- This topic has 29 ответов, 2 участника, and was last updated 15 years, 5 months назад by
.
-
Сообщения
-
Следующий лог:
ComboFix 10-02-27.04 — 1 01.03.2010 23:46:59.3.1 — x86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.7.1049.18.1023.665 [GMT 3:00]
Running from: c:documents and settings1Рабочий столComboFix.exe
Command switches used :: c:documents and settings1Рабочий столCFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
..
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Service_ewituirec
Service_kwbxlacv((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.2010-03-01 16:50 . 2010-03-01 16:51
dc-h—w- c:windowsie8
2010-02-28 13:16 . 2010-02-28 13:16
d
w- c:documents and settings1Application DataBinarySense
2010-02-28 13:16 . 2010-02-28 13:18
d
w- c:program filesCommon FilesBinarySense
2010-02-27 06:38 . 2010-02-27 06:38
d
w- c:documents and settings1Application DataMalwarebytes
2010-02-27 06:38 . 2010-01-07 13:07 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-02-27 06:38 . 2010-02-27 06:38
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-02-27 06:38 . 2010-02-27 06:38
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-02-27 06:38 . 2010-01-07 13:07 19160 —-a-w- c:windowssystem32driversmbam.sys
2010-02-22 20:10 . 2010-02-27 08:11
d
w- c:program filestrend micro
2010-02-22 20:10 . 2010-02-22 20:11
d
w- C:rsit
2010-02-21 09:20 . 2004-08-18 12:00 14336 -c—a-w- c:windowssystem32dllcachesvchost.exe
2010-02-21 09:20 . 2004-08-18 12:00 14336
w- c:windowssystem32svchost.exe
2010-02-21 08:28 . 2010-02-21 08:28
d
w- c:documents and settingsAll UsersApplication DataAlwil Software
2010-02-20 18:38 . 2010-02-11 18:42 46672 —-a-w- c:windowssystem32driversaswTdi.sys
2010-02-20 18:38 . 2010-02-11 18:39 23376 —-a-w- c:windowssystem32driversaswRdr.sys
2010-02-20 18:38 . 2010-02-11 18:38 28880 —-a-w- c:windowssystem32driversaavmker4.sys
2010-02-20 18:38 . 2010-02-11 18:53 38848 —-a-w- c:windowssystem32avastSS.scr
2010-02-20 18:38 . 2010-02-11 18:42 162512 —-a-w- c:windowssystem32driversaswSP.sys
2010-02-20 18:38 . 2010-02-11 18:38 100432 —-a-w- c:windowssystem32driversaswmon2.sys
2010-02-20 18:38 . 2010-02-11 18:38 94800 —-a-w- c:windowssystem32driversaswmon.sys
2010-02-20 18:38 . 2010-02-11 18:38 19024 —-a-w- c:windowssystem32driversaswFsBlk.sys
2010-02-20 18:38 . 2010-02-11 18:53 153184 —-a-w- c:windowssystem32aswBoot.exe
2010-02-19 15:54 . 2010-02-19 15:54
d
w- c:program filesSTDU Viewer
2010-02-19 15:54 . 2010-02-19 15:54
d
w- c:program filesCommon FilesSTDUtility
2010-02-12 14:03 . 2010-03-01 14:32
d
w- c:program filesCMS
2010-02-07 10:58 . 2010-02-07 10:58
d
w- c:documents and settings1Local SettingsApplication DataSymantec
2010-02-07 10:54 . 2010-02-20 18:30
d
w- c:program filesCommon FilesSymantec Shared.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 20:50 . 2006-02-19 23:51 89936 —-a-w- c:windowssystem32perfc019.dat
2010-03-01 20:50 . 2006-02-19 23:51 476888 —-a-w- c:windowssystem32perfh019.dat
2010-03-01 20:45 . 2007-08-27 19:38
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-03-01 20:35 . 2008-11-05 21:55
d
w- c:documents and settings1Application DatauTorrent
2010-02-28 13:19 . 2007-09-06 12:17
d
w- c:program filesHL-Server
2010-02-21 08:37 . 2008-02-03 13:56
d
w- c:program filesAlwil Software
2010-02-20 18:32 . 2009-08-30 19:37
d
w- c:documents and settingsAll UsersApplication DataSymantec
2010-02-07 10:26 . 2008-01-28 15:58
d
w- c:program filesDrWeb
2010-01-16 21:31 . 2008-07-25 18:31
d
w- c:program filesYandex
2010-01-16 18:10 . 2009-02-11 05:42
d
w- c:program filesuTorrent
2009-06-24 10:38 . 2007-06-11 07:54 41788 -c—a-w- c:program filesUninstall.exe
2008-05-21 09:33 . 2008-05-21 09:33 1890 —sha-w- c:windowssystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((( SnapShot@2010-02-27_21.10.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-20 07:09 . 2009-01-07 15:21 26144 c:windowssystem32spupdsvc.exe
— 2006-02-20 07:09 . 2009-01-07 14:21 26144 c:windowssystem32spupdsvc.exe
— 2008-02-04 17:12 . 2009-01-07 14:21 17440 c:windowssystem32spmsg.dll
+ 2008-02-04 17:12 . 2009-01-07 15:21 17440 c:windowssystem32spmsg.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 46592 c:windowssystem32pngfilt.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 46592 c:windowssystem32pngfilt.dll
+ 2006-02-19 23:51 . 2010-03-01 20:50 67138 c:windowssystem32perfc009.dat
— 2006-02-19 23:51 . 2010-02-27 20:14 67138 c:windowssystem32perfc009.dat
+ 2006-06-29 05:05 . 2009-01-07 15:20 23552 c:windowssystem32normaliz.dll
— 2006-06-29 05:05 . 2009-01-07 14:20 23552 c:windowssystem32normaliz.dll
— 2006-06-28 14:59 . 2009-01-07 14:20 24576 c:windowssystem32nlsdl.dll
+ 2006-06-28 14:59 . 2009-01-07 15:20 24576 c:windowssystem32nlsdl.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 48128 c:windowssystem32mshtmler.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 48128 c:windowssystem32mshtmler.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 66560 c:windowssystem32mshtmled.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 66560 c:windowssystem32mshtmled.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 45568 c:windowssystem32mshta.exe
+ 2006-02-19 23:51 . 2009-03-08 01:31 45568 c:windowssystem32mshta.exe
+ 2007-08-13 15:36 . 2009-03-08 01:31 13312 c:windowssystem32msfeedssync.exe
— 2007-08-13 15:36 . 2009-03-08 00:31 13312 c:windowssystem32msfeedssync.exe
— 2007-08-13 15:54 . 2009-03-08 00:31 55296 c:windowssystem32msfeedsbs.dll
+ 2007-08-13 15:54 . 2009-03-08 01:31 55296 c:windowssystem32msfeedsbs.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 43008 c:windowssystem32licmgr10.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 43008 c:windowssystem32licmgr10.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 25600 c:windowssystem32jsproxy.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 25600 c:windowssystem32jsproxy.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 94720 c:windowssystem32inseng.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 94720 c:windowssystem32inseng.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 34816 c:windowssystem32imgutil.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 34816 c:windowssystem32imgutil.dll
+ 2007-08-13 15:39 . 2009-03-08 01:32 36864 c:windowssystem32ieudinit.exe
— 2007-08-13 15:39 . 2009-03-08 00:32 36864 c:windowssystem32ieudinit.exe
— 2006-02-19 23:51 . 2009-03-08 00:32 71680 c:windowssystem32iesetup.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 71680 c:windowssystem32iesetup.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 55808 c:windowssystem32iernonce.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 55808 c:windowssystem32iernonce.dll
+ 2006-06-29 05:05 . 2009-01-07 15:20 26112 c:windowssystem32idndl.dll
— 2006-06-29 05:05 . 2009-01-07 14:20 26112 c:windowssystem32idndl.dll
— 2007-08-13 15:36 . 2009-03-08 00:31 59904 c:windowssystem32icardie.dll
+ 2007-08-13 15:36 . 2009-03-08 01:31 59904 c:windowssystem32icardie.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 46592 c:windowssystem32dllcachepngfilt.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 46592 c:windowssystem32dllcachepngfilt.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 48128 c:windowssystem32dllcachemshtmler.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 48128 c:windowssystem32dllcachemshtmler.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 66560 c:windowssystem32dllcachemshtmled.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 66560 c:windowssystem32dllcachemshtmled.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 45568 c:windowssystem32dllcachemshta.exe
+ 2006-02-19 23:51 . 2009-03-08 01:31 45568 c:windowssystem32dllcachemshta.exe
— 2007-12-22 16:27 . 2009-03-08 00:31 55296 c:windowssystem32dllcachemsfeedsbs.dll
+ 2007-12-22 16:27 . 2009-03-08 01:31 55296 c:windowssystem32dllcachemsfeedsbs.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 43008 c:windowssystem32dllcachelicmgr10.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 43008 c:windowssystem32dllcachelicmgr10.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 25600 c:windowssystem32dllcachejsproxy.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 25600 c:windowssystem32dllcachejsproxy.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 94720 c:windowssystem32dllcacheinseng.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 94720 c:windowssystem32dllcacheinseng.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 34816 c:windowssystem32dllcacheimgutil.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 34816 c:windowssystem32dllcacheimgutil.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 71680 c:windowssystem32dllcacheiesetup.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 71680 c:windowssystem32dllcacheiesetup.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 55808 c:windowssystem32dllcacheiernonce.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 55808 c:windowssystem32dllcacheiernonce.dll
+ 2007-12-22 16:27 . 2009-03-08 01:31 59904 c:windowssystem32dllcacheicardie.dll
— 2007-12-22 16:27 . 2009-03-08 00:31 59904 c:windowssystem32dllcacheicardie.dll
— 2006-02-20 06:53 . 2009-03-08 00:24 68608 c:windowssystem32dllcachehmmapi.dll
+ 2006-02-20 06:53 . 2009-03-08 01:24 68608 c:windowssystem32dllcachehmmapi.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 18944 c:windowssystem32dllcachecorpol.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 18944 c:windowssystem32dllcachecorpol.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 72704 c:windowssystem32dllcacheadmparse.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 72704 c:windowssystem32dllcacheadmparse.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 18944 c:windowssystem32corpol.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 18944 c:windowssystem32corpol.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 72704 c:windowssystem32admparse.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 72704 c:windowssystem32admparse.dll
+ 2010-02-28 13:16 . 2010-02-28 13:16 10134 c:windowsInstaller{306873F4-4417-441E-9620-4B0CB4ED7430}HDDlifeIcon2k.exe
— 2009-06-04 17:54 . 2009-03-08 16:34 58464 c:windowsie8spuninstiecustom.dll
+ 2010-03-01 16:50 . 2009-03-08 17:34 58464 c:windowsie8spuninstiecustom.dll
— 2009-06-04 17:53 . 2007-08-13 15:36 44544 c:windowsie8pngfilt.dll
+ 2010-03-01 16:50 . 2007-08-13 15:36 44544 c:windowsie8pngfilt.dll
— 2009-06-04 17:53 . 2007-08-13 15:01 48128 c:windowsie8mshtmler.dll
+ 2010-03-01 16:50 . 2007-08-13 15:01 48128 c:windowsie8mshtmler.dll
— 2009-06-04 17:53 . 2007-08-13 15:32 45568 c:windowsie8mshta.exe
+ 2010-03-01 16:50 . 2007-08-13 15:32 45568 c:windowsie8mshta.exe
+ 2010-03-01 16:50 . 2007-08-13 15:36 12288 c:windowsie8msfeedssync.exe
— 2009-06-04 17:53 . 2007-08-13 15:36 12288 c:windowsie8msfeedssync.exe
+ 2010-03-01 16:50 . 2007-10-10 23:53 52224 c:windowsie8msfeedsbs.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 52224 c:windowsie8msfeedsbs.dll
+ 2010-03-01 16:50 . 2007-08-13 15:44 40960 c:windowsie8licmgr10.dll
— 2009-06-04 17:53 . 2007-08-13 15:44 40960 c:windowsie8licmgr10.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 27648 c:windowsie8jsproxy.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 27648 c:windowsie8jsproxy.dll
+ 2010-03-01 16:50 . 2007-08-13 15:39 92672 c:windowsie8inseng.dll
— 2009-06-04 17:53 . 2007-08-13 15:39 92672 c:windowsie8inseng.dll
+ 2010-03-01 16:50 . 2007-08-13 15:36 36352 c:windowsie8imgutil.dll
— 2009-06-04 17:53 . 2007-08-13 15:36 36352 c:windowsie8imgutil.dll
— 2009-06-04 17:53 . 2007-08-13 15:39 55296 c:windowsie8iesetup.dll
+ 2010-03-01 16:50 . 2007-08-13 15:39 55296 c:windowsie8iesetup.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 44544 c:windowsie8iernonce.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 44544 c:windowsie8iernonce.dll
— 2009-06-04 17:53 . 2007-08-13 15:45 78336 c:windowsie8ieencode.dll
+ 2010-03-01 16:50 . 2007-08-13 15:45 78336 c:windowsie8ieencode.dll
+ 2010-03-01 16:50 . 2007-10-10 11:03 70656 c:windowsie8ie4uinit.exe
— 2009-06-04 17:53 . 2007-10-10 11:03 70656 c:windowsie8ie4uinit.exe
+ 2010-03-01 16:50 . 2007-10-10 23:53 63488 c:windowsie8icardie.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 63488 c:windowsie8icardie.dll
+ 2010-03-01 16:50 . 2007-08-13 15:18 60416 c:windowsie8hmmapi.dll
— 2009-06-04 17:53 . 2007-08-13 15:18 60416 c:windowsie8hmmapi.dll
— 2009-06-04 17:53 . 2007-08-13 15:42 17408 c:windowsie8corpol.dll
+ 2010-03-01 16:50 . 2007-08-13 15:42 17408 c:windowsie8corpol.dll
— 2009-06-04 17:53 . 2007-08-13 15:39 71680 c:windowsie8admparse.dll
+ 2010-03-01 16:50 . 2007-08-13 15:39 71680 c:windowsie8admparse.dll
— 2007-12-22 13:04 . 2009-01-07 14:21 121856 c:windowssystem32xmllite.dll
+ 2007-12-22 13:04 . 2009-01-07 15:21 121856 c:windowssystem32xmllite.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 914944 c:windowssystem32wininet.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 914944 c:windowssystem32wininet.dll
— 2007-08-13 15:45 . 2009-03-08 00:34 208384 c:windowssystem32WinFXDocObj.exe
+ 2007-08-13 15:45 . 2009-03-08 01:34 208384 c:windowssystem32WinFXDocObj.exe
— 2006-02-19 23:51 . 2009-03-08 00:34 236544 c:windowssystem32webcheck.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 236544 c:windowssystem32webcheck.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 420352 c:windowssystem32vbscript.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 420352 c:windowssystem32vbscript.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 105984 c:windowssystem32url.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 105984 c:windowssystem32url.dll
+ 2006-02-19 23:51 . 2010-03-01 20:50 410190 c:windowssystem32perfh009.dat
— 2006-02-19 23:51 . 2010-02-27 20:14 410190 c:windowssystem32perfh009.dat
+ 2006-02-19 23:51 . 2009-03-08 01:34 109568 c:windowssystem32occache.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 109568 c:windowssystem32occache.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 611840 c:windowssystem32mstime.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 611840 c:windowssystem32mstime.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 193536 c:windowssystem32msrating.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 193536 c:windowssystem32msrating.dll
— 2006-02-19 23:51 . 2009-03-08 00:22 156160 c:windowssystem32msls31.dll
+ 2006-02-19 23:51 . 2009-03-08 01:22 156160 c:windowssystem32msls31.dll
+ 2007-08-13 15:54 . 2009-03-08 01:32 594432 c:windowssystem32msfeeds.dll
— 2007-08-13 15:54 . 2009-03-08 00:32 594432 c:windowssystem32msfeeds.dll
+ 2009-01-07 14:20 . 2009-01-07 15:20 265720 c:windowssystem32msdbg2.dll
— 2009-01-07 14:20 . 2009-01-07 14:20 265720 c:windowssystem32msdbg2.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 726528 c:windowssystem32jscript.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 726528 c:windowssystem32jscript.dll
+ 2007-08-13 15:54 . 2009-03-08 01:22 164352 c:windowssystem32ieui.dll
— 2007-08-13 15:54 . 2009-03-08 00:22 164352 c:windowssystem32ieui.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 183808 c:windowssystem32iepeers.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 183808 c:windowssystem32iepeers.dll
+ 2006-02-19 23:51 . 2009-03-08 11:09 391536 c:windowssystem32iedkcs32.dll
— 2006-02-19 23:51 . 2009-03-08 10:09 391536 c:windowssystem32iedkcs32.dll
+ 2007-07-11 09:27 . 2009-03-08 01:11 445952 c:windowssystem32ieapfltr.dll
— 2007-07-11 09:27 . 2009-03-08 00:11 445952 c:windowssystem32ieapfltr.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 163840 c:windowssystem32ieakui.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 163840 c:windowssystem32ieakui.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 229376 c:windowssystem32ieaksie.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 229376 c:windowssystem32ieaksie.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 125952 c:windowssystem32ieakeng.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 125952 c:windowssystem32ieakeng.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 173056 c:windowssystem32ie4uinit.exe
+ 2006-02-19 23:51 . 2009-03-08 01:32 173056 c:windowssystem32ie4uinit.exe
— 2006-02-19 23:51 . 2009-03-08 00:31 216064 c:windowssystem32dxtrans.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 216064 c:windowssystem32dxtrans.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 348160 c:windowssystem32dxtmsft.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 348160 c:windowssystem32dxtmsft.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 914944 c:windowssystem32dllcachewininet.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 914944 c:windowssystem32dllcachewininet.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 236544 c:windowssystem32dllcachewebcheck.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 236544 c:windowssystem32dllcachewebcheck.dll
— 2006-02-20 06:53 . 2009-03-08 00:33 759296 c:windowssystem32dllcacheVGX.dll
+ 2006-02-20 06:53 . 2009-03-08 01:33 759296 c:windowssystem32dllcacheVGX.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 420352 c:windowssystem32dllcachevbscript.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 420352 c:windowssystem32dllcachevbscript.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 105984 c:windowssystem32dllcacheurl.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 105984 c:windowssystem32dllcacheurl.dll
+ 2009-01-07 15:20 . 2009-01-07 15:20 134144 c:windowssystem32dllcachesqmapi.dll
— 2009-01-07 14:20 . 2009-01-07 14:20 134144 c:windowssystem32dllcachesqmapi.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 109568 c:windowssystem32dllcacheoccache.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 109568 c:windowssystem32dllcacheoccache.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 611840 c:windowssystem32dllcachemstime.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 611840 c:windowssystem32dllcachemstime.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 193536 c:windowssystem32dllcachemsrating.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 193536 c:windowssystem32dllcachemsrating.dll
+ 2006-02-19 23:51 . 2009-03-08 01:22 156160 c:windowssystem32dllcachemsls31.dll
— 2006-02-19 23:51 . 2009-03-08 00:22 156160 c:windowssystem32dllcachemsls31.dll
— 2007-12-22 16:27 . 2009-03-08 00:32 594432 c:windowssystem32dllcachemsfeeds.dll
+ 2007-12-22 16:27 . 2009-03-08 01:32 594432 c:windowssystem32dllcachemsfeeds.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 726528 c:windowssystem32dllcachejscript.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 726528 c:windowssystem32dllcachejscript.dll
— 2006-02-20 06:53 . 2009-03-08 10:09 638816 c:windowssystem32dllcacheiexplore.exe
+ 2006-02-20 06:53 . 2009-03-08 11:09 638816 c:windowssystem32dllcacheiexplore.exe
+ 2006-02-19 23:51 . 2009-03-08 01:31 183808 c:windowssystem32dllcacheiepeers.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 183808 c:windowssystem32dllcacheiepeers.dll
+ 2006-02-19 23:51 . 2009-03-08 11:09 391536 c:windowssystem32dllcacheiedkcs32.dll
— 2006-02-19 23:51 . 2009-03-08 10:09 391536 c:windowssystem32dllcacheiedkcs32.dll
— 2007-12-22 16:27 . 2009-03-08 00:11 445952 c:windowssystem32dllcacheieapfltr.dll
+ 2007-12-22 16:27 . 2009-03-08 01:11 445952 c:windowssystem32dllcacheieapfltr.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 163840 c:windowssystem32dllcacheieakui.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 163840 c:windowssystem32dllcacheieakui.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 229376 c:windowssystem32dllcacheieaksie.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 229376 c:windowssystem32dllcacheieaksie.dll
— 2006-02-19 23:51 . 2009-03-08 00:33 125952 c:windowssystem32dllcacheieakeng.dll
+ 2006-02-19 23:51 . 2009-03-08 01:33 125952 c:windowssystem32dllcacheieakeng.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 173056 c:windowssystem32dllcacheie4uinit.exe
+ 2006-02-19 23:51 . 2009-03-08 01:32 173056 c:windowssystem32dllcacheie4uinit.exe
— 2006-02-19 23:51 . 2009-03-08 00:31 216064 c:windowssystem32dllcachedxtrans.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 216064 c:windowssystem32dllcachedxtrans.dll
— 2006-02-19 23:51 . 2009-03-08 00:31 348160 c:windowssystem32dllcachedxtmsft.dll
+ 2006-02-19 23:51 . 2009-03-08 01:31 348160 c:windowssystem32dllcachedxtmsft.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 128512 c:windowssystem32dllcacheadvpack.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 128512 c:windowssystem32dllcacheadvpack.dll
— 2006-02-19 23:51 . 2009-03-08 00:32 128512 c:windowssystem32advpack.dll
+ 2006-02-19 23:51 . 2009-03-08 01:32 128512 c:windowssystem32advpack.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 824832 c:windowsie8wininet.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 824832 c:windowsie8wininet.dll
— 2009-06-04 17:53 . 2007-08-13 15:45 206336 c:windowsie8winfxdocobj.exe
+ 2010-03-01 16:50 . 2007-08-13 15:45 206336 c:windowsie8winfxdocobj.exe
— 2009-06-04 17:53 . 2007-10-10 23:53 232960 c:windowsie8webcheck.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 232960 c:windowsie8webcheck.dll
— 2009-06-04 17:53 . 2007-07-12 23:32 765952 c:windowsie8vgx.dll
+ 2010-03-01 16:50 . 2007-07-12 23:32 765952 c:windowsie8vgx.dll
— 2009-06-04 17:53 . 2007-08-13 15:54 413696 c:windowsie8vbscript.dll
+ 2010-03-01 16:50 . 2007-08-13 15:54 413696 c:windowsie8vbscript.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 105984 c:windowsie8url.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 105984 c:windowsie8url.dll
— 2009-06-04 17:54 . 2009-01-07 14:21 390688 c:windowsie8spuninstupdspapi.dll
+ 2010-03-01 16:50 . 2009-01-07 15:21 390688 c:windowsie8spuninstupdspapi.dll
+ 2010-03-01 16:50 . 2009-01-07 15:21 232992 c:windowsie8spuninstspuninst.exe
— 2009-06-04 17:54 . 2009-01-07 14:21 232992 c:windowsie8spuninstspuninst.exe
— 2009-06-04 17:53 . 2006-09-06 14:43 214752 c:windowsie8spuninst.exe
+ 2010-03-01 16:50 . 2006-09-06 14:43 214752 c:windowsie8spuninst.exe
— 2009-06-04 17:53 . 2007-10-10 23:53 102400 c:windowsie8occache.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 102400 c:windowsie8occache.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 671232 c:windowsie8mstime.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 671232 c:windowsie8mstime.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 193024 c:windowsie8msrating.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 193024 c:windowsie8msrating.dll
— 2009-06-04 17:53 . 2007-08-13 15:54 156160 c:windowsie8msls31.dll
+ 2010-03-01 16:50 . 2007-08-13 15:54 156160 c:windowsie8msls31.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 478208 c:windowsie8mshtmled.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 478208 c:windowsie8mshtmled.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 459264 c:windowsie8msfeeds.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 459264 c:windowsie8msfeeds.dll
— 2009-06-04 17:53 . 2007-08-13 15:38 491520 c:windowsie8jscript.dll
+ 2010-03-01 16:50 . 2007-08-13 15:38 491520 c:windowsie8jscript.dll
+ 2010-03-01 16:50 . 2007-10-10 11:03 625152 c:windowsie8iexplore.exe
— 2009-06-04 17:53 . 2007-10-10 11:03 625152 c:windowsie8iexplore.exe
+ 2010-03-01 16:50 . 2007-08-13 15:54 180736 c:windowsie8ieui.dll
— 2009-06-04 17:53 . 2007-08-13 15:54 180736 c:windowsie8ieui.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 267776 c:windowsie8iertutil.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 267776 c:windowsie8iertutil.dll
+ 2010-03-01 16:50 . 2007-08-13 15:54 287744 c:windowsie8ieproxy.dll
— 2009-06-04 17:53 . 2007-08-13 15:54 287744 c:windowsie8ieproxy.dll
— 2009-06-04 17:53 . 2007-08-13 15:54 191488 c:windowsie8iepeers.dll
+ 2010-03-01 16:50 . 2007-08-13 15:54 191488 c:windowsie8iepeers.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 384512 c:windowsie8iedkcs32.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 384512 c:windowsie8iedkcs32.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 383488 c:windowsie8ieapfltr.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 383488 c:windowsie8ieapfltr.dll
— 2009-06-04 17:53 . 2007-10-10 05:46 161792 c:windowsie8ieakui.dll
+ 2010-03-01 16:50 . 2007-10-10 05:46 161792 c:windowsie8ieakui.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 230400 c:windowsie8ieaksie.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 230400 c:windowsie8ieaksie.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 153088 c:windowsie8ieakeng.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 153088 c:windowsie8ieakeng.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 214528 c:windowsie8dxtrans.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 214528 c:windowsie8dxtrans.dll
— 2009-06-04 17:53 . 2007-08-13 15:35 346624 c:windowsie8dxtmsft.dll
+ 2010-03-01 16:50 . 2007-08-13 15:35 346624 c:windowsie8dxtmsft.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 124928 c:windowsie8advpack.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 124928 c:windowsie8advpack.dll
— 2006-02-19 23:51 . 2009-03-08 00:34 1206784 c:windowssystem32urlmon.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 1206784 c:windowssystem32urlmon.dll
+ 2006-02-19 23:51 . 2009-03-08 01:41 5937152 c:windowssystem32mshtml.dll
— 2006-02-19 23:51 . 2009-03-08 00:41 5937152 c:windowssystem32mshtml.dll
— 2007-08-13 15:34 . 2009-03-08 00:32 1985024 c:windowssystem32iertutil.dll
+ 2007-08-13 15:34 . 2009-03-08 01:32 1985024 c:windowssystem32iertutil.dll
+ 2007-02-12 13:10 . 2009-02-06 18:07 3698584 c:windowssystem32ieapfltr.dat
— 2007-02-12 13:10 . 2009-02-06 17:07 3698584 c:windowssystem32ieapfltr.dat
— 2006-02-19 23:51 . 2009-03-08 00:34 1206784 c:windowssystem32dllcacheurlmon.dll
+ 2006-02-19 23:51 . 2009-03-08 01:34 1206784 c:windowssystem32dllcacheurlmon.dll
+ 2006-02-19 23:51 . 2009-03-08 01:41 5937152 c:windowssystem32dllcachemshtml.dll
— 2006-02-19 23:51 . 2009-03-08 00:41 5937152 c:windowssystem32dllcachemshtml.dll
+ 2007-12-22 16:27 . 2009-03-08 01:32 1985024 c:windowssystem32dllcacheiertutil.dll
— 2007-12-22 16:27 . 2009-03-08 00:32 1985024 c:windowssystem32dllcacheiertutil.dll
+ 2007-12-22 16:27 . 2009-02-06 18:07 3698584 c:windowssystem32dllcacheieapfltr.dat
— 2007-12-22 16:27 . 2009-02-06 17:07 3698584 c:windowssystem32dllcacheieapfltr.dat
— 2009-06-04 17:53 . 2007-10-10 23:53 1159680 c:windowsie8urlmon.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 1159680 c:windowsie8urlmon.dll
+ 2010-03-01 16:50 . 2007-10-31 01:57 3590656 c:windowsie8mshtml.dll
— 2009-06-04 17:53 . 2007-10-31 01:57 3590656 c:windowsie8mshtml.dll
+ 2010-03-01 16:50 . 2007-10-10 23:53 6065664 c:windowsie8ieframe.dll
— 2009-06-04 17:53 . 2007-10-10 23:53 6065664 c:windowsie8ieframe.dll
+ 2010-03-01 16:50 . 2007-07-01 03:31 2455488 c:windowsie8ieapfltr.dat
— 2009-06-04 17:53 . 2007-07-01 03:31 2455488 c:windowsie8ieapfltr.dat
— 2007-08-13 15:54 . 2009-03-08 00:39 11063808 c:windowssystem32ieframe.dll
+ 2007-08-13 15:54 . 2009-03-08 01:39 11063808 c:windowssystem32ieframe.dll
— 2007-12-22 16:27 . 2009-03-08 00:39 11063808 c:windowssystem32dllcacheieframe.dll
+ 2007-12-22 16:27 . 2009-03-08 01:39 11063808 c:windowssystem32dllcacheieframe.dll
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-05-30 460040]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-06-06 39408]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2009-11-20 289072]
«Tutor.exe»=»c:program filesABBYY Lingvo 12Tutor.exe» [2007-07-05 992544][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Ярлык для страницы свойств High Definition Audio»=»HDAShCut.exe» [2005-01-07 61952]
«SoundMan»=»SOUNDMAN.EXE» [2005-08-01 90112]
«AlcWzrd»=»ALCWZRD.EXE» [2005-08-01 2803712]
«InstantOn»=»c:program filesCyberLinkPowerCinema Linuxion_install.exe» [2005-05-11 93640]
«Easy-PrintToolBox»=»c:program filesCanonEasy-PrintToolBoxBJPSMAIN.EXE» [2004-01-14 409600]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2008-10-25 31072]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2006-12-06 69216]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-12-05 54832]
«VisualTaskTips»=»c:program filesVisualTaskTipsVisualTaskTips.exe» [2006-07-31 36864]
«SMSERIAL»=»sm56hlpr.exe» [2005-08-01 544768]
«OrderReminder»=»c:program filesHewlett-PackardOrderReminderOrderReminder.exe» [2006-07-30 98304]
«SunJavaUpdateSched»=»c:program filesJavajre1.6.0binjusched.exe» [2008-05-21 77824]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2006-11-10 90112]
«FLSDeviceControlPanel»=»c:windowssystem32FLSDEVCP.EXE» [2008-10-03 91696]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 12Lvagent.exe» [2007-07-05 193824]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«avast5″=»c:progra~1ALWILS~1Avast5avastUI.exe» [2010-02-11 2756488][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]c:documents and settings1ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-8-27 113664]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-8-27 113664]
Ѓлбвал© § ЇгбЄ AutoCAD.lnk — c:program filesCommon FilesAutodesk Sharedacstart16.exe [2004-2-25 10872][HKLM~startupfolderC:^Documents and Settings^1^Главное меню^Программы^Автозагрузка^Mobipocket Web Companion.lnk]
path=c:documents and settings1Главное менюПрограммыАвтозагрузкаMobipocket Web Companion.lnk
backup=c:windowspssMobipocket Web Companion.lnkStartup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^ATI CATALYST System Tray.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаATI CATALYST System Tray.lnk
backup=c:windowspssATI CATALYST System Tray.lnkCommon Startup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater]
2007-04-04 11:41 970752 —-a-w- c:program filesCommon FilesAdobeUpdaterAdobeUpdater.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools]
2006-11-12 10:48 157592 —-a-w- c:program filesDAEMON Toolsdaemon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
2008-07-25 12:42 3286016 —-a-w- c:program filesDownload Masterdmaster.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
2006-11-13 13:21 1289000 —-a-w- c:program filesMicrosoft ActiveSyncwcescomm.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
2007-07-05 20:10 193824 —-a-w- c:program filesABBYY Lingvo 12LvAgent.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTaskSwitchXP]
2006-08-04 22:29 62976 —-a-w- c:program filesTaskSwitchXPTaskSwitchXP.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTutor.exe]
2007-07-05 20:15 992544 —-a-w- c:program filesABBYY Lingvo 12Tutor.exe[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Graphisoft\ArchiCAD 11\ArchiCAD.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
«6262:TCP»= 6262:TCP:ukbxiqR0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 15:46 63352]
R0 sfsync05;FrontLine Synchronization Driver (v5);c:windowssystem32driverssfsync05.sys [11.08.2006 19:09 59776]
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [20.02.2010 21:38 162512]
R1 dk2drv;DK2 WindowsNT Driver;c:windowssystem32driversdk2drv.sys [03.10.2008 12:24 49720]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [20.02.2010 21:38 19024]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:windowssystem32driversfle5wnnt.sys [03.10.2008 12:25 33404]
R2 FLSIFACE;FLSIface;c:windowssystem32driversflsiface.sys [03.10.2008 12:25 13440]
R2 FLSPAR;FLSPar;c:windowssystem32driversflspar.sys [03.10.2008 12:25 16314]
R2 FLSSER;FLSSer;c:windowssystem32driversflsser.sys [03.10.2008 12:25 8344]
R2 FLSVCOM;FLSVCom;c:windowssystem32driversflsvcom.sys [03.10.2008 12:25 34080]
R2 NVKEYNT;NVKEYNT;c:windowssystem32driversNVKEYNT.SYS [18.08.2007 19:15 68672]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [26.08.2007 18:34 646392]
S2 HDDlife HDD Access service;HDDlife HDD Access service;c:program filesCommon FilesBinarySensehldasvc.exe [16.02.2010 14:51 824640]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:windowssystem32sfrem02.exe svc —> c:windowssystem32sfrem02.exe svc [?]
S3 MBLAUDRV;Mobiola Audio Service;c:windowssystem32driversBTCamAudioDrv.sys [28.07.2008 1:35 13312]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [01.09.2008 8:51 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [01.09.2008 8:51 8320]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:windowssystem32driversSE31bus.sys [22.08.2007 20:18 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:windowssystem32driversSE31mdfl.sys [22.08.2007 20:19 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:windowssystem32driversSE31mdm.sys [22.08.2007 20:19 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:windowssystem32driversSE31mgmt.sys [22.08.2007 20:19 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:windowssystem32driversse31nd5.sys [22.08.2007 20:20 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:windowssystem32driversSE31obex.sys [22.08.2007 20:19 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:windowssystem32driversse31unic.sys [22.08.2007 20:19 90800]
.
Contents of the ‘Scheduled Tasks’ folder2010-03-01 c:windowsTasksUser_Feed_Synchronization-{30C1D3C3-2B0A-4223-8762-B7FE6CC5D4BC}.job
— c:windowssystem32msfeedssync.exe [2007-08-13 01:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
uInternet Settings,ProxyOverride =
IE: c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPRMT78PRMTIEprmtie5.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
Trusted Zone: 195.16.50.18
Trusted Zone: 85.21.242.18
Trusted Zone: mtbank.co.ru
Trusted Zone: mybank.comwww
TCP: {46D91171-DDD5-4B72-A07E-796D5069C3CD} = 217.150.34.129,217.150.35.129
TCP: {8CD7EE6C-34C8-4184-8F19-F3BF2556ADC6} = 192.168.1.1
Handler: hddlife — {BD758015-47D9-477A-8873-4B688A2BC0E2} — c:program filesCommon FilesBinarySensehlAPP.dll
DPF: {075DE2F2-4573-4056-8E93-70CABB68C5A2} — hxxp://6160.meritlilin.com.tw/v6160.cab
DPF: {2AF0C7B1-9389-11D8-869A-0020ED529CEE} — hxxp://194.85.132.130/HTTPFile.cab
DPF: {7D0FDBB3-B42D-11D2-8977-0060080BBFF8} — hxxps://www.bankline.ru/servlets/ibc?File=12570842.cab
DPF: {A90CDED7-0D8F-49CE-87B3-5D4BE4C36407} — hxxps://www.bankline.ru/servlets/ibc?File=1676743.CAB
DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} — hxxps://www.bankline.ru/servlets/ibc?File=12570838.CAB
DPF: {EE479A40-C128-40DD-93DA-000556AF9607} — hxxp://87.245.181.50:9012/CtrWeb.cab
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 23:56
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F929D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf757ffc3
DriverACPI -> ACPI.sys @ 0xf73f2cb8
Driveratapi -> 0x86de0c28
DriveriaStor -> iaStor.sys @ 0xf72bab58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578262
DeviceHarddisk0DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578262
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7165ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7172b21
SendHandler -> NDIS.sys @ 0xf715087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(784)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2010-03-02 00:00:06
ComboFix-quarantined-files.txt 2010-03-01 21:00
ComboFix2.txt 2010-02-27 21:14Pre-Run: 13 711 544 320 байт свободно
Post-Run: 13 670 993 920 байт свободно— — End Of File — — 0A8221FE1AC7945D0886D74EC401E83F
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
MBR::Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.Проверьте ещё ваш компьютер используя Kaspersky Online Scanner, для этого кликните по этой ссылке.
Результаты сканирования вставьте в ваш ответ.Так же приложите к вашему ответу скриншот папки Мой компьютер, чтоб были видны изменившиеся иконки.
новый лог,в процессе сканирования выдало сообщение «PEV.ctxx-ошибка приложения приложение будет закрыто».:
ComboFix 10-02-27.04 — 1 03.03.2010 9:02.4.1 — x86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.7.1049.18.1023.662 [GMT 3:00]
Running from: c:documents and settings1Рабочий столComboFix.exe
Command switches used :: c:documents and settings1Рабочий столCFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.2010-03-01 16:50 . 2010-03-01 16:51
dc-h—w- c:windowsie8
2010-02-28 13:16 . 2010-02-28 13:16
d
w- c:documents and settings1Application DataBinarySense
2010-02-28 13:16 . 2010-02-28 13:18
d
w- c:program filesCommon FilesBinarySense
2010-02-27 06:38 . 2010-02-27 06:38
d
w- c:documents and settings1Application DataMalwarebytes
2010-02-27 06:38 . 2010-01-07 13:07 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-02-27 06:38 . 2010-02-27 06:38
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-02-27 06:38 . 2010-02-27 06:38
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-02-27 06:38 . 2010-01-07 13:07 19160 —-a-w- c:windowssystem32driversmbam.sys
2010-02-22 20:10 . 2010-02-27 08:11
d
w- c:program filestrend micro
2010-02-22 20:10 . 2010-02-22 20:11
d
w- C:rsit
2010-02-21 09:20 . 2004-08-18 12:00 14336 -c—a-w- c:windowssystem32dllcachesvchost.exe
2010-02-21 09:20 . 2004-08-18 12:00 14336
w- c:windowssystem32svchost.exe
2010-02-21 08:28 . 2010-02-21 08:28
d
w- c:documents and settingsAll UsersApplication DataAlwil Software
2010-02-20 18:38 . 2010-02-11 18:42 46672 —-a-w- c:windowssystem32driversaswTdi.sys
2010-02-20 18:38 . 2010-02-11 18:39 23376 —-a-w- c:windowssystem32driversaswRdr.sys
2010-02-20 18:38 . 2010-02-11 18:38 28880 —-a-w- c:windowssystem32driversaavmker4.sys
2010-02-20 18:38 . 2010-02-11 18:53 38848 —-a-w- c:windowssystem32avastSS.scr
2010-02-20 18:38 . 2010-02-11 18:42 162512 —-a-w- c:windowssystem32driversaswSP.sys
2010-02-20 18:38 . 2010-02-11 18:38 100432 —-a-w- c:windowssystem32driversaswmon2.sys
2010-02-20 18:38 . 2010-02-11 18:38 94800 —-a-w- c:windowssystem32driversaswmon.sys
2010-02-20 18:38 . 2010-02-11 18:38 19024 —-a-w- c:windowssystem32driversaswFsBlk.sys
2010-02-20 18:38 . 2010-02-11 18:53 153184 —-a-w- c:windowssystem32aswBoot.exe
2010-02-19 15:54 . 2010-02-19 15:54
d
w- c:program filesSTDU Viewer
2010-02-19 15:54 . 2010-02-19 15:54
d
w- c:program filesCommon FilesSTDUtility
2010-02-12 14:03 . 2010-03-02 15:20
d
w- c:program filesCMS
2010-02-07 10:58 . 2010-02-07 10:58
d
w- c:documents and settings1Local SettingsApplication DataSymantec
2010-02-07 10:54 . 2010-02-20 18:30
d
w- c:program filesCommon FilesSymantec Shared.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 06:17 . 2006-02-19 23:51 89936 —-a-w- c:windowssystem32perfc019.dat
2010-03-03 06:17 . 2006-02-19 23:51 476888 —-a-w- c:windowssystem32perfh019.dat
2010-03-03 06:15 . 2008-11-05 21:55
d
w- c:documents and settings1Application DatauTorrent
2010-03-03 06:14 . 2007-08-27 19:38
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-02-28 13:19 . 2007-09-06 12:17
d
w- c:program filesHL-Server
2010-02-21 08:37 . 2008-02-03 13:56
d
w- c:program filesAlwil Software
2010-02-20 18:32 . 2009-08-30 19:37
d
w- c:documents and settingsAll UsersApplication DataSymantec
2010-02-07 10:26 . 2008-01-28 15:58
d
w- c:program filesDrWeb
2010-01-16 21:31 . 2008-07-25 18:31
d
w- c:program filesYandex
2010-01-16 18:10 . 2009-02-11 05:42
d
w- c:program filesuTorrent
2009-06-24 10:38 . 2007-06-11 07:54 41788 -c—a-w- c:program filesUninstall.exe
2008-05-21 09:33 . 2008-05-21 09:33 1890 —sha-w- c:windowssystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-07-24 5586208][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-05-30 460040]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-06-06 39408]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2009-11-20 289072]
«Tutor.exe»=»c:program filesABBYY Lingvo 12Tutor.exe» [2007-07-05 992544][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Ярлык для страницы свойств High Definition Audio»=»HDAShCut.exe» [2005-01-07 61952]
«SoundMan»=»SOUNDMAN.EXE» [2005-08-01 90112]
«AlcWzrd»=»ALCWZRD.EXE» [2005-08-01 2803712]
«InstantOn»=»c:program filesCyberLinkPowerCinema Linuxion_install.exe» [2005-05-11 93640]
«Easy-PrintToolBox»=»c:program filesCanonEasy-PrintToolBoxBJPSMAIN.EXE» [2004-01-14 409600]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2008-10-25 31072]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2006-12-06 69216]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-12-05 54832]
«VisualTaskTips»=»c:program filesVisualTaskTipsVisualTaskTips.exe» [2006-07-31 36864]
«SMSERIAL»=»sm56hlpr.exe» [2005-08-01 544768]
«OrderReminder»=»c:program filesHewlett-PackardOrderReminderOrderReminder.exe» [2006-07-30 98304]
«SunJavaUpdateSched»=»c:program filesJavajre1.6.0binjusched.exe» [2008-05-21 77824]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2006-11-10 90112]
«FLSDeviceControlPanel»=»c:windowssystem32FLSDEVCP.EXE» [2008-10-03 91696]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 12Lvagent.exe» [2007-07-05 193824]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«avast5″=»c:progra~1ALWILS~1Avast5avastUI.exe» [2010-02-11 2756488][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]c:documents and settings1ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-8-27 113664]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Gamma Loader.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-8-27 113664]
Ѓлбвал© § ЇгбЄ AutoCAD.lnk — c:program filesCommon FilesAutodesk Sharedacstart16.exe [2004-2-25 10872][HKLM~startupfolderC:^Documents and Settings^1^Главное меню^Программы^Автозагрузка^Mobipocket Web Companion.lnk]
path=c:documents and settings1Главное менюПрограммыАвтозагрузкаMobipocket Web Companion.lnk
backup=c:windowspssMobipocket Web Companion.lnkStartup[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^ATI CATALYST System Tray.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаATI CATALYST System Tray.lnk
backup=c:windowspssATI CATALYST System Tray.lnkCommon Startup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater]
2007-04-04 11:41 970752 —-a-w- c:program filesCommon FilesAdobeUpdaterAdobeUpdater.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools]
2006-11-12 10:48 157592 —-a-w- c:program filesDAEMON Toolsdaemon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
2008-07-25 12:42 3286016 —-a-w- c:program filesDownload Masterdmaster.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
2006-11-13 13:21 1289000 —-a-w- c:program filesMicrosoft ActiveSyncwcescomm.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
2007-07-05 20:10 193824 —-a-w- c:program filesABBYY Lingvo 12LvAgent.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTaskSwitchXP]
2006-08-04 22:29 62976 —-a-w- c:program filesTaskSwitchXPTaskSwitchXP.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTutor.exe]
2007-07-05 20:15 992544 —-a-w- c:program filesABBYY Lingvo 12Tutor.exe[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\Graphisoft\ArchiCAD 11\ArchiCAD.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
«6262:TCP»= 6262:TCP:ukbxiqR0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 15:46 63352]
R0 sfsync05;FrontLine Synchronization Driver (v5);c:windowssystem32driverssfsync05.sys [11.08.2006 19:09 59776]
R0 sptd;sptd;c:windowssystem32driverssptd.sys [26.08.2007 18:34 646392]
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [20.02.2010 21:38 162512]
R1 dk2drv;DK2 WindowsNT Driver;c:windowssystem32driversdk2drv.sys [03.10.2008 12:24 49720]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [20.02.2010 21:38 19024]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:windowssystem32driversfle5wnnt.sys [03.10.2008 12:25 33404]
R2 FLSIFACE;FLSIface;c:windowssystem32driversflsiface.sys [03.10.2008 12:25 13440]
R2 FLSPAR;FLSPar;c:windowssystem32driversflspar.sys [03.10.2008 12:25 16314]
R2 FLSSER;FLSSer;c:windowssystem32driversflsser.sys [03.10.2008 12:25 8344]
R2 FLSVCOM;FLSVCom;c:windowssystem32driversflsvcom.sys [03.10.2008 12:25 34080]
R2 NVKEYNT;NVKEYNT;c:windowssystem32driversNVKEYNT.SYS [18.08.2007 19:15 68672]
S2 HDDlife HDD Access service;HDDlife HDD Access service;c:program filesCommon FilesBinarySensehldasvc.exe [16.02.2010 14:51 824640]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:windowssystem32sfrem02.exe svc —> c:windowssystem32sfrem02.exe svc [?]
S3 MBLAUDRV;Mobiola Audio Service;c:windowssystem32driversBTCamAudioDrv.sys [28.07.2008 1:35 13312]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [01.09.2008 8:51 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [01.09.2008 8:51 8320]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:windowssystem32driversSE31bus.sys [22.08.2007 20:18 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:windowssystem32driversSE31mdfl.sys [22.08.2007 20:19 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:windowssystem32driversSE31mdm.sys [22.08.2007 20:19 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:windowssystem32driversSE31mgmt.sys [22.08.2007 20:19 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:windowssystem32driversse31nd5.sys [22.08.2007 20:20 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:windowssystem32driversSE31obex.sys [22.08.2007 20:19 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:windowssystem32driversse31unic.sys [22.08.2007 20:19 90800]
.
Contents of the ‘Scheduled Tasks’ folder2010-03-03 c:windowsTasksUser_Feed_Synchronization-{30C1D3C3-2B0A-4223-8762-B7FE6CC5D4BC}.job
— c:windowssystem32msfeedssync.exe [2007-08-13 01:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
uInternet Settings,ProxyOverride =
IE: c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/282
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/283
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — c:program filesPRMT78PRMTIEprmtie5.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
Trusted Zone: 195.16.50.18
Trusted Zone: 85.21.242.18
Trusted Zone: mtbank.co.ru
Trusted Zone: mybank.comwww
TCP: {46D91171-DDD5-4B72-A07E-796D5069C3CD} = 217.150.34.129,217.150.35.129
TCP: {8CD7EE6C-34C8-4184-8F19-F3BF2556ADC6} = 192.168.1.1
Handler: hddlife — {BD758015-47D9-477A-8873-4B688A2BC0E2} — c:program filesCommon FilesBinarySensehlAPP.dll
DPF: {075DE2F2-4573-4056-8E93-70CABB68C5A2} — hxxp://6160.meritlilin.com.tw/v6160.cab
DPF: {2AF0C7B1-9389-11D8-869A-0020ED529CEE} — hxxp://194.85.132.130/HTTPFile.cab
DPF: {7D0FDBB3-B42D-11D2-8977-0060080BBFF8} — hxxps://www.bankline.ru/servlets/ibc?File=12570842.cab
DPF: {A90CDED7-0D8F-49CE-87B3-5D4BE4C36407} — hxxps://www.bankline.ru/servlets/ibc?File=1676743.CAB
DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} — hxxps://www.bankline.ru/servlets/ibc?File=12570838.CAB
DPF: {EE479A40-C128-40DD-93DA-000556AF9607} — hxxp://87.245.181.50:9012/CtrWeb.cab
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 09:16
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86FC9820]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf757ffc3
DriverACPI -> ACPI.sys @ 0xf7300cb8
Driveratapi -> 0x86a7cbc8
DriveriaStor -> 0x86fd01e8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578262
DeviceHarddisk0DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578262
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf708bba0
PacketIndicateHandler -> NDIS.sys @ 0xf7098b21
SendHandler -> NDIS.sys @ 0xf707687b
Warning: possible MBR rootkit infection !
user & kernel MBR OK**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(880)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘explorer.exe'(1256)
c:program filesVisualTaskTipsVttHooks.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32btncopy.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowssystem32Ati2evxx.exe
c:windowssystem32Ati2evxx.exe
c:program filesAlwil SoftwareAvast5AvastSvc.exe
c:program filesWIDCOMMBluetooth Softwarebinbtwdins.exe
c:program filesFirebirdbinibguard.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
c:windowsSOUNDMAN.EXE
c:windowssm56hlpr.exe
c:program filesCyberLinkShared FilesRichVideo.exe
c:program filesATI TechnologiesATI.ACECore-StaticMOM.EXE
c:progra~1MI3AA1~1rapimgr.exe
c:program filesATI TechnologiesATI.ACECore-Staticccc.exe
c:program filesFirebirdbinibserver.exe
c:program filesNetUPUTM5_wintrayutm5_wintray.exe
.
**************************************************************************
.
Completion time: 2010-03-03 09:25:20 — machine was rebooted
ComboFix-quarantined-files.txt 2010-03-03 06:25
ComboFix2.txt 2010-03-01 21:00
ComboFix3.txt 2010-02-27 21:14Pre-Run: 13 571 207 168 байт свободно
Post-Run: 13 547 220 992 байт свободно— — End Of File — — B5D801FC9EB03DFA4D2DD448AFDDF7F4
Проверка антивирусом отчет:
3 Март 2010 г.
Операционная система: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Версия Kaspersky Online Scanner: 7.0.26.13
Последнее обновление баз: Wednesday, March 03, 2010 05:40:21
Количество записей в базах: 3691963Параметры проверки
проверять, используя следующие базы расширенные
Проверять архивы да
Проверять почтовые базы даОбласть проверки Критические области
C:Documents and Settings1Главное менюПрограммыАвтозагрузка
C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
C:Program Files
C:WINDOWSСтатистика проверки
Проверено объектов 231782
Обнаружено угроз 0
Обнаружено зараженных объектов 0
Обнаружено подозрительных объектов 0
Время проверки 03:57:43Угроз не обнаружено. Проверенная область незаражена.
Выбранная область проверена.Выполним ещё одну проверку.
Скачайте сканер OTL кликнув по этой ссылке и сохраните файл на вашем рабочем столе.* Дважды кликните по скачанному файлу.
* Поставьте галочку в пункте «Scan All Users».
* Кликните по кнопке «Run Scan».
* Когда программа закончит работу, будут показаны два лога (OTListIt.txt и Extra.txt).Вставьте оба OTL лога в ваш ответ. Каждый лог в отдельное сообщение.
В логах более 60 000 знаков поэтому пришлось разделить каждый на две части OTL.Txt часть первая:
OTL logfile created on: 10.03.2010 8:10:46 — Run 1
OTL by OldTimer — Version 3.1.35.0 Folder = C:DownloadsПрограммы
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy1 023,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 74,53 Gb Total Space | 11,37 Gb Free Space | 15,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loadedComputer Name: YOUR-8FD8B146F8
Current User Name: 1
Logged in as Administrator.Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard========== Processes (SafeList) ==========
PRC — [2010.03.10 07:44:52 | 000,554,496 | —- | M] (OldTimer Tools) — C:DownloadsПрограммыOTL.exe
PRC — [2010.02.11 21:53:42 | 002,756,488 | —- | M] (ALWIL Software) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
PRC — [2010.02.11 21:53:39 | 000,040,384 | —- | M] (ALWIL Software) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
PRC — [2008.10.03 12:25:35 | 000,091,696 | —- | M] () — C:WINDOWSsystem32FLSDEVCP.EXE
PRC — [2008.05.30 10:29:38 | 000,460,040 | —- | M] (ООО «ЯНДЕКС») — C:Program FilesCommon FilesYandexYupdateyupdate.exe
PRC — [2008.05.21 10:47:53 | 000,077,824 | —- | M] (Sun Microsystems, Inc.) — C:Program FilesJavajre1.6.0binjusched.exe
PRC — [2007.06.13 16:11:44 | 001,033,728 | —- | M] (Корпорация Майкрософт) — C:WINDOWSexplorer.exe
PRC — [2006.11.13 16:21:56 | 001,289,000 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncwcescomm.exe
PRC — [2006.11.13 16:21:46 | 000,199,464 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft ActiveSyncrapimgr.exe
PRC — [2006.07.31 14:33:50 | 000,036,864 | —- | M] (VisualTaskTips.com) — C:Program FilesVisualTaskTipsVisualTaskTips.exe
PRC — [2006.07.30 20:00:00 | 000,098,304 | R— | M] (Hewlett-Packard) — C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
PRC — [2005.12.25 23:22:53 | 000,462,848 | —- | M] ((c) . All rights reserved.) — C:Program FilesNetUPUTM5_wintrayutm5_wintray.exe
PRC — [2005.08.01 09:59:55 | 000,544,768 | —- | M] (Motorola Inc.) — C:WINDOWSsm56hlpr.exe
PRC — [2005.08.01 09:28:18 | 000,090,112 | —- | M] (Realtek Semiconductor Corp.) — C:WINDOWSSOUNDMAN.EXE
PRC — [2004.08.18 15:00:00 | 000,503,808 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32winlogon.exe
PRC — [2004.08.18 15:00:00 | 000,108,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32services.exe
PRC — [2004.08.18 15:00:00 | 000,050,688 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32smss.exe
PRC — [2002.12.11 22:38:03 | 000,032,768 | —- | M] (FirebirdSQL Project) — C:Program FilesFirebirdbinibguard.exe
PRC — [2002.12.11 22:37:33 | 001,748,992 | —- | M] (FirebirdSQL Project) — C:Program FilesFirebirdbinibserver.exe========== Modules (SafeList) ==========
MOD — [2010.03.10 07:44:52 | 000,554,496 | —- | M] (OldTimer Tools) — C:DownloadsПрограммыOTL.exe
MOD — [2009.03.06 03:33:26 | 000,961,888 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft OfficeOffice12GrooveUtil.dll
MOD — [2009.02.12 14:19:38 | 000,178,040 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
MOD — [2009.02.12 14:19:32 | 002,217,848 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
MOD — [2008.10.25 10:44:34 | 000,022,872 | —- | M] (Microsoft Corporation) — C:Program FilesMicrosoft OfficeOffice12GrooveNew.dll
MOD — [2007.10.25 19:44:11 | 008,477,696 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32shell32.dll
MOD — [2007.10.11 09:00:20 | 000,474,112 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32shlwapi.dll
MOD — [2007.04.16 18:54:39 | 000,990,720 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32kernel32.dll
MOD — [2007.03.08 18:38:43 | 000,578,048 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32user32.dll
MOD — [2006.12.01 22:54:32 | 000,626,688 | —- | M] (Microsoft Corporation) — C:WINDOWSWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700msvcr80.dll
MOD — [2006.12.01 21:56:00 | 000,096,256 | —- | M] (Microsoft Corporation) — C:WINDOWSWinSxSx86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474ATL80.dll
MOD — [2006.08.25 18:53:11 | 001,054,208 | —- | M] (Microsoft Corporation) — C:WINDOWSWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03comctl32.dll
MOD — [2006.07.31 14:33:45 | 000,007,680 | —- | M] () — C:Program FilesVisualTaskTipsVttHooks.dll
MOD — [2005.07.26 07:42:38 | 001,284,608 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32ole32.dll
MOD — [2004.12.07 01:54:55 | 000,297,472 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32msctf.dll
MOD — [2004.08.18 15:00:00 | 000,990,208 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32setupapi.dll
MOD — [2004.08.18 15:00:00 | 000,797,696 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32comres.dll
MOD — [2004.08.18 15:00:00 | 000,726,016 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32userenv.dll
MOD — [2004.08.18 15:00:00 | 000,712,192 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32ntdll.dll
MOD — [2004.08.18 15:00:00 | 000,687,104 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32advapi32.dll
MOD — [2004.08.18 15:00:00 | 000,600,576 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32crypt32.dll
MOD — [2004.08.18 15:00:00 | 000,278,528 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32comdlg32.dll
MOD — [2004.08.18 15:00:00 | 000,277,504 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32mstask.dll
MOD — [2004.08.18 15:00:00 | 000,219,648 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32uxtheme.dll
MOD — [2004.08.18 15:00:00 | 000,172,544 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32wldap32.dll
MOD — [2004.08.18 15:00:00 | 000,152,576 | —- | M] (Microsoft Corporation) — C:WINDOWSsystem32rsaenh.dll
MOD — [2004.08.18 15:00:00 | 000,146,944 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32winspool.drv
MOD — [2004.08.18 15:00:00 | 000,144,384 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32ntshrui.dll
MOD — [2004.08.18 15:00:00 | 000,119,296 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32ntmarta.dll
MOD — [2004.08.18 15:00:00 | 000,067,584 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32srclient.dll
MOD — [2004.08.18 15:00:00 | 000,059,904 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32mpr.dll
MOD — [2004.08.18 15:00:00 | 000,019,968 | —- | M] (Корпорация Майкрософт) — C:WINDOWSsystem32ws2help.dll========== Win32 Services (SafeList) ==========
SRV — File not found [Auto | Stopped] — — (Nero BackItUp Scheduler 4.0)
SRV — [2010.02.16 14:51:02 | 000,824,640 | —- | M] (BinarySense, Inc.) [Auto | Stopped] — C:Program FilesCommon FilesBinarySensehldasvc.exe — (HDDlife HDD Access service)
SRV — [2010.02.11 21:53:39 | 000,040,384 | —- | M] (ALWIL Software) [On_Demand | Running] — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe — (avast! Web Scanner)
SRV — [2010.02.11 21:53:39 | 000,040,384 | —- | M] (ALWIL Software) [On_Demand | Running] — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe — (avast! Mail Scanner)
SRV — [2010.02.11 21:53:39 | 000,040,384 | —- | M] (ALWIL Software) [Auto | Running] — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe — (avast! Antivirus)
SRV — [2007.11.15 15:57:17 | 000,074,360 | —- | M] (Autodesk, Inc.) [On_Demand | Stopped] — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe — (Autodesk Licensing Service)
SRV — [2007.05.10 12:50:34 | 000,073,728 | —- | M] (Sony Corporation) [On_Demand | Stopped] — C:Program FilesCommon FilesSony SharedFskSonySCSIHelperService.exe — (Sony SCSI Helper Service)
SRV — [2007.02.05 23:19:34 | 000,185,344 | —- | M] (Корпорация Майкрософт) [On_Demand | Stopped] — C:WINDOWSsystem32upnphost.dll — (upnphost)
SRV — [2006.12.20 00:50:51 | 000,135,168 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32shsvcs.dll — (Themes)
SRV — [2006.12.20 00:50:51 | 000,135,168 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32shsvcs.dll — (ShellHWDetection)
SRV — [2006.12.20 00:50:51 | 000,135,168 | —- | M] (Корпорация Майкрософт) [On_Demand | Running] — C:WINDOWSsystem32shsvcs.dll — (FastUserSwitchingCompatibility)
SRV — [2006.12.19 21:18:16 | 000,333,824 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32wiaservc.dll — (stisvc) Служба загрузки изображений (WIA)
SRV — [2006.05.19 16:26:13 | 000,111,104 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32dhcpcsvc.dll — (Dhcp)
SRV — [2006.05.11 19:40:06 | 000,358,008 | —- | M] (Protection Technology (StarForce)) [Auto | Stopped] — C:WINDOWSSystem32sfrem02.exe — (sfrem02) FrontLine Drivers Auto Removal (v2)
SRV — [2005.08.22 21:36:09 | 000,197,632 | —- | M] (Корпорация Майкрософт) [On_Demand | Running] — C:WINDOWSsystem32netman.dll — (Netman)
SRV — [2005.07.08 19:29:35 | 000,249,344 | —- | M] (Корпорация Майкрософт) [On_Demand | Running] — C:WINDOWSsystem32tapisrv.dll — (TapiSrv)
SRV — [2005.04.20 22:31:05 | 000,474,624 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32wzcsvc.dll — (WZCSVC)
SRV — [2004.11.18 02:26:51 | 000,171,008 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32srsvc.dll — (srservice)
SRV — [2004.08.18 15:00:00 | 000,436,736 | —- | M] (Корпорация Майкрософт) [On_Demand | Stopped] — C:WINDOWSsystem32ntmssvc.dll — (NtmsSvc)
SRV — [2004.08.18 15:00:00 | 000,382,464 | —- | M] (Корпорация Майкрософт) [On_Demand | Stopped] — C:WINDOWSsystem32qmgr.dll — (BITS) Фоновая интеллектуальная служба передачи (BITS)
SRV — [2004.08.18 15:00:00 | 000,331,264 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32ipnathlp.dll — (SharedAccess) Брандмауэр Windows/Общий доступ к Интернету (ICS)
SRV — [2004.08.18 15:00:00 | 000,295,936 | —- | M] (Корпорация Майкрософт) [On_Demand | Running] — C:WINDOWSsystem32termsrv.dll — (TermService)
SRV — [2004.08.18 15:00:00 | 000,290,304 | —- | M] (Корпорация Майкрософт) [On_Demand | Stopped] — C:WINDOWSsystem32vssvc.exe — (VSS)
SRV — [2004.08.18 15:00:00 | 000,247,296 | —- | M] (Корпорация Майкрософт) [On_Demand | Running] — C:WINDOWSsystem32mswsock.dll — (Nla) Служба сетевого расположения (NLA)
SRV — [2004.08.18 15:00:00 | 000,191,488 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32schedsvc.dll — (Schedule)
SRV — [2004.08.18 15:00:00 | 000,175,104 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32w32time.dll — (W32Time)
SRV — [2004.08.18 15:00:00 | 000,150,016 | —- | M] (Корпорация Майкрософт) [On_Demand | Stopped] — C:WINDOWSsystem32imapi.exe — (ImapiService)
SRV — [2004.08.18 15:00:00 | 000,145,408 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32wbemwmisvc.dll — (winmgmt)
SRV — [2004.08.18 15:00:00 | 000,141,312 | —- | M] (Корпорация Майкрософт) [On_Demand | Stopped] — C:WINDOWSsystem32sessmgr.exe — (RDSessMgr)
SRV — [2004.08.18 15:00:00 | 000,126,464 | —- | M] (Корпорация Майкрософт) [On_Demand | Stopped] — C:WINDOWSsystem32wbemwmiapsrv.exe — (WmiApSrv)
SRV — [2004.08.18 15:00:00 | 000,113,664 | —- | M] (Корпорация Майкрософт) [Disabled | Stopped] — C:WINDOWSsystem32netdde.exe — (NetDDEdsdm)
SRV — [2004.08.18 15:00:00 | 000,113,664 | —- | M] (Корпорация Майкрософт) [Disabled | Stopped] — C:WINDOWSsystem32netdde.exe — (NetDDE)
SRV — [2004.08.18 15:00:00 | 000,108,544 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32services.exe — (PlugPlay)
SRV — [2004.08.18 15:00:00 | 000,108,544 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32services.exe — (Eventlog)
SRV — [2004.08.18 15:00:00 | 000,096,768 | —- | M] (Корпорация Майкрософт) [On_Demand | Stopped] — C:WINDOWSsystem32scardsvr.exe — (SCardSvr)
SRV — [2004.08.18 15:00:00 | 000,091,648 | —- | M] (Корпорация Майкрософт) [On_Demand | Stopped] — C:WINDOWSsystem32smlogsvc.exe — (SysmonLog)
SRV — [2004.08.18 15:00:00 | 000,045,568 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32dnsrslvr.dll — (Dnscache)
SRV — [2004.08.18 15:00:00 | 000,032,768 | —- | M] (Корпорация Майкрософт) [On_Demand | Stopped] — C:WINDOWSsystem32mnmsrvc.exe — (mnmsrvc)
SRV — [2004.08.18 15:00:00 | 000,024,064 | —- | M] (Корпорация Майкрософт) [On_Demand | Stopped] — C:WINDOWSsystem32dmserver.dll — (dmserver)
SRV — [2004.08.18 15:00:00 | 000,018,944 | —- | M] (Корпорация Майкрософт) [Auto | Running] — C:WINDOWSsystem32seclogon.dll — (seclogon)
SRV — [2002.12.11 22:38:03 | 000,032,768 | —- | M] (FirebirdSQL Project) [Auto | Running] — C:Program FilesFirebirdbinibguard.exe — (InterBaseGuardian)
SRV — [2002.12.11 22:37:33 | 001,748,992 | —- | M] (FirebirdSQL Project) [On_Demand | Running] — C:Program FilesFirebirdbinibserver.exe — (InterBaseServer)========== Driver Services (SafeList) ==========
DRV — [2010.03.09 14:12:54 | 000,046,672 | —- | M] (ALWIL Software) [Kernel | System | Running] — C:WINDOWSsystem32driversaswTdi.sys — (aswTdi)
DRV — [2010.03.09 14:12:33 | 000,162,640 | —- | M] (ALWIL Software) [Kernel | System | Running] — C:WINDOWSsystem32driversaswSP.sys — (aswSP)
DRV — [2010.03.09 14:09:08 | 000,023,376 | —- | M] (ALWIL Software) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversaswRdr.sys — (aswRdr)
DRV — [2010.03.09 14:08:41 | 000,100,432 | —- | M] (ALWIL Software) [File_System | Auto | Running] — C:WINDOWSsystem32driversaswmon2.sys — (aswMon2)
DRV — [2010.03.09 14:08:30 | 000,019,024 | —- | M] (ALWIL Software) [File_System | Auto | Running] — C:WINDOWSsystem32driversaswFsBlk.sys — (aswFsBlk)
DRV — [2010.03.09 14:08:15 | 000,028,880 | —- | M] (ALWIL Software) [Kernel | System | Running] — C:WINDOWSsystem32driversaavmker4.sys — (Aavmker4)
DRV — [2008.10.03 12:25:36 | 000,034,080 | —- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] — C:WINDOWSsystem32driversflsvcom.sys — (FLSVCOM)
DRV — [2008.10.03 12:25:35 | 000,016,314 | —- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] — C:WINDOWSsystem32driversflspar.sys — (FLSPAR)
DRV — [2008.10.03 12:25:35 | 000,013,440 | —- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] — C:WINDOWSsystem32driversflsiface.sys — (FLSIFACE)
DRV — [2008.10.03 12:25:35 | 000,008,344 | —- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] — C:WINDOWSsystem32driversflsser.sys — (FLSSER)
DRV — [2008.10.03 12:25:34 | 000,033,404 | —- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] — C:WINDOWSsystem32driversfle5wnnt.sys — (FLE5WNNT)
DRV — [2008.10.03 12:24:33 | 000,049,720 | —- | M] (Data Encryption Systems Limited) [Kernel | System | Running] — C:WINDOWSsystem32driversdk2drv.sys — (dk2drv)
DRV — [2008.06.06 19:21:51 | 000,271,360 | —- | M] () [Kernel | Auto | Running] — C:WINDOWSsystem32driversatksgt.sys — (atksgt)
DRV — [2008.06.06 19:21:50 | 000,018,048 | —- | M] () [Kernel | Auto | Running] — C:WINDOWSsystem32driverslirsgt.sys — (lirsgt)
DRV — [2008.06.06 08:24:44 | 000,008,064 | —- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversusbser_lowerflt.sys — (upperdev)
DRV — [2008.05.07 06:38:36 | 000,008,064 | —- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversusbser_lowerfltj.sys — (UsbserFilt)
DRV — [2008.05.07 06:38:20 | 000,020,864 | —- | M] (Nokia) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversccdcmbo.sys — (nmwcdc)
DRV — [2008.05.07 06:38:20 | 000,017,536 | —- | M] (Nokia) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversccdcmb.sys — (nmwcd)
DRV — [2008.02.01 15:17:12 | 000,138,112 | —- | M] (Nokia) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversnmwcdnsu.sys — (nmwcdnsu)
DRV — [2008.02.01 15:17:06 | 000,008,320 | —- | M] (Nokia) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversnmwcdnsuc.sys — (nmwcdnsuc)
DRV — [2007.12.05 08:26:40 | 002,782,208 | —- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversati2mtag.sys — (ati2mtag)
DRV — [2007.08.27 22:36:06 | 000,646,392 | —- | M] () [Kernel | Boot | Running] — C:WINDOWSSystem32Driverssptd.sys — (sptd)
DRV — [2007.08.06 12:00:00 | 000,072,704 | —- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] — C:WINDOWSsystem32driversWibuKey.sys — (WIBUKEY)
DRV — [2007.07.31 13:27:16 | 000,013,312 | —- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversBTCamAudioDrv.sys — (MBLAUDRV)
DRV — [2007.01.24 13:45:28 | 000,067,584 | —- | M] (EZB Systems, Inc.) [File_System | System | Running] — C:Program FilesUltraISOdriversISODrive.sys — (ISODrive)
DRV — [2006.11.10 11:46:12 | 000,090,800 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversse31unic.sys — (se31unic) Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM)
DRV — [2006.11.10 11:46:02 | 000,086,560 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversSE31obex.sys — (SE31obex)
DRV — [2006.11.10 11:46:00 | 000,018,704 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversse31nd5.sys — (se31nd5) Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS)
DRV — [2006.11.10 11:45:56 | 000,088,688 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversSE31mgmt.sys — (SE31mgmt) Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM)
DRV — [2006.11.10 11:45:52 | 000,097,184 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversSE31mdm.sys — (SE31mdm)
DRV — [2006.11.10 11:45:50 | 000,009,360 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversSE31mdfl.sys — (SE31mdfl)
DRV — [2006.11.10 11:45:42 | 000,061,600 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversSE31bus.sys — (SE31bus) Sony Ericsson Device 049 Driver driver (WDM)
DRV — [2006.11.07 08:42:30 | 000,086,368 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversw200obex.sys — (w200obex)
DRV — [2006.11.07 08:42:28 | 000,088,560 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversw200mgmt.sys — (w200mgmt) Sony Ericsson W200 USB WMC Device Management Drivers (WDM)
DRV — [2006.11.07 08:42:24 | 000,097,056 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversw200mdm.sys — (w200mdm)
DRV — [2006.11.07 08:42:22 | 000,009,328 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversw200mdfl.sys — (w200mdfl)
DRV — [2006.11.07 08:42:16 | 000,061,504 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversw200bus.sys — (w200bus) Sony Ericsson W200 driver (WDM)
DRV — [2006.11.02 15:51:58 | 000,013,560 | —- | M] (Cyberlink Corp.) [Kernel | Auto | Running] — C:Program FilesCyberLinkPowerDVD00.fcl — ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV — [2006.08.11 19:09:28 | 000,059,776 | —- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] — C:WINDOWSsystem32driverssfsync05.sys — (sfsync05) FrontLine Synchronization Driver (v5)
DRV — [2006.08.11 16:47:13 | 000,059,776 | —- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] — C:WINDOWSSystem32driverssfsync04.sys — (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV — [2006.07.05 15:46:06 | 000,063,352 | —- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] — C:WINDOWSSystem32driverssfdrv01a.sys — (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV — [2006.06.14 17:56:56 | 000,013,680 | —- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] — C:WINDOWSSystem32driverssfhlp02.sys — (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV — [2005.10.12 14:07:12 | 000,874,240 | —- | M] (Intel Corporation) [Kernel | Boot | Running] — C:WINDOWSsystem32driversiaStor.sys — (iaStor)
DRV — [2005.08.29 16:45:34 | 000,853,258 | —- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversbtkrnl.sys — (BTKRNL)
DRV — [2005.08.29 15:01:38 | 000,428,269 | —- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversbtaudio.sys — (btaudio)
DRV — [2005.08.29 14:55:18 | 000,030,363 | —- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversbtport.sys — (BTDriver)
DRV — [2005.08.29 14:54:36 | 000,064,344 | —- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversbtwusb.sys — (BTWUSB)
DRV — [2005.08.18 18:52:08 | 000,077,056 | —- | M] (NVIDIA Corporation) [Kernel | Boot | Running] — C:WINDOWSsystem32driversnvraid.sys — (nvraid)
DRV — [2005.08.18 18:52:06 | 000,093,568 | —- | M] (NVIDIA Corporation) [Kernel | Boot | Running] — C:WINDOWSsystem32driversnvatabus.sys — (nvatabus)
DRV — [2005.08.01 09:59:55 | 000,839,724 | —- | M] (Motorola Inc.) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driverssmserial.sys — (smserial)
DRV — [2005.08.01 09:29:27 | 003,222,784 | —- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversw29n51.sys — (w29n51) Драйвер сетевого адаптера Intel(R)
DRV — [2005.08.01 09:28:34 | 000,070,912 | —- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversRtlnicxp.sys — (RTL8023xp)
DRV — [2005.08.01 09:28:15 | 002,547,008 | —- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversRtkHDAud.sys — (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV — [2005.03.03 20:53:57 | 000,048,640 | —- | M] (Protection Technology) [Kernel | Boot | Running] — C:WINDOWSSystem32driverssfdrv01.sys — (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV — [2005.01.11 18:58:48 | 000,030,976 | —- | M] (Silicon Integrated Systems Corp) [Kernel | Boot | Running] — C:WINDOWSsystem32driversSiSRaid2.sys — (SiSRaid2)
DRV — [2005.01.07 17:07:18 | 000,138,752 | —- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversHdaudbus.sys — (HDAudBus)
DRV — [2005.01.07 17:07:16 | 000,145,920 | —- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversHdaudio.sys — (HdAudAddService)
DRV — [2004.08.18 15:00:00 | 000,188,288 | —- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] — C:WINDOWSsystem32DRIVERSACPI.sys — (ACPI)
DRV — [2004.08.18 15:00:00 | 000,125,440 | —- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] — C:WINDOWSsystem32DRIVERSftdisk.sys — (Ftdisk)
DRV — [2004.08.18 15:00:00 | 000,119,936 | —- | M] (Корпорация Майкрософт) [Kernel | Disabled | Stopped] — C:WINDOWSsystem32driverspcmcia.sys — (Pcmcia)
DRV — [2004.08.18 15:00:00 | 000,080,128 | —- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversparport.sys — (Parport)
DRV — [2004.08.18 15:00:00 | 000,073,472 | —- | M] (Корпорация Майкрософт) [File_System | Boot | Running] — C:WINDOWSsystem32DRIVERSsr.sys — (sr)
DRV — [2004.08.18 15:00:00 | 000,065,408 | —- | M] (Корпорация Майкрософт) [Kernel | Auto | Stopped] — C:WINDOWSsystem32driversserial.sys — (Serial)
DRV — [2004.08.18 15:00:00 | 000,051,968 | —- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] — C:WINDOWSsystem32driversvolsnap.sys — (VolSnap)
DRV — [2004.08.18 15:00:00 | 000,040,320 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversnmnt.sys — (nm)
DRV — [2004.08.18 15:00:00 | 000,034,944 | —- | M] (Корпорация Майкрософт) [Kernel | System | Running] — C:WINDOWSsystem32driversfips.sys — (Fips)
DRV — [2004.08.18 15:00:00 | 000,030,208 | —- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversmodem.sys — (Modem)
DRV — [2004.08.18 15:00:00 | 000,024,832 | —- | M] (Корпорация Майкрософт) [Kernel | System | Running] — C:WINDOWSsystem32driverskbdclass.sys — (Kbdclass)
DRV — [2004.08.18 15:00:00 | 000,011,776 | —- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] — C:WINDOWSsystem32DRIVERSACPIEC.sys — (ACPIEC)
DRV — [2004.08.18 15:00:00 | 000,006,912 | —- | M] (Корпорация Майкрософт) [Kernel | Disabled | Stopped] — C:WINDOWSsystem32driversparvdm.sys — (ParVdm)
DRV — [2004.08.17 18:53:20 | 000,005,504 | —- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] — C:WINDOWSsystem32DRIVERSintelide.sys — (IntelIde)
DRV — [2004.08.17 18:49:32 | 000,058,112 | —- | M] (Корпорация Майкрософт) [Kernel | System | Running] — C:WINDOWSsystem32driversredbook.sys — (redbook)
DRV — [2004.08.17 15:51:24 | 000,053,376 | —- | M] (Корпорация Майкрософт) [Kernel | System | Running] — C:WINDOWSsystem32driversi8042prt.sys — (i8042prt)
DRV — [2004.08.17 15:47:34 | 000,023,296 | —- | M] (Корпорация Майкрософт) [Kernel | System | Running] — C:WINDOWSsystem32driversmouclass.sys — (Mouclass)
DRV — [2004.08.17 15:46:56 | 000,068,480 | —- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] — C:WINDOWSsystem32DRIVERSpci.sys — (PCI)
DRV — [2004.08.17 14:54:38 | 000,014,848 | —- | M] (Корпорация Майкрософт) [Kernel | System | Stopped] — C:WINDOWSsystem32driverskbdhid.sys — (kbdhid)
DRV — [2004.08.03 22:07:56 | 000,059,264 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversUSBAUDIO.sys — (usbaudio) Аудио драйвер USB (WDM)
DRV — [2004.03.10 13:34:00 | 000,068,672 | R— | M] (Aktiv Co.) [Kernel | Auto | Running] — C:WINDOWSsystem32driversNVKEYNT.SYS — (NVKEYNT)
DRV — [2001.10.19 20:32:14 | 000,003,328 | —- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] — C:WINDOWSsystem32DRIVERSpciide.sys — (PCIIde)
DRV — [2001.10.19 20:22:20 | 000,036,096 | —- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] — C:WINDOWSsystem32DRIVERSisapnp.sys — (isapnp)
DRV — [2001.10.19 19:33:10 | 000,012,160 | —- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversmouhid.sys — (mouhid)========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE — HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0
IE — HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0
IE — HKUS-1-5-21-3384562647-3952047165-953852265-1006SOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE — HKUS-1-5-21-3384562647-3952047165-953852265-1006SOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = http://www.rambler.ru/ [binary data]
IE — HKUS-1-5-21-3384562647-3952047165-953852265-1006SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
IE — HKUS-1-5-21-3384562647-3952047165-953852265-1006..URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll (@Mail.Ru)
IE — HKUS-1-5-21-3384562647-3952047165-953852265-1006SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0
IE — HKUS-1-5-21-3384562647-3952047165-953852265-1006SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyOverride» =[2008.07.25 21:31:46 | 000,000,000 | —D | M] — C:Documents and Settings1Application DataMozillaFirefoxProfiles9vf96daw.defaultextensions
[2009.07.31 14:35:06 | 000,000,000 | —D | M] — C:Documents and Settings1Application DataMozillaFirefoxProfiles9vf96daw.defaultextensionsyasearch@yandex.ru
[2008.07.25 21:31:47 | 000,000,000 | —D | M] — C:Documents and Settings1Application DataMozillaFirefoxProfiles9vf96daw.defaultextensionsyasearch@yandex.ruchromeskinextensions-hacksO1 HOSTS File: ([2010.03.03 09:14:23 | 000,000,027 | —- | M]) — C:WINDOWSsystem32driversetchosts
O1 — Hosts: 127.0.0.1 localhost
O2 — BHO: (Skype add-on (mastermind)) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Skype Technologies S.A.)
O2 — BHO: (Groove GFS Browser Helper) — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)
O2 — BHO: (SSVHelper Class) — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0binssv.dll (Sun Microsystems, Inc.)
O2 — BHO: (MailRuBHO Class) — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll (@Mail.Ru)
O2 — BHO: (IE 4.x-6.x BHO for Download Master) — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:Program FilesDownload Masterdmiehlp.dll (WestByte)
O2 — BHO: (Google Toolbar Helper) — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll (Google Inc.)
O2 — BHO: (Google Toolbar Notifier BHO) — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll (Google Inc.)
O2 — BHO: (Google Dictionary Compression sdch) — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 — BHO: (Ask Toolbar BHO) — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL (Ask.com)
O3 — HKLM..Toolbar: (no name) — — No CLSID value found.
O3 — HKLM..Toolbar: (Спутник@Mail.Ru) — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll (@Mail.Ru)
O3 — HKLM..Toolbar: (DM Bar) — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll (WestByte Software)
O3 — HKLM..Toolbar: (Google Toolbar) — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll (Google Inc.)
O3 — HKLM..Toolbar: (Easy-WebPrint) — {327C2873-E90D-4c37-AA9D-10AC9BABA46C} — C:Program FilesCanonEasy-WebPrintToolband.dll ()
O3 — HKLM..Toolbar: (Яндекс.Бар) — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll (ООО «ЯНДЕКС»)
O3 — HKLM..Toolbar: (Ask Toolbar) — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL (Ask.com)
O3 — HKLM..Toolbar: (PROMT) — {FF284F5C-7CF9-4682-8701-D467C1DBB99F} — C:Program FilesPRMT78PRMTIEprmtie.dll (PROMT Ltd.)
O3 — HKU.DEFAULT..ToolbarWebBrowser: (Яндекс.Бар) — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll (ООО «ЯНДЕКС»)
O3 — HKUS-1-5-18..ToolbarWebBrowser: (Яндекс.Бар) — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll (ООО «ЯНДЕКС»)
O3 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..ToolbarWebBrowser: (&Адрес) — {01E04581-4EEE-11D0-BFE9-00AA005B4383} — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)
O3 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..ToolbarWebBrowser: (Спутник@Mail.Ru) — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll (@Mail.Ru)
O3 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..ToolbarWebBrowser: (DM Bar) — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll (WestByte Software)
O3 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..ToolbarWebBrowser: (&Ссылки) — {0E5CBF21-D15F-11D0-8301-00AA005B4383} — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)
O3 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..ToolbarWebBrowser: (Google Toolbar) — {2318C2B1-4965-11D4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll (Google Inc.)
O3 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..ToolbarWebBrowser: (Яндекс.Бар) — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll (ООО «ЯНДЕКС»)
O3 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..ToolbarWebBrowser: (Ask Toolbar) — {FE063DB9-4EC0-403E-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL (Ask.com)
O4 — HKLM..Run: [AlcWzrd] C:WINDOWSALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 — HKLM..Run: [avast5] C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ALWIL Software)
O4 — HKLM..Run: [Easy-PrintToolBox] C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE (CANON INC.)
O4 — HKLM..Run: [FLSDeviceControlPanel] C:WINDOWSsystem32FLSDEVCP.EXE ()
O4 — HKLM..Run: [InstantOn] C:Program FilesCyberLinkPowerCinema Linuxion_install.exe ()
O4 — HKLM..Run: [LanguageShortcut] C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe ()
O4 — HKLM..Run: [Lingvo Launcher] C:Program FilesABBYY Lingvo 12Lvagent.exe (ABBYY (BIT Software))
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe (Nero AG)
O4 — HKLM..Run: [OrderReminder] C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe (Hewlett-Packard)
O4 — HKLM..Run: [SMSERIAL] C:WINDOWSsm56hlpr.exe (Motorola Inc.)
O4 — HKLM..Run: [SoundMan] C:WINDOWSSOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 — HKLM..Run: [StartCCC] C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe ()
O4 — HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.6.0binjusched.exe (Sun Microsystems, Inc.)
O4 — HKLM..Run: [VisualTaskTips] C:Program FilesVisualTaskTipsVisualTaskTips.exe (VisualTaskTips.com)
O4 — HKLM..Run: [Ярлык для страницы свойств High Definition Audio] C:WINDOWSSystem32HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Run: [H/PC Connection Agent] C:Program FilesMicrosoft ActiveSyncwcescomm.exe (Microsoft Corporation)
O4 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (Google Inc.)
O4 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Run: [Tutor.exe] C:Program FilesABBYY Lingvo 12Tutor.exe (ABBYY (BIT Software))
O4 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Run: [Yupdate!] C:Program FilesCommon FilesYandexYupdateyupdate.exe (ООО «ЯНДЕКС»)
O4 — Startup: C:Documents and Settings1Главное менюПрограммыАвтозагрузкаAdobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 — Startup: C:Documents and Settings1Главное менюПрограммыАвтозагрузкаHDDlife.lnk = C:Program FilesBinarySenseHDDlife 3HDDlifePro.exe File not found
O4 — Startup: C:Documents and Settings1Главное менюПрограммыАвтозагрузкаВырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE (Microsoft Corporation)
O4 — Startup: C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 — Startup: C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаБыстрый запуск AutoCAD.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart16.exe (Autodesk, Inc)
O4 — Startup: C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаẂįŋδōẅś Đēşкţор Ş℮αŗ¢ĥ.lnk = File not found
O6 — HKLMSoftwarePoliciesMicrosoftInternet ExplorerLow Rights present
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O7 — HKU.DEFAULTSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 — HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O7 — HKUS-1-5-18SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 — HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O7 — HKUS-1-5-19SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-20SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 — HKUS-1-5-21-3384562647-3952047165-953852265-1006SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-21-3384562647-3952047165-953852265-1006SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 36
O7 — HKUS-1-5-21-3384562647-3952047165-953852265-1006SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 — HKUS-1-5-21-3384562647-3952047165-953852265-1006SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O8 — Extra context menu item: &Экспорт в Microsoft Excel — C:Program FilesMicrosoft OfficeOffice12EXCEL.EXE (Microsoft Corporation)
O8 — Extra context menu item: Easy-WebPrint Add To Print List — C:Program FilesCanonEasy-WebPrintResource.dll ()
O8 — Extra context menu item: Easy-WebPrint High Speed Print — C:Program FilesCanonEasy-WebPrintResource.dll ()
O8 — Extra context menu item: Easy-WebPrint Preview — C:Program FilesCanonEasy-WebPrintResource.dll ()
O8 — Extra context menu item: Easy-WebPrint Print — C:Program FilesCanonEasy-WebPrintResource.dll ()
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm ()
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm ()
O8 — Extra context menu item: Поиск@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll (@Mail.Ru)
O8 — Extra context menu item: Словари@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll (@Mail.Ru)
O9 — Extra ‘Tools’ menuitem : Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0binnpjpi160.dll (Sun Microsystems, Inc.)
O9 — Extra Button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll (Microsoft Corporation)
O9 — Extra ‘Tools’ menuitem : &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll (Microsoft Corporation)
O9 — Extra Button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:Program FilesMicrosoft ActiveSyncINetRepl.dll (Microsoft Corporation)
O9 — Extra ‘Tools’ menuitem : Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:Program FilesMicrosoft ActiveSyncINetRepl.dll (Microsoft Corporation)
O9 — Extra ‘Tools’ menuitem : Skype add-on for Internet Explorer — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Skype Technologies S.A.)
O9 — Extra Button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Skype Technologies S.A.)
O9 — Extra ‘Tools’ menuitem : Перевести — {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} — C:Program FilesPRMT78PRMTIEprmtie5.htm ()
O9 — Extra ‘Tools’ menuitem : Настройка параметров перевода — {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} — C:Program FilesPRMT78PRMTIEOPTIONS.HTM ()
O9 — Extra Button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe (WestByte)
O9 — Extra ‘Tools’ menuitem : &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe (WestByte)
O9 — Extra Button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:Program FilesMicrosoft OfficeOffice12REFIEBAR.DLL (Microsoft Corporation)
O9 — Extra Button: @btrez.dll,-4015 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9 — Extra ‘Tools’ menuitem : @btrez.dll,-12650 — {CCA281CA-C863-46ef-9331-5C8D4460577F} — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm ()
O9 — Extra Button: @c:Program FilesMessengerMsgslang.dll,-61144 — {FB5F1910-F110-11d2-BB9E-00C04F795683} — c:Program FilesMessengermsmsgs.exe File not found
O9 — Extra ‘Tools’ menuitem : @c:Program FilesMessengerMsgslang.dll,-61144 — {FB5F1910-F110-11d2-BB9E-00C04F795683} — c:Program FilesMessengermsmsgs.exe File not found
O10 — NameSpace_Catalog5Catalog_Entries00000000001 [] — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — NameSpace_Catalog5Catalog_Entries00000000003 [] — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000001 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000002 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000003 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000006 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000007 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000008 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000009 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000010 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000011 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000012 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000013 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000014 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000015 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000016 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000017 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000018 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000019 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000020 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000021 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000022 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000023 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000024 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O10 — Protocol_Catalog9Catalog_Entries00000000025 — C:WINDOWSsystem32mswsock.dll (Корпорация Майкрософт)
O12 — Plugin for: .spop — C:Program FilesInternet ExplorerPLUGINSNPDocBox.dll (Intertrust Technologies, Inc.)
O15 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Trusted Domains: 195.16.50.18 ([]http in Надежные узлы)
O15 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Trusted Domains: 195.16.50.18 ([]https in Надежные узлы)
O15 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Trusted Domains: 85.21.242.18 ([]http in Надежные узлы)
O15 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Trusted Domains: 85.21.242.18 ([]https in Надежные узлы)
O15 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Trusted Domains: mtbank.co.ru ([]http in Надежные узлы)
O15 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Trusted Domains: mtbank.co.ru ([]https in Надежные узлы)
O15 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Trusted Domains: mybank.com ([www] https in Надежные узлы)
O15 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Trusted Ranges: Range1 ([http] in Надежные узлы)
O15 — HKUS-1-5-21-3384562647-3952047165-953852265-1006..Trusted Ranges: Range2 ([http] in Надежные узлы)
O16 — DPF: {075DE2F2-4573-4056-8E93-70CABB68C5A2} http://6160.meritlilin.com.tw/v6160.cab (VdoxMPEG4 Control)
O16 — DPF: {2AF0C7B1-9389-11D8-869A-0020ED529CEE} http://194.85.132.130/HTTPFile.cab (HTTPFileCtl Class)
O16 — DPF: {7D0FDBB3-B42D-11D2-8977-0060080BBFF8} https://www.bankline.ru/servlets/ibc?File=12570842.cab (LstDlg Class)
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 — DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 — DPF: {A90CDED7-0D8F-49CE-87B3-5D4BE4C36407} https://www.bankline.ru/servlets/ibc?File=1676743.CAB (InistFileSystemObject Class)
O16 — DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} https://www.bankline.ru/servlets/ibc?File=12570838.CAB (SecureEx Class)
O16 — DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 — DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 — DPF: {EE479A40-C128-40DD-93DA-000556AF9607} http://87.245.181.50:9012/CtrWeb.cab (DVRWeb Control)
O18 — ProtocolHandlercsnet {FF3EFE67-7569-11D2-9F80-00104B107C97} — Reg Error: Key error. File not found
O18 — ProtocolHandlerdvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} — C:WINDOWSsystem32msvidctl.dll (Корпорация Майкрософт)
O18 — ProtocolHandlergrooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation)
O18 — ProtocolHandlerhddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} — C:Program FilesCommon FilesBinarySensehlAPP.dll (BinarySense, Inc.)
O18 — ProtocolHandlerms-help {314111c7-a502-11d2-bbca-00c04f8ec294} — C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll (Microsoft Corporation)
O18 — ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies)
O18 — ProtocolHandlertv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} — C:WINDOWSsystem32msvidctl.dll (Корпорация Майкрософт)
O18 — ProtocolFiltertext/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)
O18 — ProtocolFiltertext/xml {807563E5-5146-11D5-A672-00B0D022E945} — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.DLL (Microsoft Corporation)
O18 — ProtocolFilterx-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 — HKLM Winlogon: Shell — (Explorer.exe) — C:WINDOWSexplorer.exe (Корпорация Майкрософт)
O20 — HKLM Winlogon: UserInit — (C:WINDOWSsystem32userinit.exe) — C:WINDOWSsystem32userinit.exe (Корпорация Майкрософт)
O20 — HKLM Winlogon: UIHost — (logonui.exe) — C:WINDOWSSystem32logonui.exe (Корпорация Майкрософт)
O20 — HKLM Winlogon: VMApplet — (rundll32 shell32) — C:WINDOWSSystem32shell32.dll (Корпорация Майкрософт)
O20 — HKLM Winlogon: VMApplet — (Control_RunDLL «sysdm.cpl») — C:WINDOWSSystem32sysdm.cpl (Корпорация Майкрософт)
O20 — WinlogonNotifyAtiExtEvent: DllName — Ati2evxx.dll — C:WINDOWSSystem32ati2evxx.dll (ATI Technologies Inc.)
O20 — WinlogonNotifycrypt32chain: DllName — crypt32.dll — C:WINDOWSSystem32crypt32.dll (Корпорация Майкрософт)
O20 — WinlogonNotifycscdll: DllName — cscdll.dll — C:WINDOWSSystem32cscdll.dll (Корпорация Майкрософт)
O20 — WinlogonNotifyScCertProp: DllName — wlnotify.dll — C:WINDOWSSystem32wlnotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifySchedule: DllName — wlnotify.dll — C:WINDOWSSystem32wlnotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifysclgntfy: DllName — sclgntfy.dll — C:WINDOWSSystem32sclgntfy.dll (Корпорация Майкрософт)
O20 — WinlogonNotifySensLogn: DllName — WlNotify.dll — C:WINDOWSSystem32wlnotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifytermsrv: DllName — wlnotify.dll — C:WINDOWSSystem32wlnotify.dll (Корпорация Майкрософт)
O20 — WinlogonNotifywlballoon: DllName — wlnotify.dll — C:WINDOWSSystem32wlnotify.dll (Корпорация Майкрософт)
O21 — SSODL: CDBurn — {fbeb8a05-beee-4442-804e-409d6c4515e9} — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)
O21 — SSODL: PostBootReminder — {7849596a-48ea-486e-8937-a2a3009f31a9} — C:WINDOWSsystem32shell32.dll (Корпорация Майкрософт)
O21 — SSODL: SysTray — {35CEC8A3-2BE6-11D2-8773-92E220524153} — C:WINDOWSsystem32stobject.dll (Корпорация Майкрософт)
O22 — SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} — Предзагрузчик Browseui — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)
O22 — SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} — Демон кэша категорий компонентов — C:WINDOWSsystem32browseui.dll (Корпорация Майкрософт)
O24 — Desktop Components:0 (Моя текущая домашняя страница) — About:Home
O24 — Desktop WallPaper: C:Documents and Settings1Application DataMicrosoftInternet ExplorerInternet Explorer Wallpaper.bmp
O24 — Desktop BackupWallPaper: C:Documents and Settings1Application DataMicrosoftInternet ExplorerInternet Explorer Wallpaper.bmp
O28 — HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} — C:WINDOWSSystem32shell32.dll (Корпорация Майкрософт)
O28 — HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)
O29 — HKLM SecurityProviders — (digest.dll) — C:WINDOWSSystem32digest.dll (Корпорация Майкрософт)
O29 — HKLM SecurityProviders — (msnsspc.dll) — C:WINDOWSSystem32msnsspc.dll (Корпорация Майкрософт)
O32 — HKLM CDRom: AutoRun — 1
O32 — AutoRun File — [2006.02.20 09:54:45 | 000,000,000 | —- | M] () — C:AUTOEXEC.BAT — [ NTFS ]
O32 — AutoRun File — [2010.02.27 08:27:52 | 000,000,000 | R—D | M] — C:autorun.inf — [ NTFS ]
O34 — HKLM BootExecute: (autocheck autochk *) — File not found
O35 — HKLM..comfile [open] — «%1» %*
O35 — HKLM..exefile [open] — «%1» %*Лог OTL.Txt часть вторая:
========== Files/Folders — Created Within 30 Days ==========[2010.03.05 23:19:18 | 000,000,000 | —D | C] — C:Program FilesuTorrent
[2010.03.05 23:19:02 | 000,000,000 | —D | C] — C:Documents and Settings1Application DatauTorrent
[2010.03.03 10:08:56 | 000,000,000 | -HSD | C] — C:RECYCLER
[2010.03.01 19:50:18 | 000,000,000 | -H-D | C] — C:WINDOWSie8
[2010.02.28 16:18:37 | 000,000,000 | —D | C] — C:Config.Msi
[2010.02.28 16:16:36 | 000,000,000 | —D | C] — C:Documents and Settings1Application DataBinarySense
[2010.02.28 16:16:02 | 000,000,000 | —D | C] — C:Program FilesCommon FilesBinarySense
[2010.02.27 23:12:43 | 000,000,000 | RHSD | C] — C:cmdcons
[2010.02.27 23:12:15 | 000,161,792 | —- | C] (SteelWerX) — C:WINDOWSSWREG.exe
[2010.02.27 23:12:15 | 000,031,232 | —- | C] (NirSoft) — C:WINDOWSNIRCMD.exe
[2010.02.27 23:12:14 | 000,212,480 | —- | C] (SteelWerX) — C:WINDOWSSWXCACLS.exe
[2010.02.27 23:12:14 | 000,136,704 | —- | C] (SteelWerX) — C:WINDOWSSWSC.exe
[2010.02.27 23:11:56 | 000,000,000 | —D | C] — C:WINDOWSERDNT
[2010.02.27 23:05:36 | 000,000,000 | —D | C] — C:Qoobox
[2010.02.27 22:38:04 | 004,614,888 | —- | C] (Microsoft Corporation) — C:Documents and Settings1Рабочий столWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2010.02.27 09:38:10 | 000,000,000 | —D | C] — C:Documents and Settings1Application DataMalwarebytes
[2010.02.27 09:38:05 | 000,038,224 | —- | C] (Malwarebytes Corporation) — C:WINDOWSSystem32driversmbamswissarmy.sys
[2010.02.27 09:38:04 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataMalwarebytes
[2010.02.27 09:38:03 | 000,019,160 | —- | C] (Malwarebytes Corporation) — C:WINDOWSSystem32driversmbam.sys
[2010.02.27 09:38:03 | 000,000,000 | —D | C] — C:Program FilesMalwarebytes’ Anti-Malware
[2010.02.27 08:27:52 | 000,000,000 | R—D | C] — C:autorun.inf
[2010.02.22 23:10:58 | 000,000,000 | —D | C] — C:Program Filestrend micro
[2010.02.22 23:10:56 | 000,000,000 | —D | C] — C:rsit
[2010.02.21 16:46:19 | 000,000,000 | RH-D | C] — C:Documents and Settings1Recent
[2010.02.21 15:20:21 | 000,000,000 | —D | C] — C:Documents and Settings1Мои документыDownloads
[2010.02.21 12:20:54 | 000,014,336 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcachesvchost.exe
[2010.02.21 11:28:59 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataAlwil Software
[2010.02.20 21:38:59 | 000,046,672 | —- | C] (ALWIL Software) — C:WINDOWSSystem32driversaswTdi.sys
[2010.02.20 21:38:59 | 000,028,880 | —- | C] (ALWIL Software) — C:WINDOWSSystem32driversaavmker4.sys
[2010.02.20 21:38:59 | 000,023,376 | —- | C] (ALWIL Software) — C:WINDOWSSystem32driversaswRdr.sys
[2010.02.20 21:38:58 | 000,162,640 | —- | C] (ALWIL Software) — C:WINDOWSSystem32driversaswSP.sys
[2010.02.20 21:38:58 | 000,100,432 | —- | C] (ALWIL Software) — C:WINDOWSSystem32driversaswmon2.sys
[2010.02.20 21:38:58 | 000,094,800 | —- | C] (ALWIL Software) — C:WINDOWSSystem32driversaswmon.sys
[2010.02.20 21:38:58 | 000,038,848 | —- | C] (ALWIL Software) — C:WINDOWSSystem32avastSS.scr
[2010.02.20 21:38:58 | 000,019,024 | —- | C] (ALWIL Software) — C:WINDOWSSystem32driversaswFsBlk.sys
[2010.02.20 21:38:41 | 000,153,184 | —- | C] (ALWIL Software) — C:WINDOWSSystem32aswBoot.exe
[2010.02.19 18:54:25 | 000,000,000 | —D | C] — C:Documents and Settings1Мои документыSTDUViewer
[2010.02.19 18:54:13 | 000,000,000 | —D | C] — C:Program FilesCommon FilesSTDUtility
[2010.02.19 18:54:13 | 000,000,000 | —D | C] — C:Program FilesSTDU Viewer
[2010.02.12 17:03:51 | 000,000,000 | —D | C] — C:Program FilesCMS
[2010.02.09 11:12:24 | 000,323,584 | —- | C] (Merit LILIN) — C:WINDOWSVDOXMPEG4.OCX
[2009.07.23 19:52:02 | 000,000,000 | —D | M] — C:Documents and SettingsNetworkServiceLocal SettingsApplication DataMicrosoft
[2008.01.27 18:42:54 | 000,000,000 | —SD | M] — C:Documents and SettingsNetworkServiceApplication DataMicrosoft
[2008.01.27 18:42:54 | 000,000,000 | —SD | M] — C:Documents and SettingsLocalServiceApplication DataMicrosoft
[2008.01.27 18:42:54 | 000,000,000 | —D | M] — C:Documents and SettingsLocalServiceLocal SettingsApplication DataMicrosoft
[16 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]
[126 C:WINDOWSSystem32dllcache*.tmp files -> C:WINDOWSSystem32dllcache*.tmp -> ]
[103 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]========== Files — Modified Within 30 Days ==========
[2010.03.10 08:10:32 | 000,025,822 | —- | M] () — C:Documents and Settings1Мои документыOTL Extras logfile created on.docx
[2010.03.10 08:10:00 | 000,000,436 | -H— | M] () — C:WINDOWStasksUser_Feed_Synchronization-{30C1D3C3-2B0A-4223-8762-B7FE6CC5D4BC}.job
[2010.03.10 07:58:11 | 011,272,192 | —- | M] () — C:Documents and Settings1ntuser.dat
[2010.03.10 07:41:49 | 000,005,801 | —- | M] () — C:WINDOWSSystem32CONFIG.NT
[2010.03.10 07:37:36 | 000,000,006 | -H— | M] () — C:WINDOWStasksSA.DAT
[2010.03.10 07:37:29 | 000,002,048 | —S- | M] () — C:WINDOWSbootstat.dat
[2010.03.10 00:54:25 | 000,000,178 | -HS- | M] () — C:Documents and Settings1ntuser.ini
[2010.03.09 19:59:07 | 000,000,116 | —- | M] () — C:WINDOWSNeroDigital.ini
[2010.03.09 14:36:16 | 000,000,205 | —- | M] () — C:Documents and Settings1default.pls
[2010.03.09 14:24:05 | 000,153,184 | —- | M] (ALWIL Software) — C:WINDOWSSystem32aswBoot.exe
[2010.03.09 14:12:54 | 000,046,672 | —- | M] (ALWIL Software) — C:WINDOWSSystem32driversaswTdi.sys
[2010.03.09 14:12:33 | 000,162,640 | —- | M] (ALWIL Software) — C:WINDOWSSystem32driversaswSP.sys
[2010.03.09 14:09:08 | 000,023,376 | —- | M] (ALWIL Software) — C:WINDOWSSystem32driversaswRdr.sys
[2010.03.09 14:08:41 | 000,100,432 | —- | M] (ALWIL Software) — C:WINDOWSSystem32driversaswmon2.sys
[2010.03.09 14:08:38 | 000,094,800 | —- | M] (ALWIL Software) — C:WINDOWSSystem32driversaswmon.sys
[2010.03.09 14:08:30 | 000,019,024 | —- | M] (ALWIL Software) — C:WINDOWSSystem32driversaswFsBlk.sys
[2010.03.09 14:08:15 | 000,028,880 | —- | M] (ALWIL Software) — C:WINDOWSSystem32driversaavmker4.sys
[2010.03.09 13:44:40 | 000,229,376 | —- | M] () — C:Documents and Settings1Local SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.08 15:55:49 | 000,002,279 | —- | M] () — C:Documents and Settings1Рабочий столAutoCAD 2005 (2).lnk
[2010.03.08 12:49:19 | 000,000,572 | —- | M] () — C:Documents and Settings1Рабочий столЯрлык для emap.lnk
[2010.03.07 14:47:45 | 000,476,888 | —- | M] () — C:WINDOWSSystem32perfh019.dat
[2010.03.07 14:47:45 | 000,410,190 | —- | M] () — C:WINDOWSSystem32perfh009.dat
[2010.03.07 14:47:45 | 000,089,936 | —- | M] () — C:WINDOWSSystem32perfc019.dat
[2010.03.07 14:47:45 | 000,067,138 | —- | M] () — C:WINDOWSSystem32perfc009.dat
[2010.03.07 14:47:38 | 001,056,750 | —- | M] () — C:WINDOWSSystem32PerfStringBackup.INI
[2010.03.05 23:19:18 | 000,000,635 | —- | M] () — C:Documents and Settings1Рабочий столµTorrent.lnk
[2010.03.03 09:14:33 | 000,000,227 | —- | M] () — C:WINDOWSsystem.ini
[2010.03.03 09:14:23 | 000,000,027 | —- | M] () — C:WINDOWSSystem32driversetchosts
[2010.03.01 19:51:15 | 002,110,414 | -H— | M] () — C:Documents and Settings1Local SettingsApplication DataIconCache.db
[2010.02.28 16:16:41 | 000,000,846 | —- | M] () — C:Documents and Settings1Главное менюПрограммыАвтозагрузкаHDDlife.lnk
[2010.02.27 23:12:54 | 000,000,284 | RHS- | M] () — C:boot.ini
[2010.02.27 23:04:33 | 003,874,477 | R— | M] () — C:Documents and Settings1Рабочий столComboFix.exe
[2010.02.27 22:38:51 | 004,614,888 | —- | M] (Microsoft Corporation) — C:Documents and Settings1Рабочий столWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2010.02.27 09:38:08 | 000,000,701 | —- | M] () — C:Documents and SettingsAll UsersРабочий столMalwarebytes’ Anti-Malware.lnk
[2010.02.27 08:26:36 | 000,132,597 | —- | M] () — C:Documents and Settings1Рабочий столFlash_Disinfector.exe
[2010.02.21 11:29:52 | 000,001,705 | —- | M] () — C:Documents and SettingsAll UsersРабочий столavast! Free Antivirus.lnk
[2010.02.20 21:01:26 | 000,000,639 | —- | M] () — C:WINDOWSPCViewer_D6.INI
[2010.02.19 18:54:14 | 000,000,675 | —- | M] () — C:Documents and SettingsAll UsersРабочий столSTDUViewer.lnk
[2010.02.12 17:03:53 | 000,000,693 | —- | M] () — C:Documents and Settings1Рабочий столEstimator.lnk
[2010.02.12 17:03:53 | 000,000,669 | —- | M] () — C:Documents and Settings1Рабочий столCMS.lnk
[2010.02.11 21:53:57 | 000,038,848 | —- | M] (ALWIL Software) — C:WINDOWSSystem32avastSS.scr
[2010.02.09 11:12:24 | 000,323,584 | —- | M] (Merit LILIN) — C:WINDOWSVDOXMPEG4.OCX
[16 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]
[126 C:WINDOWSSystem32dllcache*.tmp files -> C:WINDOWSSystem32dllcache*.tmp -> ]
[103 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]========== Files Created — No Company Name ==========
[2010.03.10 08:10:31 | 000,025,822 | —- | C] () — C:Documents and Settings1Мои документыOTL Extras logfile created on.docx
[2010.03.08 12:49:19 | 000,000,572 | —- | C] () — C:Documents and Settings1Рабочий столЯрлык для emap.lnk
[2010.03.05 23:19:18 | 000,000,635 | —- | C] () — C:Documents and Settings1Рабочий столµTorrent.lnk
[2010.02.28 16:16:40 | 000,000,846 | —- | C] () — C:Documents and Settings1Главное менюПрограммыАвтозагрузкаHDDlife.lnk
[2010.02.27 23:12:54 | 000,000,214 | —- | C] () — C:Boot.bak
[2010.02.27 23:12:49 | 000,260,272 | —- | C] () — C:cmldr
[2010.02.27 23:12:15 | 000,261,632 | —- | C] () — C:WINDOWSPEV.exe
[2010.02.27 23:12:15 | 000,098,816 | —- | C] () — C:WINDOWSsed.exe
[2010.02.27 23:12:15 | 000,080,412 | —- | C] () — C:WINDOWSgrep.exe
[2010.02.27 23:12:15 | 000,077,312 | —- | C] () — C:WINDOWSMBR.exe
[2010.02.27 23:12:15 | 000,068,096 | —- | C] () — C:WINDOWSzip.exe
[2010.02.27 23:04:21 | 003,874,477 | R— | C] () — C:Documents and Settings1Рабочий столComboFix.exe
[2010.02.27 09:38:08 | 000,000,701 | —- | C] () — C:Documents and SettingsAll UsersРабочий столMalwarebytes’ Anti-Malware.lnk
[2010.02.27 08:26:33 | 000,132,597 | —- | C] () — C:Documents and Settings1Рабочий столFlash_Disinfector.exe
[2010.02.21 11:29:52 | 000,001,705 | —- | C] () — C:Documents and SettingsAll UsersРабочий столavast! Free Antivirus.lnk
[2010.02.20 21:38:41 | 000,380,928 | —- | C] () — C:WINDOWSSystem32actskin4.ocx
[2010.02.19 18:54:14 | 000,000,675 | —- | C] () — C:Documents and SettingsAll UsersРабочий столSTDUViewer.lnk
[2010.02.12 17:03:53 | 000,000,693 | —- | C] () — C:Documents and Settings1Рабочий столEstimator.lnk
[2010.02.12 17:03:53 | 000,000,669 | —- | C] () — C:Documents and Settings1Рабочий столCMS.lnk
[2009.10.11 11:19:48 | 000,000,151 | —- | C] () — C:WINDOWSPhotoSnapViewer.INI
[2009.09.03 13:52:20 | 000,000,116 | —- | C] () — C:WINDOWSNeroDigital.ini
[2009.08.05 08:10:54 | 000,000,153 | —- | C] () — C:Documents and Settings1Application Datadefault.rss
[2009.08.02 00:45:11 | 000,004,767 | —- | C] () — C:WINDOWSIrremote.ini
[2009.06.10 16:50:45 | 000,748,160 | —- | C] () — C:WINDOWSSystem32CO2C40EN.DLL
[2009.06.03 12:47:16 | 000,000,079 | —- | C] () — C:WINDOWSiosdll.sys
[2009.05.23 11:38:44 | 000,005,092 | —- | C] () — C:Documents and SettingsAll UsersApplication Datatgioyvlx.pxu
[2009.05.22 17:46:24 | 000,004,109 | —- | C] () — C:Documents and SettingsAll UsersApplication Dataankfvgse.jvz
[2009.05.22 17:44:10 | 000,126,464 | —- | C] () — C:WINDOWSSystem32lame_enc.dll
[2009.05.11 23:13:45 | 000,163,947 | —- | C] () — C:WINDOWSSystem32Primomon95.dll
[2009.05.11 23:13:45 | 000,000,365 | —- | C] () — C:WINDOWSSystem32PSCRIPT.INI
[2009.05.11 22:59:31 | 000,176,235 | —- | C] () — C:WINDOWSSystem32Primomonnt.dll
[2009.05.04 11:14:19 | 000,000,329 | —- | C] () — C:WINDOWSPCViewer_D6(0).INI
[2009.05.04 10:21:20 | 000,000,639 | —- | C] () — C:WINDOWSPCViewer_D6.INI
[2009.04.28 11:35:08 | 000,000,063 | —- | C] () — C:WINDOWSwininit.ini
[2009.04.27 07:13:36 | 000,000,314 | —- | C] () — C:WINDOWSprimopdf.ini
[2009.01.24 21:23:10 | 000,000,126 | —- | C] () — C:WINDOWSwpd99.drv
[2008.10.03 12:59:59 | 000,004,263 | —- | C] () — C:WINDOWSSystem32FLSINSTU.INI
[2008.10.03 12:25:36 | 000,000,064 | —- | C] () — C:WINDOWSFLS1.INI
[2008.10.03 12:25:35 | 000,004,263 | —- | C] () — C:WINDOWSSystem32flsinst.ini
[2008.10.03 12:25:33 | 001,859,584 | —- | C] () — C:WINDOWSSystem32FLSINST.DLL
[2008.10.03 12:24:28 | 002,325,304 | —- | C] () — C:WINDOWSSystem32DK2INST.DLL
[2008.07.28 22:53:28 | 000,000,488 | —- | C] () — C:WINDOWS_delis32.ini
[2008.07.26 17:42:43 | 000,002,528 | —- | C] () — C:Documents and Settings1Application Data$_hpcst$.hpc
[2008.07.06 21:48:20 | 000,001,088 | —- | C] () — C:WINDOWSATICIM.INI
[2008.06.27 22:47:17 | 000,001,127 | —- | C] () — C:WINDOWSwincmd.ini
[2008.06.06 19:21:51 | 000,271,360 | —- | C] () — C:WINDOWSSystem32driversatksgt.sys
[2008.06.06 19:21:50 | 000,018,048 | —- | C] () — C:WINDOWSSystem32driverslirsgt.sys
[2008.05.21 12:33:09 | 000,001,890 | -HS- | C] () — C:WINDOWSSystem32KGyGaAvL.sys
[2008.05.21 12:06:40 | 000,000,264 | —- | C] () — C:WINDOWSPlotFlow.INI
[2008.05.21 10:13:57 | 000,010,752 | —- | C] () — C:WINDOWSSystem32BASSMOD.dll
[2008.03.23 19:48:15 | 000,106,496 | R— | C] () — C:WINDOWSSystem32VSHP1018.DLL
[2008.03.16 12:30:00 | 000,000,248 | —- | C] () — C:WINDOWSwdp.ini
[2008.02.02 14:25:50 | 000,000,069 | —- | C] () — C:WINDOWSLBPropSpa.ini
[2007.12.21 21:12:29 | 000,040,630 | —- | C] () — C:Documents and Settings1Local SettingsApplication DataFASTWiz.log
[2007.12.21 21:10:35 | 000,000,596 | —- | C] () — C:Documents and Settings1Local SettingsApplication DataFASTWiz.html
[2007.11.15 11:31:04 | 000,058,880 | —- | C] () — C:WINDOWSSystem32hlvdd.dll
[2007.09.29 18:57:56 | 000,069,632 | —- | C] () — C:WINDOWSSystem32xmltok.dll
[2007.09.29 18:57:56 | 000,036,864 | —- | C] () — C:WINDOWSSystem32xmlparse.dll
[2007.09.27 21:37:50 | 000,000,620 | —- | C] () — C:WINDOWSODBC.INI
[2007.09.06 15:17:54 | 001,650,751 | —- | C] () — C:WINDOWSSystem32EBUS.dll
[2007.09.06 15:17:54 | 000,100,352 | —- | C] () — C:WINDOWSSystem32PG32CONV.dll
[2007.09.06 15:17:54 | 000,081,984 | —- | C] () — C:WINDOWSSystem32ETC.dll
[2007.09.06 15:17:54 | 000,017,920 | —- | C] () — C:WINDOWSSystem32Implode.dll
[2007.09.06 15:17:53 | 000,299,008 | —- | C] () — C:WINDOWSSystem32Crutl14.dll
[2007.09.06 15:17:53 | 000,028,672 | —- | C] () — C:WINDOWSSystem32CRInf9.dll
[2007.09.06 15:17:52 | 000,131,072 | —- | C] () — C:WINDOWSSystem32stringres_en.dll
[2007.08.27 22:43:52 | 000,365,704 | —- | C] () — C:Documents and SettingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
[2007.08.27 22:35:29 | 000,654,848 | —- | C] () — C:WINDOWSSystem32x264vfw.dll
[2007.08.27 22:35:28 | 003,596,288 | —- | C] () — C:WINDOWSSystem32qt-dx331.dll
[2007.08.27 22:35:27 | 000,010,752 | —- | C] () — C:WINDOWSSystem32ff_vfw.dll
[2007.08.27 22:35:27 | 000,000,547 | —- | C] () — C:WINDOWSSystem32ff_vfw.dll.manifest
[2007.08.26 20:56:51 | 000,001,037 | —- | C] () — C:WINDOWSSm2000.ini
[2007.08.26 18:48:18 | 000,240,316 | —- | C] () — C:WINDOWSSystem32tutil32.dll
[2007.08.26 18:48:18 | 000,236,734 | —- | C] () — C:WINDOWSSystem32pxengwin.dll
[2007.08.26 18:48:18 | 000,075,344 | —- | C] () — C:WINDOWSSystem32pxkoszt.dll
[2007.08.26 18:48:18 | 000,011,272 | —- | C] () — C:WINDOWSSystem32pxfunct.dll
[2007.08.26 18:34:04 | 000,646,392 | —- | C] () — C:WINDOWSSystem32driverssptd.sys
[2007.08.24 21:39:31 | 000,036,363 | —- | C] () — C:WINDOWSCSTBox.INI
[2007.08.23 21:47:41 | 000,000,144 | —- | C] () — C:Documents and Settings1Application Datawklnhst.dat
[2007.08.22 21:10:32 | 000,229,376 | —- | C] () — C:Documents and Settings1Local SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.21 21:37:16 | 000,008,704 | —- | C] () — C:WINDOWSSystem32CNMVS74.DLL
[2007.08.18 19:15:56 | 000,147,456 | R— | C] () — C:WINDOWSSystem32grddrv32.dll
[2007.08.18 19:15:56 | 000,008,704 | R— | C] () — C:WINDOWSSystem32NVKEYVDD.DLL
[2007.08.18 19:15:56 | 000,000,626 | R— | C] () — C:WINDOWSSystem32NVKEY4NT.SYS
[2007.07.25 13:24:30 | 000,761,856 | —- | C] () — C:WINDOWSSystem32xvidcore.dll
[2007.06.18 14:48:05 | 000,000,124 | —- | C] () — C:Documents and Settings1Local SettingsApplication Datafusioncache.dat
[2007.06.11 10:54:10 | 000,041,788 | —- | C] () — C:Program FilesUninstall.exe
[2007.02.05 15:49:10 | 000,023,560 | —- | C] () — C:WINDOWSSystem32idxcntrs.ini
[2007.02.05 15:49:10 | 000,016,666 | —- | C] () — C:WINDOWSSystem32gthrctr.ini
[2007.02.05 15:49:04 | 000,016,258 | —- | C] () — C:WINDOWSSystem32gsrvctr.ini
[2006.09.28 13:55:34 | 000,053,248 | —- | C] () — C:WINDOWSSystem32PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R— | C] () — C:WINDOWSSystem32AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R— | C] () — C:WINDOWSSystem32AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R— | C] () — C:WINDOWSSystem32AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R— | C] () — C:WINDOWSSystem32AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R— | C] () — C:WINDOWSSystem32AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R— | C] () — C:WINDOWSSystem32AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R— | C] () — C:WINDOWSSystem32AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R— | C] () — C:WINDOWSSystem32AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R— | C] () — C:WINDOWSSystem32AgCPanelFrench.dll
[2006.02.26 14:08:28 | 000,180,224 | —- | C] () — C:WINDOWSSystem32xvidvfw.dll
[2006.02.20 11:00:07 | 000,000,061 | —- | C] () — C:WINDOWSsmscfg.ini
[2006.02.20 10:35:18 | 000,065,536 | —- | C] () — C:WINDOWSsm56spn.dll
[2006.02.20 10:35:18 | 000,065,536 | —- | C] () — C:WINDOWSsm56itl.dll
[2006.02.20 10:35:18 | 000,065,536 | —- | C] () — C:WINDOWSsm56ger.dll
[2006.02.20 10:35:18 | 000,065,536 | —- | C] () — C:WINDOWSsm56fra.dll
[2006.02.20 10:35:18 | 000,065,536 | —- | C] () — C:WINDOWSsm56eng.dll
[2006.02.20 10:35:18 | 000,065,536 | —- | C] () — C:WINDOWSsm56brz.dll
[2006.02.20 10:35:18 | 000,049,152 | —- | C] () — C:WINDOWSsm56jpn.dll
[2006.02.20 10:35:18 | 000,045,056 | —- | C] () — C:WINDOWSsm56cht.dll
[2006.02.20 10:35:18 | 000,045,056 | —- | C] () — C:WINDOWSsm56chs.dll
[2006.02.20 09:57:56 | 000,000,828 | —- | C] () — C:WINDOWSSystem32oeminfo.ini
[2006.02.20 09:52:25 | 000,003,556 | —- | C] () — C:WINDOWSSystem32fxsperf.ini
[2006.02.20 02:54:32 | 000,156,672 | —- | C] () — C:WINDOWSSystem32RTLCPAPI.dll
[2006.02.20 02:53:49 | 000,000,180 | —- | C] () — C:WINDOWSOption.ini
[2006.02.20 02:51:45 | 000,135,168 | —- | C] () — C:WINDOWSSystem32property.dll
[2005.08.29 15:07:06 | 000,090,112 | —- | C] () — C:WINDOWSSystem32btprn2k.dll
[2005.02.17 11:41:32 | 000,000,603 | —- | C] () — C:WINDOWSSystem32BTNeighborhood.dll.manifest
[2005.02.17 11:41:30 | 000,000,593 | —- | C] () — C:WINDOWSSystem32btcss.dll.manifest
[2004.05.26 11:23:24 | 002,166,862 | —- | C] () — C:WINDOWSSystem32BCGCBPRO674.dll
[2001.11.14 12:56:00 | 001,802,240 | —- | C] () — C:WINDOWSSystem32lcppn21.dll
[2001.08.29 13:11:40 | 000,398,848 | R— | C] () — C:WINDOWSSystem32dk2win32.dll========== Files — Unicode (All) ==========
[2007.12.22 16:06:48 | 000,001,799 | —- | M] ()(C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка?i??o?s Desкtор S??r?h.lnk) — C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаẂįŋδōẅś Đēşкţор Ş℮αŗ¢ĥ.lnk
[2007.12.22 16:05:33 | 000,001,799 | —- | C] ()(C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка?i??o?s Desкtор S??r?h.lnk) — C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузкаẂįŋδōẅś Đēşкţор Ş℮αŗ¢ĥ.lnk========== Alternate Data Streams ==========
@Alternate Data Stream — 131 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:C4252FE0
@Alternate Data Stream — 110 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:2BE9FEFCЛог Extras.Txt часть первая:
OTL Extras logfile created on: 10.03.2010 8:10:46 — Run 1
OTL by OldTimer — Version 3.1.35.0 Folder = C:DownloadsПрограммы
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) — Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy1 023,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 74,53 Gb Total Space | 11,37 Gb Free Space | 15,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loadedComputer Name: YOUR-8FD8B146F8
Current User Name: 1
Logged in as Administrator.Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINESOFTWAREClasses]
.cpl [@ = cplfile] — C:WINDOWSSystem32shell32.dll (Корпорация Майкрософт)
.hlp [@ = hlpfile] — C:WINDOWSSystem32winhlp32.exe (Корпорация Майкрософт)
.inf [@ = inffile] — C:WINDOWSSystem32NOTEPAD.EXE (Корпорация Майкрософт)
.ini [@ = inifile] — C:WINDOWSSystem32NOTEPAD.EXE (Корпорация Майкрософт)
.reg [@ = regfile] — C:WINDOWSregedit.exe (Корпорация Майкрософт)
.txt [@ = txtfile] — C:WINDOWSSystem32NOTEPAD.EXE (Корпорация Майкрософт)[HKEY_USERSS-1-5-21-3384562647-3952047165-953852265-1006SOFTWAREClasses]
.scr [@ = AutoCADScriptFile] — C:WINDOWSnotepad.exe (Корпорация Майкрософт)========== Shell Spawning ==========
[HKEY_LOCAL_MACHINESOFTWAREClassesshell[command]command]
batfile [edit] — %SystemRoot%System32NOTEPAD.EXE %1 (Корпорация Майкрософт)
batfile [open] — «%1» %*
batfile [print] — %SystemRoot%System32NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
cmdfile [edit] — %SystemRoot%System32NOTEPAD.EXE %1 (Корпорация Майкрософт)
cmdfile [open] — «%1» %*
cmdfile [print] — %SystemRoot%System32NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
comfile [open] — «%1» %*
cplfile [cplopen] — rundll32.exe shell32.dll,Control_RunDLL «%1»,%* (Корпорация Майкрософт)
exefile [open] — «%1» %*
helpfile [open] — winhlp32.exe %1 (Корпорация Майкрософт)
hlpfile [open] — %SystemRoot%System32winhlp32.exe %1 (Корпорация Майкрософт)
htmlfile [edit] — «C:Program FilesMicrosoft OfficeOffice12msohtmed.exe» %1 (Microsoft Corporation)
htmlfile [print] — «C:Program FilesMicrosoft OfficeOffice12msohtmed.exe» /p %1 (Microsoft Corporation)
inffile [install] — %SystemRoot%System32rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Корпорация Майкрософт)
inffile [open] — %SystemRoot%System32NOTEPAD.EXE %1 (Корпорация Майкрософт)
inffile [print] — %SystemRoot%System32NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
inifile [open] — %SystemRoot%System32NOTEPAD.EXE %1 (Корпорация Майкрософт)
inifile [print] — %SystemRoot%System32NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
jsfile [edit] — %SystemRoot%System32Notepad.exe %1 (Корпорация Майкрософт)
jsfile [print] — %SystemRoot%System32Notepad.exe /p %1 (Корпорация Майкрософт)
jsefile [edit] — %SystemRoot%System32Notepad.exe %1 (Корпорация Майкрософт)
jsefile [print] — %SystemRoot%System32Notepad.exe /p %1 (Корпорация Майкрософт)
piffile [open] — «%1» %*
regfile [edit] — %SystemRoot%system32NOTEPAD.EXE %1 (Корпорация Майкрософт)
regfile [open] — regedit.exe «%1» (Корпорация Майкрософт)
regfile [merge] — Reg Error: Key error.
regfile [print] — %SystemRoot%system32NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
scrfile [config] — «%1»
scrfile [install] — rundll32.exe desk.cpl,InstallScreenSaver %l (Корпорация Майкрософт)
scrfile [open] — «%1» /S
txtfile [edit] — Reg Error: Key error.
txtfile [open] — %SystemRoot%system32NOTEPAD.EXE %1 (Корпорация Майкрософт)
txtfile [print] — %SystemRoot%system32NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
txtfile [printto] — %SystemRoot%system32notepad.exe /pt «%1» «%2» «%3» «%4» (Корпорация Майкрософт)
vbefile [edit] — %SystemRoot%System32Notepad.exe %1 (Корпорация Майкрософт)
vbefile [print] — %SystemRoot%System32Notepad.exe /p %1 (Корпорация Майкрософт)
vbsfile [edit] — %SystemRoot%System32Notepad.exe %1 (Корпорация Майкрософт)
vbsfile [print] — %SystemRoot%System32Notepad.exe /p %1 (Корпорация Майкрософт)
wsffile [edit] — %SystemRoot%System32Notepad.exe %1 (Корпорация Майкрософт)
wsffile [print] — %SystemRoot%System32Notepad.exe /p %1 (Корпорация Майкрософт)
Unknown [openas] — %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [find] — %SystemRoot%Explorer.exe (Корпорация Майкрософт)
Directory [OneNote.Open] — C:PROGRA~1MICROS~3Office12ONENOTE.EXE «%L» (Microsoft Corporation)
Folder [open] — %SystemRoot%Explorer.exe /idlist,%I,%L (Корпорация Майкрософт)
Folder [explore] — %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Корпорация Майкрософт)
Drive [find] — %SystemRoot%Explorer.exe (Корпорация Майкрософт)========== Security Center Settings ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
«FirstRunDisabled» = 1
«AntiVirusDisableNotify» = 0
«FirewallDisableNotify» = 0
«UpdatesDisableNotify» = 0
«AntiVirusOverride» = 0
«FirewallOverride» = 0[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
«UacDisableNotify» = 0
«FirstRunDisabled» = 0
«FirewallOverride» = 0
«AntiVirusOverride» = 0
«UpdatesDisableNotify» = 0
«FirewallDisableNotify» = 0
«AntiVirusDisableNotify» = 0[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileGloballyOpenPortsList]
«26675:TCP» = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
«139:TCP» = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
«445:TCP» = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
«137:UDP» = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
«138:UDP» = 138:UDP:*:Enabled:@xpsp2res.dll,-22002[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
«EnableFirewall» = 0
«DoNotAllowExceptions» = 1
«DisableNotifications» = 0[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]
«26675:TCP» = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
«6262:TCP» = 6262:TCP:*:Enabled:ukbxiq
«139:TCP» = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
«445:TCP» = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
«137:UDP» = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
«138:UDP» = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
«1900:UDP» = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
«2869:TCP» = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
«%windir%system32sessmgr.exe» = %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 — (Корпорация Майкрософт)
«C:Program FilesMSN Messengermsnmsgr.exe» = C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 — File not found
«C:Program FilesMSN Messengerlivecall.exe» = C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) — File not found
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe» = C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager — (Microsoft Corporation)
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe» = C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager — (Microsoft Corporation)
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe» = C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application — (Microsoft Corporation)[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
«%windir%system32sessmgr.exe» = %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 — (Корпорация Майкрософт)
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE» = C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook — (Microsoft Corporation)
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE» = C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove — (Microsoft Corporation)
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE» = C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote — (Microsoft Corporation)
«C:Program FilesQIPqip.exe» = C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager — (The Author of QIP)
«C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe» = C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component — (Graphisoft R&D)
«C:Program FilesICQ6ICQ.exe» = C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ Library — (ICQ, Inc.)
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe» = C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager — (Microsoft Corporation)
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe» = C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager — (Microsoft Corporation)
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe» = C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application — (Microsoft Corporation)
«C:Program FilesuTorrentutorrent.exe» = C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent — (BitTorrent, Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«{00060000-0000-1004-8002-0000C06B5161}» = WIBU-KEY Setup (WIBU-KEY Remove)
«{02627ee5-eaca-4742-a9cc-e687631773e4}» = Nero ShowTime
«{055EE59D-217B-43A7-ABFF-507B966405D8}» = ATI Catalyst Control Center
«{0711500B-9912-4D60-9A49-C577B4503D42}» = Nero Recode Help
«{07FF7593-9DEA-40B5-9F87-F557E65BBF60}» = Nero Recode
«{086a7d8c-0a38-4c7f-819a-620275550d5c}» = Nero BurningROM
«{0A1EA1D3-A512-4AD3-89F1-BAD794DBC589}» = ЕвроФон
«{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}» = Halo 2 for Windows Vista
«{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}» = Nero InfoTool
«{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}» = Nero BurningROM
«{12345674-DE9A-677A-CCEE-666356D89777}» = Nero BurnRights
«{15095BF3-A3D7-4DDF-B193-3A496881E003}» = Microsoft .NET Framework 3.0
«{18455581-E099-4BA8-BC6B-F34B2F06600C}» = Google Toolbar for Internet Explorer
«{18883051-B3E8-D02D-B760-CB2562857059}» = Catalyst Control Center Graphics Full New
«{18A5DFF2-8A95-49F3-873F-743CB5549F3D}» = Canon ScanGear Starter
«{1B040683-C390-4711-ABC7-DA8D85E470E7}» = NeroBurningROM
«{1c00c7c5-e615-4139-b817-7f4003de68c0}» = Nero PhotoSnap Help
«{1C2F9041-4F0C-11D7-B24D-00D0B7482A73}» = MATWorX Version 7
«{1C7ADED3-C371-40DF-A69D-FE0EA73DC394}» = Windows Workflow Foundation RU Language Pack
«{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}» = Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148
«{2318C2B1-4965-11d4-9B18-009027A5CD4F}» = Google Toolbar for Internet Explorer
«{236BB7C4-4419-42FD-0419-1E257A25E34D}» = Adobe Photoshop CS2
«{2559CC59-D676-44EF-BD84-5A1F352980A8}» = Expense Report Wizard Expense Recorder for SmartPhone
«{2A0A6470-FD0F-4F45-9B11-85F3167DB943}» = Nokia Flashing Cable Driver
«{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}» = Microsoft .NET Framework 1.1 Russian Language Pack
«{2D3455A8-3B15-41A8-99F8-0D4215746463}» = Nero StartSmart
«{3097B151-1F61-4211-A4CC-D70127B226AE}» = SoundTrax
«{322E9572-A659-4920-BE8E-D0899920C22C}» = Book Designer 4.0
«{3248F0A8-6813-11D6-A77B-00B0D0160000}» = Java(TM) SE Runtime Environment 6
«{339E14FF-8FDC-4809-AAF2-87BA22905C7F}» = DirectX for Managed Code Update (December 2004)
«{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}» = WebFldrs XP
«{359cfc0a-beb1-440d-95ba-cf63a86da34f}» = Nero Recode
«{368ba326-73ad-4351-84ed-3c0a7a52cc53}» = Nero Rescue Agent
«{3697AC89-BD2E-3777-F397-F6E10F0BC09A}» = Catalyst Control Center Core Implementation
«{3BE3AF64-CA78-4C5F-A1D7-71874C71918F}» = RasterDesk Pro 5.5
«{3F30CC51-0788-487B-AA83-7214A239C0C0}» = Nero Disc Copy Gadget Help
«{3F4EC965-28EF-45C3-B063-04B25D4E9679}» = WIDCOMM Bluetooth Software
«{43e39830-1826-415d-8bae-86845787b54b}» = Nero Vision
«{4D42353B-533F-4306-AD0B-7FEF292ADE04}» = Nero CoverDesigner Help
«{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}» = Nero ControlCenter
«{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}» = Nero PhotoSnap
«{56BE5CC9-95E6-4128-ABEA-968414CA9C80}» = DolbyFiles
«{56C049BE-79E9-4502-BEA7-9754A3E60F9B}» = neroxml
«{5783F2D7-0301-0419-0002-0060B0CE6BBA}» = AutoCAD 2005 — Русский
«{582876EC-A178-44D4-9823-C10D6C62EAFF}» = AGEIA PhysX v6.10.05
«{589CE155-1E47-451B-8FDA-3279DDE013A8}» = Movavi Видео Конвертер 7
«{5959DF02-56AB-4580-85BC-910AD89E294F}» = Программное обеспечение обновления для веб-папок
«{595a3116-40bb-4e0f-a2e8-d7951da56270}» = NeroExpress
«{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}» = Nero Live Help
«{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}» = Nero Vision
«{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}» = Nero RescueAgent Help
«{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}» = Nero PhotoSnap Help
«{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}» = Nero Live
«{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}» = Nero Vision
«{5e08ecd1-c98e-4711-bf65-8fd736b3f969}» = Nero RescueAgent Help
«{60c731fb-c951-41ce-ad41-8e54c8594609}» = Nero Disc Copy Gadget Help
«{62ac81f6-bdd3-4110-9d36-3e9eaab40999}» = Nero CoverDesigner
«{6740F9E3-1353-47DD-9765-BA49FC4C3479}» = Яндекс.Бар 4.2 для Internet Explorer
«{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}» = PowerDVD
«{6815FCDD-401D-481E-BA88-31B4754C2B46}» = Macromedia Flash Player 8
«{6FFFD7CF-ECEC-BEA1-BC8A-25F452CA377E}» = ccc-core-static
«{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}» = Microsoft .NET Framework 2.0
«{7299052b-02a4-4627-81f2-1818da5d550d}» = Microsoft Visual C++ 2005 Redistributable
«{737E2345-2897-4B75-9C9B-D541F7394D6B}» = Microsoft Works
«{75321954-2589-11DC-DDCC-E98356D81493}» = Nero DriveSpeed
«{753973C4-B961-43BF-B2D4-3C8C92F7216E}» = Nero DriveSpeed
«{77e33d87-255e-413e-9c8d-eed2a7f9bebf}» = Nero Live Help
«{78523651-D8B1-11DC-CCEE-741589645873}» = Nero DiscSpeed
«{786C5747-1437-443D-B06E-79A00FE45110}» = Adobe Stock Photos 1.0
«{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}» = Windows Workflow Foundation
«{83202942-84b3-4c50-8622-b8c0aa2d2885}» = Nero Express
«{85309D89-7BE9-4094-BB17-24999C6118FC}» = ArcSoft PhotoStudio 5.5
«{855B04CC-4F7A-4FBB-B7BA-D965D23F7AD5}» = Microsoft .NET Framework 3.0 Russian Language Pack
«{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}» = Nero ShowTime
«{8EDBA74D-0686-4C99-BFDD-F894678E5101}» = Adobe Common File Installer
«{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}» = Thrustmaster Force Feedback Driver
«{90120000-0010-0419-0000-0000000FF1CE}» = Microsoft Software Update for Web Folders (Russian) 12
«{90120000-0015-0419-0000-0000000FF1CE}» = Microsoft Office Access MUI (Russian) 2007
«{90120000-0016-0419-0000-0000000FF1CE}» = Microsoft Office Excel MUI (Russian) 2007
«{90120000-0018-0419-0000-0000000FF1CE}» = Microsoft Office PowerPoint MUI (Russian) 2007
«{90120000-0019-0419-0000-0000000FF1CE}» = Microsoft Office Publisher MUI (Russian) 2007
«{90120000-001A-0419-0000-0000000FF1CE}» = Microsoft Office Outlook MUI (Russian) 2007
«{90120000-001B-0419-0000-0000000FF1CE}» = Microsoft Office Word MUI (Russian) 2007
«{90120000-001F-0407-0000-0000000FF1CE}» = Microsoft Office Proof (German) 2007
«{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}» = 2007 Microsoft Office Suite Service Pack 2 (SP2)
«{90120000-001F-0409-0000-0000000FF1CE}» = Microsoft Office Proof (English) 2007
«{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}» = 2007 Microsoft Office Suite Service Pack 2 (SP2)
«{90120000-001F-0419-0000-0000000FF1CE}» = Microsoft Office Proof (Russian) 2007
«{90120000-001F-0422-0000-0000000FF1CE}» = Microsoft Office Proof (Ukrainian) 2007
«{90120000-002C-0419-0000-0000000FF1CE}» = Microsoft Office Proofing (Russian) 2007
«{90120000-0030-0000-0000-0000000FF1CE}» = Microsoft Office Enterprise 2007
«{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}» = 2007 Microsoft Office Suite Service Pack 2 (SP2)
«{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{FC28F983-B433-4159-AF70-18522B3CE9C2}» =
«{90120000-0044-0419-0000-0000000FF1CE}» = Microsoft Office InfoPath MUI (Russian) 2007
«{90120000-006E-0419-0000-0000000FF1CE}» = Microsoft Office Shared MUI (Russian) 2007
«{90120000-00A1-0419-0000-0000000FF1CE}» = Microsoft Office OneNote MUI (Russian) 2007
«{90120000-00BA-0419-0000-0000000FF1CE}» = Microsoft Office Groove MUI (Russian) 2007
«{90510409-6000-11D3-8CFE-0150048383C9}» = Microsoft Office Visio Professional 2003
«{91B323B5-A79C-4D23-BD6D-046C565F9BCF}» = MadOnion.com/3DMark2001 SE
«{9274109B-3F04-4608-8B3E-4AC55B5DDAF1}» = Ukrainian language for ABBYY FineReader 8.0 Professional Edition
«{943CC0C0-2253-4FE0-9493-DD386F7857FD}» = Nero Express
«{948FFAAE-C57F-447B-9B07-3721E950BFDC}» = Nero ShowTime
«{9494EBF5-C04A-4D55-BB31-C69C0BF71B12}» = eBook Library by Sony
«{961D53EA-40DC-4156-AD74-25684CE05F81}» = Nero Installer
«{98a67610-a3b5-4098-a423-3708040026d3}» = «Nero SoundTrax Help
«{99052DB7-9592-4522-A558-5417BBAD48EE}» = Microsoft ActiveSync
«{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}» = Nero ControlCenter
«{9A8783C7-A418-4DCB-8E30-6EB23B230B35}» = Учет доходов и расходов
«{9D1C26BD-E792-4159-9D16-07EA222D8EF0}» = Windows Messenger 5.1
«{9e82b934-9a25-445b-b8df-8012808074ac}» = Nero PhotoSnap
«{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}» = Advertising Center
«{A087C838-1D87-4233-B19E-270AA9D4F6C1}» = Stereoscopic Player
«{A0D47410-9AF8-11D4-AD14-0000B49DF1AC}» = MobiPocket Reader
«{A1200000-0004-0000-0000-074957833700}» = ABBYY Lingvo 12 Multilingual Edition
«{a209525b-3377-43f4-b886-32f6b6e7356f}» = Nero WaveEditor
«{A73BEC3C-40A0-480E-87EF-EFCD33629088}» = NeroExpress
«{A8399F58-234A-48C6-BA55-30C15738BF3C}» = Nero CoverDesigner
«{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}» = ImagXpress
«{AAA12554-2589-11DC-92EF-E98356D81493}» = Nero InfoTool
«{AABBCC54-D8B1-11DC-92EF-E98356D81493}» = Nero DiscSpeed
«{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}» = ABBYY FineReader 8.0 Professional Edition
«{ABB80C85-EB22-D267-27BB-E43536ACD72D}» = ccc-utility
«{AC76BA86-7AD7-1049-7B44-A91000000001}» = Adobe Reader 9.1.2 — Russian
«{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}» = Nero Recode Help
«{b1adf008-e898-4fe2-8a1f-690d9a06acaf}» = DolbyFiles
«{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}» = Nero WaveEditor
«{B4A0FB43-9225-01C8-F7BB-940A7B84A7EF}» = Catalyst Control Center Graphics Full Existing
«{B4AE9BD8-71E2-D6C9-8FCC-DB1970DBDD4E}» = Catalyst Control Center Graphics Light
«{B4BFB811-0ECE-1AD6-8873-39A4A1C90EB1}» = Skins
«{B74D4E10-6884-0000-0000-000000000103}» = Adobe Bridge 1.0
«{b78120a0-cf84-4366-a393-4d0a59bc546c}» = Menu Templates — Starter Kit
«{B96C2601-52F5-4D5D-816A-63469EA311EF}» = «Nero SoundTrax Help
«{BAF78226-3200-4DB4-BE33-4D922A799840}» = Windows Presentation Foundation
«{BCD82AB5-670D-4242-90FA-1F97103C16CD}» = Movie Templates — Starter Kit
«{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}» = Nokia Connectivity Cable Driver
«{C45EB9E5-7165-4FB0-8C31-77FC4743362F}» = Manual CanoScan LiDE 25
«{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}» = SoundTrax
«{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}» = Menu Templates — Starter Kit
«{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}» = Canon CanoScan Toolbox 4.9
«{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}» = Microsoft .NET Framework 1.1
«{CCE9F004-6A17-33BA-8348-014B85AB957B}» = CCC Help English
«{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}» = Nero Rescue Agent
«{CE460C16-2340-481C-8A94-B6EDB841AD59}» = Windows Communication Foundation Language Pack — RUS
«{ce96f5a5-584d-4f8f-aa3e-9baed413db72}» = Nero CoverDesigner Help
«{d025a639-b9c9-417d-8531-208859000af8}» = NeroBurningROM
«{D103C4BA-F905-437A-8049-DB24763BBE36}» = Skype™ Beta 4.1
«{D546CDC4-98B4-3A4B-1BCE-6B714B69CD94}» = ccc-core-preinstall
«{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}» = PowerCinema Linux 4.0
«{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}» = Nero StartSmart Help
«{D83A3DFC-8528-4E31-93DC-0A41C477109C}» = Windows Presentation Foundation Language Pack (RUS)
«{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}» = Nero ShowTime
«{dba84796-8503-4ff0-af57-1747dd9a166d}» = Nero Online Upgrade
«{DD81833F-87AF-4BFF-98CD-9E3FFC5BADAC}» = GPS2WorldWind
«{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}» = Nero Live
«{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}» = jetAudio Basic VX
«{e498385e-1c51-459a-b45f-1721e37aa1a0}» = Movie Templates — Starter Kit
«{E4A8DD87-A746-4443-BF25-CAF99CED6767}» = Nero Disc Copy Gadget
«{E59761FE-8894-43e2-AB47-8BCBF4C4A015}» = ContentSaver
«{E86156E5-9859-440D-8876-26CED1349802}» = Nero WaveEditor Help
«{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}» = Nero WaveEditor Help
«{E9787678-119F-4D52-B551-6739B2B22101}» = Adobe Help Center 1.0
«{EA0B6678-C53D-4CF4-A658-47126BD97D41}» = StartupMonitor
«{EA9FFE54-D8B1-11DC-92EF-E98356D81493}» = Nero BurnRights
«{EF901A4B-A25A-4962-83C6-C6691D062ED9}» = Nero Mega Plugin Pack
«{EFB21DE7-8C19-4A88-BB28-A766E16493BC}» = Adobe Photoshop CS
«{F1362843-0E0E-4F74-8662-724CF101ADCE}» = Skype web features
«{f1861f30-3419-44db-b2a1-c274825698b3}» = Nero Disc Copy Gadget
«{F3CBA4E6-436E-4B51-9651-93830EE38616}» = Windows Messenger 5.1 MUI Pack
«{F4D0F248-2BF7-4912-814E-4FD751923838}» = Microsoft .NET Framework 2.0 Language Pack — RUS
«{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}» = Nero Vision
«{F6F323AF-0123-474E-AFE0-F3F26556162C}» = X-Translator Discovery ERRE
«001FFFFFFF11FF00FF2001F01F02F000-R1» = ArchiCAD 11 RUS
«1C Предприятие 7.7.27» = 1C Предприятие 7.7
«75070B1806113224B16C70296B90DD1AD8A53479» = Windows Driver Package — Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
«Adobe Acrobat 5.0» = Adobe Acrobat 5.0
«Adobe Flash Player ActiveX» = Adobe Flash Player 10 ActiveX
«Adobe Photoshop CS2 — {236BB7C4-4419-42FD-0419-1E257A25E34D}» = Adobe Photoshop CS2
«All ATI Software» = ATI — Software Uninstall Utility
«ATI Display Driver» = ATI Display Driver
«Autodesk DWF Viewer» = Autodesk DWF Viewer
«avast5» = avast! Free Antivirus
«BetaPlayer» = BetaPlayer
«CANONBJ_Deinstall_CNMCP74.DLL» = Canon iP2200
«CCleaner» = CCleaner (remove only)
«CMS_is1» = CMS
«cu-электрик_is1» = cu-электрик
«DESkey DK2 Uninstall» = DK2 DESkey Drivers v7.14.0.25
«Download Master_is1» = Download Master version 5.5.5.1135
«Easy-PhotoPrint» = Canon Utilities Easy-PhotoPrint
«Easy-PrintToolBox» = Canon Utilities Easy-PrintToolBox
«Easy-WebPrint» = Easy-WebPrint
«ENTERPRISE» = Microsoft Office Enterprise 2007
«FBDBServer1_is1» = Firebird 1.0.2.908
«FLSINST» = FLS-4 Driver Installation
«Foxit PDF Creator» = Foxit PDF Creator
«Foxit PDF Editor» = Foxit PDF EditorЛог Extras.Txt часть вторая:
«GAG» = GAG
«Guardant driver» = Guardant driver
«HP OrderReminder» = HP OrderReminder
«HP-LaserJet 1018» = LaserJet 1018
«IDentify» = IDentify
«IDNMitigationAPIs» = Microsoft Internationalized Domain Names Mitigation APIs
«ie8» = Windows Internet Explorer 8
«KLiteCodecPack_is1» = K-Lite Mega Codec Pack 2.01
«LeaderTask_is1» = LeaderTask 5.5
«LHTTSRUR» = L&H TTS3000 Russian
«Macromedia Shockwave Player» = Macromedia Shockwave Player
«Malwarebytes’ Anti-Malware_is1» = Malwarebytes’ Anti-Malware
«Mean Hamster Software Riven» = Mean Hamster Software Riven
«Microsoft .NET Framework 1.1 (1033)» = Microsoft .NET Framework 1.1
«Microsoft .NET Framework 2.0» = Microsoft .NET Framework 2.0
«Microsoft .NET Framework 2.0 Language Pack — RUS» = Microsoft .NET Framework 2.0 Language Pack — RUS
«Microsoft .NET Framework 3.0» = Microsoft .NET Framework 3.0
«Microsoft .NET Framework 3.0 Russian Language Pack» = Microsoft .NET Framework 3.0 Russian Language Pack
«MSCompPackV1» = Microsoft Compression Client Pack 1.0 for Windows XP
«Nero — Burning Rom!UninstallKey» = Nero OEM
«NeroVision!UninstallKey» = Nero Digital
«NetUP UserTrafManager5» = NetUP UserTrafManager5
«NLSDownlevelMapping» = Microsoft National Language Support Downlevel APIs
«NVEContent!UninstallKey» = NeroVision Express Content
«Personal Finances Pro_is1» = Personal Finances Pro v3.6
«PrimoPDF» = PrimoPDF — brought to you by Nitro PDF Software
«QIP2005» = QIP 2005 Uninstall
«Rubbish_is1» = 1.6
«S.T.A.L.K.E.R. — Новая война» = S.T.A.L.K.E.R. — Новая война
«S.T.A.L.K.E.R._is1» = S.T.A.L.K.E.R. [v1.0003]
«SkyForceReloaded» = SkyForceReloaded
«SMSERIAL» = Motorola SM56 Data Fax Modem
«STDU Viewer_is1» = STDU Viewer version 1.5.18.0
«Syberia 2_is1» = Syberia 2
«TaskSwitchXP» = TaskSwitchXP
«TCPMP» = TCPMP
«The KMPlayer» = The KMPlayer (remove only)
«Totalcmd» = Total Commander (Remove or Repair)
«tv_enua» = Lernout & Hauspie TruVoice American English TTS Engine
«UltraISO_is1» = UltraISO Premium V8.61
«Universal Document Converter_is1» = Universal Document Converter
«Virtual Pool Mobile» = Virtual Pool Mobile
«Visual Task Tips» = Visual Task Tips 2.1
«Voyage to The Moon_is1» = Voyage to The Moon
«Wdf01005» = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
«WIC» = Windows Imaging Component
«WinDjView» = WinDjView 1.0
«Windows Media Format Runtime» = Windows Media Format 11 runtime
«Windows Media Player» = Проигрыватель Windows Media 11
«WinRAR archiver» = Архиватор WinRAR
«WMFDist11» = Windows Media Format 11 runtime
«wmp11» = Windows Media Player 11
«WMV9_VCM» = Microsoft Windows Media Video 9 VCM
«Wudf01000» = Microsoft User-Mode Driver Framework Feature Pack 1.0
«XP Tweaker» = XP Tweaker 1.50
«XpsEPSC» = XML Paper Specification Shared Components Pack 1.0
«XPSEPSCLP» = XML Paper Specification Shared Components Language Pack 1.0
«Тибет квест (русская версия)» = Тибет квест (русская версия)========== HKEY_USERS Uninstall List ==========
[HKEY_USERSS-1-5-21-3384562647-3952047165-953852265-1006SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«uTorrent» = µTorrent========== Last 10 Event Log Errors ==========
[ Application Events ]
Error — 06.03.2010 2:06:34 | Computer Name = YOUR-8FD8B146F8 | Source = Application Error | ID = 1000
Description = Ошибка приложения utm5_wintray.exe, версия 1.0.0.1, модуль utm5_wintray.exe,
версия 1.0.0.1, адрес 0x00005c4a.Error — 06.03.2010 10:13:27 | Computer Name = YOUR-8FD8B146F8 | Source = Application Error | ID = 1000
Description = Ошибка приложения kmplayer.exe, версия 2.9.4.1434, модуль diracsplitter.ax,
версия 1.2.925.0, адрес 0x00003713.Error — 06.03.2010 10:13:35 | Computer Name = YOUR-8FD8B146F8 | Source = Application Error | ID = 1000
Description = Ошибка приложения kmplayer.exe, версия 2.9.4.1434, модуль diracsplitter.ax,
версия 1.2.925.0, адрес 0x00003713.Error — 06.03.2010 10:22:00 | Computer Name = YOUR-8FD8B146F8 | Source = Application Error | ID = 1000
Description = Ошибка приложения kmplayer.exe, версия 2.9.4.1434, модуль diracsplitter.ax,
версия 1.2.925.0, адрес 0x00003713.Error — 06.03.2010 10:23:25 | Computer Name = YOUR-8FD8B146F8 | Source = Application Error | ID = 1000
Description = Ошибка приложения kmplayer.exe, версия 2.9.4.1434, модуль diracsplitter.ax,
версия 1.2.925.0, адрес 0x00003713.Error — 07.03.2010 1:30:33 | Computer Name = YOUR-8FD8B146F8 | Source = Application Hang | ID = 1002
Description = Зависшее приложение iexplore.exe, версия 8.0.6001.18702, зависший
модуль hungapp, версия 0.0.0.0, адрес 0x00000000.Error — 07.03.2010 9:11:24 | Computer Name = YOUR-8FD8B146F8 | Source = Application Hang | ID = 1002
Description = Зависшее приложение iexplore.exe, версия 8.0.6001.18702, зависший
модуль hungapp, версия 0.0.0.0, адрес 0x00000000.Error — 08.03.2010 2:26:55 | Computer Name = YOUR-8FD8B146F8 | Source = Application Error | ID = 1000
Description = Ошибка приложения utm5_wintray.exe, версия 1.0.0.1, модуль utm5_wintray.exe,
версия 1.0.0.1, адрес 0x00005c4a.Error — 09.03.2010 3:21:10 | Computer Name = YOUR-8FD8B146F8 | Source = Application Error | ID = 1000
Description = Ошибка приложения kmplayer.exe, версия 2.9.4.1434, модуль diracsplitter.ax,
версия 1.2.925.0, адрес 0x00003713.Error — 09.03.2010 4:28:56 | Computer Name = YOUR-8FD8B146F8 | Source = ESENT | ID = 485
Description = wuauclt (1532) Попытка удалить файл «C:WINDOWSSoftwareDistributionDataStoreLogstmp.edb»
вызвала системную ошибку 32 (0x00000020): «Процесс не может получить доступ к файлу,
так как этот файл занят другим процессом. «. Операция удаления файла приведет
к ошибке -1032 (0xfffffbf8).[ OSession Events ]
Error — 18.02.2008 15:57:20 | Computer Name = YOUR-8FD8B146F8 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.Error — 22.10.2008 3:24:53 | Computer Name = YOUR-8FD8B146F8 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1364
seconds with 1080 seconds of active time. This session ended with a crash.Error — 22.10.2008 3:52:08 | Computer Name = YOUR-8FD8B146F8 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1458
seconds with 1080 seconds of active time. This session ended with a crash.Error — 27.08.2009 3:02:27 | Computer Name = YOUR-8FD8B146F8 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.[ System Events ]
Error — 09.03.2010 16:40:38 | Computer Name = YOUR-8FD8B146F8 | Source = DCOM | ID = 10010
Description = Регистрация сервера {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} DCOM не
прошла за отведенное время ожидания.Error — 09.03.2010 16:56:05 | Computer Name = YOUR-8FD8B146F8 | Source = Service Control Manager | ID = 7009
Description = Таймаут (30000 мс) ожидания для подключения службы HDDlife HDD Access
service.Error — 09.03.2010 16:56:05 | Computer Name = YOUR-8FD8B146F8 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы «HDDlife HDD Access service» из-за ошибки
%%1053Error — 09.03.2010 16:56:05 | Computer Name = YOUR-8FD8B146F8 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы «Nero BackItUp Scheduler 4.0» из-за ошибки
%%2Error — 09.03.2010 17:36:57 | Computer Name = YOUR-8FD8B146F8 | Source = Service Control Manager | ID = 7009
Description = Таймаут (30000 мс) ожидания для подключения службы HDDlife HDD Access
service.Error — 09.03.2010 17:36:57 | Computer Name = YOUR-8FD8B146F8 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы «HDDlife HDD Access service» из-за ошибки
%%1053Error — 09.03.2010 17:36:57 | Computer Name = YOUR-8FD8B146F8 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы «Nero BackItUp Scheduler 4.0» из-за ошибки
%%2Error — 10.03.2010 0:38:36 | Computer Name = YOUR-8FD8B146F8 | Source = Service Control Manager | ID = 7009
Description = Таймаут (30000 мс) ожидания для подключения службы HDDlife HDD Access
service.Error — 10.03.2010 0:38:36 | Computer Name = YOUR-8FD8B146F8 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы «HDDlife HDD Access service» из-за ошибки
%%1053Error — 10.03.2010 0:38:36 | Computer Name = YOUR-8FD8B146F8 | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы «Nero BackItUp Scheduler 4.0» из-за ошибки
%%2Извиняюсь за задержку.
Попробуйте следующий способ.
Откройте папку Мой компьютер.
Кликните Сервис, Свойства папки.
Выберите вкладку Типы файлов.
В открывшемся списке найдите тип Устройство.
Выберите его и кликните по кнопке Дополнительно.
В открывшемся окне кликните по кнопке Установить значок.
Откроется окно с доступными иконками, выберите нужную вам.
Кликайте OK, чтобы по очереди закрыть все окна.
Перезагрузите компьютер.
- Для ответа в этой теме необходимо авторизоваться.
