- This topic has 3 ответа, 2 участника, and was last updated 16 years, 1 month назад by
.
-
Сообщения
-
Symantek не обнаруживает ничего. Проверил RSIT. Лог ниже. Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-04-02 12:47:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 61 GB (86%) free of 71 GB
Total RAM: 2046 MB (79% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:06, on 02.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe
C:Program FilesABBYY Lingvo 12Lvagent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesCanonCALCALMAIN.exe
C:WINDOWSTEMPRtkBtMnt.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_07binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: eurrvquP — {AAF01C24-2681-4FE6-9EDC-F7772F810E73} — C:Documents and SettingsAll UsersApplication DataMicrosoftMedia Playereurrvqu.dll
O2 — BHO: sowwrquP — {DB3645BA-5C28-4E2D-8C99-41DC53D19B7C} — C:Documents and SettingsAll UsersApplication Datasowwrqu.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O4 — HKLM..Run: [IAAnotif] «C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe»
O4 — HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 12Lvagent.exe» /STARTUP
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [NwOpenMS] rundll32.exe «C:Program FilesCommon FilesMicrosoft SharedWeb Foldersuqvrrue.dll»,DllRegisterServer
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKCU..Run: [QIP2005] D:МойоQIPqip.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: BTTray.lnk = ?
O8 — Extra context menu item: &Google Search — res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 — Extra context menu item: &Отправить на устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: &Перевести — C:Program FilesArsenal CompanySOCRAT InternetHTMLWSocrat.js
O8 — Extra context menu item: &Перевести с помощью ABBYY Lingvo… — res://C:Program FilesABBYY Lingvo 12Lingvo.exe/3000
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Backward Links — res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 — Extra context menu item: Cached Snapshot of Page — res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 — Extra context menu item: Similar Pages — res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 — Extra context menu item: Translate into English — res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — DctMapping — (no file)
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra button: СОКРАТ Интернет 3.0 — {17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: Настройки СОКРАТ Интернет 3.0 — {71F65890-5ED6-11d4-9665-00E02962D81A} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternetT.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: Перевести страницу — {DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O16 — DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) — http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) — Intel Corporation — C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: NST ToolTipFixer (TTFixerService) — NeoSmart Technologies — C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 11845 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-04-02 680624][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-02-12 119808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-12-01 720896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AAF01C24-2681-4FE6-9EDC-F7772F810E73}]
Crypted Video Helper — C:Documents and SettingsAll UsersApplication DataMicrosoftMedia Playereurrvqu.dll [2007-04-02 610304][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DB3645BA-5C28-4E2D-8C99-41DC53D19B7C}]
DST Data Extension — C:Documents and SettingsAll UsersApplication Datasowwrqu.dll [2009-04-01 608256][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-12-01 720896]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-04-02 680624]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2009-03-29 849392][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«IAAnotif»=C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe [2007-06-12 174872]
«AzMixerSel»=C:Program FilesRealtekInstallShieldAzMixerSel.exe [2006-07-17 53248]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-06-06 8433664]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-06-06 81920]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-05-28 16132608]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792]
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 12Lvagent.exe [2008-05-03 258048]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-03-27 6209720]
«NwOpenMS»=C:Program FilesCommon FilesMicrosoft SharedWeb Foldersuqvrrue.dll [2007-04-01 610304][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-08-19 30208]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2007-02-27 1254912]
«QIP2005″=D:МойоQIPqip.exe []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-04-02 10:13:36 —-D—- C:rsit
2009-04-02 10:13:36 —-D—- C:Program Filestrend micro
2009-04-02 10:09:03 —-D—- C:WINDOWStemp
2009-04-02 10:09:03 —-A—- C:ComboFix.txt
2009-04-02 10:07:38 —-D—- C:ComboFix
2009-04-02 09:10:48 —-A—- C:WINDOWSNIRCMD.exe
2009-04-02 09:04:25 —-SHD—- C:Config.Msi
2009-04-02 01:29:24 —-A—- C:WINDOWSzip.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSVFIND.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSSWXCACLS.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSSWSC.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSSWREG.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSsed.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSgrep.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSfdsv.exe
2009-04-02 01:29:19 —-D—- C:WINDOWSERDNT
2009-04-02 01:28:48 —-D—- C:Qoobox
2009-04-01 23:34:59 —-A—- C:WINDOWSUPGRADE.TXT
2009-04-01 22:42:29 —-D—- C:Program FilesOpera
2009-04-01 10:11:32 —-D—- C:WINDOWSie8updates
2009-04-01 10:11:27 —-HD—- C:WINDOWSmsdownld.tmp
2009-04-01 10:10:53 —-HDC—- C:WINDOWSie8
2009-04-01 08:47:18 —-A—- C:Documents and SettingsAll UsersApplication Datasowwrqu.dll
2009-04-01 08:47:18 —-A—- C:Documents and SettingsAll UsersApplication Dataeurrvqu.dll
2009-03-31 12:46:32 —-D—- C:Documents and SettingsAdminApplication DataQIP.Online
2009-03-31 12:46:09 —-D—- C:Program FilesQIP.Online
2009-03-31 12:41:11 —-D—- C:Documents and SettingsAdminApplication DataQIP
2009-03-31 12:40:48 —-D—- C:Program FilesQIP Infium
2009-03-31 12:27:49 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-03-31 12:27:33 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2009-03-31 12:24:52 —-A—- C:WINDOWSsystem32MRT.exe
2009-03-31 12:24:46 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-03-31 12:24:40 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2009-03-31 12:24:13 —-D—- C:Program FilesMicrosoft CAPICOM 2.1.0.2
2009-03-31 12:23:32 —-HDC—- C:WINDOWS$NtUninstallKB938464-v2$
2009-03-31 12:23:19 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-03-31 12:23:14 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-03-31 12:23:10 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-03-31 12:22:43 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-03-31 12:22:35 —-HDC—- C:WINDOWS$NtUninstallKB959772_WM11$
2009-03-31 12:22:20 —-HDC—- C:WINDOWS$NtUninstallKB954459$
2009-03-31 12:22:06 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-03-31 12:21:26 —-D—- C:WINDOWSie7updates
2009-03-31 12:21:14 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-03-31 12:21:10 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-03-31 12:21:04 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-03-31 12:20:59 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-03-31 12:20:59 —-HD—- C:WINDOWS$hf_mig$
2009-03-31 12:20:53 —-D—- C:Program FilesMSXML 4.0
2009-03-31 12:20:41 —-HDC—- C:WINDOWS$NtUninstallKB954154_WM11$
2009-03-27 19:53:56 —-D—- C:Documents and SettingsAdminApplication Datarambler.ru
2009-03-27 19:53:55 —-D—- C:Program FilesRambler Assistant
2009-03-27 19:53:54 —-D—- C:Documents and SettingsAdminApplication DataMozilla
2009-03-27 19:52:42 —-D—- C:Documents and SettingsAdminApplication DataICQ
2009-03-27 19:52:22 —-D—- C:Program FilesICQ6.5
2009-03-27 19:29:09 —-D—- C:Documents and SettingsAdminApplication DataMra
2009-03-27 19:28:38 —-D—- C:Program FilesMail.Ru
2009-03-18 23:05:48 —-D—- C:WINDOWSsystem32блокнот
2009-03-13 22:55:45 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-03-13 22:55:45 —-A—- C:WINDOWSsystem32mucltui.dll
2009-03-13 22:55:43 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-03-08 14:23:06 —-N—- C:WINDOWSsystem32msrating.dll.mui
2009-03-08 14:22:48 —-N—- C:WINDOWSsystem32mshta.exe.mui
2009-03-08 14:21:24 —-N—- C:WINDOWSsystem32ie4uinit.exe.mui
2009-03-08 14:21:04 —-N—- C:WINDOWSsystem32iedkcs32.dll.mui======List of files/folders modified in the last 1 months======
2009-04-02 12:43:37 —-AD—- C:WINDOWSsystem32
2009-04-02 12:43:37 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-04-02 12:37:47 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-02 12:36:51 —-A—- C:WINDOWSsystem32akelpad.ini
2009-04-02 10:13:36 —-AD—- C:Program Files
2009-04-02 10:09:03 —-D—- C:WINDOWS
2009-04-02 10:08:22 —-A—- C:WINDOWSsystem.ini
2009-04-02 10:08:06 —-D—- C:WINDOWSsystem32drivers
2009-04-02 10:08:06 —-D—- C:WINDOWSAppPatch
2009-04-02 10:08:06 —-AD—- C:Program FilesCommon Files
2009-04-02 09:38:52 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-02 09:05:11 —-SHD—- C:WINDOWSInstaller
2009-04-02 09:05:02 —-D—- C:Program FilesSymantec
2009-04-02 09:05:02 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-04-02 09:05:01 —-D—- C:Documents and SettingsAll UsersApplication DataSymantec
2009-04-02 01:31:04 —-D—- C:WINDOWSsystem32config
2009-04-02 01:29:24 —-SHD—- C:System Volume Information
2009-04-02 01:29:24 —-D—- C:WINDOWSsystem32Restore
2009-04-02 00:13:05 —-HD—- C:WINDOWSinf
2009-04-02 00:13:05 —-D—- C:Program FilesInternet Explorer
2009-04-02 00:13:04 —-D—- C:WINDOWSsystem32CatRoot
2009-04-02 00:12:29 —-D—- C:WINDOWSsystem32ru-ru
2009-04-02 00:05:26 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-04-01 22:41:24 —-D—- C:WINDOWSsystem32appmgmt
2009-04-01 12:44:05 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-04-01 10:45:28 —-A—- C:WINDOWSimsins.BAK
2009-04-01 10:12:47 —-D—- C:WINDOWSMedia
2009-04-01 10:12:47 —-D—- C:WINDOWSHelp
2009-04-01 08:45:57 —-A—- C:WINDOWSNeroDigital.ini
2009-03-31 19:49:15 —-D—- C:WINDOWSSoftwareDistribution
2009-03-31 12:33:49 —-D—- C:Program FilesQIP
2009-03-31 12:27:23 —-A—- C:WINDOWSwin.ini
2009-03-31 12:23:32 —-D—- C:WINDOWSWinSxS
2009-03-27 20:37:57 —-SD—- C:WINDOWSDownloaded Program Files
2009-03-27 19:53:57 —-HD—- C:Program FilesInstallShield Installation Information
2009-03-13 19:06:39 —-D—- C:Program FilesCity Guide 2.2
2009-03-13 19:01:19 —-D—- C:Program FilesCyberLink
2009-03-13 18:23:29 —-A—- C:WINDOWScdplayer.ini
2009-03-08 14:23:22 —-A—- C:WINDOWSsystem32ieframe.dll.mui
2009-03-08 14:21:22 —-A—- C:WINDOWSsystem32advpack.dll.mui
2009-03-08 14:09:26 —-A—- C:WINDOWSsystem32iedkcs32.dll
2009-03-08 04:41:16 —-A—- C:WINDOWSsystem32mshtml.dll
2009-03-08 04:39:48 —-A—- C:WINDOWSsystem32ieframe.dll
2009-03-08 04:34:58 —-A—- C:WINDOWSsystem32wininet.dll
2009-03-08 04:34:56 —-A—- C:WINDOWSsystem32urlmon.dll
2009-03-08 04:34:48 —-A—- C:WINDOWSsystem32WinFXDocObj.exe
2009-03-08 04:34:48 —-A—- C:WINDOWSsystem32webcheck.dll
2009-03-08 04:34:30 —-A—- C:WINDOWSsystem32licmgr10.dll
2009-03-08 04:34:28 —-A—- C:WINDOWSsystem32url.dll
2009-03-08 04:34:18 —-A—- C:WINDOWSsystem32occache.dll
2009-03-08 04:34:18 —-A—- C:WINDOWSsystem32msrating.dll
2009-03-08 04:33:40 —-A—- C:WINDOWSsystem32corpol.dll
2009-03-08 04:33:26 —-A—- C:WINDOWSsystem32jsproxy.dll
2009-03-08 04:33:16 —-A—- C:WINDOWSsystem32jscript.dll
2009-03-08 04:33:08 —-A—- C:WINDOWSsystem32ieaksie.dll
2009-03-08 04:33:06 —-A—- C:WINDOWSsystem32vbscript.dll
2009-03-08 04:33:02 —-A—- C:WINDOWSsystem32ieakeng.dll
2009-03-08 04:32:56 —-A—- C:WINDOWSsystem32admparse.dll
2009-03-08 04:32:54 —-A—- C:WINDOWSsystem32ie4uinit.exe
2009-03-08 04:32:52 —-A—- C:WINDOWSsystem32ieudinit.exe
2009-03-08 04:32:52 —-A—- C:WINDOWSsystem32ieakui.dll
2009-03-08 04:32:50 —-A—- C:WINDOWSsystem32iesetup.dll
2009-03-08 04:32:50 —-A—- C:WINDOWSsystem32iernonce.dll
2009-03-08 04:32:48 —-A—- C:WINDOWSsystem32advpack.dll
2009-03-08 04:32:46 —-A—- C:WINDOWSsystem32inseng.dll
2009-03-08 04:32:26 —-A—- C:WINDOWSsystem32msfeeds.dll
2009-03-08 04:32:22 —-A—- C:WINDOWSsystem32iertutil.dll
2009-03-08 04:32:04 —-A—- C:WINDOWSsystem32mstime.dll
2009-03-08 04:31:56 —-A—- C:WINDOWSsystem32iepeers.dll
2009-03-08 04:31:54 —-A—- C:WINDOWSsystem32msfeedssync.exe
2009-03-08 04:31:52 —-A—- C:WINDOWSsystem32msfeedsbs.dll
2009-03-08 04:31:52 —-A—- C:WINDOWSsystem32icardie.dll
2009-03-08 04:31:44 —-A—- C:WINDOWSsystem32dxtmsft.dll
2009-03-08 04:31:38 —-A—- C:WINDOWSsystem32imgutil.dll
2009-03-08 04:31:38 —-A—- C:WINDOWSsystem32dxtrans.dll
2009-03-08 04:31:36 —-A—- C:WINDOWSsystem32pngfilt.dll
2009-03-08 04:31:26 —-A—- C:WINDOWSsystem32mshtmled.dll
2009-03-08 04:31:18 —-A—- C:WINDOWSsystem32mshtmler.dll
2009-03-08 04:31:02 —-A—- C:WINDOWSsystem32mshta.exe
2009-03-08 04:22:46 —-A—- C:WINDOWSsystem32ieui.dll
2009-03-08 04:22:38 —-A—- C:WINDOWSsystem32msls31.dll
2009-03-08 04:11:12 —-A—- C:WINDOWSsystem32ieapfltr.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-08-19 14720]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-08-20 8832]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:WINDOWSsystem32DRIVERSrimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:WINDOWSsystem32DRIVERSrimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:WINDOWSsystem32DRIVERSrixdptsk.sys [2007-03-21 37376]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-07-08 62848]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-08-19 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:WINDOWSsystem32DRIVERSb57xp32.sys [2007-10-22 161792]
R3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2007-03-23 539072]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2007-03-23 37424]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2007-03-31 876384]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-08-20 13952]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 hidshim;Service for HID-KMDF Shim layer; C:WINDOWSsystem32DRIVERShidshim.sys [2007-05-30 5632]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERSHSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:WINDOWSsystem32DRIVERSHSFHWAZL.sys [2006-12-22 209664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-05-30 4424192]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
R3 NETw4x32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows XP 32 Bit; C:WINDOWSsystem32DRIVERSNETw4x32.sys [2007-04-27 2203520]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-08-19 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-06-06 6349696]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-15 79232]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-15 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-08-20 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-08-20 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
R3 usbvideo;USB-видеоустройство (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2008-08-20 121984]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSF_CNXT.sys [2006-12-22 730112]
R3 winbondhidcir;Winbond HID CIR Receiver; C:WINDOWSsystem32DRIVERSwinbondhidcir.sys [2007-05-30 21504]
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:WINDOWSsystem32DRIVERSbtwhid.sys [2007-03-31 55352]
S3 btwmodem;Модем Bluetooth; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2007-03-23 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2007-03-23 67960]
S3 catchme;catchme; ??C:WINDOWSTEMPcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-08-20 17024]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-08-20 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-08-20 10880]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-08-20 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-08-20 15232]
S3 UIUSys;Conexant Setup API; C:WINDOWSsystem32DRIVERSUIUSYS.SYS []
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-08-19 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-08-19 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-08-20 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2007-04-01 273256]
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2005-09-30 96341]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe [2007-06-12 355096]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-06-06 163908]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2005-08-08 167936]
R2 TTFixerService;NST ToolTipFixer; C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe [2007-06-27 10240]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-11-22 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:reg
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AAF01C24-2681-4FE6-9EDC-F7772F810E73}]
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DB3645BA-5C28-4E2D-8C99-41DC53D19B7C}]
:files
C:Documents and SettingsAll UsersApplication DataMicrosoftMedia Playereurrvqu.dll
C:Documents and SettingsAll UsersApplication Datasowwrqu.dll
:Commands
[emptytemp]
[start explorer]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите свежий RSIT лог.
Увы, порнобанер на месте. Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AAF01C24-2681-4FE6-9EDC-F7772F810E73}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DB3645BA-5C28-4E2D-8C99-41DC53D19B7C}\ deleted successfully.
========== FILES ==========
C:Documents and SettingsAll UsersApplication DataMicrosoftMedia Playereurrvqu.dll unregistered successfully.
C:Documents and SettingsAll UsersApplication DataMicrosoftMedia Playereurrvqu.dll moved successfully.
C:Documents and SettingsAll UsersApplication Datasowwrqu.dll unregistered successfully.
C:Documents and SettingsAll UsersApplication Datasowwrqu.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:WINDOWSTEMPPerflib_Perfdata_f5c.dat scheduled to be deleted on reboot.
File delete failed. C:WINDOWSTEMPRtkBtMnt.exe scheduled to be deleted on reboot.
File delete failed. C:WINDOWSTEMP~DF4D7E.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsAdminLocal SettingsTemporary Internet FilesContent.IE5M7Q5IHLNindex9030[1].html scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsTemporary Internet Files0LRW2YW83PMCJKMOfflinex00000001_R scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsTemporary Internet Files0LRW2YW83PMCJKMOfflinex00000003_R scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsTemporary Internet Files0LRW2YW83PMCJKMOfflineHashFile.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempPerflib_Perfdata_f5c.dat scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempRtkBtMnt.exe scheduled to be deleted on reboot.
File delete failed. C:WINDOWStemp~DF4D7E.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps007md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps007url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps007w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps007wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps006md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps006url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps006w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps006wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.10.0 log created on 04062009_090603
Files moved on Reboot…
File C:WINDOWSTEMPPerflib_Perfdata_f5c.dat not found!
C:WINDOWSTEMPRtkBtMnt.exe moved successfully.
C:WINDOWSTEMP~DF4D7E.tmp moved successfully.
C:Documents and SettingsAdminLocal SettingsTemporary Internet FilesContent.IE5M7Q5IHLNindex9030[1].html moved successfully.
C:Documents and SettingsAdminLocal SettingsTemporary Internet Files0LRW2YW83PMCJKMOfflinex00000001_R moved successfully.
C:Documents and SettingsAdminLocal SettingsTemporary Internet Files0LRW2YW83PMCJKMOfflinex00000003_R moved successfully.
C:Documents and SettingsAdminLocal SettingsTemporary Internet Files0LRW2YW83PMCJKMOfflineHashFile.dat moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009md.dat moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009url.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009w.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps009wb.vx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008md.dat moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008url.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008w.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps008wb.vx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps007md.dat moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps007url.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps007w.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps007wb.vx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps006md.dat moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps006url.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps006w.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps006wb.vx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005md.dat moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005url.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005w.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps005wb.vx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004md.dat moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004url.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004w.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps004wb.vx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003md.dat moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003url.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003w.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps003wb.vx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002md.dat moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002url.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002w.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps002wb.vx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001md.dat moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001url.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001w.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps001wb.vx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000md.dat moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000url.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000w.ax moved successfully.
C:Documents and SettingsAdminLocal SettingsApplication DataOperaOperaProfilevps000wb.vx moved successfully.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-04-06 09:27:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 61 GB (86%) free of 71 GB
Total RAM: 2046 MB (74% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:28, on 06.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSRTHDCPL.EXE
C:Program FilesABBYY Lingvo 12Lvagent.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WINDOWSTEMPRtkBtMnt.exe
C:Program FilesOperaopera.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_07binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: eurrvquP — {AAF01C24-2681-4FE6-9EDC-F7772F810E73} — C:Documents and SettingsAll UsersApplication DataMicrosoftMedia Playereurrvqu.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O4 — HKLM..Run: [IAAnotif] «C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe»
O4 — HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 12Lvagent.exe» /STARTUP
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [NwOpenMS] rundll32.exe «C:Program FilesCommon FilesMicrosoft SharedWeb Foldersuqvrrue.dll»,DllRegisterServer
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: BTTray.lnk = ?
O8 — Extra context menu item: &Google Search — res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 — Extra context menu item: &Отправить на устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: &Перевести — C:Program FilesArsenal CompanySOCRAT InternetHTMLWSocrat.js
O8 — Extra context menu item: &Перевести с помощью ABBYY Lingvo… — res://C:Program FilesABBYY Lingvo 12Lingvo.exe/3000
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Backward Links — res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 — Extra context menu item: Cached Snapshot of Page — res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 — Extra context menu item: Similar Pages — res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 — Extra context menu item: Translate into English — res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — DctMapping — (no file)
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra button: СОКРАТ Интернет 3.0 — {17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: Настройки СОКРАТ Интернет 3.0 — {71F65890-5ED6-11d4-9665-00E02962D81A} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternetT.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 — Extra button: Перевести страницу — {DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O16 — DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) — http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 — Service: Symantec Password Validation (ccPwdSvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 — Service: Symantec AntiVirus Definition Watcher (DefWatch) — Symantec Corporation — C:Program FilesSymantec AntiVirusDefWatch.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) — Intel Corporation — C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 — Service: SAVRoam (SavRoam) — symantec — C:Program FilesSymantec AntiVirusSavRoam.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Symantec Network Drivers Service (SNDSrvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 — Service: Symantec AntiVirus — Symantec Corporation — C:Program FilesSymantec AntiVirusRtvscan.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: NST ToolTipFixer (TTFixerService) — NeoSmart Technologies — C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 13385 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-04-02 680624][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-02-10 119808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-12-01 720896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AAF01C24-2681-4FE6-9EDC-F7772F810E73}]
Crypted Video Helper — C:Documents and SettingsAll UsersApplication DataMicrosoftMedia Playereurrvqu.dll [2007-04-06 610304][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-12-01 720896]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-04-02 680624]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2009-03-29 849392][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«IAAnotif»=C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe [2007-06-12 174872]
«AzMixerSel»=C:Program FilesRealtekInstallShieldAzMixerSel.exe [2006-07-17 53248]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-06-06 8433664]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-06-06 81920]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-05-28 16132608]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792]
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 12Lvagent.exe [2008-05-03 258048]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-03-27 6209720]
«NwOpenMS»=C:Program FilesCommon FilesMicrosoft SharedWeb Foldersuqvrrue.dll [2007-04-04 610304]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2004-04-15 66656]
«vptray»=C:PROGRA~1SYMANT~1VPTray.exe [2004-04-15 124128][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-08-19 30208]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2007-02-27 1254912]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
C:WINDOWSsystem32NavLogon.dll [2004-03-12 83176][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-04-02 15:45:08 —-SHD—- C:RECYCLER
2009-04-02 15:43:08 —-D—- C:WINDOWSsystem32CatRoot_bak
2009-04-02 13:38:02 —-A—- C:WINDOWSsystem32S32EVNT1.DLL
2009-04-02 13:37:54 —-D—- C:Program FilesSymantec AntiVirus
2009-04-02 10:13:36 —-D—- C:rsit
2009-04-02 10:13:36 —-D—- C:Program Filestrend micro
2009-04-02 10:09:03 —-D—- C:WINDOWStemp
2009-04-02 10:09:03 —-A—- C:ComboFix.txt
2009-04-02 10:07:38 —-D—- C:ComboFix
2009-04-02 09:10:48 —-A—- C:WINDOWSNIRCMD.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSzip.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSVFIND.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSSWXCACLS.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSSWSC.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSSWREG.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSsed.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSgrep.exe
2009-04-02 01:29:24 —-A—- C:WINDOWSfdsv.exe
2009-04-02 01:29:19 —-D—- C:WINDOWSERDNT
2009-04-02 01:28:48 —-D—- C:Qoobox
2009-04-01 23:34:59 —-A—- C:WINDOWSUPGRADE.TXT
2009-04-01 22:42:29 —-D—- C:Program FilesOpera
2009-04-01 10:11:32 —-D—- C:WINDOWSie8updates
2009-04-01 10:11:27 —-HD—- C:WINDOWSmsdownld.tmp
2009-04-01 10:10:53 —-HDC—- C:WINDOWSie8
2009-04-01 08:47:18 —-A—- C:Documents and SettingsAll UsersApplication Dataeurrvqu.dll
2009-03-31 12:46:32 —-D—- C:Documents and SettingsAdminApplication DataQIP.Online
2009-03-31 12:46:09 —-D—- C:Program FilesQIP.Online
2009-03-31 12:41:11 —-D—- C:Documents and SettingsAdminApplication DataQIP
2009-03-31 12:40:48 —-D—- C:Program FilesQIP Infium
2009-03-31 12:27:49 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-03-31 12:27:33 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2009-03-31 12:24:52 —-A—- C:WINDOWSsystem32MRT.exe
2009-03-31 12:24:46 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-03-31 12:24:40 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2009-03-31 12:24:13 —-D—- C:Program FilesMicrosoft CAPICOM 2.1.0.2
2009-03-31 12:23:32 —-HDC—- C:WINDOWS$NtUninstallKB938464-v2$
2009-03-31 12:23:19 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-03-31 12:23:14 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-03-31 12:23:10 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-03-31 12:22:43 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-03-31 12:22:35 —-HDC—- C:WINDOWS$NtUninstallKB959772_WM11$
2009-03-31 12:22:20 —-HDC—- C:WINDOWS$NtUninstallKB954459$
2009-03-31 12:22:06 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-03-31 12:21:26 —-D—- C:WINDOWSie7updates
2009-03-31 12:21:14 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-03-31 12:21:10 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-03-31 12:21:04 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-03-31 12:20:59 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-03-31 12:20:59 —-HD—- C:WINDOWS$hf_mig$
2009-03-31 12:20:53 —-D—- C:Program FilesMSXML 4.0
2009-03-31 12:20:41 —-HDC—- C:WINDOWS$NtUninstallKB954154_WM11$
2009-03-27 19:53:56 —-D—- C:Documents and SettingsAdminApplication Datarambler.ru
2009-03-27 19:53:55 —-D—- C:Program FilesRambler Assistant
2009-03-27 19:53:54 —-D—- C:Documents and SettingsAdminApplication DataMozilla
2009-03-27 19:52:42 —-D—- C:Documents and SettingsAdminApplication DataICQ
2009-03-27 19:52:22 —-D—- C:Program FilesICQ6.5
2009-03-27 19:29:09 —-D—- C:Documents and SettingsAdminApplication DataMra
2009-03-27 19:28:38 —-D—- C:Program FilesMail.Ru
2009-03-18 23:05:48 —-D—- C:WINDOWSsystem32блокнот
2009-03-13 22:55:45 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-03-13 22:55:45 —-A—- C:WINDOWSsystem32mucltui.dll
2009-03-13 22:55:43 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-03-08 14:23:06 —-N—- C:WINDOWSsystem32msrating.dll.mui
2009-03-08 14:22:48 —-N—- C:WINDOWSsystem32mshta.exe.mui
2009-03-08 14:21:24 —-N—- C:WINDOWSsystem32ie4uinit.exe.mui
2009-03-08 14:21:04 —-N—- C:WINDOWSsystem32iedkcs32.dll.mui======List of files/folders modified in the last 1 months======
2009-04-06 09:26:57 —-A—- C:WINDOWSsystem32akelpad.ini
2009-04-06 09:12:57 —-AD—- C:WINDOWSsystem32
2009-04-06 09:12:57 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-04-06 09:06:45 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-02 15:43:34 —-D—- C:WINDOWSsystem32CatRoot
2009-04-02 15:43:33 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-02 15:43:31 —-HD—- C:WINDOWSinf
2009-04-02 15:43:08 —-D—- C:WINDOWS
2009-04-02 13:38:29 —-SHD—- C:WINDOWSInstaller
2009-04-02 13:38:29 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-04-02 13:38:08 —-D—- C:Program FilesSymantec
2009-04-02 13:38:02 —-D—- C:WINDOWSsystem32drivers
2009-04-02 13:37:54 —-D—- C:Documents and SettingsAll UsersApplication DataSymantec
2009-04-02 13:37:54 —-AD—- C:Program Files
2009-04-02 10:08:22 —-A—- C:WINDOWSsystem.ini
2009-04-02 10:08:06 —-D—- C:WINDOWSAppPatch
2009-04-02 10:08:06 —-AD—- C:Program FilesCommon Files
2009-04-02 01:31:04 —-D—- C:WINDOWSsystem32config
2009-04-02 01:29:24 —-SHD—- C:System Volume Information
2009-04-02 01:29:24 —-D—- C:WINDOWSsystem32Restore
2009-04-02 00:13:05 —-D—- C:Program FilesInternet Explorer
2009-04-02 00:12:29 —-D—- C:WINDOWSsystem32ru-ru
2009-04-02 00:05:26 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-04-01 22:41:24 —-D—- C:WINDOWSsystem32appmgmt
2009-04-01 12:44:05 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-04-01 10:45:28 —-A—- C:WINDOWSimsins.BAK
2009-04-01 10:12:47 —-D—- C:WINDOWSMedia
2009-04-01 10:12:47 —-D—- C:WINDOWSHelp
2009-04-01 08:45:57 —-A—- C:WINDOWSNeroDigital.ini
2009-03-31 19:49:15 —-D—- C:WINDOWSSoftwareDistribution
2009-03-31 12:33:49 —-D—- C:Program FilesQIP
2009-03-31 12:27:23 —-A—- C:WINDOWSwin.ini
2009-03-31 12:23:32 —-D—- C:WINDOWSWinSxS
2009-03-27 20:37:57 —-SD—- C:WINDOWSDownloaded Program Files
2009-03-27 19:53:57 —-HD—- C:Program FilesInstallShield Installation Information
2009-03-13 19:06:39 —-D—- C:Program FilesCity Guide 2.2
2009-03-13 19:01:19 —-D—- C:Program FilesCyberLink
2009-03-13 18:23:29 —-A—- C:WINDOWScdplayer.ini
2009-03-08 14:23:22 —-A—- C:WINDOWSsystem32ieframe.dll.mui
2009-03-08 14:21:22 —-A—- C:WINDOWSsystem32advpack.dll.mui
2009-03-08 14:09:26 —-A—- C:WINDOWSsystem32iedkcs32.dll
2009-03-08 04:41:16 —-A—- C:WINDOWSsystem32mshtml.dll
2009-03-08 04:39:48 —-A—- C:WINDOWSsystem32ieframe.dll
2009-03-08 04:34:58 —-A—- C:WINDOWSsystem32wininet.dll
2009-03-08 04:34:56 —-A—- C:WINDOWSsystem32urlmon.dll
2009-03-08 04:34:48 —-A—- C:WINDOWSsystem32WinFXDocObj.exe
2009-03-08 04:34:48 —-A—- C:WINDOWSsystem32webcheck.dll
2009-03-08 04:34:30 —-A—- C:WINDOWSsystem32licmgr10.dll
2009-03-08 04:34:28 —-A—- C:WINDOWSsystem32url.dll
2009-03-08 04:34:18 —-A—- C:WINDOWSsystem32occache.dll
2009-03-08 04:34:18 —-A—- C:WINDOWSsystem32msrating.dll
2009-03-08 04:33:40 —-A—- C:WINDOWSsystem32corpol.dll
2009-03-08 04:33:26 —-A—- C:WINDOWSsystem32jsproxy.dll
2009-03-08 04:33:16 —-A—- C:WINDOWSsystem32jscript.dll
2009-03-08 04:33:08 —-A—- C:WINDOWSsystem32ieaksie.dll
2009-03-08 04:33:06 —-A—- C:WINDOWSsystem32vbscript.dll
2009-03-08 04:33:02 —-A—- C:WINDOWSsystem32ieakeng.dll
2009-03-08 04:32:56 —-A—- C:WINDOWSsystem32admparse.dll
2009-03-08 04:32:54 —-A—- C:WINDOWSsystem32ie4uinit.exe
2009-03-08 04:32:52 —-A—- C:WINDOWSsystem32ieudinit.exe
2009-03-08 04:32:52 —-A—- C:WINDOWSsystem32ieakui.dll
2009-03-08 04:32:50 —-A—- C:WINDOWSsystem32iesetup.dll
2009-03-08 04:32:50 —-A—- C:WINDOWSsystem32iernonce.dll
2009-03-08 04:32:48 —-A—- C:WINDOWSsystem32advpack.dll
2009-03-08 04:32:46 —-A—- C:WINDOWSsystem32inseng.dll
2009-03-08 04:32:26 —-A—- C:WINDOWSsystem32msfeeds.dll
2009-03-08 04:32:22 —-A—- C:WINDOWSsystem32iertutil.dll
2009-03-08 04:32:04 —-A—- C:WINDOWSsystem32mstime.dll
2009-03-08 04:31:56 —-A—- C:WINDOWSsystem32iepeers.dll
2009-03-08 04:31:54 —-A—- C:WINDOWSsystem32msfeedssync.exe
2009-03-08 04:31:52 —-A—- C:WINDOWSsystem32msfeedsbs.dll
2009-03-08 04:31:52 —-A—- C:WINDOWSsystem32icardie.dll
2009-03-08 04:31:44 —-A—- C:WINDOWSsystem32dxtmsft.dll
2009-03-08 04:31:38 —-A—- C:WINDOWSsystem32imgutil.dll
2009-03-08 04:31:38 —-A—- C:WINDOWSsystem32dxtrans.dll
2009-03-08 04:31:36 —-A—- C:WINDOWSsystem32pngfilt.dll
2009-03-08 04:31:26 —-A—- C:WINDOWSsystem32mshtmled.dll
2009-03-08 04:31:18 —-A—- C:WINDOWSsystem32mshtmler.dll
2009-03-08 04:31:02 —-A—- C:WINDOWSsystem32mshta.exe
2009-03-08 04:22:46 —-A—- C:WINDOWSsystem32ieui.dll
2009-03-08 04:22:38 —-A—- C:WINDOWSsystem32msls31.dll
2009-03-08 04:11:12 —-A—- C:WINDOWSsystem32ieapfltr.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-08-19 14720]
R1 SAVRT;SAVRT; ??C:Program FilesSymantec AntiVirussavrt.sys []
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2004-03-11 263616]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-08-20 8832]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:WINDOWSsystem32DRIVERSrimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:WINDOWSsystem32DRIVERSrimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:WINDOWSsystem32DRIVERSrixdptsk.sys [2007-03-21 37376]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-07-08 62848]
R2 SAVRTPEL;SAVRTPEL; ??C:Program FilesSymantec AntiVirusSavrtpel.sys []
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-08-19 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:WINDOWSsystem32DRIVERSb57xp32.sys [2007-10-22 161792]
R3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2007-03-23 539072]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2007-03-23 37424]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2007-03-31 876384]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-08-20 13952]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 hidshim;Service for HID-KMDF Shim layer; C:WINDOWSsystem32DRIVERShidshim.sys [2007-05-30 5632]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERSHSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:WINDOWSsystem32DRIVERSHSFHWAZL.sys [2006-12-22 209664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-05-30 4424192]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
R3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090401.003naveng.sys []
R3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090401.003navex15.sys []
R3 NETw4x32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows XP 32 Bit; C:WINDOWSsystem32DRIVERSNETw4x32.sys [2007-04-27 2203520]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-08-19 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-06-06 6349696]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-15 79232]
R3 SymEvent;SymEvent; ??C:Program FilesSymantecSYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2004-03-11 16288]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-15 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-08-20 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-08-20 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
R3 usbvideo;USB-видеоустройство (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2008-08-20 121984]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSF_CNXT.sys [2006-12-22 730112]
R3 winbondhidcir;Winbond HID CIR Receiver; C:WINDOWSsystem32DRIVERSwinbondhidcir.sys [2007-05-30 21504]
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:WINDOWSsystem32DRIVERSbtwhid.sys [2007-03-31 55352]
S3 btwmodem;Модем Bluetooth; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2007-03-23 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2007-03-23 67960]
S3 catchme;catchme; ??C:WINDOWSTEMPcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-08-20 17024]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-08-20 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-08-20 10880]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-08-20 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-08-20 15232]
S3 UIUSys;Conexant Setup API; C:WINDOWSsystem32DRIVERSUIUSYS.SYS []
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-08-19 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-08-19 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-08-20 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2007-04-01 273256]
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2005-09-30 96341]
R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe [2004-04-15 255072]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSetMgr.exe [2004-04-15 242784]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:Program FilesSymantec AntiVirusDefWatch.exe [2004-04-15 29928]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe [2007-06-12 355096]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-06-06 163908]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2005-08-08 167936]
R2 Symantec AntiVirus;Symantec AntiVirus; C:Program FilesSymantec AntiVirusRtvscan.exe [2004-04-15 1225960]
R2 TTFixerService;NST ToolTipFixer; C:Program FilesNeoSmart TechnologiesToolTipFixerToolTipFixer.exe [2007-06-27 10240]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe [2004-04-15 87136]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-11-22 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:Program FilesSymantec AntiVirusSavRoam.exe [2004-04-15 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe [2004-03-11 193760]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
EOF
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.
:Processes
explorer.exe
:reg
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AAF01C24-2681-4FE6-9EDC-F7772F810E73}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"NwOpenMS"=-
:files
C:Program FilesCommon FilesMicrosoft SharedWeb Foldersuqvrrue.dll
C:Documents and SettingsAll UsersApplication DataMicrosoftMedia Playereurrvqu.dll
:Commands
[emptytemp]
[start explorer]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И ещё к вашему ответу приложите свежий RSIT лог.
- Для ответа в этой теме необходимо авторизоваться.
