Созданные ответы форума
-
Сообщения
-
@Valeri wrote:
Так же возможно что часть пользователей устанавливает его себе самостоятельно, когда этот троян выдаётся за обновление ОС, флеш проигрывателя, кряка и тд.
Вот оно, раньше я не видел, чтобы флеш плеер просился когда либо на обновление…, и тут вдруг вылазит при загрузки Windows, раза 2 или 3 я отказывался, потом решил обновить, тем более что там было написано, что перезагрузка не нужна.
Но если это «предложение на добровольную инсталяцию трояна», а не настоящее обновление, то получается что-то уже сидело у меня на компьютере? 😕Нет, сейчас не наблюдаю. Спасибо за проверу логов!
А что вы можете сказать про процесс VsTskMgr.exe, для чего он нужен, сейчас вроде ничего, а раньше до переустановки он часто грузил процессор…
А что за троян был, можете по подробнее расказать о нем, когда примерно я его подцепил, или где мог его подцепить, а то получается проскочил незаметно, и даже после заражения, ни антивирус ни Spybot ничего не видят 🙁
EOF
это не уместилось от первого лога (сообщение превысило 60000 знаков)info.txt:
info.txt logfile of random’s system information tool 1.08 2010-10-03 16:26:02======Uninstall list======
—>C:Program FilesNeroNero 7nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {C5060182-C90D-4314-9AE9-5C0DCF8FD1EF}
—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {00E877D5-CDF8-4DDC-9AE0-E541B4BB6487}
—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {3520B304-0EF8-475D-8C52-47ABCCC75FC6}
—>msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5C395839-FBA5-49C5-923A-787665D5E128}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY Lingvo 12 Multilingual Edition—>MsiExec.exe /I{A1200000-0004-0000-0000-074957833700}
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
AlterGeo Magic Scanner—>MsiExec.exe /I{15F62E9A-24C6-46CC-AEAA-8854120E5A25}
AmlMaple—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFAmlMaple.inf,Uninstall
D-Link DSB-C320—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime700Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5EA24DA8-F398-42C7-8CDC-39273493C514}setup.exe» -l0x9
D-Link DSL-200 ADSL Modem—>C:Program FilesD-LinkDSL-200uninstall.exe
FAR file manager—>C:Program FilesFarUninstall.exe
Foxit Reader—>C:Program FilesFoxit ReaderUninstall.exe
Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Планета Земля—>MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Guard.Mail.ru—>»C:Program FilesMail.RuGuardGuardMailRu.exe» /uninstall
Java(TM) 6 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Mega Codec Pack 3.9.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
Mail.Ru Агент 5.7 (сборка 3686, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
McAfee AntiSpyware Enterprise Module—>»C:Program FilesMcAfeeVirusScan Enterprisescan32.exe» /UninstallMAS
McAfee VirusScan Enterprise—>MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Excel 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office Excel 2007—>MsiExec.exe /X{90120000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall POWERPOINT /dll OSETUP.DLL
Microsoft Office PowerPoint 2007—>MsiExec.exe /X{90120000-0018-0000-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Visio MUI (Russian) 2007—>MsiExec.exe /X{90120000-0054-0419-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007—>MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visio Профессиональный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Word 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007—>MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Premium—>MsiExec.exe /I{11439F51-B8D2-4736-9CDF-8889FEBE1049}
Nero Sipps—>C:WINDOWSUNNeroSipps.exe /UNINSTALL
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
OpenMPT 1.18—>»C:Program FilesOpenMPTunins000.exe»
Opera 10.61—>MsiExec.exe /X{6D482078-8D15-4FD3-B838-C7B49174650F}
OperaAC—>C:Program FilesOperaACUninstall.exe
Paint.NET v3.31—>rundll32.exe advpack.dll,LaunchINFSection PaintDN.inf,Uninstall
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}SETUP.EXE» -l0x19 -removeonly
Skype—>C:Program FilesSkypeUninstall.exe
Skype™ 4.2—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot — Search & Destroy—>»C:Program FilesSpybot — Search & Destroyunins000.exe»
The KMPlayer—>C:Program FilesThe KMPlayerUninstall.exe
Vista Drive Icon—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
WebMoney Agent—>C:Program FilesWebMoney Agentuninst_wmagent.exe
WebMoney Keeper Classic 3.9.2.1—>»C:Program FilesWebMoneyUninstall.exe» «C:Program FilesWebMoneyinstall.log» -u
Winamp—>»C:Program FilesWinampunins000.exe»
Yahoo! Companion—>rundll32.exe C:PROGRA~1Yahoo!COMPAN~1InstallscpnYCOMP5~1.DLL,DllCommand ui
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»======Security center information======
AV: VirusScan Enterprise + AntiSpyware Enterprise (disabled)
======System event log======
Computer Name: MICROSOF-F4D2C7
Event Code: 6011
Message: NetBIOS-имя и имя DNS-узла этого компьютера были изменены с «MACHINENAME» на «MICROSOF-F4D2C7».Record Number: 5
Source Name: EventLog
Time Written: 20101003135208.000000+300
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 26
Message: Всплывающее окно приложения: : SystemRootSystem32nv4_disp.dll failed to loadRecord Number: 4
Source Name: Application Popup
Time Written: 20101003175144.000000+300
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 2
Message: При проверке, что DeviceSerial0 является последовательным портом, обнаружена и будет использоваться прямая очередь.Record Number: 3
Source Name: Serial
Time Written: 20101003174419.000000+300
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 6005
Message: Запущена служба журнала событий.Record Number: 2
Source Name: EventLog
Time Written: 20101003174402.000000+300
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.Record Number: 1
Source Name: EventLog
Time Written: 20101003174402.000000+300
Event Type: информация
User:=====Application event log=====
Computer Name: MICROSOF-F4D2C7
Event Code: 1000
Message: Счетчики производительности для службы MSDTC (MSDTC) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20101003135406.000000+300
Event Type: информация
User:Computer Name: MICROSOF-F4D2C7
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20101003135401.000000+300
Event Type: информация
User:Computer Name: MICROSOF-F4D2C7
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20101003135239.000000+300
Event Type: информация
User:Computer Name: MICROSOF-F4D2C7
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20101003135225.000000+300
Event Type: информация
User:Computer Name: MICROSOF-F4D2C7
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20101003135215.000000+300
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 23 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=1706
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«VSEDEFLOGDIR»=C:Documents and SettingsAll UsersApplication DataMcAfeeDesktopProtection
«DEFLOGDIR»=C:Documents and SettingsAll UsersApplication DataMcAfeeDesktopProtection
«Page2Chm»=C:Program FilesOperaACMisc
EOF
Logfile of random’s system information tool 1.08 (written by random/random)
Run by Admin at 2010-10-03 16:25:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (78%) free of 48 GB
Total RAM: 3326 MB (88% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:26:00, on 03.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesMail.RuGuardGuardMailRu.exe
C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe
C:Program FilesMcAfeeVirusScan EnterpriseMcshield.exe
C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSRTHDCPL.EXE
C:Program FilesD-LinkDSL-200dslstat.exe
C:Program FilesD-LinkDSL-200dslagent.exe
C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE
C:Program FilesMcAfeeCommon FrameworkUdaterUI.exe
C:Program FilesMcAfeeCommon FrameworkMcTray.exe
C:WINDOWSVM_STI.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesOperaACopera.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
O2 — BHO: Yahoo! Companion BHO — {02478D38-C3F9-4efb-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_2_0.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_06binssv.dll
O2 — BHO: scriptproxy — {7DB2D5A0-7241-4E79-B68D-6309F01C5231} — C:Program FilesMcAfeeVirusScan Enterprisescriptcl.dll
O2 — BHO: AlterGeo Magic Scanner — {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} — C:Program FilesAlterGeoAlterGeo Magic Scanner2.8.3.585AlterGeo.BrowserPlugin.dll
O3 — Toolbar: &Yahoo! Companion — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_2_0.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [DSLSTATEXE] C:Program FilesD-LinkDSL-200dslstat.exe icon
O4 — HKLM..Run: [DSLAGENTEXE] C:Program FilesD-LinkDSL-200dslagent.exe
O4 — HKLM..Run: [ShStatEXE] «C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE» /STANDALONE
O4 — HKLM..Run: [McAfeeUpdaterUI] «C:Program FilesMcAfeeCommon FrameworkUdaterUI.exe» /StartedFromRunKey
O4 — HKLM..Run: [BigDogPath] C:WINDOWSVM_STI.EXE D-Link DSB-C320
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O8 — Extra context menu item: &Перевести с помощью ABBYY Lingvo… — res://C:Program FilesABBYY Lingvo 12Lingvo.exe/3000
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_06binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_06binssv.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O17 — HKLMSystemCCSServicesTcpip..{80317C20-08B6-473A-81E0-33ABFA88033E}: NameServer = 212.154.163.162 95.56.237.24
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 — SharedTaskScheduler: Предзагрузчик Browseui — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSsystem32browseui.dll
O22 — SharedTaskScheduler: Демон кэша категорий компонентов — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSsystem32browseui.dll
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Guard.Mail.ru — Unknown owner — C:Program FilesMail.RuGuardGuardMailRu.exe
O23 — Service: Google Update Service (gupdate) (gupdate) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: McAfee Framework Service (McAfeeFramework) — McAfee, Inc. — C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe
O23 — Service: McAfee McShield (McShield) — McAfee, Inc. — C:Program FilesMcAfeeVirusScan EnterpriseMcshield.exe
O23 — Service: McAfee Task Manager (McTaskManager) — McAfee, Inc. — C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9096 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogleUpdateTaskMachineCore.job
C:WINDOWStasksGoogleUpdateTaskMachineUA.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_2_0.dll [2005-04-22 328275][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2008-07-07 1562448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_06binssv.dll [2008-03-25 509328][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy — C:Program FilesMcAfeeVirusScan Enterprisescriptcl.dll [2006-11-29 67136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
AlterGeoBHO Class — C:Program FilesAlterGeoAlterGeo Magic Scanner2.8.3.585AlterGeo.BrowserPlugin.dll [2010-06-21 255632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — &Yahoo! Companion — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_2_0.dll [2005-04-22 328275][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-03-24 13524992]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-03-24 86016]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-09-19 16844800]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«DSLSTATEXE»=C:Program FilesD-LinkDSL-200dslstat.exe [2005-12-12 344064]
«DSLAGENTEXE»=C:Program FilesD-LinkDSL-200dslagent.exe [2005-08-25 65536]
«ShStatEXE»=C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE [2006-11-29 112216]
«McAfeeUpdaterUI»=C:Program FilesMcAfeeCommon FrameworkUdaterUI.exe [2006-11-17 136768]
«BigDogPath»=C:WINDOWSVM_STI.EXE [2004-06-09 40960][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-05-20 30208]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2006-07-31 139264][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAmlMaple]
C:Program FilesAmlMapleAmlMaple.exe [2008-04-25 91648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBigDogPath]
C:WINDOWSVM_STI.EXE [2004-06-09 40960][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGuard.Mail.ru.gui]
C:Program FilesMail.RuGuardGuardMailRu.exe [2010-10-03 974528][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
C:Program FilesABBYY Lingvo 12Lvagent.exe [2006-12-14 258048][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
C:Program FilesMail.RuAgentMAgent.exe [2010-10-03 12270784][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVistaIcon]
C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregwmagent.exe]
C:Program FilesWebMoney Agentwmagent.exe [2009-10-19 210400][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe»=»C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe:*:Enabled:McAfee Framework Service»
«C:Program FilesGoogleGoogle Earthclientgoogleearth.exe»=»C:Program FilesGoogleGoogle Earthclientgoogleearth.exe:*:Enabled:Google Earth»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2010-10-03 17:52:04 —-A—- C:WINDOWSsystem32h323log.txt
2010-10-03 17:52:01 —-A—- C:WINDOWSsystem32driverssplitter.sys
2010-10-03 17:52:00 —-A—- C:WINDOWSsystem32driversaec.sys
2010-10-03 17:51:59 —-A—- C:WINDOWSsystem32driversswmidi.sys
2010-10-03 17:51:58 —-A—- C:WINDOWSsystem32driversDMusic.sys
2010-10-03 17:51:57 —-A—- C:WINDOWSsystem32driversdrmkaud.sys
2010-10-03 17:51:56 —-A—- C:WINDOWSsystem32driversMSPQM.sys
2010-10-03 17:51:55 —-A—- C:WINDOWSsystem32driverswdmaud.sys
2010-10-03 17:51:54 —-A—- C:WINDOWSsystem32driversMSKSSRV.sys
2010-10-03 17:51:53 —-A—- C:WINDOWSsystem32driverskmixer.sys
2010-10-03 17:51:52 —-A—- C:WINDOWSsystem32driversMSPCLOCK.sys
2010-10-03 17:51:51 —-A—- C:WINDOWSsystem32driverssysaudio.sys
2010-10-03 17:51:48 —-A—- C:WINDOWSsystem32driversaudstub.sys
2010-10-03 17:51:29 —-D—- C:WINDOWSsystem32RTCOM
2010-10-03 17:51:28 —-A—- C:WINDOWSsystem32ksuser.dll
2010-10-03 17:51:27 —-A—- C:WINDOWSsystem32driversportcls.sys
2010-10-03 17:51:27 —-A—- C:WINDOWSsystem32driversdrmk.sys
2010-10-03 17:51:09 —-A—- C:WINDOWSsystem32driversredbook.sys
2010-10-03 17:50:43 —-D—- C:WINDOWSnview
2010-10-03 17:50:43 —-D—- C:WINDOWSNV10641540.TMP
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nwiz.exe
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvwrsru.dll
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvwimg.dll
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvwdmcpl.dll
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvuninst.exe
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvudisp.exe
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvshell.dll
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvrsru.dll
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvmccsrs.dll
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nview.dll
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvexpbar.dll
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvdspsch.exe
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvcpluir.dll
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvcplui.exe
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvcolor.exe
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32nvappbar.exe
2010-10-03 17:50:43 —-A—- C:WINDOWSsystem32keystone.exe
2010-10-03 17:50:39 —-A—- C:WINDOWSsystem32driversenum1394.sys
2010-10-03 17:50:21 —-A—- C:WINDOWSsystem32driverswmiacpi.sys
2010-10-03 17:49:35 —-A—- C:WINDOWSsystem32usbui.dll
2010-10-03 17:48:09 —-SHD—- C:WINDOWSInstaller
2010-10-03 17:48:09 —-D—- C:Program FilesCommon FilesODBC
2010-10-03 17:48:09 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2010-10-03 17:48:09 —-A—- C:WINDOWSODBCINST.INI
2010-10-03 17:48:06 —-D—- C:Program FilesCommon FilesSpeechEngines
2010-10-03 17:48:05 —-RD—- C:Program Files
2010-10-03 17:48:05 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2010-10-03 17:48:05 —-D—- C:Program FilesCommon Files
2010-10-03 17:48:02 —-RA—- C:WINDOWSsystem32kbdtuq.dll
2010-10-03 17:48:02 —-RA—- C:WINDOWSsystem32kbdtuf.dll
2010-10-03 17:48:02 —-RA—- C:WINDOWSsystem32kbdazel.dll
2010-10-03 17:48:01 —-RA—- C:WINDOWSsystem32kbdhept.dll
2010-10-03 17:48:01 —-RA—- C:WINDOWSsystem32kbdhela3.dll
2010-10-03 17:48:00 —-RA—- C:WINDOWSsystem32kbdhela2.dll
2010-10-03 17:48:00 —-RA—- C:WINDOWSsystem32kbdhe319.dll
2010-10-03 17:48:00 —-RA—- C:WINDOWSsystem32kbdhe220.dll
2010-10-03 17:48:00 —-RA—- C:WINDOWSsystem32kbdhe.dll
2010-10-03 17:48:00 —-RA—- C:WINDOWSsystem32kbdgkl.dll
2010-10-03 17:47:59 —-RA—- C:WINDOWSsystem32kbdlv1.dll
2010-10-03 17:47:59 —-RA—- C:WINDOWSsystem32kbdlv.dll
2010-10-03 17:47:59 —-RA—- C:WINDOWSsystem32kbdlt1.dll
2010-10-03 17:47:59 —-RA—- C:WINDOWSsystem32kbdlt.dll
2010-10-03 17:47:59 —-RA—- C:WINDOWSsystem32kbdest.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdycl.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdsl1.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdsl.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdro.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdpl1.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdpl.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdhu1.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdhu.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdcz2.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdcz1.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdcz.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32kbdcr.dll
2010-10-03 17:47:57 —-RA—- C:WINDOWSsystem32KBDAL.DLL
2010-10-03 17:47:54 —-A—- C:WINDOWSsystem32kbdycc.dll
2010-10-03 17:47:54 —-A—- C:WINDOWSsystem32kbduzb.dll
2010-10-03 17:47:54 —-A—- C:WINDOWSsystem32kbdur.dll
2010-10-03 17:47:54 —-A—- C:WINDOWSsystem32kbdtat.dll
2010-10-03 17:47:54 —-A—- C:WINDOWSsystem32kbdmon.dll
2010-10-03 17:47:54 —-A—- C:WINDOWSsystem32kbdkyr.dll
2010-10-03 17:47:54 —-A—- C:WINDOWSsystem32kbdkaz.dll
2010-10-03 17:47:54 —-A—- C:WINDOWSsystem32kbdbu.dll
2010-10-03 17:47:54 —-A—- C:WINDOWSsystem32kbdblr.dll
2010-10-03 17:47:54 —-A—- C:WINDOWSsystem32kbdaze.dll
2010-10-03 17:47:53 —-A—- C:WINDOWSsystem32irclass.dll
2010-10-03 17:47:53 —-A—- C:WINDOWSsystem32dgsetup.dll
2010-10-03 17:47:53 —-A—- C:WINDOWSsystem32dgrpsetu.dll
2010-10-03 17:47:52 —-A—- C:WINDOWSsystem32spxcoins.dll
2010-10-03 17:47:52 —-A—- C:WINDOWSsystem32EqnClass.Dll
2010-10-03 17:47:50 —-N—- C:WINDOWSsystem32CONFIG.TMP
2010-10-03 17:47:50 —-A—- C:WINDOWSTASKMAN.EXE
2010-10-03 17:47:50 —-A—- C:WINDOWSsystem32driversirenum.sys
2010-10-03 17:47:50 —-A—- C:WINDOWSsystem32batt.dll
2010-10-03 17:47:49 —-A—- C:WINDOWSsystem32storprop.dll
2010-10-03 17:47:49 —-A—- C:WINDOWSNOTEPAD.EXE
2010-10-03 17:47:43 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2010-10-03 17:47:39 —-RA—- C:WINDOWSSET8.tmp
2010-10-03 17:47:37 —-RA—- C:WINDOWSSET4.tmp
2010-10-03 17:47:36 —-RA—- C:WINDOWSSET3.tmp
2010-10-03 17:47:33 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2010-10-03 17:47:04 —-A—- C:WINDOWSsetuplog.txt
2010-10-03 17:46:43 —-R—- C:WINDOWSsystem32driversRtkHDAud.sys
2010-10-03 17:46:43 —-R—- C:WINDOWSSoundMan.exe
2010-10-03 17:46:43 —-R—- C:WINDOWSSkyTel.exe
2010-10-03 17:46:43 —-R—- C:WINDOWSRtlUpd.exe
2010-10-03 17:46:42 —-R—- C:WINDOWSRTLCPL.exe
2010-10-03 17:46:41 —-R—- C:WINDOWSRTHDCPL.exe
2010-10-03 17:46:41 —-R—- C:WINDOWSMicCal.exe
2010-10-03 17:46:41 —-R—- C:WINDOWSalcwzrd.exe
2010-10-03 17:46:41 —-R—- C:WINDOWSAlcmtr.exe
2010-10-03 17:45:33 —-A—- C:WINDOWSsystem32fdco1ins.dll
2010-10-03 17:45:33 —-A—- C:WINDOWSsystem32bdco1ins.dll
2010-10-03 17:45:05 —-A—- C:WINDOWSsystem32nvwssr.dll
2010-10-03 17:45:05 —-A—- C:WINDOWSsystem32driversnv4_mini.sys
2010-10-03 17:45:04 —-A—- C:WINDOWSsystem32nvwss.dll
2010-10-03 17:45:04 —-A—- C:WINDOWSsystem32nvwddi.dll
2010-10-03 17:45:04 —-A—- C:WINDOWSsystem32nvvitvsr.dll
2010-10-03 17:45:04 —-A—- C:WINDOWSsystem32nvvitvs.dll
2010-10-03 17:45:03 —-A—- C:WINDOWSsystem32nvoglnt.dll
2010-10-03 17:44:59 —-A—- C:WINDOWSsystem32nvnt4cpl.dll
2010-10-03 17:44:59 —-A—- C:WINDOWSsystem32nvmoblsr.dll
2010-10-03 17:44:59 —-A—- C:WINDOWSsystem32nvmobls.dll
2010-10-03 17:44:59 —-A—- C:WINDOWSsystem32nvmctray.dll
2010-10-03 17:44:59 —-A—- C:WINDOWSsystem32nvmccssr.dll
2010-10-03 17:44:59 —-A—- C:WINDOWSsystem32nvmccss.dll
2010-10-03 17:44:59 —-A—- C:WINDOWSsystem32nvmccs.dll
2010-10-03 17:44:59 —-A—- C:WINDOWSsystem32nvgamesr.dll
2010-10-03 17:44:59 —-A—- C:WINDOWSsystem32nvgames.dll
2010-10-03 17:44:58 —-A—- C:WINDOWSsystem32nvdispsr.dll
2010-10-03 17:44:58 —-A—- C:WINDOWSsystem32nvdisps.dll
2010-10-03 17:44:58 —-A—- C:WINDOWSsystem32nvcuda.dll
2010-10-03 17:44:56 —-A—- C:WINDOWSsystem32nvsvc32.exe
2010-10-03 17:44:56 —-A—- C:WINDOWSsystem32nvcpl.dll
2010-10-03 17:44:56 —-A—- C:WINDOWSsystem32nvcodins.dll
2010-10-03 17:44:56 —-A—- C:WINDOWSsystem32nvcod.dll
2010-10-03 17:44:56 —-A—- C:WINDOWSsystem32nvapi.dll
2010-10-03 17:44:56 —-A—- C:WINDOWSsystem32nv4_disp.dll
2010-10-03 17:44:08 —-D—- C:WINDOWSsystem32CatRoot2
2010-10-03 17:44:08 —-D—- C:WINDOWSsystem32CatRoot
2010-10-03 17:43:56 —-SHD—- C:System Volume Information
2010-10-03 17:43:56 —-D—- C:Documents and Settings
2010-10-03 17:43:03 —-SH—- C:boot.ini
2010-10-03 17:37:59 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-10-03 17:37:59 —-RSD—- C:WINDOWSFonts
2010-10-03 17:37:59 —-RD—- C:WINDOWSWeb
2010-10-03 17:37:59 —-HD—- C:WINDOWSinf
2010-10-03 17:37:59 —-D—- C:WINDOWSWinSxS
2010-10-03 17:37:59 —-D—- C:WINDOWStwain_32
2010-10-03 17:37:59 —-D—- C:WINDOWSTemp
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32wins
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32wbem
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32usmt
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32spool
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32ShellExt
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32Setup
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32ru-ru
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32ru
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32ras
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32oobe
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32npp
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32mui
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32inetsrv
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32IME
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32icsxml
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32ias
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32export
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32driversUMDF
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32driversetc
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32driversdisdn
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32drivers
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32dhcp
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32config
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem323com_dmi
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem323076
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem322052
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem321054
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem321049
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem321042
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem321041
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem321037
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem321033
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem321031
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem321028
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem321025
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem32
2010-10-03 17:37:59 —-D—- C:WINDOWSsystem
2010-10-03 17:37:59 —-D—- C:WINDOWSsecurity
2010-10-03 17:37:59 —-D—- C:WINDOWSResources
2010-10-03 17:37:59 —-D—- C:WINDOWSrepair
2010-10-03 17:37:59 —-D—- C:WINDOWSProvisioning
2010-10-03 17:37:59 —-D—- C:WINDOWSPeerNet
2010-10-03 17:37:59 —-D—- C:WINDOWSpchealth
2010-10-03 17:37:59 —-D—- C:WINDOWSNetwork Diagnostic
2010-10-03 17:37:59 —-D—- C:WINDOWSmui
2010-10-03 17:37:59 —-D—- C:WINDOWSmsapps
2010-10-03 17:37:59 —-D—- C:WINDOWSmsagent
2010-10-03 17:37:59 —-D—- C:WINDOWSMedia
2010-10-03 17:37:59 —-D—- C:WINDOWSL2Schemas
2010-10-03 17:37:59 —-D—- C:WINDOWSjava
2010-10-03 17:37:59 —-D—- C:WINDOWSime
2010-10-03 17:37:59 —-D—- C:WINDOWSHelp
2010-10-03 17:37:59 —-D—- C:WINDOWSehome
2010-10-03 17:37:59 —-D—- C:WINDOWSDriver Cache
2010-10-03 17:37:59 —-D—- C:WINDOWSDebug
2010-10-03 17:37:59 —-D—- C:WINDOWSCursors
2010-10-03 17:37:59 —-D—- C:WINDOWSConnection Wizard
2010-10-03 17:37:59 —-D—- C:WINDOWSConfig
2010-10-03 17:37:59 —-D—- C:WINDOWSAppPatch
2010-10-03 17:37:59 —-D—- C:WINDOWSaddins
2010-10-03 17:37:59 —-D—- C:WINDOWS
2010-10-03 17:37:59 —-ASH—- C:pagefile.sys
2010-10-03 16:25:52 —-D—- C:rsit
2010-10-03 16:25:52 —-D—- C:Program Filestrend micro
2010-10-03 16:19:50 —-D—- C:Program FilesABBYY Lingvo 12
2010-10-03 16:18:15 —-D—- C:Documents and SettingsAll UsersApplication DataABBYY
2010-10-03 16:11:33 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2010-10-03 16:09:52 —-D—- C:Documents and SettingsAll UsersApplication DatanView_Profiles
2010-10-03 16:07:59 —-D—- C:Program FilesSpybot — Search & Destroy
2010-10-03 16:07:59 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2010-10-03 16:01:14 —-SHD—- C:RECYCLER
2010-10-03 15:57:15 —-A—- C:WINDOWSNeroDigital.ini
2010-10-03 15:56:52 —-A—- C:WINDOWSsystem32driversMSTEE.sys
2010-10-03 15:56:51 —-A—- C:WINDOWSsystem32driversNdisIP.sys
2010-10-03 15:56:49 —-A—- C:WINDOWSsystem32driversStreamIP.sys
2010-10-03 15:56:48 —-A—- C:WINDOWSsystem32driversSLIP.sys
2010-10-03 15:56:47 —-A—- C:WINDOWSsystem32driversWSTCODEC.SYS
2010-10-03 15:56:46 —-A—- C:WINDOWSsystem32driversNABTSFEC.sys
2010-10-03 15:56:44 —-A—- C:WINDOWSsystem32driversCCDECODE.sys
2010-10-03 15:54:48 —-A—- C:WINDOWSsystem32vfwwdm32.dll
2010-10-03 15:54:25 —-D—- C:WINDOWSCatRoot
2010-10-03 15:54:25 —-D—- C:Program FilesVimicro
2010-10-03 15:54:25 —-A—- C:WINDOWSVMCap.exe
2010-10-03 15:54:25 —-A—- C:WINDOWSVm_sti.exe
2010-10-03 15:54:25 —-A—- C:WINDOWSvidcap32.Exe
2010-10-03 15:54:25 —-A—- C:WINDOWSsystem32VM302STI.dll
2010-10-03 15:54:25 —-A—- C:WINDOWSsystem32driversusbvm302.sys
2010-10-03 15:54:25 —-A—- C:WINDOWSStillCap.exe
2010-10-03 15:54:25 —-A—- C:WINDOWSamcap.exe
2010-10-03 15:53:57 —-A—- C:WINDOWSsystem32driversUsbMicfilt.sys
2010-10-03 15:53:55 —-D—- C:Documents and SettingsAdminApplication DataWinRAR
2010-10-03 15:51:53 —-N—- C:WINDOWSUNNeroSipps.exe
2010-10-03 15:50:27 —-D—- C:Documents and SettingsAdminApplication DataAhead
2010-10-03 15:48:25 —-D—- C:Program FilesNero
2010-10-03 15:48:25 —-D—- C:Program FilesCommon FilesAhead
2010-10-03 15:37:37 —-A—- C:WINDOWSsystem32driversUSBAUDIO.sys
2010-10-03 15:37:11 —-A—- C:WINDOWSsystem32driversusbccgp.sys
2010-10-03 15:35:49 —-D—- C:Documents and SettingsAdminApplication DataMedia Player Classic
2010-10-03 15:29:39 —-D—- C:Documents and SettingsAdminApplication DataskypePM
2010-10-03 15:29:25 —-D—- C:Program FilesCommon FilesSkype
2010-10-03 15:29:18 —-D—- C:Documents and SettingsAll UsersApplication DataSkype
2010-10-03 15:18:28 —-D—- C:Documents and SettingsAdminApplication DataSkype
2010-10-03 15:18:02 —-D—- C:Program FilesOpenMPT
2010-10-03 15:18:02 —-D—- C:Documents and SettingsAdminApplication DataOpenMPT
2010-10-03 15:14:28 —-D—- C:Documents and SettingsAdminApplication DataOpera
2010-10-03 15:14:17 —-D—- C:Program FilesOpera
2010-10-03 15:12:23 —-D—- C:Documents and SettingsAdminApplication DataGoogle
2010-10-03 15:12:13 —-A—- C:WINDOWSsystem32driversUSBSTOR.SYS
2010-10-03 15:09:39 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle
2010-10-03 15:09:01 —-D—- C:Program FilesGoogle
2010-10-03 15:08:43 —-D—- C:Program FilesWebMoney Agent
2010-10-03 15:08:40 —-D—- C:Documents and SettingsAll UsersApplication DataTEMP
2010-10-03 15:07:51 —-D—- C:Program FilesWebMoney
2010-10-03 15:07:05 —-D—- C:Program FilesAlterGeo
2010-10-03 15:06:38 —-D—- C:Program FilesMail.Ru
2010-10-03 15:06:38 —-D—- C:Documents and SettingsAdminApplication DataMra
2010-10-03 15:02:32 —-D—- C:Program FilesCommon FilesCisco Systems
2010-10-03 15:02:32 —-D—- C:Documents and SettingsAll UsersApplication DataMcAfee
2010-10-03 15:02:32 —-A—- C:WINDOWSsystem32epoPGPsdk.dll.sig
2010-10-03 15:02:32 —-A—- C:WINDOWSsystem32epoPGPsdk.dll
2010-10-03 15:02:19 —-A—- C:WINDOWSsystem32driversmfebopk.sys
2010-10-03 15:02:18 —-A—- C:WINDOWSsystem32driversmfetdik.sys
2010-10-03 15:02:18 —-A—- C:WINDOWSsystem32driversmfehidk.sys
2010-10-03 15:02:18 —-A—- C:WINDOWSsystem32driversmfeavfk.sys
2010-10-03 15:02:18 —-A—- C:WINDOWSsystem32driversmfeapfk.sys
2010-10-03 15:02:12 —-D—- C:Program FilesMcAfee
2010-10-03 15:02:12 —-D—- C:Program FilesCommon FilesMcAfee
2010-10-03 14:59:52 —-D—- C:WINDOWSsystem32NtmsData
2010-10-03 14:57:57 —-A—- C:WINDOWSsystem32driversgwausb.sys
2010-10-03 14:57:57 —-A—- C:WINDOWSsystem32CoInst.dll
2010-10-03 14:57:56 —-N—- C:WINDOWSwwdslcfg.ini
2010-10-03 14:57:56 —-N—- C:WINDOWSsystem32CplEng.dll
2010-10-03 14:57:54 —-D—- C:Program FilesD-Link
2010-10-03 14:52:45 —-R—- C:WINDOWSsystem32ChCfg.exe
2010-10-03 14:52:14 —-D—- C:Program FilesRealtek
2010-10-03 14:52:12 —-R—- C:WINDOWSRtlExUpd.dll
2010-10-03 14:52:12 —-A—- C:WINDOWSHideWin.exe
2010-10-03 14:49:46 —-A—- C:WINDOWSsystem32nvunrm.exe
2010-10-03 14:49:14 —-A—- C:WINDOWSsystem32nvusmb.exe
2010-10-03 14:47:38 —-D—- C:Documents and SettingsAdminApplication DataInstallShield
2010-10-03 14:47:27 —-D—- C:Program FilesYahoo!
2010-10-03 14:45:19 —-A—- C:WINDOWSgdrv.sys
2010-10-03 14:29:14 —-D—- C:Program FilesFar
2010-10-03 14:22:35 —-D—- C:WINDOWSpss
2010-10-03 14:15:30 —-D—- C:WINDOWSsystem32Lang
2010-10-03 14:15:15 —-A—- C:WINDOWSsystem32wmpns.dll
2010-10-03 14:15:13 —-D—- C:Documents and SettingsAdminApplication DataIdentities
2010-10-03 14:15:11 —-HD—- C:Program FilesUninstall Information
2010-10-03 14:14:43 —-RD—- C:WINDOWSOemDrv
2010-10-03 14:14:39 —-D—- C:Program FilesuTorrent
2010-10-03 14:14:36 —-D—- C:Program FilesWinRAR
2010-10-03 14:14:34 —-D—- C:Documents and SettingsAdminApplication DataWinamp
2010-10-03 14:14:34 —-A—- C:WINDOWSsystem32px.dll
2010-10-03 14:14:30 —-D—- C:Program FilesWinamp
2010-10-03 14:14:27 —-RD—- C:Program FilesSkype
2010-10-03 14:14:20 —-D—- C:Program FilesOperaAC
2010-10-03 14:14:13 —-A—- C:WINDOWSsystem32unrar.dll
2010-10-03 14:14:13 —-A—- C:WINDOWSsystem32rmoc3260.dll
2010-10-03 14:14:13 —-A—- C:WINDOWSsystem32pndx5032.dll
2010-10-03 14:14:13 —-A—- C:WINDOWSsystem32pndx5016.dll
2010-10-03 14:14:13 —-A—- C:WINDOWSsystem32pncrt.dll
2010-10-03 14:14:12 —-A—- C:WINDOWSsystem32yv12vfw.dll
2010-10-03 14:14:12 —-A—- C:WINDOWSsystem32xvidvfw.dll
2010-10-03 14:14:12 —-A—- C:WINDOWSsystem32xvidcore.dll
2010-10-03 14:14:11 —-A—- C:WINDOWSsystem32qt-dx331.dll
2010-10-03 14:14:11 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2010-10-03 14:14:11 —-A—- C:WINDOWSsystem32ff_vfw.dll
2010-10-03 14:14:11 —-A—- C:WINDOWSsystem32dpl100.dll
2010-10-03 14:14:11 —-A—- C:WINDOWSsystem32divx.dll
2010-10-03 14:14:10 —-D—- C:Program FilesK-Lite Codec Pack
2010-10-03 14:14:10 —-D—- C:Documents and SettingsAll UsersApplication DataReal
2010-10-03 14:14:10 —-D—- C:Documents and SettingsAdminApplication DataReal
2010-10-03 14:14:06 —-D—- C:Program FilesThe KMPlayer
2010-10-03 14:13:56 —-HD—- C:Program FilesInstallShield Installation Information
2010-10-03 14:13:56 —-D—- C:Program FilesCommon FilesArsenal Shared
2010-10-03 14:13:56 —-D—- C:Program FilesArsenal Company
2010-10-03 14:13:55 —-D—- C:Program FilesCommon FilesInstallShield
2010-10-03 14:11:56 —-A—- C:WINDOWSODBC.INI
2010-10-03 14:09:58 —-D—- C:WINDOWSSHELLNEW
2010-10-03 14:09:09 —-D—- C:Program FilesMicrosoft Works
2010-10-03 14:09:05 —-D—- C:Program FilesCommon FilesDESIGNER
2010-10-03 14:09:00 —-D—- C:Program FilesMicrosoft.NET
2010-10-03 14:08:08 —-D—- C:Program FilesMicrosoft Office
2010-10-03 14:08:08 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2010-10-03 14:07:58 —-RHD—- C:MSOCache
2010-10-03 14:07:35 —-D—- C:Program FilesFoxit Reader
2010-10-03 14:07:21 —-A—- C:WINDOWSWPI_Log.txt
2010-10-03 14:02:46 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft
2010-10-03 14:02:46 —-ASH—- C:Documents and SettingsAdminApplication Datadesktop.ini
2010-10-03 14:02:40 —-ASH—- C:hiberfil.sys
2010-10-03 14:02:13 —-A—- C:WINDOWSSchedLgU.Txt
2010-10-03 13:59:34 —-D—- C:WINDOWSsystem32xircom
2010-10-03 13:59:34 —-D—- C:Program Filesxerox
2010-10-03 13:59:34 —-D—- C:Program Filesmsn gaming zone
2010-10-03 13:59:34 —-D—- C:Program Filesmicrosoft frontpage
2010-10-03 13:59:27 —-D—- C:Program FilesVistaDriveIcon
2010-10-03 13:59:23 —-A—- C:WINDOWSsystem32driverssptd.sys
2010-10-03 13:59:16 —-RA—- C:WINDOWSdel.bat
2010-10-03 13:59:16 —-A—- C:WINDOWSinnounp.exe
2010-10-03 13:59:14 —-RA—- C:WINDOWSsystem32OEMINFO.CMD
2010-10-03 13:59:14 —-A—- C:WINDOWSsystem32oeminfo.ini
2010-10-03 13:59:12 —-SD—- C:WINDOWSsystem32Microsoft
2010-10-03 13:59:12 —-A—- C:WINDOWSsystem32javaws.exe
2010-10-03 13:59:12 —-A—- C:WINDOWSsystem32javaw.exe
2010-10-03 13:59:12 —-A—- C:WINDOWSsystem32java.exe
2010-10-03 13:58:54 —-D—- C:Program FilesJava
2010-10-03 13:58:54 —-D—- C:Program FilesCommon FilesJava
2010-10-03 13:58:42 —-A—- C:WINDOWSsystem32xinput9_1_0.dll
2010-10-03 13:58:42 —-A—- C:WINDOWSsystem32xinput1_3.dll
2010-10-03 13:58:42 —-A—- C:WINDOWSsystem32xinput1_2.dll
2010-10-03 13:58:42 —-A—- C:WINDOWSsystem32xinput1_1.dll
2010-10-03 13:58:42 —-A—- C:WINDOWSsystem32XAudio2_0.dll
2010-10-03 13:58:42 —-A—- C:WINDOWSsystem32xactengine3_0.dll
2010-10-03 13:58:42 —-A—- C:WINDOWSsystem32xactengine2_9.dll
2010-10-03 13:58:42 —-A—- C:WINDOWSsystem32xactengine2_8.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32xactengine2_7.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32xactengine2_6.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32xactengine2_5.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32xactengine2_4.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32xactengine2_3.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32xactengine2_2.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32xactengine2_10.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32xactengine2_1.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32xactengine2_0.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32X3DAudio1_3.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32x3daudio1_2.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32x3daudio1_1.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32x3daudio1_0.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_37.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_36.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_35.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_34.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_33.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_32.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_31.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_30.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_29.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_28.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_27.dll
2010-10-03 13:58:41 —-A—- C:WINDOWSsystem32d3dx9_26.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dx9_25.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dx9_24.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dx10_37.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dx10_36.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dx10_35.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dx10_34.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dx10_33.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dx10.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32D3DCompiler_37.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dcompiler_36.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dcompiler_35.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dcompiler_34.dll
2010-10-03 13:58:40 —-A—- C:WINDOWSsystem32d3dcompiler_33.dll
2010-10-03 13:57:30 —-RSD—- C:WINDOWSassembly
2010-10-03 13:57:30 —-D—- C:WINDOWSMicrosoft.NET
2010-10-03 13:57:29 —-D—- C:WINDOWSsystem32URTTemp
2010-10-03 13:57:03 —-AD—- C:Program FilesAmlMaple
2010-10-03 13:57:00 —-A—- C:WINDOWSsystem32wrap_oal.dll
2010-10-03 13:57:00 —-A—- C:WINDOWSsystem32wnaspi32.dll
2010-10-03 13:57:00 —-A—- C:WINDOWSsystem32Vbrun300.dll
2010-10-03 13:57:00 —-A—- C:WINDOWSsystem32vbrun200.dll
2010-10-03 13:57:00 —-A—- C:WINDOWSsystem32vbrun100.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32Vb40032.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32Vb40016.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32ssleay32.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32OpenAL32.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32msvcrt10.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32msvcr71.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32msvcr70.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32msvcp71.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MSVCP70.DLL
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32msvci70.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MSSTKPRP.DLL
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32msstdfmt.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MFC71u.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MFC71KOR.DLL
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MFC71JPN.DLL
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MFC71ITA.DLL
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MFC71FRA.DLL
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MFC71ESP.DLL
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MFC71ENU.DLL
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MFC71DEU.DLL
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MFC71CHT.DLL
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MFC71CHS.DLL
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32MFC71.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32mfc70u.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32mfc70kor.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32mfc70jpn.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32mfc70ita.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32mfc70fra.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32mfc70esp.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32mfc70enu.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32mfc70deu.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32mfc70cht.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32mfc70chs.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32mfc70.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32libssl32.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32libeay32.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32atl71.dll
2010-10-03 13:56:59 —-A—- C:WINDOWSsystem32atl70.dll
2010-10-03 13:56:46 —-RASH—- C:MSDOS.SYS
2010-10-03 13:56:46 —-RASH—- C:IO.SYS
2010-10-03 13:56:46 —-A—- C:WINDOWScontrol.ini
2010-10-03 13:56:46 —-A—- C:CONFIG.SYS
2010-10-03 13:56:46 —-A—- C:AUTOEXEC.BAT
2010-10-03 13:56:39 —-A—- C:WINDOWSOEWABLog.txt
2010-10-03 13:56:35 —-A—- C:WINDOWSsystem32mapi32.dll
2010-10-03 13:55:58 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2010-10-03 13:55:55 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2010-10-03 13:55:51 —-HD—- C:Program FilesWindowsUpdate
2010-10-03 13:55:48 —-D—- C:Program FilesOnline Services
2010-10-03 13:55:40 —-A—- C:WINDOWSsystem32atrace.dll
2010-10-03 13:55:39 —-A—- C:WINDOWSsystem32desktop.ini
2010-10-03 13:55:39 —-A—- C:WINDOWSdesktop.ini
2010-10-03 13:55:31 —-A—- C:WINDOWSsystem32acctres.dll
2010-10-03 13:55:30 —-D—- C:Program FilesCommon FilesServices
2010-10-03 13:55:27 —-SD—- C:WINDOWSTasks
2010-10-03 13:55:27 —-A—- C:WINDOWSsystem32icfgnt5.dll
2010-10-03 13:55:26 —-D—- C:Program FilesCommon FilesMSSoap
2010-10-03 13:55:23 —-D—- C:WINDOWSsrchasst
2010-10-03 13:55:22 —-D—- C:WINDOWSsystem32Macromed
2010-10-03 13:55:19 —-A—- C:WINDOWSsystem32wuweb.dll
2010-10-03 13:55:19 —-A—- C:WINDOWSsystem32wups.dll
2010-10-03 13:55:19 —-A—- C:WINDOWSsystem32wucltui.dll
2010-10-03 13:55:19 —-A—- C:WINDOWSsystem32wuauserv.dll
2010-10-03 13:55:19 —-A—- C:WINDOWSsystem32wuaueng1.dll
2010-10-03 13:55:19 —-A—- C:WINDOWSsystem32wuaueng.dll
2010-10-03 13:55:19 —-A—- C:WINDOWSsystem32wuauclt1.exe
2010-10-03 13:55:19 —-A—- C:WINDOWSsystem32wuauclt.exe
2010-10-03 13:55:18 —-A—- C:WINDOWSsystem32wuapi.dll
2010-10-03 13:55:18 —-A—- C:WINDOWSsystem32qmgrprxy.dll
2010-10-03 13:55:18 —-A—- C:WINDOWSsystem32qmgr.dll
2010-10-03 13:55:18 —-A—- C:WINDOWSsystem32bitsprx4.dll
2010-10-03 13:55:18 —-A—- C:WINDOWSsystem32bitsprx3.dll
2010-10-03 13:55:18 —-A—- C:WINDOWSsystem32bitsprx2.dll
2010-10-03 13:55:14 —-D—- C:Program FilesMovie Maker
2010-10-03 13:54:59 —-A—- C:WINDOWSsystem32safrslv.dll
2010-10-03 13:54:59 —-A—- C:WINDOWSsystem32safrdm.dll
2010-10-03 13:54:59 —-A—- C:WINDOWSsystem32safrcdlg.dll
2010-10-03 13:54:59 —-A—- C:WINDOWSsystem32racpldlg.dll
2010-10-03 13:54:55 —-D—- C:WINDOWSsystem32Restore
2010-10-03 13:54:55 —-A—- C:WINDOWSsystem32srsvc.dll
2010-10-03 13:54:55 —-A—- C:WINDOWSsystem32srrstr.dll
2010-10-03 13:54:55 —-A—- C:WINDOWSsystem32srclient.dll
2010-10-03 13:54:55 —-A—- C:WINDOWSsystem32fltMc.exe
2010-10-03 13:54:55 —-A—- C:WINDOWSsystem32fltlib.dll
2010-10-03 13:54:55 —-A—- C:WINDOWSsystem32driversfltMgr.sys
2010-10-03 13:54:54 —-A—- C:WINDOWSsystem32msoert2.dll
2010-10-03 13:54:54 —-A—- C:WINDOWSsystem32msoeacct.dll
2010-10-03 13:54:54 —-A—- C:WINDOWSsystem32driverssr.sys
2010-10-03 13:54:52 —-A—- C:WINDOWSsystem32inetres.dll
2010-10-03 13:54:52 —-A—- C:WINDOWSsystem32inetcomm.dll
2010-10-03 13:54:50 —-D—- C:Program FilesOutlook Express
2010-10-03 13:54:50 —-A—- C:WINDOWSsystem32schedsvc.dll
2010-10-03 13:54:50 —-A—- C:WINDOWSsystem32mstinit.exe
2010-10-03 13:54:50 —-A—- C:WINDOWSsystem32mstask.dll
2010-10-03 13:54:49 —-A—- C:WINDOWSsystem32isign32.dll
2010-10-03 13:54:49 —-A—- C:WINDOWSsystem32inetcfg.dll
2010-10-03 13:54:49 —-A—- C:WINDOWSsystem32icwphbk.dll
2010-10-03 13:54:49 —-A—- C:WINDOWSsystem32icwdial.dll
2010-10-03 13:54:43 —-D—- C:Program FilesCommon FilesSystem
2010-10-03 13:54:15 —-D—- C:Program FilesComPlus Applications
2010-10-03 13:54:14 —-A—- C:WINDOWSvbaddin.ini
2010-10-03 13:54:14 —-A—- C:WINDOWSvb.ini
2010-10-03 13:54:10 —-D—- C:WINDOWSRegistration
2010-10-03 13:53:53 —-D—- C:Program FilesWindows Media Player
2010-10-03 13:53:53 —-D—- C:Program FilesWindows Media Connect 2
2010-10-03 13:53:51 —-A—- C:WINDOWSsystem32wiaaut.dll
2010-10-03 13:53:47 —-D—- C:Program FilesPaint.NET
2010-10-03 13:53:44 —-SD—- C:WINDOWSDownloaded Program Files
2010-10-03 13:53:44 —-RD—- C:WINDOWSOffline Web Pages
2010-10-03 13:53:44 —-A—- C:WINDOWSsystem32winfxdocobj.exe
2010-10-03 13:53:43 —-D—- C:WINDOWSwbem
2010-10-03 13:53:43 —-A—- C:WINDOWSsystem32msfeedssync.exe
2010-10-03 13:53:43 —-A—- C:WINDOWSsystem32msfeedsbs.dll
2010-10-03 13:53:41 —-D—- C:Program FilesInternet Explorer
2010-10-03 13:53:41 —-A—- C:WINDOWSsystem32ieframe.dll.mui
2010-10-03 13:53:40 —-A—- C:WINDOWSsystem32advpack.dll.mui
2010-10-03 13:53:39 —-D—- C:WINDOWSSoftwareDistribution
2010-10-03 13:53:39 —-A—- C:WINDOWSsystem32wul_lng.ini
2010-10-03 13:53:39 —-A—- C:WINDOWSsystem32wul.exe
2010-10-03 13:53:39 —-A—- C:WINDOWSsystem32TweakUI.exe
2010-10-03 13:53:39 —-A—- C:WINDOWSsystem32muweb.dll
2010-10-03 13:53:38 —-A—- C:WINDOWSsystem32gpprefcl.dll
2010-10-03 13:53:37 —-A—- C:WINDOWSsystem32write.exe
2010-10-03 13:53:24 —-A—- C:WINDOWSsystem32sndvol32.exe
2010-10-03 13:53:24 —-A—- C:WINDOWSsystem32hticons.dll
2010-10-03 13:53:23 —-A—- C:WINDOWSsystem32winchat.exe
2010-10-03 13:53:23 —-A—- C:WINDOWSsystem32avwav.dll
2010-10-03 13:53:23 —-A—- C:WINDOWSsystem32avtapi.dll
2010-10-03 13:53:23 —-A—- C:WINDOWSsystem32avmeter.dll
2010-10-03 13:53:14 —-A—- C:WINDOWSsystem32getuname.dll
2010-10-03 13:53:13 —-A—- C:WINDOWSsystem32charmap.exe
2010-10-03 13:53:13 —-A—- C:WINDOWSsystem32calc.exe
2010-10-03 13:53:12 —-A—- C:WINDOWSsystem32winmine.exe
2010-10-03 13:53:12 —-A—- C:WINDOWSsystem32sol.exe
2010-10-03 13:53:12 —-A—- C:WINDOWSsystem32mshearts.exe
2010-10-03 13:53:11 —-A—- C:WINDOWSsystem32usrlogon.cmd
2010-10-03 13:53:11 —-A—- C:WINDOWSsystem32tsshutdn.exe
2010-10-03 13:53:11 —-A—- C:WINDOWSsystem32tslabels.ini
2010-10-03 13:53:11 —-A—- C:WINDOWSsystem32tskill.exe
2010-10-03 13:53:11 —-A—- C:WINDOWSsystem32tsdiscon.exe
2010-10-03 13:53:11 —-A—- C:WINDOWSsystem32tscon.exe
2010-10-03 13:53:11 —-A—- C:WINDOWSsystem32shadow.exe
2010-10-03 13:53:11 —-A—- C:WINDOWSsystem32rwinsta.exe
2010-10-03 13:53:11 —-A—- C:WINDOWSsystem32reset.exe
2010-10-03 13:53:11 —-A—- C:WINDOWSsystem32regini.exe
2010-10-03 13:53:11 —-A—- C:WINDOWSsystem32freecell.exe
2010-10-03 13:53:10 —-A—- C:WINDOWSsystem32rdpcfgex.dll
2010-10-03 13:53:10 —-A—- C:WINDOWSsystem32qwinsta.exe
2010-10-03 13:53:10 —-A—- C:WINDOWSsystem32qappsrv.exe
2010-10-03 13:53:10 —-A—- C:WINDOWSsystem32msg.exe
2010-10-03 13:53:10 —-A—- C:WINDOWSsystem32msdtcprf.ini
2010-10-03 13:53:10 —-A—- C:WINDOWSsystem32logoff.exe
2010-10-03 13:53:10 —-A—- C:WINDOWSsystem32cdmodem.dll
2010-10-03 13:53:05 —-A—- C:WINDOWSsystem32wmimgmt.msc
2010-10-03 13:53:04 —-A—- C:WINDOWSsystem32accwiz.exe
2010-10-03 13:53:03 —-A—- C:WINDOWSsystem32sndrec32.exe
2010-10-03 13:53:03 —-A—- C:WINDOWSsystem32mplay32.exe
2010-10-03 13:53:03 —-A—- C:WINDOWSsystem32hypertrm.dll
2010-10-03 13:53:02 —-D—- C:Program FilesWindows NT
2010-10-03 13:53:02 —-A—- C:WINDOWSsystem32spider.exe
2010-10-03 13:53:02 —-A—- C:WINDOWSsystem32clipbrd.exe
2010-10-03 13:53:01 —-A—- C:WINDOWSsystem32tsgqec.dll
2010-10-03 13:53:01 —-A—- C:WINDOWSsystem32tscfgwmi.dll
2010-10-03 13:53:01 —-A—- C:WINDOWSsystem32rhttpaa.dll
2010-10-03 13:53:01 —-A—- C:WINDOWSsystem32driverstdtcp.sys
2010-10-03 13:53:01 —-A—- C:WINDOWSsystem32driverstdpipe.sys
2010-10-03 13:53:01 —-A—- C:WINDOWSsystem32driversrdpwd.sys
2010-10-03 13:53:01 —-A—- C:WINDOWSsystem32aaclient.dll
2010-10-03 13:53:00 —-A—- C:WINDOWSsystem32mstscax.dll
2010-10-03 13:53:00 —-A—- C:WINDOWSsystem32mstsc.exe
2010-10-03 13:52:59 —-A—- C:WINDOWSsystem32termsrv.dll
2010-10-03 13:52:59 —-A—- C:WINDOWSsystem32sessmgr.exe
2010-10-03 13:52:59 —-A—- C:WINDOWSsystem32remotepg.dll
2010-10-03 13:52:59 —-A—- C:WINDOWSsystem32rdshost.exe
2010-10-03 13:52:59 —-A—- C:WINDOWSsystem32rdsaddin.exe
2010-10-03 13:52:59 —-A—- C:WINDOWSsystem32rdpwsx.dll
2010-10-03 13:52:59 —-A—- C:WINDOWSsystem32rdpsnd.dll
2010-10-03 13:52:59 —-A—- C:WINDOWSsystem32rdpclip.exe
2010-10-03 13:52:59 —-A—- C:WINDOWSsystem32rdchost.dll
2010-10-03 13:52:59 —-A—- C:WINDOWSsystem32qprocess.exe
2010-10-03 13:52:58 —-D—- C:WINDOWSsystem32MsDtc
2010-10-03 13:52:58 —-A—- C:WINDOWSsystem32mtxoci.dll
2010-10-03 13:52:58 —-A—- C:WINDOWSsystem32msdtcuiu.dll
2010-10-03 13:52:58 —-A—- C:WINDOWSsystem32msdtcprx.dll
2010-10-03 13:52:58 —-A—- C:WINDOWSsystem32icaapi.dll
2010-10-03 13:52:58 —-A—- C:WINDOWSsystem32cfgbkend.dll
2010-10-03 13:52:57 —-A—- C:WINDOWSsystem32xolehlp.dll
2010-10-03 13:52:57 —-A—- C:WINDOWSsystem32msdtctm.dll
2010-10-03 13:52:57 —-A—- C:WINDOWSsystem32msdtclog.dll
2010-10-03 13:52:57 —-A—- C:WINDOWSsystem32msdtc.exe
2010-10-03 13:52:56 —-D—- C:WINDOWSsystem32Com
2010-10-03 13:52:56 —-A—- C:WINDOWSsystem32stclient.dll
2010-10-03 13:52:56 —-A—- C:WINDOWSsystem32mtxlegih.dll
2010-10-03 13:52:56 —-A—- C:WINDOWSsystem32mtxex.dll
2010-10-03 13:52:56 —-A—- C:WINDOWSsystem32mtxdm.dll
2010-10-03 13:52:56 —-A—- C:WINDOWSsystem32dcomcnfg.exe
2010-10-03 13:52:56 —-A—- C:WINDOWSsystem32comrepl.dll
2010-10-03 13:52:56 —-A—- C:WINDOWSsystem32comaddin.dll
2010-10-03 13:52:56 —-A—- C:WINDOWSsystem32colbact.dll
2010-10-03 13:52:55 —-A—- C:WINDOWSsystem32comsvcs.dll
2010-10-03 13:52:55 —-A—- C:WINDOWSsystem32clbcatex.dll
2010-10-03 13:52:55 —-A—- C:WINDOWSsystem32catsrvut.dll
2010-10-03 13:52:55 —-A—- C:WINDOWSsystem32catsrvps.dll
2010-10-03 13:52:55 —-A—- C:WINDOWSsystem32catsrv.dll
2010-10-03 13:52:54 —-A—- C:WINDOWSsystem32comuid.dll
2010-10-03 13:52:54 —-A—- C:WINDOWSsystem32comsnap.dll
2010-10-03 13:52:54 —-A—- C:WINDOWSsystem32clbcatq.dll
2010-10-03 13:52:49 —-A—- C:WINDOWSsystem32servdeps.dll
2010-10-03 13:52:49 —-A—- C:WINDOWSsystem32mmfutil.dll
2010-10-03 13:52:48 —-A—- C:WINDOWSsystem32licwmi.dll
2010-10-03 13:52:48 —-A—- C:WINDOWSsystem32cmprops.dll
2010-10-03 13:52:43 —-A—- C:WINDOWSsystem32driversrdpdr.sys
2010-10-03 13:52:42 —-A—- C:WINDOWSsystem32driverstermdd.sys======List of files/folders modified in the last 1 months======
2010-10-03 16:29:13 —-A—- C:WINDOWSwin.ini
2010-10-03 16:29:13 —-A—- C:WINDOWSsystem.ini
2010-10-03 13:56:24 —-ASH—- C:WINDOWSfontsdesktop.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 imagedrv;imagedrv; C:WINDOWSSystem32Driversimagedrv.sys [2005-08-15 5888]
R0 imagesrv;imagesrv; C:WINDOWSsystem32DRIVERSimagesrv.sys [2005-08-15 127488]
R0 ohci1394;Texas Instruments OHCI-совместимый IEEE 1394 хост-контроллер; C:WINDOWSsystem32DRIVERSohci1394.sys [2008-04-15 61696]
R0 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2010-10-03 717296]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 mfetdik;McAfee Inc.; C:WINDOWSsystem32driversmfetdik.sys [2006-11-29 52136]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-05-21 8832]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-09-19 4617728]
R3 mfeapfk;McAfee Inc.; C:WINDOWSsystem32driversmfeapfk.sys [2006-11-29 64360]
R3 mfeavfk;McAfee Inc.; C:WINDOWSsystem32driversmfeavfk.sys [2006-11-29 72264]
R3 mfebopk;McAfee Inc.; C:WINDOWSsystem32driversmfebopk.sys [2006-11-29 34152]
R3 mfehidk;McAfee Inc.; C:WINDOWSsystem32driversmfehidk.sys [2006-11-29 168776]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-03-24 6547872]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:WINDOWSsystem32driversnvhda32.sys [2007-11-10 29728]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2007-09-20 22016]
R3 wanusb;D-Link DSL-200 USB ADSL WAN Modem; C:WINDOWSsystem32DRIVERSgwausb.sys [2005-09-22 158592]
S3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-05-20 60800]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-05-20 17024]
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-05-20 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-05-20 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-05-20 10880]
S3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-05-20 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2007-09-20 53632]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-05-20 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-05-20 15232]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-05-20 60032]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-05-20 32384]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-05-20 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-05-20 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver; C:WINDOWSsystem32driversUsbMicfilt.sys [2010-01-23 22571]
S3 ZSMC302;D-Link DSB-C320; C:WINDOWSSystem32Driversusbvm302.sys [2005-01-13 195263]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Guard.Mail.ru;Guard.Mail.ru; C:Program FilesMail.RuGuardGuardMailRu.exe [2010-10-03 974528]
R2 McAfeeFramework;McAfee Framework Service; C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:Program FilesMcAfeeVirusScan EnterpriseMcshield.exe [2006-11-29 144960]
R2 McTaskManager;McAfee Task Manager; C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe [2006-11-29 54872]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-03-24 155716]
S2 gupdate;Google Update Service (gupdate); C:Program FilesGoogleUpdateGoogleUpdate.exe [2010-10-03 136176]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2006-07-31 720896]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]Решил переустановить Windows, предварительно хорошенько все почистив.
Прошу проверить, не осталось ли чего…
Логи RSIT:
log.txt:И еще меня волнует процесс: VsTskMgr.exe, все ли с ним в порядке и нужен ли он вообще…
Attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 11.07.2006 12:40:28
System Uptime: 10.02.2010 18:58:24 (5617 hours ago)Motherboard: Gigabyte Technology Co., Ltd. | | GA-73PVM-S2H
Processor: Процессор Intel Pentium III Xeon | Socket 775 | 2833/333mhz==== Disk Partitions =========================
C: is FIXED (NTFS) — 47 GiB total, 28,646 GiB free.
D: is FIXED (NTFS) — 186 GiB total, 62,813 GiB free.
E: is CDROM ()
G: is CDROM ()
H: is FIXED (NTFS) — 932 GiB total, 568,976 GiB free.==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Сетевой адаптер 1394
Device ID: V1394NIC13941D7DDC3C32
Manufacturer: Microsoft
Name: Сетевой адаптер 1394
PNP Device ID: V1394NIC13941D7DDC3C32
Service: NIC1394Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}NVNET_DEV07DC4&31C3B0D8&1&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}NVNET_DEV07DC4&31C3B0D8&1&00
Service: NVENETFD==== System Restore Points ===================
RP1: 02.10.2010 18:33:09 — Системная контрольная точка
==== Installed Programs ======================
Архиватор WinRAR
Исправление для Windows Internet Explorer 7 (KB947864)
Исправление для Windows Media Format 11 SDK (KB939209)
Исправление для Windows Media Player 11 (KB941282)
Исправление для Windows XP (KB945436)
Исправление для Windows XP (KB948101-v3)
Исправление для Windows XP (KB948277)
Исправление для Windows XP (KB949033)
Исправление для Windows XP (KB949127-v2)
Исправление для Windows XP (KB949764)
Исправление для Windows XP (KB949900)
Исправление для Windows XP (KB950162)
Исправление для Windows XP (KB950616)
Исправление для Windows XP (KB951126)
Исправление для Windows XP (KB951312)
Исправление для Windows XP (KB951624)
Исправление для Windows XP (KB952117-v2)
Исправление для Windows XP (KB952287)
Исправление для проигрывателя Windows Media 11 — (KB939683)
Мастер Открыток 2.95
Герои меча и магии IV Грядущая буря
µTorrent
Сократ Персональный 4.1
Баня от А до Я
ШТАМП 1.3.R
Обновление безопасности для Windows XP — (KB941569)
Обновление для Windows XP (KB942763)
Обновление для Windows XP (KB943729)
3Planesoft Screensaver Manager 1.1
7-Zip 4.57
ABBYY FineReader 9.0 Professional Edition
ABBYY Lingvo 11 Six Languages
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color — Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 6.0
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
ADSL-модем ZyXEL P-630S EE
AiO_Scan_CDA
AiOSoftwareNPI
AmlMaple
AOM — Titans
ArcSoft WebCam Companion
Avanquest update
Beasts and Bumpkins
BeeOnLine-Express 2.08
Blur
BufferChm
CorelDRAW Graphics Suite X3
CPU-Z and GPU-Z
CRYSIS
CustomerResearchQFolder
D-Link DSB-C320
D-Link DSL-200 ADSL Modem
Destinations
DeviceManagementQFolder
Dora The Explorer Lost City Adventure
Dream Render 2.20
Earth 3D Screensaver 1.0
EasyRecovery Professional
EAX Unified
eSupportQFolder
F300
F300_Help
FAR file manager
Fax_CDA
Flash Player Pro
FREE Music Downloader 1.0.3.4
Google Планета Земля
Google Update Helper
Heroes of Might and Magic IV
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Java(TM) 6 Update 6
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 3.9.0
Kaspersky Online Scanner
L&H TTS3000 Deutsch
L&H TTS3000 Espaсol
L&H TTS3000 Franзais
L&H TTS3000 Italiano
L&H TTS3000 Russian
Lernout & Hauspie TruVoice American English TTS Engine
Lineage II
Mail.Ru Агент 5.6 (сборка 3278, для всех пользователей)
MarketResearch
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Russian Language Pack
Microsoft .NET Framework 2.0 Language Pack — RUS
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Excel 2007
Microsoft Office Excel MUI (Russian) 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (Russian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Ukrainian) 2007
Microsoft Office Proofing (Russian) 2007
Microsoft Office Shared MUI (Russian) 2007
Microsoft Office Visio Профессиональный 2007
Microsoft Office Visio MUI (Russian) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (Russian) 2007
Microsoft Software Update for Web Folders (Russian) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
MMetro v.2.20.3
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB925673)
Nano 1.1.2
Nero 7 Premium
NewCopy_CDA
NVIDIA Drivers
NVIDIA PhysX
OpenMPT 1.18
Opera 10.60
OperaAC
Paint.NET v3.31
PDF Settings
Prince of Persia
Prince of Persia — The Forgotten Sands
Prince of Persia T2T
ProductContextNPI
PROMT Professional 8 Giant Try-Buy
PunkBuster Services
Punto Switcher 2.95
QIP 2005 8095
QIP 2005 Uninstall
QIP Infium 2.0.9020 RC3
Readme
Realtek High Definition Audio Driver
RU
Scan
ScannerCopy
Skype
Skype™ 4.2
SoftV92 Voice Modem with SmartCP
SolutionCenter
Sony Ericsson PC Suite 4.010.00
Spybot — Search & Destroy
StarCraft 2
Status
TeamSpeak 2 RC2
TeamSpeak 3 Client
The Bat!
The KMPlayer
The Neverhood
Toolbox
Total Commander
TrayApp
Update Service
VBA
Vista Drive Icon
Warcraft III: All Products
Web-сайт своими руками
WebFldrs XP
WebMoney Agent
WebMoney Keeper Classic 3.9.2.1
WebReg
Winamp
Windows Communication Foundation
Windows Genuine Advantage Validation Tool (KB892130)
Windows Presentation Foundation
Windows Workflow Foundation
XML Paper Specification Shared Components Pack 1.0
Yahoo! Companion
Yahoo! Install Manager
еда выполнения Visual Studio 2005 Tools for Office, второй выпуск==== End Of File ===========================
да, и не раз…
эх, ладно, раз столько диагностик говорят что чисто, пусть остается все как есть… до ближайшей полной переустановки винды(там стоит ХР home, он продавался с ним, с начало не решил менять винду, думал с этой проще и побыстрее будет работать)…
все равно спасибо большое за помощь Valeri!ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/20 10:58
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================Drivers
Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xA9FD2000 Size: 98304 File Visible: No Signed: —
Status: —Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xF7B5F000 Size: 8192 File Visible: No Signed: —
Status: —Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xA921C000 Size: 49152 File Visible: No Signed: —
Status: —Hidden/Locked Files
Path: C:hiberfil.sys
Status: Locked to the Windows API!Path: C:autorun.inflpt3.This folder was created by Flash_Disinfector
Status: Locked to the Windows API!Path: c:windowstempwfv2.tmp
Status: Allocation size mismatch (API: 50069504, Raw: 37486592)==EOF==
Вы знаете, мой антивирус макафи, как только видит комбофикс, не важно, находится ли тот в активном состоянии или просто при клике на комбофикс, сразу его удаляет, видит его как «радмин тулс», это еще по прошлым опытам мне знакомо, поэтому я отключил свой антивирус совсем, т.е. и при следующих загрузках он не активен…, так вот, после работы комбофикса, сообщение от винды выходит, но уже как положено, что мой антивирус отключен, а про брандмауэр уже ничего не выскакивает, но я решил дождатся вашего ответа, и поэтому особо нечего на нетбуке не делал и антивирус там постоянно отключен…
Сейчас удалю комбофикс(все по правилам), включу антивирус и сделаю полноценную загрузку винды…
Сделал
проблема осталась
может быть корректная работа антивируса и брандмауэра была нарушена вирусом или спайвеем или еще чем то, но в последствии он был найден и удален, раз логи ничего не показывают, а последствия того «заражения» остались, как шрам и теперь наверное только переустановка системы поможет 🙁Извиняюсь, что так долго не отвечал, были проблемы с инетом по вине провайдера…
Лог файл от Combofix:ComboFix 09-07-09.08 — Admin 2009-07-11 10:58.2.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.1014.644 [GMT 4:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesMail.RuAgentMradllnewmrasearch.dll
c:windowsmsetup.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.2009-07-05 08:44 . 2009-07-05 08:44
d
w- c:program filestrend micro
2009-07-05 08:44 . 2009-07-05 08:44
d
w- C:rsit
2009-06-29 18:49 . 2009-06-29 18:49
d-sh—w- c:documents and settingsAdminIECompatCache
2009-06-28 19:21 . 2009-06-28 19:21
d
w- c:documents and settingsAdminApplication DataMedia Player Classic
2009-06-28 17:40 . 2007-09-04 16:56 164352 —-a-w- c:windowssystem32unrar.dll
2009-06-28 17:40 . 2004-01-25 16:18 217088 —-a-w- c:windowssystem32yv12vfw.dll
2009-06-28 17:39 . 2008-03-21 20:30 3596288 —-a-w- c:windowssystem32qt-dx331.dll
2009-06-28 17:39 . 2008-03-21 20:28 81920 —-a-w- c:windowssystem32dpl100.dll
2009-06-28 17:39 . 2008-03-28 17:41 7680 —-a-w- c:windowssystem32ff_vfw.dll
2009-06-28 17:39 . 2009-06-28 17:39
d
w- c:documents and settingsAdminLocal SettingsApplication DataReal.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 19:18 . 2009-01-23 17:52
d
w- c:program filesOperaAC
2009-06-28 17:40 . 2009-01-14 17:25
d
w- c:program filesK-Lite Codec Pack
2009-05-25 03:39 . 2009-02-05 20:09
d
w- c:documents and settingsAdminApplication DatauTorrent
2009-05-13 05:05 . 2008-10-28 22:57 915456 —-a-w- c:windowssystem32wininet.dll
2009-05-10 21:51 . 2008-10-28 22:58 49750 —-a-w- c:windowssystem32perfc019.dat
2009-05-10 21:51 . 2008-10-28 22:58 346690 —-a-w- c:windowssystem32perfh019.dat
2009-05-07 15:33 . 2008-10-28 22:57 346624 —-a-w- c:windowssystem32localspl.dll
2009-04-22 13:00 . 2009-04-02 11:19 10 —-a-w- c:windowspopcinfo.dat
2009-04-19 19:51 . 2008-10-28 22:57 1847296 —-a-w- c:windowssystem32win32k.sys
2009-04-15 14:53 . 2008-10-28 22:57 585216 —-a-w- c:windowssystem32rpcrt4.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2007-11-14 201728]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe» [2008-07-02 393216][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«EDS»=»c:program filesSamsungSamsung EDSEDSAgent.exe» [2007-12-20 659456]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2008-08-28 1044480]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«DMHotKey»=»c:program filesSamsungEasy Display ManagerDMLoader.exe» [2006-12-27 466944]
«BatteryManager»=»c:program filesSamsungSamsung Battery ManagerBatteryManager.exe» [2008-10-07 2768896]
«MagicKeyboard»=»c:program filesSAMSUNGMagicKBDPreMKBD.exe» [2006-05-14 151552]
«SUPBackGround»=»c:program filesSamsungSamsung Update PlusSUPBackGround.exe» [2008-10-27 298664]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-04-18 6210744]
«ShStatEXE»=»c:program filesMcAfeeVirusScan EnterpriseSHSTAT.EXE» [2006-11-29 112216]
«McAfeeUpdaterUI»=»c:program filesMcAfeeCommon FrameworkUdaterUI.exe» [2006-11-17 136768]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.EXE [2008-08-26 16851456][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BTTray.lnk — c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2007-4-1 568176][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\WINDOWS\system32\dplaysvr.exe»=
«d:\Games\cs\hl.exe»=
«c:\Program Files\OperaAC\Opera.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Mail.Ru\Agent\magent.exe»=
«c:\Program Files\McAfee\Common Framework\FrameworkService.exe»=R2 DOSMEMIO;MEMIO;c:windowssystem32MEMIO.SYS [2008-10-29 4300]
R2 SNM WLAN Service;SNM WLAN Service;c:program filesSamsungSamsung Network ManagerSNMWLANService.exe [2006-10-30 36864]
R3 DNSeFilter;DNSeFilter;c:windowssystem32driversSamsungEDS.SYS [2008-01-14 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:windowssystem32driversVMC326.sys [2008-10-29 238464]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:windowssystem32driverss0016bus.sys [2009-04-12 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:windowssystem32driverss0016mdfl.sys [2009-04-12 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:windowssystem32driverss0016mdm.sys [2009-04-12 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:windowssystem32driverss0016mgmt.sys [2009-04-12 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:windowssystem32driverss0016nd5.sys [2009-04-12 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:windowssystem32driverss0016obex.sys [2009-04-12 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:windowssystem32driverss0016unic.sys [2009-04-12 115752]
S3 SUEPD;SUE NDIS Protocol Driver;c:windowssystem32driversSUE_PD.sys [2006-10-30 19840][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Отправить на устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 11:03
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(696)
c:windowssystem32CLBCATQ.DLL
.
Completion time: 2009-07-11 11:05
ComboFix-quarantined-files.txt 2009-07-11 07:05
ComboFix2.txt 2009-07-03 08:28Pre-Run: 67,174,010,880 байт свободно
Post-Run: 67,160,023,040 байт свободно121 — E O F — 2009-06-10 19:40
Извените за ложную тревогу, впредь буду операться на более серьезные факты 😉 … еще раз спасибо 🙂
Предыдущую операцию сделал, хотя и нет больше стабильного медленного качания, но хотелось бы довести дело до конца 🙄 и я сделал логи RSIT, пожалуйста проверьте:
log.txt:
Logfile of random’s system information tool 1.04 (written by random/random)
Run by Admin at 2008-11-24 17:48:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (70%) free of 48 GB
Total RAM: 2046 MB (75% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:20, on 24.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe
C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe
C:WINDOWSExplorer.EXE
C:Program FilesMcAfeeVirusScan EnterpriseMcshield.exe
C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMcAfeeCommon FrameworkUdaterUI.exe
C:Program FilesMcAfeeCommon FrameworkMcTray.exe
C:Program FilesD-LinkDSL-200dslstat.exe
C:Program FilesD-LinkDSL-200dslagent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSpybot — Search & DestroyTeaTimer.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program FilesTrend MicroHijackThisAdmin.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Yahoo! Companion BHO — {02478D38-C3F9-4efb-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_2_0.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_06binssv.dll
O2 — BHO: scriptproxy — {7DB2D5A0-7241-4E79-B68D-6309F01C5231} — C:Program FilesMcAfeeVirusScan Enterprisescriptcl.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O3 — Toolbar: &Yahoo! Companion — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_2_0.dll
O3 — Toolbar: PROMT — {892E81F6-EC63-4d13-8422-835A7A05D6EB} — C:Program FilesPRMT8PRMTIEprmtie.dll
O4 — HKLM..Run: [ShStatEXE] «C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE» /STANDALONE
O4 — HKLM..Run: [McAfeeUpdaterUI] «C:Program FilesMcAfeeCommon FrameworkUdaterUI.exe» /StartedFromRunKey
O4 — HKLM..Run: [DSLSTATEXE] C:Program FilesD-LinkDSL-200dslstat.exe icon
O4 — HKLM..Run: [DSLAGENTEXE] C:Program FilesD-LinkDSL-200dslagent.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentmagent.exe -LM
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: Start HASP-Emu.lnk = C:Program FilesSableWINNTstartnt.bat
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Online-словари — C:Program FilesPRMT8PRMTIEoda.htm
O8 — Extra context menu item: Автоматически определить шаблон тематики — C:Program FilesPRMT8PRMTIEaot.htm
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Настроить параметры перевода — C:Program FilesPRMT8PRMTIEoptions.htm
O8 — Extra context menu item: Незнакомые слова — C:Program FilesPRMT8PRMTIEinfopanel.htm
O8 — Extra context menu item: Открыть словарную статью — C:Program FilesPRMT8PRMTIEaddentry.htm
O8 — Extra context menu item: Перевести — C:Program FilesPRMT8PRMTIEtranslat.htm
O8 — Extra context menu item: Перевести страницу — C:Program FilesPRMT8PRMTIEpage.htm
O8 — Extra context menu item: Поиск в Интернете — C:Program FilesPRMT8PRMTIEsearch.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_06binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_06binssv.dll
O9 — Extra button: (no name) — {4034D172-4C52-49de-A6A1-E75F8F591FEC} — C:Program FilesPRMT8PRMTIEoptions.htm
O9 — Extra ‘Tools’ menuitem: Настроить параметры перевода — {4034D172-4C52-49de-A6A1-E75F8F591FEC} — C:Program FilesPRMT8PRMTIEoptions.htm
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} — C:Program FilesPRMT8PRMTIEprmtie5.htm
O9 — Extra ‘Tools’ menuitem: Перевести — {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} — C:Program FilesPRMT8PRMTIEprmtie5.htm
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: (no name) — Cmdmapping — (no file) (HKCU)
O16 — DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) — http://www.kaspersky.com/kos/russian/partner/rus/kavwebscan_unicode.cab
O16 — DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) — C:Program FilesYahoo!CommonYinsthelper.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: McAfee Framework Service (McAfeeFramework) — McAfee, Inc. — C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe
O23 — Service: McAfee McShield (McShield) — McAfee, Inc. — C:Program FilesMcAfeeVirusScan EnterpriseMcshield.exe
O23 — Service: McAfee Task Manager (McTaskManager) — McAfee, Inc. — C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10086 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_2_0.dll [2005-04-22 328275][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-05-15 50376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2008-07-07 1562448][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_06binssv.dll [2008-03-25 509328][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy — C:Program FilesMcAfeeVirusScan Enterprisescriptcl.dll [2006-11-29 67136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — &Yahoo! Companion — C:Program FilesYahoo!CompanionInstallscpnycomp5_6_2_0.dll [2005-04-22 328275]
{892E81F6-EC63-4d13-8422-835A7A05D6EB} — PROMT — C:Program FilesPRMT8PRMTIEprmtie.dll [2007-03-21 749568][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«ShStatEXE»=C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE [2006-11-29 112216]
«McAfeeUpdaterUI»=C:Program FilesMcAfeeCommon FrameworkUdaterUI.exe [2006-11-17 136768]
«DSLSTATEXE»=C:Program FilesD-LinkDSL-200dslstat.exe [2005-12-12 344064]
«DSLAGENTEXE»=C:Program FilesD-LinkDSL-200dslagent.exe [2005-08-25 65536]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-03-24 13524992]
«nwiz»=nwiz.exe /install []
«MAgent»=C:Program FilesMail.RuAgentmagent.exe [2008-10-21 4417016][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-05-20 30208]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2008-08-18 1832272][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
C:WINDOWSALCMTR.EXE [2005-05-03 69632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAmlMaple]
C:Program FilesAmlMapleAmlMaple.exe [2008-04-25 91648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2006-04-21 94208][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBigDogPath]
C:WINDOWSVM_STI.EXE [2004-06-09 40960][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
C:WINDOWSsystem32ctfmon.exe [2008-05-20 30208][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2006-02-19 49152][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKillCopy]
C:WINDOWSsystem32killcopy.exe [2006-10-29 1185792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
C:Program FilesMail.RuAgentMAgent.exe [2008-10-21 4417016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSsystem32NvCpl.dll [2008-03-24 13524992][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSsystem32NvMcTray.dll [2008-03-24 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
C:WINDOWSRTHDCPL.EXE [2007-09-19 16844800][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVistaIcon]
C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^HP Digital Imaging Monitor.lnk]
C:PROGRA~1HPDIGITA~1binhpqtra08.exe [2006-02-19 288472]C:Documents and SettingsAdminГлавное менюПрограммыАвтозагрузка
Start HASP-Emu.lnk — C:Program FilesSableWINNTstartnt.bat[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1
«NoDrives»=0
«NoDriveAutoRun»=FFFFFFFF
«NoDriveTypeAutoRun»=36[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe»=»C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe:*:Enabled:McAfee Framework Service»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesHPDigital Imagingbinhpqtra08.exe»=»C:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe»
«C:Program FilesHPDigital Imagingbinhpqste08.exe»=»C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:Program FilesHPDigital Imagingbinhpofxm08.exe»=»C:Program FilesHPDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe»
«C:Program FilesHPDigital Imagingbinhposfx08.exe»=»C:Program FilesHPDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe»
«C:Program FilesHPDigital Imagingbinhposid01.exe»=»C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:Program FilesHPDigital Imagingbinhpqscnvw.exe»=»C:Program FilesHPDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe»
«C:Program FilesHPDigital Imagingbinhpqkygrp.exe»=»C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:Program FilesHPDigital ImagingbinhpqCopy.exe»=»C:Program FilesHPDigital ImagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe»
«C:Program FilesHPDigital Imagingbinhpfccopy.exe»=»C:Program FilesHPDigital Imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe»
«C:Program FilesHPDigital Imagingbinhpzwiz01.exe»=»C:Program FilesHPDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe»
«C:Program FilesHPDigital Imagingbinhpoews01.exe»=»C:Program FilesHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe»
«C:Program FilesHPDigital Imagingbinhpqnrs08.exe»=»C:Program FilesHPDigital Imagingbinhpqnrs08.exe:*:Enabled:hpqnrs08.exe»
«C:WINDOWSsystem32dpvsetup.exe»=»C:WINDOWSsystem32dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test»
«C:Program FilesMail.RuAgentmagent.exe»=»C:Program FilesMail.RuAgentmagent.exe:*:Enabled:Mail.Ru Агент»
«G:GamesValvehl.exe»=»G:GamesValvehl.exe:*:Enabled:Half-Life Launcher»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2008-11-24 17:48:12 —-D—- C:rsit
2008-11-20 16:18:07 —-HD—- C:WINDOWSPIF
2008-10-30 02:05:35 —-SHD—- C:RECYCLER
2008-10-29 11:17:38 —-D—- C:WINDOWStemp
2008-10-29 11:17:37 —-A—- C:ComboFix.txt
2008-10-29 01:44:51 —-D—- C:Program FilesSable
2008-10-29 01:10:28 —-D—- C:Program Files1Cv77
2008-10-29 01:10:12 —-A—- C:WINDOWSunin0419.exe======List of files/folders modified in the last 1 months======
2008-11-24 17:44:50 —-A—- C:WINDOWSSchedLgU.Txt
2008-11-24 17:43:10 —-D—- C:WINDOWSsystem32
2008-11-24 17:43:10 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-11-24 13:30:32 —-A—- C:WINDOWSNeroDigital.ini
2008-11-24 12:35:41 —-D—- C:WINDOWSsystem32CatRoot2
2008-11-23 23:16:25 —-D—- C:Program FilesFREE Music Downloader
2008-11-23 23:00:48 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2008-11-23 21:37:57 —-D—- C:Documents and SettingsAdminApplication DataSkype
2008-11-23 21:34:54 —-D—- C:Documents and SettingsAdminApplication DataskypePM
2008-11-21 19:50:44 —-D—- C:QUARANTINE
2008-11-20 20:29:33 —-D—- C:Documents and SettingsAdminApplication DataMra
2008-11-20 16:18:07 —-D—- C:WINDOWS
2008-11-18 20:24:06 —-SHD—- C:WINDOWSInstaller
2008-11-18 20:24:06 —-HD—- C:Config.Msi
2008-11-17 15:09:35 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2008-11-06 19:01:57 —-D—- C:WINDOWSsystem32drivers
2008-11-06 18:56:56 —-HD—- C:Program FilesInstallShield Installation Information
2008-10-29 11:22:47 —-SHD—- C:System Volume Information
2008-10-29 11:22:47 —-D—- C:WINDOWSsystem32Restore
2008-10-29 11:19:18 —-D—- C:WINDOWSerdnt
2008-10-29 11:16:26 —-A—- C:WINDOWSsystem.ini
2008-10-29 01:44:51 —-RD—- C:Program Files
2008-10-27 23:13:24 —-D—- C:Program FilesBeeOnLine-Express 2.0======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 mferkdk;VSCore mferkdk; ??C:Program FilesMcAfeeVirusScan Enterprisemferkdk.sys []
R1 mfetdik;McAfee Inc.; C:WINDOWSsystem32driversmfetdik.sys [2006-11-29 52136]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-05-21 8832]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2003-04-09 11043]
R3 Afc;PPdus ASPI Shell; C:WINDOWSsystem32driversAfc.sys [2005-02-23 11776]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-05-20 60800]
R3 HASPNT;HaspNT; ??C:WINDOWSsystem32driversHaspNT.sys []
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-09-19 4617728]
R3 mfeapfk;McAfee Inc.; C:WINDOWSsystem32driversmfeapfk.sys [2006-11-29 64360]
R3 mfeavfk;McAfee Inc.; C:WINDOWSsystem32driversmfeavfk.sys [2006-11-29 72264]
R3 mfebopk;McAfee Inc.; C:WINDOWSsystem32driversmfebopk.sys [2006-11-29 34152]
R3 mfehidk;McAfee Inc.; C:WINDOWSsystem32driversmfehidk.sys [2006-11-29 168776]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-05-20 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-03-24 6547872]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:WINDOWSsystem32driversnvhda32.sys [2007-11-10 29728]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2007-09-20 22016]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-05-20 30336]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-05-20 17152]
R3 wanusb;D-Link DSL-200 USB ADSL WAN Modem; C:WINDOWSsystem32DRIVERSgwausb.sys [2005-09-22 158592]
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-07-09 16384]
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2006-04-12 21568]
S3 HSF_DP;HSF_DP; C:WINDOWSsystem32DRIVERSHSF_DP.sys [2004-02-25 1041536]
S3 HSFHWCD2;HSFHWCD2; C:WINDOWSsystem32DRIVERSHSFHWCD2.sys [2004-02-25 201728]
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-07-09 10112]
S3 npkcrypt;npkcrypt; ??D:GamesLineage II_1st_Throne_HellboundLineage IIsystemnpkcrypt.sys []
S3 npkycryp;npkycryp; ??D:GamesLineage II_1st_Throne_HellboundLineage IIsystemnpkycryp.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2007-09-20 53632]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-07-09 14976]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-05-20 60032]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-05-20 32384]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-05-20 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-05-20 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-05-20 26368]
S3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSF_CNXT.sys [2004-02-25 682624]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver; C:WINDOWSsystem32driversUsbMicfilt.sys [2002-05-14 22571]
S3 ZSMC302;D-Link DSB-C320; C:WINDOWSSystem32Driversusbvm302.sys [2005-01-13 195263]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service; C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe [2007-11-02 566560]
R2 McAfeeFramework;McAfee Framework Service; C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:Program FilesMcAfeeVirusScan EnterpriseMcshield.exe [2006-11-29 144960]
R2 McTaskManager;McAfee Task Manager; C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe [2006-11-29 54872]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-03-24 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2006-07-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-10-05 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
info.txt:
info.txt logfile of random’s system information tool 1.04 2008-11-24 17:48:21======Uninstall list======
«1С:Предприятие. Бухгалтерский учет» 7.7 (сетевая версия)—>C:WINDOWSUNIN0419.EXE -f»C:Program Files1Cv77DeIsL1.isu» account -c»C:Program Files1Cv77BINuninst.dll
—>C:Program FilesNeroNero 7nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {C5060182-C90D-4314-9AE9-5C0DCF8FD1EF}
—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {00E877D5-CDF8-4DDC-9AE0-E541B4BB6487}
—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {3520B304-0EF8-475D-8C52-47ABCCC75FC6}
—>msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5C395839-FBA5-49C5-923A-787665D5E128}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
3Planesoft Screensaver Manager 1.1—>»C:Program Files3Planesoft Screensaver Managerunins000.exe»
7-Zip 4.57—>»C:Program Files7-ZipUninstall.exe»
ABBYY FineReader 9.0 Professional Edition—>MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 6.0—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AmlMaple—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFAmlMaple.inf,Uninstall
ArcSoft WebCam Companion—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{BCCC3103-466C-41FA-A162-79E0CC7E9337}Setup.exe» -l0x9
BeeOnLine-Express 2.08—>»C:Program FilesBeeOnLine-Express 2.0unins000.exe»
CorelDRAW Graphics Suite X3—>MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
CPU-Z and GPU-Z—>C:Program FilesCPU-ZUninstall.exe
D-Link DSB-C320—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�700Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3AD5EF4D-713C-46EC-8E3B-9BB29AB2168E}setup.exe» -l0x9
D-Link DSL-200 ADSL Modem—>C:Program FilesD-LinkDSL-200uninstall.exe
Download Master 5.5.3.1131—>»C:Program FilesDownload Masterunins000.exe»
Earth 3D Screensaver 1.0—>»C:Program FilesEarth 3D Screensaverunins000.exe»
EasyRecovery Professional—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1033
EAX Unified—>C:WINDOWSIsUninst.exe -f»C:Program FilesCreativeEAX UnifiedUninst.isu»
FAR file manager—>C:Program FilesFarUninstall.exe
Flash Player Pro—>C:Program FilesFlash Player ProUninstall.exe
FREE Music Downloader 1.0.3.4—>C:Program FilesFREE Music DownloaderUninstall.exe
Google Earth—>MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTA ]I[—>D:GamesGTA_I_~1UNWISE.EXE D:GamesGTA_I_~1INSTALL.LOG
HijackThis 2.0.2—>»C:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
HP Customer Participation Program 7.0—>C:Program FilesHPDigital ImagingExtCapUninstallhpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0—>C:Program FilesHPDigital ImagingDeviceManagementhpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential—>MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A—>C:Program FilesHPDigital Imaging{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}setuphpzscr01.exe -datfile hposcr11.dat
HP Software Update—>MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0—>C:Program FilesHPDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat
Java(TM) 6 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kaspersky Online Scanner—>C:WINDOWSsystem32Kaspersky LabKaspersky Online Scannerkavuninstall.exe
K-Lite Mega Codec Pack 3.9.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
L&H TTS3000 Deutsch—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSGED.inf, Uninstall
L&H TTS3000 Espaсol—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSSPE.inf, Uninstall
L&H TTS3000 Franзais—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSFRF.inf, Uninstall
L&H TTS3000 Italiano—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSITI.inf, Uninstall
L&H TTS3000 Russian—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFLHTTSRUR.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFtv_enua.inf, Uninstall
Lineage II—>C:Program FilesInstallShield Installation Information{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}setup.exe -runfromtemp -l0x0009 -removeonly
Mail.Ru Агент 5.2 (сборка 2405, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
McAfee AntiSpyware Enterprise Module—>»C:Program FilesMcAfeeVirusScan Enterprisescan32.exe» /UninstallMAS
McAfee VirusScan Enterprise—>MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Excel 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office Excel 2007—>MsiExec.exe /X{90120000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall POWERPOINT /dll OSETUP.DLL
Microsoft Office PowerPoint 2007—>MsiExec.exe /X{90120000-0018-0000-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Visio MUI (Russian) 2007—>MsiExec.exe /X{90120000-0054-0419-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007—>MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visio Профессиональный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Word 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007—>MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Visual Studio 2005 Tools for Office Runtime—>MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
MMetro v.2.20.3—>»C:Program FilesMMetroUninstall.exe» «C:Program FilesMMetroinstall.log»
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB925673)—>MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Need for Speed Carbon—>»D:GamesNeed for Speed Carbonunins000.exe»
Nero 7 Premium—>MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1049}
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
Opera 9.51—>MsiExec.exe /X{179624B1-2683-45ED-965A-B72189EB5820}
OperaAC—>C:Program FilesOperaACUninstall.exe
Paint.NET v3.31—>rundll32.exe advpack.dll,LaunchINFSection PaintDN.inf,Uninstall
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PROMT Professional 8 Giant Try-Buy—>MsiExec.exe /I{04F4FE29-515E-4B5B-9CF9-2DAB1065FBE1}
Punto Switcher 2.95—>»C:Program FilesPunto Switcherunins000.exe»
QIP 2005 Uninstall—>»C:Program FilesQIPunqip.exe»
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}SETUP.EXE» -l0x19 -removeonly
RU—>MsiExec.exe /I{01AE68B4-C785-4865-BC7E-78456372BB75}
Sable Universal Patcher—>C:PROGRA~1SableUNWISE.EXE C:PROGRA~1SableINSTALL.LOG
Skype—>C:Program FilesSkypeUninstall.exe
Skype™ 3.6—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoftV92 Voice Modem with SmartCP—>C:Program FilesCONEXANTCNXT_MODEM_USB_VID_0572&PID_1300HXFSETUP.EXE -U -IVID_0572&PID_1300
Spybot — Search & Destroy—>»C:Program FilesSpybot — Search & Destroyunins000.exe»
TeamSpeak 2 RC2—>»C:Program FilesTeamspeak2_RC2unins000.exe»
The Bat!—>C:Program FilesThe Bat!Uninstall.exe
The KMPlayer—>C:Program FilesThe KMPlayerUninstall.exe
Total Commander—>C:Program FilesTotal CommanderUninstall.exe
VBA—>MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Vista Drive Icon—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
Winamp—>»C:Program FilesWinampunins000.exe»
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Yahoo! Companion—>rundll32.exe C:PROGRA~1Yahoo!COMPAN~1InstallscpnYCOMP5~1.DLL,DllCommand ui
Yahoo! Install Manager—>C:WINDOWSsystem32regsvr32 /u C:PROGRA~1Yahoo!CommonYINSTH~1.DLL
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
еда выполнения Visual Studio 2005 Tools for Office, второй выпуск—>C:Program FilesCommon FilesMicrosoft SharedVSTO8.0Microsoft Visual Studio 2005 Tools for Office Runtimeinstall.exe
Мастер Открыток 2.95—>»C:Program FilesМастер Открытокunins000.exe»
Принц Персии 2—>C:Program FilesInstallShield Installation Information{6FA0AA3F-8865-46D6-8AFD-F606069BC8A7}setup.exe
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»=====HijackThis Backups=====
O4 — HKLM..Run: [68b04aa4] rundll32.exe «C:WINDOWSsystem32yfysvauk.dll»,b
O21 — SSODL: xrdwbfgn — {10A9DCEA-6014-4EE7-92DF-E9BD5D229CE1} — C:WINDOWSxrdwbfgn.dll
F2 — REG:system.ini: Shell=Explorer.exe csrcs.exe
O4 — HKLM..PoliciesExplorerRun: [csrcs] C:WINDOWSsystem32csrcs.exe
O21 — SSODL: dgksvbpn — {998BCF6A-1C0E-4D7A-B7EE-DB68CFA672C9} — C:WINDOWSdgksvbpn.dll (file missing)
O4 — Startup: HDDlife.lnk = C:Documents and SettingsAdminLocal SettingsTempRar$EX00.343Portable_HDD_Life_Pro_2.9.105Portable_HDD_Life_Pro_2.9.105HDD Life Pro 2.9.105HDDlifePro.exe======Security center information======
AV: VirusScan Enterprise + AntiSpyware Enterprise
======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 23 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=1706
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«Page2Chm»=C:Program FilesOperaACMisc
«VSEDEFLOGDIR»=C:Documents and SettingsAll UsersApplication DataMcAfeeDesktopProtection
«DEFLOGDIR»=C:Documents and SettingsAll UsersApplication DataMcAfeeDesktopProtection
EOF
