant BHO — {9CB65201-89C4-402c-BA80-02D8C59F9B1D} — (no file)
O2 — BHO: Ask Toolbar BHO — {D4027C7F-154A-4066-A1AD-4243D8127440} — C:Program FilesAsk.comGenericAskToolbar.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: XBTBPos00 — {FCBCCB87-9224-4B8D-B117-F56D924BEB18} — C:Program FilesPivim Multibarpivim.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — (no file)
O3 — Toolbar: Pivim Multibar — {1BB22D38-A411-4B13-A746-C2A4F4EC7344} — C:Program FilesPivim Multibarpivim.dll
O3 — Toolbar: Ask Toolbar — {D4027C7F-154A-4066-A1AD-4243D8127440} — C:Program FilesAsk.comGenericAskToolbar.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [CTHelper] CTHELPER.EXE
O4 — HKLM..Run: [CTxfiHlp] CTXFIHLP.EXE
O4 — HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 — HKLM..Run: [NBKeyScan] «C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe»
O4 — HKLM..Run: [RoxWatchTray] «C:Program FilesCommon FilesRoxio Shared11.0SharedCOMRoxWatchTray11.exe»
O4 — HKLM..Run: [CPMonitor] «C:Program FilesRoxio Creator 20095.0CPMonitor.exe»
O4 — HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [H2O] C:Program FilesSyncroSoftPosH2Ocledx.exe
O4 — HKLM..Run: [adstopper] C:Program FilesAdStoperAdStopperTrayApp.exe
O4 — HKLM..Run: [DDKL] C:Program FilesKeyLogmsdtsf.exe
O4 — HKLM..Run: [MDDiskProtect.exe] C:Program FilesMediafourMacDriveMDDiskProtect.exe
O4 — HKLM..Run: [MediafourGettingStartedWithMacDrive6] «C:Program FilesMediafourMacDriveMacDrive.exe» /runonce
O4 — HKLM..Run: [Mediafour Mac Volume Notifications] «C:Program FilesCommon FilesMediafourMACVNTFY.EXE» /auto
O4 — HKLM..Run: [EssSpkPhone] essspk1.exe -c
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [NokiaMServer] C:Program FilesCommon FilesNokiaMPlatformNokiaMServer /watchfiles startup
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKLM..Run: [NokiaMusic FastStart] «C:Program FilesNokiaOvi PlayerNokiaOviPlayer.exe» /command:faststart
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [iTunesHelper] «C:Program FilesiTunesiTunesHelper.exe»
O4 — HKCU..Run: [YandexDesktopSearch] «C:Program FilesYandexDesktopyandesk.exe»
O4 — HKCU..Run: [SetDefaultMIDI] MIDIDef.exe
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [RocketDock] «C:Program FilesRocketDockRocketDock.exe»
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsGermanLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKCU..Run: [EDLauncher] C:Program FilesPRMT8PRMTEDEDLauncher.exe
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [EA Core] «C:Program FilesElectronic ArtsEADMCore.exe» -silent
O4 — HKCU..Run: [NokiaOviSuite2] C:Program FilesNokiaNokia Ovi SuiteNokiaOviSuite.exe -tray
O4 — HKCU..Run: [QIP Internet Guardian] C:Documents and SettingsGermanApplication DataQipGuardQipGuard.exe
O4 — HKCU..Run: [Infium] «C:Program FilesQIP 2010qip.exe» /autorun
O4 — HKCU..Run: [QIP2005] C:Program FilesQIPqip.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Punto Switcher.lnk = C:Program FilesYandexPunto Switcherpunto.exe
O4 — Startup: Startup Defender.lnk = C:Program FilesZards softwareStartup DefenderStartup Defender.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: QIP Infium — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIP Infiuminfium.exe (HKCU)
O17 — HKLMSystemCCSServicesTcpip..{BC0E28E8-823A-4932-A164-02403F14FFF2}: NameServer = 195.34.32.116 212.188.4.10
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: MacDrive-iTunes compatibility — C:Program FilesCommon FilesMediafourMacDriveiTunesPatch.dll
O22 — SharedTaskScheduler: Предзагрузчик Browseui — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSsystem32browseui.dll
O22 — SharedTaskScheduler: Демон кэша категорий компонентов — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSsystem32browseui.dll
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 — Service: Служба Bonjour (Bonjour Service) — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Update Service (gupdate) (gupdate) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Roxio UPnP Renderer 11 — Sonic Solutions — C:Program FilesRoxio Creator 2009Digital Home 11RoxioUPnPRenderer11.exe
O23 — Service: Roxio Upnp Server 11 — Sonic Solutions — C:Program FilesRoxio Creator 2009Digital Home 11RoxioUpnpService11.exe
O23 — Service: LiveShare P2P Server 11 (RoxLiveShare11) — Sonic Solutions — C:Program FilesCommon FilesRoxio Shared11.0SharedCOMRoxLiveShare11.exe
O23 — Service: RoxMediaDB11 — Sonic Solutions — C:Program FilesCommon FilesRoxio Shared11.0SharedCOMRoxMediaDB11.exe
O23 — Service: Roxio Hard Drive Watcher 11 (RoxWatch11) — Sonic Solutions — C:Program FilesCommon FilesRoxio Shared11.0SharedCOMRoxWatch11.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 13331 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksGoogleUpdateTaskMachineCore.job
C:WINDOWStasksGoogleUpdateTaskMachineUA.job
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-790525478-583907252-725345543-1004Core.job
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-790525478-583907252-725345543-1004UA.job
C:WINDOWStasksScheduled Update for Ask Toolbar.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2010-06-19 75200][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar — C:Program FilesAsk.comGenericAskToolbar.dll [2010-05-26 1385864][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-07-17 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2010-07-17 79648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
XBTBPos00 Class — C:Program FilesPivim Multibarpivim.dll [2009-07-09 2175488][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} — Pivim Multibar — C:Program FilesPivim Multibarpivim.dll [2009-07-09 2175488]
{D4027C7F-154A-4066-A1AD-4243D8127440} — Ask Toolbar — C:Program FilesAsk.comGenericAskToolbar.dll [2010-05-26 1385864][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-10-07 13574144]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-10-07 86016]
«CTHelper»=C:WINDOWSsystem32CTHELPER.EXE [2008-03-20 23040]
«CTxfiHlp»=C:WINDOWSsystem32CTXFIHLP.EXE [2008-03-20 23552]
«UpdReg»=C:WINDOWSUpdReg.EXE [2000-05-11 90112]
«NeroFilterCheck»=C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136]
«NBKeyScan»=C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [2007-12-03 2213160]
«RoxWatchTray»=C:Program FilesCommon FilesRoxio Shared11.0SharedCOMRoxWatchTray11.exe [2008-08-14 240112]
«CPMonitor»=C:Program FilesRoxio Creator 20095.0CPMonitor.exe [2008-08-10 80368]
«WheelMouse»=C:Program FilesA4TechMouseAmoumain.exe [2008-03-06 188416]
«H2O»=C:Program FilesSyncroSoftPosH2Ocledx.exe [2007-12-11 307200]
«adstopper»=C:Program FilesAdStoperAdStopperTrayApp.exe [2009-07-21 588800]
«DDKL»=C:Program FilesKeyLogmsdtsf.exe [2007-06-15 2809856]
«MDDiskProtect.exe»=C:Program FilesMediafourMacDriveMDDiskProtect.exe [2005-03-27 94208]
«MediafourGettingStartedWithMacDrive6″=C:Program FilesMediafourMacDriveMacDrive.exe [2005-03-27 86016]
«Mediafour Mac Volume Notifications»=C:Program FilesCommon FilesMediafourMACVNTFY.EXE [2005-03-27 61440]
«EssSpkPhone»=essspk1.exe -c []
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2009-09-22 18749440]
«NokiaMServer»=C:Program FilesCommon FilesNokiaMPlatformNokiaMServer /watchfiles startup []
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2010-06-20 35760]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2010-06-09 976832]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2010-03-17 421888]
«NokiaMusic FastStart»=C:Program FilesNokiaOvi PlayerNokiaOviPlayer.exe [2010-03-04 2192672]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2010-04-07 2145000]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-05-14 248552]
«iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe [2010-07-21 141608][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«YandexDesktopSearch»=C:Program FilesYandexDesktopyandesk.exe [2007-12-10 7456256]
«SetDefaultMIDI»=C:WINDOWSsystem32MIDIDef.exe [2008-03-20 31232]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe [2007-12-13 1688872]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2007-08-01 222592]
«RocketDock»=C:Program FilesRocketDockRocketDock.exe [2007-09-02 495616]
«Google Update»=C:Documents and SettingsGermanLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-07-16 133104]
«EDLauncher»=C:Program FilesPRMT8PRMTEDEDLauncher.exe [2007-08-17 122880]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2010-05-13 26192168]
«EA Core»=C:Program FilesElectronic ArtsEADMCore.exe [2009-09-04 3342336]
«NokiaOviSuite2″=C:Program FilesNokiaNokia Ovi SuiteNokiaOviSuite.exe [2010-02-24 385928]
«QIP Internet Guardian»=C:Documents and SettingsGermanApplication DataQipGuardQipGuard.exe [2010-06-10 190416]
«Infium»=C:Program FilesQIP 2010qip.exe [2010-06-16 5813200]
«QIP2005″=C:Program FilesQIPqip.exe [2009-08-13 3276288]C:Documents and SettingsGermanГлавное менюПрограммыАвтозагрузка
Punto Switcher.lnk — C:Program FilesYandexPunto Switcherpunto.exe
Startup Defender.lnk — C:Program FilesZards softwareStartup DefenderStartup Defender.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyMacDrive-iTunes compatibility]
C:Program FilesCommon FilesMediafourMacDriveiTunesPatch.dll [2005-03-27 61440][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=67108863
«NoDriveTypeAutoRun»=323
«NoDrives»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:DOCUME~1GermanLOCALS~1Tempe.exe»=»C:DOCUME~1GermanLOCALS~1Tempe.exe:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp10B9.tmp»=»C:DOCUME~1GermanLOCALS~1Temp10B9.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp3B5C.exe»=»C:DOCUME~1GermanLOCALS~1Temp3B5C.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp3B76.exe»=»C:DOCUME~1GermanLOCALS~1Temp3B76.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp4E02.exe»=»C:DOCUME~1GermanLOCALS~1Temp4E02.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp4DF8.tmp»=»C:DOCUME~1GermanLOCALS~1Temp4DF8.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp5F12.tmp»=»C:DOCUME~1GermanLOCALS~1Temp5F12.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp5F16.tmp»=»C:DOCUME~1GermanLOCALS~1Temp5F16.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp693C.exe»=»C:DOCUME~1GermanLOCALS~1Temp693C.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp6939.tmp»=»C:DOCUME~1GermanLOCALS~1Temp6939.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp7017.exe»=»C:DOCUME~1GermanLOCALS~1Temp7017.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp701A.exe»=»C:DOCUME~1GermanLOCALS~1Temp701A.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp8026.exe»=»C:DOCUME~1GermanLOCALS~1Temp8026.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp802C.exe»=»C:DOCUME~1GermanLOCALS~1Temp802C.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp8741.exe»=»C:DOCUME~1GermanLOCALS~1Temp8741.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp8747.exe»=»C:DOCUME~1GermanLOCALS~1Temp8747.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp94C9.exe»=»C:DOCUME~1GermanLOCALS~1Temp94C9.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp94CC.tmp»=»C:DOCUME~1GermanLOCALS~1Temp94CC.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp9E4C.exe»=»C:DOCUME~1GermanLOCALS~1Temp9E4C.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp9E39.tmp»=»C:DOCUME~1GermanLOCALS~1Temp9E39.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1TempA34F.exe»=»C:DOCUME~1GermanLOCALS~1TempA34F.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1TempA355.tmp»=»C:DOCUME~1GermanLOCALS~1TempA355.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1TempAB3F.tmp»=»C:DOCUME~1GermanLOCALS~1TempAB3F.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1TempAB3B.tmp»=»C:DOCUME~1GermanLOCALS~1TempAB3B.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp8F63.exe»=»C:DOCUME~1GermanLOCALS~1Temp8F63.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp8CCE.tmp»=»C:DOCUME~1GermanLOCALS~1Temp8CCE.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1TempAB58.exe»=»C:DOCUME~1GermanLOCALS~1TempAB58.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1TempAA14.tmp»=»C:DOCUME~1GermanLOCALS~1TempAA14.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1TempABAB.exe»=»C:DOCUME~1GermanLOCALS~1TempABAB.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1TempABAE.tmp»=»C:DOCUME~1GermanLOCALS~1TempABAE.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1TempA548.tmp»=»C:DOCUME~1GermanLOCALS~1TempA548.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1TempA61B.tmp»=»C:DOCUME~1GermanLOCALS~1TempA61B.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp7325.exe»=»C:DOCUME~1GermanLOCALS~1Temp7325.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp7328.tmp»=»C:DOCUME~1GermanLOCALS~1Temp7328.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp6619.exe»=»C:DOCUME~1GermanLOCALS~1Temp6619.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp661D.tmp»=»C:DOCUME~1GermanLOCALS~1Temp661D.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp4F9F.exe»=»C:DOCUME~1GermanLOCALS~1Temp4F9F.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp5131.tmp»=»C:DOCUME~1GermanLOCALS~1Temp5131.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp585F.exe»=»C:DOCUME~1GermanLOCALS~1Temp585F.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp5862.tmp»=»C:DOCUME~1GermanLOCALS~1Temp5862.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp6436.exe»=»C:DOCUME~1GermanLOCALS~1Temp6436.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp6439.exe»=»C:DOCUME~1GermanLOCALS~1Temp6439.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp6D26.exe»=»C:DOCUME~1GermanLOCALS~1Temp6D26.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp6D2A.tmp»=»C:DOCUME~1GermanLOCALS~1Temp6D2A.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp7794.tmp»=»C:DOCUME~1GermanLOCALS~1Temp7794.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp7797.tmp»=»C:DOCUME~1GermanLOCALS~1Temp7797.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp7F98.exe»=»C:DOCUME~1GermanLOCALS~1Temp7F98.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp7F9C.tmp»=»C:DOCUME~1GermanLOCALS~1Temp7F9C.tmp:*:Enabled:RASS Server»
«C:DOCUME~1GermanLOCALS~1Temp86BD.exe»=»C:DOCUME~1GermanLOCALS~1Temp86BD.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp86C1.exe»=»C:DOCUME~1GermanLOCALS~1Temp86C1.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp8F88.exe»=»C:DOCUME~1GermanLOCALS~1Temp8F88.exe:*:Enabled:Microsoft Windows Update Platform»
«C:DOCUME~1GermanLOCALS~1Temp8F8B.tmp»=»C:DOCUME~1GermanLOCALS~1Temp8F8B.tmp:*:Enabled:RASS Server»
«C:WINDOWSsystem328F88.exe»=»C:WINDOWSsystem328F88.exe:*:Enabled:Microsoft Windows Update Platform»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Служба Bonjour»
«H:GamesSid Meier’s Civilization 4Civilization4.exe»=»H:GamesSid Meier’s Civilization 4Civilization4.exe:*:Enabled:Sid Meier’s Civilization 4»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2010-08-14 19:04:27 —-D—- C:rsit
2010-08-14 18:28:02 —-D—- C:RECYCLER
2010-08-14 17:59:27 —-D—- C:WINDOWSERDNT
2010-08-09 22:09:53 —-D—- C:Program FilesiPod
2010-08-09 22:09:49 —-D—- C:Program FilesiTunes
2010-08-02 09:43:32 —-D—- C:Program FilesCommon FilesJava
2010-08-02 09:43:20 —-A—- C:WINDOWSsystem32javaws.exe
2010-08-02 09:43:20 —-A—- C:WINDOWSsystem32javaw.exe
2010-08-02 09:43:20 —-A—- C:WINDOWSsystem32java.exe
2010-07-27 21:16:04 —-A—- C:WINDOWSsystem32NMSDVDXU.dll
2010-07-27 21:16:00 —-D—- C:Documents and SettingsGermanApplication DataLG Electronics
2010-07-27 21:15:35 —-D—- C:Program FilesLG Electronics
2010-07-16 13:50:26 —-D—- C:Documents and SettingsGermanApplication DataMy Games
2010-07-15 03:46:26 —-A—- C:WINDOWSIE4 Error Log.txt======List of files/folders modified in the last 1 months======
2010-08-14 19:04:32 —-D—- C:Program FilesTrend Micro
2010-08-14 19:04:27 —-D—- C:WINDOWSTemp
2010-08-14 19:03:48 —-D—- C:Documents and SettingsGermanApplication DataSkype
2010-08-14 18:50:59 —-D—- C:WINDOWS
2010-08-14 18:30:02 —-D—- C:Documents and SettingsGermanApplication DataskypePM
2010-08-14 18:28:55 —-A—- C:WINDOWSsystem.ini
2010-08-14 18:27:42 —-D—- C:WINDOWSsystem32driversetc
2010-08-14 18:27:28 —-D—- C:WINDOWSsystem32drivers
2010-08-14 18:26:35 —-D—- C:WINDOWSsystem32config
2010-08-14 18:23:14 —-D—- C:WINDOWSsystem32
2010-08-14 18:21:34 —-D—- C:WINDOWSAppPatch
2010-08-14 18:21:31 —-D—- C:Program FilesCommon Files
2010-08-14 18:19:12 —-D—- C:WINDOWSsystem32CatRoot2
2010-08-14 17:59:55 —-A—- C:WINDOWSSchedLgU.Txt
2010-08-14 17:57:13 —-D—- C:WINDOWSPrefetch
2010-08-13 02:06:16 —-D—- C:Documents and SettingsGermanApplication DataThe Bat!
2010-08-12 18:13:58 —-D—- C:Documents and SettingsAll UsersApplication DatanView_Profiles
2010-08-10 23:25:32 —-D—- C:Documents and SettingsAll UsersApplication DataSonic
2010-08-09 22:11:44 —-SHD—- C:WINDOWSInstaller
2010-08-09 22:09:53 —-RD—- C:Program Files
2010-08-09 22:09:51 —-D—- C:Program FilesCommon FilesApple
2010-08-09 22:00:16 —-D—- C:Program FilesSafari
2010-08-08 20:02:43 —-A—- C:WINDOWSNeroDigital.ini
2010-08-02 09:43:06 —-D—- C:Program FilesJava
2010-07-28 09:41:55 —-HD—- C:WINDOWSinf
2010-07-27 21:15:35 —-HD—- C:Program FilesInstallShield Installation Information
2010-07-25 11:18:56 —-D—- C:Program FilesMozilla Firefox
2010-07-17 05:00:04 —-A—- C:WINDOWSsystem32deployJava1.dll
2010-07-16 13:30:12 —-RSD—- C:WINDOWSFonts
2010-07-15 14:50:01 —-A—- C:WINDOWScdplayer.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MDPMGRNT;MDPMGRNT; C:WINDOWSsystem32driversMDPMGRNT.sys [2005-03-27 44404]
R0 PxHelp20;PxHelp20; C:WINDOWSSystem32DriversPxHelp20.sys [2008-06-16 44944]
R0 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2010-04-07 114984]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2010-04-07 95872]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R1 MDFSYSNT;MDFSYSNT; C:WINDOWSsystem32driversMDFSYSNT.sys [2005-03-27 277352]
R1 prodrv04;Star Force copy protection driver v4; C:WINDOWSSystem32driversprodrv04.sys [2009-08-08 114496]
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2010-04-07 139192]
R2 PfModNT;PfModNT; ??C:WINDOWSsystem32driversPfModNT.sys []
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:WINDOWSsystem32DRIVERSAmps2prt.sys [2007-06-17 14336]
R3 CLEDX;Team H2O CLEDX service; C:WINDOWSsystem32DRIVERScledx.sys [2005-05-09 33792]
R3 ctac32k;Creative AC3 Software Decoder; C:WINDOWSsystem32driversctac32k.sys [2006-08-04 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:WINDOWSsystem32driversctaud2k.sys [2006-08-04 499584]
R3 ctprxy2k;Creative Proxy Driver; C:WINDOWSsystem32driversctprxy2k.sys [2006-08-04 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:WINDOWSsystem32driversctsfm2k.sys [2006-08-04 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:WINDOWSsystem32driversemupia2k.sys [2006-08-04 78336]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:WINDOWSsystem32driversha10kx2k.sys [2006-08-04 766976]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-10-20 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2009-09-22 5915136]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-10-07 6133856]
R3 ossrv;Creative OS Services Driver; C:WINDOWSsystem32driversctoss2k.sys [2006-08-04 116224]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2006-08-14 83200]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S0 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2009-06-18 685816]
S3 Ambfilt;Ambfilt; C:WINDOWSsystem32driversAmbfilt.sys [2008-08-05 1684736]
S3 catchme;catchme; ??C:DOCUME~1GermanLOCALS~1Tempcatchme.sys []
S3 COMMONFX.SYS;COMMONFX.SYS; C:WINDOWSSystem32driversCOMMONFX.SYS [2008-03-20 98328]
S3 COMMONFX;COMMONFX; C:WINDOWSsystem32driversCOMMONFX.SYS [2008-03-20 98328]
S3 CT20XUT.SYS;CT20XUT.SYS; C:WINDOWSSystem32driversCT20XUT.SYS [2008-03-20 171032]
S3 CT20XUT;CT20XUT; C:WINDOWSsystem32driversCT20XUT.SYS [2008-03-20 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS; C:WINDOWSSystem32driversCTAUDFX.SYS [2008-03-20 528920]
S3 CTAUDFX;CTAUDFX; C:WINDOWSsystem32driversCTAUDFX.SYS [2008-03-20 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS; C:WINDOWSSystem32driversCTEAPSFX.SYS [2008-03-20 163352]
S3 CTEAPSFX;CTEAPSFX; C:WINDOWSsystem32driversCTEAPSFX.SYS [2008-03-20 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS; C:WINDOWSSystem32driversCTEDSPFX.SYS [2008-03-20 259096]
S3 CTEDSPFX;CTEDSPFX; C:WINDOWSsystem32driversCTEDSPFX.SYS [2008-03-20 259096]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS; C:WINDOWSSystem32driversCTEDSPIO.SYS [2008-03-20 134168]
S3 CTEDSPIO;CTEDSPIO; C:WINDOWSsystem32driversCTEDSPIO.SYS [2008-03-20 134168]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS; C:WINDOWSSystem32driversCTEDSPSY.SYS [2008-03-20 309784]
S3 CTEDSPSY;CTEDSPSY; C:WINDOWSsystem32driversCTEDSPSY.SYS [2008-03-20 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:WINDOWSSystem32driversCTERFXFX.SYS [2008-03-20 99352]
S3 CTERFXFX;CTERFXFX; C:WINDOWSsystem32driversCTERFXFX.SYS [2008-03-20 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:WINDOWSSystem32driversCTEXFIFX.SYS [2008-03-20 1324056]
S3 CTEXFIFX;CTEXFIFX; C:WINDOWSsystem32driversCTEXFIFX.SYS [2008-03-20 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS; C:WINDOWSSystem32driversCTHWIUT.SYS [2008-03-20 72728]
S3 CTHWIUT;CTHWIUT; C:WINDOWSsystem32driversCTHWIUT.SYS [2008-03-20 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS; C:WINDOWSSystem32driversCTSBLFX.SYS [2008-03-20 534040]
S3 CTSBLFX;CTSBLFX; C:WINDOWSsystem32driversCTSBLFX.SYS [2008-03-20 534040]
S3 mbr;mbr; ??C:DOCUME~1GermanLOCALS~1Tempmbr.sys []
S3 Monfilt;Monfilt; C:WINDOWSsystem32driversMonfilt.sys [2006-01-04 1389056]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-20 12160]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 RTL8169;Realtek 8169 NT Driver; C:WINDOWSsystem32DRIVERSRtlh86.sys [2006-12-08 67072]
S3 Tosrfcom;Tosrfcom; C:WINDOWSsystem32driversTosrfcom.sys []
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2010-02-26 8192]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2010-02-26 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 RxFilter;RxFilter; C:WINDOWSsystem32DRIVERSRxFilter.sys [2008-08-11 57328]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-20 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Служба Bonjour; C:Program FilesBonjourmDNSResponder.exe [2010-05-18 345376]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2010-04-07 810120]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2010-07-17 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2007-12-03 869672]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-10-07 163908]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2010-07-21 540968]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-12-13 447784]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2010-04-27 611840]
S2 gupdate;Google Update Service (gupdate); C:Program FilesGoogleUpdateGoogleUpdate.exe [2010-06-23 136176]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11; C:Program FilesRoxio Creator 2009Digital Home 11RoxioUpnpService11.exe [2008-08-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11; C:Program FilesCommon FilesRoxio Shared11.0SharedCOMRoxLiveShare11.exe [2008-08-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11; C:Program FilesCommon FilesRoxio Shared11.0SharedCOMRoxWatch11.exe [2008-08-14 170480]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2010-04-07 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2005-02-24 73728]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11; C:Program FilesRoxio Creator 2009Digital Home 11RoxioUPnPRenderer11.exe [2008-08-14 313840]
S3 RoxMediaDB11;RoxMediaDB11; C:Program FilesCommon FilesRoxio Shared11.0SharedCOMRoxMediaDB11.exe [2008-08-14 1124848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
EOF
успела провести полную проверку системы dr.webом. Поймал несколько вирусов. Проблемы не решились ((( все тоже серое окно при загрузке, проблемы с перезагрузкой и ждущим/спящим режимами. На всякий случай новый лог:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by UserX at 2010-03-19 06:53:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (18%) free of 38 GB
Total RAM: 2030 MB (71% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:12, on 19.03.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesKeyboard & Mouse DriverKMWDSrv.exe
C:Program FilesMarvell61xxsvcmvraidsvc.exe
C:Program FilesMarvell61xxApache2binApache.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32PAStiSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMarvell61xxApache2binApache.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSExplorer.EXE
C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
C:Program FilesIntel Audio StudioIntelAudioStudio.exe
C:Program FilesVDOToolTBPanel.exe
C:Program FilesKeyboard & Mouse DriverStartAutorun.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesWebMoney Agentwmagent.exe
C:Program FilesKeyboard & Mouse DriverKMConfig.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesKeyboard & Mouse DriverKMProcess.exe
C:Program FilesBitCometBitComet.exe
C:Program FilesLogitechProfilerlwemon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesQIPqip.exe
C:Program FilesMcAfee Security Scan1.0.150SSScheduler.exe
C:Program FilesYandexPunto Switcherpunto.exe
C:Program FilesOperaopera.exe
C:Program FilesOutlook Expressmsimn.exe
C:Documents and SettingsUserXРабочий столRSIT.exe
C:Program Filestrend microUserX.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ya.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,\?globalrootsystemrootsystem325sH9gbI.exe,userinit.exe
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — c:program filesrealrealplayerrpbrowserrecordplugin.dll
O2 — BHO: BitComet ClickCapture — {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} — C:Program FilesBitComettoolsBitCometBHO_1.2.2.28.dll
O2 — BHO: Windows Live Sign-in Helper — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: AcroIEToolbarHelper Class — {AE7CD045-E861-484f-8273-0445EE161910} — C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O2 — BHO: YPhotoPlugin Class — {D8FFE63C-93AF-4070-A39F-3A431F592B8D} — C:Program FilesYandexYandexPhotoyphotoie.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: Adobe PDF — {47833539-D0C5-4125-9FA8-0819E2EAAC93} — C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
O4 — HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [IntelAudioStudio] «C:Program FilesIntel Audio StudioIntelAudioStudio.exe» TRAY
O4 — HKLM..Run: [mouseElf] C:PROGRA~1TWINTO~1MouseElf.EXE
O4 — HKLM..Run: [Gainward] C:Program FilesVDOToolTBPanel.exe /A
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [KMCONFIG] C:Program FilesKeyboard & Mouse DriverStartAutorun.exe KMConfig.exe
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [ISUSScheduler] «C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKCU..Run: [BitComet] «C:Program FilesBitCometBitComet.exe» /tray
O4 — HKCU..Run: [Start WingMan Profiler] «C:Program FilesLogitechProfilerlwemon.exe» /noui
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [QIP2005] C:Program FilesQIPqip.exe
O4 — HKCU..Run: [DAEMON Tools Pro Agent] «C:Program FilesDAEMON Tools ProDTProAgent.exe»
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Punto Switcher.lnk = C:Program FilesYandexPunto Switcherpunto.exe
O4 — Global Startup: McAfee Security Scan.lnk = ?
O8 — Extra context menu item: &З&агрузить &с помощью BitComet — res://C:Program FilesBitCometBitComet.exe/AddLink.htm
O8 — Extra context menu item: &З&агрузить все видео файлы с помощью BitComet — res://C:Program FilesBitCometBitComet.exe/AddVideo.htm
O8 — Extra context menu item: &З&агрузить все с помощью BitComet — res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Add to Google Photos Screensa&ver — res://C:WINDOWSsystem32GPhotos.scr/200
O8 — Extra context menu item: Convert link target to Adobe PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Convert link target to existing PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert selected links to Adobe PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 — Extra context menu item: Convert selected links to existing PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 — Extra context menu item: Convert selection to Adobe PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Convert selection to existing PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert to Adobe PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Convert to existing PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O9 — Extra button: (no name) — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Перевод — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm
O9 — Extra ‘Tools’ menuitem: Настройка параметров перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: BitComet — {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} — res://C:Program FilesBitComettoolsBitCometBHO_1.2.2.28.dll/206 (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: QIP 2005 — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIPqip.exe (HKCU)
O9 — Extra button: Перевод — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm (HKCU)
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm (HKCU)
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm (HKCU)
O9 — Extra ‘Tools’ menuitem: Настройка перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm (HKCU)
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 — DPF: {093500E9-F79F-4C52-A9B5-D8C7E4B3023E} (ParallelGraphics Installer Class) — http://www.outline3d.com/main/installer.cab?key=0b69
O16 — DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) — https://w3s.webmoney.ru/WMAcceptor.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171486211612
O16 — DPF: {810B649C-CEAE-4AC9-BF26-81341B49E913} (ParallelGraphics PlanEditor Control) — http://www.outline3d.com/main/pecontrol_new2.cab?key=0512
O16 — DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) — http://www.outline3d.com/main/cortvrml42.cab?key=fd55
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: ArcSoft Connect Daemon (ACDaemon) — ArcSoft — C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Admin Works Agent X8 (AWService) — OSA Technologies Inc., An Avocent Company — C:Program FilesIntelIDUawServ.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) — Intel Corporation — C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Keyboard And Mouse Communication Service (KMWDSERVICE) — UASSOFT.COM — C:Program FilesKeyboard & Mouse DriverKMWDSrv.exe
O23 — Service: Marvell RAID Event Agent (Marvell RAID) — Unknown owner — C:Program FilesMarvell61xxsvcmvraidsvc.exe
O23 — Service: MRU Web Service (MRUWebService) — Apache Software Foundation — C:Program FilesMarvell61xxApache2binApache.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: STI Simulator — Unknown owner — C:WINDOWSSystem32PAStiSvc.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 16751 bytes======Scheduled tasks folder======
C:WINDOWStasksUser_Feed_Synchronization-{9B6851C9-28E7-4F26-990D-E6725527E2EA}.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-08-04 1586472][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — c:program filesrealrealplayerrpbrowserrecordplugin.dll [2009-10-12 329312][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper — C:Program FilesBitComettoolsBitCometBHO_1.2.2.28.dll [2008-02-29 468280][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class — C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll [2004-12-14 225280][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D8FFE63C-93AF-4070-A39F-3A431F592B8D}]
YPhotoPlugin Class — C:Program FilesYandexYandexPhotoyphotoie.dll [2007-07-20 289544][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-02-18 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2010-02-18 79648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} — Adobe PDF — C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll [2004-12-14 225280]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-11-27 8721160]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«IAAnotif»=C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe [2009-02-11 186904]
«IgfxTray»=C:WINDOWSsystem32igfxtray.exe [2006-06-23 98304]
«HotKeysCmds»=C:WINDOWSsystem32hkcmd.exe [2006-06-23 86016]
«Persistence»=C:WINDOWSsystem32igfxpers.exe [2006-06-23 81920]
«IntelAudioStudio»=C:Program FilesIntel Audio StudioIntelAudioStudio.exe [2006-08-02 9134080]
«mouseElf»=C:PROGRA~1TWINTO~1MouseElf.EXE [2004-08-26 192512]
«Gainward»=C:Program FilesVDOToolTBPanel.exe [2007-10-02 2165272]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2010-01-14 13524992]
«nwiz»=nwiz.exe /install []
«KMCONFIG»=C:Program FilesKeyboard & Mouse DriverStartAutorun.exe [2007-03-06 212992]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2005-02-16 221184]
«ISUSScheduler»=C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-02-16 81920]
«wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2008-10-01 209376]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2009-10-12 198160]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-11-25 81000]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2010-01-14 86016][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«BitComet»=C:Program FilesBitCometBitComet.exe [2008-03-25 2196280]
«Start WingMan Profiler»=C:Program FilesLogitechProfilerlwemon.exe [2005-04-18 73728]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2003-08-18 15360]
«QIP2005″=C:Program FilesQIPqip.exe [2009-08-13 3276288]
«DAEMON Tools Pro Agent»=C:Program FilesDAEMON Tools ProDTProAgent.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcrobat Assistant 7.0]
C:Program FilesAdobeAcrobat 7.0DistillrAcrotray.exe [2004-12-14 483328][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregArcSoft Connection Service]
C:Program FilesCommon FilesArcSoftConnection ServiceBinACDaemon.exe [2007-10-08 31232][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2006-11-16 139264][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBitComet]
C:Program FilesBitCometBitComet.exe [2008-03-25 2196280][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNCLaunch]
C:WINDOWSNCLAUNCH.EXe [2007-12-25 40960][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPicasa Media Detector]
C:Program FilesPicasa2PicasaMediaDetector.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program FilesJavaj2re1.4.2_05binjusched.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYupdate!]
C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-12-06 455432][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Acrobat Speed Launcher.lnk]
C:WINDOWSInstaller{AC76BA86-1033-F400-7760-000000000002}SC_Acrobat.exe [2007-02-15 25214][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Gamma.lnk]
C:PROGRA~1COMMON~1AdobeCALIBR~1ADOBEG~1.EXE [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Быстрый запуск AutoCAD.lnk]
C:PROGRA~1COMMON~1AUTODE~1ACSTAR~1.EXE [2006-03-05 11000][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
C:PROGRA~1AdobeACROBA~1.0ReaderREADER~1.EXE [2005-09-24 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^UserX^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2006-04-11 844032]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
McAfee Security Scan.lnk — C:Program FilesMcAfee Security Scan1.0.150SSScheduler.exeC:Documents and SettingsUserXГлавное менюПрограммыАвтозагрузка
Punto Switcher.lnk — C:Program FilesYandexPunto Switcherpunto.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2006-06-23 147456][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2008-03-20 200064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=FFFFFFFF
«NoDriveTypeAutoRun»=36
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=
«NoResolveTrack»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe»=»C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe:*:Enabled:Nero ShowTime»
«C:Program FilesDC++DCPlusPlus.exe»=»C:Program FilesDC++DCPlusPlus.exe:*:Enabled:DC++»
«C:Program FilesBitCometBitComet.exe»=»C:Program FilesBitCometBitComet.exe:*:Enabled:BitComet — a BitTorrent Client»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesCommon FilesAheadNero WebSetupX.exe»=»C:Program FilesCommon FilesAheadNero WebSetupX.exe:*:Enabled:Nero ProductSetup»
«C:Program FilesTotal CommanderTotalcmd.exe»=»C:Program FilesTotal CommanderTotalcmd.exe:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows»
«C:Program FilesPinnacleStudio 11programsRM.exe»=»C:Program FilesPinnacleStudio 11programsRM.exe:*:Enabled:Render Manager»
«C:Program FilesPinnacleStudio 11programsStudio.exe»=»C:Program FilesPinnacleStudio 11programsStudio.exe:*:Enabled:Studio»
«C:Program FilesPinnacleStudio 11programsPMSRegisterFile.exe»=»C:Program FilesPinnacleStudio 11programsPMSRegisterFile.exe:*:Enabled:PMSRegisterFile»
«C:Program FilesPinnacleStudio 11programsumi.exe»=»C:Program FilesPinnacleStudio 11programsumi.exe:*:Enabled:umi»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesMozilla Firefoxfirefox.exe»=»C:Program FilesMozilla Firefoxfirefox.exe:*:Enabled:Firefox»
«C:Program FilesElectronic ArtsEADMCore.exe»=»C:Program FilesElectronic ArtsEADMCore.exe:*:Enabled:EA Download Manager»
«C:Program FilesMarvell61xxApache2binApache.exe»=»C:Program FilesMarvell61xxApache2binApache.exe:*:Disabled:Apache HTTP Server»
«C:Program FilesWebMoneyWebMoney.exe»=»C:Program FilesWebMoneyWebMoney.exe:*:Enabled:WebMoney Keeper Classic Runner Module»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesStarlink VideoLANvlc.exe»=»C:Program FilesStarlink VideoLANvlc.exe:*:Enabled:VLC media player»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»======List of files/folders created in the last 1 months======
2010-03-16 19:36:49 —-D—- C:Program FilesAida
2010-03-15 14:26:49 —-D—- C:rsit
2010-03-12 08:08:54 —-D—- C:Documents and SettingsAll UsersApplication DataSun
2010-03-12 08:08:53 —-D—- C:Program FilesCommon FilesJava
2010-03-12 08:08:41 —-A—- C:WINDOWSsystem32javaws.exe
2010-03-12 08:08:41 —-A—- C:WINDOWSsystem32javaw.exe
2010-03-12 08:08:41 —-A—- C:WINDOWSsystem32java.exe
2010-03-06 17:34:39 —-HDC—- C:WINDOWSie8
2010-03-06 09:27:10 —-D—- C:Program FilesMicrosoft
2010-03-06 09:26:55 —-D—- C:Program FilesWindows Live SkyDrive
2010-03-06 09:23:02 —-D—- C:Documents and SettingsAll UsersApplication DataApple Computer
2010-03-06 09:22:54 —-D—- C:Program FilesQuickTime Alternative
2010-03-06 09:21:12 —-A—- C:WINDOWSsystem32yv12vfw.dll
2010-03-06 09:21:11 —-A—- C:WINDOWSsystem32xvidvfw.dll
2010-03-06 09:21:11 —-A—- C:WINDOWSsystem32xvidcore.dll
2010-03-06 09:21:09 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2010-03-06 09:21:09 —-A—- C:WINDOWSsystem32ff_vfw.dll
2010-03-06 09:21:08 —-D—- C:Program FilesK-Lite Codec Pack
2010-03-06 09:14:35 —-D—- C:Program FilesCommon FilesWindows Live
2010-03-05 15:55:42 —-HDC—- C:WINDOWS$NtUninstallKB952011$
2010-02-24 17:59:38 —-D—- C:Program FilesCommon Fileswm
2010-02-24 17:59:38 —-A—- C:Program FilesCommon Fileskeylog.txt
2010-02-20 16:42:51 —-A—- C:WINDOWSwininit.ini======List of files/folders modified in the last 1 months======
2010-03-19 06:53:08 —-D—- C:Program Filestrend micro
2010-03-19 06:52:34 —-A—- C:WINDOWSDFC.INI
2010-03-19 06:48:24 —-D—- C:WINDOWSPrefetch
2010-03-19 06:48:03 —-D—- C:WINDOWStemp
2010-03-19 06:45:32 —-A—- C:WINDOWSSchedLgU.Txt
2010-03-19 00:34:30 —-D—- C:WINDOWSsystem32
2010-03-18 21:59:06 —-D—- C:Documents and SettingsUserXApplication Datavlc
2010-03-17 13:28:56 —-D—- C:Documents and SettingsUserXApplication Datadvdcss
2010-03-16 19:36:49 —-D—- C:Program Files
2010-03-16 17:01:28 —-D—- C:Documents and SettingsUserXApplication DataSkype
2010-03-14 22:13:34 —-D—- C:Program FilesDC++
2010-03-14 18:11:42 —-A—- C:WINDOWSNeroDigital.ini
2010-03-13 23:05:26 —-D—- C:WINDOWSsystem32CatRoot2
2010-03-12 09:35:26 —-D—- C:Program FilesMozilla Firefox
2010-03-12 08:08:53 —-SHD—- C:WINDOWSInstaller
2010-03-12 08:08:53 —-D—- C:Program FilesCommon Files
2010-03-12 08:08:39 —-D—- C:Program FilesJava
2010-03-12 08:08:26 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2010-03-11 22:17:32 —-D—- C:WINDOWS
2010-03-09 16:30:18 —-SD—- C:WINDOWSTasks
2010-03-09 16:16:58 —-D—- C:Documents and SettingsAll UsersApplication DataReal
2010-03-09 07:32:08 —-SHD—- C:System Volume Information
2010-03-09 07:32:08 —-D—- C:WINDOWSsystem32Restore
2010-03-07 14:24:11 —-D—- C:Downloads
2010-03-06 18:01:40 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-03-06 18:01:40 —-HD—- C:WINDOWSinf
2010-03-06 18:01:40 —-D—- C:WINDOWSsystem32ru-ru
2010-03-06 18:01:40 —-D—- C:WINDOWSMedia
2010-03-06 18:01:40 —-D—- C:WINDOWSHelp
2010-03-06 18:01:40 —-D—- C:Program FilesInternet Explorer
2010-03-06 17:56:49 —-D—- C:WINDOWSsystem32CatRoot
2010-03-06 17:35:32 —-HD—- C:WINDOWSmsdownld.tmp
2010-03-06 17:35:28 —-D—- C:Program FilesYandex
2010-03-06 17:35:28 —-D—- C:Documents and SettingsUserXApplication DataYandex
2010-03-06 17:35:27 —-D—- C:Documents and SettingsAll UsersApplication DataYandex
2010-03-06 17:15:15 —-D—- C:WINDOWSie8updates
2010-03-06 09:29:22 —-D—- C:WINDOWSsystem32drivers
2010-03-06 09:29:19 —-DC—- C:WINDOWSsystem32DRVSTORE
2010-03-06 09:29:18 —-D—- C:Program FilesWindows Live
2010-03-06 09:27:24 —-D—- C:WINDOWSWinSxS
2010-03-06 09:26:59 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2010-03-06 09:26:59 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2010-03-06 09:26:38 —-RSD—- C:WINDOWSFonts
2010-03-06 09:03:40 —-D—- C:Program Files7-Zip
2010-03-05 16:46:08 —-D—- C:WINDOWSnetwork diagnostic
2010-03-05 12:04:55 —-D—- C:Program FilesOpera
2010-03-04 21:34:39 —-D—- C:Documents and SettingsUserXApplication DataCOWON
2010-03-04 15:57:49 —-D—- C:PRINTBOOK.RU
2010-02-20 17:11:40 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2010-02-20 14:38:18 —-HD—- C:Program FilesInstallShield Installation Information======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-11-25 48560]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2003-08-18 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2003-08-18 14848]
R1 NVKEYNT;NVKEYNT; ??C:WINDOWSsystem32DRIVERSNVKEYNT.SYS []
R1 PCLEPCI;PCLEPCI; ??C:WINDOWSsystem32driverspclepci.sys []
R1 uzezmza0;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzezmza0.sys []
R1 uzy3oty4;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzy3oty4.sys []
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; C:WINDOWSsystem32DRIVERSatksgt.sys [2007-05-07 271360]
R2 fssfltr;FssFltr; C:WINDOWSsystem32DRIVERSfssfltr_tdi.sys [2009-08-05 54752]
R2 lirsgt;lirsgt; C:WINDOWSsystem32DRIVERSlirsgt.sys [2007-05-07 18048]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2003-08-18 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2003-08-18 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2003-08-18 55936]
R2 osaio;osaio; ??C:WINDOWSsystem32driversosaio.sys []
R2 TBPanel;TBPanel; C:WINDOWSsystem32driversTBPanel.sys [2007-03-16 12256]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:WINDOWSSYSTEM32DRIVERSWibukey.sys [2005-01-07 67584]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2003-08-18 60800]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-11-25 23120]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:WINDOWSsystem32DRIVERSe1e5132.sys [2008-12-04 241296]
R3 FStarForce;FStarForce; C:WINDOWSsystem32DRIVERSFStarForce.sys [2008-10-24 9216]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HECI;Intel(R) Management Engine Interface; C:WINDOWSsystem32DRIVERSHECI.sys [2006-07-29 43392]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 KMWDFilter;KMWDFilter; ??C:WINDOWSSystem32DriversKMWDFilter.SYS []
R3 MarvinBus;Pinnacle Marvin Bus; C:WINDOWSsystem32DRIVERSMarvinBus.sys [2007-01-04 171520]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2003-08-18 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2003-08-18 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2010-01-14 6547872]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:WINDOWSsystem32driverssfng32.sys [2005-12-02 41728]
R3 SMBios;Intel (R) System Management BIOS Service; C:WINDOWSsystem32DRIVERSSMBios.sys [2003-11-03 36484]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:WINDOWSsystem32driverssthda.sys [2006-07-27 1171464]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2003-08-18 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:WINDOWSsystem32driversWmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:WINDOWSsystem32driversWmXlCore.sys [2005-04-12 45504]
S3 a919z8g1;a919z8g1; C:WINDOWSsystem32driversa919z8g1.sys []
S3 ASAPIW2K;ASAPIW2K; ??C:WINDOWSsystem32DriversasapiW2k.sys []
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 catchme;catchme; ??C:DOCUME~1UserXLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 genmcmnUSB;USB Scroll Mouse Driver; C:WINDOWSsystem32DRIVERSgflmouhid.sys [2004-04-19 6656]
S3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2006-06-23 1095680]
S3 libusb0;LibUsb-Win32 — Kernel Driver 03/20/2007, 0.1.12.1; C:WINDOWSsystem32DRIVERSlibusb0.sys [2008-02-22 28672]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NAL;Nal Service ; ??C:WINDOWSsystem32Driversiqvw32.sys []
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 NVKEYUSB;Guardant Stealth I/II USB Key; C:WINDOWSsystem32DRIVERSNVKEYUSB.SYS [2005-10-21 38400]
S3 PAC207;VideoCAM GF112; C:WINDOWSsystem32DRIVERSpfc027.sys [2005-04-08 162176]
S3 sermouse;Драйвер мыши для посл. порта; C:WINDOWSsystem32DRIVERSsermouse.sys [2001-10-19 17920]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 smbusp;Intel(R) SMBus 2.0 Driver; C:WINDOWSsystem32DRIVERSintelsmb.sys [2006-08-30 22272]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;Pleo USB Port; C:WINDOWSsystem32DRIVERSusbser.sys [2004-08-03 25600]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:WINDOWSsystem32driversWmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:WINDOWSsystem32driversWmHidLo.sys [2005-04-12 17632]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:WINDOWSsystem32driversWmVirHid.sys [2005-04-12 5600]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe [2007-10-08 51712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe [2009-02-11 354840]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-12-17 153376]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:Program FilesKeyboard & Mouse DriverKMWDSrv.exe [2007-04-05 208896]
R2 Marvell RAID;Marvell RAID Event Agent; C:Program FilesMarvell61xxsvcmvraidsvc.exe [2006-07-26 114688]
R2 MRUWebService;MRU Web Service; C:Program FilesMarvell61xxApache2binApache.exe [2006-06-27 20541]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2010-01-14 155716]
R2 STI Simulator;STI Simulator; C:WINDOWSSystem32PAStiSvc.exe [2005-01-14 53248]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2003-08-18 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-11-25 352920]
S2 AWService;Admin Works Agent X8; C:Program FilesIntelIDUawServ.exe [2006-08-18 67072]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2007-02-15 72704]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2007-11-15 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2007-12-16 654848]
S3 fsssvc;Windows Live Family Safety Service; C:Program FilesWindows LiveFamily Safetyfsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
EOF
все сделала! Заодно другие проблемы вспомнились. Комп перестал в жущий режим выходить и перезапускается через раз, т.е. его можно только выключить. И всегда выползает сообщение о программе mcuicnt.exe , которая не может закрыться самостоятельно.
Свежий логLogfile of random’s system information tool 1.06 (written by random/random)
Run by UserX at 2010-03-16 10:14:49
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (19%) free of 38 GB
Total RAM: 2030 MB (67% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:50, on 16.03.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesKeyboard & Mouse DriverKMWDSrv.exe
C:Program FilesMarvell61xxsvcmvraidsvc.exe
C:Program FilesMarvell61xxApache2binApache.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32PAStiSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMarvell61xxApache2binApache.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSExplorer.EXE
C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
C:Program FilesIntel Audio StudioIntelAudioStudio.exe
C:Program FilesVDOToolTBPanel.exe
C:Program FilesKeyboard & Mouse DriverStartAutorun.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesWebMoney Agentwmagent.exe
C:Program FilesKeyboard & Mouse DriverKMConfig.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesKeyboard & Mouse DriverKMProcess.exe
C:Program FilesBitCometBitComet.exe
C:Program FilesLogitechProfilerlwemon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMcAfee Security Scan1.0.150SSScheduler.exe
C:Program FilesYandexPunto Switcherpunto.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsUserXРабочий столRSIT.exe
C:Program Filestrend microUserX.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ya.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,\?globalrootsystemrootsystem325sH9gbI.exe,userinit.exe
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — c:program filesrealrealplayerrpbrowserrecordplugin.dll
O2 — BHO: BitComet ClickCapture — {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} — C:Program FilesBitComettoolsBitCometBHO_1.2.2.28.dll
O2 — BHO: Windows Live Sign-in Helper — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: AcroIEToolbarHelper Class — {AE7CD045-E861-484f-8273-0445EE161910} — C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O2 — BHO: YPhotoPlugin Class — {D8FFE63C-93AF-4070-A39F-3A431F592B8D} — C:Program FilesYandexYandexPhotoyphotoie.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: EpsonToolBandKicker Class — {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: Adobe PDF — {47833539-D0C5-4125-9FA8-0819E2EAAC93} — C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O3 — Toolbar: EPSON Web-To-Page — {EE5D279F-081B-4404-994D-C6B60AAEBA6D} — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
O4 — HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [IntelAudioStudio] «C:Program FilesIntel Audio StudioIntelAudioStudio.exe» TRAY
O4 — HKLM..Run: [mouseElf] C:PROGRA~1TWINTO~1MouseElf.EXE
O4 — HKLM..Run: [Gainward] C:Program FilesVDOToolTBPanel.exe /A
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [KMCONFIG] C:Program FilesKeyboard & Mouse DriverStartAutorun.exe KMConfig.exe
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [ISUSScheduler] «C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKCU..Run: [BitComet] «C:Program FilesBitCometBitComet.exe» /tray
O4 — HKCU..Run: [Start WingMan Profiler] «C:Program FilesLogitechProfilerlwemon.exe» /noui
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [QIP2005] C:Program FilesQIPqip.exe
O4 — HKCU..Run: [DAEMON Tools Pro Agent] «C:Program FilesDAEMON Tools ProDTProAgent.exe»
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Punto Switcher.lnk = C:Program FilesYandexPunto Switcherpunto.exe
O4 — Global Startup: McAfee Security Scan.lnk = ?
O8 — Extra context menu item: &З&агрузить &с помощью BitComet — res://C:Program FilesBitCometBitComet.exe/AddLink.htm
O8 — Extra context menu item: &З&агрузить все видео файлы с помощью BitComet — res://C:Program FilesBitCometBitComet.exe/AddVideo.htm
O8 — Extra context menu item: &З&агрузить все с помощью BitComet — res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Add to Google Photos Screensa&ver — res://C:WINDOWSsystem32GPhotos.scr/200
O8 — Extra context menu item: Convert link target to Adobe PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Convert link target to existing PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert selected links to Adobe PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 — Extra context menu item: Convert selected links to existing PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 — Extra context menu item: Convert selection to Adobe PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Convert selection to existing PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Convert to Adobe PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Convert to existing PDF — res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O9 — Extra button: (no name) — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Перевод — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm
O9 — Extra ‘Tools’ menuitem: Настройка параметров перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: BitComet — {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} — res://C:Program FilesBitComettoolsBitCometBHO_1.2.2.28.dll/206 (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: QIP 2005 — {1EF681F7-A04B-4D6D-9012-A307CCA55610} — C:Program FilesQIPqip.exe (HKCU)
O9 — Extra button: Перевод — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm (HKCU)
O9 — Extra ‘Tools’ menuitem: Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesX-Translator DIAMONDPROMTIE4promtie5.htm (HKCU)
O9 — Extra button: (no name) — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm (HKCU)
O9 — Extra ‘Tools’ menuitem: Настройка перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesX-Translator DIAMONDPROMTIE4options.htm (HKCU)
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 — DPF: {093500E9-F79F-4C52-A9B5-D8C7E4B3023E} (ParallelGraphics Installer Class) — http://www.outline3d.com/main/installer.cab?key=0b69
O16 — DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) — https://w3s.webmoney.ru/WMAcceptor.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171486211612
O16 — DPF: {810B649C-CEAE-4AC9-BF26-81341B49E913} (ParallelGraphics PlanEditor Control) — http://www.outline3d.com/main/pecontrol_new2.cab?key=0512
O16 — DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) — http://www.outline3d.com/main/cortvrml42.cab?key=fd55
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: ArcSoft Connect Daemon (ACDaemon) — ArcSoft — C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Admin Works Agent X8 (AWService) — OSA Technologies Inc., An Avocent Company — C:Program FilesIntelIDUawServ.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) — Intel Corporation — C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Keyboard And Mouse Communication Service (KMWDSERVICE) — UASSOFT.COM — C:Program FilesKeyboard & Mouse DriverKMWDSrv.exe
O23 — Service: Marvell RAID Event Agent (Marvell RAID) — Unknown owner — C:Program FilesMarvell61xxsvcmvraidsvc.exe
O23 — Service: MRU Web Service (MRUWebService) — Apache Software Foundation — C:Program FilesMarvell61xxApache2binApache.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: STI Simulator — Unknown owner — C:WINDOWSSystem32PAStiSvc.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 16711 bytes======Scheduled tasks folder======
C:WINDOWStasksUser_Feed_Synchronization-{9B6851C9-28E7-4F26-990D-E6725527E2EA}.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-08-04 1586472][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — c:program filesrealrealplayerrpbrowserrecordplugin.dll [2009-10-12 329312][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper — C:Program FilesBitComettoolsBitCometBHO_1.2.2.28.dll [2008-02-29 468280][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class — C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll [2004-12-14 225280][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D8FFE63C-93AF-4070-A39F-3A431F592B8D}]
YPhotoPlugin Class — C:Program FilesYandexYandexPhotoyphotoie.dll [2007-07-20 289544][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-02-18 41760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2010-02-18 79648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} — Adobe PDF — C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll [2004-12-14 225280]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} — EPSON Web-To-Page — C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-11-27 8721160]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«IAAnotif»=C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe [2009-02-11 186904]
«IgfxTray»=C:WINDOWSsystem32igfxtray.exe [2006-06-23 98304]
«HotKeysCmds»=C:WINDOWSsystem32hkcmd.exe [2006-06-23 86016]
«Persistence»=C:WINDOWSsystem32igfxpers.exe [2006-06-23 81920]
«IntelAudioStudio»=C:Program FilesIntel Audio StudioIntelAudioStudio.exe [2006-08-02 9134080]
«mouseElf»=C:PROGRA~1TWINTO~1MouseElf.EXE [2004-08-26 192512]
«Gainward»=C:Program FilesVDOToolTBPanel.exe [2007-10-02 2165272]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2010-01-14 13524992]
«nwiz»=nwiz.exe /install []
«KMCONFIG»=C:Program FilesKeyboard & Mouse DriverStartAutorun.exe [2007-03-06 212992]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2005-02-16 221184]
«ISUSScheduler»=C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-02-16 81920]
«wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2008-10-01 209376]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2009-10-12 198160]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-02-18 248040]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-11-25 81000]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2010-01-14 86016][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«BitComet»=C:Program FilesBitCometBitComet.exe [2008-03-25 2196280]
«Start WingMan Profiler»=C:Program FilesLogitechProfilerlwemon.exe [2005-04-18 73728]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2003-08-18 15360]
«QIP2005″=C:Program FilesQIPqip.exe [2009-08-13 3276288]
«DAEMON Tools Pro Agent»=C:Program FilesDAEMON Tools ProDTProAgent.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcrobat Assistant 7.0]
C:Program FilesAdobeAcrobat 7.0DistillrAcrotray.exe [2004-12-14 483328][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregArcSoft Connection Service]
C:Program FilesCommon FilesArcSoftConnection ServiceBinACDaemon.exe [2007-10-08 31232][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2006-11-16 139264][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBitComet]
C:Program FilesBitCometBitComet.exe [2008-03-25 2196280][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNCLaunch]
C:WINDOWSNCLAUNCH.EXe [2007-12-25 40960][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPicasa Media Detector]
C:Program FilesPicasa2PicasaMediaDetector.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program FilesJavaj2re1.4.2_05binjusched.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYupdate!]
C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-12-06 455432][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Acrobat Speed Launcher.lnk]
C:WINDOWSInstaller{AC76BA86-1033-F400-7760-000000000002}SC_Acrobat.exe [2007-02-15 25214][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Gamma.lnk]
C:PROGRA~1COMMON~1AdobeCALIBR~1ADOBEG~1.EXE [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Быстрый запуск AutoCAD.lnk]
C:PROGRA~1COMMON~1AUTODE~1ACSTAR~1.EXE [2006-03-05 11000][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
C:PROGRA~1AdobeACROBA~1.0ReaderREADER~1.EXE [2005-09-24 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^UserX^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2006-04-11 844032]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
McAfee Security Scan.lnk — C:Program FilesMcAfee Security Scan1.0.150SSScheduler.exeC:Documents and SettingsUserXГлавное менюПрограммыАвтозагрузка
Punto Switcher.lnk — C:Program FilesYandexPunto Switcherpunto.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2006-06-23 147456][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2008-03-20 200064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=FFFFFFFF
«NoDriveTypeAutoRun»=36
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=
«NoResolveTrack»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe»=»C:Program FilesNeroNero 7Nero ShowTimeShowTime.exe:*:Enabled:Nero ShowTime»
«C:Program FilesDC++DCPlusPlus.exe»=»C:Program FilesDC++DCPlusPlus.exe:*:Enabled:DC++»
«C:Program FilesBitCometBitComet.exe»=»C:Program FilesBitCometBitComet.exe:*:Enabled:BitComet — a BitTorrent Client»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesCommon FilesAheadNero WebSetupX.exe»=»C:Program FilesCommon FilesAheadNero WebSetupX.exe:*:Enabled:Nero ProductSetup»
«C:Program FilesTotal CommanderTotalcmd.exe»=»C:Program FilesTotal CommanderTotalcmd.exe:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows»
«C:Program FilesPinnacleStudio 11programsRM.exe»=»C:Program FilesPinnacleStudio 11programsRM.exe:*:Enabled:Render Manager»
«C:Program FilesPinnacleStudio 11programsStudio.exe»=»C:Program FilesPinnacleStudio 11programsStudio.exe:*:Enabled:Studio»
«C:Program FilesPinnacleStudio 11programsPMSRegisterFile.exe»=»C:Program FilesPinnacleStudio 11programsPMSRegisterFile.exe:*:Enabled:PMSRegisterFile»
«C:Program FilesPinnacleStudio 11programsumi.exe»=»C:Program FilesPinnacleStudio 11programsumi.exe:*:Enabled:umi»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesMozilla Firefoxfirefox.exe»=»C:Program FilesMozilla Firefoxfirefox.exe:*:Enabled:Firefox»
«C:Program FilesElectronic ArtsEADMCore.exe»=»C:Program FilesElectronic ArtsEADMCore.exe:*:Enabled:EA Download Manager»
«C:Program FilesMarvell61xxApache2binApache.exe»=»C:Program FilesMarvell61xxApache2binApache.exe:*:Disabled:Apache HTTP Server»
«C:Program FilesWebMoneyWebMoney.exe»=»C:Program FilesWebMoneyWebMoney.exe:*:Enabled:WebMoney Keeper Classic Runner Module»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesStarlink VideoLANvlc.exe»=»C:Program FilesStarlink VideoLANvlc.exe:*:Enabled:VLC media player»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»======List of files/folders created in the last 1 months======
2010-03-15 14:26:49 —-D—- C:rsit
2010-03-12 08:08:54 —-D—- C:Documents and SettingsAll UsersApplication DataSun
2010-03-12 08:08:53 —-D—- C:Program FilesCommon FilesJava
2010-03-12 08:08:41 —-A—- C:WINDOWSsystem32javaws.exe
2010-03-12 08:08:41 —-A—- C:WINDOWSsystem32javaw.exe
2010-03-12 08:08:41 —-A—- C:WINDOWSsystem32java.exe
2010-03-08 20:47:26 —-A—- C:WINDOWSsystem32GpChHIr.exe
2010-03-08 20:46:59 —-A—- C:WINDOWSsystem32nfqs5ma.exe
2010-03-06 17:34:39 —-HDC—- C:WINDOWSie8
2010-03-06 09:27:10 —-D—- C:Program FilesMicrosoft
2010-03-06 09:26:55 —-D—- C:Program FilesWindows Live SkyDrive
2010-03-06 09:23:02 —-D—- C:Documents and SettingsAll UsersApplication DataApple Computer
2010-03-06 09:22:54 —-D—- C:Program FilesQuickTime Alternative
2010-03-06 09:21:12 —-A—- C:WINDOWSsystem32yv12vfw.dll
2010-03-06 09:21:11 —-A—- C:WINDOWSsystem32xvidvfw.dll
2010-03-06 09:21:11 —-A—- C:WINDOWSsystem32xvidcore.dll
2010-03-06 09:21:09 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2010-03-06 09:21:09 —-A—- C:WINDOWSsystem32ff_vfw.dll
2010-03-06 09:21:08 —-D—- C:Program FilesK-Lite Codec Pack
2010-03-06 09:14:35 —-D—- C:Program FilesCommon FilesWindows Live
2010-03-05 15:55:42 —-HDC—- C:WINDOWS$NtUninstallKB952011$
2010-02-27 07:38:48 —-A—- C:WINDOWSsystem32LfxD89o.exe
2010-02-26 20:28:46 —-A—- C:WINDOWSsystem322jxtJlq.exe
2010-02-26 20:18:06 —-A—- C:WINDOWSsystem32gQKDSIE.exe
2010-02-24 17:59:38 —-D—- C:Program FilesCommon Fileswm
2010-02-24 17:59:38 —-A—- C:Program FilesCommon Fileskeylog.txt
2010-02-20 16:42:51 —-A—- C:WINDOWSwininit.ini======List of files/folders modified in the last 1 months======
2010-03-16 10:14:50 —-D—- C:Program Filestrend micro
2010-03-16 10:13:38 —-D—- C:WINDOWStemp
2010-03-16 10:12:54 —-A—- C:WINDOWSDFC.INI
2010-03-16 10:11:12 —-A—- C:WINDOWSSchedLgU.Txt
2010-03-16 09:40:59 —-D—- C:Documents and SettingsUserXApplication Datavlc
2010-03-16 07:19:10 —-D—- C:WINDOWSPrefetch
2010-03-15 16:44:30 —-D—- C:WINDOWSsystem32
2010-03-14 22:13:34 —-D—- C:Program FilesDC++
2010-03-14 18:11:42 —-A—- C:WINDOWSNeroDigital.ini
2010-03-13 23:05:26 —-D—- C:WINDOWSsystem32CatRoot2
2010-03-12 09:35:26 —-D—- C:Program FilesMozilla Firefox
2010-03-12 08:08:53 —-SHD—- C:WINDOWSInstaller
2010-03-12 08:08:53 —-D—- C:Program FilesCommon Files
2010-03-12 08:08:39 —-D—- C:Program FilesJava
2010-03-12 08:08:26 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2010-03-11 22:17:32 —-D—- C:WINDOWS
2010-03-10 13:33:10 —-D—- C:Documents and SettingsUserXApplication Datadvdcss
2010-03-09 16:30:18 —-SD—- C:WINDOWSTasks
2010-03-09 16:16:58 —-D—- C:Documents and SettingsAll UsersApplication DataReal
2010-03-09 07:32:08 —-SHD—- C:System Volume Information
2010-03-09 07:32:08 —-D—- C:WINDOWSsystem32Restore
2010-03-07 14:24:11 —-D—- C:Downloads
2010-03-06 18:01:40 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-03-06 18:01:40 —-HD—- C:WINDOWSinf
2010-03-06 18:01:40 —-D—- C:WINDOWSsystem32ru-ru
2010-03-06 18:01:40 —-D—- C:WINDOWSMedia
2010-03-06 18:01:40 —-D—- C:WINDOWSHelp
2010-03-06 18:01:40 —-D—- C:Program FilesInternet Explorer
2010-03-06 17:56:49 —-D—- C:WINDOWSsystem32CatRoot
2010-03-06 17:35:32 —-HD—- C:WINDOWSmsdownld.tmp
2010-03-06 17:35:32 —-D—- C:Program Files
2010-03-06 17:35:28 —-D—- C:Program FilesYandex
2010-03-06 17:35:28 —-D—- C:Documents and SettingsUserXApplication DataYandex
2010-03-06 17:35:27 —-D—- C:Documents and SettingsAll UsersApplication DataYandex
2010-03-06 17:15:15 —-D—- C:WINDOWSie8updates
2010-03-06 09:29:22 —-D—- C:WINDOWSsystem32drivers
2010-03-06 09:29:19 —-DC—- C:WINDOWSsystem32DRVSTORE
2010-03-06 09:29:18 —-D—- C:Program FilesWindows Live
2010-03-06 09:27:24 —-D—- C:WINDOWSWinSxS
2010-03-06 09:26:59 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2010-03-06 09:26:59 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2010-03-06 09:26:38 —-RSD—- C:WINDOWSFonts
2010-03-06 09:03:40 —-D—- C:Program Files7-Zip
2010-03-05 16:46:08 —-D—- C:WINDOWSnetwork diagnostic
2010-03-05 12:04:55 —-D—- C:Program FilesOpera
2010-03-04 21:34:39 —-D—- C:Documents and SettingsUserXApplication DataCOWON
2010-03-04 15:57:49 —-D—- C:PRINTBOOK.RU
2010-02-20 17:11:40 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2010-02-20 14:38:18 —-HD—- C:Program FilesInstallShield Installation Information======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-11-25 48560]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2003-08-18 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2003-08-18 14848]
R1 NVKEYNT;NVKEYNT; ??C:WINDOWSsystem32DRIVERSNVKEYNT.SYS []
R1 PCLEPCI;PCLEPCI; ??C:WINDOWSsystem32driverspclepci.sys []
R1 uzezmza0;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzezmza0.sys []
R1 uzy3oty4;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzy3oty4.sys []
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; C:WINDOWSsystem32DRIVERSatksgt.sys [2007-05-07 271360]
R2 fssfltr;FssFltr; C:WINDOWSsystem32DRIVERSfssfltr_tdi.sys [2009-08-05 54752]
R2 lirsgt;lirsgt; C:WINDOWSsystem32DRIVERSlirsgt.sys [2007-05-07 18048]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2003-08-18 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2003-08-18 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2003-08-18 55936]
R2 osaio;osaio; ??C:WINDOWSsystem32driversosaio.sys []
R2 TBPanel;TBPanel; C:WINDOWSsystem32driversTBPanel.sys [2007-03-16 12256]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:WINDOWSSYSTEM32DRIVERSWibukey.sys [2005-01-07 67584]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2003-08-18 60800]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-11-25 23120]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:WINDOWSsystem32DRIVERSe1e5132.sys [2008-12-04 241296]
R3 FStarForce;FStarForce; C:WINDOWSsystem32DRIVERSFStarForce.sys [2008-10-24 9216]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HECI;Intel(R) Management Engine Interface; C:WINDOWSsystem32DRIVERSHECI.sys [2006-07-29 43392]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 KMWDFilter;KMWDFilter; ??C:WINDOWSSystem32DriversKMWDFilter.SYS []
R3 MarvinBus;Pinnacle Marvin Bus; C:WINDOWSsystem32DRIVERSMarvinBus.sys [2007-01-04 171520]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2003-08-18 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2003-08-18 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2010-01-14 6547872]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:WINDOWSsystem32driverssfng32.sys [2005-12-02 41728]
R3 SMBios;Intel (R) System Management BIOS Service; C:WINDOWSsystem32DRIVERSSMBios.sys [2003-11-03 36484]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:WINDOWSsystem32driverssthda.sys [2006-07-27 1171464]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2003-08-18 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:WINDOWSsystem32driversWmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:WINDOWSsystem32driversWmXlCore.sys [2005-04-12 45504]
S3 akx7ko30;akx7ko30; C:WINDOWSsystem32driversakx7ko30.sys []
S3 ASAPIW2K;ASAPIW2K; ??C:WINDOWSsystem32DriversasapiW2k.sys []
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 catchme;catchme; ??C:DOCUME~1UserXLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 genmcmnUSB;USB Scroll Mouse Driver; C:WINDOWSsystem32DRIVERSgflmouhid.sys [2004-04-19 6656]
S3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2006-06-23 1095680]
S3 libusb0;LibUsb-Win32 — Kernel Driver 03/20/2007, 0.1.12.1; C:WINDOWSsystem32DRIVERSlibusb0.sys [2008-02-22 28672]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NAL;Nal Service ; ??C:WINDOWSsystem32Driversiqvw32.sys []
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 NVKEYUSB;Guardant Stealth I/II USB Key; C:WINDOWSsystem32DRIVERSNVKEYUSB.SYS [2005-10-21 38400]
S3 PAC207;VideoCAM GF112; C:WINDOWSsystem32DRIVERSpfc027.sys [2005-04-08 162176]
S3 sermouse;Драйвер мыши для посл. порта; C:WINDOWSsystem32DRIVERSsermouse.sys [2001-10-19 17920]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 smbusp;Intel(R) SMBus 2.0 Driver; C:WINDOWSsystem32DRIVERSintelsmb.sys [2006-08-30 22272]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;Pleo USB Port; C:WINDOWSsystem32DRIVERSusbser.sys [2004-08-03 25600]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:WINDOWSsystem32driversWmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:WINDOWSsystem32driversWmHidLo.sys [2005-04-12 17632]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:WINDOWSsystem32driversWmVirHid.sys [2005-04-12 5600]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe [2007-10-08 51712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe [2009-02-11 354840]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-12-17 153376]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:Program FilesKeyboard & Mouse DriverKMWDSrv.exe [2007-04-05 208896]
R2 Marvell RAID;Marvell RAID Event Agent; C:Program FilesMarvell61xxsvcmvraidsvc.exe [2006-07-26 114688]
R2 MRUWebService;MRU Web Service; C:Program FilesMarvell61xxApache2binApache.exe [2006-06-27 20541]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2010-01-14 155716]
R2 STI Simulator;STI Simulator; C:WINDOWSSystem32PAStiSvc.exe [2005-01-14 53248]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2003-08-18 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-11-25 352920]
S2 AWService;Admin Works Agent X8; C:Program FilesIntelIDUawServ.exe [2006-08-18 67072]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2007-02-15 72704]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2007-11-15 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2007-12-16 654848]
S3 fsssvc;Windows Live Family Safety Service; C:Program FilesWindows LiveFamily Safetyfsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
EOF
info.txt logfile of random’s system information tool 1.06 2010-03-15 14:27:33
======Uninstall list======
—>C:Program FilesNeroNero 7nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>MsiExec /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
—>MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
3D Инструктор—>»C:Program Files3D Инструкторunins000.exe»
7-Zip 9.10 beta—>»C:Program Files7-ZipUninstall.exe»
Adobe Acrobat 7.0 Professional — English, Francais, Deutsch—>msiexec /I {AC76BA86-1033-F400-7760-000000000002}
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>C:Program FilesCommon FilesAdobeInstallers6c8e2cb4fd241c55406016127a6ab2eSetup.exe
Adobe Color Common Settings—>MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings—>MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings—>MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings—>MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3—>C:Program FilesCommon FilesAdobeInstallersf58fc5a295fc517c614533a2caf2a90Setup.exe
Adobe Dreamweaver CS3—>MsiExec.exe /I{C36C39C4-76B9-4392-BBC6-932E89CD6594}
Adobe ExtendScript Toolkit 2—>C:Program FilesCommon FilesAdobeInstallers3e054d2218e7aa282c2369d939e58ffSetup.exe
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3—>MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0—>MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallersd5fe1f44895aadff2baacf24fe1402Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{FD0399AC-A38B-4D4B-8164-D7B73AC24030}
Adobe Reader 7.0.5 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70500000002}
Adobe Setup—>MsiExec.exe /I{30981FCD-4150-4AB4-BAC5-75C9E914347D}
Adobe Setup—>MsiExec.exe /I{4CE1A0C1-E416-4C83-BD32-6EABD5BCAFEE}
Adobe Setup—>MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup—>MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Stock Photos 1.0—>MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0—>C:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallWinstall.exe -u -fC:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallInstall.log
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced PDF to IMAGE converter 1.8—>»C:Program FilesAdvanced PDF to IMAGE converterunins000.exe»
AGEIA PhysX v7.07.24—>MsiExec.exe /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
Alien Skin Blow Up—>C:ALIENS~1BLOWUP~1Unwise32.exe C:ALIENS~1BLOWUP~1INSTALL.LOG
ArchiCAD 9 RUS—>C:Program FilesGraphisoftArchiCAD 9Uninstall.ACuninstaller.exe
ArcSoft Print Creations — Funhouse—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{87023B85-2D92-4317-B8AF-9A42CA17C878}Setup.exe» -l0x9 -1Funhouse
ArcSoft Print Creations—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{87023B85-2D92-4317-B8AF-9A42CA17C878}Setup.exe» -l0x9
Ashampoo WinOptimizer 6.24—>»E:Ashampoo WinOptimizer 6unins000.exe»
Auslogics Disk Defrag—>»E:Auslogics Disk Defragunins000.exe»
AutoCAD 2007 — Русский—>MsiExec.exe /I{5783F2D7-5001-0419-0002-0060B0CE6BBA}
Autodesk DWF Viewer—>C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove /q0
AV Bros. Puzzle Pro 2.0 (Remove Only)—>C:Program FilesAdobeAdobe Photoshop CS2Plug-InsFiltersAV Bros Puzzle Pro 2.0AVUninstall2.exe
avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
BitComet 1.00—>C:Program FilesBitCometuninst.exe
Bonga Bonga Learning 1—>MsiExec.exe /I{67D2A4EA-308C-4ADF-8BDE-A5C278F76374}
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
CDex extraction audio—>»C:Program FilesCDex_170b2uninstall.exe»
Compatibility Pack for the 2007 Office system—>MsiExec.exe /X{90120000-0020-0419-0000-0000000FF1CE}
CorelDRAW Graphics Suite X3—>MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
DC++ 0.674—>»C:Program FilesDC++uninstall.exe»
DjVu Browser Plug-in 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{105CFC7C-6992-11D5-BD9D-000102C10FD8}Setup.exe» -l0x9
Dora the Explorer — Backpack Adventure—>C:WINDOWSIsUn0419.exe -f»f:игрыDora. Backpack AdventureUninst.isu»
Dora The Explorer Lost City Adventure—>C:WINDOWSIsUninst.exe -ff:игрыDoraUninst.isu
Driver Checker v2.7.3—>»E:Driver Checkerunins000.exe»
EA Download Manager—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1049
Easy CD-DA Extractor 9.0.1—>»C:WINDOWSEasy CD-DA Extractoruninstall.exe» «/U:C:Program FilesEasy CD-DA Extractor 9irunin.xml»
EPSON Attach To Email—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{67EDD823-135A-4D59-87BD-950616D6E857}SETUP.EXE» -l0x19 -UnInstall
EPSON Easy Photo Print—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}SETUP.EXE» -l0x19 UNINST
EPSON File Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{E86BC406-944E-41F6-ADE6-2C136734C96B}Setup.exe» -l0x19 UNINST
EPSON Printer Software—>C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
EPSON Scan Assistant—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}Setup.exe» -l0x19 -u
EPSON Scan—>C:Program Filesepsonescndvsetupsetup.exe /r
EPSON Web-To-Page—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}SETUP.EXE» -l0x19 -anything
ESDX4000_4050_CX3900 Руководство пользователя—>C:Program FilesEPSONTPMANUALESDX4000_4050_CX3900USE_G (Russian)DOCUNINS.EXE
Exact Audio Copy 0.95b4—>C:Program FilesExact Audio Copyuninst.exe
EZ Mask v1 for Adobe Photoshop & Photoshop Elements—>C:WINDOWSunvise32.exe c:program filesadobeadobe photoshop cs3plug-insezmask1_uninstal.log
FileZilla (remove only)—>»C:Program FilesFileZillauninstall.exe»
Filters Unlimited 2.0.3—>»C:Program FilesAdobeAdobe Photoshop CS3Plug-InsFilters Unlimited 2.0unins000.exe»
FontExpert 2007—>C:Program FilesFontExpertpssetup.exe /u
FontNav—>MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
GOM Player—>»C:Program FilesGRETECHGomPlayerUninstall.exe»
Guardant driver—>»C:WINDOWSsystem32rundll32.exe» grddrv32.dll,GD_UninstallDriver 1
High Definition Audio Driver Package — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows XP (KB915865)—>»C:WINDOWS$NtUninstallKB915865$spuninstspuninst.exe»
Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Install Intel Desktop Utilities—>MsiExec.exe /I{5A79D3F9-1EB9-424A-A4EB-721677E56740}
Intel Audio Studio 2.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}setup.exe» -l0x9
Intel(R) Desktop Utilities—>C:Program FilesInstallShield Installation Information{F5982296-84CC-4D5B-B791-B03650F3380E}setup.exe -runfromtemp -l0x0409
Intel(R) Graphics Media Accelerator Driver—>C:WINDOWSsystem32igxpun.exe -uninstall
Intel(R) Management Engine Interface—>C:WINDOWSsystem32heciudlg.exe -uninstall
Intel(R) Network Connections 13.5.32.0—>MsiExec.exe /i{777AD08E-B32A-4456-AFE1-094DBECEB268} ARPREMOVE=1
Intel® Matrix Storage Manager—>C:Program FilesIntelIntel Matrix Storage ManagerUninstallimsmudlg.exe -uninstall
Java(TM) 6 Update 18—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Keyboard & Mouse Driver—>C:Program FilesInstallShield Installation Information{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}setup.exe -runfromtemp -l0x0409
K-Lite Codec Pack 5.7.0 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
L&H TTS3000 Russian—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSRUR.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFtv_enua.inf, Uninstall
LG MC USB Modem driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6059C682-4C5F-4106-8487-943E98225D3B}setup.exe» -l0x19 -removeonly
LG PC Suite II—>C:Program FilesInstallShield Installation Information{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}setup.exe -runfromtemp -l0x0019 -removeonly
LG USB Modem driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C3ABE126-2BB2-4246-BFE1-6797679B3579}setup.exe» -l0x19 LG -removeonly
Logitech Gaming Software—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5C1DA723-24FC-48AD-93BA-925695C3EF26}setup.exe» -l0x9 -removeonly
Machinarium—>E:Machinariumuninst.exe
marvell 61xx MRU—>C:Program FilesMarvell61xxun61xxmru.exe
McAfee Security Scan—>»C:Program FilesMcAfee Security Scanuninstall.exe»
Microsoft .NET Framework 1.1 Hotfix (KB928366)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack — RUS—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0 Language Pack — RUSinstall.exe
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Choice Guard—>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft GIF Animator—>C:Program FilesMicrosoft GIF AnimatorsetupGifACME.exe
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003—>MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.6)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSVCRT—>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)—>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK—>MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 7 Ultra Edition—>MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31049}
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
Opera 10.50—>MsiExec.exe /X{332BCC03-A1B7-4BE7-8C8A-2B1333E22C33}
PDF Settings—>MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
Picasa 3—>»C:Program FilesGooglePicasa3Uninstall.exe»
PIF DESIGNER—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B90450DF-E781-46FD-B1F1-0C86DA40E443}SETUP.EXE» -l0x19 anything
Pinnacle Instant DVD Recorder—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}setup.exe» -l0x19 UNINSTALL
Pleo Updater 1.1—>MsiExec.exe /I{B95B4713-796A-4B24-B8D0-E5D1FFA7C8EA}
proDAD Heroglyph 2.5—>»C:Program FilesproDADHeroglyph-2.5uninstall.exe» uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
proDAD Vitascene 1.0—>»C:Program FilesproDADVitascene-1.0uninstall.exe» uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
Punto Switcher 3.1—>C:Program FilesYandexPunto Switcheruninstall.exe
QuickTime Alternative 3.0.1—>»C:Program FilesQuickTime Alternativeunins000.exe»
RealPlayer—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|12.0
RU—>MsiExec.exe /I{01AE68B4-C785-4865-BC7E-78456372BB75}
Security Update для Microsoft .NET Framework 2.0 (КБ928365)—>C:WINDOWSsystem32msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Segoe UI—>MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features—>MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Starlink VideoLAN—>C:Program FilesStarlink VideoLANuninstal.exe
Starlink VLC ActiveX—>C:Program FilesStarlink VideoLANuninstal.exe
Studio 11 Bonus DVD—>C:Program FilesInstallShield Installation Information{45A1BF92-700A-4408-B95E-79F462E3D67D}setup.exe -runfromtemp -l0x0019 UNINSTALL -removeonly
Studio 11—>C:Program FilesInstallShield Installation Information{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}Setup2.exe -runfromtemp -l0x0019 UNINSTALL -removeonly
Total Commander 6.54 PowerPack—>»C:Program FilesTotal Commanderuninstall.exe»
TV Player Classic 4.1—>»C:Program FilesTVPlayerClassicunins000.exe»
TwinTouch LuxeMate—>C:Program FilesTwinTouch LuxeMateSetup.exe /Uninstall
Update Manager—>MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA—>MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VDOTool 5.5—>»C:Program FilesVDOToolunins000.exe»
Vertus Fluid Mask 3 3.0.6—>»C:Program FilesVertus Fluid Mask 3Uninstall.exe»
ViewSonic Monitor Drivers—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{48963B63-7A10-49D6-8B08-61E6132453D0}Setup.exe» -l0x9
VOA Special English — Education Reports V.2.1—>C:Program FilesEpangsoftVOA Special English — Education Reports V.2.1Uninstal.exe
WebMoney Agent—>C:Program FilesWebMoney Agentuninst_wmagent.exe
WebMoney Keeper Classic 3.7.0.1—>»C:Program FilesWebMoneyUninstall.exe» «C:Program FilesWebMoneyinstall.log» -u
WIBU-KEY Setup (WIBU-KEY Remove)—>C:Program FilesWIBUKEYSetupSetup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
Windows Driver Package — Ugobe Inc. (usbser) Ports (04/06/2007 1.0)—>rundll32.exe C:PROGRA~1DIFX15B7F172FC21855DDIFxAppA.dll, DIFxARPUninstallDriverPackage C:WINDOWSsystem32DRVSTOREUGOBE_95B7729BBF65244619B90DC6DFF1F01C415B7A9BUGOBE.inf
Windows Feature Pack for Storage (32-bit) — IMAPI update for Blu-Ray—>»C:WINDOWS$NtUninstallKB952011$spuninstspuninst.exe»
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Live Call—>MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform—>MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials—>C:Program FilesWindows LiveInstallerwlarp.exe
Windows Live Essentials—>MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety—>MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live Messenger—>MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant—>MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool—>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
XnView 1.82.4—>»C:Program FilesXnViewunins000.exe»
Yahoo! Desktop Login—>MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Версия 1.0—>F:ИгрыABCunins000.exe
Винни — Медовый пир—>C:WINDOWSIsUninstR.Exe -fC:PROGRA~1DISNEY~1PIGLET~1DeIsL1.isu -cC:PROGRA~1DISNEY~1PIGLET~1PBG_RE~1.DLL
Дора в Сказочной Стране—>C:Program FilesInstallShield Installation Information{302F6C51-D510-41F9-84EE-CFDD9E2684DA}setup.exe
Загадки Тигренка Усика—>»F:ИгрыЗагадки Тигренка Усикаunins000.exe»
Звуковое устройство SigmaTel Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}Setup.exe» -l0x19 -remove -removeonly
Исправление для Windows Internet Explorer 7 (KB947864)—>»C:WINDOWSie7updatesKB947864-IE7spuninstspuninst.exe»
Исправление для Windows XP (KB914440)—>»C:WINDOWS$NtUninstallKB914440$spuninstspuninst.exe»
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Исправление для проигрывателя Windows Media 11 — (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Незнайкина грамота—>C:WINDOWSIsUninst.exe -ff:игрыНезнайкаUninst.isu
Обновление безопасности для Windows Internet Explorer 7 (KB938127)—>»C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB942615)—>»C:WINDOWSie7updatesKB942615-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB944533)—>»C:WINDOWSie7updatesKB944533-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB953838)—>»C:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP — (KB923689)—>»C:WINDOWS$NtUninstallKB923689$spuninstspuninst.exe»
Обновление безопасности для Windows XP — (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB893756)—>»C:WINDOWS$NtUninstallKB893756$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB896358)—>»C:WINDOWS$NtUninstallKB896358$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB896423)—>»C:WINDOWS$NtUninstallKB896423$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB896424)—>»C:WINDOWS$NtUninstallKB896424$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB896428)—>»C:WINDOWS$NtUninstallKB896428$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB899587)—>»C:WINDOWS$NtUninstallKB899587$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB899591)—>»C:WINDOWS$NtUninstallKB899591$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB900725)—>»C:WINDOWS$NtUninstallKB900725$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB901017)—>»C:WINDOWS$NtUninstallKB901017$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB901214)—>»C:WINDOWS$NtUninstallKB901214$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB902400)—>»C:WINDOWS$NtUninstallKB902400$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB904706)—>»C:WINDOWS$NtUninstallKB904706$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB905414)—>»C:WINDOWS$NtUninstallKB905414$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB905749)—>»C:WINDOWS$NtUninstallKB905749$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB908519)—>»C:WINDOWS$NtUninstallKB908519$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB911562)—>»C:WINDOWS$NtUninstallKB911562$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB911927)—>»C:WINDOWS$NtUninstallKB911927$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB912919)—>»C:WINDOWS$NtUninstallKB912919$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB913580)—>»C:WINDOWS$NtUninstallKB913580$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB914388)—>»C:WINDOWS$NtUninstallKB914388$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB914389)—>»C:WINDOWS$NtUninstallKB914389$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB917344)—>»C:WINDOWS$NtUninstallKB917344$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB917422)—>»C:WINDOWS$NtUninstallKB917422$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB917953)—>»C:WINDOWS$NtUninstallKB917953$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB918118)—>»C:WINDOWS$NtUninstallKB918118$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB918439)—>»C:WINDOWS$NtUninstallKB918439$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB919007)—>»C:WINDOWS$NtUninstallKB919007$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB920213)—>»C:WINDOWS$NtUninstallKB920213$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB920670)—>»C:WINDOWS$NtUninstallKB920670$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB920683)—>»C:WINDOWS$NtUninstallKB920683$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB920685)—>»C:WINDOWS$NtUninstallKB920685$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB921503)—>»C:WINDOWS$NtUninstallKB921503$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB922819)—>»C:WINDOWS$NtUninstallKB922819$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923191)—>»C:WINDOWS$NtUninstallKB923191$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923414)—>»C:WINDOWS$NtUninstallKB923414$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923694)—>»C:WINDOWS$NtUninstallKB923694$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923789)—>C:WINDOWSsystem32MacroMedFlashgenuinst.exe C:WINDOWSsystem32MacroMedFlashKB923789.inf
Обновление безопасности для Windows XP (KB923980)—>»C:WINDOWS$NtUninstallKB923980$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB924191)—>»C:WINDOWS$NtUninstallKB924191$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB924270)—>»C:WINDOWS$NtUninstallKB924270$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB924496)—>»C:WINDOWS$NtUninstallKB924496$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB924667)—>»C:WINDOWS$NtUninstallKB924667$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB925902)—>»C:WINDOWS$NtUninstallKB925902$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB926255)—>»C:WINDOWS$NtUninstallKB926255$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB926436)—>»C:WINDOWS$NtUninstallKB926436$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB927779)—>»C:WINDOWS$NtUninstallKB927779$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB927802)—>»C:WINDOWS$NtUninstallKB927802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB928090)—>»C:WINDOWS$NtUninstallKB928090$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB928255)—>»C:WINDOWS$NtUninstallKB928255$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB928843)—>»C:WINDOWS$NtUninstallKB928843$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB929123)—>»C:WINDOWS$NtUninstallKB929123$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB929969)—>»C:WINDOWS$NtUninstallKB929969$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB930178)—>»C:WINDOWS$NtUninstallKB930178$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB931261)—>»C:WINDOWS$NtUninstallKB931261$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB931768)—>»C:WINDOWS$NtUninstallKB931768$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB931784)—>»C:WINDOWS$NtUninstallKB931784$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB932168)—>»C:WINDOWS$NtUninstallKB932168$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB933566)—>»C:WINDOWS$NtUninstallKB933566$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB933729)—>»C:WINDOWS$NtUninstallKB933729$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB935839)—>»C:WINDOWS$NtUninstallKB935839$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB935840)—>»C:WINDOWS$NtUninstallKB935840$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB936021)—>»C:WINDOWS$NtUninstallKB936021$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB937143)—>»C:WINDOWS$NtUninstallKB937143$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB937894)—>»C:WINDOWS$NtUninstallKB937894$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938127)—>»C:WINDOWS$NtUninstallKB938127$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938829)—>»C:WINDOWS$NtUninstallKB938829$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB939653)—>»C:WINDOWS$NtUninstallKB939653$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB941202)—>»C:WINDOWS$NtUninstallKB941202$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB941568)—>»C:WINDOWS$NtUninstallKB941568$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB941644)—>»C:WINDOWS$NtUninstallKB941644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB941693)—>»C:WINDOWS$NtUninstallKB941693$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB942615)—>»C:WINDOWS$NtUninstallKB942615$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB943055)—>»C:WINDOWS$NtUninstallKB943055$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB943460)—>»C:WINDOWS$NtUninstallKB943460$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB943485)—>»C:WINDOWS$NtUninstallKB943485$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB944653)—>»C:WINDOWS$NtUninstallKB944653$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB945553)—>»C:WINDOWS$NtUninstallKB945553$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946026)—>»C:WINDOWS$NtUninstallKB946026$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB948590)—>»C:WINDOWS$NtUninstallKB948590$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB948881)—>»C:WINDOWS$NtUninstallKB948881$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950749)—>»C:WINDOWS$NtUninstallKB950749$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376)—>»C:WINDOWS$NtUninstallKB951376$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB911564)—>»C:WINDOWS$NtUninstallKB911564$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 6.4 — (KB925398)—>»C:WINDOWS$NtUninstallKB925398_WMP64$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 9 — (KB917734)—>»C:WINDOWS$NtUninstallKB917734_WMP9$spuninstspuninst.exe»
Обновление для Windows XP (KB894391)—>»C:WINDOWS$NtUninstallKB894391$spuninstspuninst.exe»
Обновление для Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
Обновление для Windows XP (KB900485)—>»C:WINDOWS$NtUninstallKB900485$spuninstspuninst.exe»
Обновление для Windows XP (KB904942)—>»C:WINDOWS$NtUninstallKB904942$spuninstspuninst.exe»
Обновление для Windows XP (KB908531)—>»C:WINDOWS$NtUninstallKB908531$spuninstspuninst.exe»
Обновление для Windows XP (KB910437)—>»C:WINDOWS$NtUninstallKB910437$spuninstspuninst.exe»
Обновление для Windows XP (KB911280)—>»C:WINDOWS$NtUninstallKB911280$spuninstspuninst.exe»
Обновление для Windows XP (KB916595)—>»C:WINDOWS$NtUninstallKB916595$spuninstspuninst.exe»
Обновление для Windows XP (KB920342)—>»C:WINDOWS$NtUninstallKB920342$spuninstspuninst.exe»
Обновление для Windows XP (KB920872)—>»C:WINDOWS$NtUninstallKB920872$spuninstspuninst.exe»
Обновление для Windows XP (KB922582)—>»C:WINDOWS$NtUninstallKB922582$spuninstspuninst.exe»
Обновление для Windows XP (KB925876)—>»C:WINDOWS$NtUninstallKB925876$spuninstspuninst.exe»
Обновление для Windows XP (KB927891)—>»C:WINDOWS$NtUninstallKB927891$spuninstspuninst.exe»
Обновление для Windows XP (KB929338)—>»C:WINDOWS$NtUninstallKB929338$spuninstspuninst.exe»
Обновление для Windows XP (KB930916)—>»C:WINDOWS$NtUninstallKB930916$spuninstspuninst.exe»
Обновление для Windows XP (KB931836)—>»C:WINDOWS$NtUninstallKB931836$spuninstspuninst.exe»
Обновление для Windows XP (KB932823-v3)—>»C:WINDOWS$NtUninstallKB932823-v3$spuninstspuninst.exe»
Обновление для Windows XP (KB933360)—>»C:WINDOWS$NtUninstallKB933360$spuninstspuninst.exe»
Обновление для Windows XP (KB936357)—>»C:WINDOWS$NtUninstallKB936357$spuninstspuninst.exe»
Обновление для Windows XP (KB938828)—>»C:WINDOWS$NtUninstallKB938828$spuninstspuninst.exe»
Обновление для Windows XP (KB942763)—>»C:WINDOWS$NtUninstallKB942763$spuninstspuninst.exe»
Обновление для Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Пакет исправлений для Windows XP — KB873339—>C:WINDOWS$NtUninstallKB873339$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB885835—>C:WINDOWS$NtUninstallKB885835$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB885836—>C:WINDOWS$NtUninstallKB885836$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB886185—>C:WINDOWS$NtUninstallKB886185$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB887472—>C:WINDOWS$NtUninstallKB887472$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB888302—>C:WINDOWS$NtUninstallKB888302$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB890859—>»C:WINDOWS$NtUninstallKB890859$spuninstspuninst.exe»
Пакет исправлений для Windows XP — KB891781—>C:WINDOWS$NtUninstallKB891781$spuninstspuninst.exe
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Строительный эксперт 2000—>C:WINDOWSunin0419.exe -f»C:Program FilesСтроительный эксперт 2000DeIsL1.isu» -c»C:Program FilesСтроительный эксперт 2000_ISREG32.DLL»
Центр управления—>C:PRINTBOOK.RUUninstall.exe
Школа Микки Мауса—>F:462D~1Школа Микки МаусаUNWISE.EXE F:462D~1Школа Микки МаусаINSTALL.LOG
Элька. Мы спасем Антарктиду!—>C:Program FilesInstallShield Installation Information{E5E2B421-728C-457B-AFC3-1C1D0D3E4510}setup.exe -runfromtemp -l0x0019 -removeonly
Яндекс.Бар 4.3 для Internet Explorer—>MsiExec.exe /X{2B9C002D-F3C1-4F8A-B29A-7F9E9B473D4D}
Яндекс.Фотки 1.0 Beta—>MsiExec.exe /X{43392992-02FF-4718-BD68-0227385B4A5F}
Яндекс.Фотки для Internet Explorer—>»C:Program FilesYandexYandexPhotounins000.exe»======Hosts File======
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 http://www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com======Security center information======
AV: avast! antivirus 4.8.1368 [VPS 100314-1]
======System event log======
Computer Name: U-987654
Event Code: 51
Message: Обнаружена ошибка на устройстве DeviceCdRom0 во время выполнения операции страничного обмена.Record Number: 11542
Source Name: Cdrom
Time Written: 20100217145841.000000+180
Event Type: предупреждение
User:Computer Name: U-987654
Event Code: 51
Message: Обнаружена ошибка на устройстве DeviceCdRom0 во время выполнения операции страничного обмена.Record Number: 11541
Source Name: Cdrom
Time Written: 20100217145841.000000+180
Event Type: предупреждение
User:Computer Name: U-987654
Event Code: 51
Message: Обнаружена ошибка на устройстве DeviceCdRom0 во время выполнения операции страничного обмена.Record Number: 11540
Source Name: Cdrom
Time Written: 20100217145841.000000+180
Event Type: предупреждение
User:Computer Name: U-987654
Event Code: 51
Message: Обнаружена ошибка на устройстве DeviceCdRom0 во время выполнения операции страничного обмена.Record Number: 11539
Source Name: Cdrom
Time Written: 20100217145841.000000+180
Event Type: предупреждение
User:Computer Name: U-987654
Event Code: 51
Message: Обнаружена ошибка на устройстве DeviceCdRom0 во время выполнения операции страничного обмена.Record Number: 11538
Source Name: Cdrom
Time Written: 20100217145841.000000+180
Event Type: предупреждение
User:=====Application event log=====
Computer Name: U-987654
Event Code: 63
Message: Поставщик OffProv11 зарегистрирован в пространстве имен WMI RootMSAPPS11 с правами локальной системы. Это может привести к нарушениям зашиты, если поставщику не удастся олицетворить запрос пользователя.Record Number: 4971
Source Name: WinMgmt
Time Written: 20090709192629.000000+240
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: U-987654
Event Code: 63
Message: Поставщик OffProv11 зарегистрирован в пространстве имен WMI RootMSAPPS11 с правами локальной системы. Это может привести к нарушениям зашиты, если поставщику не удастся олицетворить запрос пользователя.Record Number: 4970
Source Name: WinMgmt
Time Written: 20090709192629.000000+240
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: U-987654
Event Code: 11724
Message: Продукт: Microsoft Office 2003 — веб-компоненты — Установка завершена успешно.Record Number: 4969
Source Name: MsiInstaller
Time Written: 20090709190920.000000+240
Event Type: информация
User: U-987654UserXComputer Name: U-987654
Event Code: 11724
Message: Продукт: Microsoft Office — профессиональный выпуск версии 2003 — Установка завершена успешно.Record Number: 4968
Source Name: MsiInstaller
Time Written: 20090709190834.000000+240
Event Type: информация
User: U-987654UserXComputer Name: U-987654
Event Code: 11729
Message: Продукт: Microsoft Office — профессиональный выпуск версии 2003 — Сбой настройки.Record Number: 4967
Source Name: MsiInstaller
Time Written: 20090709190239.000000+240
Event Type: информация
User: U-987654UserX======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32wbem;C:Samsung;C:Program FilesIntelDMIX;C:Program FilesQuickTime AlternativeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 6 Stepping 4, GenuineIntel
«PROCESSOR_REVISION»=0604
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Спасибо за помощь!
ComboFix 09-01-09.03 — UserX 2009-01-10 10:51:50.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.2030.1362 [GMT 3:00]
Running from: c:documents and settingsUserXРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserXРабочий столCFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090109-0] *On-access scanning disabled* (Outdated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
..
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_RASAUTOTRKWKS
Legacy_RDSESSMGRWSCSVC
Legacy_WEBCLIENTNETMAN
Service_RasAutoTrkWks
Service_RDSessMgrwscsvc
Service_WebClientNetman((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.2009-01-06 12:07 . 2009-01-06 12:07
d
c:documents and settingsAll UsersApplication DataNevoSoft Games
2008-12-19 15:33 . 2008-12-19 15:33d
c:program filesEpangsoft
2008-12-17 18:09 . 2008-12-17 18:09d
c:documents and settingsUserXApplication DataAnabel
2008-12-17 15:05 . 2008-12-17 15:05d
C:My Music
2008-12-17 15:04 . 2008-12-17 15:04d
c:program filesReal
2008-12-17 15:04 . 2008-12-17 15:04d
c:program filesCommon Filesxing shared
2008-12-17 15:04 . 2008-12-17 15:04d
c:program filesCommon FilesReal.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 17:25
d
w c:program filesDC++
2009-01-06 09:30
d
w c:program filesИгры от NevoSoft
2008-12-25 19:31
d
w c:documents and settingsUserXApplication DataskypePM
2008-12-25 19:31
d
w c:documents and settingsUserXApplication DataSkype
2008-12-23 18:42 304,160 —-a-w C:StiImg.dat
2008-12-18 05:51
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2008-12-08 13:12
d
w c:program filesFontExpert
2008-12-08 13:12
d
w c:documents and settingsUserXApplication DataProxima Software
2008-11-12 18:05
d
w c:documents and settingsAll UsersApplication DataAstar Games
2008-01-24 16:41 32 —-a-w c:documents and settingsAll UsersApplication Dataezsid.dat
2007-12-25 06:51 561,152 —-a-w c:documents and settingsUserXTlc.exe
2007-07-22 11:33 23 -c—a-w c:program fileshfkud16.sys
2003-07-28 20:15 307,200 —-a-w c:program filesinternet explorerpluginsdjvu0407.dll
2003-07-28 20:15 303,104 —-a-w c:program filesinternet explorerpluginsdjvu0409.dll
2003-07-28 20:15 311,296 —-a-w c:program filesinternet explorerpluginsdjvu040c.dll
2003-07-28 20:15 299,008 —-a-w c:program filesinternet explorerpluginsdjvu0411.dll
2003-07-28 20:15 299,008 —-a-w c:program filesinternet explorerpluginsdjvu0412.dll
2003-07-28 20:15 290,816 —-a-w c:program filesinternet explorerpluginsdjvu0804.dll
2003-07-28 20:15 122,880 —-a-w c:program filesinternet explorerpluginsDjVuCntl.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2003-08-18 15360]
«NCLaunch»=»c:windowsNCLAUNCH.EXe» [2007-12-25 40960]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-10-07 734504]
«BitComet»=»c:program filesBitCometBitComet.exe» [2008-03-25 2196280]
«Infium»=»e:qip infiuminfium.exe» [2008-12-09 5062144]
«QIP2005″=»c:program filesQIPqip.exe» [2006-10-18 3112960][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IAAnotif»=»c:program filesIntelIntel Matrix Storage ManagerIaanotif.exe» [2006-05-11 151552]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2006-06-23 98304]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2006-06-23 86016]
«Persistence»=»c:windowssystem32igfxpers.exe» [2006-06-23 81920]
«IntelAudioStudio»=»c:program filesIntel Audio StudioIntelAudioStudio.exe» [2006-08-02 9134080]
«ipTray.exe»=»c:program filesIntelIDUiptray.exe» [2006-11-24 2209792]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2007-01-08 68640]
«mouseElf»=»c:progra~1TWINTO~1MouseElf.EXE» [2004-08-26 192512]
«Gainward»=»c:program filesVDOToolTBPanel.exe» [2007-10-02 2165272]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-10-05 8491008]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-10-05 81920]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2008-11-26 81000]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2008-12-17 185896]
«nwiz»=»nwiz.exe» [2007-10-05 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2003-08-18 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.dvsd»= pdvcodec.dll
«VIDC.MJPG»= Pvmjpg30.dll
«msacm.l3fhg»= mp3fhg.acm
«VIDC.X264″= x264vfw.dll
«VIDC.HFYU»= huffyuv.dll
«vidc.i263″= i263_32.drv
«vidc.i420″= i420vfw.dll
«msacm.ac3filter»= ac3filter.acm
«msacm.divxa32″= divxa32.acm[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Acrobat Speed Launcher.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Acrobat Speed Launcher.lnk
backup=c:windowspssAdobe Acrobat Speed Launcher.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Gamma.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Gamma.lnk
backup=c:windowspssAdobe Gamma.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Быстрый запуск AutoCAD.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаБыстрый запуск AutoCAD.lnk
backup=c:windowspssБыстрый запуск AutoCAD.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаУскоренный запуск Adobe Reader.lnk
backup=c:windowspssУскоренный запуск Adobe Reader.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^UserX^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
path=c:documents and settingsUserXГлавное менюПрограммыАвтозагрузкаTotal Commander.lnk
backup=c:windowspssTotal Commander.lnkStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcrobat Assistant 7.0]
—a—c— 2004-12-14 02:12 483328 c:program filesAdobeAcrobat 7.0Distillracrotray.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregArcSoft Connection Service]
—a
2007-10-08 10:03 31232 c:program filesCommon FilesArcSoftConnection ServiceBinACDaemon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
—a
2006-11-16 19:04 139264 c:program filesCommon FilesAheadLibNMBgMonitor.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBitComet]
—a
2008-03-25 09:38 2196280 c:program filesBitCometBitComet.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
—a—c— 2007-01-08 22:17 52256 c:program filesCyberLinkPowerDVDLanguageLanguage.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
—a—c— 2006-01-12 15:40 155648 c:program filesCommon FilesAheadLibNeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPicasa Media Detector]
—a
2008-02-26 04:23 443968 c:program filesPicasa2PicasaMediaDetector.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
—a—c— 2004-06-03 22:05 32881 c:program filesJavaj2re1.4.2_05binjusched.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYupdate!]
—a
2007-12-06 18:00 455432 c:program filesCommon FilesYandexYupdateyupdate.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe»=
«c:\Program Files\DC++\DCPlusPlus.exe»=
«c:\Program Files\eMule\emule.exe»=
«c:\Program Files\BitComet\BitComet.exe»=
«c:\Program Files\Opera\Opera.exe»=
«c:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe»=
«c:\Program Files\Total Commander\Totalcmd.exe»=
«c:\Program Files\Pinnacle\Studio 11\programs\RM.exe»=
«c:\Program Files\Pinnacle\Studio 11\programs\Studio.exe»=
«c:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe»=
«c:\Program Files\Pinnacle\Studio 11\programs\umi.exe»=
«c:\Program Files\VideoLAN\VLC\vlc.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\Program Files\Windows Live\Messenger\livecall.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«27595:TCP»= 27595:TCP:BitComet 27595 TCP
«27595:UDP»= 27595:UDP:BitComet 27595 UDPR0 pe3alcnb;KDS-PvO Environment Driver (pe3alcnb);c:windowssystem32driverspe3alcnb.sys [2007-08-20 64624]
R0 ps7alcnb;KDS-PvO Synchronization Driver (ps7alcnb);c:windowssystem32driversps7alcnb.sys [2007-08-20 68216]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2008-09-21 111184]
R1 NVKEYNT;NVKEYNT;c:windowssystem32driversNVKEYNT.SYS [2007-08-26 71680]
R1 uzezmza0;AVZ-RK Kernel Driver;c:windowssystem32driversuzezmza0.sys [2007-11-22 11264]
R1 uzy3oty4;AVZ-RK Kernel Driver;c:windowssystem32driversuzy3oty4.sys [2008-01-17 11264]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:windowssystem32driversgflmouhid.sys [2007-02-15 6656]
R4 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2008-09-21 20560]
R4 osaio;osaio;c:windowssystem32driversosaio.sys [2007-02-15 6784]
S3 NVKEYUSB;Guardant Stealth I/II USB Key;c:windowssystem32driversNVKEYUSB.SYS [2007-08-26 38400]
S3 PAC207;VideoCAM GF112;c:windowssystem32driverspfc027.sys [2005-04-08 162176]
S4 pr2alcnb;KDS-PvO Drivers Auto Removal (pr2alcnb);c:windowssystem32pr2alcnb.exe svc —> c:windowssystem32pr2alcnb.exe svc [?][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bd24b653-85ef-11dc-a5b4-0030849dfd2c}]
ShellAutoRuncommand — wd_windows_toolssetup.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d0cf5560-de0e-11db-a4f2-0030849dfd2c}]
ShellAutoRuncommand — K:AUTORUN.EXE[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{de3cbfca-9361-11dc-a5c3-0030849dfd2c}]
shellSetupcommand — H:setup.exe
.
.
Supplementary Scan
.
uStart Page = http://www.nevosoft.ru
uDefault_Search_URL =
mStart Page = about:blank
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &З&агрузить &с помощью BitComet — c:program filesBitCometBitComet.exe/AddLink.htm
IE: &З&агрузить все видео файлы с помощью BitComet — c:program filesBitCometBitComet.exe/AddVideo.htm
IE: &З&агрузить все с помощью BitComet — c:program filesBitCometBitComet.exe/AddAllLink.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Convert link target to Adobe PDF — c:program filesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF — c:program filesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF — c:program filesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF — c:program filesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF — c:program filesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF — c:program filesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF — c:program filesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF — c:program filesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesX-Translator DIAMONDPROMTIE4promtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — c:program filesX-Translator DIAMONDPROMTIE4options.htmc:windowsDownloaded Program Filescortona_installer.dll — O16 -: {093500E9-F79F-4C52-A9B5-D8C7E4B3023E}
hxxp://www.outline3d.com/main/installer.cab?key=0b69
c:windowsDownloaded Program Filesinstaller.infc:windowsDownloaded Program FilesWMAcceptor.dll — O16 -: {463ED66E-431B-11D2-ADB0-0080C83DA4EB}
hxxps://w3s.webmoney.ru/WMAcceptor.dllc:windowsDownloaded Program Filespecontrol.dll — O16 -: {810B649C-CEAE-4AC9-BF26-81341B49E913}
hxxp://www.outline3d.com/main/pecontrol_new2.cab?key=0512
c:windowsDownloaded Program Filespecontrol.inf
FF — ProfilePath — c:documents and settingsUserXApplication DataMozillaFirefoxProfiles5oesd0ip.default
FF — prefs.js: browser.search.selectedEngine — Price.ru
FF — prefs.js: browser.startup.homepage — hxxp://www.kleo.ru/cgi-bin/items/admin/auth.cgi
FF — prefs.js: network.proxy.type — 2
FF — component: c:documents and settingsUserXApplication DataMozillaFirefoxProfiles5oesd0ip.defaultextensionsyaphoto@yandex.rucomponentswebfotki.dll
FF — plugin: c:program filesJavaj2re1.4.2_05binNPJava11.dll
FF — plugin: c:program filesJavaj2re1.4.2_05binNPJava12.dll
FF — plugin: c:program filesJavaj2re1.4.2_05binNPJava13.dll
FF — plugin: c:program filesJavaj2re1.4.2_05binNPJava14.dll
FF — plugin: c:program filesJavaj2re1.4.2_05binNPJava32.dll
FF — plugin: c:program filesJavaj2re1.4.2_05binNPJPI142_05.dll
FF — plugin: c:program filesJavaj2re1.4.2_05binNPOJI610.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 10:57:09
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Other Running Processes
.
c:program filesAlwil SoftwareAvast4aswUpdSv.exe
c:program filesAlwil SoftwareAvast4ashServ.exe
c:windowssystem32rundll32.exe
c:program filesCommon FilesArcSoftConnection ServiceBinACService.exe
c:program filesIntelIDUawServ.exe
c:program filesBonjourmDNSResponder.exe
c:program filesIntelIntel Matrix Storage ManagerIAANTmon.exe
c:windowssystem32nvsvc32.exe
c:program filesCyberLinkShared FilesRichVideo.exe
c:windowssystem32PAStiSvc.exe
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-01-10 11:01:39 — machine was rebooted
ComboFix-quarantined-files.txt 2009-01-10 08:01:36
ComboFix2.txt 2009-01-09 14:25:32Pre-Run: 7 199 711 232 байт свободно
Post-Run: 7,170,404,352 байт свободно245 — E O F — 2008-09-10 10:20:22
