P.S. Важное: эти глюки происходят только под администраторской учёткой. Обычные пользователи работают нормально
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Пользователь at 2009-10-13 16:18:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (36%) free of 40 GB
Total RAM: 1023 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:55, on 13.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAvast4aswUpdSv.exe
C:Program FilesAvast4ashServ.exe
D:Program FilesKeyboard DriverKMWDSrv.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesAvast4ashWebSv.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSExplorer.EXE
C:Program FilesVDOToolTBPanel.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1Avast4ashDisp.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32ctfmon.exe
D:Program FilesPositive TechnologiesStartup MonitorPTstartmon.exe
C:Program Filesglobaxglobax_daemon.exe
C:Program FilesOmicom IP Servicess4ip.exe
C:WINDOWSExplorer.EXE
D:СофтЗащитаRSIT.exe
C:Program FilesTrend MicroHijackThisПользователь.exe
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 127.0.0.1:3128
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost;test1.ru;easygold;venera;ci;oop;masha;sportshop;
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: (no name) — AutorunsDisabled — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: IE Developer Toolbar BHO — {CC7E636D-39AA-49b6-B511-65413DA137A1} — D:Program FilesInternet Explorer Developer ToolbarIEDevToolbar.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [Gainward] C:Program FilesVDOToolTBPanel.exe /A
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exe
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [PTstartmon] d:Program FilesPositive TechnologiesStartup MonitorPTstartmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-21-1606980848-963894560-839522115-1005..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Зарница’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)
O4 — S-1-5-18 Startup: Create virtual drive for Denwer.lnk = d:WebServersdenwerBoot.exe (User ‘SYSTEM’)
O4 — S-1-5-18 Startup: globax.bat (User ‘SYSTEM’)
O4 — S-1-5-18 Startup: Omicom IP Service.lnk = C:Program FilesOmicom IP Servicess4ip.exe (User ‘SYSTEM’)
O4 — .DEFAULT Startup: Create virtual drive for Denwer.lnk = d:WebServersdenwerBoot.exe (User ‘Default user’)
O4 — .DEFAULT Startup: globax.bat (User ‘Default user’)
O4 — .DEFAULT Startup: Omicom IP Service.lnk = C:Program FilesOmicom IP Servicess4ip.exe (User ‘Default user’)
O4 — Startup: Create virtual drive for Denwer.lnk = d:WebServersdenwerBoot.exe
O4 — Startup: globax.bat
O4 — Startup: Omicom IP Service.lnk = C:Program FilesOmicom IP Servicess4ip.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать &все при помощи ReGet Deluxe — C:Program FilesCommon FilesReGet SharedCC_All.htm
O8 — Extra context menu item: Закачать при помощи Re&Get Deluxe — C:Program FilesCommon FilesReGet SharedCC_Link.htm
O9 — Extra button: Быстрая настройка Outpost Firewall Pro — {44627E97-789B-40d4-B5C2-58BD171129A1} — d:Program FilesAgnitumOutpost FirewallPluginsBrowserBarie_bar.dll
O9 — Extra button: IE Developer Toolbar — {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} — D:Program FilesInternet Explorer Developer ToolbarIEDevToolbar.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O20 — Winlogon Notify: mute32 — C:WINDOWSSYSTEM32mute32.dll
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAvast4aswUpdSv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAvast4ashWebSv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Keyboard And Mouse Communication Service (KMWDSERVICE) — UASSOFT.COM — D:Program FilesKeyboard DriverKMWDSrv.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DrWebspidernt.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O24 — Desktop Component AutorunsDisabled: (no name) — (no file)
—
End of file — 8146 bytes
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper ObjectsAutorunsDisabled]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO — D:Program FilesInternet Explorer Developer ToolbarIEDevToolbar.dll [2007-03-01 623992]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-03-01 7700480]
«Gainward»=C:Program FilesVDOToolTBPanel.exe [2007-02-01 2154496]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-03-01 86016]
«avast!»=C:PROGRA~1Avast4ashDisp.exe [2007-12-04 79224]
«Malwarebytes Anti-Malware (reboot)»=C:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2007-03-20 30208]
«PTstartmon»=d:Program FilesPositive TechnologiesStartup MonitorPTstartmon.exe [2004-12-22 898048]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater]
C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe [2007-03-01 2321600]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregautodetect]
C:WINDOWSsystem32SupportAppXLAutoDect.exe [2009-03-16 91648]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBeeline GPRS Explorer]
C:Program FilesBeelineGPRS Explorergprsexpl.exe [2007-01-12 834632]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2007-03-12 153136]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBluetoothAuthenticationAgent]
C:WINDOWSsystem32bthprops.cpl [2004-08-17 110592]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
C:Program FilesMicrosoft ActiveSyncwcescomm.exe []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInCD]
C:Program FilesNero 7InCDInCD.exe [2007-03-12 1055792]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKMCONFIG]
D:Program FilesKeyboard DriverStartAutorun.exe [2008-05-30 212992]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesAheadLibNeroCheck.exe [2007-03-09 153136]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSsystem32NvCpl.dll [2007-03-01 7700480]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSsystem32NvMcTray.dll [2007-03-01 86016]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOM2_Monitor]
C:Program FilesOLYMPUSOLYMPUS Master 2MMonitor.exe [2007-05-28 95800]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOutpostFeedBack]
d:Program FilesAgnitumOutpost Firewallfeedback.exe [2006-02-14 352324]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
C:WINDOWSRTHDCPL.EXE [2007-04-12 16132608]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSecurDisc]
C:Program FilesNero 7InCDNBHGui.exe [2007-03-12 1626160]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpIDerAgent]
C:Program FilesDrWebSpIDerAgent.exe [2008-12-17 697584]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpIDerNT]
C:PROGRA~1DrWebspiderui.exe [2008-12-09 197896]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2008-09-16 1833296]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^WINDOWS^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Ускоренный запуск Adobe Reader.lnk]
C:PROGRA~1AdobeACROBA~1.0ReaderREADER~1.EXE [2005-09-24 29696]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^WINDOWS^Documents and Settings^Пользователь^Главное меню^Программы^Автозагрузка^is-1G1N5.lnk]
C:PROGRA~1VIRUSR~1is-1G1N5startup.exe C:Program FilesVirus Removal Toolis-1G1N5is-1G1N5.exe -gui -bl []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^WINDOWS^Documents and Settings^Пользователь^Главное меню^Программы^Автозагрузка^is-3OL7G.lnk]
C:PROGRA~1VIRUSR~1is-3OL7Gstartup.exe [2008-11-12 65536]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^WINDOWS^Documents and Settings^Пользователь^Главное меню^Программы^Автозагрузка^is-EGDK2.lnk]
C:PROGRA~1VIRUSR~1is-EGDK2startup.exe C:Program FilesVirus Removal Toolis-EGDK2is-EGDK2.exe -gui -bl []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«wuauserv»=2
«InCDsrv»=2
«DrWebEngine»=2
«SPIDERNT»=3
«CSIScanner»=2
«NMIndexingService»=3
«NBService»=3
C:WINDOWSDocuments and SettingsПользовательГлавное менюПрограммыАвтозагрузка
Create virtual drive for Denwer.lnk — d:WebServersdenwerBoot.exe
globax.bat
Omicom IP Service.lnk — C:Program FilesOmicom IP Servicess4ip.exe
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifymute32]
C:WINDOWSsystem32mute32.dll [2007-09-26 34816]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program Filesglobaxglobax_daemon.exe»=»C:Program Filesglobaxglobax_daemon.exe:*:Enabled:GlobaX»
«D:Program FilesQIPqip.exe»=»D:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«D:WebServersusrlocalapachebinhttpd.exe»=»D:WebServersusrlocalapachebinhttpd.exe:*:Enabled:Apache HTTP Server»
«C:Program Filesnpp.4.9.2.binnotepad++.exe»=»C:Program Filesnpp.4.9.2.binnotepad++.exe:*:Enabled:Notepad++ : a free (GNU) source code editor»
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
======List of files/folders created in the last 3 months======
2009-10-13 16:04:37 —-D—- C:rsit
2009-10-01 13:17:34 —-D—- C:Сессии
2009-09-23 11:43:06 —-D—- C:Program Filesxp-AntiSpy
2009-09-22 20:25:19 —-A—- C:WINDOWSfsplugin.ini
2009-09-18 09:55:05 —-A—- C:WINDOWSDFC.INI
2009-09-18 09:41:36 —-D—- C:Program FilesVDOTool
2009-09-17 22:44:03 —-D—- C:Program FilesVirus Removal Tool
2009-09-17 22:02:21 —-D—- C:WINDOWSCSC
2009-09-17 21:00:02 —-A—- C:Program Filessetup_7.0.0.290_17.09.2009_19-30.exe
2009-09-14 14:23:50 —-A—- C:WINDOWSrec.txt
2009-09-12 15:13:38 —-D—- C:Program FilesHeavenWard
2009-09-12 13:10:25 —-D—- C:WINDOWSSxsCaPendDel
2009-09-12 10:18:53 —-D—- C:Program FilesPrevx
2009-09-12 10:08:50 —-D—- C:WINDOWSDocuments and SettingsAll UsersApplication DataPrevxCSI
2009-09-11 20:50:16 —-D—- C:Program FilesCommon FilesAgnitum Shared
2009-09-11 10:16:28 —-D—- C:Program FilesCommon FilesDoctor Web
2009-09-11 10:16:27 —-D—- C:WINDOWSDocuments and SettingsAll UsersApplication DataDoctor Web
2009-09-11 10:16:26 —-D—- C:Program FilesDrWeb
2009-09-11 09:53:28 —-A—- C:WINDOWSlogfile32.txt
2009-09-10 14:13:42 —-A—- C:WINDOWSsystem32MSVCR71.dll
2009-09-10 14:13:42 —-A—- C:WINDOWSsystem32MSVCP71.dll
2009-09-10 13:04:06 —-A—- C:WINDOWSlog32.txt
2009-09-10 09:42:42 —-A—- C:WINDOWSsystem32msvcsv60.dll
2009-09-09 19:10:29 —-A—- C:WINDOWSModemLog_ZTE Proprietary USB Modem.txt
2009-09-09 19:07:54 —-D—- C:WINDOWSsystem32SupportAppXL
2009-09-03 12:12:12 —-HD—- C:WINDOWSPIF
2009-09-01 23:02:42 —-D—- C:WINDOWSDocuments and SettingsПользовательApplication DataKompoZer
2009-08-31 12:51:26 —-D—- C:Program Fileswebmedia
2009-08-28 11:40:13 —-D—- C:Program FilesHaali
2009-08-24 12:03:41 —-AH—- C:WINDOWSakebook.ini
2009-08-24 12:03:41 —-AH—- C:WINDOWSa3kebook.ini
2009-08-24 12:03:41 —-A—- C:WINDOWSANS2000.INI
2009-08-24 11:44:55 —-A—- C:WINDOWSsystem32tsccvid.dll
2009-08-24 11:44:54 —-D—- C:WINDOWSsystem32QuickTime
2009-08-24 11:44:37 —-D—- C:Program FilesCommon FilesTechSmith Shared
2009-08-24 11:44:31 —-D—- C:Program FilesTechSmith
2009-08-18 17:42:01 —-D—- C:WINDOWSDocuments and SettingsПользовательApplication Datacr3
2009-07-19 16:52:28 —-A—- C:WINDOWSsystem32devil.dll
2009-07-19 16:52:28 —-A—- C:WINDOWSsystem32avisynth.dll
2009-07-19 16:52:27 —-D—- C:Program FilesAviSynth 2.5
2009-07-19 16:52:27 —-A—- C:WINDOWSsystem32i420vfw.dll
2009-07-19 16:52:27 —-A—- C:WINDOWSsystem32AVSredirect.dll
2009-07-19 16:52:11 —-RSH—- C:WINDOWSsystem32nbDX.dll
2009-07-19 16:52:11 —-RSH—- C:WINDOWSsystem32msfDX.dll
2009-07-19 16:52:11 —-RSH—- C:WINDOWSsystem32flvDX.dll
======List of files/folders modified in the last 3 months======
2009-10-13 16:18:47 —-D—- C:WINDOWSTemp
2009-10-13 16:00:50 —-D—- C:Program FilesУправление АСТЕР
2009-10-13 15:45:20 —-D—- C:Program FilesMozilla Firefox
2009-10-13 15:41:12 —-A—- C:WINDOWSwincmd.ini
2009-10-13 14:00:37 —-A—- C:WINDOWSwcx_ftp.ini
2009-10-13 13:49:20 —-D—- C:WINDOWSsystem32drivers
2009-10-08 12:48:11 —-D—- C:WINDOWSsystem32CatRoot2
2009-10-08 12:09:31 —-D—- C:Program Filesglobax
2009-10-08 11:31:37 —-D—- C:WINDOWSLhsp
2009-10-08 10:05:43 —-A—- C:WINDOWSNeroDigital.ini
2009-10-05 19:54:09 —-D—- C:WINDOWS
2009-10-04 18:02:31 —-A—- C:WINDOWSsystem.ini
2009-10-04 11:22:46 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-10-01 12:35:39 —-SHD—- C:WINDOWSInstaller
2009-09-26 17:25:33 —-HD—- C:WINDOWSinf
2009-09-25 22:03:40 —-ASH—- C:boot.ini
2009-09-25 17:54:30 —-SHD—- C:System Volume Information
2009-09-25 17:54:30 —-D—- C:WINDOWSsystem32Restore
2009-09-25 17:33:33 —-A—- C:WINDOWSWininit.ini
2009-09-24 11:34:54 —-A—- C:WINDOWSwin.ini
2009-09-24 08:12:55 —-A—- C:WINDOWSODBC.INI
2009-09-23 12:43:22 —-D—- C:Program FilesQIP
2009-09-23 11:49:22 —-A—- C:WINDOWSSchedLgU.Txt
2009-09-23 11:43:06 —-RD—- C:Program Files
2009-09-22 13:54:34 —-D—- C:Program Filestotalcmd
2009-09-22 12:14:27 —-D—- C:WINDOWSsystem32
2009-09-20 10:45:26 —-D—- C:WINDOWSMinidump
2009-09-19 10:48:55 —-D—- C:WINDOWSDocuments and SettingsПользовательApplication DataOpera
2009-09-18 09:53:20 —-D—- C:WINDOWSHelp
2009-09-18 09:53:17 —-D—- C:WINDOWSnview
2009-09-18 09:43:56 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-09-18 09:43:05 —-RSD—- C:WINDOWSassembly
2009-09-18 09:42:00 —-D—- C:WINDOWSsystem32DirectX
2009-09-17 23:59:51 —-D—- C:WINDOWSpss
2009-09-17 23:22:57 —-D—- C:WINDOWSsystem32dllcache
2009-09-17 22:51:00 —-D—- C:WINDOWSRegistration
2009-09-17 22:44:10 —-A—- C:WINDOWSntbtlog.txt
2009-09-16 14:28:30 —-D—- C:Program Filesnpp.4.9.2.bin
2009-09-15 10:58:47 —-SD—- C:WINDOWSDocuments and SettingsПользовательApplication DataMicrosoft
2009-09-15 10:58:39 —-D—- C:Program FilesMicrosoft ActiveSync
2009-09-15 09:49:09 —-D—- C:WINDOWSsystem32CatRoot
2009-09-14 15:45:33 —-D—- C:Program FilesMessenger
2009-09-12 13:10:25 —-D—- C:WINDOWSWinSxS
2009-09-12 13:10:12 —-D—- C:Program FilesCommon Files
2009-09-11 22:09:03 —-SD—- C:WINDOWSTasks
2009-09-11 18:31:35 —-SHD—- C:RECYCLER
2009-09-10 14:13:18 —-D—- C:Program FilesAvast4
2009-09-09 19:09:59 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-09-09 19:07:43 —-HD—- C:Program FilesInstallShield Installation Information
2009-08-31 12:51:27 —-D—- C:WINDOWSsystem
2009-08-26 13:31:48 —-D—- C:Program FilesVstPlugins
2009-08-16 10:41:38 —-A—- C:WINDOWSModemLog_Motorola USB Modem.txt
2009-08-15 22:53:55 —-A—- C:WINDOWSModemLog_PdaNet Modem.txt
2009-08-15 16:00:18 —-D—- C:Program FilesRelease_NET20_2.0
2009-08-12 18:48:54 —-D—- C:Program FilesOpera
2009-08-11 12:18:37 —-D—- C:WINDOWSDocuments and SettingsПользовательApplication DataDeckadance
2009-08-08 10:10:30 —-D—- C:Program Filestnia
2009-08-02 18:45:56 —-D—- C:Program FilesProgDVB
2009-07-31 21:31:14 —-RSD—- C:WINDOWSFonts
2009-07-19 17:37:34 —-D—- C:WINDOWSsystem32NtmsData
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2007-12-04 26624]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2007-12-04 42912]
R1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys [2007-03-12 37040]
R1 incdrm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys [2007-03-12 38576]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R1 SCDEmu;SCDEmu; C:WINDOWSsystem32driversSCDEmu.sys [2005-10-16 27171]
R1 uzmymjk4;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzmymjk4.sys []
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-20 12032]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2007-12-04 94544]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-11-08 62336]
R2 TBPanel;TBPanel; C:WINDOWSsystem32driversTBPanel.sys [2002-07-27 5306]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2007-12-04 23152]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MPEVirtual;Virtual MPE Decoder Adapter Driver; C:WINDOWSsystem32DRIVERSMPEVirtual.sys [2008-02-29 100528]
R3 msloop;Драйвер адаптера Microsoft замыкания на себя; C:WINDOWSsystem32DRIVERSloop.sys [2001-08-17 4992]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-03-01 3994688]
R3 Omicom;%Omicom.DVBSDesc%; C:WINDOWSsystem32driversss4bda.sys [2008-03-12 232576]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2006-09-01 59264]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-04-19 20608]
R3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:WINDOWSsystem32DRIVERSZTEusbmdm6k.sys [2008-11-03 104960]
R3 ZTEusbnmea;ZTE NMEA Port; C:WINDOWSsystem32DRIVERSZTEusbnmea.sys [2008-11-03 104960]
R3 ZTEusbser6k;ZTE Diagnostic Port; C:WINDOWSsystem32DRIVERSZTEusbser6k.sys [2008-11-03 104960]
R4 InCDfs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys [2007-03-12 118064]
S1 RemoveAny;RemoveAny driver; ??C:WINDOWSsystem32Driversremoveany.sys []
S1 VFILT;Outpost Firewall Kernel Driver; ??d:Program FilesAgnitumOutpost FirewallkernelFILTNT.SYS []
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelADBLOCK.DLL []
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelARP.DLL []
S3 BthEnum;Драйвер блока запроса Bluetooth; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-04 17024]
S3 BTHMODEM;Драйвер для устройства связи по последовательному каналу Bluetooth; C:WINDOWSsystem32DRIVERSbthmodem.sys [2004-08-04 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2004-08-03 100992]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2004-08-17 274688]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-04 18944]
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelCONTENT.DLL []
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelDNSCACHE.DLL []
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelFTPFILT.DLL []
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelHTMLFILT.DLL []
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelHTTPFILT.DLL []
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelIMAPFILT.DLL []
S3 KMWDFilter;KMWDFilter; ??C:WINDOWSSystem32DriversKMWDFilter.SYS []
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelMAILFILT.DLL []
S3 massfilter;ZTE Mass Storage Filter Driver; C:WINDOWSsystem32driversmassfilter.sys [2008-11-03 7680]
S3 MPE;BDA MPE фильтр; C:WINDOWSsystem32DRIVERSMPE.sys [2004-08-03 15360]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelNNTPFILT.DLL []
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelPOP3FILT.DLL []
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelPROTECT.DLL []
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-04 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL); ??d:Program FilesAgnitumOutpost FirewallkernelSECRET.DLL []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 SPIDER;SpIDer Guard File System Monitor; ??C:PROGRA~1DrWebspider.sys []
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 SynasUSB;SynasUSB; C:WINDOWSsystem32driversSynasUSB.sys [2007-10-24 23288]
S3 usb_rndisx;USB RNDIS Adapter; C:WINDOWSsystem32DRIVERSusb8023x.sys [2005-10-21 12800]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 motccgp;Motorola USB Composite Device Driver; C:WINDOWSsystem32DRIVERSmotccgp.sys [2007-06-18 17920]
S4 motccgpfl;MotCcgpFlService; C:WINDOWSsystem32DRIVERSmotccgpfl.sys [2007-01-22 7680]
S4 MotDev;Motorola Inc. USB Device; C:WINDOWSsystem32DRIVERSmotodrv.sys [2007-05-07 42112]
S4 motmodem;Motorola USB CDC ACM Driver; C:WINDOWSsystem32DRIVERSmotmodem.sys [2007-06-18 23680]
S4 pnetmdm;PdaNet Modem; C:WINDOWSsystem32DRIVERSpnetmdm.sys [2006-09-28 9472]
S4 Sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-17 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAvast4aswUpdSv.exe [2007-12-04 17272]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAvast4ashServ.exe [2007-12-04 140664]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; D:Program FilesKeyboard DriverKMWDSrv.exe [2008-06-23 208896]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-03-01 159811]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAvast4ashWebSv.exe [2007-12-04 345464]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAvast4ashMaiSv.exe [2007-12-04 247160]
S3 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-12-31 14336]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-06-27 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-09-08 36864]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-09-11 741376]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; D:SonyPlug-insMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 SPIDERNT;SpIDer Guard for Windows; C:PROGRA~1DrWebspidernt.exe [2008-12-09 197896]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; D:SonyPlug-insMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-12-31 14336]
S4 CSIScanner;CSIScanner; C:Program FilesPrevxprevx.exe [2009-09-12 4368952]
S4 DrWebEngine;Dr.Web ® Scanning Engine (DrWebEngine); C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe [2008-12-15 869688]
S4 HttpAnalyzerV3 DllInjectService;HttpAnalyzerV3 CodeHook service; d:Program FilesIEInspectorHTTPAnalyzerStdV3InjectWinSockServiceV3.exe [2009-06-02 532480]
S4 InCDsrv;InCD Helper; C:Program FilesNero 7InCDInCDsrv.exe [2007-03-12 931376]
S4 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe [2006-10-26 335872]
S4 NBService;NBService; C:Program FilesNero 7Nero BackItUpNBService.exe [2007-01-15 774144]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-09-11 122880]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-03-12 271920]
S4 OutpostFirewall;Outpost Firewall Service; d:Program FilesAgnitumOutpost Firewalloutpost.exe [2006-02-13 91648]
EOF
