- This topic has 6 ответов, 2 участника, and was last updated 16 years, 2 months назад by
.
-
Сообщения
-
лента закрывает всё окно эксплорера,а за её удаление просят денег.нод 32 не помог как и Spybot,вся надежда на вас.
часть 1
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Admin at 2009-02-09 06:47:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (27%) free of 19 GB
Total RAM: 1023 MB (59% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:06, on 09.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:WINDOWSSystem32spoolDRIVERSW32X863fpdisp6.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32TUProgSt.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:Program FilesPunto Switcherps.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesEXPERToolTBPANEL.exe
C:Program FilesSpybot — Search & DestroyTeaTimer.exe
C:WINDOWSsystem32notepad.exe
C:WINDOWSexplorer.exe
C:Program FilesOperaOpera.exe
C:Documents and SettingsAdminРабочий столлечилкиRSIT.exe
C:Program Filestrend microAdmin.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.daemon-search.com/default
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: yvulibP — {4D43A883-4FED-4148-B6C2-3E065E77F5D8} — C:Documents and SettingsAll UsersApplication Datayvulib.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_07binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: aqplibP — {CBC43FBB-B0CD-4343-88C3-BFB1F2C1E89D} — C:Documents and SettingsAll UsersApplication Dataaqplib.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [GAINWARD] C:Program FilesEXPERToolTBPanel.exe /A
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O8 — Extra context menu item: &Перевести — C:Program FilesArsenal CompanySOCRAT InternetHTMLWSocrat.js
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1Office12EXCEL.EXE/3000
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: (no name) — DctMapping — (no file)
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra button: СОКРАТ Интернет 3.0 — {17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: Настройки СОКРАТ Интернет 3.0 — {71F65890-5ED6-11d4-9665-00E02962D81A} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternetT.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: Перевести страницу — {DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — C:Program FilesArsenal CompanySOCRAT InternetSocratInternet.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233875572703
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233875541187
O17 — HKLMSystemCCSServicesTcpip..{710ABC31-627F-4E3E-8BA3-A0C4DD8F11D5}: NameServer = 91.144.132.1 91.144.134.1
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FinePrint Диспетчер v6 — FinePrint Software, LLC — C:WINDOWSSystem32spoolDRIVERSW32X863fpdisp6.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software — C:WINDOWSSystem32TuneUpDefragService.exe
O23 — Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) — TuneUp Software — C:WINDOWSSystem32TUProgSt.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9286 bytes======Scheduled tasks folder======
C:WINDOWStasks1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4D43A883-4FED-4148-B6C2-3E065E77F5D8}]
SHN Video Provider — C:Documents and SettingsAll UsersApplication Datayvulib.dll [2009-02-09 323072][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection — C:PROGRA~1SPYBOT~1SDHelper.dll [2009-01-26 1879896][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-02-06 676704][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CBC43FBB-B0CD-4343-88C3-BFB1F2C1E89D}]
PPCM Data Extension — C:Documents and SettingsAll UsersApplication Dataaqplib.dll [2009-02-09 320000][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-02-06 676704][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2007-04-17 577536]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-11-12 13672448]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-11-12 86016]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-02-06 5600952]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-02-06 1443072]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-08-19 30208]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-01-02 132096]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2008-05-30 722112]
«GAINWARD»=C:Program FilesEXPERToolTBPanel.exe [2008-07-10 2177576]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2006-07-31 139264]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2009-01-26 2144088][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2008-03-02 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSharedDocuments»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6ba64455-f481-11dd-9449-000461aebaa7}]
shellAutoRuncommand — G:RESTORES-1-5-21-1482476501-1644491937-682003330-1013lin32.exe
shellopencommand — G:RESTORES-1-5-21-1482476501-1644491937-682003330-1013lin32.exe======File associations======
.js — edit — «C:Program FilesMacromediaDreamweaver 8dreamweaver.exe» «%1»
======List of files/folders created in the last 1 months======
2009-02-09 06:48:00 —-D—- C:Program Filestrend micro
2009-02-09 06:47:59 —-D—- C:rsit
2009-02-09 06:43:38 —-SHD—- C:RECYCLER
2009-02-09 06:35:06 —-D—- C:WINDOWStemp
2009-02-09 06:35:04 —-A—- C:ComboFix.txt
2009-02-09 06:31:51 —-D—- C:ComboFix
2009-02-09 06:06:27 —-D—- C:Program FilesSpybot — Search & Destroy
2009-02-09 06:06:27 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-09 05:25:52 —-A—- C:WINDOWSzip.exe
2009-02-09 05:25:52 —-A—- C:WINDOWSVFIND.exe
2009-02-09 05:25:52 —-A—- C:WINDOWSSWREG.exe
2009-02-09 05:25:52 —-A—- C:WINDOWSsed.exe
2009-02-09 05:25:52 —-A—- C:WINDOWSNIRCMD.exe
2009-02-09 05:25:52 —-A—- C:WINDOWSgrep.exe
2009-02-09 05:25:52 —-A—- C:WINDOWSfdsv.exe
2009-02-09 05:25:51 —-A—- C:WINDOWSSWXCACLS.exe
2009-02-09 05:25:51 —-A—- C:WINDOWSSWSC.exe
2009-02-09 05:25:46 —-D—- C:WINDOWSERDNT
2009-02-09 05:25:46 —-D—- C:Qoobox
2009-02-09 04:14:38 —-A—- C:Documents and SettingsAll UsersApplication Datayvulib.dll
2009-02-09 04:14:38 —-A—- C:Documents and SettingsAll UsersApplication Dataaqplib.dll
2009-02-08 22:52:31 —-D—- C:Documents and SettingsAdminApplication DataGrym
2009-02-08 22:51:44 —-D—- C:Program Files2gis
2009-02-08 22:51:44 —-D—- C:Documents and SettingsAll UsersApplication Data2GIS
2009-02-08 17:00:52 —-D—- C:Documents and SettingsAdminApplication DataAccurateRip
2009-02-08 17:00:50 —-D—- C:Documents and SettingsAdminApplication DataAD ON Multimedia
2009-02-08 17:00:47 —-D—- C:Program FilesExact Audio Copy
2009-02-08 13:44:05 —-D—- C:WINDOWSPrefetch
2009-02-08 08:04:22 —-D—- C:Program FilesDAEMON Tools Toolbar
2009-02-08 08:04:08 —-D—- C:Documents and SettingsAdminApplication DataDAEMON Tools
2009-02-08 07:21:15 —-N—- C:WINDOWSUNNeroSipps.exe
2009-02-08 05:21:01 —-A—- C:WINDOWSsystem32TUProgSt.exe
2009-02-08 05:20:59 —-A—- C:WINDOWSsystem32uxtuneup.dll
2009-02-08 05:20:57 —-D—- C:Documents and SettingsAdminApplication DataTuneUp Software
2009-02-08 05:20:57 —-A—- C:WINDOWSsystem32TuneUpDefragService.exe
2009-02-08 05:20:39 —-D—- C:Documents and SettingsAll UsersApplication DataTuneUp Software
2009-02-08 05:20:37 —-D—- C:Program FilesTuneUp Utilities 2009
2009-02-08 05:20:27 —-SHD—- C:Documents and SettingsAll UsersApplication Data{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-08 04:44:33 —-A—- C:WINDOWSNeroDigital.ini
2009-02-08 04:02:43 —-D—- C:Documents and SettingsAdminApplication DataAhead
2009-02-08 03:59:37 —-D—- C:Program FilesNero
2009-02-08 03:59:37 —-D—- C:Program FilesCommon FilesAhead
2009-02-07 02:17:56 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-02-07 02:17:15 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2009-02-07 02:17:03 —-HDC—- C:WINDOWS$NtUninstallKB956391$
2009-02-07 02:11:17 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2009-02-07 02:10:55 —-D—- C:WINDOWSie7updates
2009-02-07 02:10:34 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2009-02-07 02:02:53 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-02-07 02:02:42 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-02-07 02:02:31 —-HDC—- C:WINDOWS$NtUninstallKB954459$
2009-02-07 02:01:58 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-02-07 02:01:51 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2009-02-07 02:01:41 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-02-07 02:01:30 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-02-07 02:01:16 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-02-07 02:01:05 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-02-07 02:01:05 —-HD—- C:WINDOWS$hf_mig$
2009-02-07 02:00:56 —-D—- C:Program FilesMSXML 4.0
2009-02-07 02:00:41 —-N—- C:WINDOWSsystem32spmsg.dll
2009-02-07 02:00:39 —-HDC—- C:WINDOWS$NtUninstallKB954154_WM11$
2009-02-07 01:35:33 —-D—- C:Documents and SettingsAdminApplication Datafltk.org
2009-02-07 00:22:17 —-D—- C:Documents and SettingsAdminApplication DataMedia Player Classic
2009-02-07 00:21:28 —-A—- C:WINDOWSsystem32x264vfw.dll
2009-02-07 00:21:27 —-A—- C:WINDOWSsystem32xvidvfw.dll
2009-02-07 00:21:27 —-A—- C:WINDOWSsystem32xvidcore.dll
2009-02-07 00:21:27 —-A—- C:WINDOWSsystem32WMV9VCM.dll
2009-02-07 00:21:27 —-A—- C:WINDOWSsystem32ssldivx.dll
2009-02-07 00:21:26 —-A—- C:WINDOWSsystem32qt-dx331.dll
2009-02-07 00:21:26 —-A—- C:WINDOWSsystem32libdivx.dll
2009-02-07 00:21:26 —-A—- C:WINDOWSsystem32dtu100.dll
2009-02-07 00:21:26 —-A—- C:WINDOWSsystem32dpl100.dll
2009-02-07 00:21:20 —-A—- C:WINDOWSsystem32divx.dll
2009-02-07 00:21:19 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2009-02-07 00:21:19 —-A—- C:WINDOWSsystem32ff_vfw.dll
2009-02-07 00:21:16 —-D—- C:Program FilesK-Lite Codec Pack
2009-02-06 23:36:13 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2009-02-06 22:24:22 —-D—- C:Documents and SettingsAll UsersApplication DataFLEXnet
2009-02-06 22:20:11 —-D—- C:Program FilesCommon FilesMacrovision Shared
2009-02-06 22:19:44 —-D—- C:Program FilesBonjour
2009-02-06 21:56:23 —-D—- C:Documents and SettingsAdminApplication DataMra
2009-02-06 21:56:09 —-D—- C:Program FilesMail.Ru
2009-02-06 19:25:34 —-D—- C:WINDOWSProfiles
2009-02-06 19:25:32 —-D—- C:WINDOWSsystem32Adobe
2009-02-06 19:25:32 —-D—- C:Program FilesCommon FilesAdobe
2009-02-06 19:25:32 —-D—- C:Program FilesAdobe
2009-02-06 19:25:32 —-D—- C:Documents and SettingsAdminApplication DataInterTrust
2009-02-06 19:25:29 —-A—- C:WINDOWSIsUninst.exe
2009-02-06 18:40:11 —-A—- C:WINDOWSiun505.exe
2009-02-06 18:40:04 —-D—- C:Tech_rem
2009-02-06 13:58:08 —-D—- C:Program FilesGuitar Pro 5
2009-02-06 12:58:26 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-02-06 12:58:26 —-A—- C:WINDOWSsystem32mucltui.dll
2009-02-06 12:58:25 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-02-06 04:06:32 —-D—- C:Program FilesMatrix-Reload
2009-02-06 04:00:08 —-RD—- C:Program FilesMatrix
2009-02-06 03:12:12 —-D—- C:Program FilesESET
2009-02-06 03:09:20 —-D—- C:Documents and SettingsAdminApplication DataOpera
2009-02-06 03:09:17 —-D—- C:Program FilesOpera
2009-02-06 02:01:02 —-A—- C:WINDOWSsystem32h323log.txt
2009-02-06 01:58:47 —-A—- C:WINDOWSsystem32usbui.dll
2009-02-06 01:58:42 —-A—- C:WINDOWSsystem32ksuser.dll
2009-02-06 01:56:39 —-A—- C:WINDOWSimsins.BAK
2009-02-06 01:56:37 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-02-06 01:56:36 —-SHD—- C:WINDOWSInstaller
2009-02-06 01:56:36 —-D—- C:Program FilesCommon FilesODBC
2009-02-06 01:56:36 —-A—- C:WINDOWSODBCINST.INI
2009-02-06 01:56:33 —-D—- C:Program FilesCommon FilesSpeechEngines
2009-02-06 01:56:31 —-AD—- C:Program FilesCommon FilesMicrosoft Shared
2009-02-06 01:56:31 —-AD—- C:Program FilesCommon Files
2009-02-06 01:56:31 —-AD—- C:Program Files
2009-02-06 01:56:28 —-RA—- C:WINDOWSsystem32kbdtuq.dll
2009-02-06 01:56:28 —-RA—- C:WINDOWSsystem32kbdtuf.dll
2009-02-06 01:56:28 —-RA—- C:WINDOWSsystem32kbdazel.dll
2009-02-06 01:56:27 —-RA—- C:WINDOWSsystem32kbdhept.dll
2009-02-06 01:56:27 —-RA—- C:WINDOWSsystem32kbdhela3.dll
2009-02-06 01:56:27 —-RA—- C:WINDOWSsystem32kbdhela2.dll
2009-02-06 01:56:27 —-RA—- C:WINDOWSsystem32kbdhe319.dll
2009-02-06 01:56:27 —-RA—- C:WINDOWSsystem32kbdhe220.dll
2009-02-06 01:56:27 —-RA—- C:WINDOWSsystem32kbdhe.dll
2009-02-06 01:56:27 —-RA—- C:WINDOWSsystem32kbdgkl.dll
2009-02-06 01:56:26 —-RA—- C:WINDOWSsystem32kbdlv1.dll
2009-02-06 01:56:26 —-RA—- C:WINDOWSsystem32kbdlv.dll
2009-02-06 01:56:26 —-RA—- C:WINDOWSsystem32kbdlt1.dll
2009-02-06 01:56:26 —-RA—- C:WINDOWSsystem32kbdlt.dll
2009-02-06 01:56:26 —-RA—- C:WINDOWSsystem32kbdest.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdycl.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdsl1.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdsl.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdro.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdpl1.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdpl.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdhu1.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdhu.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdcz2.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdcz1.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdcz.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32kbdcr.dll
2009-02-06 01:56:25 —-RA—- C:WINDOWSsystem32KBDAL.DLL
2009-02-06 01:56:22 —-A—- C:WINDOWSsystem32kbdycc.dll
2009-02-06 01:56:22 —-A—- C:WINDOWSsystem32kbduzb.dll
2009-02-06 01:56:22 —-A—- C:WINDOWSsystem32kbdur.dll
2009-02-06 01:56:22 —-A—- C:WINDOWSsystem32kbdtat.dll
2009-02-06 01:56:22 —-A—- C:WINDOWSsystem32kbdmon.dll
2009-02-06 01:56:22 —-A—- C:WINDOWSsystem32kbdkyr.dll
2009-02-06 01:56:22 —-A—- C:WINDOWSsystem32kbdkaz.dll
2009-02-06 01:56:22 —-A—- C:WINDOWSsystem32kbdbu.dll
2009-02-06 01:56:22 —-A—- C:WINDOWSsystem32kbdblr.dll
2009-02-06 01:56:22 —-A—- C:WINDOWSsystem32kbdaze.dll
2009-02-06 01:56:21 —-A—- C:WINDOWSsystem32irclass.dll
2009-02-06 01:56:20 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-02-06 01:56:20 —-A—- C:WINDOWSsystem32EqnClass.Dll
2009-02-06 01:56:20 —-A—- C:WINDOWSsystem32dgsetup.dll
2009-02-06 01:56:20 —-A—- C:WINDOWSsystem32dgrpsetu.dll
2009-02-06 01:56:19 —-N—- C:WINDOWSsystem32CONFIG.TMP
2009-02-06 01:56:19 —-A—- C:WINDOWSTASKMAN.EXE
2009-02-06 01:56:18 —-A—- C:WINDOWSsystem32storprop.dll
2009-02-06 01:56:18 —-A—- C:WINDOWSsystem32batt.dll
2009-02-06 01:56:18 —-A—- C:WINDOWSnotepad.exe
2009-02-06 01:56:09 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-02-06 01:54:26 —-RA—- C:WINDOWSSET55.tmp
2009-02-06 01:54:24 —-RA—- C:WINDOWSSET49.tmp
2009-02-06 01:54:22 —-RA—- C:WINDOWSSET46.tmp
2009-02-06 01:54:00 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-02-06 01:53:12 —-A—- C:WINDOWSsystem32RTLCPAPI.dll
2009-02-06 01:53:12 —-A—- C:WINDOWSSOUNDMAN.EXE
2009-02-06 01:53:10 —-A—- C:WINDOWSsystem32RTLCPL.EXE
2009-02-06 01:53:10 —-A—- C:WINDOWSAlcrmv.exe
2009-02-06 01:48:36 —-RA—- C:WINDOWSSET8.tmp
2009-02-06 01:48:33 —-RA—- C:WINDOWSSET4.tmp
2009-02-06 01:48:31 —-RA—- C:WINDOWSSET3.tmp
2009-02-06 01:48:25 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-06 01:48:25 —-D—- C:WINDOWSsystem32CatRoot
2009-02-06 01:47:00 —-D—- C:Documents and Settings
2009-02-06 01:46:59 —-SHD—- C:System Volume Information
2009-02-06 01:46:05 —-SH—- C:boot.ini
2009-02-06 01:40:19 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-06 01:40:19 —-RSD—- C:WINDOWSFonts
2009-02-06 01:40:19 —-RD—- C:WINDOWSWeb
2009-02-06 01:40:19 —-D—- C:WINDOWSWinSxS
2009-02-06 01:40:19 —-D—- C:WINDOWStwain_32
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32wins
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32wbem
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32usmt
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32spool
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32ShellExt
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32Setup
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32ru-ru
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32ru
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32ras
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32oobe
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32npp
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32mui
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32inetsrv
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32IME
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32icsxml
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32ias
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32export
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32drivers
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32dhcp
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem32config
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem323com_dmi
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem323076
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem322052
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem321054
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem321049
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem321042
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem321041
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem321037
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem321033
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem321031
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem321028
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem321025
2009-02-06 01:40:19 —-D—- C:WINDOWSsystem
2009-02-06 01:40:19 —-D—- C:WINDOWSsecurity
2009-02-06 01:40:19 —-D—- C:WINDOWSResources
2009-02-06 01:40:19 —-D—- C:WINDOWSrepair
2009-02-06 01:40:19 —-D—- C:WINDOWSProvisioning
2009-02-06 01:40:19 —-D—- C:WINDOWSPeerNet
2009-02-06 01:40:19 —-D—- C:WINDOWSpchealth
2009-02-06 01:40:19 —-D—- C:WINDOWSNetwork Diagnostic
2009-02-06 01:40:19 —-D—- C:WINDOWSmui
2009-02-06 01:40:19 —-D—- C:WINDOWSmsapps
2009-02-06 01:40:19 —-D—- C:WINDOWSmsagent
2009-02-06 01:40:19 —-D—- C:WINDOWSMedia
2009-02-06 01:40:19 —-D—- C:WINDOWSL2Schemas
2009-02-06 01:40:19 —-D—- C:WINDOWSjava
2009-02-06 01:40:19 —-D—- C:WINDOWSinf
2009-02-06 01:40:19 —-D—- C:WINDOWSime
2009-02-06 01:40:19 —-D—- C:WINDOWSHelp
2009-02-06 01:40:19 —-D—- C:WINDOWSehome
2009-02-06 01:40:19 —-D—- C:WINDOWSDriver Cache
2009-02-06 01:40:19 —-D—- C:WINDOWSDebug
2009-02-06 01:40:19 —-D—- C:WINDOWSCursors
2009-02-06 01:40:19 —-D—- C:WINDOWSConnection Wizard
2009-02-06 01:40:19 —-D—- C:WINDOWSConfig
2009-02-06 01:40:19 —-D—- C:WINDOWSAppPatch
2009-02-06 01:40:19 —-D—- C:WINDOWSaddins
2009-02-06 01:40:19 —-D—- C:WINDOWS
2009-02-06 01:40:19 —-AD—- C:WINDOWSsystem32
2009-02-06 00:25:03 —-D—- C:WINDOWSsystem32AGEIA
2009-02-06 00:25:03 —-D—- C:Program FilesAGEIA Technologies
2009-02-06 00:24:55 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-02-06 00:21:21 —-A—- C:WINDOWSsystem32nwiz.exe
2009-02-06 00:21:21 —-A—- C:WINDOWSsystem32nvwssr.dll
2009-02-06 00:21:21 —-A—- C:WINDOWSsystem32nvsvc32.exe
2009-02-06 00:21:21 —-A—- C:WINDOWSsystem32nvdspsch.exe
2009-02-06 00:21:21 —-A—- C:WINDOWSsystem32nvcplui.exe
2009-02-06 00:21:21 —-A—- C:WINDOWSsystem32nvcolor.exe
2009-02-06 00:21:21 —-A—- C:WINDOWSsystem32nvappbar.exe
2009-02-06 00:21:21 —-A—- C:WINDOWSsystem32keystone.exe
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwss.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrszht.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrszhc.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrstr.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsth.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrssv.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrssl.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrssk.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsru.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsptb.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrspt.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrspl.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsno.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsnl.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsko.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsja.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsit.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrshu.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrshe.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsfr.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsfi.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsesm.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrses.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrseng.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsel.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsde.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsda.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrscs.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwrsar.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwimg.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwdmcpl.dll
2009-02-06 00:21:15 —-A—- C:WINDOWSsystem32nvwddi.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvvitvsr.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvvitvs.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvshell.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvrszht.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvrszhc.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvrstr.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvrsth.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvrssv.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvrssl.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvrssk.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvrsru.dll
2009-02-06 00:21:14 —-A—- C:WINDOWSsystem32nvrsptb.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrspt.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrspl.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsno.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsnl.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsko.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsja.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsit.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrshu.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrshe.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsfr.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsfi.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsesm.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrses.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrseng.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsel.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsde.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsda.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrscs.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvrsar.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvoglnt.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvnt4cpl.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvmoblsr.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvmobls.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvmctray.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvmccssr.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvmccss.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvmccsrs.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvmccs.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nview.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvgamesr.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvgames.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvexpbar.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvdispsr.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvdisps.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvcuda.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvcpluir.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvcpl.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvcodins.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvcod.dll
2009-02-06 00:21:13 —-A—- C:WINDOWSsystem32nvapi.dll
2009-02-06 00:16:39 —-D—- C:WINDOWSsystem32DirectX
2009-02-06 00:16:34 —-D—- C:WINDOWSLogs
2009-02-06 00:14:29 —-D—- C:Program FilesEXPERTool
2009-02-06 00:10:52 —-D—- C:WINDOWSsystem32appmgmt
2009-02-06 00:05:20 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-02-06 00:00:20 —-D—- C:WINDOWSnview
2009-02-06 00:00:20 —-A—- C:WINDOWSsystem32nvudisp.exe
2009-02-05 23:59:35 —-D—- C:NVIDIA
2009-02-05 23:56:23 —-A—- C:WINDOWSsystem32NVUNINST.EXE
2009-02-05 23:52:10 —-D—- C:Documents and SettingsAdminApplication DataWinRAR
2009-02-05 23:36:45 —-A—- C:WINDOWSsystem32wmpns.dll
2009-02-05 23:36:44 —-D—- C:Documents and SettingsAdminApplication DataIdentities
2009-02-05 23:36:41 —-HD—- C:Program FilesUninstall Information
2009-02-05 23:35:49 —-RD—- C:WINDOWSOemDrv
2009-02-05 23:35:41 —-D—- C:Program FilesuTorrent
2009-02-05 23:35:40 —-D—- C:Program FilesCommon FilesEZB Systems
2009-02-05 23:35:39 —-D—- C:Program FilesUltraISO
2009-02-05 23:35:37 —-D—- C:Program FilesWinRAR
2009-02-05 23:35:34 —-D—- C:Program FilesEverest
2009-02-05 23:35:31 —-D—- C:Documents and SettingsAdminApplication DataMozilla
2009-02-05 23:35:24 —-D—- C:Program FilesMozilla Firefox
2009-02-05 23:35:10 —-N—- C:WINDOWSsystem32fpres632.dll
2009-02-05 23:35:10 —-N—- C:WINDOWSsystem32fpmon6.dll
2009-02-05 23:35:10 —-N—- C:WINDOWSsystem32fpent6a.dll
2009-02-05 23:35:02 —-D—- C:Program FilesVuescan
2009-02-05 23:34:32 —-D—- C:Program FilesCommon FilesArsenal Shared
2009-02-05 23:34:32 —-D—- C:Program FilesArsenal Company
2009-02-05 23:34:31 —-HD—- C:Program FilesInstallShield Installation Information
2009-02-05 23:34:01 —-D—- C:Program FilesCommon FilesMacromedia
2009-02-05 23:33:39 —-D—- C:Documents and SettingsAll UsersApplication DataMacromedia
2009-02-05 23:33:38 —-D—- C:Program FilesMacromedia
2009-02-05 23:33:23 —-D—- C:Program FilesCommon FilesInstallShield
2009-02-05 23:27:35 —-A—- C:WINDOWSODBC.INI
2009-02-05 23:25:36 —-D—- C:Program FilesMicrosoft Visual Studio
2009-02-05 23:25:02 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2009-02-05 23:22:09 —-D—- C:WINDOWSSHELLNEW
2009-02-05 23:20:38 —-D—- C:Program FilesMicrosoft Works
2009-02-05 23:20:30 —-D—- C:Program FilesCommon FilesDESIGNER
2009-02-05 23:20:22 —-D—- C:Program FilesMicrosoft.NET
2009-02-05 23:19:14 —-D—- C:Program FilesMicrosoft Office
2009-02-05 23:19:14 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-02-05 23:19:02 —-RHD—- C:MSOCache
2009-02-05 23:18:20 —-D—- C:Program FilesWinDjView
2009-02-05 23:18:13 —-D—- C:Program FilesSolid Converter PDF
2009-02-05 23:18:10 —-D—- C:Program FilesFoxit Reader
2009-02-05 23:18:07 —-D—- C:WINDOWSsystem32AkelFiles
2009-02-05 23:18:07 —-A—- C:WINDOWSsystem32notepad.exe.manifest
2009-02-05 23:18:07 —-A—- C:WINDOWSsystem32akelpad.ini
2009-02-05 23:18:06 —-D—- C:Program FilesPunto Switcher
2009-02-05 23:18:02 —-A—- C:WINDOWSWPI_Log_2009.02.05_21.18.02.txt
2009-02-05 23:16:41 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-02-05 23:16:41 —-ASH—- C:Documents and SettingsAdminApplication Datadesktop.ini
2009-02-05 23:15:21 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-05 23:11:48 —-D—- C:WINDOWSsystem32xircom
2009-02-05 23:11:48 —-D—- C:Program Filesmsn gaming zone
2009-02-05 23:11:29 —-D—- C:Program FilesVistaDriveIcon
2009-02-05 23:11:10 —-D—- C:Program FilesPaint.NET
2009-02-05 23:11:10 —-A—- C:WINDOWSsystem32wiaaut.dll
2009-02-05 23:11:08 —-A—- C:WINDOWSinnounp.exe
2009-02-05 23:11:07 —-RA—- C:WINDOWSdel.bat
2009-02-05 23:11:06 —-A—- C:WINDOWSsystem32oeminfo.ini
2009-02-05 23:11:05 —-RA—- C:WINDOWSsystem32OEMINFO.CMD
2009-02-05 23:11:02 —-SD—- C:WINDOWSsystem32Microsoft
2009-02-05 23:11:02 —-A—- C:WINDOWSsystem32javaws.exe
2009-02-05 23:11:02 —-A—- C:WINDOWSsystem32javaw.exe
2009-02-05 23:11:02 —-A—- C:WINDOWSsystem32java.exe
2009-02-05 23:10:41 —-D—- C:Program FilesJava
2009-02-05 23:10:41 —-D—- C:Program FilesCommon FilesJava
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xinput9_1_0.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xinput1_3.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xinput1_2.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xinput1_1.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32XAudio2_2.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32XAudio2_1.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32XAudio2_0.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32XAPOFX1_1.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32XAPOFX1_0.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine3_2.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine3_1.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine3_0.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine2_9.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine2_8.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine2_7.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine2_6.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine2_5.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine2_4.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine2_3.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine2_2.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine2_10.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine2_1.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32xactengine2_0.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32X3DAudio1_4.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32X3DAudio1_3.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32X3DAudio1_2.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32x3daudio1_1.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32x3daudio1_0.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32d3dx9_39.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32D3DX9_38.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32d3dx9_37.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32d3dx9_36.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32d3dx9_35.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32d3dx9_34.dll
2009-02-05 23:10:24 —-A—- C:WINDOWSsystem32d3dx9_33.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx9_32.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx9_31.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx9_30.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx9_29.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx9_28.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx9_27.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx9_26.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx9_25.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx9_24.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx10_39.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx10_38.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx10_37.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx10_36.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx10_35.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx10_34.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx10_33.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32d3dx10.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32D3DCompiler_39.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32D3DCompiler_38.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32D3DCompiler_37.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32D3DCompiler_36.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32D3DCompiler_35.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32D3DCompiler_34.dll
2009-02-05 23:10:23 —-A—- C:WINDOWSsystem32D3DCompiler_33.dll
2009-02-05 23:10:18 —-D—- C:Documents and SettingsAdminApplication DataMacromedia
2009-02-05 23:10:18 —-D—- C:Documents and SettingsAdminApplication DataAdobe
2009-02-05 23:08:25 —-RSD—- C:WINDOWSassembly
2009-02-05 23:08:25 —-D—- C:WINDOWSMicrosoft.NET
2009-02-05 23:08:23 —-D—- C:WINDOWSsystem32URTTemp
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32zlib1.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32wrap_oal.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32wnaspi32.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32Vbrun300.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32vbrun200.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32vbrun100.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32Vb40032.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32Vb40016.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32ssleay32.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32OpenAL32.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32msvcrt10.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32msvcr71.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32msvcr70.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32msvcp71.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MSVCP70.DLL
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32msvci70.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MSSTKPRP.DLL
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32msstdfmt.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MFC71u.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MFC71KOR.DLL
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MFC71JPN.DLL
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MFC71ITA.DLL
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MFC71FRA.DLL
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MFC71ESP.DLL
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MFC71ENU.DLL
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MFC71DEU.DLL
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MFC71CHT.DLL
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MFC71CHS.DLL
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32MFC71.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32mfc70u.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32mfc70kor.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32mfc70jpn.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32mfc70ita.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32mfc70fra.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32mfc70esp.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32mfc70enu.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32mfc70deu.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32mfc70cht.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32mfc70chs.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32mfc70.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32libssl32.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32libeay32.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32atl71.dll
2009-02-05 23:07:44 —-A—- C:WINDOWSsystem32atl70.dll
2009-02-05 23:07:22 —-A—- C:WINDOWScontrol.ini
2009-02-05 23:07:22 —-A—- C:AUTOEXEC.BAT
2009-02-05 23:07:12 —-A—- C:WINDOWSOEWABLog.txt
2009-02-05 23:07:07 —-A—- C:WINDOWSsystem32mapi32.dll
2009-02-05 23:06:05 —-RA—- C:WINDOWSsystem32logonui.exe.manifest
2009-02-05 23:06:00 —-RA—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-02-05 23:05:54 —-HD—- C:Program FilesWindowsUpdate
2009-02-05 23:05:50 —-D—- C:Program FilesOnline Services
2009-02-05 23:05:40 —-A—- C:WINDOWSsystem32desktop.ini
2009-02-05 23:05:40 —-A—- C:WINDOWSsystem32atrace.dll
2009-02-05 23:05:39 —-A—- C:WINDOWSdesktop.ini
2009-02-05 23:05:33 —-A—- C:WINDOWSsystem32acctres.dll
2009-02-05 23:05:32 —-D—- C:Program FilesCommon FilesServices
2009-02-05 23:05:30 —-SD—- C:WINDOWSTasks
2009-02-05 23:05:30 —-D—- C:Program FilesCommon FilesMSSoap
2009-02-05 23:05:30 —-A—- C:WINDOWSsystem32icfgnt5.dll
2009-02-05 23:05:27 —-D—- C:WINDOWSsrchasst
2009-02-05 23:05:26 —-D—- C:WINDOWSsystem32Macromed
2009-02-05 23:05:23 —-A—- C:WINDOWSsystem32wuweb.dll
2009-02-05 23:05:22 —-A—- C:WINDOWSsystem32wups.dll
2009-02-05 23:05:22 —-A—- C:WINDOWSsystem32wucltui.dll
2009-02-05 23:05:22 —-A—- C:WINDOWSsystem32wuauserv.dll
2009-02-05 23:05:22 —-A—- C:WINDOWSsystem32wuaueng1.dll
2009-02-05 23:05:22 —-A—- C:WINDOWSsystem32wuaueng.dll
2009-02-05 23:05:22 —-A—- C:WINDOWSsystem32wuauclt1.exe
2009-02-05 23:05:21 —-A—- C:WINDOWSsystem32wuauclt.exe
2009-02-05 23:05:21 —-A—- C:WINDOWSsystem32wuapi.dll
2009-02-05 23:05:21 —-A—- C:WINDOWSsystem32qmgrprxy.dll
2009-02-05 23:05:21 —-A—- C:WINDOWSsystem32qmgr.dll
2009-02-05 23:05:21 —-A—- C:WINDOWSsystem32bitsprx4.dll
2009-02-05 23:05:21 —-A—- C:WINDOWSsystem32bitsprx3.dll
2009-02-05 23:05:21 —-A—- C:WINDOWSsystem32bitsprx2.dll
2009-02-05 23:05:17 —-D—- C:Program FilesMovie Maker
2009-02-05 23:05:06 —-A—- C:WINDOWSsystem32safrslv.dll
2009-02-05 23:05:06 —-A—- C:WINDOWSsystem32safrdm.dll
2009-02-05 23:05:05 —-A—- C:WINDOWSsystem32safrcdlg.dll
2009-02-05 23:05:05 —-A—- C:WINDOWSsystem32racpldlg.dll
2009-02-05 23:05:02 —-A—- C:WINDOWSsystem32fltMc.exe
2009-02-05 23:05:02 —-A—- C:WINDOWSsystem32fltlib.dll
2009-02-05 23:05:01 —-D—- C:WINDOWSsystem32Restore
2009-02-05 23:05:01 —-A—- C:WINDOWSsystem32srsvc.dll
2009-02-05 23:05:01 —-A—- C:WINDOWSsystem32srrstr.dll
2009-02-05 23:05:01 —-A—- C:WINDOWSsystem32srclient.dll
2009-02-05 23:05:01 —-A—- C:WINDOWSsystem32msoert2.dll
2009-02-05 23:05:01 —-A—- C:WINDOWSsystem32msoeacct.dll
2009-02-05 23:04:59 —-A—- C:WINDOWSsystem32inetres.dll
2009-02-05 23:04:59 —-A—- C:WINDOWSsystem32inetcomm.dll
2009-02-05 23:04:57 —-D—- C:Program FilesOutlook Express
2009-02-05 23:04:57 —-A—- C:WINDOWSsystem32schedsvc.dll
2009-02-05 23:04:57 —-A—- C:WINDOWSsystem32mstinit.exe
2009-02-05 23:04:57 —-A—- C:WINDOWSsystem32mstask.dll
2009-02-05 23:04:56 —-A—- C:WINDOWSsystem32isign32.dll
2009-02-05 23:04:56 —-A—- C:WINDOWSsystem32inetcfg.dll
2009-02-05 23:04:56 —-A—- C:WINDOWSsystem32icwphbk.dll
2009-02-05 23:04:56 —-A—- C:WINDOWSsystem32icwdial.dll
2009-02-05 23:04:52 —-D—- C:Program FilesCommon FilesSystem
2009-02-05 23:04:08 —-D—- C:Program FilesComPlus Applications
2009-02-05 23:04:06 —-A—- C:WINDOWSvbaddin.ini
2009-02-05 23:04:06 —-A—- C:WINDOWSvb.ini
2009-02-05 23:04:01 —-D—- C:WINDOWSRegistration
2009-02-05 23:03:40 —-D—- C:Program FilesWindows Media Player
2009-02-05 23:03:40 —-D—- C:Program FilesWindows Media Connect 2
2009-02-05 23:03:36 —-RD—- C:WINDOWSOffline Web Pages
2009-02-05 23:03:36 —-A—- C:WINDOWSsystem32winfxdocobj.exe
2009-02-05 23:03:35 —-SD—- C:WINDOWSDownloaded Program Files
2009-02-05 23:03:35 —-A—- C:WINDOWSsystem32msfeedssync.exe
2009-02-05 23:03:34 —-D—- C:WINDOWSwbem
2009-02-05 23:03:34 —-A—- C:WINDOWSsystem32msfeedsbs.dll
2009-02-05 23:03:32 —-A—- C:WINDOWSsystem32ieframe.dll.mui
2009-02-05 23:03:31 —-D—- C:Program FilesInternet Explorer
2009-02-05 23:03:31 —-A—- C:WINDOWSsystem32advpack.dll.mui
2009-02-05 23:03:30 —-A—- C:WINDOWSsystem32wul_lng.ini
2009-02-05 23:03:30 —-A—- C:WINDOWSsystem32wul.exe
2009-02-05 23:03:30 —-A—- C:WINDOWSsystem32TweakUI.exe
2009-02-05 23:03:29 —-D—- C:WINDOWSsystem32PreInstall
2009-02-05 23:03:28 —-D—- C:WINDOWSSoftwareDistribution
2009-02-05 23:03:28 —-A—- C:WINDOWSsystem32muweb.dll
2009-02-05 23:03:27 —-A—- C:WINDOWSsystem32write.exe
2009-02-05 23:03:27 —-A—- C:WINDOWSsystem32gpprefcl.dll
2009-02-05 23:03:11 —-A—- C:WINDOWSsystem32winchat.exe
2009-02-05 23:03:11 —-A—- C:WINDOWSsystem32sndvol32.exe
2009-02-05 23:03:11 —-A—- C:WINDOWSsystem32hticons.dll
2009-02-05 23:03:11 —-A—- C:WINDOWSsystem32avwav.dll
2009-02-05 23:03:11 —-A—- C:WINDOWSsystem32avtapi.dll
2009-02-05 23:03:11 —-A—- C:WINDOWSsystem32avmeter.dll
2009-02-05 23:03:02 —-A—- C:WINDOWSsystem32getuname.dll
2009-02-05 23:03:02 —-A—- C:WINDOWSsystem32charmap.exe
2009-02-05 23:03:01 —-A—- C:WINDOWSsystem32winmine.exe
2009-02-05 23:03:01 —-A—- C:WINDOWSsystem32sol.exe
2009-02-05 23:03:01 —-A—- C:WINDOWSsystem32calc.exe
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32usrlogon.cmd
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32tsshutdn.exe
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32tslabels.ini
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32tskill.exe
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32tsdiscon.exe
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32tscon.exe
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32shadow.exe
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32rwinsta.exe
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32reset.exe
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32regini.exe
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32rdpcfgex.dll
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32qwinsta.exe
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32mshearts.exe
2009-02-05 23:03:00 —-A—- C:WINDOWSsystem32freecell.exe
2009-02-05 23:02:59 —-A—- C:WINDOWSsystem32qappsrv.exe
2009-02-05 23:02:59 —-A—- C:WINDOWSsystem32msg.exe
2009-02-05 23:02:59 —-A—- C:WINDOWSsystem32msdtcprf.ini
2009-02-05 23:02:59 —-A—- C:WINDOWSsystem32logoff.exe
2009-02-05 23:02:59 —-A—- C:WINDOWSsystem32cdmodem.dll
2009-02-05 23:02:55 —-A—- C:WINDOWSsystem32wmimgmt.msc
2009-02-05 23:02:54 —-A—- C:WINDOWSsystem32sndrec32.exe
2009-02-05 23:02:54 —-A—- C:WINDOWSsystem32mplay32.exe
2009-02-05 23:02:54 —-A—- C:WINDOWSsystem32hypertrm.dll
2009-02-05 23:02:54 —-A—- C:WINDOWSsystem32accwiz.exe
2009-02-05 23:02:53 —-D—- C:Program FilesWindows NT
2009-02-05 23:02:53 —-A—- C:WINDOWSsystem32spider.exe
2009-02-05 23:02:53 —-A—- C:WINDOWSsystem32clipbrd.exe
2009-02-05 23:02:52 —-A—- C:WINDOWSsystem32tsgqec.dll
2009-02-05 23:02:52 —-A—- C:WINDOWSsystem32tscfgwmi.dll
2009-02-05 23:02:52 —-A—- C:WINDOWSsystem32rhttpaa.dll
2009-02-05 23:02:52 —-A—- C:WINDOWSsystem32aaclient.dll
2009-02-05 23:02:51 —-A—- C:WINDOWSsystem32termsrv.dll
2009-02-05 23:02:51 —-A—- C:WINDOWSsystem32sessmgr.exe
2009-02-05 23:02:51 —-A—- C:WINDOWSsystem32remotepg.dll
2009-02-05 23:02:51 —-A—- C:WINDOWSsystem32rdshost.exe
2009-02-05 23:02:51 —-A—- C:WINDOWSsystem32rdsaddin.exe
2009-02-05 23:02:51 —-A—- C:WINDOWSsystem32rdchost.dll
2009-02-05 23:02:51 —-A—- C:WINDOWSsystem32mstscax.dll
2009-02-05 23:02:51 —-A—- C:WINDOWSsystem32mstsc.exe
2009-02-05 23:02:50 —-D—- C:WINDOWSsystem32MsDtc
2009-02-05 23:02:50 —-A—- C:WINDOWSsystem32rdpwsx.dll
2009-02-05 23:02:50 —-A—- C:WINDOWSsystem32rdpsnd.dll
2009-02-05 23:02:50 —-A—- C:WINDOWSsystem32rdpclip.exe
2009-02-05 23:02:50 —-A—- C:WINDOWSsystem32qprocess.exe
2009-02-05 23:02:50 —-A—- C:WINDOWSsystem32mtxoci.dll
2009-02-05 23:02:50 —-A—- C:WINDOWSsystem32msdtcuiu.dll
2009-02-05 23:02:50 —-A—- C:WINDOWSsystem32msdtctm.dll
2009-02-05 23:02:50 —-A—- C:WINDOWSsystem32msdtcprx.dll
2009-02-05 23:02:50 —-A—- C:WINDOWSsystem32icaapi.dll
2009-02-05 23:02:50 —-A—- C:WINDOWSsystem32cfgbkend.dll
2009-02-05 23:02:49 —-D—- C:WINDOWSsystem32Com
2009-02-05 23:02:49 —-A—- C:WINDOWSsystem32xolehlp.dll
2009-02-05 23:02:49 —-A—- C:WINDOWSsystem32mtxlegih.dll
2009-02-05 23:02:49 —-A—- C:WINDOWSsystem32mtxex.dll
2009-02-05 23:02:49 —-A—- C:WINDOWSsystem32mtxdm.dll
2009-02-05 23:02:49 —-A—- C:WINDOWSsystem32msdtclog.dll
2009-02-05 23:02:49 —-A—- C:WINDOWSsystem32msdtc.exe
2009-02-05 23:02:49 —-A—- C:WINDOWSsystem32dcomcnfg.exe
2009-02-05 23:02:48 —-A—- C:WINDOWSsystem32stclient.dll
2009-02-05 23:02:48 —-A—- C:WINDOWSsystem32comrepl.dll
2009-02-05 23:02:48 —-A—- C:WINDOWSsystem32comaddin.dll
2009-02-05 23:02:48 —-A—- C:WINDOWSsystem32colbact.dll
2009-02-05 23:02:48 —-A—- C:WINDOWSsystem32clbcatex.dll
2009-02-05 23:02:48 —-A—- C:WINDOWSsystem32catsrvut.dll
2009-02-05 23:02:48 —-A—- C:WINDOWSsystem32catsrvps.dll
2009-02-05 23:02:48 —-A—- C:WINDOWSsystem32catsrv.dll
2009-02-05 23:02:47 —-A—- C:WINDOWSsystem32comuid.dll
2009-02-05 23:02:47 —-A—- C:WINDOWSsystem32comsvcs.dll
2009-02-05 23:02:47 —-A—- C:WINDOWSsystem32comsnap.dll
2009-02-05 23:02:47 —-A—- C:WINDOWSsystem32clbcatq.dll
2009-02-05 23:02:41 —-A—- C:WINDOWSsystem32servdeps.dll
2009-02-05 23:02:41 —-A—- C:WINDOWSsystem32mmfutil.dll
2009-02-05 23:02:41 —-A—- C:WINDOWSsystem32licwmi.dll
2009-02-05 23:02:41 —-A—- C:WINDOWSsystem32cmprops.dll======List of files/folders modified in the last 1 months======
2009-02-09 06:33:53 —-A—- C:WINDOWSsystem.ini
2009-02-05 23:24:32 —-A—- C:WINDOWSwin.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-02-06 29704]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-02-06 34312]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-02-06 39944]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-07-08 62848]
R2 TBPanel;TBPanel; C:WINDOWSsystem32driversTBPanel.sys [2007-03-16 12256]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2008-01-25 4127488]
R3 npkcrypt;npkcrypt; ??F:игрылинейкаLineageII_Interlude_off_DUXsystemnpkcrypt.sys []
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-11-12 6188320]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtnicxp.sys [2007-11-21 104320]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-08-20 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-08-20 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-08-19 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2008-03-02 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]P.S. В 2-е части потому что в 1-ну не влезло (лимит 60000 знаков)
часть 2
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-02-06 472320]
R2 FinePrint Диспетчер v6;FinePrint Диспетчер v6; C:WINDOWSSystem32spoolDRIVERSW32X863fpdisp6.exe [2008-07-11 557056]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-11-12 163908]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:WINDOWSSystem32TUProgSt.exe [2009-02-08 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2008-04-15 14336]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-02-06 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-02-06 654848]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2006-07-31 720896]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2009-02-08 362240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
EOF
info.txt logfile of random’s system information tool 1.05 2009-02-09 06:48:10
======Uninstall list======
—>C:Program FilesNeroNero 7nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>msiexec /package {90120000-0015-0000-0000-0000000FF1CE} /uninstall {10B5F4EF-C4DC-47AF-913B-EAF05C69C852}
—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {C5060182-C90D-4314-9AE9-5C0DCF8FD1EF}
—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {00E877D5-CDF8-4DDC-9AE0-E541B4BB6487}
—>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {2A33A0C2-2B09-446E-9022-1508A85ECD2D}
—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {3520B304-0EF8-475D-8C52-47ABCCC75FC6}
—>msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5C395839-FBA5-49C5-923A-787665D5E128}
—>MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Acrobat 5.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.isu» -c»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.dll»
Adobe Anchor Service CS3—>MsiExec.exe /I{A4464AC3-D85E-4649-8748-706191063DF6}
Adobe Asset Services CS3—>MsiExec.exe /I{7302810D-7ACF-4339-B27B-57016CAADDCD}
Adobe Bridge CS3—>MsiExec.exe /I{FABA59CC-347B-478B-B2A7-37BF0885CACB}
Adobe Bridge Start Meeting—>MsiExec.exe /I{CE52110A-7773-444F-9E5D-4A45E4792DB6}
Adobe Camera Raw 4.0—>MsiExec.exe /I{AED353B9-E6D7-406F-B007-2C55C5265EB3}
Adobe CMaps—>MsiExec.exe /I{D8FC8E35-D397-4C16-87AE-141A625221E4}
Adobe Default Language CS3—>MsiExec.exe /I{D446BA40-1F5F-44EB-A794-0AC14F809C79}
Adobe Device Central CS3—>MsiExec.exe /I{265FCC3B-4814-4B2B-89D6-217DFB8AD886}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{F36CFE58-47C0-4D75-995B-E0172563FA83}
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Fonts All—>MsiExec.exe /I{162DDD86-C087-4E59-B7A8-0C1D8F884A9A}
Adobe Help Viewer 1.1—>MsiExec.exe /I{F3697BA5-C8D8-4925-ACCA-F486C76BAD33}
Adobe Linguistics CS3—>MsiExec.exe /I{E5C28906-EC86-404E-BB4F-6AB2590451FF}
Adobe PDF Library Files—>MsiExec.exe /I{91D829E6-F1D1-433F-861F-0552DFED0EAD}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers8d0dc9390f2c596455e1446b5918a40Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{F32F1F7C-322D-46B9-B69A-5C3EDC88B74C}
Adobe Setup—>MsiExec.exe /I{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}
Adobe Stock Photos CS3—>MsiExec.exe /I{73B79E83-490B-460D-B0D6-2C7B73980325}
Adobe Type Support—>MsiExec.exe /I{A78A65E4-1D88-477A-83B4-3EC540F6A55A}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{BF18C55F-791F-4C17-AB75-E397EE01C14B}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{51DC4D9C-F729-48A7-9CE0-BC77529ECCA2}
Adobe XMP Panels CS3—>MsiExec.exe /I{F0CF6455-EDD8-41C6-A96A-223874E660CC}
Command and Conquer Generals — Zero Hour—>F:PROGRA~1C&CGEN~1UNWISE.EXE F:PROGRA~1C&CGEN~1INSTALL.LOG
DAEMON Tools Toolbar—>C:Program FilesDAEMON Tools Toolbaruninst.exe
ESET NOD32 Antivirus—>MsiExec.exe /I{3D057AD8-E03B-46D3-88C2-BAE2A8B6261A}
Eset-NOD32: Fix Dasumo v3 until 2029—>C:Program FilesESETuninstall.exe
Everest—>C:Program FilesEverestUninstall.exe
Exact Audio Copy 0.99pb4—>C:Program FilesExact Audio Copyuninst.exe
EXPERTool 6.4—>»C:Program FilesEXPERToolunins000.exe»
FinePrint—>C:WINDOWSSystem32spoolDRIVERSW32X863fpinst6.exe /uninstall
Foxit Reader—>C:Program FilesFoxit ReaderUninstall.exe
Guitar Pro 5.2—>»C:Program FilesGuitar Pro 5unins000.exe»
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 2.76 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
Macromedia Dreamweaver 8—>MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Mail.Ru Агент 5.3 (сборка 2564, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Mail.Ru Спутник 2.0.1.54—>C:Program FilesMail.RuSputnikSputnikInstaller.exe -uninstall
Matrix Челябинск 6.0.8—>C:Program FilesMatrixuninst.exe
Matrix-Reload —>C:Program FilesMatrix-Reloaduninst.exe
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Access 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ACCESS /dll OSETUP.DLL
Microsoft Office Access 2007—>MsiExec.exe /X{90120000-0015-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Excel 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office Excel 2007—>MsiExec.exe /X{90120000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall OUTLOOK /dll OSETUP.DLL
Microsoft Office Outlook 2007—>MsiExec.exe /X{90120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall POWERPOINT /dll OSETUP.DLL
Microsoft Office PowerPoint 2007—>MsiExec.exe /X{90120000-0018-0000-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Visio MUI (Russian) 2007—>MsiExec.exe /X{90120000-0054-0419-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007—>MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visio Профессиональный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Word 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007—>MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Mozilla Firefox—>C:Program FilesMozilla FirefoxUninstall.exe
MSXML 4.0 SP2 (KB941833)—>MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Premium—>MsiExec.exe /I{11439F51-B8D2-4736-9CDF-8889FEBE1049}
Nero Sipps—>C:WINDOWSUNNeroSipps.exe /UNINSTALL
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13—>MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Opera—>C:PROGRA~1Operauninstunwise.exe C:PROGRA~1Operauninstinstall.log
Paint.NET v3.35—>rundll32.exe advpack.dll,LaunchINFSection PaintDN.inf,Uninstall
Punto Switcher—>C:Program FilesPunto SwitcherUninstall.exe
Realtek AC’97 Audio—>Alcrmv.exe -r -m
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-0015-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0015-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for 2007 Microsoft Office System (KB958439)—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-0015-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Visio 2007 (KB947590)—>msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {199018BD-578E-44BD-A28F-7F944931CABD}
Security Update for Microsoft Office Word 2007 (KB956358)—>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Microsoft Office Word 2007 (KB956358)—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Solid Converter PDF—>C:Program FilesSolid Converter PDFUninstall.exe
Spybot — Search & Destroy—>»C:Program FilesSpybot — Search & Destroyunins000.exe»
Tech_rem—>C:WINDOWSiun505.exe C:Tech_remirunin.ini
TuneUp Utilities 2009—>MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
UltraISO Premium (only 32bit) v9.3.0.2612—>»C:Program FilesUltraISOunins000.exe»
Update for Microsoft Office Outlook 2007 (KB952142)—>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB934391)—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934391)—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691)—>msiexec /package {90120000-0015-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)—>msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)—>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)—>msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)—>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
uTorrent—>C:Program FilesuTorrentUninstall.exe
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vista Drive Icon—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
Vuescan—>C:Program FilesVuescanUninstall.exe
WinDjView 0.5—>»C:Program FilesWinDjViewunins000.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Данные ДубльГИС г.Челябинск 01.11.2008—>MsiExec.exe /X{AC06AEEC-C884-484A-9AC5-67E8243E25CC}
ДубльГИС 3.0.4.1—>MsiExec.exe /X{FA671504-B676-42B9-A5E5-30399BD8F676}
Обновление безопасности для Windows Internet Explorer 7 (KB938127-v2)—>»C:WINDOWSie7updatesKB938127-v2-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB960714)—>»C:WINDOWSie7updatesKB960714-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
СОКРАТ Интернет 3.0 Полиглот—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A1CE8874-17FC-4646-81F5-BA704330CD72}setup.exe»
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»======Security center information======
AV: ESET NOD32 Antivirus 3.0 (disabled)
System event log
Computer Name: MICROSOF-624729
Event Code: 3260
Message: Этот компьютер был успешно присоединен к workgroup ‘WORKGROUP’.Record Number: 5
Source Name: Workstation
Time Written: 20090205230236.000000+300
Event Type: информация
User:Computer Name: MICROSOF-624729
Event Code: 6011
Message: NetBIOS-имя и имя DNS-узла этого компьютера были изменены с «MACHINENAME» на «MICROSOF-624729».Record Number: 4
Source Name: EventLog
Time Written: 20090205230108.000000+300
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 2
Message: При проверке, что DeviceSerial0 является последовательным портом, обнаружена и будет использоваться прямая очередь.Record Number: 3
Source Name: Serial
Time Written: 20090206015141.000000+300
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 6005
Message: Запущена служба журнала событий.Record Number: 2
Source Name: EventLog
Time Written: 20090206015121.000000+300
Event Type: информация
User:Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows 2000 (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.Record Number: 1
Source Name: EventLog
Time Written: 20090206015121.000000+300
Event Type: информация
User:Application event log
Computer Name: MICROSOF-624729
Event Code: 1000
Message: Счетчики производительности для службы MSDTC (MSDTC) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20090205230356.000000+300
Event Type: информация
User:Computer Name: MICROSOF-624729
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20090205230351.000000+300
Event Type: информация
User:Computer Name: MICROSOF-624729
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20090205230233.000000+300
Event Type: информация
User:Computer Name: MICROSOF-624729
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20090205230213.000000+300
Event Type: информация
User:Computer Name: MICROSOF-624729
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20090205230117.000000+300
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 4 Stepping 9, GenuineIntel
«PROCESSOR_REVISION»=0409
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Судя по логам, ваш компьютер так же заражён autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов. Отключите ваш антивирус. Скачайте и запустите Flash_Disinfector, не забудьте при этом по требованию программы вставить ваш флэш диск или подключить другие внешние устройства хранения информации. Запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.Так же видно что вы имеете Combofix, поэтому воспользуемся этой программой для лечения вашего компьютера.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Registry::
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4D43A883-4FED-4148-B6C2-3E065E77F5D8}]
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4D43A883-4FED-4148-B6C2-3E065E77F5D8}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6ba64455-f481-11dd-9449-000461aebaa7}]
File::
C:Documents and SettingsAll UsersApplication Datayvulib.dll
C:Documents and SettingsAll UsersApplication Datayvulib.dll
Folder::
G:RESTORE
C:RESTOREЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
И конечно-же проверьте InternetExplorer в работе.к сажелению лента так и осталась.лог ниже
ComboFix 09-02-12.03 — Admin 2009-02-13 4:46:49.6 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.1023.358 [GMT 5:00]
Running from: c:documents and settingsAdminРабочий столлечилкиComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столлечилкиCFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:documents and settingsAll UsersApplication Datayvulib.dll
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAdminLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsAdminLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.gif
c:documents and settingsAdminLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsAdminLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.gif
c:documents and settingsAll UsersApplication Datayvulib.dll
H:d.com.
((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))))))))
.2009-02-11 18:59 . 2009-02-11 19:04
d
c:documents and settingsAdminApplication DataSPORE
2009-02-11 18:24 . 2009-02-11 18:24d
c:documents and settingsLocalServiceРабочий стол
2009-02-10 02:17 . 2009-02-10 02:17d
c:documents and settingsAdminApplication DataABBYY
2009-02-10 02:14 . 2009-02-10 02:14d
c:program filesCommon FilesABBYY
2009-02-10 02:12 . 2009-02-10 02:17d
c:program filesABBYY FineReader 9.0
2009-02-10 02:12 . 2009-02-10 22:52d
c:documents and settingsAll UsersApplication DataABBYY
2009-02-10 02:09 . 2009-02-10 02:10d
c:tempFR90PE
2009-02-10 02:09 . 2009-02-10 02:09d
C:temp
2009-02-09 23:23 . 2009-02-11 02:08d
c:documents and settingsAdminApplication DataQIP.Online
2009-02-09 23:21 . 2009-02-09 23:21d
c:program filesQIP.Online
2009-02-09 23:14 . 2009-02-09 23:14d
c:documents and settingsAdminApplication DataQIP
2009-02-09 23:13 . 2009-02-09 23:27d
c:program filesQIP Infium
2009-02-09 06:48 . 2009-02-09 06:48d
c:program filestrend micro
2009-02-09 06:47 . 2009-02-09 06:48d
C:rsit
2009-02-09 06:06 . 2009-02-09 06:06d
c:program filesSpybot — Search & Destroy
2009-02-09 06:06 . 2009-02-09 06:35d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-09 04:14 . 2009-02-09 04:14 320,000 —a
c:documents and settingsAll UsersApplication Dataaqplib.dll
2009-02-08 22:52 . 2009-02-08 22:52d
c:documents and settingsAdminApplication DataGrym
2009-02-08 22:51 . 2009-02-08 22:51d
c:program files2gis
2009-02-08 22:51 . 2009-02-08 22:54d
c:documents and settingsAll UsersApplication Data2GIS
2009-02-08 17:00 . 2009-02-08 17:00d
c:program filesExact Audio Copy
2009-02-08 17:00 . 2009-02-08 17:00d
c:documents and settingsAdminApplication DataAD ON Multimedia
2009-02-08 17:00 . 2009-02-08 17:00d
c:documents and settingsAdminApplication DataAccurateRip
2009-02-08 08:04 . 2009-02-09 04:04d
c:program filesDAEMON Tools Toolbar
2009-02-08 08:04 . 2009-02-08 08:04d
c:documents and settingsAdminApplication DataDAEMON Tools
2009-02-08 07:21 . 2006-07-28 20:11 3,076,096
c:windowsUNNeroSipps.exe
2009-02-08 07:21 . 2006-07-31 15:34 78,027
c:windowsUNNeroSipps.cfg
2009-02-08 05:21 . 2009-02-08 05:21 603,904 —a
c:windowssystem32TUProgSt.exe
2009-02-08 05:20 . 2009-02-08 05:22d
c:program filesTuneUp Utilities 2009
2009-02-08 05:20 . 2009-02-08 05:20d
c:documents and settingsAll UsersApplication DataTuneUp Software
2009-02-08 05:20 . 2009-02-08 05:20d—hs—- c:documents and settingsAll UsersApplication Data{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-08 05:20 . 2009-02-08 05:20d
c:documents and settingsAdminApplication DataTuneUp Software
2009-02-08 05:20 . 2009-02-08 05:20 362,240 —a
c:windowssystem32TuneUpDefragService.exe
2009-02-08 05:20 . 2008-11-12 16:44 27,904 —a
c:windowssystem32uxtuneup.dll
2009-02-08 04:44 . 2009-02-13 00:36 69 —a
c:windowsNeroDigital.ini
2009-02-08 04:02 . 2009-02-12 19:54d
c:documents and settingsAdminApplication DataAhead
2009-02-08 03:59 . 2009-02-08 07:20d
c:program filesNero
2009-02-08 03:59 . 2009-02-08 07:20d
c:program filesCommon FilesAhead
2009-02-08 03:27 . 2009-02-08 03:27 1,857,540 —ah
c:windows03.mpg
2009-02-08 03:27 . 2009-02-08 03:27 1,828,868 —ah
c:windows01.mpg
2009-02-07 02:01 . 2009-02-08 02:38d—h
c:windows$hf_mig$
2009-02-07 02:00 . 2009-02-07 02:00d
c:program filesMSXML 4.0
2009-02-07 01:35 . 2009-02-07 01:35d
c:documents and settingsAdminApplication Datafltk.org
2009-02-07 00:22 . 2009-02-07 00:22d
c:documents and settingsAdminApplication DataMedia Player Classic
2009-02-07 00:21 . 2009-02-07 00:21d
c:program filesK-Lite Codec Pack
2009-02-06 23:36 . 2009-02-06 23:36d
c:documents and settingsAll UsersApplication DataESET
2009-02-06 22:24 . 2009-02-06 22:24d
c:documents and settingsAll UsersApplication DataFLEXnet
2009-02-06 22:20 . 2009-02-06 22:20d
c:program filesCommon FilesMacrovision Shared
2009-02-06 22:19 . 2009-02-06 22:19d
c:program filesBonjour
2009-02-06 21:56 . 2009-02-06 21:56d
c:program filesMail.Ru
2009-02-06 21:56 . 2009-02-13 02:51d
c:documents and settingsAdminApplication DataMra
2009-02-06 21:36 . 2008-08-14 18:26 2,190,976
c— c:windowssystem32dllcachentoskrnl.exe
2009-02-06 21:36 . 2008-08-14 18:26 2,147,328
c— c:windowssystem32dllcachentkrnlmp.exe
2009-02-06 21:36 . 2008-08-14 18:26 2,067,840
c— c:windowssystem32dllcachentkrnlpa.exe
2009-02-06 21:36 . 2008-08-14 18:26 2,025,984
c— c:windowssystem32dllcachentkrpamp.exe
2009-02-06 19:25 . 2009-02-06 19:25d
c:windowssystem32Adobe
2009-02-06 19:25 . 2009-02-06 19:25d
c:windowsProfiles
2009-02-06 19:25 . 2009-02-06 22:38d
c:program filesCommon FilesAdobe
2009-02-06 19:25 . 2009-02-06 19:25d
c:documents and settingsAdminApplication DataInterTrust
2009-02-06 19:25 . 1998-10-29 14:45 306,688 —a
c:windowsIsUninst.exe
2009-02-06 19:02 . 2008-10-24 16:21 455,296
c— c:windowssystem32dllcachemrxsmb.sys
2009-02-06 18:40 . 2009-02-06 19:25d
C:Tech_rem
2009-02-06 18:40 . 2009-02-06 18:39 286,720 —a
c:windowsiun505.exe
2009-02-06 18:29 . 2008-09-04 22:17 1,106,944
c— c:windowssystem32dllcachemsxml3.dll
2009-02-06 15:41 . 2008-08-19 20:15 26,368 —a—c— c:windowssystem32dllcacheusbstor.sys
2009-02-06 13:58 . 2009-02-06 13:58d
c:program filesGuitar Pro 5
2009-02-06 12:58 . 2008-10-16 16:06 268,648 —a
c:windowssystem32mucltui.dll
2009-02-06 12:58 . 2008-10-16 16:06 27,496 —a
c:windowssystem32mucltui.dll.mui
2009-02-06 04:06 . 2009-02-06 04:08d
c:program filesMatrix-Reload
2009-02-06 04:00 . 2009-02-08 16:38dr
c:program filesMatrix
2009-02-06 03:12 . 2009-02-08 01:36d
c:program filesESET
2009-02-06 03:09 . 2009-02-13 00:09d
c:program filesOpera
2009-02-06 02:00 . 2008-08-20 01:15 172,416 —a
c:windowssystem32driverskmixer.sys
2009-02-06 02:00 . 2008-08-20 01:15 142,592 —a
c:windowssystem32driversaec.sys
2009-02-06 02:00 . 2008-08-20 01:15 83,072 —a
c:windowssystem32driverswdmaud.sys
2009-02-06 02:00 . 2008-08-20 01:15 60,800 —a
c:windowssystem32driverssysaudio.sys
2009-02-06 02:00 . 2008-08-20 01:15 56,576 —a
c:windowssystem32driversswmidi.sys
2009-02-06 02:00 . 2008-08-20 01:15 52,864 —a
c:windowssystem32driversDMusic.sys
2009-02-06 02:00 . 2008-08-20 01:15 7,552 —a
c:windowssystem32driversMSKSSRV.sys
2009-02-06 02:00 . 2008-08-20 01:15 6,272 —a
c:windowssystem32driverssplitter.sys
2009-02-06 02:00 . 2008-08-20 01:15 5,376 —a
c:windowssystem32driversMSPCLOCK.sys
2009-02-06 02:00 . 2008-08-20 01:15 4,992 —a
c:windowssystem32driversMSPQM.sys
2009-02-06 02:00 . 2001-08-18 02:59 3,072 —a
c:windowssystem32driversaudstub.sys
2009-02-06 02:00 . 2008-08-20 01:15 2,944 —a
c:windowssystem32driversdrmkaud.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 20:27
d
w c:documents and settingsAdminApplication DatauTorrent
2009-02-07 21:45
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-02-06 10:24
d
w c:program filesCommon FilesArsenal Shared
2009-02-05 19:25
d
w c:program filesAGEIA Technologies
2009-02-05 19:24
d
w c:program filesCommon FilesWise Installation Wizard
2009-02-05 19:14
d
w c:program filesEXPERTool
2009-02-05 19:04
d
w c:program filesuTorrent
2009-02-05 18:56
d
w c:program filesCommon FilesInstallShield
2009-02-05 18:35
d
w c:program filesVuescan
2009-02-05 18:35
d
w c:program filesUltraISO
2009-02-05 18:35
d
w c:program filesEverest
2009-02-05 18:35
d
w c:program filesCommon FilesEZB Systems
2009-02-05 18:34
d—h—w c:program filesInstallShield Installation Information
2009-02-05 18:34
d
w c:program filesCommon FilesMacromedia
2009-02-05 18:34
d
w c:program filesArsenal Company
2009-02-05 18:33
d
w c:program filesMacromedia
2009-02-05 18:20
d
w c:program filesMicrosoft.NET
2009-02-05 18:20
d
w c:program filesMicrosoft Works
2009-02-05 18:18
d
w c:program filesWinDjView
2009-02-05 18:18
d
w c:program filesSolid Converter PDF
2009-02-05 18:18
d
w c:program filesPunto Switcher
2009-02-05 18:18
d
w c:program filesFoxit Reader
2009-02-05 18:11 717,296 —-a-w c:windowssystem32driverssptd.sys
2009-02-05 18:11
d
w c:program filesVistaDriveIcon
2009-02-05 18:11
d
w c:program filesPaint.NET
2009-02-05 18:11
d
w c:program filesJava
2009-02-05 18:10
d
w c:program filesCommon FilesJava
2009-02-05 18:03
d
w c:program filesWindows Media Connect 2
2008-11-12 10:45 453,152 —-a-w c:windowssystem32NVUNINST.EXE
.
Sigcheck
2008-08-19 21:23 579072 23b7d3f3f5ec8feea75ec381c71cbd5e c:windowssystem32user32.dll2008-08-19 21:20 361600 6a104ba98d99d53ab0c91825ce659fc6 c:windowssystem32driverstcpip.sys
2008-08-19 21:22 1721344 62ea07edf5e3f3ff34eff9bf7619bc64 c:windowsexplorer.exe
2008-08-19 21:21 30208 b8b35f99dadaa5459fba639f20045fe2 c:windowssystem32ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-09_ 5.28.49,67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 21:16:42 25,214 —-a-r c:windowsInstaller{F9000000-0001-0000-0000-074957833700}ARPPRODUCTICON.exe
+ 2009-02-09 21:16:43 25,214 —-a-r c:windowsInstaller{F9000000-0001-0000-0000-074957833700}ICON_FineReader.exe
+ 2009-02-09 21:16:43 25,214 —-a-r c:windowsInstaller{F9000000-0001-0000-0000-074957833700}ICON_ScreenshotReader.exe
+ 2008-10-05 03:24:02 3,695,008 —-a-w c:windowssystem32MacromedFlashNPSWF32.dll
+ 2008-10-05 03:24:04 235,936 —-a-w c:windowssystem32MacromedFlashNPSWF32_FlashUtil.exe
+ 2009-02-09 17:38:49 84,661 —-a-w c:windowssystem32MacromedFlashuninstall_plugin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{95289393-33EA-4F8D-B952-483415B9C955}»= «c:documents and settingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll» [2009-01-20 131072][HKEY_CLASSES_ROOTclsid{95289393-33ea-4f8d-b952-483415b9c955}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO.1]
[HKEY_CLASSES_ROOTTypeLib{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO][HKEY_LOCAL_MACHINE~Browser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
2009-01-20 13:09 131072 —a
c:documents and settingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{CBC43FBB-B0CD-4343-88C3-BFB1F2C1E89D}]
2009-02-09 04:14 320000 —a
c:documents and settingsAll UsersApplication Dataaqplib.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-08-19 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2008-05-30 722112]
«GAINWARD»=»c:program filesEXPERToolTBPanel.exe» [2008-07-10 2177576]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-07-31 139264]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2009-01-26 2144088][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-11-12 13672448]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-11-12 86016]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-02-06 5600952]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-02-06 1443072]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-17 c:windowsSOUNDMAN.EXE]
«nwiz»=»nwiz.exe» [2008-11-12 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-08-19 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-10-17 c:windowssystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-10-17 c:windowssystem32advpack.dll][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-02-06 34312]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:program filesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2007-12-06 660768]
R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-02-06 472320]
R2 FinePrint Диспетчер v6;FinePrint Диспетчер v6;c:windowssystem32spooldriversw32x863fpdisp6.exe [2009-02-05 557056]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:windowssystem32TUProgSt.exe [2009-02-08 603904]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-02-12 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2009OneClickStarter.exe [2008-11-20 16:28]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.daemon-search.com/default
IE: &Перевести — c:program filesArsenal CompanySOCRAT InternetHTMLWSocrat.js
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1Office12EXCEL.EXE/3000
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} — c:program filesArsenal CompanySOCRAT InternetSocratInternet.dll
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — {A3400175-12F9-4220-83BF-A7210CA4003E} — c:program filesArsenal CompanySOCRAT InternetSocratInternet.dll
TCP: {710ABC31-627F-4E3E-8BA3-A0C4DD8F11D5} = 91.144.132.1 91.144.134.1
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 04:48:18
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(664)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(724)
c:windowssystem32SETUPAPI.dll
.
Completion time: 2009-02-13 4:49:27
ComboFix-quarantined-files.txt 2009-02-12 23:49:25
ComboFix2.txt 2009-02-09 01:35:04
ComboFix3.txt 2009-02-09 00:45:36
ComboFix4.txt 2009-02-09 00:35:09Pre-Run: 2 901 102 592 байт свободно
Post-Run: 2,911,784,960 байт свободно267 — E O F — 2009-02-07 21:45:54
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Registry::
[-HKEY_LOCAL_MACHINE~Browser Helper Objects{CBC43FBB-B0CD-4343-88C3-BFB1F2C1E89D}]
File::
c:documents and settingsAll UsersApplication Dataaqplib.dllЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
И конечно-же проверьте InternetExplorer в работе.эксплорер заработал нормально.большое вам спасибо.
ComboFix 09-02-12.03 — Admin 2009-02-14 22:26:11.7 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.1023.594 [GMT 5:00]
Running from: c:documents and settingsAdminРабочий столлечилкиComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:documents and settingsAll UsersApplication Dataaqplib.dll
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAdminLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsAdminLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsAdminLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.gif
c:documents and settingsAdminLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsAdminLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.jpg
c:documents and settingsAdminLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.gif
c:documents and settingsAll UsersApplication Dataaqplib.dll.
((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.2009-02-14 12:14 . 2009-02-14 12:15 43,520 —a
c:windowssystem32CmdLineExt03.dll
2009-02-14 12:00 . 2009-02-14 12:00d
c:program filesDaemonTools_WhenUSave_Installer
2009-02-14 12:00 . 2009-02-14 12:00d
c:program filesDAEMON Tools
2009-02-14 01:05 . 2009-02-14 01:05d
c:documents and settingsAdminApplication DataDSound
2009-02-14 01:03 . 2009-02-14 01:03d
c:program filesVSTplugins
2009-02-14 01:03 . 2009-02-14 01:03d
c:program filesDSound
2009-02-14 01:03 . 2009-02-14 01:03d
c:program filesASIO
2009-02-14 00:18 . 2009-02-14 00:18d
c:program filesAlien Connections
2009-02-14 00:18 . 2009-02-14 00:18 0 —a
c:windowsPROTOCOL.INI
2009-02-14 00:17 . 2009-02-14 00:17d
c:documents and settingsAdminWINDOWS
2009-02-14 00:17 . 1997-01-18 11:40 299,520 —a
c:windowsuninst.exe
2009-02-14 00:12 . 2009-02-14 00:12d
c:documents and settingsAdminApplication DataCakewalk
2009-02-14 00:04 . 2009-02-14 00:04d
c:program filesCakewalk
2009-02-14 00:03 . 2009-02-14 00:03 118,784 —a
c:windowsdsdxirmv.exe
2009-02-14 00:01 . 2009-02-14 00:01d
c:documents and settingsAll UsersApplication DataCakewalk
2009-02-14 00:01 . 2005-09-14 10:00 233,472 —a
c:windowssystem32REX Shared Library.dll
2009-02-14 00:01 . 2005-09-14 10:00 180,224 —a
c:windowssystem32ReWire.dll
2009-02-13 23:56 . 2009-02-14 00:11d
C:Cakewalk
2009-02-13 23:41 . 2009-02-13 23:41d
c:program filesASIO4ALL v2
2009-02-13 23:29 . 2009-02-13 23:29d
c:program filesCommon FilesDigidesign
2009-02-13 23:28 . 2009-02-13 23:28d
c:program filesNative Instruments
2009-02-11 18:59 . 2009-02-11 19:04d
c:documents and settingsAdminApplication DataSPORE
2009-02-11 18:24 . 2009-02-11 18:24d
c:documents and settingsLocalServiceРабочий стол
2009-02-10 02:17 . 2009-02-10 02:17d
c:documents and settingsAdminApplication DataABBYY
2009-02-10 02:14 . 2009-02-10 02:14d
c:program filesCommon FilesABBYY
2009-02-10 02:12 . 2009-02-10 02:17d
c:program filesABBYY FineReader 9.0
2009-02-10 02:12 . 2009-02-10 22:52d
c:documents and settingsAll UsersApplication DataABBYY
2009-02-10 02:09 . 2009-02-10 02:10d
c:tempFR90PE
2009-02-10 02:09 . 2009-02-10 02:09d
C:temp
2009-02-09 23:23 . 2009-02-11 02:08d
c:documents and settingsAdminApplication DataQIP.Online
2009-02-09 23:21 . 2009-02-09 23:21d
c:program filesQIP.Online
2009-02-09 23:14 . 2009-02-09 23:14d
c:documents and settingsAdminApplication DataQIP
2009-02-09 23:13 . 2009-02-09 23:27d
c:program filesQIP Infium
2009-02-09 06:48 . 2009-02-09 06:48d
c:program filestrend micro
2009-02-09 06:47 . 2009-02-09 06:48d
C:rsit
2009-02-09 06:06 . 2009-02-09 06:06d
c:program filesSpybot — Search & Destroy
2009-02-09 06:06 . 2009-02-09 06:35d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-08 22:52 . 2009-02-08 22:52d
c:documents and settingsAdminApplication DataGrym
2009-02-08 22:51 . 2009-02-08 22:51d
c:program files2gis
2009-02-08 22:51 . 2009-02-08 22:54d
c:documents and settingsAll UsersApplication Data2GIS
2009-02-08 17:00 . 2009-02-08 17:00d
c:program filesExact Audio Copy
2009-02-08 17:00 . 2009-02-08 17:00d
c:documents and settingsAdminApplication DataAD ON Multimedia
2009-02-08 17:00 . 2009-02-08 17:00d
c:documents and settingsAdminApplication DataAccurateRip
2009-02-08 08:04 . 2009-02-09 04:04d
c:program filesDAEMON Tools Toolbar
2009-02-08 08:04 . 2009-02-08 08:04d
c:documents and settingsAdminApplication DataDAEMON Tools
2009-02-08 07:21 . 2006-07-28 20:11 3,076,096
c:windowsUNNeroSipps.exe
2009-02-08 07:21 . 2006-07-31 15:34 78,027
c:windowsUNNeroSipps.cfg
2009-02-08 05:21 . 2009-02-08 05:21 603,904 —a
c:windowssystem32TUProgSt.exe
2009-02-08 05:20 . 2009-02-08 05:22d
c:program filesTuneUp Utilities 2009
2009-02-08 05:20 . 2009-02-08 05:20d
c:documents and settingsAll UsersApplication DataTuneUp Software
2009-02-08 05:20 . 2009-02-08 05:20d—hs—- c:documents and settingsAll UsersApplication Data{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-08 05:20 . 2009-02-08 05:20d
c:documents and settingsAdminApplication DataTuneUp Software
2009-02-08 05:20 . 2009-02-08 05:20 362,240 —a
c:windowssystem32TuneUpDefragService.exe
2009-02-08 05:20 . 2008-11-12 16:44 27,904 —a
c:windowssystem32uxtuneup.dll
2009-02-08 04:44 . 2009-02-14 02:44 69 —a
c:windowsNeroDigital.ini
2009-02-08 04:02 . 2009-02-12 19:54d
c:documents and settingsAdminApplication DataAhead
2009-02-08 03:59 . 2009-02-08 07:20d
c:program filesNero
2009-02-08 03:59 . 2009-02-08 07:20d
c:program filesCommon FilesAhead
2009-02-08 03:27 . 2009-02-08 03:27 1,857,540 —ah
c:windows03.mpg
2009-02-08 03:27 . 2009-02-08 03:27 1,828,868 —ah
c:windows01.mpg
2009-02-07 02:01 . 2009-02-08 02:38d—h
c:windows$hf_mig$
2009-02-07 02:00 . 2009-02-07 02:00d
c:program filesMSXML 4.0
2009-02-07 01:35 . 2009-02-07 01:35d
c:documents and settingsAdminApplication Datafltk.org
2009-02-07 00:22 . 2009-02-07 00:22d
c:documents and settingsAdminApplication DataMedia Player Classic
2009-02-07 00:21 . 2009-02-07 00:21d
c:program filesK-Lite Codec Pack
2009-02-06 23:36 . 2009-02-06 23:36d
c:documents and settingsAll UsersApplication DataESET
2009-02-06 22:24 . 2009-02-06 22:24d
c:documents and settingsAll UsersApplication DataFLEXnet
2009-02-06 22:20 . 2009-02-06 22:20d
c:program filesCommon FilesMacrovision Shared
2009-02-06 22:19 . 2009-02-06 22:19d
c:program filesBonjour
2009-02-06 21:56 . 2009-02-06 21:56d
c:program filesMail.Ru
2009-02-06 21:56 . 2009-02-14 20:51d
c:documents and settingsAdminApplication DataMra
2009-02-06 21:36 . 2008-08-14 18:26 2,190,976
c— c:windowssystem32dllcachentoskrnl.exe
2009-02-06 21:36 . 2008-08-14 18:26 2,147,328
c— c:windowssystem32dllcachentkrnlmp.exe
2009-02-06 21:36 . 2008-08-14 18:26 2,067,840
c— c:windowssystem32dllcachentkrnlpa.exe
2009-02-06 21:36 . 2008-08-14 18:26 2,025,984
c— c:windowssystem32dllcachentkrpamp.exe
2009-02-06 19:25 . 2009-02-06 19:25d
c:windowssystem32Adobe
2009-02-06 19:25 . 2009-02-06 19:25d
c:windowsProfiles
2009-02-06 19:25 . 2009-02-06 22:38d
c:program filesCommon FilesAdobe
2009-02-06 19:25 . 2009-02-06 19:25d
c:documents and settingsAdminApplication DataInterTrust
2009-02-06 19:25 . 1998-10-29 14:45 306,688 —a
c:windowsIsUninst.exe
2009-02-06 19:02 . 2008-10-24 16:21 455,296
c— c:windowssystem32dllcachemrxsmb.sys
2009-02-06 18:40 . 2009-02-06 19:25d
C:Tech_rem
2009-02-06 18:40 . 2009-02-06 18:39 286,720 —a
c:windowsiun505.exe
2009-02-06 18:29 . 2008-09-04 22:17 1,106,944
c— c:windowssystem32dllcachemsxml3.dll
2009-02-06 15:41 . 2008-08-19 20:15 26,368 —a—c— c:windowssystem32dllcacheusbstor.sys
2009-02-06 13:58 . 2009-02-06 13:58d
c:program filesGuitar Pro 5
2009-02-06 12:58 . 2008-10-16 16:06 268,648 —a
c:windowssystem32mucltui.dll
2009-02-06 12:58 . 2008-10-16 16:06 27,496 —a
c:windowssystem32mucltui.dll.mui
2009-02-06 04:06 . 2009-02-06 04:08d
c:program filesMatrix-Reload
2009-02-06 04:00 . 2009-02-08 16:38dr
c:program filesMatrix
2009-02-06 03:12 . 2009-02-08 01:36d
c:program filesESET
2009-02-06 03:09 . 2009-02-13 00:09d
c:program filesOpera
2009-02-06 02:00 . 2008-08-20 01:15 172,416 —a
c:windowssystem32driverskmixer.sys
2009-02-06 02:00 . 2008-08-20 01:15 142,592 —a
c:windowssystem32driversaec.sys
2009-02-06 02:00 . 2008-08-20 01:15 83,072 —a
c:windowssystem32driverswdmaud.sys
2009-02-06 02:00 . 2008-08-20 01:15 60,800 —a
c:windowssystem32driverssysaudio.sys
2009-02-06 02:00 . 2008-08-20 01:15 56,576 —a
c:windowssystem32driversswmidi.sys
2009-02-06 02:00 . 2008-08-20 01:15 52,864 —a
c:windowssystem32driversDMusic.sys
2009-02-06 02:00 . 2008-08-20 01:15 7,552 —a
c:windowssystem32driversMSKSSRV.sys
2009-02-06 02:00 . 2008-08-20 01:15 6,272 —a
c:windowssystem32driverssplitter.sys
2009-02-06 02:00 . 2008-08-20 01:15 5,376 —a
c:windowssystem32driversMSPCLOCK.sys
2009-02-06 02:00 . 2008-08-20 01:15 4,992 —a
c:windowssystem32driversMSPQM.sys
2009-02-06 02:00 . 2001-08-18 02:59 3,072 —a
c:windowssystem32driversaudstub.sys
2009-02-06 02:00 . 2008-08-20 01:15 2,944 —a
c:windowssystem32driversdrmkaud.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 17:25
d
w c:documents and settingsAdminApplication DatauTorrent
2009-02-14 07:24
d—h—w c:program filesInstallShield Installation Information
2009-02-13 20:03
d
w c:program filesCommon FilesInstallShield
2009-02-07 21:45
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-02-06 10:24
d
w c:program filesCommon FilesArsenal Shared
2009-02-05 19:25
d
w c:program filesAGEIA Technologies
2009-02-05 19:24
d
w c:program filesCommon FilesWise Installation Wizard
2009-02-05 19:14
d
w c:program filesEXPERTool
2009-02-05 19:04
d
w c:program filesuTorrent
2009-02-05 18:35
d
w c:program filesVuescan
2009-02-05 18:35
d
w c:program filesUltraISO
2009-02-05 18:35
d
w c:program filesEverest
2009-02-05 18:35
d
w c:program filesCommon FilesEZB Systems
2009-02-05 18:34
d
w c:program filesCommon FilesMacromedia
2009-02-05 18:34
d
w c:program filesArsenal Company
2009-02-05 18:33
d
w c:program filesMacromedia
2009-02-05 18:20
d
w c:program filesMicrosoft.NET
2009-02-05 18:20
d
w c:program filesMicrosoft Works
2009-02-05 18:18
d
w c:program filesWinDjView
2009-02-05 18:18
d
w c:program filesSolid Converter PDF
2009-02-05 18:18
d
w c:program filesPunto Switcher
2009-02-05 18:18
d
w c:program filesFoxit Reader
2009-02-05 18:11 717,296 —-a-w c:windowssystem32driverssptd.sys
2009-02-05 18:11
d
w c:program filesVistaDriveIcon
2009-02-05 18:11
d
w c:program filesPaint.NET
2009-02-05 18:11
d
w c:program filesJava
2009-02-05 18:10
d
w c:program filesCommon FilesJava
2009-02-05 18:03
d
w c:program filesWindows Media Connect 2
.
Sigcheck
2008-08-19 21:23 579072 23b7d3f3f5ec8feea75ec381c71cbd5e c:windowssystem32user32.dll2008-08-19 21:20 361600 6a104ba98d99d53ab0c91825ce659fc6 c:windowssystem32driverstcpip.sys
2008-08-19 21:22 1721344 62ea07edf5e3f3ff34eff9bf7619bc64 c:windowsexplorer.exe
2008-08-19 21:21 30208 b8b35f99dadaa5459fba639f20045fe2 c:windowssystem32ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-09_ 5.28.49,67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-07-08 23:26:38 11,392 —-a-w c:windowsDriver Cachei386bdasup.sys
+ 2004-07-08 23:26:38 16,384 —-a-w c:windowsDriver Cachei386ccdecode.sys
+ 2002-12-11 19:14:32 130,304 —-a-w c:windowsDriver Cachei386ks.sys
+ 2002-12-11 19:14:32 4,096 —-a-w c:windowsDriver Cachei386ksuser.dll
+ 2004-07-08 23:26:38 15,104 —-a-w c:windowsDriver Cachei386mpe.sys
+ 2004-07-08 23:26:38 52,096 —-a-w c:windowsDriver Cachei386msdv.sys
+ 2002-12-11 19:14:32 7,424 —-a-w c:windowsDriver Cachei386mskssrv.sys
+ 2002-12-11 19:14:32 5,248 —-a-w c:windowsDriver Cachei386mspclock.sys
+ 2001-08-23 00:00:00 4,608 —-a-w c:windowsDriver Cachei386mspqm.sys
+ 2002-12-11 19:14:32 5,504 —-a-w c:windowsDriver Cachei386mstee.sys
+ 2004-07-08 23:26:38 16,896 —-a-w c:windowsDriver Cachei386msyuv.dll
+ 2004-07-08 23:26:38 83,968 —-a-w c:windowsDriver Cachei386nabtsfec.sys
+ 2004-07-08 23:26:38 10,112 —-a-w c:windowsDriver Cachei386ndisip.sys
+ 2002-08-28 22:41:00 31,744 —-a-w c:windowsDriver Cachei386pid.dll
+ 2004-07-08 23:26:40 354,816 —-a-w c:windowsDriver Cachei386psisdecd.dll
+ 2004-07-08 23:26:40 10,880 —-a-w c:windowsDriver Cachei386slip.sys
+ 2004-07-08 23:27:28 48,512 —-a-w c:windowsDriver Cachei386stream.sys
+ 2004-07-08 23:26:40 14,976 —-a-w c:windowsDriver Cachei386streamip.sys
+ 2002-12-11 19:14:32 4,096 —-a-w c:windowsDriver Cachei386swenum.sys
+ 2004-07-08 23:26:40 18,688 —-a-w c:windowsDriver Cachei386wstcodec.sys
+ 2009-02-09 21:16:42 25,214 —-a-r c:windowsInstaller{F9000000-0001-0000-0000-074957833700}ARPPRODUCTICON.exe
+ 2009-02-09 21:16:43 25,214 —-a-r c:windowsInstaller{F9000000-0001-0000-0000-074957833700}ICON_FineReader.exe
+ 2009-02-09 21:16:43 25,214 —-a-r c:windowsInstaller{F9000000-0001-0000-0000-074957833700}ICON_ScreenshotReader.exe
+ 2002-12-11 19:14:32 64,512 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}amstream.dll
+ 2004-07-08 23:27:28 1,201,152 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}d3d8.dll
+ 2002-12-11 19:14:32 8,192 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}d3d8thk.dll
+ 2003-05-30 04:00:02 797,184 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}d3dim700.dll
+ 2004-07-08 23:27:28 292,864 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}ddraw.dll
+ 2002-12-11 19:14:32 24,064 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}ddrawex.dll
+ 2003-05-30 04:00:02 132,608 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}devenum.dll
+ 2002-12-11 19:14:32 27,136 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dmband.dll
+ 2002-12-11 19:14:32 58,368 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dmcompos.dll
+ 2004-07-08 23:27:28 181,248 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dmime.dll
+ 2002-12-11 19:14:32 33,280 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dmloader.dll
+ 2002-12-11 19:14:32 76,800 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dmscript.dll
+ 2002-12-11 19:14:32 98,816 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dmstyle.dll
+ 2002-12-11 19:14:32 100,864 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dmsynth.dll
+ 2004-07-08 23:27:28 122,880 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dmusic.dll
+ 2002-12-11 19:14:32 28,160 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dplaysvr.exe
+ 2004-07-08 23:27:28 230,400 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dplayx.dll
+ 2002-12-11 19:14:32 77,824 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpmodemx.dll
+ 2002-12-11 19:14:32 3,072 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpnaddr.dll
+ 2002-12-11 19:14:32 723,968 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpnet.dll
+ 2003-03-24 04:00:02 32,768 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpnhpast.dll
+ 2003-03-24 04:00:02 68,096 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpnhupnp.dll
+ 2002-12-11 19:14:32 3,072 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpnlobby.dll
+ 2002-12-11 19:14:32 16,896 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpnsvr.exe
+ 2002-12-11 19:14:32 19,968 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpvacm.dll
+ 2002-12-11 19:14:32 381,952 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpvoice.dll
+ 2002-12-11 19:14:32 80,896 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpvsetup.exe
+ 2002-12-11 19:14:32 112,128 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpvvox.dll
+ 2004-07-08 23:27:28 79,360 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dpwsockx.dll
+ 2002-12-11 19:14:32 186,880 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dsdmo.dll
+ 2002-12-11 19:14:32 491,520 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dsdmoprp.dll
+ 2004-07-08 23:27:28 381,952 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dsound.dll
+ 2002-12-11 19:14:32 1,294,336 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dsound3d.dll
+ 2002-12-11 19:14:32 18,432 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dswave.dll
+ 2002-12-11 19:14:32 602,624 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dx7vb.dll
+ 2003-05-30 04:00:02 1,189,888 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dx8vb.dll
+ 2004-07-08 23:27:28 974,848 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dxdiag.exe
+ 2002-12-11 19:14:32 46,592 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}dxdllreg.exe
+ 2002-12-11 19:14:32 18,944 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}encapi.dll
+ 2002-12-11 19:14:32 130,304 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}ks.sys
+ 2002-12-11 19:14:32 4,096 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}ksuser.dll
+ 2002-12-11 19:14:32 34,304 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}mciqtz32.dll
+ 2002-12-11 19:14:32 13,312 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}msdmo.dll
+ 2002-12-11 19:14:32 7,424 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}mskssrv.sys
+ 2002-12-11 19:14:32 5,248 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}mspclock.sys
+ 2001-08-23 00:00:00 4,608 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}mspqm.sys
+ 2002-12-11 19:14:32 5,504 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}mstee.sys
+ 2002-12-11 19:14:32 324,096 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}mswebdvd.dll
+ 2002-12-11 19:14:32 173,056 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}qasf.dll
+ 2002-12-11 19:14:32 257,024 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}qcap.dll
+ 2004-07-08 23:27:28 316,928 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}qdv.dll
+ 2004-07-08 23:27:28 470,528 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}qdvd.dll
+ 2002-12-11 19:14:32 1,798,144 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}qedit.dll
+ 2002-12-11 19:14:32 733,184 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}qedwipes.dll
+ 2003-05-30 04:00:02 1,962,496 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}quartz.dll
+ 2004-07-08 23:27:28 48,512 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}stream.sys
+ 2002-12-11 19:14:32 4,096 —-a-w c:windowsRegisteredPackages{44BBA855-CC51-11CF-AAFA-00AA00B6015C}swenum.sys
+ 2004-07-08 23:26:38 11,392 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}bdasup.sys
+ 2004-07-08 23:26:38 16,384 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}ccdecode.sys
+ 2004-07-08 23:26:38 15,104 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}mpe.sys
+ 2004-07-08 23:26:38 1,230,336 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}msvidctl.dll
+ 2004-07-08 23:26:38 16,896 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}msyuv.dll
+ 2004-07-08 23:26:38 83,968 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}nabtsfec.sys
+ 2004-07-08 23:26:38 10,112 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}ndisip.sys
+ 2004-07-08 23:26:40 354,816 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}psisdecd.dll
+ 2004-07-08 23:26:40 10,880 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}slip.sys
+ 2004-07-08 23:26:40 14,976 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}streamip.sys
+ 2004-07-08 23:26:40 18,688 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}wstcodec.sys
+ 2004-07-08 23:26:40 47,104 —-a-w c:windowsRegisteredPackages{AA936DF4-2B08-4B1F-B071-72192E287704}wstdecod.dll
+ 2004-07-08 23:26:38 11,392 -c—a-w c:windowssystem32dllcachebdasup.sys
+ 2004-07-08 23:26:38 16,384 -c—a-w c:windowssystem32dllcacheccdecode.sys
+ 2002-12-11 19:14:32 381,952 -c—a-w c:windowssystem32dllcachedpvoice.dll
+ 2001-08-23 00:00:00 223,232 -c—a-w c:windowssystem32dllcachegcdef.dll
+ 2004-07-08 23:26:38 15,104 -c—a-w c:windowssystem32dllcachempe.sys
+ 2004-07-08 23:26:38 52,096 -c—a-w c:windowssystem32dllcachemsdv.sys
+ 2002-12-11 19:14:32 5,504 -c—a-w c:windowssystem32dllcachemstee.sys
+ 2004-07-08 23:26:38 83,968 -c—a-w c:windowssystem32dllcachenabtsfec.sys
+ 2004-07-08 23:26:38 10,112 -c—a-w c:windowssystem32dllcachendisip.sys
+ 2002-08-28 22:41:00 31,744 -c—a-w c:windowssystem32dllcachepid.dll
+ 2004-07-08 23:26:40 354,816 -c—a-w c:windowssystem32dllcachepsisdecd.dll
+ 2003-05-30 04:00:02 1,962,496 -c—a-w c:windowssystem32dllcachequartz.dll
+ 2004-07-08 23:26:40 10,880 -c—a-w c:windowssystem32dllcacheslip.sys
+ 2004-07-08 23:26:40 14,976 -c—a-w c:windowssystem32dllcachestreamip.sys
+ 2004-07-08 23:26:40 18,688 -c—a-w c:windowssystem32dllcachewstcodec.sys
+ 2004-07-08 23:26:38 11,392 —-a-w c:windowssystem32driversbdasup.sys
+ 2004-07-08 23:26:38 16,384 —-a-w c:windowssystem32driversccdecode.sys
+ 2004-07-08 23:26:38 15,104 —-a-w c:windowssystem32driversmpe.sys
+ 2004-07-08 23:26:38 52,096 —-a-w c:windowssystem32driversmsdv.sys
+ 2002-12-11 19:14:32 5,504 —-a-w c:windowssystem32driversmstee.sys
+ 2004-07-08 23:26:38 83,968 —-a-w c:windowssystem32driversnabtsfec.sys
+ 2004-07-08 23:26:38 10,112 —-a-w c:windowssystem32driversndisip.sys
+ 2004-07-08 23:26:40 10,880 —-a-w c:windowssystem32driversslip.sys
+ 2004-07-08 23:26:40 14,976 —-a-w c:windowssystem32driversstreamip.sys
+ 2004-07-08 23:26:40 18,688 —-a-w c:windowssystem32driverswstcodec.sys
+ 2002-12-11 19:14:32 46,592 —-a-w c:windowssystem32dxdllreg.exe
— 2009-02-08 08:43:53 157,952 —-a-w c:windowssystem32FNTCACHE.DAT
+ 2009-02-14 06:13:34 158,752 —-a-w c:windowssystem32FNTCACHE.DAT
+ 2008-10-05 03:24:02 3,695,008 —-a-w c:windowssystem32MacromedFlashNPSWF32.dll
+ 2008-10-05 03:24:04 235,936 —-a-w c:windowssystem32MacromedFlashNPSWF32_FlashUtil.exe
+ 2009-02-09 17:38:49 84,661 —-a-w c:windowssystem32MacromedFlashuninstall_plugin.exe
— 2002-01-05 01:40:20 487,424 —-a-w c:windowssystem32MSVCP70.DLL
+ 2005-09-14 05:00:00 487,424 —-a-w c:windowssystem32MSVCP70.DLL
+ 2004-07-08 23:26:40 354,816 —-a-w c:windowssystem32psisdecd.dll
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{95289393-33EA-4F8D-B952-483415B9C955}»= «c:documents and settingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll» [2009-01-20 131072][HKEY_CLASSES_ROOTclsid{95289393-33ea-4f8d-b952-483415b9c955}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO.1]
[HKEY_CLASSES_ROOTTypeLib{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO][HKEY_LOCAL_MACHINE~Browser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
2009-01-20 13:09 131072 —a
c:documents and settingsAdminApplication DataMicrosoftInternet Explorerqipsearchbar.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-08-19 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2008-05-30 722112]
«GAINWARD»=»c:program filesEXPERToolTBPanel.exe» [2008-07-10 2177576]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesAheadLibNMBgMonitor.exe» [2006-07-31 139264]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2009-01-26 2144088]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2007-04-04 165784][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-11-12 13672448]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-11-12 86016]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2009-02-06 5600952]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-02-06 1443072]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2006-01-12 155648]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-17 c:windowsSOUNDMAN.EXE]
«nwiz»=»nwiz.exe» [2008-11-12 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-08-19 30208]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2008-01-02 132096][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-10-17 c:windowssystem32advpack.dll]
«IE7_012″=»advpack.dll» [2008-10-17 c:windowssystem32advpack.dll][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«UpdatesOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Opera\opera.exe»=R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-02-06 34312]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:program filesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2007-12-06 660768]
R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-02-06 472320]
R2 FinePrint Диспетчер v6;FinePrint Диспетчер v6;c:windowssystem32spooldriversw32x863fpdisp6.exe [2009-02-05 557056]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:windowssystem32TUProgSt.exe [2009-02-08 603904]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{80d279ca-faa2-11dd-945f-000461aebaa7}]
ShellAutoRuncommand — H:u.bat
ShellexploreCommand — H:u.bat
ShellopenCommand — H:u.bat
.
Contents of the ‘Scheduled Tasks’ folder2009-02-14 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2009OneClickStarter.exe [2008-11-20 16:28]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.daemon-search.com/default
IE: &Перевести — c:program filesArsenal CompanySOCRAT InternetHTMLWSocrat.js
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~1Office12EXCEL.EXE/3000
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} — {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} — c:program filesArsenal CompanySOCRAT InternetSocratInternet.dll
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} — {A3400175-12F9-4220-83BF-A7210CA4003E} — c:program filesArsenal CompanySOCRAT InternetSocratInternet.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 22:27:43
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(672)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll— — — — — — — > ‘lsass.exe'(732)
c:windowssystem32SETUPAPI.dll
.
Completion time: 2009-02-14 22:29:01
ComboFix-quarantined-files.txt 2009-02-14 17:28:54
ComboFix2.txt 2009-02-12 23:49:29
ComboFix3.txt 2009-02-09 01:35:04
ComboFix4.txt 2009-02-09 00:45:36
ComboFix5.txt 2009-02-14 17:25:41Pre-Run: 2 217 639 936 байт свободно
Post-Run: 2,209,415,168 байт свободно412 — E O F — 2009-02-07 21:45:54
Лог выглядит нормально, но есть одно НО.
Судя по логу вы вставляли в компьютер заражённую флешку (диск H).
Необходимо её почистить.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
Registry::
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{80d279ca-faa2-11dd-945f-000461aebaa7}]
File::
H:u.batЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
- Для ответа в этой теме необходимо авторизоваться.
