• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало › Не включю комп аля иди гуляй
Adguard
 

Не включю комп аля иди гуляй

Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › Не включю комп аля иди гуляй

  • This topic has 22 ответа, 2 участника, and was last updated 15 years, 11 months назад by Admin.
Просмотр 15 сообщений - с 1 по 15 (из 23 всего)
1 2 →
  • Автор
    Сообщения
  • 21 августа, 2009 в 8:10 пп #17021
    Dic
    Participant
    • Темы:2
    • Сообщений:17
    • ☆

    Привет всем обитателям данного форума. Вот какая у меня проблема.
    Рассказываю всё и по порядку.
    Купил комп года полтора назад. Знакомый установил винду, и поставил сразу-же NOD32 говорит мол хороший, всё ловит. Я то обрадовался.
    По началу было всё хорошо. Потом как-то комп стал подписать, тормозить. Далее, как включаю комп (жму кнопку на комп. блоке) появляется чёрный экран и надпись Biostar. (Это моя матка.) Эта надпись стояла как когда, иногда пару минут, иногда час, иногда могла сутки простоять, и нечего не менялось.
    Поспрашивал на разных форумах, у знакомых. Сказали мол вирусы. А я им, говорю так антивирус не одного вируса не показывал, что есть. Они переустанови антивирус.
    Я удалил NOD32, и поставил Avast! бесплатный. Нашёл он порядка 100 вирусов. Удалил все.
    Компьютер стал быстрее. Но всё равно остались всякие заморочки. И в том числе, чёрный экран при загрузке. Сейчас стабильно он стоит минуты 3-4 каждый раз. Подскажите что делать!? Как от этого избавиться?

    Log.txt:
    Logfile of random’s system information tool 1.06 (written by random/random)
    Run by Artem0305 at 2009-08-21 23:01:09
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 85 GB (85%) free of 100 GB
    Total RAM: 2046 MB (68% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:01:10, on 21.08.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32nvsvc32.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSsystem32svchost.exe
    C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
    C:Program FilesAlwil SoftwareAvast4ashServ.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
    C:Program FilesBonjourmDNSResponder.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32PnkBstrA.exe
    C:WINDOWSsystem32svchost.exe
    C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
    C:PROGRA~1ALWILS~1Avast4ashDisp.exe
    C:Program FilesWebMoney Agentwmagent.exe
    C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
    E:AplicationsDAEMON Tools Litedaemon.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesTechSmithSnagIt 8SnagIt32.exe
    C:Program FilesTechSmithSnagIt 8TSCHelp.exe
    C:Program FilesTechSmithSnagIt 8SnagPriv.exe
    C:Program FilesAuslogicsAuslogics BoostSpeedboostspeed.exe
    C:WINDOWSsystem32msiexec.exe
    C:Program FilesMozilla Firefoxfirefox.exe
    c:program fileswebmoneywebmoney.exe
    C:Documents and SettingsArtem0305DesktopRSIT.exe
    C:Program Filestrend microArtem0305.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ru/
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
    R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
    R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = socks=127.0.0.1:7070
    R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
    R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Documents and SettingsArtem0305Application DataMail.RuAgentMradllnewmrasearch.dll
    O1 — Hosts: 217.20.175.4 l2rx
    O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
    O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
    O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
    O4 — HKCU..Run: [DAEMON Tools Lite] «E:AplicationsDAEMON Tools Litedaemon.exe» -autorun
    O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
    O4 — HKCU..Run: [MAgent] C:Documents and SettingsArtem0305Application DataMail.RuAgentMAgent.exe -CU
    O4 — HKCU..Run: [Auslogics BoostSpeed] C:Program FilesAuslogicsAuslogics BoostSpeedboostspeed.exe
    O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O4 — Global Startup: SnagIt 8.lnk = C:Program FilesTechSmithSnagIt 8SnagIt32.exe
    O8 — Extra context menu item: E&xport to Microsoft Office Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
    O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
    O9 — Extra button: (no name) — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — (no file)
    O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:AplicationsICQICQ6.5ICQ.exe
    O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:AplicationsICQICQ6.5ICQ.exe
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
    O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Documents and SettingsArtem0305Application DataMail.RuAgentmagent.exe (HKCU)
    O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Documents and SettingsArtem0305Application DataMail.RuAgentmagent.exe (HKCU)
    O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
    O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
    O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
    O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
    O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
    O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
    O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
    O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
    O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
    O23 — Service: nProtect GameGuard Service (npggsvc) — Unknown owner — C:WINDOWSsystem32GameMon.des.exe (file missing)
    O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
    O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe

    —
    End of file — 7284 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAppleSoftwareUpdate.job
    C:WINDOWStasksUser_Feed_Synchronization-{0C7B3E41-E059-406A-9DBF-C2DD79B2C774}.job
    C:WINDOWStasksWGASetup.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-08-17 81000]
    «wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2008-10-01 209376]
    «NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2009-05-01 13750272]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «DAEMON Tools Lite»=E:AplicationsDAEMON Tools Litedaemon.exe [2008-08-08 490952]
    «ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
    «Skype»=C:Program FilesSkypePhoneSkype.exe [2009-04-16 24264488]
    «MAgent»=C:Documents and SettingsArtem0305Application DataMail.RuAgentMAgent.exe [2009-08-08 7975608]
    «Auslogics BoostSpeed»=C:Program FilesAuslogicsAuslogics BoostSpeedboostspeed.exe [2009-08-04 475760]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregavast!]
    C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-08-17 81000]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
    C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    []

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Artem0305^Start Menu^Programs^Startup^Create virtual drive for Denwer.lnk]
    []

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Artem0305^Start Menu^Programs^Startup^NOD32 Control Center.lnk]
    []

    C:Documents and SettingsAll UsersStart MenuProgramsStartup
    SnagIt 8.lnk — C:Program FilesTechSmithSnagIt 8SnagIt32.exe

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
    «AppInit_DLLS»=»wbsys.dll»

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWBSrv]
    C:Program FilesStardockObject DesktopWindowBlindswbsrv.dll [2008-09-17 210168]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=145

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «HonorAutoRunSetting»=

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
    «C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
    «C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
    «C:WINDOWSsystem32dxdiag.exe»=»C:WINDOWSsystem32dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool»
    «C:Program FilesRevConnectDCPlusPlus.exe»=»C:Program FilesRevConnectDCPlusPlus.exe:*:Enabled:DC++»
    «E:AplicationsICQICQ6.5ICQ.exe»=»E:AplicationsICQICQ6.5ICQ.exe:*:Enabled:ICQ6»
    «C:Program FilesMAIETGunzGunzLauncher.exe»=»C:Program FilesMAIETGunzGunzLauncher.exe:*:Enabled:GunzLauncher»
    «C:Program FilesWebMoneyWebMoney.exe»=»C:Program FilesWebMoneyWebMoney.exe:*:Enabled:WebMoney Keeper Classic Runner Module»
    «C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
    «C:Program FilesMozilla Firefoxfirefox.exe»=»C:Program FilesMozilla Firefoxfirefox.exe:*:Enabled:Firefox»
    «C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
    «C:Program FilesITTerritoryDragonsDWarC2.exe»=»C:Program FilesITTerritoryDragonsDWarC2.exe:*:Enabled:Легенда: Наследие Драконов»
    «C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

    [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4fc21fba-21eb-11dd-b1db-95f920bc1272}]
    shellAutoRuncommand — F:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013isi32.exe
    shellopencommand — F:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013isi32.exe

    ======File associations======

    .js — edit — «C:Program FilesMacromediaDreamweaver 8dreamweaver.exe» «%1»

    ======List of files/folders created in the last 3 months======

    2009-08-21 23:00:44 —-D—- C:Program Filestrend micro
    2009-08-21 23:00:43 —-D—- C:rsit
    2009-08-21 22:41:06 —-SHD—- C:Config.Msi
    2009-08-21 22:26:33 —-D—- C:Documents and SettingsArtem0305Application DataUniblue
    2009-08-21 22:25:51 —-HDC—- C:Documents and SettingsAll UsersApplication Data~0
    2009-08-21 22:08:07 —-A—- C:WINDOWSsystem32rdboot32.exe
    2009-08-21 21:26:17 —-D—- C:Documents and SettingsArtem0305Application DataAuslogics
    2009-08-21 21:25:14 —-D—- C:Program FilesAuslogics
    2009-08-21 20:45:07 —-D—- C:Program FilesTrojan Remover
    2009-08-20 16:30:25 —-D—- C:Мусор
    2009-08-20 16:29:03 —-A—- C:WINDOWSusdthank.ini
    2009-08-20 16:29:03 —-A—- C:WINDOWSidc.ini
    2009-08-19 16:25:29 —-A—- C:WINDOWSgame.ini
    2009-08-18 18:08:45 —-D—- C:Program FileseBook Edit Pro
    2009-08-18 14:23:56 —-A—- C:WINDOWSLogonStudio.ini
    2009-08-18 14:23:50 —-A—- C:WINDOWSsystem32JPGUtils.dll
    2009-08-18 14:23:49 —-D—- C:Program FilesWinCustomize
    2009-08-18 14:23:49 —-D—- C:Program FilesCommon FilesStardock
    2009-08-18 12:14:24 —-HDC—- C:Documents and SettingsAll UsersApplication Data{CCD0104E-95C0-4C73-A3E3-42C3D2072E43}
    2009-08-17 23:29:13 —-D—- C:Program FilesYandex
    2009-08-17 23:29:13 —-D—- C:Documents and SettingsAll UsersApplication DataYandex
    2009-08-17 19:44:30 —-A—- C:WINDOWSWB.ini
    2009-08-17 18:45:07 —-N—- C:WINDOWSsystem32wbsys.dll
    2009-08-17 18:45:07 —-D—- C:Program FilesStardock
    2009-08-15 10:52:46 —-HDC—- C:WINDOWS$NtUninstallKB961118$
    2009-08-14 18:04:15 —-D—- C:WINDOWSsystem32XPSViewer
    2009-08-14 18:04:12 —-D—- C:Program FilesMSBuild
    2009-08-14 18:04:05 —-D—- C:Program FilesReference Assemblies
    2009-08-13 21:10:25 —-D—- C:Program FilesBorland
    2009-08-13 21:10:23 —-A—- C:Program Files_ISREG32.DLL
    2009-08-13 21:10:22 —-D—- C:Program FilesCommon FilesBorland Shared
    2009-08-13 21:10:17 —-A—- C:WINDOWSuninst.exe
    2009-08-12 21:45:29 —-D—- C:Documents and SettingsArtem0305Application Datawmmail
    2009-08-12 16:29:40 —-HDC—- C:WINDOWS$NtUninstallKB960859$
    2009-08-12 16:29:36 —-HDC—- C:WINDOWS$NtUninstallKB971657$
    2009-08-12 16:29:31 —-HDC—- C:WINDOWS$NtUninstallKB971557$
    2009-08-12 16:29:27 —-HDC—- C:WINDOWS$NtUninstallKB956744$
    2009-08-12 16:29:23 —-HDC—- C:WINDOWS$NtUninstallKB973869$
    2009-08-12 16:29:19 —-HDC—- C:WINDOWS$NtUninstallKB973507$
    2009-08-12 16:29:14 —-HDC—- C:WINDOWS$NtUninstallKB973354$
    2009-08-12 16:29:08 —-HDC—- C:WINDOWS$NtUninstallKB973540_WM9$
    2009-08-12 16:29:04 —-A—- C:WINDOWSsystem32MRT.INI
    2009-08-12 16:28:04 —-HDC—- C:WINDOWS$NtUninstallKB973815$
    2009-08-10 19:30:20 —-D—- C:Documents and SettingsAll UsersApplication DataMacromedia
    2009-08-10 19:30:03 —-D—- C:Program FilesMacromedia
    2009-08-10 19:30:03 —-D—- C:Program FilesCommon FilesMacromedia
    2009-08-10 18:38:23 —-D—- C:totalcmd
    2009-08-10 18:38:23 —-A—- C:WINDOWSwincmd.ini
    2009-08-10 14:00:03 —-D—- C:Program FilesiPod
    2009-08-10 14:00:01 —-D—- C:Program FilesiTunes
    2009-08-08 18:13:09 —-D—- C:Documents and SettingsArtem0305Application Dataru.rambler.Communicator.13CE42EE296FC74C5214B9FD66640D35FA8DCE65.1
    2009-08-08 18:13:04 —-D—- C:Program FilesCommon FilesAdobe AIR
    2009-08-08 16:41:14 —-D—- C:Documents and SettingsArtem0305Application DataMra
    2009-08-08 16:41:14 —-D—- C:Documents and SettingsArtem0305Application DataMail.Ru
    2009-08-08 16:41:02 —-D—- C:Program FilesMail.Ru
    2009-08-04 17:38:23 —-D—- C:Documents and SettingsArtem0305Application DataWinamp
    2009-08-04 17:32:59 —-D—- C:Program FilesCCleaner
    2009-08-03 20:36:26 —-D—- C:Documents and SettingsArtem0305Application DataITTerritory
    2009-08-03 19:26:43 —-D—- C:Program FilesITTerritory
    2009-07-21 16:39:07 —-HDC—- C:WINDOWS$NtUninstallKB973346$
    2009-07-21 16:39:03 —-HDC—- C:WINDOWS$NtUninstallKB971633$
    2009-07-21 16:38:05 —-HDC—- C:WINDOWS$NtUninstallKB961371$
    2009-07-12 13:09:40 —-D—- C:Documents and SettingsAll UsersApplication DataAgnitum
    2009-06-25 14:38:51 —-D—- C:Program FilesAIDA32 — Enterprise System Information
    2009-06-24 11:22:28 —-D—- C:WINDOWSie8updates
    2009-06-24 11:20:08 —-HDC—- C:WINDOWSie8
    2009-06-20 23:09:21 —-D—- C:Program FilesSiteMap Generator
    2009-06-05 19:53:13 —-D—- C:Program FilesCommon FilesSWiSHzone.com
    2009-06-04 11:38:22 —-A—- C:WINDOWSSpeederXP.INI
    2009-06-04 11:37:28 —-D—- C:Program FilesSpeederXP
    2009-05-24 12:39:07 —-A—- C:memory.txt
    2009-05-24 12:22:05 —-D—- C:Documents and SettingsAll UsersApplication DataTrymedia
    2009-05-24 12:20:03 —-D—- C:Program FilesCrashday
    2009-05-23 16:56:09 —-D—- C:Program FilesWebLogAnalyzer

    ======List of files/folders modified in the last 3 months======

    2009-08-21 23:00:56 —-D—- C:WINDOWSPrefetch
    2009-08-21 23:00:44 —-RD—- C:Program Files
    2009-08-21 22:56:11 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
    2009-08-21 22:54:55 —-SHD—- C:WINDOWSInstaller
    2009-08-21 22:54:55 —-D—- C:WINDOWSTemp
    2009-08-21 22:54:41 —-D—- C:WINDOWSsystem32
    2009-08-21 22:48:04 —-D—- C:Documents and SettingsArtem0305Application DataWebMoney
    2009-08-21 22:43:59 —-D—- C:Program FilesMozilla Firefox
    2009-08-21 22:43:08 —-D—- C:WINDOWSsystem32drivers
    2009-08-21 22:38:14 —-D—- C:WINDOWS
    2009-08-21 22:37:59 —-D—- C:WINDOWSsystem32CatRoot2
    2009-08-21 22:32:46 —-SHD—- C:System Volume Information
    2009-08-21 22:32:46 —-D—- C:WINDOWSsystem32Restore
    2009-08-21 22:30:14 —-D—- C:Documents and SettingsArtem0305Application DatauTorrent
    2009-08-21 22:30:13 —-D—- C:Documents and SettingsArtem0305Application DataMedia Player Classic
    2009-08-21 22:30:12 —-D—- C:WINDOWSsystem32config
    2009-08-21 22:21:37 —-D—- C:Documents and SettingsArtem0305Application DataSkype
    2009-08-21 21:30:09 —-D—- C:WINDOWSDebug
    2009-08-21 21:30:08 —-D—- C:WINDOWSsystem32LogFiles
    2009-08-21 20:48:18 —-A—- C:WINDOWSSchedLgU.Txt
    2009-08-20 18:03:10 —-A—- C:WINDOWSsystem32PnkBstrB.exe
    2009-08-19 18:48:56 —-A—- C:WINDOWSsystem32PnkBstrA.exe
    2009-08-19 16:33:24 —-HD—- C:Program FilesInstallShield Installation Information
    2009-08-19 16:26:46 —-D—- C:WINDOWSsystem32DirectX
    2009-08-19 16:26:45 —-HD—- C:WINDOWSinf
    2009-08-19 16:26:38 —-RSD—- C:WINDOWSassembly
    2009-08-18 17:22:06 —-D—- C:Program FilesBonjour
    2009-08-18 17:21:33 —-D—- C:Documents and SettingsArtem0305Application DataYandex
    2009-08-18 14:24:57 —-A—- C:WINDOWSsystem32logonuiX.exe
    2009-08-18 14:23:49 —-D—- C:Program FilesCommon Files
    2009-08-18 09:33:04 —-D—- C:Documents and SettingsArtem0305Application DataFileZilla
    2009-08-17 19:10:20 —-A—- C:WINDOWSsystem32aswBoot.exe
    2009-08-17 18:46:52 —-A—- C:WINDOWSwin.ini
    2009-08-15 10:52:56 —-D—- C:WINDOWSsystem32CatRoot
    2009-08-15 10:52:51 —-RSHDC—- C:WINDOWSsystem32dllcache
    2009-08-14 18:17:04 —-D—- C:WINDOWSMicrosoft.NET
    2009-08-14 18:07:05 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
    2009-08-14 18:06:51 —-D—- C:WINDOWSWinSxS
    2009-08-14 18:04:11 —-D—- C:WINDOWSsystem32en-US
    2009-08-14 18:04:10 —-RSD—- C:WINDOWSFonts
    2009-08-14 18:01:50 —-D—- C:Program FilesInternet Explorer
    2009-08-12 16:29:26 —-HD—- C:WINDOWS$hf_mig$
    2009-08-12 16:29:16 —-D—- C:Program FilesOutlook Express
    2009-08-10 19:33:47 —-D—- C:Documents and SettingsArtem0305Application DataMacromedia
    2009-08-10 19:31:26 —-A—- C:WINDOWSsystem32BASSMOD.dll
    2009-08-10 19:29:30 —-D—- C:WINDOWSDownloaded Installations
    2009-08-10 18:34:01 —-D—- C:Program Files7-Zip
    2009-08-10 12:32:50 —-SHD—- C:RECYCLER
    2009-08-08 20:45:45 —-D—- C:Program FilesRevConnect
    2009-08-07 21:47:54 —-D—- C:WINDOWSsystem32NtmsData
    2009-08-07 21:47:54 —-D—- C:WINDOWSsystem32MsDtc
    2009-08-07 21:47:53 —-SD—- C:WINDOWSDownloaded Program Files
    2009-08-07 21:47:53 —-D—- C:WINDOWSrepair
    2009-08-07 21:47:53 —-D—- C:WINDOWSLogs
    2009-08-07 21:47:50 —-D—- C:Program FilesWinRAR
    2009-08-07 21:47:02 —-D—- C:Program FilesNotepad++
    2009-08-07 21:47:01 —-D—- C:Documents and SettingsArtem0305Application DataTeamViewer
    2009-08-07 21:47:01 —-D—- C:Documents and SettingsArtem0305Application DataNero
    2009-08-07 21:47:00 —-D—- C:Documents and SettingsArtem0305Application DataHideIP
    2009-08-07 21:47:00 —-D—- C:Documents and SettingsAll UsersApplication DataWLInstaller
    2009-08-05 12:01:48 —-A—- C:WINDOWSsystem32mswebdvd.dll
    2009-08-04 17:40:27 —-D—- C:Program FilesWinamp
    2009-08-04 17:30:41 —-D—- C:Program FilesOpera
    2009-08-04 08:50:29 —-A—- C:WINDOWSsystem32settings_ab.ini
    2009-07-30 03:49:14 —-A—- C:WINDOWSsystem32MRT.exe
    2009-07-24 12:48:30 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
    2009-07-19 18:48:58 —-A—- C:WINDOWSsystem32ieframe.dll
    2009-07-19 16:18:59 —-A—- C:WINDOWSsystem32mshtml.dll
    2009-07-18 21:23:39 —-A—- C:WINDOWSNeroDigital.ini
    2009-07-17 22:01:06 —-A—- C:WINDOWSsystem32atl.dll
    2009-07-12 12:21:50 —-A—- C:WINDOWSsystem32wmpdxm.dll
    2009-07-12 12:21:50 —-A—- C:WINDOWSsystem32wmp.dll
    2009-07-03 20:09:28 —-A—- C:WINDOWSsystem32wininet.dll
    2009-07-03 20:09:27 —-A—- C:WINDOWSsystem32urlmon.dll
    2009-07-03 20:09:27 —-A—- C:WINDOWSsystem32occache.dll
    2009-07-03 20:09:25 —-A—- C:WINDOWSsystem32msfeedsbs.dll
    2009-07-03 20:09:25 —-A—- C:WINDOWSsystem32msfeeds.dll
    2009-07-03 20:09:24 —-N—- C:WINDOWSsystem32jsproxy.dll
    2009-07-03 20:09:24 —-A—- C:WINDOWSsystem32iertutil.dll
    2009-07-03 20:09:23 —-A—- C:WINDOWSsystem32iepeers.dll
    2009-07-03 20:09:21 —-N—- C:WINDOWSsystem32iedkcs32.dll
    2009-07-03 14:01:06 —-N—- C:WINDOWSsystem32ie4uinit.exe
    2009-06-24 17:45:04 —-D—- C:WINDOWSMedia
    2009-06-24 17:45:04 —-D—- C:WINDOWSHelp
    2009-06-23 11:30:18 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
    2009-06-19 15:55:01 —-D—- C:Documents and SettingsArtem0305Application DataAdobe
    2009-06-19 15:54:31 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
    2009-06-19 15:54:15 —-D—- C:Program FilesCommon FilesAdobe
    2009-06-19 15:54:01 —-D—- C:Program FilesAdobe
    2009-06-18 16:43:47 —-A—- C:WINDOWSsystem.ini
    2009-06-18 16:37:12 —-D—- C:WINDOWSMinidump
    2009-06-17 20:25:02 —-D—- C:Documents and SettingsAll UsersApplication DataApple
    2009-06-17 20:25:00 —-DC—- C:WINDOWSsystem32DRVSTORE
    2009-06-17 20:24:57 —-D—- C:WINDOWSsystem32ReinstallBackups
    2009-06-16 17:36:30 —-A—- C:WINDOWSsystem32t2embed.dll
    2009-06-16 17:36:30 —-A—- C:WINDOWSsystem32fontsub.dll
    2009-06-12 15:31:40 —-A—- C:WINDOWSsystem32tlntsess.exe
    2009-06-12 15:31:39 —-A—- C:WINDOWSsystem32telnet.exe
    2009-06-11 21:39:13 —-D—- C:WINDOWSie7updates
    2009-06-10 17:13:29 —-A—- C:WINDOWSsystem32avifil32.dll
    2009-06-10 09:19:38 —-A—- C:WINDOWSsystem32mstscax.dll
    2009-06-10 09:14:49 —-A—- C:WINDOWSsystem32wkssvc.dll
    2009-06-05 20:06:00 —-D—- C:Program FilesCommon FilesWise Installation Wizard
    2009-06-05 19:59:23 —-D—- C:Program FilesSystemRequirementsLab
    2009-06-05 19:59:11 —-D—- C:Documents and SettingsArtem0305Application DataSystemRequirementsLab
    2009-06-05 11:42:38 —-A—- C:WINDOWSsystem32usbaaplrc.dll
    2009-06-03 22:09:37 —-A—- C:WINDOWSsystem32quartz.dll
    2009-05-24 15:30:57 —-D—- C:Program FilesCommon FilesNero
    2009-05-24 15:30:57 —-D—- C:Documents and SettingsAll UsersApplication DataNero
    2009-05-24 15:21:58 —-D—- C:Program FilesNero
    2009-05-24 15:21:22 —-A—- C:WINDOWSIrremote.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-08-17 26944]
    R1 Amfilter;A4Tech Mouse Filter Driver; C:WINDOWSsystem32DRIVERSAmfilter.sys [2006-12-16 8704]
    R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-08-17 114768]
    R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-08-17 51376]
    R1 BIOS;BIOS; ??C:WINDOWSsystem32driversBIOS.sys []
    R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 36352]
    R1 oreans32;oreans32; ??C:WINDOWSsystem32driversoreans32.sys []
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2003-03-31 12032]
    R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-08-17 20560]
    R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-08-17 94160]
    R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:WINDOWSsystem32DRIVERSAmusbprt.sys [2006-12-16 13824]
    R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-08-17 23152]
    R3 FStarForce;FStarForce; C:WINDOWSsystem32DRIVERSFStarForce.sys [2008-10-16 7680]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSsystem32DRIVERSGEARAspiWDM.sys [2009-03-19 23400]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2008-11-11 4946944]
    R3 MouseCap;MouseCapture Driver; C:WINDOWSSystem32DriversMouseCap.sys [2005-08-08 6640]
    R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-04-30 8055584]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-08-07 111360]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
    R4 sr;System Restore Filter Driver; C:WINDOWSsystem32DRIVERSsr.sys [2008-04-14 73472]
    S2 adfs;adfs; C:WINDOWSsystem32driversadfs.sys []
    S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:WINDOWSsystem32DRIVERSAmps2prt.sys [2006-05-09 13824]
    S3 av31xmzc;av31xmzc; C:WINDOWSsystem32driversav31xmzc.sys []
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2006-12-06 49920]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2006-12-06 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2006-12-06 21568]
    S3 irsir;Microsoft Serial Infrared Driver; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-17 18688]
    S3 Moufiltr;Mouse Test Driver; C:WINDOWSsystem32DRIVERSMoufiltr.sys [2005-08-06 9661]
    S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
    S3 npkcrypt;npkcrypt; C:WINDOWSsystem32driversnpkcrypt.sys []
    S3 Rasirda;WAN Miniport (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
    S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2009-06-05 39424]
    S3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-14 60032]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
    S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
    S3 WINIO;WINIO; C:WINDOWSsystem32driversWINIO.sys []
    S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-06-05 144712]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-08-17 18752]
    R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-08-17 138680]
    R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-12-12 238888]
    R2 hpqddsvc;Служба HP CUE DeviceDiscovery; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
    R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2009-05-01 168004]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
    R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-08-19 66872]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-08-17 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-08-17 352920]
    R3 hpqcxs08;hpqcxs08; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
    S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-03-30 72704]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-04-03 654848]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
    S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
    S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2009-07-13 542496]
    S3 npggsvc;nProtect GameGuard Service; C:WINDOWSsystem32GameMon.des [2009-02-17 2741114]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-04-16 91184]
    S3 usprserv;User Privilege Service; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
    S3 WLSetupSvc;Windows Live Setup Service; C:Program FilesWindows LiveinstallerWLSetupSvc.exe [2007-10-25 266240]
    S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]

    EOF

    Info.txt:
    info.txt logfile of random’s system information tool 1.06 2009-08-21 23:00:57

    ======Uninstall list======

    —>MsiExec /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}
    —>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
    32 Bit HP CIO Components Installer—>MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    7-Zip 4.65—>»C:Program Files7-ZipUninstall.exe»
    Adobe AIR—>C:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
    Adobe AIR—>MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge 1.0—>MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Bridge CS4—>MsiExec.exe /I{0F99EAFA-4054-4ABC-A3D3-D2299210572F}
    Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Common File Installer—>MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
    Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
    Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
    Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Center 1.0—>MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS2—>msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Photoshop CS4—>C:Program FilesCommon FilesAdobeInstallersb741c3c52d3108664cedeb2b76f6d96Setup.exe
    Adobe Photoshop CS4—>MsiExec.exe /I{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}
    Adobe Reader 9.1.3—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
    Adobe Setup—>MsiExec.exe /I{A1C9D1DA-7803-4586-B509-450009938312}
    Adobe Stock Photos 1.0—>MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Apple Mobile Device Support—>MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
    Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Auslogics BoostSpeed—>»C:Program FilesAuslogicsAuslogics BoostSpeedunins000.exe»
    AV Bros. Page Curl Pro 2.1 (Remove Only)—>E:AplicationsPhotoshopCS4Adobe Photoshop CS4Plug-InsAV Bros Page Curl Pro 2.1AVUninstall2.exe
    avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
    Borland Database Engine—>C:WINDOWSuninst.exe -f»C:Program FilesDeIsL1.isu» -c»C:Program Files_ISREG32.DLL»
    Call of Duty(R) 4 — Modern Warfare(TM) 1.4 Patch—>C:Program FilesInstallShield Installation Information{3BD633E0-4BF8-4499-9149-88F0767D449C}setup.exe -runfromtemp -l0x0409
    CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
    eBook Edit Pro v3.21—>»C:Program FileseBook Edit Prounins000.exe»
    HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
    Hotfix for Windows Internet Explorer 7 (KB947864)—>»C:WINDOWSie7updatesKB947864-IE7spuninstspuninst.exe»
    Hotfix for Windows XP (KB961118)—>»C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe»
    HP Customer Participation Program 8.0—>E:AplicationsHPDigital ImagingExtCapUninstallhpzscr01.exe -datfile hpqhsc01.dat
    HP Deskjet All-In-One Software 8.0—>E:AplicationsHPDigital Imaging{24557DC0-0839-496f-82F9-C4EB72EFE4FA}setuphpzscr01.exe -datfile hposcr12.dat
    HP Imaging Device Functions 8.0—>E:AplicationsHPDigital ImagingDeviceManagementhpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart Essential—>MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
    HP Solution Center 8.0—>E:AplicationsHPDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat
    HP Update—>MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
    HPSSupply—>MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
    ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
    iTunes—>MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
    Java(TM) 6 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
    Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    K-Lite Codec Pack 4.4.5 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
    Macromedia Dreamweaver 8—>MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
    Macromedia Extension Manager—>MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp»
    Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
    Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
    Microsoft Office Professional Edition 2003—>MsiExec.exe /I{20110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
    Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual C++ 2008 ATL Update kb973924 — x86 9.0.30729.4148—>MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729—>MsiExec.exe /X{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}
    Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
    Mozilla Firefox (3.5.2)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
    MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Notepad++—>C:Program FilesNotepad++uninstall.exe
    NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
    NVIDIA PhysX—>MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
    PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    Photoshop Camera Raw—>MsiExec.exe /I{C4418DF9-5B57-4C5D-ACC2-D6B1338CCE09}
    REALTEK GbE & FE Ethernet PCI-E NIC Driver—>C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}setup.exe -runfromtemp -l0x0019 -removeonly
    Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
    RevConnect—>»C:Program FilesRevConnectuninstall.exe»
    Security Update for Windows Internet Explorer 7 (KB938127)—>»C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
    Security Update for Windows Internet Explorer 7 (KB944533)—>»C:WINDOWSie7updatesKB944533-IE7spuninstspuninst.exe»
    Security Update for Windows Internet Explorer 7 (KB950759)—>»C:WINDOWSie7updatesKB950759-IE7spuninstspuninst.exe»
    Security Update for Windows Internet Explorer 7 (KB953838)—>»C:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe»
    Security Update for Windows Internet Explorer 7 (KB956390)—>»C:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe»
    Security Update for Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
    Security Update for Windows Internet Explorer 7 (KB960714)—>»C:WINDOWSie7updatesKB960714-IE7spuninstspuninst.exe»
    Security Update for Windows Internet Explorer 7 (KB961260)—>»C:WINDOWSie7updatesKB961260-IE7spuninstspuninst.exe»
    Security Update for Windows Internet Explorer 7 (KB963027)—>»C:WINDOWSie7updatesKB963027-IE7spuninstspuninst.exe»
    Security Update for Windows Internet Explorer 7 (KB969897)—>»C:WINDOWSie7updatesKB969897-IE7spuninstspuninst.exe»
    Security Update for Windows Internet Explorer 8 (KB969897)—>»C:WINDOWSie8updatesKB969897-IE8spuninstspuninst.exe»
    Security Update for Windows Internet Explorer 8 (KB972260)—>»C:WINDOWSie8updatesKB972260-IE8spuninstspuninst.exe»
    Security Update for Windows Media Player (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9$spuninstspuninst.exe»
    Security Update for Windows XP (KB956744)—>»C:WINDOWS$NtUninstallKB956744$spuninstspuninst.exe»
    Security Update for Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
    Security Update for Windows XP (KB961371)—>»C:WINDOWS$NtUninstallKB961371$spuninstspuninst.exe»
    Security Update for Windows XP (KB971557)—>»C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe»
    Security Update for Windows XP (KB971633)—>»C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe»
    Security Update for Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
    Security Update for Windows XP (KB973346)—>»C:WINDOWS$NtUninstallKB973346$spuninstspuninst.exe»
    Security Update for Windows XP (KB973354)—>»C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe»
    Security Update for Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
    Security Update for Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
    SkinStudio—>»C:Documents and SettingsAll UsersApplication Data{CCD0104E-95C0-4C73-A3E3-42C3D2072E43}SkinStudio.exe» REMOVE=TRUE MODIFY=FALSE
    SkinStudio—>C:Documents and SettingsAll UsersApplication Data{CCD0104E-95C0-4C73-A3E3-42C3D2072E43}SkinStudio.exe
    Skype™ 4.0—>MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    Smart-X7 7.80—>C:Program FilesA4TechMouseUninst32.exe
    SnagIt 8—>MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
    System Requirements Lab—>C:Program FilesSystemRequirementsLabUninstall.exe
    TeamViewer 3—>C:Program FilesTeamViewer3uninstall.exe
    Update for Windows Internet Explorer 8 (KB971930)—>»C:WINDOWSie8updatesKB971930-IE8spuninstspuninst.exe»
    Update for Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
    WebMoney Agent—>C:Program FilesWebMoney Agentuninst_wmagent.exe
    WebMoney Keeper Classic 3.7.0.1—>»C:Program FilesWebMoneyUninstall.exe» «C:Program FilesWebMoneyinstall.log» -u
    Winamp—>»C:Program FilesWinampUninstWA.exe»
    WindowBlinds—>C:PROGRA~1StardockOBJECT~1WINDOW~1UNWISE.EXE C:PROGRA~1StardockOBJECT~1WINDOW~1INSTALL.LOG
    Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
    Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
    Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
    Zuma Deluxe 1.0—>C:Program FilesPopCap GamesZuma DeluxePopUninstall.exe «C:Program FilesPopCap GamesZuma DeluxeInstall.log»
    Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
    Легенда — Наследие Драконов (без графики, с плагинами), Версия —>»C:Program FilesITTerritoryDragonsunins000.exe»

    ======Hosts File======

    217.20.175.4 l2rx

    ======Security center information======

    AV: avast! antivirus 4.8.1351 [VPS 090820-0]

    =====Application event log=====

    Computer Name: ARTEM
    Event Code: 1001
    Message: Detection of product ‘{FF075778-6E50-47ED-991D-3B07FD4E3250}’, feature ‘TrayApp’ failed during request for component ‘{64AC94BB-9C18-46A1-ACDE-38893CE54F56}’

    Record Number: 6
    Source Name: MsiInstaller
    Time Written: 20090821223726.000000+180
    Event Type: warning
    User: NT AUTHORITYSYSTEM

    Computer Name: ARTEM
    Event Code: 1004
    Message: Detection of product ‘{FF075778-6E50-47ED-991D-3B07FD4E3250}’, feature ‘TrayApp’, component ‘{544C7EF7-6803-40A6-980E-57758E45BE87}’ failed. The resource ‘HKEY_LOCAL_MACHINESOFTWAREHewlett-PackardDigitalImagingCtxMgrStringsEditorPluginsDir’ does not exist.

    Record Number: 5
    Source Name: MsiInstaller
    Time Written: 20090821223726.000000+180
    Event Type: warning
    User: NT AUTHORITYSYSTEM

    Computer Name: ARTEM
    Event Code: 11706
    Message: Product: TrayApp — Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package ‘TrayApp.msi’.

    Record Number: 3
    Source Name: MsiInstaller
    Time Written: 20090821223726.000000+180
    Event Type: error
    User: NT AUTHORITYSYSTEM

    Computer Name: ARTEM
    Event Code: 1001
    Message: Detection of product ‘{FF075778-6E50-47ED-991D-3B07FD4E3250}’, feature ‘TrayApp’ failed during request for component ‘{64AC94BB-9C18-46A1-ACDE-38893CE54F56}’

    Record Number: 2
    Source Name: MsiInstaller
    Time Written: 20090821223725.000000+180
    Event Type: warning
    User: NT AUTHORITYSYSTEM

    Computer Name: ARTEM
    Event Code: 1004
    Message: Detection of product ‘{FF075778-6E50-47ED-991D-3B07FD4E3250}’, feature ‘TrayApp’, component ‘{544C7EF7-6803-40A6-980E-57758E45BE87}’ failed. The resource ‘HKEY_LOCAL_MACHINESOFTWAREHewlett-PackardDigitalImagingCtxMgrStringsEditorPluginsDir’ does not exist.

    Record Number: 1
    Source Name: MsiInstaller
    Time Written: 20090821223725.000000+180
    Event Type: warning
    User: NT AUTHORITYSYSTEM

    ======Environment variables======

    «ComSpec»=%SystemRoot%system32cmd.exe
    «Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesAdobeAGL
    «windir»=%SystemRoot%
    «FP_NO_HOST_CHECK»=NO
    «OS»=Windows_NT
    «PROCESSOR_ARCHITECTURE»=x86
    «PROCESSOR_LEVEL»=6
    «PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    «PROCESSOR_REVISION»=0f0d
    «NUMBER_OF_PROCESSORS»=2
    «PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    «TEMP»=%SystemRoot%TEMP
    «TMP»=%SystemRoot%TEMP

    EOF

    С ув. Артём Иванов.

    25 августа, 2009 в 7:58 пп #25380
    Dic
    Participant
    • Темы:2
    • Сообщений:17
    • ☆

    Здравствуйте! У меня пропал привод для дисков.
    Полагаю что виноваты вирусы, хотя точно не уверен, но надеюсь, что вы мне сможете помочь решить данную проблему.

    Log.txt:
    Logfile of random’s system information tool 1.06 (written by random/random)
    Run by Artem0305 at 2009-08-25 22:55:25
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 84 GB (84%) free of 100 GB
    Total RAM: 2046 MB (70% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:55:26, on 25.08.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32nvsvc32.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSsystem32svchost.exe
    C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
    C:Program FilesAlwil SoftwareAvast4ashServ.exe
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
    C:Program FilesBonjourmDNSResponder.exe
    C:WINDOWSsystem32svchost.exe
    C:Program FilesJavajre6binjqs.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32PnkBstrA.exe
    C:WINDOWSsystem32svchost.exe
    C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
    C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
    C:WINDOWSsystem32msiexec.exe
    C:WINDOWSsystem32WgaTray.exe
    C:WINDOWSExplorer.EXE
    C:Program FilesMozilla Firefoxfirefox.exe
    C:PROGRA~1ALWILS~1Avast4ashDisp.exe
    C:Program FilesWebMoney Agentwmagent.exe
    C:WINDOWSsystem32RUNDLL32.EXE
    C:Program FilesJavajre6binjusched.exe
    C:Program FilesSafeSurfsafesurf.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Documents and SettingsArtem0305Application DataMail.RuAgentMAgent.exe
    E:AplicationsDAEMON Tools Litedaemon.exe
    C:Program FilesSafeSurfsurfguard.exe
    C:WINDOWSsystem32wuauclt.exe
    C:Documents and SettingsArtem0305DesktopRSIT.exe
    C:Program Filestrend microArtem0305.exe

    R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ru/
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = socks=127.0.0.1:7070
    R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
    O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
    O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
    O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
    O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
    O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
    O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
    O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
    O4 — HKLM..Run: [jsafesurf] C:Program FilesSafeSurfsafesurf.exe
    O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    O4 — HKCU..Run: [MAgent] C:Documents and SettingsArtem0305Application DataMail.RuAgentMAgent.exe -CU
    O4 — HKCU..Run: [DAEMON Tools Lite] «E:AplicationsDAEMON Tools Litedaemon.exe» -autorun
    O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
    O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
    O8 — Extra context menu item: E&xport to Microsoft Office Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O9 — Extra button: (no name) — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — (no file)
    O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:AplicationsICQICQ6.5ICQ.exe
    O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:AplicationsICQICQ6.5ICQ.exe
    O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
    O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe (file missing)
    O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Documents and SettingsArtem0305Application DataMail.RuAgentmagent.exe (HKCU)
    O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Documents and SettingsArtem0305Application DataMail.RuAgentmagent.exe (HKCU)
    O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 — AppInit_DLLs: C:WINDOWSsystem32wbsys.dll
    O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
    O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
    O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
    O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
    O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
    O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
    O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
    O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
    O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
    O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
    O23 — Service: nProtect GameGuard Service (npggsvc) — Unknown owner — C:WINDOWSsystem32GameMon.des.exe (file missing)
    O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
    O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
    O23 — Service: Windows Live Setup Service (WLSetupSvc) — Unknown owner — C:Program FilesWindows LiveinstallerWLSetupSvc.exe (file missing)

    —
    End of file — 7257 bytes

    ======Scheduled tasks folder======

    C:WINDOWStasksAppleSoftwareUpdate.job
    C:WINDOWStasksUser_Feed_Synchronization-{0C7B3E41-E059-406A-9DBF-C2DD79B2C774}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-08-22 41760]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-08-22 73728]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    «avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-08-17 81000]
    «wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2008-10-01 209376]
    «NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2009-08-17 13877248]
    «NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2009-08-17 86016]
    «SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-08-22 149280]
    «jsafesurf»=C:Program FilesSafeSurfsafesurf.exe [2009-08-22 165888]

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    «ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
    «MAgent»=C:Documents and SettingsArtem0305Application DataMail.RuAgentMAgent.exe [2009-08-08 7975608]
    «DAEMON Tools Lite»=E:AplicationsDAEMON Tools Litedaemon.exe [2008-08-08 490952]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAuslogics BoostSpeed]
    C:Program FilesAuslogicsAuslogics BoostSpeedboostspeed.exe [2009-08-04 475760]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregavast!]
    C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-08-17 81000]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
    E:AplicationsDAEMON Tools Litedaemon.exe [2008-08-08 490952]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
    C:WINDOWSsystem32NeroCheck.exe []

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
    C:Program FilesNVIDIA CorporationnViewnwiz.exe [2009-08-12 1657376]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
    C:Program FilesSkypePhoneSkype.exe [2009-04-16 24264488]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    []

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
    C:PROGRA~1TECHSM~1SNAGIT~1SnagIt32.exe [2007-05-01 6395464]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Artem0305^Start Menu^Programs^Startup^Create virtual drive for Denwer.lnk]
    []

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Artem0305^Start Menu^Programs^Startup^NOD32 Control Center.lnk]
    []

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
    «AppInit_DLLS»=»C:WINDOWSsystem32wbsys.dll»

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWBSrv]
    C:Program FilesStardockObject DesktopWindowBlindswbsrv.dll [2008-09-17 210168]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
    C:WINDOWSsystem32WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
    WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
    «dontdisplaylastusername»=0
    «legalnoticecaption»=
    «legalnoticetext»=
    «shutdownwithoutlogon»=1
    «undockwithoutlogon»=1

    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «NoDriveTypeAutoRun»=323
    «NoDriveAutoRun»=67108863
    «NoDrives»=0

    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
    «HonorAutoRunSetting»=
    «NoDriveAutoRun»=
    «NoDriveTypeAutoRun»=
    «NoDrives»=

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
    «C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
    «C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
    «C:WINDOWSsystem32dxdiag.exe»=»C:WINDOWSsystem32dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool»
    «C:Program FilesRevConnectDCPlusPlus.exe»=»C:Program FilesRevConnectDCPlusPlus.exe:*:Enabled:DC++»
    «E:AplicationsICQICQ6.5ICQ.exe»=»E:AplicationsICQICQ6.5ICQ.exe:*:Enabled:ICQ6»
    «C:Program FilesWebMoneyWebMoney.exe»=»C:Program FilesWebMoneyWebMoney.exe:*:Enabled:WebMoney Keeper Classic Runner Module»
    «C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
    «C:Program FilesMozilla Firefoxfirefox.exe»=»C:Program FilesMozilla Firefoxfirefox.exe:*:Enabled:Firefox»
    «C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
    «C:Program FilesITTerritoryDragonsDWarC2.exe»=»C:Program FilesITTerritoryDragonsDWarC2.exe:*:Enabled:Легенда: Наследие Драконов»
    «C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
    «C:Documents and SettingsArtem0305My DocumentsЗагрузкиVipIpClnt.exe»=»C:Documents and SettingsArtem0305My DocumentsЗагрузкиVipIpClnt.exe:*:Enabled:VipIpClnt»

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
    «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
    «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

    ======File associations======

    .js — edit — «C:Program FilesMacromediaDreamweaver 8dreamweaver.exe» «%1»

    ======List of files/folders created in the last 3 months======

    2009-08-25 21:11:28 —-HDC—- C:WINDOWSie8
    2009-08-25 21:11:13 —-HD—- C:WINDOWSmsdownld.tmp
    2009-08-25 14:29:52 —-SHD—- C:RECYCLER
    2009-08-25 14:18:30 —-A—- C:ComboFix.txt
    2009-08-25 13:58:54 —-D—- C:WINDOWSERDNT
    2009-08-25 13:42:47 —-A—- C:WINDOWSsystem32d3dx10_41.dll
    2009-08-25 13:42:47 —-A—- C:WINDOWSsystem32D3DCompiler_41.dll
    2009-08-25 13:42:46 —-A—- C:WINDOWSsystem32XAudio2_4.dll
    2009-08-25 13:42:46 —-A—- C:WINDOWSsystem32XAPOFX1_3.dll
    2009-08-25 13:42:46 —-A—- C:WINDOWSsystem32xactengine3_4.dll
    2009-08-25 13:42:46 —-A—- C:WINDOWSsystem32D3DX9_41.dll
    2009-08-25 13:42:45 —-A—- C:WINDOWSsystem32X3DAudio1_6.dll
    2009-08-24 18:50:18 —-HD—- C:Program FilesUninstall Information
    2009-08-24 18:00:31 —-A—- C:WINDOWSimsins.BAK
    2009-08-24 16:44:44 —-D—- C:Documents and SettingsAll UsersApplication DataOffice Genuine Advantage
    2009-08-24 16:35:58 —-D—- C:Documents and SettingsAll UsersApplication DataWindows Genuine Advantage
    2009-08-23 22:29:05 —-D—- C:Program FilesSafeSurf
    2009-08-22 21:15:04 —-A—- C:WINDOWSsystem32deploytk.dll
    2009-08-22 20:21:06 —-D—- C:Program FilesNVIDIA Corporation
    2009-08-22 20:21:02 —-D—- C:Documents and SettingsAll UsersApplication DataNVIDIA Corporation
    2009-08-21 23:00:44 —-D—- C:Program Filestrend micro
    2009-08-21 23:00:43 —-D—- C:rsit
    2009-08-21 22:41:06 —-SHD—- C:Config.Msi
    2009-08-21 22:26:33 —-D—- C:Documents and SettingsArtem0305Application DataUniblue
    2009-08-21 22:25:51 —-HDC—- C:Documents and SettingsAll UsersApplication Data~0
    2009-08-21 21:26:17 —-D—- C:Documents and SettingsArtem0305Application DataAuslogics
    2009-08-21 21:25:14 —-D—- C:Program FilesAuslogics
    2009-08-20 16:30:25 —-D—- C:Мусор
    2009-08-20 16:29:03 —-A—- C:WINDOWSusdthank.ini
    2009-08-20 16:29:03 —-A—- C:WINDOWSidc.ini
    2009-08-19 16:25:29 —-A—- C:WINDOWSgame.ini
    2009-08-18 14:23:56 —-A—- C:WINDOWSLogonStudio.ini
    2009-08-18 14:23:50 —-A—- C:WINDOWSsystem32JPGUtils.dll
    2009-08-18 14:23:49 —-D—- C:Program FilesWinCustomize
    2009-08-18 14:23:49 —-D—- C:Program FilesCommon FilesStardock
    2009-08-17 23:29:13 —-D—- C:Documents and SettingsAll UsersApplication DataYandex
    2009-08-17 19:44:30 —-A—- C:WINDOWSWB.ini
    2009-08-17 18:45:07 —-N—- C:WINDOWSsystem32wbsys.dll
    2009-08-17 18:45:07 —-D—- C:Program FilesStardock
    2009-08-17 03:04:24 —-A—- C:WINDOWSsystem32nvcplui.exe
    2009-08-17 03:04:08 —-A—- C:WINDOWSsystem32nvwddi.dll
    2009-08-17 03:03:44 —-A—- C:WINDOWSsystem32nvwss.dll
    2009-08-17 03:03:38 —-A—- C:WINDOWSsystem32nvvitvs.dll
    2009-08-17 03:03:28 —-A—- C:WINDOWSsystem32nvmobls.dll
    2009-08-17 03:03:28 —-A—- C:WINDOWSsystem32nvmccss.dll
    2009-08-17 03:03:22 —-A—- C:WINDOWSsystem32nvgames.dll
    2009-08-17 03:03:02 —-A—- C:WINDOWSsystem32nvdisps.dll
    2009-08-17 03:03:00 —-A—- C:WINDOWSsystem32nvsvc32.exe
    2009-08-17 03:03:00 —-A—- C:WINDOWSsystem32nvmctray.dll
    2009-08-17 03:03:00 —-A—- C:WINDOWSsystem32nvcpl.dll
    2009-08-17 03:03:00 —-A—- C:WINDOWSsystem32nvcolor.exe
    2009-08-17 03:02:52 —-A—- C:WINDOWSsystem32nvmccs.dll
    2009-08-15 10:52:46 —-HDC—- C:WINDOWS$NtUninstallKB961118$
    2009-08-14 18:04:15 —-D—- C:WINDOWSsystem32XPSViewer
    2009-08-14 18:04:05 —-D—- C:Program FilesReference Assemblies
    2009-08-13 21:10:25 —-D—- C:Program FilesBorland
    2009-08-13 21:10:23 —-A—- C:Program Files_ISREG32.DLL
    2009-08-13 21:10:22 —-D—- C:Program FilesCommon FilesBorland Shared
    2009-08-13 21:10:17 —-A—- C:WINDOWSuninst.exe
    2009-08-12 21:45:29 —-D—- C:Documents and SettingsArtem0305Application Datawmmail
    2009-08-12 16:29:40 —-HDC—- C:WINDOWS$NtUninstallKB960859$
    2009-08-12 16:29:36 —-HDC—- C:WINDOWS$NtUninstallKB971657$
    2009-08-12 16:29:31 —-HDC—- C:WINDOWS$NtUninstallKB971557$
    2009-08-12 16:29:27 —-HDC—- C:WINDOWS$NtUninstallKB956744$
    2009-08-12 16:29:23 —-HDC—- C:WINDOWS$NtUninstallKB973869$
    2009-08-12 16:29:19 —-HDC—- C:WINDOWS$NtUninstallKB973507$
    2009-08-12 16:29:14 —-HDC—- C:WINDOWS$NtUninstallKB973354$
    2009-08-12 16:29:08 —-HDC—- C:WINDOWS$NtUninstallKB973540_WM9$
    2009-08-12 16:29:04 —-A—- C:WINDOWSsystem32MRT.INI
    2009-08-12 16:28:04 —-HDC—- C:WINDOWS$NtUninstallKB973815$
    2009-08-10 19:30:20 —-D—- C:Documents and SettingsAll UsersApplication DataMacromedia
    2009-08-10 19:30:03 —-D—- C:Program FilesMacromedia
    2009-08-10 19:30:03 —-D—- C:Program FilesCommon FilesMacromedia
    2009-08-10 18:38:23 —-A—- C:WINDOWSwincmd.ini
    2009-08-10 14:00:03 —-D—- C:Program FilesiPod
    2009-08-10 14:00:01 —-D—- C:Program FilesiTunes
    2009-08-08 18:13:09 —-D—- C:Documents and SettingsArtem0305Application Dataru.rambler.Communicator.13CE42EE296FC74C5214B9FD66640D35FA8DCE65.1
    2009-08-08 16:41:14 —-D—- C:Documents and SettingsArtem0305Application DataMra
    2009-08-08 16:41:14 —-D—- C:Documents and SettingsArtem0305Application DataMail.Ru
    2009-08-08 16:41:02 —-D—- C:Program FilesMail.Ru
    2009-08-04 17:38:23 —-D—- C:Documents and SettingsArtem0305Application DataWinamp
    2009-08-04 17:32:59 —-D—- C:Program FilesCCleaner
    2009-08-03 20:36:26 —-D—- C:Documents and SettingsArtem0305Application DataITTerritory
    2009-08-03 19:26:43 —-D—- C:Program FilesITTerritory
    2009-07-21 16:39:07 —-HDC—- C:WINDOWS$NtUninstallKB973346$
    2009-07-21 16:39:03 —-HDC—- C:WINDOWS$NtUninstallKB971633$
    2009-07-21 16:38:05 —-HDC—- C:WINDOWS$NtUninstallKB961371$
    2009-07-12 13:09:40 —-D—- C:Documents and SettingsAll UsersApplication DataAgnitum
    2009-06-24 11:22:28 —-D—- C:WINDOWSie8updates
    2009-06-05 19:53:13 —-D—- C:Program FilesCommon FilesSWiSHzone.com
    2009-06-04 11:38:22 —-A—- C:WINDOWSSpeederXP.INI

    ======List of files/folders modified in the last 3 months======

    2009-08-25 22:54:41 —-D—- C:WINDOWSsystem32CatRoot2
    2009-08-25 22:53:44 —-D—- C:WINDOWSPrefetch
    2009-08-25 22:52:12 —-D—- C:WINDOWSTemp
    2009-08-25 22:49:31 —-SHD—- C:WINDOWSInstaller
    2009-08-25 22:44:52 —-D—- C:Program FilesMozilla Firefox
    2009-08-25 22:43:25 —-D—- C:WINDOWS
    2009-08-25 22:42:58 —-D—- C:WINDOWSsystem32
    2009-08-25 22:40:48 —-A—- C:WINDOWSSchedLgU.Txt
    2009-08-25 22:32:50 —-D—- C:Documents and SettingsArtem0305Application DatauTorrent
    2009-08-25 22:31:24 —-HD—- C:WINDOWSinf
    2009-08-25 22:22:05 —-D—- C:Documents and SettingsArtem0305Application DataWebMoney
    2009-08-25 21:57:09 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
    2009-08-25 21:57:01 —-SD—- C:WINDOWSTasks
    2009-08-25 21:55:38 —-RSHDC—- C:WINDOWSsystem32dllcache
    2009-08-25 21:16:47 —-D—- C:WINDOWSsystem32en-US
    2009-08-25 21:16:47 —-D—- C:WINDOWSMedia
    2009-08-25 21:16:47 —-D—- C:WINDOWSHelp
    2009-08-25 21:16:47 —-D—- C:Program FilesInternet Explorer
    2009-08-25 21:14:05 —-RD—- C:Program Files
    2009-08-25 21:13:58 —-HD—- C:WINDOWS$hf_mig$
    2009-08-25 21:13:55 —-D—- C:WINDOWSsystem32CatRoot
    2009-08-25 20:02:34 —-D—- C:WINDOWSsystem32NtmsData
    2009-08-25 16:34:44 —-D—- C:Program FilesCommon Files
    2009-08-25 15:23:00 —-SD—- C:WINDOWSDownloaded Program Files
    2009-08-25 14:27:58 —-SHD—- C:System Volume Information
    2009-08-25 14:27:58 —-D—- C:WINDOWSsystem32Restore
    2009-08-25 14:18:32 —-D—- C:WINDOWSsystem32drivers
    2009-08-25 14:14:52 —-A—- C:WINDOWSsystem.ini
    2009-08-25 14:11:28 —-D—- C:WINDOWSsystem32config
    2009-08-25 14:11:07 —-RSD—- C:WINDOWSFonts
    2009-08-25 14:10:00 —-D—- C:WINDOWSAppPatch
    2009-08-25 14:03:59 —-D—- C:Documents and SettingsArtem0305Application DataSkype
    2009-08-25 13:42:47 —-D—- C:WINDOWSsystem32DirectX
    2009-08-25 13:39:53 —-D—- C:WINDOWSLogs
    2009-08-25 13:00:13 —-ASH—- C:boot.ini
    2009-08-25 13:00:13 —-A—- C:WINDOWSwin.ini
    2009-08-25 13:00:12 —-D—- C:WINDOWSpss
    2009-08-25 12:47:46 —-D—- C:WINDOWSMinidump
    2009-08-24 18:08:29 —-D—- C:WINDOWSsystem32LogFiles
    2009-08-24 18:00:19 —-D—- C:WINDOWSie7updates
    2009-08-24 16:41:51 —-D—- C:WINDOWSSoftwareDistribution
    2009-08-22 21:14:56 —-A—- C:WINDOWSsystem32javaws.exe
    2009-08-22 21:14:56 —-A—- C:WINDOWSsystem32javaw.exe
    2009-08-22 21:14:56 —-A—- C:WINDOWSsystem32java.exe
    2009-08-22 21:14:54 —-D—- C:Program FilesJava
    2009-08-22 20:21:43 —-D—- C:Program FilesCommon FilesWise Installation Wizard
    2009-08-22 20:20:49 —-D—- C:WINDOWSsystem32ReinstallBackups
    2009-08-22 20:20:21 —-D—- C:NVIDIA
    2009-08-22 19:24:30 —-D—- C:Documents and SettingsArtem0305Application DataAdobe
    2009-08-21 22:30:13 —-D—- C:Documents and SettingsArtem0305Application DataMedia Player Classic
    2009-08-21 21:30:09 —-D—- C:WINDOWSDebug
    2009-08-20 18:03:10 —-A—- C:WINDOWSsystem32PnkBstrB.exe
    2009-08-19 18:48:56 —-A—- C:WINDOWSsystem32PnkBstrA.exe
    2009-08-19 16:33:24 —-HD—- C:Program FilesInstallShield Installation Information
    2009-08-19 16:26:38 —-RSD—- C:WINDOWSassembly
    2009-08-18 17:22:06 —-D—- C:Program FilesBonjour
    2009-08-18 17:21:33 —-D—- C:Documents and SettingsArtem0305Application DataYandex
    2009-08-18 14:24:57 —-A—- C:WINDOWSsystem32logonuiX.exe
    2009-08-18 09:33:04 —-D—- C:Documents and SettingsArtem0305Application DataFileZilla
    2009-08-17 19:10:20 —-A—- C:WINDOWSsystem32aswBoot.exe
    2009-08-17 00:57:00 —-A—- C:WINDOWSsystem32nvudisp.exe
    2009-08-17 00:57:00 —-A—- C:WINDOWSsystem32nvoglnt.dll
    2009-08-17 00:57:00 —-A—- C:WINDOWSsystem32nvcuvid.dll
    2009-08-17 00:57:00 —-A—- C:WINDOWSsystem32nvcuvenc.dll
    2009-08-17 00:57:00 —-A—- C:WINDOWSsystem32nvcuda.dll
    2009-08-17 00:57:00 —-A—- C:WINDOWSsystem32nvcodins.dll
    2009-08-17 00:57:00 —-A—- C:WINDOWSsystem32nvcod.dll
    2009-08-17 00:57:00 —-A—- C:WINDOWSsystem32nvapi.dll
    2009-08-17 00:57:00 —-A—- C:WINDOWSsystem32nv4_disp.dll
    2009-08-14 18:17:04 —-D—- C:WINDOWSMicrosoft.NET
    2009-08-14 18:07:05 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
    2009-08-14 18:06:51 —-D—- C:WINDOWSWinSxS
    2009-08-12 16:29:16 —-D—- C:Program FilesOutlook Express
    2009-08-11 12:35:08 —-A—- C:WINDOWSsystem32NVUNINST.EXE
    2009-08-10 19:33:47 —-D—- C:Documents and SettingsArtem0305Application DataMacromedia
    2009-08-10 19:31:26 —-A—- C:WINDOWSsystem32BASSMOD.dll
    2009-08-10 19:29:30 —-D—- C:WINDOWSDownloaded Installations
    2009-08-08 20:45:45 —-D—- C:Program FilesRevConnect
    2009-08-07 21:47:54 —-D—- C:WINDOWSsystem32MsDtc
    2009-08-07 21:47:53 —-D—- C:WINDOWSrepair
    2009-08-07 21:47:50 —-D—- C:Program FilesWinRAR
    2009-08-07 21:47:02 —-D—- C:Program FilesNotepad++
    2009-08-07 21:47:01 —-D—- C:Documents and SettingsArtem0305Application DataTeamViewer
    2009-08-07 21:47:01 —-D—- C:Documents and SettingsArtem0305Application DataNero
    2009-08-07 21:47:00 —-D—- C:Documents and SettingsArtem0305Application DataHideIP
    2009-08-07 21:47:00 —-D—- C:Documents and SettingsAll UsersApplication DataWLInstaller
    2009-08-05 12:01:48 —-A—- C:WINDOWSsystem32mswebdvd.dll
    2009-08-04 17:40:27 —-D—- C:Program FilesWinamp
    2009-08-04 08:50:29 —-A—- C:WINDOWSsystem32settings_ab.ini
    2009-07-30 03:49:14 —-A—- C:WINDOWSsystem32MRT.exe
    2009-07-24 12:48:30 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
    2009-07-19 18:48:58 —-A—- C:WINDOWSsystem32ieframe.dll
    2009-07-19 16:18:59 —-A—- C:WINDOWSsystem32mshtml.dll
    2009-07-18 21:23:39 —-A—- C:WINDOWSNeroDigital.ini
    2009-07-17 22:01:06 —-A—- C:WINDOWSsystem32atl.dll
    2009-07-12 12:21:50 —-A—- C:WINDOWSsystem32wmpdxm.dll
    2009-07-12 12:21:50 —-A—- C:WINDOWSsystem32wmp.dll
    2009-07-03 20:09:28 —-A—- C:WINDOWSsystem32wininet.dll
    2009-07-03 20:09:27 —-N—- C:WINDOWSsystem32occache.dll
    2009-07-03 20:09:27 —-A—- C:WINDOWSsystem32urlmon.dll
    2009-07-03 20:09:25 —-A—- C:WINDOWSsystem32msfeedsbs.dll
    2009-07-03 20:09:25 —-A—- C:WINDOWSsystem32msfeeds.dll
    2009-07-03 20:09:24 —-N—- C:WINDOWSsystem32jsproxy.dll
    2009-07-03 20:09:24 —-A—- C:WINDOWSsystem32iertutil.dll
    2009-07-03 20:09:23 —-N—- C:WINDOWSsystem32iepeers.dll
    2009-07-03 20:09:21 —-N—- C:WINDOWSsystem32iedkcs32.dll
    2009-07-03 14:01:06 —-N—- C:WINDOWSsystem32ie4uinit.exe
    2009-06-29 19:12:14 —-N—- C:WINDOWSsystem32extmgr.dll
    2009-06-23 11:30:18 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
    2009-06-19 15:54:31 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
    2009-06-19 15:54:15 —-D—- C:Program FilesCommon FilesAdobe
    2009-06-19 15:54:01 —-D—- C:Program FilesAdobe
    2009-06-17 20:25:02 —-D—- C:Documents and SettingsAll UsersApplication DataApple
    2009-06-17 20:25:00 —-DC—- C:WINDOWSsystem32DRVSTORE
    2009-06-16 17:36:30 —-A—- C:WINDOWSsystem32t2embed.dll
    2009-06-16 17:36:30 —-A—- C:WINDOWSsystem32fontsub.dll
    2009-06-12 15:31:40 —-A—- C:WINDOWSsystem32tlntsess.exe
    2009-06-12 15:31:39 —-A—- C:WINDOWSsystem32telnet.exe
    2009-06-10 17:13:29 —-A—- C:WINDOWSsystem32avifil32.dll
    2009-06-10 09:19:38 —-A—- C:WINDOWSsystem32mstscax.dll
    2009-06-10 09:14:49 —-A—- C:WINDOWSsystem32wkssvc.dll
    2009-06-05 19:59:23 —-D—- C:Program FilesSystemRequirementsLab
    2009-06-05 19:59:11 —-D—- C:Documents and SettingsArtem0305Application DataSystemRequirementsLab
    2009-06-05 11:42:38 —-A—- C:WINDOWSsystem32usbaaplrc.dll
    2009-06-03 22:09:37 —-A—- C:WINDOWSsystem32quartz.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-08-17 26944]
    R1 Amfilter;A4Tech Mouse Filter Driver; C:WINDOWSsystem32DRIVERSAmfilter.sys [2006-12-16 8704]
    R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-08-17 114768]
    R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-08-17 51376]
    R1 BIOS;BIOS; ??C:WINDOWSsystem32driversBIOS.sys []
    R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 36352]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2003-03-31 12032]
    R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-08-17 20560]
    R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-08-17 94160]
    R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:WINDOWSsystem32DRIVERSAmusbprt.sys [2006-12-16 13824]
    R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-08-17 23152]
    R3 FStarForce;FStarForce; C:WINDOWSsystem32DRIVERSFStarForce.sys [2008-10-16 7680]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2008-11-11 4946944]
    R3 MouseCap;MouseCapture Driver; C:WINDOWSSystem32DriversMouseCap.sys [2005-08-08 6640]
    R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-08-17 7729568]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-08-07 111360]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
    S2 adfs;adfs; C:WINDOWSsystem32driversadfs.sys []
    S3 ae0heob8;ae0heob8; C:WINDOWSsystem32driversae0heob8.sys []
    S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:WINDOWSsystem32DRIVERSAmps2prt.sys [2006-05-09 13824]
    S3 catchme;catchme; ??C:ComboFixcatchme.sys []
    S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSsystem32DRIVERSGEARAspiWDM.sys [2009-03-19 23400]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2006-12-06 49920]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2006-12-06 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2006-12-06 21568]
    S3 irsir;Microsoft Serial Infrared Driver; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-17 18688]
    S3 Moufiltr;Mouse Test Driver; C:WINDOWSsystem32DRIVERSMoufiltr.sys [2005-08-06 9661]
    S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
    S3 npkcrypt;npkcrypt; C:WINDOWSsystem32driversnpkcrypt.sys []
    S3 Rasirda;WAN Miniport (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
    S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2009-06-05 39424]
    S3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-14 60032]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
    S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
    S3 WINIO;WINIO; C:WINDOWSsystem32driversWINIO.sys []
    S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-06-05 144712]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-08-17 18752]
    R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-08-17 138680]
    R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-12-12 238888]
    R2 hpqddsvc;Служба HP CUE DeviceDiscovery; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-08-22 153376]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
    R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2009-08-17 168004]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
    R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-08-19 66872]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-08-17 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-08-17 352920]
    R3 hpqcxs08;hpqcxs08; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
    S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-03-30 72704]
    S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-04-03 654848]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
    S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
    S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2009-07-13 542496]
    S3 npggsvc;nProtect GameGuard Service; C:WINDOWSsystem32GameMon.des [2009-02-17 2741114]
    S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-04-16 91184]
    S3 usprserv;User Privilege Service; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
    S3 WLSetupSvc;Windows Live Setup Service; C:Program FilesWindows LiveinstallerWLSetupSvc.exe []
    S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]

    EOF

    http://www.spyware-ru.com/forums/forum/lechim-kompyutery/udalenie-virusov-troyanov-spajvare/?&t=1328 — моя основная проблема.

    26 августа, 2009 в 9:38 дп #25373
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Здравствуйте, добро пожаловать на Spyware-ru форум.

    Извините за задержку с ответом.
    Вижу вы запускали Combofix, запустите ещё раз и получившийся лог вставьте в ваш ответ.

    И в том числе, чёрный экран при загрузке. Сейчас стабильно он стоит минуты 3-4 каждый раз.

    На каком этапе загрузки системы проявляется эта проблема ?

    26 августа, 2009 в 10:02 дп #25374
    Dic
    Participant
    • Темы:2
    • Сообщений:17
    • ☆

    Здравствуйте, Валерий. Нечего бывает.
    Да, запускал. Но лог удалил потом.
    Вот сделал сейчас еще раз проверку.

    ComboFix 09-08-25.04 — Artem0305 26.08.2009 12:53.2.2 — NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.2046.1426 [GMT 3:00]
    Running from: c:documents and settingsArtem0305DesktopComboFix.exe
    Command switches used :: c:documents and settingsArtem0305DesktopWindowsXP-KB310994-SP2-Pro-BootDisk-ENU(2).exe
    AV: avast! antivirus 4.8.1351 [VPS 090825-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    PEV Error: CacheFolder

    ((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
    .

    2009-08-25 18:11 . 2009-08-25 18:12

    dc-h—w- c:windowsie8
    2009-08-25 18:11 . 2009-08-25 18:14

    d—h—w- c:windowsmsdownld.tmp
    2009-08-25 17:45 . 2009-08-25 17:45

    d

    w- c:documents and settingsArtem0305SecurityScans
    2009-08-25 10:42 . 2009-03-09 12:27 453456 —-a-w- c:windowssystem32d3dx10_41.dll
    2009-08-25 10:42 . 2009-03-09 12:27 1846632 —-a-w- c:windowssystem32D3DCompiler_41.dll
    2009-08-25 10:42 . 2009-03-16 11:18 69448 —-a-w- c:windowssystem32XAPOFX1_3.dll
    2009-08-25 10:42 . 2009-03-16 11:18 517448 —-a-w- c:windowssystem32XAudio2_4.dll
    2009-08-25 10:42 . 2009-03-16 11:18 235352 —-a-w- c:windowssystem32xactengine3_4.dll
    2009-08-25 10:42 . 2009-03-09 12:27 4178264 —-a-w- c:windowssystem32D3DX9_41.dll
    2009-08-25 10:42 . 2009-03-16 11:18 22360 —-a-w- c:windowssystem32X3DAudio1_6.dll
    2009-08-24 14:17 . 2009-08-24 14:17

    d

    w- c:documents and settingsArtem0305DoctorWeb
    2009-08-24 13:44 . 2009-08-24 13:44

    d

    w- c:documents and settingsAll UsersApplication DataOffice Genuine Advantage
    2009-08-23 19:29 . 2009-08-24 12:55

    d

    w- c:program filesSafeSurf
    2009-08-22 18:15 . 2009-08-22 18:14 411368 —-a-w- c:windowssystem32deploytk.dll
    2009-08-22 18:14 . 2009-08-22 18:14 152576 —-a-w- c:documents and settingsArtem0305Application DataSunJavajre1.6.0_15lzma.dll
    2009-08-22 17:21 . 2009-08-22 17:21

    d

    w- c:program filesNVIDIA Corporation
    2009-08-22 17:21 . 2009-08-22 17:21

    d

    w- c:documents and settingsAll UsersApplication DataNVIDIA Corporation
    2009-08-21 20:00 . 2009-08-25 19:55

    d

    w- c:program filestrend micro
    2009-08-21 20:00 . 2009-08-21 20:00

    d

    w- C:rsit
    2009-08-21 19:26 . 2009-08-21 19:26

    d

    w- c:documents and settingsArtem0305Application DataUniblue
    2009-08-21 19:26 . 2009-07-01 07:41 2568240 -c—-w- c:documents and settingsAll UsersApplication Data~0Uniblue RegistryBooster.exe
    2009-08-21 19:25 . 2009-08-21 19:42

    dc-h—w- c:documents and settingsAll UsersApplication Data~0
    2009-08-21 18:26 . 2009-08-21 19:29

    d

    w- c:documents and settingsArtem0305Application DataAuslogics
    2009-08-21 18:25 . 2009-08-21 18:25

    d

    w- c:program filesAuslogics
    2009-08-20 13:30 . 2009-08-25 13:04

    d

    w- C:Мусор
    2009-08-18 11:23 . 2000-05-17 06:52 187392 —-a-w- c:windowssystem32JPGUtils.dll
    2009-08-18 11:23 . 2009-08-21 19:43

    d

    w- c:program filesCommon FilesStardock
    2009-08-18 11:23 . 2009-08-18 11:23

    d

    w- c:program filesWinCustomize
    2009-08-17 20:29 . 2009-08-17 20:29

    d

    w- c:documents and settingsAll UsersApplication DataYandex
    2009-08-17 15:45 . 2009-08-18 11:28

    d

    w- c:program filesStardock
    2009-08-17 15:45 . 2008-04-26 13:14 42672

    w- c:windowssystem32wbsys.dll
    2009-08-17 00:04 . 2009-08-17 00:04 2173472 —-a-w- c:windowssystem32nvcplui.exe
    2009-08-17 00:04 . 2009-08-17 00:04 81920 —-a-w- c:windowssystem32nvwddi.dll
    2009-08-17 00:03 . 2009-08-17 00:03 3170304 —-a-w- c:windowssystem32nvwss.dll
    2009-08-17 00:03 . 2009-08-17 00:03 4026368 —-a-w- c:windowssystem32nvvitvs.dll
    2009-08-17 00:03 . 2009-08-17 00:03 188416 —-a-w- c:windowssystem32nvmccss.dll
    2009-08-17 00:03 . 2009-08-17 00:03 1286144 —-a-w- c:windowssystem32nvmobls.dll
    2009-08-17 00:03 . 2009-08-17 00:03 3547136 —-a-w- c:windowssystem32nvgames.dll
    2009-08-17 00:03 . 2009-08-17 00:03 4923392 —-a-w- c:windowssystem32nvdisps.dll
    2009-08-17 00:03 . 2009-08-17 00:03 86016 —-a-w- c:windowssystem32nvmctray.dll
    2009-08-17 00:03 . 2009-08-17 00:03 168004 —-a-w- c:windowssystem32nvsvc32.exe
    2009-08-17 00:03 . 2009-08-17 00:03 143360 —-a-w- c:windowssystem32nvcolor.exe
    2009-08-17 00:03 . 2009-08-17 00:03 13877248 —-a-w- c:windowssystem32nvcpl.dll
    2009-08-17 00:02 . 2009-08-17 00:02 229376 —-a-w- c:windowssystem32nvmccs.dll
    2009-08-14 15:04 . 2009-08-14 15:04

    d

    w- c:windowssystem32XPSViewer
    2009-08-14 15:04 . 2009-08-14 15:04

    d

    w- c:program filesReference Assemblies
    2009-08-13 18:10 . 2009-08-13 18:10

    d

    w- c:program filesBorland
    2009-08-13 18:10 . 1998-11-12 13:49 47104 —-a-w- c:program files_ISREG32.DLL
    2009-08-13 18:10 . 2009-08-13 18:10

    d

    w- c:program filesCommon FilesBorland Shared
    2009-08-13 18:10 . 1998-10-01 12:22 299520 —-a-w- c:windowsuninst.exe
    2009-08-13 18:10 . 2009-08-13 18:10

    d

    w- c:documents and settingsArtem0305WINDOWS
    2009-08-12 18:45 . 2009-08-12 18:45

    d

    w- c:documents and settingsArtem0305Application Datawmmail
    2009-08-12 10:46 . 2009-07-10 13:27 1315328 -c—-w- c:windowssystem32dllcachemsoe.dll
    2009-08-10 16:32 . 2005-08-30 12:19 1052672 —-a-w- c:documents and settingsArtem0305Application DataMacromediaDreamweaver 8ConfigurationFlash PlayerFlashPlayerW.dll
    2009-08-10 16:30 . 2009-08-25 13:37

    d

    w- c:program filesMacromedia
    2009-08-10 16:30 . 2009-08-25 13:37

    d

    w- c:program filesCommon FilesMacromedia
    2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsUC.PIF
    2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsRAR.PIF
    2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsPKZIP.PIF
    2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsPKUNZIP.PIF
    2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsNOCLOSE.PIF
    2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsLHA.PIF
    2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsARJ.PIF
    2009-08-10 11:00 . 2009-08-10 11:00

    d

    w- c:program filesiPod
    2009-08-10 11:00 . 2009-08-10 11:00

    d

    w- c:program filesiTunes
    2009-08-10 10:56 . 2009-08-10 10:56 75040 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheiTunes 8.2.1.6SetupAdmin.exe
    2009-08-10 09:32 . 2009-08-10 09:32 33280 —-a-w- c:documents and settingsArtem0305pr3xy.exe
    2009-08-08 15:13 . 2009-08-08 15:13

    d

    w- c:documents and settingsArtem0305Application Dataru.rambler.Communicator.13CE42EE296FC74C5214B9FD66640D35FA8DCE65.1
    2009-08-08 13:41 . 2009-08-08 13:41 5867704 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentmagentsetup.exe
    2009-08-08 13:41 . 2009-08-08 13:41 679936 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentMradllYLUSBTEL.dll
    2009-08-08 13:41 . 2009-08-08 13:41 86712 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentMradllmratag.dll
    2009-08-08 13:41 . 2009-08-08 13:41 67768 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentMradllnewmrasearch.dll
    2009-08-08 13:41 . 2009-08-08 13:41 49152 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentMradllMousePhone.dll
    2009-08-08 13:41 . 2009-08-08 13:41 125112 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentMradllmramenu.dll
    2009-08-08 13:41 . 2009-08-08 13:41 7975608 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentmagent.exe
    2009-08-08 13:41 . 2009-08-08 13:41

    d

    w- c:documents and settingsArtem0305Application DataMra
    2009-08-08 13:41 . 2009-08-08 13:41

    d

    w- c:documents and settingsArtem0305Application DataMail.Ru
    2009-08-08 13:41 . 2009-08-08 13:41

    d

    w- c:program filesMail.Ru
    2009-08-07 16:27 . 2009-08-20 11:52

    d

    w- c:documents and settingsArtem0305Local SettingsApplication DataYESv4
    2009-08-05 09:01 . 2009-08-05 09:01 204800 -c—-w- c:windowssystem32dllcachemswebdvd.dll
    2009-08-04 19:32 . 2009-08-04 19:32

    d

    w- c:documents and settingsArtem0305Local SettingsApplication Dataalbumi.lv (Unibind)
    2009-08-04 17:20 . 2009-08-04 17:20

    d-sh—w- c:documents and settingsArtem0305IECompatCache
    2009-08-04 14:38 . 2009-08-23 14:13

    d

    w- c:documents and settingsArtem0305Application DataWinamp
    2009-08-04 14:32 . 2009-08-04 14:33

    d

    w- c:program filesCCleaner
    2009-08-03 17:36 . 2009-08-03 19:30

    d

    w- c:documents and settingsArtem0305Application DataITTerritory
    2009-08-03 16:26 . 2009-08-03 16:26

    d

    w- c:program filesITTerritory

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-26 09:51 . 2008-05-19 16:11

    d—a-w- c:documents and settingsAll UsersApplication DataTEMP
    2009-08-26 09:37 . 2008-05-19 15:28

    d

    w- c:documents and settingsArtem0305Application DatauTorrent
    2009-08-26 08:36 . 2009-05-19 13:32

    d

    w- c:documents and settingsArtem0305Application DataWebMoney
    2009-08-25 11:03 . 2008-05-19 15:16

    d

    w- c:documents and settingsArtem0305Application DataSkype
    2009-08-22 18:14 . 2008-05-23 13:44

    d

    w- c:program filesJava
    2009-08-22 17:21 . 2009-01-19 18:20

    d

    w- c:program filesCommon FilesWise Installation Wizard
    2009-08-21 19:30 . 2009-04-14 16:58

    d

    w- c:documents and settingsArtem0305Application DataMedia Player Classic
    2009-08-20 15:03 . 2009-01-16 17:13 22328 —-a-w- c:windowssystem32driversPnkBstrK.sys
    2009-08-20 15:03 . 2009-01-16 17:12 103736 —-a-w- c:windowssystem32PnkBstrB.exe
    2009-08-19 15:48 . 2008-05-20 11:00 66872 —-a-w- c:windowssystem32PnkBstrA.exe
    2009-08-19 13:33 . 2008-05-14 22:17

    d—h—w- c:program filesInstallShield Installation Information
    2009-08-19 13:25 . 2008-05-20 11:00 22328 —-a-w- c:documents and settingsArtem0305Application DataPnkBstrK.sys
    2009-08-19 13:25 . 2008-05-20 11:00 22328 —-a-w- c:documents and settingsArtem0305Application DataPnkBstrK.sys
    2009-08-18 14:37 . 2008-05-14 22:27 697616 —-a-w- c:documents and settingsArtem0305Local SettingsApplication DataGDIPFONTCACHEV1.DAT
    2009-08-18 14:22 . 2009-04-03 18:48

    d

    w- c:program filesBonjour
    2009-08-18 14:21 . 2008-12-05 18:00

    d

    w- c:documents and settingsArtem0305Application DataYandex
    2009-08-18 11:24 . 2004-08-03 21:56 3929600 —-a-w- c:windowssystem32logonuiX.exe
    2009-08-18 06:33 . 2009-04-22 12:16

    d

    w- c:documents and settingsArtem0305Application DataFileZilla
    2009-08-17 16:10 . 2009-03-20 12:59 1279456 —-a-w- c:windowssystem32aswBoot.exe
    2009-08-17 16:06 . 2009-03-20 12:59 93392 —-a-w- c:windowssystem32driversaswmon.sys
    2009-08-17 16:06 . 2009-03-20 12:59 94160 —-a-w- c:windowssystem32driversaswmon2.sys
    2009-08-17 16:05 . 2009-03-20 12:59 114768 —-a-w- c:windowssystem32driversaswSP.sys
    2009-08-17 16:05 . 2009-03-20 12:59 20560 —-a-w- c:windowssystem32driversaswFsBlk.sys
    2009-08-17 16:04 . 2009-03-20 12:59 51376 —-a-w- c:windowssystem32driversaswTdi.sys
    2009-08-17 16:04 . 2009-03-20 12:59 23152 —-a-w- c:windowssystem32driversaswRdr.sys
    2009-08-17 16:03 . 2009-03-20 12:59 26944 —-a-w- c:windowssystem32driversaavmker4.sys
    2009-08-17 16:02 . 2009-03-20 12:59 97480 —-a-w- c:windowssystem32AvastSS.scr
    2009-08-16 21:57 . 2009-04-30 19:02 1706528 —-a-w- c:windowssystem32nvcuvenc.dll
    2009-08-16 21:57 . 2009-04-30 19:02 1597690 —-a-w- c:windowssystem32nvdata.bin
    2009-08-16 21:57 . 2009-02-09 11:18 2189856 —-a-w- c:windowssystem32nvcuvid.dll
    2009-08-16 21:57 . 2008-05-14 22:22 485920 —-a-w- c:windowssystem32nvudisp.exe
    2009-08-16 21:57 . 2008-01-08 17:53 868352 —-a-w- c:windowssystem32nvapi.dll
    2009-08-16 21:57 . 2008-01-08 17:53 7729568 —-a-w- c:windowssystem32driversnv4_mini.sys
    2009-08-16 21:57 . 2008-01-08 17:53 5845760 —-a-w- c:windowssystem32nv4_disp.dll
    2009-08-16 21:57 . 2008-01-08 17:53 2002944 —-a-w- c:windowssystem32nvcuda.dll
    2009-08-16 21:57 . 2008-01-08 17:53 155648 —-a-w- c:windowssystem32nvcodins.dll
    2009-08-16 21:57 . 2008-01-08 17:53 155648 —-a-w- c:windowssystem32nvcod.dll
    2009-08-16 21:57 . 2008-01-08 17:53 10457088 —-a-w- c:windowssystem32nvoglnt.dll
    2009-08-13 18:10 . 2009-08-13 18:10 7599 —-a-w- c:program filesDeIsL1.isu
    2009-08-13 18:10 . 2009-08-13 18:10 516 —-a-w- c:program files_DEISREG.ISR
    2009-08-11 09:35 . 2008-05-14 22:22 485920 —-a-w- c:windowssystem32NVUNINST.EXE
    2009-08-08 17:45 . 2008-05-25 16:17

    d

    w- c:program filesRevConnect
    2009-08-07 18:47 . 2009-04-22 04:17

    d

    w- c:program filesNotepad++
    2009-08-07 18:47 . 2009-03-06 18:18

    d

    w- c:documents and settingsArtem0305Application DataNero
    2009-08-07 18:47 . 2008-05-19 15:55

    d

    w- c:documents and settingsArtem0305Application DataTeamViewer
    2009-08-07 18:47 . 2009-04-23 17:32

    d

    w- c:documents and settingsArtem0305Application DataHideIP
    2009-08-07 18:47 . 2008-09-09 11:56

    d

    w- c:documents and settingsAll UsersApplication DataWLInstaller
    2009-08-05 09:01 . 2004-08-03 21:56 204800 —-a-w- c:windowssystem32mswebdvd.dll
    2009-08-04 14:40 . 2008-05-15 17:52

    d

    w- c:program filesWinamp
    2009-08-03 12:15 . 2009-03-15 16:49 10 —-a-w- c:windowspopcinfo.dat
    2009-07-24 09:48 . 2008-11-04 19:46

    d

    w- c:documents and settingsAll UsersApplication DataAlawarWrapper
    2009-07-17 19:01 . 2004-08-03 21:56 58880 —-a-w- c:windowssystem32atl.dll
    2009-07-12 10:09 . 2009-07-12 10:09

    d

    w- c:documents and settingsAll UsersApplication DataAgnitum
    2009-07-12 09:21 . 2004-08-03 21:56 233472 —-a-w- c:windowssystem32wmpdxm.dll
    2009-07-03 17:09 . 2004-08-03 21:56 915456 —-a-w- c:windowssystem32wininet.dll
    2009-06-16 14:36 . 2004-08-03 21:56 119808 —-a-w- c:windowssystem32t2embed.dll
    2009-06-16 14:36 . 2003-03-31 12:00 81920 —-a-w- c:windowssystem32fontsub.dll
    2009-06-12 12:31 . 2004-08-03 21:56 80896 —-a-w- c:windowssystem32tlntsess.exe
    2009-06-12 12:31 . 2004-08-03 21:56 76288 —-a-w- c:windowssystem32telnet.exe
    2009-06-10 14:13 . 2004-08-03 21:56 84992 —-a-w- c:windowssystem32avifil32.dll
    2009-06-10 06:19 . 2008-05-14 22:04 2066432 —-a-w- c:windowssystem32mstscax.dll
    2009-06-10 06:14 . 2004-08-03 21:56 132096 —-a-w- c:windowssystem32wkssvc.dll
    2009-06-05 16:59 . 2009-06-05 16:59 290816 —-a-w- c:documents and settingsArtem0305Application DataSystemRequirementsLabSRLProxy_nvd_4.dll
    2009-06-05 16:59 . 2009-06-05 16:59 290816 —-a-w- c:documents and settingsArtem0305Application DataSystemRequirementsLabSRLProxy_nvd_3.dll
    2009-06-05 16:59 . 2009-06-05 16:59 290816 —-a-w- c:documents and settingsArtem0305Application DataSystemRequirementsLabSRLProxy_nvd_2.dll
    2009-06-05 16:59 . 2009-06-05 16:59 290816 —-a-w- c:documents and settingsArtem0305Application DataSystemRequirementsLabSRLProxy_nvd_1.dll
    2009-06-05 08:42 . 2009-05-16 12:37 2060288 —-a-w- c:windowssystem32usbaaplrc.dll
    2009-06-05 08:42 . 2008-12-03 20:05 39424 —-a-w- c:windowssystem32driversusbaapl.sys
    2009-06-03 19:09 . 2004-08-03 21:56 1291264 —-a-w- c:windowssystem32quartz.dll
    .

    Sigcheck


    [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:windows$hf_mig$KB941644SP2QFEtcpip.sys
    [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:windows$hf_mig$KB951748SP3QFEtcpip.sys
    [7] 2008-04-13 21:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:windowsServicePackFilesi386tcpip.sys
    [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windowssystem32dllcachetcpip.sys
    [-] 2009-05-14 14:59 361600 167DB2344226BD05C8748633AF7AB241 c:windowssystem32driverstcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    «avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-08-17 81000]
    «wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
    «jsafesurf»=»c:program filesSafeSurfsafesurf.exe» [2009-08-22 165888]
    «MSConfig»=»c:windowspchealthhelpctrBinariesMSCONFIG.EXE» [2008-04-14 169984]

    [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
    «CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
    «UIHost»=»c:windowssystem32logonuiX.exe»

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv]
    2008-09-17 05:05 210168 —-a-w- c:program filesStardockObject DesktopWindowBlindsWbSrv.dll

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
    «AppInit_DLLs»=c:windowssystem32wbsys.dll

    [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

    [HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
    path=c:documents and settingsAll UsersStart MenuProgramsStartupSnagIt 8.lnk
    backup=c:windowspssSnagIt 8.lnkCommon Startup

    [HKLM~startupfolderC:^Documents and Settings^Artem0305^Start Menu^Programs^Startup^Create virtual drive for Denwer.lnk]

    [HKLM~startupfolderC:^Documents and Settings^Artem0305^Start Menu^Programs^Startup^NOD32 Control Center.lnk]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
    «AntiVirusOverride»=dword:00000001

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
    «%windir%\system32\sessmgr.exe»=
    «c:\Program Files\uTorrent\uTorrent.exe»=
    «%windir%\Network Diagnostic\xpnetdiag.exe»=
    «c:\WINDOWS\system32\PnkBstrA.exe»=
    «c:\WINDOWS\system32\PnkBstrB.exe»=
    «c:\WINDOWS\system32\dxdiag.exe»=
    «c:\Program Files\RevConnect\DCPlusPlus.exe»=
    «e:\Aplications\ICQ\ICQ6.5\ICQ.exe»=
    «c:\Program Files\WebMoney\WebMoney.exe»=
    «c:\Program Files\Bonjour\mDNSResponder.exe»=
    «c:\Program Files\Mozilla Firefox\firefox.exe»=
    «c:\Program Files\iTunes\iTunes.exe»=
    «c:\Program Files\ITTerritory\Dragons\DWarC2.exe»=
    «c:\Program Files\Skype\Phone\Skype.exe»=
    «c:\Documents and Settings\Artem0305\My Documents\Загрузки\VipIpClnt.exe»=

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
    «3389:TCP»= 3389:TCP:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [20.03.2009 15:59 114768]
    R1 BIOS;BIOS;c:windowssystem32driversBIOS.sys [15.05.2008 1:15 13696]
    R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [20.03.2009 15:59 20560]
    R3 FStarForce;FStarForce;c:windowssystem32driversFStarForce.sys [19.01.2009 21:01 7680]
    R3 MouseCap;MouseCapture Driver;c:windowssystem32driversMouseCap.sys [08.08.2005 14:44 6640]
    S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:windowssystem32driversAmps2prt.sys [09.05.2006 19:27 13824]
    S3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des -service —> c:windowssystem32GameMon.des -service [?]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the ‘Scheduled Tasks’ folder

    2009-08-24 c:windowsTasksAppleSoftwareUpdate.job
    — c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 10:34]

    2009-08-26 c:windowsTasksUser_Feed_Synchronization-{0C7B3E41-E059-406A-9DBF-C2DD79B2C774}.job
    — c:windowssystem32msfeedssync.exe [2007-08-13 01:31]
    .
    .

    Supplementary Scan

    .
    uStart Page = hxxp://www.google.ru/
    uInternet Settings,ProxyServer = socks=127.0.0.1:7070
    uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
    IE: E&xport to Microsoft Office Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
    IE: Закачать ВСЕ при помощи Download Master
    IE: Закачать при помощи Download Master
    IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
    LSP: c:windowssystem32DRWEBSP.DLL
    FF — ProfilePath — c:documents and settingsArtem0305Application DataMozillaFirefoxProfilesiqjskpvv.default
    FF — prefs.js: browser.startup.homepage — hxxp://www.google.ru/

    —- FIREFOX POLICIES —-
    c:program filesMozilla Firefoxgreprefsall.js — pref(«media.enforce_same_site_origin», false);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«media.cache_size», 51200);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«media.ogg.enabled», true);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«media.wave.enabled», true);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«media.autoplay.enabled», true);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.urlbar.autocomplete.enabled», true);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«capability.policy.mailnews.*.wholeText», «noAccess»);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.storage.default_quota», 5120);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«content.sink.event_probe_rate», 3);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«network.http.prompt-temp-redirect», true);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«layout.css.dpi», -1);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«layout.css.devPixelsPerPx», -1);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«gestures.enable_single_finger_input», true);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.max_chrome_script_run_time», 0);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«network.tcp.sendbuffer», 131072);
    c:program filesMozilla Firefoxgreprefsall.js — pref(«geo.enabled», true);
    c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.remember_cert_checkbox_default_setting», true);
    c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«browser.search.param.yahoo-fr», «moz35»);
    c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«browser.search.param.yahoo-fr-cjkt», «moz35»);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.blocklist.level», 2);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.urlbar.restrict.typed», «~»);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.urlbar.default.behavior», 0);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.history», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.formdata», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.passwords», false);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.downloads», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.cookies», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.cache», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.sessions», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.offlineApps», false);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.siteSettings», false);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.history», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.formdata», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.passwords», false);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.downloads», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.cookies», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.cache», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.sessions», true);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.offlineApps», false);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.siteSettings», false);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.sanitize.migrateFx3Prefs», false);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.ssl_override_behavior», 2);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«security.alternate_certificate_error_page», «certerror»);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.privatebrowsing.autostart», false);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.privatebrowsing.dont_prompt_on_enter», false);
    c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«geo.wifi.uri», «https://www.google.com/loc/json»);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-26 12:55
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc]
    «ImagePath»=»c:windowssystem32GameMon.des -service»
    .

    LOCKED REGISTRY KEYS


    [HKEY_USERSS-1-5-21-343818398-1844823847-725345543-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERSS-1-5-21-343818398-1844823847-725345543-1003SoftwareSecuROMLicense information*]
    «datasecu»=hex:64,3a,af,b7,55,9e,5a,38,5b,3a,7b,01,28,6f,e7,5c,46,5b,30,07,4d,
    36,87,69,a7,78,8b,41,2a,2e,c7,95,38,49,d5,5d,0f,c5,6d,dc,89,7f,ff,be,17,6d,
    «rkeysecu»=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

    [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @=»FlashBroker»
    «LocalizedString»=»@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe,-101»

    [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}Elevation]
    «Enabled»=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}LocalServer32]
    @=»c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe»

    [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}TypeLib]
    @=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»

    [HKEY_LOCAL_MACHINEsoftwareClassesInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @=»IFlashBroker3″

    [HKEY_LOCAL_MACHINEsoftwareClassesInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}ProxyStubClsid32]
    @=»{00020424-0000-0000-C000-000000000046}»

    [HKEY_LOCAL_MACHINEsoftwareClassesInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}TypeLib]
    @=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
    «Version»=»1.0»
    .

    DLLs Loaded Under Running Processes


    — — — — — — — > ‘winlogon.exe'(808)
    c:program filesStardockObject DesktopWindowBlindswbsrv.dll

    — — — — — — — > ‘lsass.exe'(936)
    c:windowssystem32DRWEBSP.DLL

    — — — — — — — > ‘explorer.exe'(996)
    c:windowssystem32WININET.dll
    c:windowssystem32ieframe.dll
    c:program filesCommon FilesAdobeAcrobatActiveXPDFShell.dll
    c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8caMSVCR80.dll
    c:program filesStardockObject DesktopWindowBlindstray.dll
    c:windowssystem32webcheck.dll
    c:windowssystem32WPDShServiceObj.dll
    c:windowssystem32PortableDeviceTypes.dll
    c:windowssystem32PortableDeviceApi.dll
    .
    Completion time: 2009-08-26 12:56
    ComboFix-quarantined-files.txt 2009-08-26 09:56
    ComboFix2.txt 2009-08-25 11:18

    Pre-Run: 88 100 904 960 bytes free
    Post-Run: 88 089 915 392 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU(2).exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
    [operating systems]
    c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional» /noexecute=optin /fastdetect

    365 — E O F — 2009-08-24 15:20

    Нажимаю на кнопку (на сист. блоке), появляется сначала надпись о моей видеокарте, и оперативной памяти. (Это на 2 сек.) И далее чёрный экран. Как он проходит, минуты 2-4. Продолжается загрузка компьютера. (Окно приветствия и т.д.).
    Жду дальнейших действий.

    26 августа, 2009 в 10:33 дп #25375
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Если попытаться войти в безопасный режим (нажимать F8 когда компьютер загружается), то меню где он выбирается появляется после черного экрана или до ?

    26 августа, 2009 в 10:41 дп #25376
    Dic
    Participant
    • Темы:2
    • Сообщений:17
    • ☆

    @Valeri wrote:

    Если попытаться войти в безопасный режим (нажимать F8 когда компьютер загружается), то меню где он выбирается появляется после черного экрана или до ?

    Сейчас попробую. Перезагружу компьютер. Заодно сниму процесс съёмки на фотоаппарат и выложу видео. Будет нагляднее.

    26 августа, 2009 в 11:18 дп #25377
    Dic
    Participant
    • Темы:2
    • Сообщений:17
    • ☆

    Вход в меню безопасного режима осуществляется после чёрного экрана. Видео пока-что загружается.

    26 августа, 2009 в 12:13 пп #25381
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Эта проблема постоянна ?
    Судя по всему дело не в самой Windows.

    26 августа, 2009 в 12:19 пп #25378
    Dic
    Participant
    • Темы:2
    • Сообщений:17
    • ☆

    @Valeri wrote:

    Эта проблема постоянна ?
    Судя по всему дело не в самой Windows.

    В смысле каждый ли раз так при включении? Тогда да.
    Видео еще грузиться. 80% загрузилось.
    Если дело не в Windows, в чём тогда? Что с моим приводом?

    26 августа, 2009 в 12:42 пп #25379
    Dic
    Participant
    • Темы:2
    • Сообщений:17
    • ☆

    Вот собственно видео: http://rutube.ru/tracks/2295568.html?v=ce5a36f1851d5b133385f44bf344e90d

    28 августа, 2009 в 2:46 пп #25382
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    Похоже на то, что BIOS опрашивает какое-то устройство и на этом моменте подвисает (точнее ждёт).
    Когда выходит время ожидания происходит дальнейшая загрузка.

    Попробуйте в БИОСЕ отключить показ заставки biostar, чтобы посмотреть, может в процесс инициализации устройст, биос выведет какое-либо сообщение.

    В последнее время не добавляли.удаляли устройства в компьютере ? Не перепрошивали БИОС ?

    28 августа, 2009 в 3:31 пп #25383
    Dic
    Participant
    • Темы:2
    • Сообщений:17
    • ☆

    @Valeri wrote:

    Похоже на то, что BIOS опрашивает какое-то устройство и на этом моменте подвисает (точнее ждёт).
    Когда выходит время ожидания происходит дальнейшая загрузка.

    Попробуйте в БИОСЕ отключить показ заставки biostar, чтобы посмотреть, может в процесс инициализации устройст, биос выведет какое-либо сообщение.

    В последнее время не добавляли.удаляли устройства в компьютере ? Не перепрошивали БИОС ?

    А как отключить-то? Не шарю я в этом.
    Нет, нечего не добавлял.

    30 августа, 2009 в 3:15 пп #25384
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    А какая модель материнской платы ? Документы сохранились ?

    31 августа, 2009 в 4:56 пп #25385
    Dic
    Participant
    • Темы:2
    • Сообщений:17
    • ☆

    @Valeri wrote:

    А какая модель материнской платы ? Документы сохранились ?

    Biostar P31-A7.

    3 сентября, 2009 в 4:11 пп #25386
    Admin
    Keymaster
    • Темы:40
    • Сообщений:5676
    • ☆☆☆☆☆

    В документации, найдите описание биоса, как в него зайти и параметр отвечающий за отключение лого при загрузке.
    После это зайдите в биос и отключите лого.
    Выключите компьютер, подождите 30секунд и включите.
    Посмотрите на сообщения что будет выдавать биос при загрузке.

  • Автор
    Сообщения
Просмотр 15 сообщений - с 1 по 15 (из 23 всего)
1 2 →
  • Для ответа в этой теме необходимо авторизоваться.
Войти

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Последние темы

  • Странность в Malwebytes опубликовано Artem225
    5 years, 9 months назад
  • SUSPICIOUS.FakedMBR.1 что делать, помогите!!! опубликовано White
    5 years, 9 months назад
  • Помогите пожалуйста вирус замучил. опубликовано dimazons1233211
    5 years, 11 months назад
  • Замучила реклама опубликовано Данила Беспятов
    6 years назад
  • Замучила реклама опубликовано Марк
    5 years, 10 months назад
  • Вирус S1.video.ru.net опубликовано ludovik
    6 years, 2 months назад
  • Чертов Safe Finder!!!! опубликовано kosta savo
    5 years, 11 months назад
  • ESET блокирует неизвестный сайт , вход на который не осуществлялся. опубликовано trollhamaren
    6 years, 4 months назад

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)