Re: Re: Глючит реестр под Windows Server 2003. Неуловимый вирус

[starcat]

OTL logfile created on: 23.06.2009 16:38:27 — Run 1
OTL by OldTimer — Version 3.0.5.1 Folder = C:Documents and SettingsАдминистраторРабочий стол
Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) — Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

1022,07 Mb Total Physical Memory | 87,91 Mb Available Physical Memory | 8,60% Memory free
2,41 Gb Paging File | 1,45 Gb Available in Paging File | 59,99% Paging File free
Paging file location(s): C:pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 97,65 Gb Total Space | 11,95 Gb Free Space | 12,24% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 8,52 Gb Free Space | 6,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOSS
Current User Name: Администратор
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC — [2006.05.23 22:59:38 | 00,409,600 | —- | M] (ATI Technologies Inc.) — C:WINDOWSSystem32Ati2evxx.exe
PRC — [2008.11.07 15:28:16 | 00,132,424 | —- | M] (Apple Inc.) — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
PRC — [2005.03.24 17:28:46 | 00,135,168 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverapplianceappmgr.exe
PRC — [2009.06.17 03:56:38 | 00,298,776 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgwdsvc.exe
PRC — [2008.08.29 11:18:44 | 00,238,888 | —- | M] (Apple Inc.) — C:Program FilesBonjourmDNSResponder.exe
PRC — [2005.03.24 17:28:46 | 00,079,360 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverapplianceelementmgr.exe
PRC — [2009.06.10 10:08:33 | 00,833,304 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgam.exe
PRC — [2009.06.17 03:56:39 | 00,486,680 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgrsx.exe
PRC — [2008.12.18 14:38:08 | 00,152,984 | —- | M] (Sun Microsystems, Inc.) — C:Program FilesJavajre6binjqs.exe
PRC — [2003.06.20 00:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
PRC — [2008.07.10 01:22:36 | 00,218,136 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server100DTSBinnMsDtsSrvr.exe
PRC — [2008.07.10 13:49:38 | 40,999,448 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnsqlservr.exe
PRC — [2008.07.10 01:22:40 | 21,945,368 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSAS10.MSSQLSERVEROLAPbinmsmdsrv.exe
PRC — [2008.07.10 02:22:18 | 01,106,968 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSRS10.MSSQLSERVERReporting ServicesReportServerbinReportingServicesService.exe
PRC — [2008.07.10 02:49:34 | 00,258,072 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe
PRC — [2008.07.10 02:49:44 | 00,098,840 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
PRC — [2003.03.25 09:10:10 | 00,067,584 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverappliancesrvcsurg.exe
PRC — [2003.05.22 11:53:46 | 00,094,255 | —- | M] (iVasion, a Routerware Company) — C:Program FilesWinPoET Broadband ConnectionWrOS.EXE
PRC — [2007.02.17 20:07:24 | 00,006,144 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32mqsvc.exe
PRC — [2006.05.23 22:59:38 | 00,409,600 | —- | M] (ATI Technologies Inc.) — C:WINDOWSSystem32Ati2evxx.exe
PRC — [2007.02.17 20:07:09 | 01,054,208 | —- | M] (Microsoft Corporation) — C:WINDOWSExplorer.EXE
PRC — [2009.02.03 14:05:41 | 00,217,600 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32wbemwmiprvse.exe
PRC — [2008.07.10 13:49:34 | 00,369,688 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnSQLAGENT.EXE
PRC — [2008.12.18 14:38:08 | 00,136,600 | —- | M] (Sun Microsystems, Inc.) — C:Program FilesJavajre6binjusched.exe
PRC — [2005.08.25 16:25:42 | 00,737,369 | —- | M] (Synaptics, Inc.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
PRC — [2006.10.11 19:36:40 | 16,267,776 | —- | M] (Realtek Semiconductor Corp.) — C:WINDOWSRTHDCPL.EXE
PRC — [2009.06.10 10:08:34 | 01,948,440 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgtray.exe
PRC — [2007.08.06 21:06:00 | 00,292,152 | —- | M] (BillP Studios) — C:Program FilesBillP StudiosWinPatrolWinPatrol.exe
PRC — [2007.08.06 21:06:00 | 00,292,152 | —- | M] (BillP Studios) — C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
PRC — [2008.04.23 15:09:50 | 00,199,688 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft OfficeOFFICE11OUTLOOK.EXE
PRC — [2009.04.25 08:58:23 | 00,636,088 | —- | M] (Microsoft Corporation) — C:Program FilesInternet Exploreriexplore.exe
PRC — [2009.06.17 03:56:37 | 00,692,504 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgcsrvx.exe
PRC — [2006.06.26 07:03:00 | 04,027,800 | —- | M] (JGsoft — Just Great Software) — C:Program FilesJGsoftEditPadPro6EditPadPro.exe
PRC — [2009.04.21 22:34:24 | 12,314,456 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
PRC — [2009.06.17 03:56:37 | 00,692,504 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgcsrvx.exe
PRC — [2009.04.21 14:39:16 | 24,264,488 | R— | M] (Skype Technologies S.A.) — C:Program FilesSkypePhoneSkype.exe
PRC — [2007.02.17 20:06:56 | 00,009,728 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32cidaemon.exe
PRC — [2007.02.17 20:06:56 | 00,009,728 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32cidaemon.exe
PRC — [2008.12.18 13:52:48 | 00,677,412 | —- | M] (C. Ghisler & Co.) — C:totalcmdTOTALCMD.EXE
PRC — [2007.02.17 20:06:56 | 00,009,728 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32cidaemon.exe
PRC — [2009.04.02 16:16:36 | 02,792,960 | —- | M] () — C:Program FilesEmEx 3Emex 3emex3.exe
PRC — [2003.01.19 05:37:08 | 02,335,232 | —- | M] (Nexus 6) — C:soft_mass sender 140308MassSender.exe
PRC — [2009.06.23 16:36:17 | 00,512,512 | —- | M] (OldTimer Tools) — C:Documents and SettingsАдминистраторРабочий столOTL.exe

========== Win32 Services (SafeList) ==========

SRV — [2007.02.17 20:01:45 | 00,099,840 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem326to4svc.dll — (6to4 [Auto | Running])
SRV — [2008.12.17 21:32:21 | 00,068,096 | —- | M] () — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe — (Adobe LM Service [On_Demand | Stopped])
SRV — [2008.11.07 15:28:16 | 00,132,424 | —- | M] (Apple Inc.) — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe — (Apple Mobile Device [Auto | Running])
SRV — [2005.03.24 17:28:46 | 00,135,168 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverapplianceappmgr.exe — (appmgr [Auto | Running])
SRV — [2008.07.25 11:16:40 | 00,034,312 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe — (aspnet_state [On_Demand | Stopped])
SRV — [2006.05.23 22:59:38 | 00,409,600 | —- | M] (ATI Technologies Inc.) — C:WINDOWSSystem32Ati2evxx.exe — (Ati HotKey Poller [Auto | Running])
SRV — [2009.06.17 03:56:38 | 00,298,776 | —- | M] (AVG Technologies CZ, s.r.o.) — C:Program FilesAVGAVG8avgwdsvc.exe — (avg8wd [Auto | Running])
SRV — [2008.08.29 11:18:44 | 00,238,888 | —- | M] (Apple Inc.) — C:Program FilesBonjourmDNSResponder.exe — (Bonjour Service [Auto | Running])
SRV — [2008.07.25 11:17:02 | 00,069,632 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe — (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV — [2007.02.17 20:07:03 | 00,164,864 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32Dfssvc.exe — (Dfs [On_Demand | Stopped])
SRV — [2005.03.24 17:28:46 | 00,079,360 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverapplianceelementmgr.exe — (elementmgr [Auto | Running])
SRV — [2008.07.29 21:10:04 | 00,046,104 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe — (FontCache3.0.0.0 [On_Demand | Stopped])
SRV — [2007.02.17 20:04:56 | 00,039,936 | —- | M] (Microsoft Corporation) — C:WINDOWSPCHealthHelpCtrBinariespchsvc.dll — (helpsvc [Auto | Running])
SRV — [2008.07.29 19:24:50 | 00,881,664 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe — (idsvc [Unknown | Stopped])
SRV — [2007.02.17 20:07:14 | 00,014,336 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32inetsrvinetinfo.exe — (IISADMIN [Auto | Stopped])
SRV — [2009.01.06 14:06:24 | 00,536,872 | —- | M] (Apple Inc.) — C:Program FilesiPodbiniPodService.exe — (iPod Service [On_Demand | Stopped])
SRV — [2007.02.17 20:07:14 | 00,040,448 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32ismserv.exe — (IsmServ [Disabled | Stopped])
SRV — [2008.12.18 14:38:08 | 00,152,984 | —- | M] (Sun Microsystems, Inc.) — C:Program FilesJavajre6binjqs.exe — (JavaQuickStarterService [Auto | Running])
SRV — [2007.02.17 20:07:15 | 00,094,720 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32llssrv.exe — (LicenseService [Disabled | Stopped])
SRV — [2003.06.20 00:25:00 | 00,322,120 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE — (MDM [Auto | Running])
SRV — [2007.02.17 20:07:22 | 00,032,768 | —- | M] (Корпорация Майкрософт) — C:WINDOWSSystem32mnmsrvc.exe — (mnmsrvc [Disabled | Stopped])
SRV — [2008.07.10 01:22:36 | 00,218,136 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server100DTSBinnMsDtsSrvr.exe — (MsDtsServer100 [Auto | Running])
SRV — [2007.02.17 20:07:14 | 00,014,336 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32inetsrvinetinfo.exe — (MSFtpsvc [Auto | Stopped])
SRV — [2007.02.17 20:07:24 | 00,006,144 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32mqsvc.exe — (MSMQ [Auto | Running])
SRV — [2008.07.10 01:15:32 | 00,031,256 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnfdlauncher.exe — (MSSQLFDLauncher [Disabled | Stopped])
SRV — [2008.07.10 13:49:38 | 40,999,448 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnsqlservr.exe — (MSSQLSERVER [Auto | Running])
SRV — [2008.07.10 13:49:34 | 00,047,128 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server100SharedSQLADHLP.EXE — (MSSQLServerADHelper100 [Disabled | Stopped])
SRV — [2008.07.10 01:22:40 | 21,945,368 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSAS10.MSSQLSERVEROLAPbinmsmdsrv.exe — (MSSQLServerOLAPService [Auto | Running])
SRV — [2008.07.29 13:10:46 | 03,201,024 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft Visual Studio 9.0Common7IDERemote Debuggerx86msvsmon.exe — (msvsmon90 [Disabled | Stopped])
SRV — [2006.08.08 22:15:50 | 00,208,896 | —- | M] (Nero AG) — C:Program FilesNeroNero 7Nero BackItUpNBService.exe — (NBService [On_Demand | Stopped])
SRV — [2008.07.29 19:16:38 | 00,132,096 | —- | M] (Microsoft Corporation) — C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe — (NetTcpPortSharing [Disabled | Stopped])
SRV — [2007.02.17 20:07:14 | 00,014,336 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32inetsrvinetinfo.exe — (NntpSvc [Auto | Stopped])
SRV — [2007.02.17 20:07:32 | 00,792,576 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32ntfrs.exe — (NtFrs [On_Demand | Stopped])
SRV — [2006.10.26 15:03:08 | 00,145,184 | —- | M] (Microsoft Corporation) — C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE — (ose [On_Demand | Stopped])
SRV — [2008.07.10 02:22:18 | 01,106,968 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSRS10.MSSQLSERVERReporting ServicesReportServerbinReportingServicesService.exe — (ReportServer [Auto | Running])
SRV — [2007.02.17 20:07:38 | 00,067,072 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32RSoPProv.exe — (RSoPProv [On_Demand | Stopped])
SRV — [2003.05.12 20:00:00 | 00,012,288 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32sacsvr.dll — (sacsvr [On_Demand | Stopped])
SRV — [2007.02.17 20:07:14 | 00,014,336 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32inetsrvinetinfo.exe — (SMTPSVC [Auto | Stopped])
SRV — [2008.07.10 02:49:34 | 00,258,072 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe — (SQLBrowser [Auto | Running])
SRV — [2008.07.10 13:49:34 | 00,369,688 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnSQLAGENT.EXE — (SQLSERVERAGENT [Auto | Running])
SRV — [2008.07.10 02:49:44 | 00,098,840 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe — (SQLWriter [Auto | Running])
SRV — [2003.03.25 09:10:10 | 00,067,584 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32serverappliancesrvcsurg.exe — (srvcsurg [Auto | Running])
SRV — [2003.05.12 20:00:00 | 00,050,688 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32trksvr.dll — (TrkSvr [Disabled | Stopped])
SRV — [2007.02.17 20:07:52 | 00,070,656 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32tssdis.exe — (Tssdis [Disabled | Stopped])
SRV — [2007.02.17 20:07:54 | 00,039,424 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32wdfmgr.exe — (UMWdf [On_Demand | Stopped])
SRV — [2007.02.17 20:03:28 | 00,216,576 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32inetsrviisw3adm.dll — (W3SVC [Auto | Stopped])
SRV — [2003.05.22 11:53:46 | 00,094,255 | —- | M] (iVasion, a Routerware Company) — C:Program FilesWinPoET Broadband ConnectionWrOS.EXE — (WinPPPoverEthernet [Auto | Running])

========== Driver Services (SafeList) ==========

DRV — [2007.02.17 10:14:59 | 00,043,520 | —- | M] (Adaptec, Inc.) — C:WINDOWSSystem32driversarc.sys — (arc [Disabled | Stopped])
DRV — [2006.05.23 23:06:36 | 01,578,496 | —- | M] (ATI Technologies Inc.) — C:WINDOWSSystem32DRIVERSati2mtag.sys — (ati2mtag [On_Demand | Running])
DRV — [2009.06.10 10:08:53 | 00,327,688 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32Driversavgldx86.sys — (AvgLdx86 [System | Running])
DRV — [2009.06.17 03:56:39 | 00,027,784 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32Driversavgmfx86.sys — (AvgMfx86 [System | Running])
DRV — [2009.06.10 10:08:54 | 00,012,552 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32Driversavgrkx86.sys — (AvgRkx86 [Boot | Running])
DRV — [2007.02.17 10:02:56 | 00,069,120 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERSClusDisk.sys — (ClusDisk [Disabled | Stopped])
DRV — [2004.11.30 15:46:30 | 00,046,080 | R— | M] (Компания Крипто-Про) — C:WINDOWSSystem32DRIVERSCProCtrl.sys — (CProCtrl [System | Running])
DRV — [2007.02.17 09:51:18 | 00,034,816 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32driversDfs.sys — (DfsDriver [Boot | Running])
DRV — [2005.03.24 18:56:24 | 00,153,600 | —- | M] (Windows (R) Server 2003 DDK provider) — C:WINDOWSSystem32driversHdAudio.sys — (HdAudAddService [On_Demand | Stopped])
DRV — [2005.07.08 18:56:32 | 00,144,384 | —- | M] (Windows (R) Server 2003 DDK provider) — C:WINDOWSSystem32DRIVERSHDAudBus.sys — (HDAudBus [On_Demand | Running])
DRV — [2007.02.17 10:14:58 | 00,023,552 | —- | M] (Hewlett-Packard Company) — C:WINDOWSSystem32drivershpcisss.sys — (hpcisss [Disabled | Stopped])
DRV — [2007.09.30 03:03:12 | 00,308,248 | —- | M] (Intel Corporation) — C:WINDOWSsystem32driversiaStor.sys — (iaStor [Boot | Running])
DRV — [2006.10.12 10:52:04 | 04,387,328 | —- | M] (Realtek Semiconductor Corp.) — C:WINDOWSSystem32driversRtkHDAud.sys — (IntcAzAudAddService [On_Demand | Running])
DRV — [2007.02.17 09:44:20 | 00,084,992 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32driversmqac.sys — (MQAC [On_Demand | Running])
DRV — [2006.09.27 01:00:00 | 01,709,696 | —- | M] (Intel® Corporation) — C:WINDOWSSystem32DRIVERSNETw3x32.sys — (NETw3x32 [On_Demand | Running])
DRV — [2007.02.17 10:06:39 | 00,020,480 | —- | M] (Parallel Technologies, Inc.) — C:WINDOWSSystem32DRIVERSptilink.sys — (Ptilink [On_Demand | Running])
DRV — [2008.11.22 01:47:48 | 00,043,528 | —- | M] (Sonic Solutions) — C:WINDOWSSystem32DriversPxHelp20.sys — (PxHelp20 [Boot | Running])
DRV — [2008.05.08 17:27:43 | 00,109,568 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERSRMCAST.sys — (RMCAST [Auto | Running])
DRV — [2008.07.10 02:49:14 | 00,242,712 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERSRsFx0102.sys — (RsFx0102 [System | Running])
DRV — [2007.10.02 11:13:04 | 00,013,056 | —- | M] (Компания «Актив») — C:WINDOWSSystem32DRIVERSrtIFDH.sys — (RTIFDH [On_Demand | Running])
DRV — [2005.09.30 12:11:42 | 00,078,720 | —- | M] (Realtek Semiconductor Corporation ) — C:WINDOWSSystem32DRIVERSRtnicxp.sys — (RTL8023xp [On_Demand | Running])
DRV — [2007.10.02 11:13:14 | 00,029,440 | —- | M] (Компания «Актив») — C:WINDOWSSystem32DRIVERSrtUSB.SYS — (RTUSB [On_Demand | Stopped])
DRV — [2007.11.13 13:32:28 | 00,020,480 | —- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) — C:WINDOWSSystem32DRIVERSsecdrv.sys — (Secdrv [On_Demand | Stopped])
DRV — [2005.09.16 15:09:02 | 00,846,792 | —- | M] (Motorola Inc.) — C:WINDOWSSystem32DRIVERSsmserial.sys — (smserial [On_Demand | Running])
DRV — [2009.04.15 14:27:43 | 00,717,296 | —- | M] () — C:WINDOWSSystem32Driverssptd.sys — (sptd [Boot | Running])
DRV — [2005.08.25 16:12:56 | 00,191,168 | —- | M] (Synaptics, Inc.) — C:WINDOWSSystem32DRIVERSSynTP.sys — (SynTP [On_Demand | Running])
DRV — [2008.06.20 17:55:15 | 00,234,368 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERStcpip6.sys — (Tcpip6 [System | Running])
DRV — [2003.05.22 18:00:20 | 00,053,334 | —- | M] () — C:WINDOWSSystem32DRIVERSWrKPoET2000.sys — (TopWinPoETDriver [Auto | Running])
DRV — [2007.02.17 09:58:50 | 00,014,336 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERSusb8023.sys — (USB_RNDIS_51 [On_Demand | Stopped])
DRV — [2007.09.04 17:53:34 | 00,055,664 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft Visual Studio 9.0Team ToolsPerformance ToolsVSPerfDrv90.sys — (VSPerfDrv90 [On_Demand | Stopped])
DRV — [2007.02.17 19:13:49 | 00,172,032 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32DRIVERSwlbs.sys — (WLBS [On_Demand | Stopped])
DRV — [2003.05.22 18:00:20 | 00,053,334 | —- | M] () — C:Program FilesWinPoET Broadband ConnectionWrKPoET2000.sys — (WrKPoET2000 [On_Demand | Running])
DRV — [2002.10.28 19:42:56 | 00,065,604 | —- | M] () — C:WINDOWSSystem32DRIVERSWrKPoETNic2000.sys — (WRSWanDD [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = [binary data]
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Extensions Off Page = about:NoAdd-ons
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = %SystemRoot%system32blank.htm
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Security Risk Page = about:SecurityRisk
IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE — HKU.DEFAULT.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0

IE — HKUS-1-5-18S-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0

IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,First Home Page = res://shdoclc.dll/hardAdmin.htm
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsystem32blank.htm
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,Page_Transitions = 1
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftInternet ExplorerMain,Start Page = res://shdoclc.dll/hardAdmin.htm
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500S-1-5-21-1575559806-2931686487-2101553159-500SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0
IE — HKUS-1-5-21-1575559806-2931686487-2101553159-500S-1-5-21-1575559806-2931686487-2101553159-500SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyOverride» = *.local

FF — HKLMsoftwaremozillaFirefoxextensions\jqs@sun.com: C:Program FilesJavajre6libdeployjqsff [2008.12.18 14:38:08 | 00,000,000 | —D | M]
FF — HKLMsoftwaremozillaFirefoxextensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:Program FilesRealRealPlayerbrowserrecord [2009.01.08 07:46:08 | 00,000,000 | —D | M]
FF — HKLMsoftwaremozillaFirefoxextensions\{20a82645-c095-46ed-80e3-08825760534b}: C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension [2009.04.21 20:23:24 | 00,000,000 | —D | M]

[2009.04.15 14:33:25 | 00,000,000 | —D | M] — C:Documents and SettingsАдминистраторApplication DatamozillaFirefoxProfiles9vf96daw.defaultextensionsyasearch@yandex.ruchromeskinextensions-hacks

O1 HOSTS File: (769 bytes) — C:WINDOWSSystem32driversetcHosts
O1 — Hosts: 127.0.0.1 localhost
O2 — BHO: (Java(tm) Plug-In SSV Helper) — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)
O2 — BHO: (Java(tm) Plug-In 2 SSV Helper) — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll (Sun Microsystems, Inc.)
O2 — BHO: (Microsoft Web Test Recorder 9.0 Helper) — {E31CE47F-C268-41ba-897B-B415E613947D} — C:Program FilesMicrosoft Visual Studio 9.0Common7IDEPrivateAssembliesMicrosoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O2 — BHO: (JQSIEStartDetectorImpl Class) — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll (Sun Microsystems, Inc.)
O3 — HKUS-1-5-21-1575559806-2931686487-2101553159-500..ToolbarShellBrowser: (&Адрес) — {01E04581-4EEE-11D0-BFE9-00AA005B4383} — C:WINDOWSSystem32browseui.dll (Корпорация Майкрософт)
O3 — HKUS-1-5-21-1575559806-2931686487-2101553159-500..ToolbarWebBrowser: (&Адрес) — {01E04581-4EEE-11D0-BFE9-00AA005B4383} — C:WINDOWSSystem32browseui.dll (Корпорация Майкрософт)
O4 — HKLM..Run: [AVG8_TRAY] C:Program FilesAVGAVG8avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 — HKLM..Run: [RTHDCPL] C:WINDOWSRTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 — HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre6binjusched.exe (Sun Microsystems, Inc.)
O4 — HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe (Synaptics, Inc.)
O4 — HKLM..Run: [WinPatrol] C:Program FilesBillP StudiosWinPatrolWinPatrol.exe (BillP Studios)
O4 — HKLM..Run: [WinPatrol Russian v.2] C:Program FilesBillP StudiosWinPatrolwinpatrol.exe (BillP Studios)
O4 — HKLM..Run: [Ярлык для страницы свойств High Definition Audio] C:WINDOWSSystem32HDAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 — HKU.DEFAULT..RunOnce: [tscuninstall] C:WINDOWSSystem32tscupgrd.exe (Microsoft Corporation)
O4 — HKUS-1-5-18..RunOnce: [tscuninstall] C:WINDOWSSystem32tscupgrd.exe (Microsoft Corporation)
O4 — HKUS-1-5-19..RunOnce: [tscuninstall] C:WINDOWSSystem32tscupgrd.exe (Microsoft Corporation)
O4 — HKUS-1-5-20..RunOnce: [tscuninstall] C:WINDOWSSystem32tscupgrd.exe (Microsoft Corporation)
O6 — HKLMSoftwarePoliciesMicrosoftInternet ExplorerLow Rights present
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: ShowSuperHidden = 1
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: disablecad = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: dontdisplaylastusername = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: legalnoticecaption =
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: legalnoticetext =
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: scforceoption = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: shutdownwithoutlogon = 0
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: undockwithoutlogon = 1
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 67108863
O7 — HKUS-1-5-21-1575559806-2931686487-2101553159-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: disableregistrytools = 0
O10 — NameSpace_Catalog5Catalog_Entries00000000004 [] — C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)
O16 — DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229532347505 (WUWebControl Class)
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240335478625 (MUWebControl Class)
O16 — DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 — DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 — DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 — HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 10.7.1.3 10.2.2.26 10.2.2.27
O18 — ProtocolHandlerhttpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerhttpoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerhttpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerhttpsoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlermsdaipp — No CLSID value found
O18 — ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} — C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
O18 — ProtocolHandlerms-help {314111c7-a502-11d2-bbca-00c04f8ec294} — C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll (Microsoft Corporation)
O18 — ProtocolHandlerms-itss {0A9007C0-4076-11D3-8789-0000F8105754} — C:Program FilesCommon FilesMicrosoft SharedInformation RetrievalMSITSS.DLL (Microsoft Corporation)
O18 — ProtocolHandlermso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} — C:Program FilesCommon FilesMicrosoft SharedWeb Components10OWC10.DLL (Microsoft Corporation)
O18 — ProtocolHandlermso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} — C:Program FilesCommon FilesMicrosoft SharedWeb Components11OWC11.DLL (Microsoft Corporation)
O18 — ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies)
O18 — ProtocolFilter: — text/xml — C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL (Microsoft Corporation)
O20 — HKLM Winlogon: Shell — (Explorer.exe) — C:WINDOWSExplorer.exe (Microsoft Corporation)
O20 — WinlogonNotifyAtiExtEvent: DllName — Ati2evxx.dll — C:WINDOWSSystem32Ati2evxx.dll (ATI Technologies Inc.)
O20 — WinlogonNotifyavgrsstarter: DllName — avgrsstx.dll — C:WINDOWSSystem32avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O22 — SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} — Предзагрузчик Browseui — C:WINDOWSSystem32browseui.dll (Корпорация Майкрософт)
O22 — SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} — Демон кэша категорий компонентов — C:WINDOWSSystem32browseui.dll (Корпорация Майкрософт)
O24 — Desktop Components:0 (Моя текущая домашняя страница) — About:Home
O29 — HKLM SecurityProviders — (cpssp.dll) — C:WINDOWSSystem32cpssp.dll (Компания Крипто-Про)
O31 — SafeBoot: AlternateShell — cmd.exe
O32 — HKLM CDRom: AutoRun — 1
O32 — AutoRun File — [2008.12.17 20:23:42 | 00,000,000 | —- | M] () — C:AUTOEXEC.BAT — [ NTFS ]
O33 — MountPoints2{09111472-3ad7-11de-b438-0015eb3e517a}ShellAutoRuncommand — «» = F:keygen.exe — File not found
O33 — MountPoints2{09111472-3ad7-11de-b438-0015eb3e517a}ShellopenCommand — «» = F:keygen.exe — File not found
O33 — MountPoints2{1ce8c3cb-4db8-11de-984e-00030d4ad98d}ShellAUtopLAYCOmMand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{1ce8c3cb-4db8-11de-984e-00030d4ad98d}ShellAutoRuncommand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{1ce8c3cb-4db8-11de-984e-00030d4ad98d}ShellexPLoReCOMMand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{1ce8c3cb-4db8-11de-984e-00030d4ad98d}ShellOpENCOmMAnd — «» = F:dyjx.exe — File not found
O33 — MountPoints2{b380353b-2dab-11de-be4e-0015eb3e517a}ShellAUtopLAYCOmMand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{b380353b-2dab-11de-be4e-0015eb3e517a}ShellAutoRuncommand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{b380353b-2dab-11de-be4e-0015eb3e517a}ShellexPLoReCOMMand — «» = F:dyjx.exe — File not found
O33 — MountPoints2{b380353b-2dab-11de-be4e-0015eb3e517a}ShellOpENCOmMAnd — «» = F:dyjx.exe — File not found
O33 — MountPoints2{dc23d4e0-d024-11dd-ba98-00030d4ad98d}ShellAutoRuncommand — «» = F:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe — File not found
O33 — MountPoints2{dc23d4e0-d024-11dd-ba98-00030d4ad98d}Shellopencommand — «» = F:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013win32.exe — File not found
O34 — HKLM BootExecute: (autocheck) — File not found
O34 — HKLM BootExecute: (autochk) — C:WINDOWSSystem32autochk.exe (Microsoft Corporation)
O34 — HKLM BootExecute: (*) — File not found

========== Files/Folders — Created Within 30 Days ==========

[7 C:WINDOWS*.tmp files]
[2009.06.23 16:36:10 | 00,512,512 | —- | C] (OldTimer Tools) — C:Documents and SettingsАдминистраторРабочий столOTL.exe
[2009.06.21 15:56:46 | 00,000,000 | —D | C] — C:Program FilesMovieToolbox
[2009.06.21 12:13:52 | 00,000,000 | —D | C] — C:Program FileseMule
[2009.06.18 19:32:14 | 00,359,893 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столdds.scr
[2009.06.15 20:15:56 | 04,544,721 | —- | C] () — C:kuchin_ivan-tihij_okean_2.mp3
[2009.06.11 01:01:24 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторМои документырыбалка кафтино
[2009.06.10 17:25:09 | 00,000,000 | —D | C] — C:rsit
[2009.06.10 14:35:49 | 00,000,000 | —D | C] — C:Program FilesNT Registry Optimizer
[2009.06.10 14:32:42 | 00,000,000 | —D | C] — C:WINDOWSERDNT
[2009.06.10 14:32:16 | 00,000,000 | —D | C] — C:Program FilesERUNT
[2009.06.10 14:21:27 | 00,000,000 | —D | C] — C:32788R22FWJFW
[2009.06.10 13:20:11 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторApplication DataWinPatrol
[2009.06.10 13:19:38 | 00,000,000 | —D | C] — C:Program FilesBillP Studios
[2009.06.10 11:08:11 | 00,000,000 | -H-D | C] — C:$AVG8.VAULT$
[2009.06.10 10:08:56 | 00,001,507 | —- | C] () — C:Documents and SettingsAll UsersРабочий столAVG 8.5.lnk
[2009.06.10 10:08:54 | 00,012,552 | —- | C] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgrkx86.sys
[2009.06.10 10:08:54 | 00,011,952 | —- | C] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32avgrsstx.dll
[2009.06.10 10:08:53 | 00,327,688 | —- | C] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgldx86.sys
[2009.06.10 10:08:48 | 00,027,784 | —- | C] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgmfx86.sys
[2009.06.10 10:08:47 | 37,309,041 | —- | C] () — C:WINDOWSSystem32driversAvgincavi.avm
[2009.06.10 10:08:47 | 06,061,540 | —- | C] () — C:WINDOWSSystem32driversAvgavi7.avg
[2009.06.10 10:08:47 | 00,434,673 | —- | C] () — C:WINDOWSSystem32driversAvgminiavi.avg
[2009.06.10 10:08:47 | 00,085,931 | —- | C] () — C:WINDOWSSystem32driversAvgmicroavi.avg
[2009.06.10 10:08:47 | 00,000,000 | —D | C] — C:WINDOWSSystem32driversAvg
[2009.06.10 10:08:33 | 00,000,000 | —D | C] — C:Program FilesAVG
[2009.06.10 10:07:52 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication Dataavg8
[2009.06.10 10:04:53 | 00,000,000 | -HSD | C] — C:Config.Msi
[2009.06.09 21:01:12 | 00,000,000 | —D | C] — C:Program FilesTrend Micro
[2009.06.09 17:37:31 | 00,132,597 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столFlash_Disinfector.exe
[2009.06.09 17:25:28 | 00,000,000 | —D | C] — C:Program FilesESET
[2009.06.09 16:53:59 | 00,000,000 | —D | C] — C:SDFix
[2009.06.09 16:52:10 | 00,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
[2009.05.26 16:53:58 | 00,000,587 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столЯрлык для 15.exe.lnk
[2009.05.26 02:01:23 | 00,000,680 | —- | C] () — C:Documents and SettingsАдминистраторРабочий столФильтр доменов.lnk
[2009.05.24 22:05:20 | 00,000,000 | —D | C] — C:Documents and SettingsАдминистраторМои документыскан авто
[2009.04.15 14:27:43 | 00,717,296 | —- | C] () — C:WINDOWSSystem32driverssptd.sys
[2009.02.04 16:42:37 | 00,168,448 | —- | C] () — C:WINDOWSSystem32unrar.dll
[2009.02.04 16:42:32 | 00,795,648 | —- | C] () — C:WINDOWSSystem32xvidcore.dll
[2009.02.04 16:42:31 | 00,130,048 | —- | C] () — C:WINDOWSSystem32xvidvfw.dll
[2009.02.04 16:42:28 | 00,057,344 | —- | C] () — C:WINDOWSSystem32ff_vfw.dll
[2009.02.04 16:42:28 | 00,000,547 | —- | C] () — C:WINDOWSSystem32ff_vfw.dll.manifest
[2009.01.06 15:35:51 | 00,000,281 | —- | C] () — C:WINDOWSSystem32CNCMFP11.INI
[2009.01.06 15:31:15 | 00,000,532 | —- | C] () — C:WINDOWSMAXLINK.INI
[2009.01.03 18:57:27 | 00,000,069 | —- | C] () — C:WINDOWSNeroDigital.ini
[2009.01.03 18:57:16 | 00,000,014 | —- | C] () — C:WINDOWSSystem32SysEngineDrive1.sys
[2008.12.27 01:27:15 | 00,198,656 | —- | C] () — C:WINDOWSSystem32psisdecd.dll
[2008.12.22 23:25:38 | 00,065,604 | —- | C] () — C:WINDOWSSystem32driversWrKPoETNic2000.sys
[2008.12.22 23:25:38 | 00,053,334 | —- | C] () — C:WINDOWSSystem32driversWrKPoET2000.sys
[2008.12.18 17:23:01 | 00,002,765 | —- | C] () — C:WINDOWSwcx_ftp.ini
[2008.12.18 14:28:02 | 00,102,400 | —- | C] () — C:WINDOWSSystem32ibank2agava.dll
[2008.12.18 13:49:05 | 00,002,311 | —- | C] () — C:WINDOWSwincmd.ini
[2008.12.18 13:13:40 | 00,044,189 | —- | C] () — C:WINDOWSSystem32smtpctrs.ini
[2008.12.18 13:13:40 | 00,034,419 | —- | C] () — C:WINDOWSSystem32nntpctrs.ini
[2008.12.18 13:13:40 | 00,002,111 | —- | C] () — C:WINDOWSSystem32ntfsdrct.ini
[2008.12.18 13:13:33 | 00,011,966 | —- | C] () — C:WINDOWSSystem32ftpctrs.ini
[2008.12.18 13:13:32 | 00,077,877 | —- | C] () — C:WINDOWSSystem32w3ctrs.ini
[2008.12.18 13:13:32 | 00,015,758 | —- | C] () — C:WINDOWSSystem32axperf.ini
[2008.12.18 13:13:31 | 00,017,508 | —- | C] () — C:WINDOWSSystem32infoctrs.ini
[2008.12.17 21:05:05 | 00,000,902 | —- | C] () — C:WINDOWSODBC.INI
[2008.11.06 20:37:32 | 03,596,288 | —- | C] () — C:WINDOWSSystem32qt-dx331.dll
[2008.11.06 20:34:00 | 00,000,416 | —- | C] () — C:WINDOWSSystem32dtu100.dll.manifest
[2008.11.06 20:34:00 | 00,000,416 | —- | C] () — C:WINDOWSSystem32dpl100.dll.manifest
[2008.11.06 20:33:02 | 00,012,288 | —- | C] () — C:WINDOWSSystem32DivXWMPExtType.dll
[2005.09.16 15:01:04 | 00,053,248 | —- | C] () — C:WINDOWSsm56jpn.dll
[2005.09.16 15:01:04 | 00,049,152 | —- | C] () — C:WINDOWSsm56cht.dll
[2005.09.16 15:01:04 | 00,049,152 | —- | C] () — C:WINDOWSsm56chs.dll
[2005.09.16 15:01:02 | 00,069,632 | —- | C] () — C:WINDOWSsm56spn.dll
[2005.09.16 15:01:02 | 00,069,632 | —- | C] () — C:WINDOWSsm56itl.dll
[2005.09.16 15:01:02 | 00,069,632 | —- | C] () — C:WINDOWSsm56eng.dll
[2005.09.16 15:01:02 | 00,069,632 | —- | C] () — C:WINDOWSsm56brz.dll
[2005.09.16 15:01:02 | 00,061,440 | —- | C] () — C:WINDOWSsm56ger.dll
[2005.09.16 15:01:02 | 00,061,440 | —- | C] () — C:WINDOWSsm56fra.dll
[2005.03.24 18:46:50 | 00,179,577 | —- | C] () — C:WINDOWSSystem32schema.ini
[2003.05.12 20:00:00 | 00,050,891 | —- | C] () — C:WINDOWSSystem32ntdsctrs.ini
[2003.05.12 20:00:00 | 00,040,517 | —- | C] () — C:WINDOWSSystem32ntfrsrep.ini
[2003.05.12 20:00:00 | 00,023,212 | —- | C] () — C:WINDOWSSystem32iasperf.ini
[2003.05.12 20:00:00 | 00,022,095 | —- | C] () — C:WINDOWSSystem32ipsecprf.ini
[2003.05.12 20:00:00 | 00,010,626 | —- | C] () — C:WINDOWSSystem32ntfrscon.ini
[2003.05.12 20:00:00 | 00,000,686 | —- | C] () — C:WINDOWSwin.ini
[2003.05.12 20:00:00 | 00,000,231 | —- | C] () — C:WINDOWSsystem.ini
[2003.04.10 14:43:32 | 00,005,412 | —- | C] () — C:WINDOWSSystem32OUTLPERF.INI
[2002.08.09 19:00:00 | 00,375,296 | —- | C] () — C:WINDOWSSystem32WSIHK32.DLL
[2002.08.09 19:00:00 | 00,131,584 | —- | C] () — C:WINDOWSSystem32WSIWIN32.DLL

========== Files — Modified Within 30 Days ==========

[1 C:WINDOWSSystem32*.tmp files]
[7 C:WINDOWS*.tmp files]
[2009.06.23 16:40:19 | 00,000,460 | -H— | M] () — C:WINDOWStasksUser_Feed_Synchronization-{CC727C43-5288-434E-BA47-7CE2C0740D06}.job
[2009.06.23 16:36:17 | 00,512,512 | —- | M] (OldTimer Tools) — C:Documents and SettingsАдминистраторРабочий столOTL.exe
[2009.06.23 16:21:34 | 08,339,456 | —- | M] () — C:website_1.ldf
[2009.06.23 14:56:32 | 00,002,311 | —- | M] () — C:WINDOWSwincmd.ini
[2009.06.23 13:50:40 | 00,000,006 | -H— | M] () — C:WINDOWStasksSA.DAT
[2009.06.23 13:50:39 | 00,002,048 | —S- | M] () — C:WINDOWSbootstat.dat
[2009.06.22 17:53:56 | 62,914,560 | —- | M] () — C:aps2_1.ldf
[2009.06.22 17:53:56 | 14,942,208 | —- | M] () — C:aps2.mdf
[2009.06.22 17:53:55 | 32,243,712 | —- | M] () — C:website.mdf
[2009.06.22 17:53:55 | 09,306,112 | —- | M] () — C:sitecontent.mdf
[2009.06.22 17:53:55 | 07,831,552 | —- | M] () — C:sitecontent_1.ldf
[2009.06.22 17:53:46 | 00,000,686 | —- | M] () — C:WINDOWSwin.ini
[2009.06.21 19:01:25 | 00,000,069 | —- | M] () — C:WINDOWSNeroDigital.ini
[2009.06.21 17:15:01 | 37,309,041 | —- | M] () — C:WINDOWSSystem32driversAvgincavi.avm
[2009.06.21 17:14:35 | 00,085,931 | —- | M] () — C:WINDOWSSystem32driversAvgmicroavi.avg
[2009.06.19 23:13:29 | 00,002,206 | —- | M] () — C:WINDOWSSystem32wpa.dbl
[2009.06.18 19:32:19 | 00,359,893 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столdds.scr
[2009.06.17 03:56:39 | 00,027,784 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgmfx86.sys
[2009.06.17 03:56:39 | 00,011,952 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32avgrsstx.dll
[2009.06.17 03:55:20 | 06,061,540 | —- | M] () — C:WINDOWSSystem32driversAvgavi7.avg
[2009.06.17 03:55:20 | 00,434,673 | —- | M] () — C:WINDOWSSystem32driversAvgminiavi.avg
[2009.06.15 20:15:56 | 04,544,721 | —- | M] () — C:kuchin_ivan-tihij_okean_2.mp3
[2009.06.10 14:21:32 | 00,396,288 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32cmd.execf
[2009.06.10 10:16:53 | 00,761,130 | —- | M] () — C:WINDOWSSystem32perfh019.dat
[2009.06.10 10:16:52 | 01,878,348 | —- | M] () — C:WINDOWSSystem32PerfStringBackup.INI
[2009.06.10 10:16:52 | 00,717,284 | —- | M] () — C:WINDOWSSystem32perfh009.dat
[2009.06.10 10:16:52 | 00,195,844 | —- | M] () — C:WINDOWSSystem32perfc019.dat
[2009.06.10 10:16:52 | 00,178,620 | —- | M] () — C:WINDOWSSystem32perfc009.dat
[2009.06.10 10:13:57 | 00,274,968 | —- | M] () — C:WINDOWSSystem32FNTCACHE.DAT
[2009.06.10 10:10:45 | 00,004,861 | —- | M] () — C:WINDOWSimsins.BAK
[2009.06.10 10:08:56 | 00,001,507 | —- | M] () — C:Documents and SettingsAll UsersРабочий столAVG 8.5.lnk
[2009.06.10 10:08:54 | 00,012,552 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgrkx86.sys
[2009.06.10 10:08:53 | 00,327,688 | —- | M] (AVG Technologies CZ, s.r.o.) — C:WINDOWSSystem32driversavgldx86.sys
[2009.06.10 02:58:06 | 00,525,312 | —- | M] () — C:спамеры.pst
[2009.06.09 17:37:32 | 00,132,597 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столFlash_Disinfector.exe
[2009.06.01 20:51:12 | 23,635,392 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32MRT.exe
[2009.05.26 16:53:58 | 00,000,587 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столЯрлык для 15.exe.lnk
[2009.05.26 02:01:23 | 00,000,680 | —- | M] () — C:Documents and SettingsАдминистраторРабочий столФильтр доменов.lnk
[2009.05.25 19:57:16 | 00,241,664 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32dllcachehttpext.dll