Похоже новый вирус! Моргае рабочий стол…

This topic has 2 ответа, 2 участника, and was last updated 15 years, 6 months назад by Sima.

Просмотр 3 сообщений - с 1 по 3 (из 3 всего)

Автор

Сообщения
12 марта, 2010 в 3:40 пп #18126
Sima
Participant
- Темы:1
- Сообщений:2
После загрузки системы Win XP SP3 начинает моргать рабочий стол и все иконки на нем, похоже без конца перезагружается explorer.exe.
В папке Windowssystem32 появляютс файлы chg.exe (118672 байт), wpa.dbl. После удаления появляются опять. Система лицензионная.
Никакие антивирусы ничего не находят.
Выручайте. Спасибо!

info.txt logfile of random’s system information tool 1.06 2010-03-12 18:11:26

======Uninstall list======

—>C:Program FilesNeroNero8\nerouninstallUNNERO.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
100 Happy Money Screen Saver 3.3—>»C:Program Files100 Happy Money 3unins000.exe»
Asterisk Key—>C:Program FilesPasswareariuinst.exe
Boris Graffiti—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{262BF2CD-601D-4F43-919C-4B00B1D1F338}setup.exe» -l0x9 -removeonly
Broadcom Management Programs—>MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Canopus Codec Option—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{772E9146-D676-4869-A298-047FF2A2B92D}setup.exe» -l0x9
CDBurnerXP—>»C:Program FilesCDBurnerXPunins000.exe»
CDRoller version 8.61—>»C:Program FilesCDRollerunins000.exe»
Color Finesse 2—>C:WINDOWSunvise32.exe C:Program FilesSynthetic ApertureColor Finesse 2uninstal.log
Compatibility Pack for the 2007 Office system—>MsiExec.exe /X{90120000-0020-0419-0000-0000000FF1CE}
Crawler Toolbar with Web Security Guard—>C:PROGRA~1CrawlerToolbarCToolbar.exe uninst
Dr.Web—>C:Program FilesInstallShield Installation Information{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}setup.exe -runfromtemp -l0x0019 -removeonly
EPSON Copy Utility 3—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{67EDD823-135A-4D59-87BD-950616D6E857}SETUP.EXE» -l0x19 -UnInstall
EPSON Print CD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}setup.exe» -l0x19 -SMT
EPSON Printer Software—>C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /r
EPSON Scan—>C:Program Filesepsonescndvsetupsetup.exe /r
GenArts Sapphire Plug-ins 2.06 for After Effects and Compatible—>»C:Program FilesGenArtsSapphireAEunins000.exe»
GetDataBack for NTFS—>»C:Program FilesRuntime SoftwareGetDataBack for NTFSUninstall.exe» «C:Program FilesRuntime SoftwareGetDataBack for NTFSinstall.log» -u
HDD Capacity Restore 1.2—>»C:Program FilesHDD Capacity Restoreunins000.exe»
High Definition Audio — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
HijackThis 2.0.2—>»C:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
HP Backup and Recovery Manager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime101Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}setup.exe» -l0x19 -uninst -removeonly
HP Color LaserJet CP4005—>»C:Program FilesHewlett-PackardInstall EnginesHP Color LaserJet CP4005setup.exe» /x
HP Display Assistant—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{84288B51-B162-47FB-A74E-25C6D67E44BB}setup.exe» -l0x9 -removeonly
HP Extended Capabilities 4.7—>C:Program FilesHPDigital ImagingExtCapUninstallhpzscr01.exe -datfile hpqhsc01.dat
HP Help and Support—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}SETUP.exe» -l0x19 -removeonly
HP Performance Tuning Framework—>MsiExec.exe /I{B959D256-E385-430F-BA86-111CD212A54C}
HP Software Update—>MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HP USB Disk Storage Format Tool—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}Setup.exe» -l0x9 anything
HP Workstation User Guides—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{808E5AB1-E98F-4362-AB10-B5B69CB2301C}SETUP.exe» -l0x9 -removeonly
IE7Pro—>C:Program FilesIEProuninst.exe
J2SE Runtime Environment 5.0—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
KC Softwares VideoInspector—>»C:Program FilesKC SoftwaresVideoInspectorunins000.exe»
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
MFPT 1.65.17.0—>»C:Program FilesMFPTunins000.exe»
Microsoft .NET Framework 2.0 Language Pack — RUS—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0 Language Pack — RUSinstall.exe
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Russian Language Pack—>c:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0 Russian Language Packsetup.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>MsiExec.exe /X{855B04CC-4F7A-4FBB-B7BA-D965D23F7AD5}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MKey v1.2.0—>»C:Program FilesMKeyunins000.exe»
Mozilla Firefox (3.5.5)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 6.0 Parser (KB925673)—>MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 9 Essentials—>C:Program FilesCommon FilesNeroNero ProductInstaller 4SetupX.exe REMOVESERIALNUMBER=»XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000″
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
Opera 10.00—>MsiExec.exe /X{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}
Outpost Firewall Pro 2009—>»C:Program FilesAgnitumOutpost Firewall Prounins000.exe»
PDF Complete—>C:Program FilesPDF Completepdfiutil.exe /UGUI
PDF Settings—>MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
Pinnacle Systems DV500 Effects—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{62311E1A-F0EE-463E-8BEE-E1EB80F7D002}setup.exe» -l0x9
Pinnacle Systems DV500—>C:WINDOWSUninstallsetup.exe
PortTunnel—>MsiExec.exe /I{B0EC0A98-2A6D-401A-B9B3-E7C278372C1F}
Process Lasso—>»C:Program FilesProcess Lassouninstall.exe»
proDAD Vitascene 1.0—>»C:Program FilesproDADVitascene-1.0uninstall.exe» uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
Punto Switcher 3.0—>C:Program FilesPunto Switcheruninstall.exe
QuickTime—>MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}SETUP.exe» -l0x19 -removeonly
Red Giant ToonIt Studio—>C:WINDOWSunvise32.exe C:Program FilesPinnacleStudio 14PluginsRTFxrgtoonitstudio.log
R-Studio 4.5—>C:Program FilesR-StudioUninstall.exe
RU—>MsiExec.exe /I{01AE68B4-C785-4865-BC7E-78456372BB75}
SaveChm—>»C:Program FilesSaveChmunins000.exe»
Security Task Manager 1.7h—>C:Program FilesSecurity Task ManagerUninstal.exe «C:Documents and SettingsAll UsersГлавное менюПрограммыSecurity Task Manager»
Sony Vegas Movie Studio Platinum 8.0—>MsiExec.exe /X{B8E8C8EC-5C22-4B02-9C02-D851262F574C}
SOTI Pocket Controller-Pro—>»C:Program FilesInstallShield Installation Information{52570B24-34DF-4285-BD83-6EC2B05D1248}setup.exe» -runfromtemp -l0x0009UNINSTALL -removeonly
SpeedFan (remove only)—>»C:Program FilesSpeedFanuninstall.exe»
Spyware Terminator—>»C:Program FilesSpyware Terminatorunins000.exe»
SRS Audio Sandbox—>MsiExec.exe /X{542C6F13-6861-4010-9EBC-6F068D397AD8}
Total Commander (Remove or Repair)—>C:Program FilesTotal Commandertcuninst.exe
Total Commander 7.04 PowerPack—>»C:Program FilesTotal Commanderuninstall.exe»
Trapcode 3DStroke Studio—>C:WINDOWSunvise32.exe C:Program FilesPinnacleStudio 14PluginsRTFxtc3dstrokestudio.log
Trapcode Particular Studio—>C:WINDOWSunvise32.exe C:Program FilesPinnacleStudio 14PluginsRTFxtcparticularstudio.log
Trapcode Shine Studio—>C:WINDOWSunvise32.exe C:Program FilesPinnacleStudio 14PluginsRTFxtcshinestudio.log
Trillian—>C:Program FilesTrillianTrillian.exe /uninstall
Unlocker 1.8.8—>C:Program FilesUnlockeruninst.exe
Update Manager—>MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA—>MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoFab Converter 1.0.1.5 Beta—>»C:Program FilesVideoFabunins000.exe»
VLC media player 1.0.2—>C:Program FilesVideoLANVLCuninstall.exe
Win IP Config 2.7—>C:Program Filespeko SoftwareWin IP Configuninst.exe
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Internet Explorer 7—>»C:WINDOWSie7spuninstspuninst.exe»
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows Presentation Foundation Language Pack (RUS)—>MsiExec.exe /X{D83A3DFC-8528-4E31-93DC-0A41C477109C}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation RU Language Pack—>MsiExec.exe /I{1C7ADED3-C371-40DF-A69D-FE0EA73DC394}
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
WinRAR archiver—>C:Program FilesWinRaruninstall.exe
WinSCP 4.2.5—>»C:Program FilesWinSCPunins000.exe»
WinServices v2.1.2.1—>»C:Program FilesWinToolsWinServicesunins000.exe»
WYSIWYG Web Builder 6 —>C:WINDOWSiun6002.exe «C:Program FilesWYSIWYG Web Builder 6irunin.ini»
XenCenter—>MsiExec.exe /I{84606A0E-4D0A-441D-93D1-DA1EFEDA4B87}
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Xplug Control—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{1DA99DBD-D807-4990-9F97-F1F758B729AC}Setup.exe» -l0x9
Базовый конструктор BartPE+XPE (26.03.2008)—>C:pebuilder_xpeuninst.exe
Драйвер Pinnacle Video Driver—>MsiExec.exe /X{6DE721A5-5E89-4D74-994C-652BB3C0672E}
Исправление для Windows XP (KB942288-v3)—>»C:WINDOWS$NtUninstallKB942288-v3$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Планшет—>C:Program FilesTabletRemove.exe /u
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Телефонный Справочник «Таганрог 2008″—>»C:Program FilesTaganrog2008unins000.exe»

======Security center information======

AV: Doctor Web Anti-Virus
FW: Outpost Firewall Pro

======System event log======

Computer Name: KAFMPS
Event Code: 257
Message: Таймаут отправки уведомления об изменении конечного устройства в окно «watchdirwindow»

Record Number: 18487
Source Name: PlugPlayManager
Time Written: 20100210152138.000000+180
Event Type: предупреждение
User:

Computer Name: KAFMPS
Event Code: 257
Message: Таймаут отправки уведомления об изменении конечного устройства в окно «watchdirwindow»

Record Number: 18486
Source Name: PlugPlayManager
Time Written: 20100210152138.000000+180
Event Type: предупреждение
User:

Computer Name: KAFMPS
Event Code: 257
Message: Таймаут отправки уведомления об изменении конечного устройства в окно «watchdirwindow»

Record Number: 18485
Source Name: PlugPlayManager
Time Written: 20100210152138.000000+180
Event Type: предупреждение
User:

Computer Name: KAFMPS
Event Code: 257
Message: Таймаут отправки уведомления об изменении конечного устройства в окно «watchdirwindow»

Record Number: 18484
Source Name: PlugPlayManager
Time Written: 20100210152138.000000+180
Event Type: предупреждение
User:

Computer Name: KAFMPS
Event Code: 257
Message: Таймаут отправки уведомления об изменении конечного устройства в окно «watchdirwindow»

Record Number: 18483
Source Name: PlugPlayManager
Time Written: 20100210152138.000000+180
Event Type: предупреждение
User:

=====Application event log=====

Computer Name: KAFMPS
Event Code: 13
Message: SpIDer Guard started OK.

Record Number: 5334
Source Name: SPIDERNT
Time Written: 20100309134807.000000+180
Event Type: информация
User:

Computer Name: KAFMPS
Event Code: 0
Message:
Record Number: 5333
Source Name: pdfcDispatcher
Time Written: 20100309134806.000000+180
Event Type: информация
User:

Computer Name: KAFMPS
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 5332
Source Name: LightScribeService
Time Written: 20100309134758.000000+180
Event Type: информация
User:

Computer Name: KAFMPS
Event Code: 105
Message: The service was started.

Record Number: 5331
Source Name: DTSRVC
Time Written: 20100309134754.000000+180
Event Type: информация
User:

Computer Name: KAFMPS
Event Code: 1
Message:
Record Number: 5330
Source Name: Bonjour Service
Time Written: 20100309134753.000000+180
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesPinnacleShared Files;C:Program FilesQuickTimeQTSystem;C:Program FilesPinnacleShared Files
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 7, GenuineIntel
«PROCESSOR_REVISION»=0f07
«NUMBER_OF_PROCESSORS»=4
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=.;C:Program FilesJavajre1.5.0libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.5.0libextQTJava.zip

EOF

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Sas at 2010-03-12 18:11:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (13%) free of 71 GB
Total RAM: 3327 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:23, on 12.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesABBYYFineReader9.00LicensingCENetworkLicenseServer.exe
C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesPDF Completepdfsty.exe
C:Program FilesAshampooAshampoo Magical Defrag 3defragservice.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSSMINSTScheduler.exe
C:Program FilesPortrait DisplaysHP Display AssistantDTSRVC.exe
C:PROGRA~1DrWebspiderui.exe
C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesCDBurnerXPNMSAccessU.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesPDF Completepdfsvc.exe
C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863HPZipm12.exe
C:PROGRA~1DrWebspidernt.exe
C:Program FilesSpyware Terminatorsp_rsser.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Tablet.exe
C:Program FilesCommon FilesAcronisFomatikTrueImageTryStartService.exe
C:WINDOWSsystem32WTabletTabUserW.exe
C:WINDOWSsystem32Tablet.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesAshampooAshampoo Magical Defrag 3defragmonitorservice.exe
C:Program FilesAshampooAshampoo Magical Defrag 3defragActivityMonitor.exe
C:WINDOWSsystem32taskmgr.exe
C:Program FilesTotal CommanderTotalcmd.exe
D:2RSIT.exe
C:Program FilesTrend MicroHijackThisSas.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.hp.com/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 192.168.3.1:3128
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local;192.168.3.20;192.168.3.168;192.168.3.2;192.168.3.124;
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: IE7Pro — {00011268-E188-40DF-A514-835FCD78B1BF} — C:Program FilesIEProiepro.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 — BHO: (no name) — {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} — C:PROGRA~1CrawlerToolbarctbr.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: AcroIEToolbarHelper Class — {AE7CD045-E861-484f-8273-0445EE161910} — C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Adobe PDF — {47833539-D0C5-4125-9FA8-0819E2EAAC93} — C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O3 — Toolbar: Панель &Crawler — {4B3803EA-5230-4DC3-A7FC-33638F3D3542} — C:PROGRA~1CrawlerToolbarctbr.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [PDF Complete] «C:Program FilesPDF Completepdfsty.exe»
O4 — HKLM..Run: [Recguard] C:WINDOWSSminstRecguard.exe
O4 — HKLM..Run: [Scheduler] C:WINDOWSSMINSTScheduler.exe
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DrWebspiderui.exe /agent
O4 — HKLM..Run: [FinePrint Dispatcher v5] «C:WINDOWSSystem32spoolDRIVERSW32X863fpdisp5a.exe» /source=HKLM
O4 — HKLM..Run: [TrueImageMonitor.exe] C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe
O4 — HKLM..Run: [AcronisTimounterMonitor] C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe
O4 — HKLM..Run: [Acronis Scheduler2 Service] «C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe»
O4 — HKLM..Run: [NexusServer] «C:Program FilesCommon FilesGrass ValleyProCoder 3KernelPNXSERVR.exe» -SelfLaunch
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [OutpostFeedBack] «C:Program FilesAgnitumOutpost Firewall Profeedback.exe» /dump:os_startup
O4 — HKLM..Run: [DefragTaskBar] «C:Program FilesAshampooAshampoo Magical Defrag 3defragtaskbar.exe»
O4 — HKLM..Run: [RemoteControl9] «C:Program FilesCyberLinkPowerDVD9PDVD9Serv.exe»
O4 — HKLM..Run: [BDRegion] C:Program FilesCyberlinkShared filesbrs.exe
O4 — HKLM..Run: [OutpostMonitor] «C:PROGRA~1AgnitumOUTPOS~1op_mon.exe» /tray /noservice
O4 — HKLM..Run: [USBToolTip] C:PROGRA~1PinnacleSHARED~1ProgramsUSBTipUSBTip.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [SpywareTerminator] «c:Program FilesSpyware TerminatorSpywareTerminatorShield.exe»
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncwcescomm.exe»
O4 — HKCU..Run: [MKey] C:Program FilesMKeyMkey.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:WINDOWSsystem32spooldriversw32x863E_SRCV02.EXE
O8 — Extra context menu item: Crawler Search — tbr:iemenu
O9 — Extra button: IE7Pro Grab and Drag — {000002a3-84fe-43f1-b958-f2c3ca804f1a} — C:Program FilesIEProiepro.dll
O9 — Extra ‘Tools’ menuitem: IE7Pro Grab and Drag — {000002a3-84fe-43f1-b958-f2c3ca804f1a} — C:Program FilesIEProiepro.dll
O9 — Extra button: IE7Pro Preferences — {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} — C:Program FilesIEProiepro.dll
O9 — Extra ‘Tools’ menuitem: IE7Pro Preferences — {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} — C:Program FilesIEProiepro.dll
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0binnpjpi150.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0binnpjpi150.dll
O9 — Extra button: Print Using ClickBook — {180E1E16-F536-4B51-9723-6025D98AA375} — C:Program FilesBlue SquirrelClickBookmacrosieprint.htm
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~3INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~3INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Создание избранного на мобильном устройстве… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MICROS~3INetRepl.dll
O9 — Extra button: SaveChm — {34F8C0D0-06F7-4f71-9E8E-190337851167} — C:Program FilesSaveChmSaveChm.vbs
O9 — Extra ‘Tools’ menuitem: SaveChm — {34F8C0D0-06F7-4f71-9E8E-190337851167} — C:Program FilesSaveChmSaveChm.vbs
O9 — Extra button: Быстрая настройка Outpost Firewall Pro — {44627E97-789B-40d4-B5C2-58BD171129A1} — C:Program FilesAgnitumOutpost Firewall Proie_bar.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} (Gif89 Lite Class) — http://192.168.3.20/xplugLite.cab
O18 — Protocol: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — C:PROGRA~1CrawlerToolbarctbr.dll
O20 — AppInit_DLLs: c:progra~1agnitumoutpos~1wl_hook.dll
O23 — Service: ABBYY FineReader 9.0 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.9.0) — ABBYY (BIT Software) — C:Program FilesCommon FilesABBYYFineReader9.00LicensingCENetworkLicenseServer.exe
O23 — Service: Acronis Scheduler2 Service (AcrSch2Svc) — Acronis — C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
O23 — Service: Agnitum Client Security Service (acssrv) — Agnitum Ltd. — C:PROGRA~1AgnitumOUTPOS~1acs.exe
O23 — Service: Ashampoo Defrag Service — Unknown owner — C:Program FilesAshampooAshampoo Magical Defrag 3defragservice.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Portrait Displays Display Tune Service (DTSRVC) — Unknown owner — C:Program FilesPortrait DisplaysHP Display AssistantDTSRVC.exe
O23 — Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) — SEIKO EPSON CORPORATION — C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: HP Port Resolver — Hewlett-Packard Company — C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863HPBPRO.EXE
O23 — Service: HP Status Server — Hewlett-Packard Company — C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863HPBOID.EXE
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Unknown owner — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe (file missing)
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: NMSAccessU — Unknown owner — C:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: PC Angel (PCA) — SoftThinks — C:WINDOWSSMINSTPCAngel.exe
O23 — Service: PDF Document Manager (pdfcDispatcher) — PDF Complete Inc — C:Program FilesPDF Completepdfsvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863HPZipm12.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DrWebspidernt.exe
O23 — Service: Spyware Terminator Realtime Shield Service (sp_rssrv) — Crawler.com — C:Program FilesSpyware Terminatorsp_rsser.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: TabletService — Wacom Technology, Corp. — C:WINDOWSsystem32Tablet.exe
O23 — Service: Acronis Try And Decide Service (TryAndDecideService) — Unknown owner — C:Program FilesCommon FilesAcronisFomatikTrueImageTryStartService.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O23 — Service: WEP/WPA-PMK key recovery service (WZCOOK) — Unknown owner — D:Install1For_NetWIFIAirCrackwzcook.exe

—
End of file — 13688 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO — C:Program FilesIEProiepro.dll [2009-02-04 752744]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dll [2003-05-14 50376]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:PROGRA~1CrawlerToolbarctbr.dll [2010-01-28 1230288]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class — C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} — Adobe PDF — C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll [2003-05-15 147456]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} — Панель &Crawler — C:PROGRA~1CrawlerToolbarctbr.dll [2010-01-28 1230288]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-07-20 8466432]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2006-08-23 16050688]
«PDF Complete»=C:Program FilesPDF Completepdfsty.exe [2007-08-10 331288]
«Recguard»=C:WINDOWSSminstRecguard.exe [2006-05-12 1138688]
«Scheduler»=C:WINDOWSSMINSTScheduler.exe [2006-07-10 872448]
«SpIDerNT»=C:PROGRA~1DrWebspiderui.exe [2008-10-23 197896]
«FinePrint Dispatcher v5″=C:WINDOWSSystem32spoolDRIVERSW32X863fpdisp5a.exe [2007-06-30 499712]
«TrueImageMonitor.exe»=C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe [2007-11-20 2615896]
«AcronisTimounterMonitor»=C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe [2007-11-20 910864]
«Acronis Scheduler2 Service»=C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe [2007-11-20 140568]
«NexusServer»=C:Program FilesCommon FilesGrass ValleyProCoder 3KernelPNXSERVR.exe [2008-08-05 520192]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«OutpostFeedBack»=C:Program FilesAgnitumOutpost Firewall Profeedback.exe [2009-09-23 436552]
«DefragTaskBar»=C:Program FilesAshampooAshampoo Magical Defrag 3defragtaskbar.exe [2009-12-16 927072]
«RemoteControl9″=C:Program FilesCyberLinkPowerDVD9PDVD9Serv.exe [2009-12-31 87336]
«BDRegion»=C:Program FilesCyberlinkShared filesbrs.exe [2009-12-15 75048]
«OutpostMonitor»=C:PROGRA~1AgnitumOUTPOS~1op_mon.exe [2009-09-23 1270080]
«USBToolTip»=C:PROGRA~1PinnacleSHARED~1ProgramsUSBTipUSBTip.exe [2007-02-20 199752]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-09-06 413696]
«SpywareTerminator»=c:Program FilesSpyware TerminatorSpywareTerminatorShield.exe [2010-03-12 2166784]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherpunto.exe [2008-10-16 735016]
«H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2005-11-15 1200128]
«MKey»=C:Program FilesMKeyMkey.exe [2010-02-07 2402816]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDefragTaskBar]
C:Program FilesAshampooAshampoo Magical Defrag 3defragtaskbar.exe [2009-12-16 927072]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2004-09-13 49152]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHPUsageTracking]
C:Program FilesHPHP UTbinhppusg.exe [2005-09-07 36864]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSPM Startup]
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSScheduler]
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeQTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
C:Program FilesCyberLinkPowerDVDPDVDServ.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregToolBoxFX]
C:Program FilesHPToolBoxFXbinHPTLBXFX.exe [2006-10-06 53248]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
EPSON Status Monitor 3 Environment Check 2.lnk — C:WINDOWSsystem32spooldriversw32x863E_SRCV02.EXE

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»c:progra~1agnitumoutpos~1wl_hook.dll»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
relog_ap

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=91000000

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSSMINSTScheduler.exe»=»C:WINDOWSSMINSTScheduler.exe:*:Enabled:Scheduler «
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesIEProMiniDM.exe»=»C:Program FilesIEProMiniDM.exe:*:Enabled:MiniDM»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«F:setupHPZNET01.EXE»=»F:setupHPZNET01.EXE:*:Enabled:hpznet01.exe»
«F:setuphppapd.exe»=»F:setuphppapd.exe:*:Enabled:hppapd.exe»
«F:setupHPPNICIFS01.EXE»=»F:setupHPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe»
«F:setupHPNTWKEXE.EXE»=»F:setupHPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
«C:Program FilesCyberLinkPowerDVD9PowerDVD9.exe»=»C:Program FilesCyberLinkPowerDVD9PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1ab83c4b-2678-11de-9fb4-001e0b2c58cc}]
shellAutoRuncommand — H:RESTOREH-6-1-53-0976546321-090909032-8763-1337GooD.exe
shellopencommand — H:RESTOREH-6-1-53-0976546321-090909032-8763-1337GooD.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5f732262-af14-11de-ad3d-001e0b2c58cc}]
shellAutoRuncommand — J:RECYCLERk-1-3542-4232123213-7676767-8888886hn.exe
shellopencommand — J:RECYCLERk-1-3542-4232123213-7676767-8888886hn.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a3774e42-b890-11de-ad4a-001e0b2c58cc}]
shellAutoRuncommand — H:DODAJENENeST.exe
shellopencommand — H:DODAJENENeST.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c6bf5e8c-d01f-11de-ad60-001e0b2c58cc}]
shellAutoRuncommand — F1X1trx.exe
shellopencommand — F1X1trx.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d8350abd-5bcf-11de-a00c-001e0b2c58cc}]
shellAutoRuncommand — DriverFilesDT.exe
shellopencommand — DriverFilesDT.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ec41a913-f74e-11dd-9bcd-001e0b2c58cc}]
shellAutoRuncommand — H:RESTORES-1-5-21-1482476501-1644491937-682003330-1013SYS32.exe
shellopencommand — H:RESTORES-1-5-21-1482476501-1644491937-682003330-1013SYS32.exe

======List of files/folders created in the last 1 months======

2010-03-12 17:49:11 —-D—- C:rsit
2010-03-12 16:56:23 —-A—- C:WINDOWSe1.exe
2010-03-12 15:57:28 —-D—- C:Program FilesCrawler
2010-03-12 15:57:13 —-D—- C:Documents and SettingsАдминистраторApplication DataSpyware Terminator
2010-03-12 15:57:13 —-D—- C:Documents and SettingsAll UsersApplication DataSpyware Terminator
2010-03-12 15:57:09 —-D—- C:Program FilesSpyware Terminator
2010-03-12 15:51:14 —-D—- C:Program FilesTrend Micro
2010-03-12 15:30:43 —-D—- C:Program FilesWinTools
2010-03-12 15:09:09 —-A—- C:WINDOWSsystem32PerfStringBackup.TMP
2010-03-12 14:03:14 —-D—- C:Documents and SettingsAll UsersApplication DataSecTaskMan
2010-03-12 14:03:11 —-D—- C:Program FilesSecurity Task Manager
2010-03-12 08:41:59 —-D—- C:Program FilesPrevx
2010-03-12 08:41:37 —-D—- C:Documents and SettingsAll UsersApplication DataPrevxCSI
2010-03-11 15:11:30 —-D—- C:Avenger
2010-03-11 15:11:30 —-A—- C:avenger.txt
2010-03-11 08:45:39 —-A—- C:WINDOWSntbtlog.txt
2010-02-27 14:25:22 —-A—- C:WINDOWSsystem32dopdfmn6.dll
2010-02-27 14:25:22 —-A—- C:WINDOWSsystem32dopdfmi6.dll
2010-02-27 14:24:45 —-D—- C:Program FilesSoftland
2010-02-25 14:50:32 —-D—- C:11
2010-02-25 13:23:07 —-A—- C:WINDOWSModemLog_Rockwell 56000 External Modem PnP.txt
2010-02-25 12:55:49 —-A—- C:WINDOWSdx7ogl32.dll
2010-02-25 12:55:46 —-D—- C:Program Files100 Happy Money 3
2010-02-25 12:38:15 —-D—- C:10
2010-02-25 12:14:52 —-RA—- C:WINDOWSsystem32ftserui2.dll
2010-02-25 12:14:52 —-RA—- C:WINDOWSsystem32FTLang.dll
2010-02-25 12:14:23 —-RA—- C:WINDOWSsystem32ftdiunin.exe
2010-02-25 12:14:23 —-RA—- C:WINDOWSsystem32ftdiun2k.ini
2010-02-25 12:14:23 —-RA—- C:WINDOWSsystem32ftd2xx.dll
2010-02-25 12:14:23 —-RA—- C:WINDOWSsystem32ftbusui.dll
2010-02-18 10:10:26 —-HDC—- C:WINDOWSie8
2010-02-17 15:43:20 —-D—- C:Documents and SettingsАдминистраторApplication DataSteelBytes
2010-02-17 15:42:52 —-D—- C:Program FilesSteelBytes

======List of files/folders modified in the last 1 months======

2010-03-12 18:11:12 —-D—- C:Program FilesDrWeb
2010-03-12 18:10:31 —-D—- C:WINDOWSsystem32
2010-03-12 18:09:08 —-D—- C:WINDOWSTemp
2010-03-12 18:01:37 —-D—- C:Documents and SettingsАдминистраторApplication DataWTablet
2010-03-12 18:01:16 —-D—- C:WINDOWSSMINST
2010-03-12 17:55:17 —-D—- C:WINDOWSsystem32CatRoot2
2010-03-12 17:55:17 —-A—- C:WINDOWSSchedLgU.Txt
2010-03-12 17:35:52 —-D—- C:WINDOWSCREATOR
2010-03-12 17:02:58 —-RSHD—- C:WINDOWSsystem32dllcache
2010-03-12 17:02:52 —-D—- C:WINDOWS
2010-03-12 16:53:38 —-RD—- C:Program Files
2010-03-12 15:57:16 —-D—- C:WINDOWSsystem32drivers
2010-03-12 10:13:58 —-ASH—- C:boot.ini
2010-03-12 10:13:57 —-A—- C:WINDOWSwin.ini
2010-03-12 10:13:57 —-A—- C:WINDOWSsystem.ini
2010-03-12 10:00:30 —-A—- C:WINDOWSwininit.ini
2010-03-12 09:58:10 —-D—- C:WINDOWSsystem32config
2010-03-12 09:16:09 —-SHD—- C:RECYCLER
2010-03-12 08:48:14 —-D—- C:1
2010-03-11 16:33:03 —-D—- C:Program FilesProcess Lasso
2010-03-11 15:18:03 —-D—- C:WINDOWSPrefetch
2010-03-11 15:15:18 —-D—- C:WINDOWSpss
2010-03-11 14:19:07 —-D—- C:Downloads
2010-03-11 08:48:28 —-D—- C:WINDOWSsystem32wbem
2010-03-11 08:48:28 —-D—- C:WINDOWSRegistration
2010-03-11 08:48:12 —-SHD—- C:WINDOWSInstaller
2010-03-11 08:48:11 —-HD—- C:Config.Msi
2010-03-11 08:48:11 —-D—- C:Documents and SettingsАдминистраторApplication DataMKey
2010-03-11 08:48:09 —-D—- C:Documents and SettingsАдминистраторApplication Datadvdcss
2010-03-10 11:57:41 —-D—- C:Documents and SettingsАдминистраторApplication Datavlc
2010-03-10 10:10:49 —-D—- C:Program FilesMozilla Firefox
2010-03-05 15:07:41 —-A—- C:WINDOWSclikbook.ini
2010-03-05 13:01:15 —-D—- C:Temp
2010-03-05 13:00:19 —-D—- C:5
2010-03-03 15:48:33 —-D—- C:8
2010-03-01 15:23:26 —-D—- C:Temp_Video
2010-03-01 12:34:54 —-A—- C:WINDOWSNeroDigital.ini
2010-03-01 10:42:03 —-D—- C:Program FilesCommon FilesNero
2010-03-01 10:40:56 —-D—- C:Program FilesNero
2010-03-01 10:30:58 —-D—- C:Documents and SettingsАдминистраторApplication DataNero
2010-03-01 10:29:37 —-D—- C:Documents and SettingsAll UsersApplication DataNero
2010-02-27 13:59:53 —-RSD—- C:WINDOWSFonts
2010-02-27 13:59:41 —-SD—- C:Documents and SettingsАдминистраторApplication DataMicrosoft
2010-02-25 12:15:13 —-HD—- C:WINDOWSinf
2010-02-24 12:13:18 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2010-02-18 14:17:28 —-D—- C:6
2010-02-18 13:34:49 —-D—- C:Temp_Scan
2010-02-18 10:24:40 —-D—- C:WINDOWSsystem32ru-ru
2010-02-18 10:24:39 —-D—- C:WINDOWSMedia
2010-02-18 10:24:39 —-D—- C:WINDOWSHelp
2010-02-18 10:24:39 —-D—- C:Program FilesInternet Explorer
2010-02-17 14:58:58 —-HDC—- C:WINDOWS$MSI31Uninstall_KB893803v2$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R1 LStone;Pinnacle Systems DV500 Overlay; C:WINDOWSsystem32DRIVERSlstone2k.sys [2002-12-10 256113]
R1 MemAlloc;MemAlloc; C:WINDOWSsystem32DRIVERSmemalloc.sys [2002-08-26 5543]
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2002-09-16 4228]
R1 SandBox;SandBox; C:WINDOWSsystem32DRIVERSSandBox.sys [2009-08-28 714112]
R1 sp_rsdrv2;Spyware Terminator Driver 2; ??C:WINDOWSsystem32driverssp_rsdrv2.sys []
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-18 12032]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/11 10:12:57]; ??C:Program FilesCyberLinkPowerDVD9NavFilter00.fcl []
R2 Hardlock;Hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 pxrts;pxrts; C:WINDOWSSystem32driverspxrts.sys [2010-03-12 50504]
R2 SPIDER;SpIDer Guard File System Monitor; ??C:PROGRA~1DrWebspider.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:WINDOWSsystem32DRIVERStifsfilt.sys [2009-03-27 44384]
R3 afw;Agnitum firewall driver; C:WINDOWSsystem32DRIVERSafw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:WINDOWSsystem32driversafwcore.sys [2009-09-14 256792]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-14 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:WINDOWSsystem32DRIVERSb57xp32.sys [2006-05-20 156160]
R3 dot4;Драйвер MS IEEE-1284.4; C:WINDOWSsystem32DRIVERSDot4.sys [2008-04-14 206976]
R3 Dot4Print;Драйвер класса принтеров для IEEE-1284.4; C:WINDOWSsystem32DRIVERSDot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:WINDOWSsystem32DRIVERSdot4usb.sys [2001-10-19 23936]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-08-24 4374016]
R3 MarvinBus;Pinnacle Marvin Bus; C:WINDOWSsystem32DRIVERSMarvinBus.sys [2005-09-23 171520]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-14 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-07-20 6808192]
R3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2009-12-23 47360]
R3 PdiPorts;Portrait Displays low level device driver; C:WINDOWSSystem32DriversPdiPorts.sys [2006-10-06 15920]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:WINDOWSsystem32driverssrs_sscfilter_i386.sys [2009-12-15 268912]
R3 StillCam;Драйвер цифровой фотокамеры для посл. порта; C:WINDOWSsystem32DRIVERSserscan.sys [2001-10-19 6912]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:WINDOWSsystem32DRIVERSwacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:WINDOWSsystem32DRIVERSwacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:WINDOWSsystem32DRIVERSWacomVKHid.sys [2007-02-16 11440]
S1 P3;Драйвер Intel PentiumIII процессора; C:WINDOWSsystem32DRIVERSp3.sys [2008-04-14 46976]
S3 61883;Устройство 61883; C:WINDOWSsystem32DRIVERS61883.sys [2008-04-14 48128]
S3 a6k1reze;a6k1reze; C:WINDOWSsystem32driversa6k1reze.sys []
S3 ac97intc;Intel(r) 82801 служба установки аудиодрайвера (WDM); C:WINDOWSsystem32driversac97intc.sys [2001-08-18 96256]
S3 ASWFilt;ASWFilt; C:WINDOWSsystem32FiltASWFilt.dll [2009-08-28 33920]
S3 Avc;Устройство AVC; C:WINDOWSsystem32DRIVERSavc.sys [2008-04-14 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:WINDOWSsystem32DRIVERSavcstrm.sys [2008-04-14 13696]
S3 Blfp;Broadcom Advanced Server Program Driver; C:WINDOWSsystem32DRIVERSbaspxp32.sys [2006-04-07 67584]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-07-09 16384]
S3 E100B;Intel PRO адаптер, драйвер; C:WINDOWSsystem32DRIVERSe100b325.sys [2001-10-20 117760]
S3 FTDIBUS;USB Serial Converter Driver; C:WINDOWSsystem32driversftdibus.sys [2006-05-18 47249]
S3 FTSER2K;USB Serial Port Driver; C:WINDOWSsystem32driversftser2k.sys [2006-05-18 61067]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
S3 i81x;i81x; C:WINDOWSsystem32DRIVERSi81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:WINDOWSsystem32DRIVERSwADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:WINDOWSsystem32DRIVERSwADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:WINDOWSsystem32DRIVERSwADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:WINDOWSsystem32DRIVERSwSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:WINDOWSsystem32DRIVERSwVchNTxx.sys [2004-08-04 19455]
S3 iAimFP5;iAimFP5; C:WINDOWSsystem32DRIVERSwADV07nt.sys [2004-08-04 11807]
S3 iAimFP6;iAimFP6; C:WINDOWSsystem32DRIVERSwADV08nt.sys [2004-08-04 11295]
S3 iAimFP7;iAimFP7; C:WINDOWSsystem32DRIVERSwADV09nt.sys [2004-08-04 11871]
S3 iAimTV0;iAimTV0; C:WINDOWSsystem32DRIVERSwATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:WINDOWSsystem32DRIVERSwATV02NT.sys [2004-08-04 19551]
S3 iAimTV3;iAimTV3; C:WINDOWSsystem32DRIVERSwATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:WINDOWSsystem32DRIVERSwCh7xxNT.sys [2004-08-04 23615]
S3 iAimTV5;iAimTV5; C:WINDOWSsystem32DRIVERSwATV10nt.sys [2004-08-04 25471]
S3 iAimTV6;iAimTV6; C:WINDOWSsystem32DRIVERSwATV06nt.sys [2004-08-04 22271]
S3 MSDV;Microsoft DV Camera and VCR; C:WINDOWSsystem32DRIVERSmsdv.sys [2004-07-09 52096]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:WINDOWSsystem32DRIVERSmstape.sys [2008-04-14 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2002-12-11 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-07-09 10112]
S3 pdiddcci;DDC/CI monitor; C:WINDOWSSystem32DRIVERSpdiddcci.sys [2006-10-13 11776]
S3 PortTalk;PortTalk; C:WINDOWSSystem32DriversPortTalk.sys [2002-01-12 3567]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-07-09 14976]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2005-06-14 104576]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 adpu320;adpu320; C:WINDOWSsystem32DRIVERSadpu320.sys [2002-05-09 105472]
S4 IntelIde;IntelIde; C:WINDOWSsystem32DRIVERSintelide.sys [2008-04-14 5504]
S4 Symmpi;Symmpi; C:WINDOWSsystem32DRIVERSsymmpi.sys [2002-04-04 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Corporate.9.0;ABBYY FineReader 9.0 CE Licensing Service; C:Program FilesCommon FilesABBYYFineReader9.00LicensingCENetworkLicenseServer.exe [2007-11-21 660768]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:Program FilesCommon FilesAcronisSchedule2schedul2.exe [2007-11-20 427288]
R2 acssrv;Agnitum Client Security Service; C:PROGRA~1AgnitumOUTPOS~1acs.exe [2009-09-23 1338560]
R2 Ashampoo Defrag Service;Ashampoo Defrag Service; C:Program FilesAshampooAshampoo Magical Defrag 3defragservice.exe [2009-12-16 890208]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 DTSRVC;Portrait Displays Display Tune Service; C:Program FilesPortrait DisplaysHP Display AssistantDTSRVC.exe [2006-10-13 69632]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:Program FilesCommon FilesEPSONEBAPISAgent2.exe [2001-10-25 90112]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-04-19 75304]
R2 NMSAccessU;NMSAccessU; C:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-07-20 155716]
R2 pdfcDispatcher;PDF Document Manager; C:Program FilesPDF Completepdfsvc.exe [2007-08-10 540184]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863HPZipm12.exe [2005-04-29 69632]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:Program FilesSpyware Terminatorsp_rsser.exe [2010-03-12 488960]
R2 SPIDERNT;SpIDer Guard for Windows; C:PROGRA~1DrWebspidernt.exe [2008-10-23 197896]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 TabletService;TabletService; C:WINDOWSsystem32Tablet.exe [2007-06-04 1197616]
R2 TryAndDecideService;Acronis Try And Decide Service; C:Program FilesCommon FilesAcronisFomatikTrueImageTryStartService.exe [2007-11-20 495600]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe []
S2 PCA;PC Angel; C:WINDOWSSMINSTPCAngel.exe [2006-06-13 364544]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-01-14 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 HP Port Resolver;HP Port Resolver; C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863HPBOID.EXE [2004-10-16 73728]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2008-02-28 529704]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S3 WZCOOK;WEP/WPA-PMK key recovery service; D:Install1For_NetWIFIAirCrackwzcook.exe [2005-12-16 40960]
S4 NetTcpPortSharing;Служба общего доступа к портам Net.Tcp; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]

EOF
12 марта, 2010 в 3:47 пп #28986
Sima
Participant
- Темы:1
- Сообщений:2
Забыл добавить, можно запустить по CTR+ALT+DEL менеджер задач и из под него запустить например проводник или другую прогу. Но при этом моргает экран и запущенная прога становится неактивной, приходится на неее переключаться и тогда что-то можно делать. Но работать на компе практически невозможно.
Спасибо.
13 марта, 2010 в 7:55 пп #28985
Admin
Keymaster
- Темы:40
- Сообщений:5676
Выполним дополнительную проверку.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.
Автор

Сообщения

Просмотр 3 сообщений - с 1 по 3 (из 3 всего)

Для ответа в этой теме необходимо авторизоваться.

Похоже новый вирус! Моргае рабочий стол…

Добро пожаловать

Поиск

Последние темы

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки