- This topic has 6 ответов, 2 участника, and was last updated 16 years, 4 months назад by
.
-
Сообщения
-
Здравствуйте, уважаемые. Не могли бы вы мне помочь в таком вопросе: Мне бы хотелось узнать существует ли на данном этапе реальная угроза моему компьютеру, что мне стоит предпринять? Какие виды профилактик существует? Как и чем лучше всего предотвращать заражение компьютера (программы, советы, антивирусы) ❓ Логи RSIT’a приведены ниже:
info.txt
info.txt logfile of random's system information tool 1.06 2009-06-07 20:11:43
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {D7CE14BC-96D9-41C5-822D-F5B1C2C35AA2}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0422-0000-0000000FF1CE} /uninstall {DC154E48-5278-423A-80A1-B93247E38A1A}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 Plugin-->C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX-->C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Photoshop CS3-->"C:Program FilesAdobeunins000.exe"
Adobe Reader 7.0.5 - Russian-->MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70500000002}
AI RoboForm (All Users)-->"C:Program FilesSiber SystemsAI RoboFormrfwipeout.exe"
ATI - Утилита деинсталляции-->C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Control Panel-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe"
ATI Display Driver-->rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update-->"C:Program FilesInstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}Setup.exe" -runfromtemp -l0x0019 -removeonly
BearPaw 2448SC Plus v1.1-->C:PROGRA~1BEARPA~1DriverUNINST.EXE
Bus Driver-->D:GamesBUSDRI~1UNWISE.EXE D:GamesBUSDRI~1INSTALL.LOG
CityInfo 2.7-->"C:Program FilesESMA LtdCityInfounins000.exe"
Command and Conquer Generals-->D:GamesCommand and Conquer Generals\UnIns.exe
Dreamfall - Бесконечное путешествие-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{C79FD7CA-7BCE-440D-B854-EBB8DEDD28FE}setup.exe" -l0x19
Far Manager v1.70-->C:Program FilesFaruninstall.exe
Gordon's Gate Flash Driver 2.2.0.1-->C:Program FilesSony EricssonGordons Gateuninst.exe
HijackThis 2.0.2-->"C:Program Filestrend microHijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6-->"C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.3.1 (Full)-->"C:Program FilesK-Lite Codec Packunins000.exe"
KVIrc-->"C:Program FilesKVIrcuninstall.exe"
Mail.Ru Агент 5.4 (сборка 2620, для всех пользователей)-->C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - RUS-->MsiExec.exe /I{736D8DEB-66C6-3655-9D59-DF6493A81F77}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - RUS-->MsiExec.exe /I{6CF6A814-CE65-39FC-BBBC-6CB340A4028B}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - rus-->MsiExec.exe /I{2744791F-4E7C-32F5-AB40-AEC6A6C86DBF}
Microsoft .NET Framework 3.5 SP1-->C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:WINDOWS$NtUninstallWdf01007$spuninstspuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0419-0000-0000000FF1CE} /uninstall {37317C49-30C4-412C-B0B9-D95090F330D8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office Access MUI (Russian) 2007-->MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007-->MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007-->MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007-->MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007-->MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007-->MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007-->MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007-->MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007-->MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007-->MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007-->MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007-->MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007-->MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mIRC-->"C:Program FilesmIRCmirc.exe" -uninstall
Mozilla Firefox (2.0.0.4)-->C:Program FilesMozilla Firefoxuninstallhelper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navitel Navigator-->"Navitel Navigatoruninstall.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia Software Updater-->MsiExec.exe /X{7169FA93-66C2-43BD-86E0-CD332A686B29}
NVIDIA Audio Driver-->C:WINDOWSsystem32nvuAudio.exe Uninstall C:WINDOWSsystem32NvAudio.nvu,NVIDIA Audio Driver
NVIDIA nForce Utilities-->C:WINDOWSsystem32rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:WINDOWSINFnvautils.inf
NVIDIA Windows 2000/XP nForce Drivers-->rundll32.exe C:WINDOWSsystem32NVNFINST.DLL,NvUninstallCrush
Opera 9.52-->MsiExec.exe /X{1A1A08FA-D01E-40AD-AC13-8CA48ACA0192}
Opera 9.62-->MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
Remote Administrator v2.2-->C:Program FilesRadminuninstal.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Ericsson PC Suite 3.106.00-->C:Program FilesInstallShield Installation Information{2FFE93F0-BB72-4E52-8761-354D1AAA9387}Setup.exe -runfromtemp -l0x0019 -removeonly
Total Commander 7.04 PowerPack-->"C:Program FilesTotal Commanderuninstall.exe"
Traffic Inspector PE-->MsiExec.exe /I{2E2448C5-1ACC-41F3-A621-3285C23E904A}
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Unlocker 1.8.7-->C:Program FilesUnlockeruninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {6533B670-0073-4FAC-8EC7-F857AD665370}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {A7C6A9C6-5FB9-4B5A-8E72-63BAD4E91D11}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
XML Paper Specification Shared Components Language Pack 1.0-->"C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe"
Архиватор WinRAR-->C:Program FilesWinRARuninstall.exe
Белазар v.5.1-->"C:Program FilesBelazarunins000.exe"
Бесконечное путешествие-->C:WINDOWSIsUninstR.Exe -fd:games2D06~1DeIsL1.isu -cd:games2D06~1TLJ_RE~1.DLL
Исправление для Windows XP (KB961118)-->"C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe"
Критическое обновление для проигрывателя Windows Media 11 - (KB959772)-->"C:WINDOWS$NtUninstallKB959772_WM11$spuninstspuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB938127-v2)-->"C:WINDOWSie7updatesKB938127-v2-IE7spuninstspuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB961260)-->"C:WINDOWSie7updatesKB961260-IE7spuninstspuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB963027)-->"C:WINDOWSie7updatesKB963027-IE7spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB923561)-->"C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB938464-v2)-->"C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB946648)-->"C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB950974)-->"C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB951066)-->"C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB952004)-->"C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB952954)-->"C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB954459)-->"C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB954600)-->"C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB955069)-->"C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB956572)-->"C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB956802)-->"C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB956803)-->"C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB956841)-->"C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB957097)-->"C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB958644)-->"C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB958687)-->"C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB958690)-->"C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB959426)-->"C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB960225)-->"C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB960715)-->"C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB960803)-->"C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB961373)-->"C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe"
Обновление безопасности для проигрывателя Windows Media - (KB952069)-->"C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe"
Обновление безопасности для проигрывателя Windows Media 11 - (KB954154)-->"C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe"
Обновление для Windows XP (KB955839)-->"C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe"
Обновление для Windows XP (KB967715)-->"C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe"
Пакет драйверов Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294pccsmcfd.inf
Тормозилки-->C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{C3DE1EB0-C8B3-42DC-AA33-427CD802EC57}
Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS-->c:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 - russetup.exe
Яндекс.Бар для Internet Explorer 3.5.4-->"C:Program FilesYandexYandexBarIEunins000.exe"
======System event log======
Computer Name: SNIPER
Event Code: 7036
Message: Служба "Ati HotKey Poller" перешла в состояние Остановлена.
Record Number: 1705
Source Name: Service Control Manager
Time Written: 20090520083749.000000+180
Event Type: информация
User:
Computer Name: SNIPER
Event Code: 7036
Message: Служба "Служба COM записи компакт-дисков IMAPI" перешла в состояние Остановлена.
Record Number: 1704
Source Name: Service Control Manager
Time Written: 20090520081842.000000+180
Event Type: информация
User:
Computer Name: SNIPER
Event Code: 7036
Message: Служба "Обозреватель компьютеров" перешла в состояние Остановлена.
Record Number: 1703
Source Name: Service Control Manager
Time Written: 20090520081840.000000+180
Event Type: информация
User:
Computer Name: SNIPER
Event Code: 7036
Message: Служба "Диспетчер подключений удаленного доступа" перешла в состояние Работает.
Record Number: 1702
Source Name: Service Control Manager
Time Written: 20090520081839.000000+180
Event Type: информация
User:
Computer Name: SNIPER
Event Code: 7036
Message: Служба "Служба шлюза уровня приложения" перешла в состояние Работает.
Record Number: 1701
Source Name: Service Control Manager
Time Written: 20090520081836.000000+180
Event Type: информация
User:
=====Application event log=====
Computer Name: SNIPER
Event Code: 3
Message:
Record Number: 935
Source Name: TrafSvc
Time Written: 20090421215250.000000+180
Event Type:
User:
Computer Name: SNIPER
Event Code: 3
Message:
Record Number: 934
Source Name: TrafSvc
Time Written: 20090421215249.000000+180
Event Type:
User:
Computer Name: SNIPER
Event Code: 3
Message:
Record Number: 933
Source Name: TrafSvc
Time Written: 20090421215249.000000+180
Event Type:
User:
Computer Name: SNIPER
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.
Record Number: 932
Source Name: SecurityCenter
Time Written: 20090421215243.000000+180
Event Type: информация
User:
Computer Name: SNIPER
Event Code: 105
Message: The service was started.
Record Number: 931
Source Name: ATI Smart
Time Written: 20090421215234.000000+180
Event Type: информация
User:
======Environment variables======
"ComSpec"=%SystemRoot%system32cmd.exe
"Path"=C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%TEMP
"TMP"=%SystemRoot%TEMP
EOF
log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Дима at 2009-06-07 20:08:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (17%) free of 10 GB
Total RAM: 767 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:40, on 07.06.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32r_server.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32sstray.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe
C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesOperaopera.exe
C:Documents and SettingsДимаРабочий столRSIT.exe
C:Program Filestrend microДима.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:Program FilesSiber SystemsAI RoboFormroboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll (file missing)
O3 - Toolbar: &Traffic Inspector Agent - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:PROGRA~1TrafInspAgentTRAFIN~1.DLL (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:Program FilesSiber SystemsAI RoboFormroboform.dll
O3 - Toolbar: Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:Program FilesYandexYandexBarIEyndbar.dll
O4 - HKLM..Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [UnlockerAssistant] "C:Program FilesUnlockerUnlockerAssistant.exe" -H
O4 - HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 - HKLM..Run: [PE_trafinspag.exe] "C:Program FilesTrafInspAgenttrafinspag.exe" -PE
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Sony Ericsson PC Suite] "C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe" /systray /nologon
O4 - HKCU..Run: [AlcoholAutomount] "C:Program FilesAlcohol SoftAlcohol 120axcmd.exe" /automount
O4 - HKCU..Run: [RoboForm] "C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe"
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [Yupdate!] "C:Program FilesCommon FilesYandexYupdateyupdate.exe"
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - HKUS.DEFAULT..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Total Commander.lnk = C:Program FilesTotal CommanderTotalcmd.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 - Extra context menu item: Заполнить формы - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O8 - Extra context menu item: Настроить Меню - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Сохранить формы - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O8 - Extra context menu item: Тулбар RoboForm - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll (file missing)
O9 - Extra button: Заполнить - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Заполнить формы - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 - Extra button: Сохранить - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Сохранить формы - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Тулбар RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 - Extra button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:Program FilesMail.RuAgentmagent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:Program FilesMail.RuAgentmagent.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:Program FilesICQ6ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:Program FilesICQ6ICQ.exe
O17 - HKLMSystemCCSServicesTcpip..{54166FC4-BD3B-4AA2-9BFD-EDB75C761FE8}: NameServer = 77.74.32.19 77.74.32.20
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:WINDOWSsystem32services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:WINDOWSsystem32imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:WINDOWSsystem32mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:WINDOWSsystem32services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:WINDOWSsystem32sessmgr.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:WINDOWSsystem32r_server.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:WINDOWSSystem32SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:WINDOWSsystem32smlogsvc.exe
O23 - Service: Traffic Inspector (TrafInspSrv) - Unknown owner - C:Program FilesTrafInspTrafInsp.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:WINDOWSSystem32vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:WINDOWSsystem32wbemwmiapsrv.exe
--
End of file - 10222 bytes
======Scheduled tasks folder======
C:WINDOWStasks1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-10-29 1088296]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{724d43a9-0d85-11d4-9908-00400523e39a}]
C:Program FilesSiber SystemsAI RoboFormroboform.dll [2009-05-07 5690184]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:Program FilesJavajre1.6.0_07binssv.dll []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - &Traffic Inspector Agent - C:PROGRA~1TrafInspAgentTRAFIN~1.DLL []
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:Program FilesSiber SystemsAI RoboFormroboform.dll [2009-05-07 5690184]
{91397D20-1446-11D4-8AF4-0040CA1127B6} - Яндекс.Бар - C:Program FilesYandexYandexBarIEyndbar.dll [2008-10-16 1578248]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"nForce Tray Options"=sstray.exe /r []
"ATIPTA"=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-05-03 344064]
"UnlockerAssistant"=C:Program FilesUnlockerUnlockerAssistant.exe [2008-05-02 15872]
"MAgent"=C:Program FilesMail.RuAgentMAgent.exe [2009-04-10 6209208]
"PE_trafinspag.exe"=C:Program FilesTrafInspAgenttrafinspag.exe -PE []
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
"Sony Ericsson PC Suite"=C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe [2007-11-20 356352]
"AlcoholAutomount"=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2008-03-20 217544]
"RoboForm"=C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe [2009-05-07 160592]
"DAEMON Tools Lite"=C:Program FilesDAEMON Tools Litedaemon.exe [2008-07-24 490952]
"Yupdate!"=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-10-20 479496]
C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Total Commander.lnk - C:Program FilesTotal CommanderTotalcmd.exe
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2005-05-04 46080]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe"="C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe:*:Disabled:Kaspersky Internet Security 2009"
"C:WINDOWSNetwork Diagnosticxpnetdiag.exe"="C:WINDOWSNetwork Diagnosticxpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:WINDOWSsystem32sessmgr.exe"="C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:GamesCSwar crafthl.exe"="D:GamesCSwar crafthl.exe:*:Enabled:Half-Life Launcher"
"D:GamesHalf-Lifehl.exe"="D:GamesHalf-Lifehl.exe:*:Enabled:ipsec"
"C:Program FilesOperaopera.exe"="C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser"
"C:Program FilesTotal CommanderTotalcmd.exe"="C:Program FilesTotal CommanderTotalcmd.exe:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:Program FilesMail.RuAgentmagent.exe"="C:Program FilesMail.RuAgentmagent.exe:*:Enabled:Mail.Ru Агент"
"C:Program FilesmIRCmirc.exe"="C:Program FilesmIRCmirc.exe:*:Enabled:mIRC"
"C:Program FilesKVIrckvirc.exe"="C:Program FilesKVIrckvirc.exe:*:Enabled:K Visual IRC Client Executable"
"C:Program FilesSkypePhoneSkype.exe"="C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype"
"D:Program Files2_rockcrowbarv19.exe"="D:Program Files2_rockcrowbarv19.exe:*:Enabled:ipsec"
"C:WINDOWSsystem32cmd.exe"="C:WINDOWSsystem32cmd.exe:*:Enabled:ipsec"
"C:WINDOWSsystem32Ati2evxx.exe"="C:WINDOWSsystem32Ati2evxx.exe:*:Enabled:ipsec"
"C:Program FilesATI TechnologiesATI Control Panelatiprbxx.exe"="C:Program FilesATI TechnologiesATI Control Panelatiprbxx.exe:*:Enabled:ipsec"
"C:Program FilesICQ6ICQ.exe"="C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{35c37760-25e3-11de-9c14-806d6172696f}]
shellAutoRuncommand - E:AUTORUN.EXE
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5e78a63d-4a8f-11de-9272-00e04c508f3f}]
shellAutoRuncommand - G:renafi.exe
shellexplorecommand - G:renafi.exe
shellopencommand - G:renafi.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6daa4c6e-2929-11de-9201-00e04c508f3f}]
shellAutoRuncommand - F:renafi.exe
shellexplorecommand - F:renafi.exe
shellopencommand - F:renafi.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d857a96-3fb7-11de-924a-00e04c508f3f}]
shellAutoRuncommand - F:renafi.exe
shellexplorecommand - F:renafi.exe
shellopencommand - F:renafi.exe
======List of files/folders created in the last 1 months======
2009-06-07 20:08:56 ----D---- C:Program Filestrend micro
2009-06-07 20:08:55 ----D---- C:rsit
2009-06-07 18:08:14 ----RASHD---- C:autorun.inf
2009-06-07 17:17:15 ----D---- C:Config.Msi
2009-06-07 13:14:02 ----D---- C:Program FilesICQ6Toolbar
2009-06-07 13:14:02 ----D---- C:Documents and SettingsAll UsersApplication DataICQ
2009-06-07 13:13:26 ----D---- C:Documents and SettingsДимаApplication DataICQ
2009-06-07 13:12:42 ----D---- C:Program FilesICQ6
2009-06-06 20:28:41 ----A---- C:WINDOWSModemLog_Sony Ericsson Device 217 USB WMC Modem.txt
2009-06-06 16:45:25 ----A---- C:WINDOWSsystem32huffyuv.dll
2009-06-06 16:45:24 ----A---- C:WINDOWSsystem32x264vfw.dll
2009-06-06 16:45:24 ----A---- C:WINDOWSsystem32vp7vfw.dll
2009-06-02 19:22:01 ----A---- C:WINDOWSsystem32vp6vfw.dll
2009-06-02 19:22:01 ----A---- C:WINDOWSsystem32vp6install.exe
2009-06-02 19:21:58 ----A---- C:WINDOWSsystem32Vb5db.dll
2009-06-02 19:21:58 ----A---- C:WINDOWSsystem32msxml4a.dll
2009-06-02 19:21:58 ----A---- C:WINDOWSsystem32msvcr80.dll
2009-06-02 19:21:57 ----A---- C:WINDOWSsystem32msvcp80.dll
2009-06-02 19:21:57 ----A---- C:WINDOWSsystem32msvcp70d.dll
2009-06-02 19:21:56 ----A---- C:WINDOWSsystem32msvci70d.dll
2009-06-02 19:21:55 ----A---- C:WINDOWSsystem32eax.dll
2009-06-02 19:21:53 ----A---- C:WINDOWSsystem32xmltok.dll
2009-06-02 19:21:53 ----A---- C:WINDOWSsystem32xmlparse.dll
2009-06-02 19:21:53 ----A---- C:WINDOWSsystem32xmlinst.exe
2009-06-02 19:21:53 ----A---- C:WINDOWSsystem32Cc3250mt.dll
2009-06-02 19:21:53 ----A---- C:WINDOWSsystem32Borlndmm.dll
2009-06-02 17:13:59 ----D---- C:Documents and SettingsAll UsersApplication DataNokia
2009-06-02 17:10:22 ----D---- C:Documents and SettingsДимаApplication DataCommFort
2009-06-02 17:10:15 ----D---- C:Program FilesCommFort
2009-06-02 17:09:48 ----A---- C:commfort_client_421a.exe
2009-06-02 17:09:41 ----A---- C:порт 9730.txt
2009-05-31 12:19:57 ----D---- C:tpa
2009-05-30 12:57:16 ----D---- C:Program FilesYandex
2009-05-30 12:57:16 ----D---- C:Program FilesCommon FilesYandex
2009-05-30 12:57:16 ----D---- C:Documents and SettingsДимаApplication DataYandex
2009-05-30 12:57:05 ----D---- C:Program FilesDAEMON Tools Lite
2009-05-30 12:55:07 ----D---- C:Documents and SettingsДимаApplication DataDAEMON Tools
2009-05-29 21:13:29 ----A---- C:WINDOWSIsUninstR.Exe
2009-05-29 21:05:24 ----A---- C:WINDOWSIsUninst.exe
2009-05-28 08:45:08 ----D---- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-05-27 22:47:27 ----D---- C:Documents and SettingsAll UsersApplication DataBVRP Software
2009-05-27 18:43:17 ----D---- C:Documents and SettingsДимаApplication DataCommand & Conquer 3 Tiberium Wars Demo
2009-05-27 18:14:23 ----D---- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-05-12 19:28:08 ----D---- C:Documents and SettingsДимаApplication DataKVIrc
2009-05-10 16:09:38 ----D---- C:Documents and SettingsДимаApplication DataNokia
2009-05-10 16:09:36 ----D---- C:Documents and SettingsДимаApplication DataPC Suite
2009-05-10 16:08:31 ----D---- C:Program FilesPC Connectivity Solution
2009-05-10 16:08:14 ----A---- C:WINDOWSsystem32nmwcdcls.dll
2009-05-10 16:08:13 ----D---- C:Program FilesNokia
2009-05-10 12:49:32 ----D---- C:ifs
2009-05-10 12:40:58 ----D---- C:Program FilesFar
2009-05-10 12:24:38 ----N---- C:WINDOWSsystem32spmsgXP_2k3.dll
2009-05-10 12:24:33 ----HDC---- C:WINDOWS$NtUninstallWdf01007$
2009-05-10 12:24:29 ----A---- C:WINDOWSsystem32WdfCoInstaller01007.dll
======List of files/folders modified in the last 1 months======
2009-06-07 20:08:59 ----D---- C:WINDOWSPrefetch
2009-06-07 20:08:56 ----RD---- C:Program Files
2009-06-07 19:31:18 ----A---- C:WINDOWSModemLog_Sony Ericsson Device 217 USB WMC Data Modem.txt
2009-06-07 19:20:49 ----D---- C:WINDOWSTemp
2009-06-07 18:13:13 ----A---- C:WINDOWSSchedLgU.Txt
2009-06-07 18:04:42 ----SHD---- C:WINDOWSInstaller
2009-06-07 17:29:47 ----D---- C:WINDOWSsystem32
2009-06-07 17:29:43 ----D---- C:Program FilesK-Lite Codec Pack
2009-06-07 17:16:27 ----D---- C:WINDOWSsystem32Restore
2009-06-07 17:11:29 ----D---- C:WINDOWSsystem32drivers
2009-06-07 17:10:00 ----D---- C:WINDOWSsystem32config
2009-06-07 13:14:22 ----HD---- C:Program FilesInstallShield Installation Information
2009-06-06 20:28:41 ----D---- C:WINDOWS
2009-06-06 16:05:38 ----D---- C:WINDOWSsystem32CatRoot2
2009-06-05 22:36:25 ----A---- C:WINDOWSsystem.ini
2009-06-04 22:49:10 ----D---- C:Documents and SettingsДимаApplication DataSkype
2009-06-04 22:23:46 ----D---- C:Documents and SettingsДимаApplication DataskypePM
2009-06-02 19:22:11 ----RSHDC---- C:WINDOWSsystem32dllcache
2009-06-02 19:21:47 ----RSD---- C:WINDOWSFonts
2009-05-30 17:15:04 ----D---- C:Program FilesCommon FilesInstallShield
2009-05-30 12:57:16 ----D---- C:Program FilesCommon Files
2009-05-29 20:20:58 ----SD---- C:Documents and SettingsДимаApplication DataMicrosoft
2009-05-29 14:35:09 ----HD---- C:WINDOWSinf
2009-05-29 14:35:09 ----DC---- C:WINDOWSsystem32DRVSTORE
2009-05-27 18:41:55 ----D---- C:WINDOWSsystem32CatRoot
2009-05-27 18:40:02 ----D---- C:WINDOWSsystem32DirectX
2009-05-27 18:39:31 ----D---- C:WINDOWSWinSxS
2009-05-27 18:36:27 ----A---- C:WINDOWSsystem32PerfStringBackup.INI
2009-05-27 18:30:25 ----D---- C:Program FilesTuneUp Utilities 2008
2009-05-27 18:28:39 ----D---- C:Program FilesCommon FilesSystem
2009-05-27 18:19:50 ----D---- C:Program FilesUnlocker
2009-05-27 18:17:23 ----D---- C:Program FilesWindows Media Connect 2
2009-05-27 18:16:50 ----D---- C:WINDOWSMinidump
2009-05-20 17:34:37 ----D---- C:Documents and SettingsДимаApplication DataAdobe
2009-05-11 14:41:29 ----SD---- C:Program FilesHLSW
2009-05-10 16:08:39 ----D---- C:Program FilesDIFX
2009-05-10 12:24:28 ----D---- C:Program FilesSony Ericsson
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys [2008-07-18 41984]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [2002-07-17 16877]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-07-08 62848]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-07-18 60800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-05-04 1133056]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2008-07-18 2944]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-07-18 61824]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:WINDOWSsystem32driversnvax.sys [2003-03-19 29696]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:WINDOWSsystem32driversnvapu.sys [2003-03-19 280704]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2008-07-18 20992]
R3 s217bus;Sony Ericsson Device 217 driver (WDM); C:WINDOWSsystem32DRIVERSs217bus.sys [2007-11-02 83496]
R3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs217mdfl.sys [2007-11-02 15016]
R3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs217mdm.sys [2007-11-02 109992]
R3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs217mgmt.sys [2007-11-02 103976]
R3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS); C:WINDOWSsystem32DRIVERSs217nd5.sys [2007-11-02 24872]
R3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs217obex.sys [2007-11-02 100008]
R3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM); C:WINDOWSsystem32DRIVERSs217unic.sys [2007-11-02 105896]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-07-18 30336]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-07-18 17152]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-07-18 26368]
S1 wceusbsh;Драйвер последовательного USB для Windows CE; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2008-07-18 31872]
S3 a5nf6vdk;a5nf6vdk; C:WINDOWSsystem32driversa5nf6vdk.sys []
S3 abp470n5;abp470n5; ??C:WINDOWSsystem32driversmjrhhl.sys []
S3 ac11ro6w;ac11ro6w; C:WINDOWSsystem32driversac11ro6w.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:WINDOWSsystem32DRIVERSggflt.sys [2008-09-24 10976]
S3 ggsemc;SEMC USB Flash Driver; C:WINDOWSsystem32DRIVERSggsemc.sys [2008-09-24 22368]
S3 GT680x;BearPaw 2448CS Plus Usb Scanner; C:WINDOWSSystem32DriversGt680x.sys [2006-06-16 12416]
S3 GVCplDrv;GVCplDrv; C:WINDOWSsystem32driversGVCplDrv.sys [2004-05-02 23040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:WINDOWSsystem32DRIVERSs716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:WINDOWSsystem32DRIVERSs716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:WINDOWSsystem32DRIVERSs716unic.sys [2007-04-04 98952]
S3 ticapdrv;Traffic Inspector network driver; C:WINDOWSsystem32DRIVERSticap.sys []
S3 TMETER;TMeter Service; C:WINDOWSsystem32DRIVERSTMETER.sys []
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-07-18 32384]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-07-18 25856]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-05-04 364544]
R2 r_server;Remote Administrator Service; C:WINDOWSsystem32r_server.exe [2004-06-16 708608]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2005-05-03 516096]
S2 TrafInspSrv;Traffic Inspector; C:Program FilesTrafInspTrafInsp.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2009-03-04 621056]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2009-04-10 355584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
Заранее благодарен
Здравсвтуйте! Решил проверить свой комп Dr.Web Curiet, после быстрой проверки он обнаружил файл: renafi.exe После обнаружения предложила только переместить или нет, более вариантов не было, ну я ответил положительно там что-то переместило — видно на скрине.
зы На Радмин внимание не обращайте — это просто прога для удаленного управления компом. Что это такое и что мне с ним сделать?
Логи RSIT’a приведены ниже:info.txt
info.txt logfile of random’s system information tool 1.06 2009-06-07 20:11:43======Uninstall list======
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {D7CE14BC-96D9-41C5-822D-F5B1C2C35AA2}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0422-0000-0000000FF1CE} /uninstall {DC154E48-5278-423A-80A1-B93247E38A1A}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 6.0 Sprint—>MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Photoshop CS3—>»C:Program FilesAdobeunins000.exe»
Adobe Reader 7.0.5 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70500000002}
AI RoboForm (All Users)—>»C:Program FilesSiber SystemsAI RoboFormrfwipeout.exe»
ATI — Утилита деинсталляции—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Control Panel—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe»
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update—>»C:Program FilesInstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}Setup.exe» -runfromtemp -l0x0019 -removeonly
BearPaw 2448SC Plus v1.1—>C:PROGRA~1BEARPA~1DriverUNINST.EXE
Bus Driver—>D:GamesBUSDRI~1UNWISE.EXE D:GamesBUSDRI~1INSTALL.LOG
CityInfo 2.7—>»C:Program FilesESMA LtdCityInfounins000.exe»
Command and Conquer Generals—>D:GamesCommand and Conquer Generals\UnIns.exe
Dreamfall — Бесконечное путешествие—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C79FD7CA-7BCE-440D-B854-EBB8DEDD28FE}setup.exe» -l0x19
Far Manager v1.70—>C:Program FilesFaruninstall.exe
Gordon’s Gate Flash Driver 2.2.0.1—>C:Program FilesSony EricssonGordons Gateuninst.exe
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
ICQ6—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.3.1 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
KVIrc—>»C:Program FilesKVIrcuninstall.exe»
Mail.Ru Агент 5.4 (сборка 2620, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack — RUS—>MsiExec.exe /I{736D8DEB-66C6-3655-9D59-DF6493A81F77}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack — RUS—>MsiExec.exe /I{6CF6A814-CE65-39FC-BBBC-6CB340A4028B}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 — rus—>MsiExec.exe /I{2744791F-4E7C-32F5-AB40-AEC6A6C86DBF}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7—>»C:WINDOWS$NtUninstallWdf01007$spuninstspuninst.exe»
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-0015-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-0018-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-0019-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001B-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-0044-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-006E-0419-0000-0000000FF1CE} /uninstall {37317C49-30C4-412C-B0B9-D95090F330D8}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-00A1-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-00BA-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mIRC—>»C:Program FilesmIRCmirc.exe» -uninstall
Mozilla Firefox (2.0.0.4)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navitel Navigator—>»Navitel Navigatoruninstall.exe»
Nokia Connectivity Cable Driver—>MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia Software Updater—>MsiExec.exe /X{7169FA93-66C2-43BD-86E0-CD332A686B29}
NVIDIA Audio Driver—>C:WINDOWSsystem32nvuAudio.exe Uninstall C:WINDOWSsystem32NvAudio.nvu,NVIDIA Audio Driver
NVIDIA nForce Utilities—>C:WINDOWSsystem32rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:WINDOWSINFnvautils.inf
NVIDIA Windows 2000/XP nForce Drivers—>rundll32.exe C:WINDOWSsystem32NVNFINST.DLL,NvUninstallCrush
Opera 9.52—>MsiExec.exe /X{1A1A08FA-D01E-40AD-AC13-8CA48ACA0192}
Opera 9.62—>MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}
PC Connectivity Solution—>MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
Remote Administrator v2.2—>C:Program FilesRadminuninstal.exe
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 4.0—>MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Ericsson PC Suite 3.106.00—>C:Program FilesInstallShield Installation Information{2FFE93F0-BB72-4E52-8761-354D1AAA9387}Setup.exe -runfromtemp -l0x0019 -removeonly
Total Commander 7.04 PowerPack—>»C:Program FilesTotal Commanderuninstall.exe»
Traffic Inspector PE—>MsiExec.exe /I{2E2448C5-1ACC-41F3-A621-3285C23E904A}
TuneUp Utilities 2008—>MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Unlocker 1.8.7—>C:Program FilesUnlockeruninst.exe
Update for 2007 Microsoft Office System (KB967642)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Excel 2007 Help (KB957242)—>msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {6533B670-0073-4FAC-8EC7-F857AD665370}
Update for Microsoft Office Outlook 2007 (KB952142)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)—>msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {A7C6A9C6-5FB9-4B5A-8E72-63BAD4E91D11}
Update for Outlook 2007 Junk Email Filter (kb968503)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Белазар v.5.1—>»C:Program FilesBelazarunins000.exe»
Бесконечное путешествие—>C:WINDOWSIsUninstR.Exe -fd:games2D06~1DeIsL1.isu -cd:games2D06~1TLJ_RE~1.DLL
Исправление для Windows XP (KB961118)—>»C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe»
Критическое обновление для проигрывателя Windows Media 11 — (KB959772)—>»C:WINDOWS$NtUninstallKB959772_WM11$spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB938127-v2)—>»C:WINDOWSie7updatesKB938127-v2-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB961260)—>»C:WINDOWSie7updatesKB961260-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB963027)—>»C:WINDOWSie7updatesKB963027-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464-v2)—>»C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961373)—>»C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Обновление для Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
Пакет драйверов Windows — Nokia pccsmcfd (08/22/2008 7.0.0.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294pccsmcfd.inf
Тормозилки—>C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{C3DE1EB0-C8B3-42DC-AA33-427CD802EC57}
Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS—>c:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — russetup.exe
Яндекс.Бар для Internet Explorer 3.5.4—>»C:Program FilesYandexYandexBarIEunins000.exe»======System event log======
Computer Name: SNIPER
Event Code: 7036
Message: Служба «Ati HotKey Poller» перешла в состояние Остановлена.Record Number: 1705
Source Name: Service Control Manager
Time Written: 20090520083749.000000+180
Event Type: информация
User:Computer Name: SNIPER
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Остановлена.Record Number: 1704
Source Name: Service Control Manager
Time Written: 20090520081842.000000+180
Event Type: информация
User:Computer Name: SNIPER
Event Code: 7036
Message: Служба «Обозреватель компьютеров» перешла в состояние Остановлена.Record Number: 1703
Source Name: Service Control Manager
Time Written: 20090520081840.000000+180
Event Type: информация
User:Computer Name: SNIPER
Event Code: 7036
Message: Служба «Диспетчер подключений удаленного доступа» перешла в состояние Работает.Record Number: 1702
Source Name: Service Control Manager
Time Written: 20090520081839.000000+180
Event Type: информация
User:Computer Name: SNIPER
Event Code: 7036
Message: Служба «Служба шлюза уровня приложения» перешла в состояние Работает.Record Number: 1701
Source Name: Service Control Manager
Time Written: 20090520081836.000000+180
Event Type: информация
User:=====Application event log=====
Computer Name: SNIPER
Event Code: 3
Message:
Record Number: 935
Source Name: TrafSvc
Time Written: 20090421215250.000000+180
Event Type:
User:Computer Name: SNIPER
Event Code: 3
Message:
Record Number: 934
Source Name: TrafSvc
Time Written: 20090421215249.000000+180
Event Type:
User:Computer Name: SNIPER
Event Code: 3
Message:
Record Number: 933
Source Name: TrafSvc
Time Written: 20090421215249.000000+180
Event Type:
User:Computer Name: SNIPER
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.Record Number: 932
Source Name: SecurityCenter
Time Written: 20090421215243.000000+180
Event Type: информация
User:Computer Name: SNIPER
Event Code: 105
Message: The service was started.Record Number: 931
Source Name: ATI Smart
Time Written: 20090421215234.000000+180
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI Control Panel
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
«PROCESSOR_REVISION»=0a00
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
log.txt
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Дима at 2009-06-07 20:08:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (17%) free of 10 GB
Total RAM: 767 MB (44% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:40, on 07.06.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32r_server.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32sstray.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe
C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesOperaopera.exe
C:Documents and SettingsДимаРабочий столRSIT.exe
C:Program Filestrend microДима.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: (no name) — {724d43a9-0d85-11d4-9908-00400523e39a} — C:Program FilesSiber SystemsAI RoboFormroboform.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_07binssv.dll (file missing)
O3 — Toolbar: &Traffic Inspector Agent — {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} — C:PROGRA~1TrafInspAgentTRAFIN~1.DLL (file missing)
O3 — Toolbar: &RoboForm — {724d43a0-0d85-11d4-9908-00400523e39a} — C:Program FilesSiber SystemsAI RoboFormroboform.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [nForce Tray Options] sstray.exe /r
O4 — HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe» -H
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [PE_trafinspag.exe] «C:Program FilesTrafInspAgenttrafinspag.exe» -PE
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe» /systray /nologon
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [RoboForm] «C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘Default user’)
O4 — Global Startup: Total Commander.lnk = C:Program FilesTotal CommanderTotalcmd.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 — Extra context menu item: Заполнить формы — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O8 — Extra context menu item: Настроить Меню — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html
O8 — Extra context menu item: Сохранить формы — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O8 — Extra context menu item: Тулбар RoboForm — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll (file missing)
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll (file missing)
O9 — Extra button: Заполнить — {320AF880-6646-11D3-ABEE-C5DBF3571F46} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 — Extra ‘Tools’ menuitem: Заполнить формы — {320AF880-6646-11D3-ABEE-C5DBF3571F46} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 — Extra button: Сохранить — {320AF880-6646-11D3-ABEE-C5DBF3571F49} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 — Extra ‘Tools’ menuitem: Сохранить формы — {320AF880-6646-11D3-ABEE-C5DBF3571F49} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 — Extra button: RoboForm — {724d43aa-0d85-11d4-9908-00400523e39a} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 — Extra ‘Tools’ menuitem: Тулбар RoboForm — {724d43aa-0d85-11d4-9908-00400523e39a} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O17 — HKLMSystemCCSServicesTcpip..{54166FC4-BD3B-4AA2-9BFD-EDB75C761FE8}: NameServer = 77.74.32.19 77.74.32.20
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Remote Administrator Service (r_server) — Unknown owner — C:WINDOWSsystem32r_server.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Traffic Inspector (TrafInspSrv) — Unknown owner — C:Program FilesTrafInspTrafInsp.exe (file missing)
O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software GmbH — C:WINDOWSSystem32TuneUpDefragService.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10222 bytes======Scheduled tasks folder======
C:WINDOWStasks1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-10-29 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{724d43a9-0d85-11d4-9908-00400523e39a}]
C:Program FilesSiber SystemsAI RoboFormroboform.dll [2009-05-07 5690184][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{3F5A62E2-51F2-11D3-A075-CC7364CAE42A} — &Traffic Inspector Agent — C:PROGRA~1TrafInspAgentTRAFIN~1.DLL []
{724d43a0-0d85-11d4-9908-00400523e39a} — &RoboForm — C:Program FilesSiber SystemsAI RoboFormroboform.dll [2009-05-07 5690184]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2008-10-16 1578248][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«nForce Tray Options»=sstray.exe /r []
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-05-03 344064]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2008-05-02 15872]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-04-10 6209208]
«PE_trafinspag.exe»=C:Program FilesTrafInspAgenttrafinspag.exe -PE [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe [2007-11-20 356352]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2008-03-20 217544]
«RoboForm»=C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe [2009-05-07 160592]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-07-24 490952]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-10-20 479496]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Total Commander.lnk — C:Program FilesTotal CommanderTotalcmd.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2005-05-04 46080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»=»C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe:*:Disabled:Kaspersky Internet Security 2009»
«C:WINDOWSNetwork Diagnosticxpnetdiag.exe»=»C:WINDOWSNetwork Diagnosticxpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«D:GamesCSwar crafthl.exe»=»D:GamesCSwar crafthl.exe:*:Enabled:Half-Life Launcher»
«D:GamesHalf-Lifehl.exe»=»D:GamesHalf-Lifehl.exe:*:Enabled:ipsec»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesTotal CommanderTotalcmd.exe»=»C:Program FilesTotal CommanderTotalcmd.exe:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows»
«C:Program FilesMail.RuAgentmagent.exe»=»C:Program FilesMail.RuAgentmagent.exe:*:Enabled:Mail.Ru Агент»
«C:Program FilesmIRCmirc.exe»=»C:Program FilesmIRCmirc.exe:*:Enabled:mIRC»
«C:Program FilesKVIrckvirc.exe»=»C:Program FilesKVIrckvirc.exe:*:Enabled:K Visual IRC Client Executable»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«D:Program Files2_rockcrowbarv19.exe»=»D:Program Files2_rockcrowbarv19.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32cmd.exe»=»C:WINDOWSsystem32cmd.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32Ati2evxx.exe»=»C:WINDOWSsystem32Ati2evxx.exe:*:Enabled:ipsec»
«C:Program FilesATI TechnologiesATI Control Panelatiprbxx.exe»=»C:Program FilesATI TechnologiesATI Control Panelatiprbxx.exe:*:Enabled:ipsec»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{35c37760-25e3-11de-9c14-806d6172696f}]
shellAutoRuncommand — E:AUTORUN.EXE[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5e78a63d-4a8f-11de-9272-00e04c508f3f}]
shellAutoRuncommand — G:renafi.exe
shellexplorecommand — G:renafi.exe
shellopencommand — G:renafi.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6daa4c6e-2929-11de-9201-00e04c508f3f}]
shellAutoRuncommand — F:renafi.exe
shellexplorecommand — F:renafi.exe
shellopencommand — F:renafi.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d857a96-3fb7-11de-924a-00e04c508f3f}]
shellAutoRuncommand — F:renafi.exe
shellexplorecommand — F:renafi.exe
shellopencommand — F:renafi.exe======List of files/folders created in the last 1 months======
2009-06-07 20:08:56 —-D—- C:Program Filestrend micro
2009-06-07 20:08:55 —-D—- C:rsit
2009-06-07 18:08:14 —-RASHD—- C:autorun.inf
2009-06-07 17:17:15 —-D—- C:Config.Msi
2009-06-07 13:14:02 —-D—- C:Program FilesICQ6Toolbar
2009-06-07 13:14:02 —-D—- C:Documents and SettingsAll UsersApplication DataICQ
2009-06-07 13:13:26 —-D—- C:Documents and SettingsДимаApplication DataICQ
2009-06-07 13:12:42 —-D—- C:Program FilesICQ6
2009-06-06 20:28:41 —-A—- C:WINDOWSModemLog_Sony Ericsson Device 217 USB WMC Modem.txt
2009-06-06 16:45:25 —-A—- C:WINDOWSsystem32huffyuv.dll
2009-06-06 16:45:24 —-A—- C:WINDOWSsystem32x264vfw.dll
2009-06-06 16:45:24 —-A—- C:WINDOWSsystem32vp7vfw.dll
2009-06-02 19:22:01 —-A—- C:WINDOWSsystem32vp6vfw.dll
2009-06-02 19:22:01 —-A—- C:WINDOWSsystem32vp6install.exe
2009-06-02 19:21:58 —-A—- C:WINDOWSsystem32Vb5db.dll
2009-06-02 19:21:58 —-A—- C:WINDOWSsystem32msxml4a.dll
2009-06-02 19:21:58 —-A—- C:WINDOWSsystem32msvcr80.dll
2009-06-02 19:21:57 —-A—- C:WINDOWSsystem32msvcp80.dll
2009-06-02 19:21:57 —-A—- C:WINDOWSsystem32msvcp70d.dll
2009-06-02 19:21:56 —-A—- C:WINDOWSsystem32msvci70d.dll
2009-06-02 19:21:55 —-A—- C:WINDOWSsystem32eax.dll
2009-06-02 19:21:53 —-A—- C:WINDOWSsystem32xmltok.dll
2009-06-02 19:21:53 —-A—- C:WINDOWSsystem32xmlparse.dll
2009-06-02 19:21:53 —-A—- C:WINDOWSsystem32xmlinst.exe
2009-06-02 19:21:53 —-A—- C:WINDOWSsystem32Cc3250mt.dll
2009-06-02 19:21:53 —-A—- C:WINDOWSsystem32Borlndmm.dll
2009-06-02 17:13:59 —-D—- C:Documents and SettingsAll UsersApplication DataNokia
2009-06-02 17:10:22 —-D—- C:Documents and SettingsДимаApplication DataCommFort
2009-06-02 17:10:15 —-D—- C:Program FilesCommFort
2009-06-02 17:09:48 —-A—- C:commfort_client_421a.exe
2009-06-02 17:09:41 —-A—- C:порт 9730.txt
2009-05-31 12:19:57 —-D—- C:tpa
2009-05-30 12:57:16 —-D—- C:Program FilesYandex
2009-05-30 12:57:16 —-D—- C:Program FilesCommon FilesYandex
2009-05-30 12:57:16 —-D—- C:Documents and SettingsДимаApplication DataYandex
2009-05-30 12:57:05 —-D—- C:Program FilesDAEMON Tools Lite
2009-05-30 12:55:07 —-D—- C:Documents and SettingsДимаApplication DataDAEMON Tools
2009-05-29 21:13:29 —-A—- C:WINDOWSIsUninstR.Exe
2009-05-29 21:05:24 —-A—- C:WINDOWSIsUninst.exe
2009-05-28 08:45:08 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-05-27 22:47:27 —-D—- C:Documents and SettingsAll UsersApplication DataBVRP Software
2009-05-27 18:43:17 —-D—- C:Documents and SettingsДимаApplication DataCommand & Conquer 3 Tiberium Wars Demo
2009-05-27 18:14:23 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-05-12 19:28:08 —-D—- C:Documents and SettingsДимаApplication DataKVIrc
2009-05-10 16:09:38 —-D—- C:Documents and SettingsДимаApplication DataNokia
2009-05-10 16:09:36 —-D—- C:Documents and SettingsДимаApplication DataPC Suite
2009-05-10 16:08:31 —-D—- C:Program FilesPC Connectivity Solution
2009-05-10 16:08:14 —-A—- C:WINDOWSsystem32nmwcdcls.dll
2009-05-10 16:08:13 —-D—- C:Program FilesNokia
2009-05-10 12:49:32 —-D—- C:ifs
2009-05-10 12:40:58 —-D—- C:Program FilesFar
2009-05-10 12:24:38 —-N—- C:WINDOWSsystem32spmsgXP_2k3.dll
2009-05-10 12:24:33 —-HDC—- C:WINDOWS$NtUninstallWdf01007$
2009-05-10 12:24:29 —-A—- C:WINDOWSsystem32WdfCoInstaller01007.dll======List of files/folders modified in the last 1 months======
2009-06-07 20:08:59 —-D—- C:WINDOWSPrefetch
2009-06-07 20:08:56 —-RD—- C:Program Files
2009-06-07 19:31:18 —-A—- C:WINDOWSModemLog_Sony Ericsson Device 217 USB WMC Data Modem.txt
2009-06-07 19:20:49 —-D—- C:WINDOWSTemp
2009-06-07 18:13:13 —-A—- C:WINDOWSSchedLgU.Txt
2009-06-07 18:04:42 —-SHD—- C:WINDOWSInstaller
2009-06-07 17:29:47 —-D—- C:WINDOWSsystem32
2009-06-07 17:29:43 —-D—- C:Program FilesK-Lite Codec Pack
2009-06-07 17:16:27 —-D—- C:WINDOWSsystem32Restore
2009-06-07 17:11:29 —-D—- C:WINDOWSsystem32drivers
2009-06-07 17:10:00 —-D—- C:WINDOWSsystem32config
2009-06-07 13:14:22 —-HD—- C:Program FilesInstallShield Installation Information
2009-06-06 20:28:41 —-D—- C:WINDOWS
2009-06-06 16:05:38 —-D—- C:WINDOWSsystem32CatRoot2
2009-06-05 22:36:25 —-A—- C:WINDOWSsystem.ini
2009-06-04 22:49:10 —-D—- C:Documents and SettingsДимаApplication DataSkype
2009-06-04 22:23:46 —-D—- C:Documents and SettingsДимаApplication DataskypePM
2009-06-02 19:22:11 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-06-02 19:21:47 —-RSD—- C:WINDOWSFonts
2009-05-30 17:15:04 —-D—- C:Program FilesCommon FilesInstallShield
2009-05-30 12:57:16 —-D—- C:Program FilesCommon Files
2009-05-29 20:20:58 —-SD—- C:Documents and SettingsДимаApplication DataMicrosoft
2009-05-29 14:35:09 —-HD—- C:WINDOWSinf
2009-05-29 14:35:09 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-05-27 18:41:55 —-D—- C:WINDOWSsystem32CatRoot
2009-05-27 18:40:02 —-D—- C:WINDOWSsystem32DirectX
2009-05-27 18:39:31 —-D—- C:WINDOWSWinSxS
2009-05-27 18:36:27 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-05-27 18:30:25 —-D—- C:Program FilesTuneUp Utilities 2008
2009-05-27 18:28:39 —-D—- C:Program FilesCommon FilesSystem
2009-05-27 18:19:50 —-D—- C:Program FilesUnlocker
2009-05-27 18:17:23 —-D—- C:Program FilesWindows Media Connect 2
2009-05-27 18:16:50 —-D—- C:WINDOWSMinidump
2009-05-20 17:34:37 —-D—- C:Documents and SettingsДимаApplication DataAdobe
2009-05-11 14:41:29 —-SD—- C:Program FilesHLSW
2009-05-10 16:08:39 —-D—- C:Program FilesDIFX
2009-05-10 12:24:28 —-D—- C:Program FilesSony Ericsson======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys [2008-07-18 41984]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [2002-07-17 16877]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-07-08 62848]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-07-18 60800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-05-04 1133056]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2008-07-18 2944]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-07-18 61824]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:WINDOWSsystem32driversnvax.sys [2003-03-19 29696]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:WINDOWSsystem32driversnvapu.sys [2003-03-19 280704]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2008-07-18 20992]
R3 s217bus;Sony Ericsson Device 217 driver (WDM); C:WINDOWSsystem32DRIVERSs217bus.sys [2007-11-02 83496]
R3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs217mdfl.sys [2007-11-02 15016]
R3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs217mdm.sys [2007-11-02 109992]
R3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs217mgmt.sys [2007-11-02 103976]
R3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS); C:WINDOWSsystem32DRIVERSs217nd5.sys [2007-11-02 24872]
R3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs217obex.sys [2007-11-02 100008]
R3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM); C:WINDOWSsystem32DRIVERSs217unic.sys [2007-11-02 105896]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-07-18 30336]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-07-18 17152]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-07-18 26368]
S1 wceusbsh;Драйвер последовательного USB для Windows CE; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2008-07-18 31872]
S3 a5nf6vdk;a5nf6vdk; C:WINDOWSsystem32driversa5nf6vdk.sys []
S3 abp470n5;abp470n5; ??C:WINDOWSsystem32driversmjrhhl.sys []
S3 ac11ro6w;ac11ro6w; C:WINDOWSsystem32driversac11ro6w.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:WINDOWSsystem32DRIVERSggflt.sys [2008-09-24 10976]
S3 ggsemc;SEMC USB Flash Driver; C:WINDOWSsystem32DRIVERSggsemc.sys [2008-09-24 22368]
S3 GT680x;BearPaw 2448CS Plus Usb Scanner; C:WINDOWSSystem32DriversGt680x.sys [2006-06-16 12416]
S3 GVCplDrv;GVCplDrv; C:WINDOWSsystem32driversGVCplDrv.sys [2004-05-02 23040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:WINDOWSsystem32DRIVERSs716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:WINDOWSsystem32DRIVERSs716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:WINDOWSsystem32DRIVERSs716unic.sys [2007-04-04 98952]
S3 ticapdrv;Traffic Inspector network driver; C:WINDOWSsystem32DRIVERSticap.sys []
S3 TMETER;TMeter Service; C:WINDOWSsystem32DRIVERSTMETER.sys []
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-07-18 32384]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-07-18 25856]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-05-04 364544]
R2 r_server;Remote Administrator Service; C:WINDOWSsystem32r_server.exe [2004-06-16 708608]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2005-05-03 516096]
S2 TrafInspSrv;Traffic Inspector; C:Program FilesTrafInspTrafInsp.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2009-03-04 621056]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2009-04-10 355584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
Пасиб 🙂Здравствуйте, добро пожаловать на Spyware-ru форум.
Судя по логу, несколько ваших подключаемых дисков заражены autorun.inf трояном (это и показал DrWeb). Потому если вы их все не обработали Flash Disinfector`ом, то сейчас самое время.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:services
a5nf6vdk
abp470n5
ac11ro6w
:reg
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5e78a63d-4a8f-11de-9272-00e04c508f3f}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6daa4c6e-2929-11de-9201-00e04c508f3f}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d857a96-3fb7-11de-924a-00e04c508f3f}]
:Commands
[emptytemp]
[start explorer]
[Reboot]Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.Вставьте в ваше ответное сообщение содержимое этого лога. И приложите свежий RSIT лог.
Логи OTMoveIt3 by OldTimer:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service a5nf6vdk .
Service abp470n5 stopped successfully.
Service abp470n5 deleted successfully.
Unable to stop service ac11ro6w .
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5e78a63d-4a8f-11de-9272-00e04c508f3f}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6daa4c6e-2929-11de-9201-00e04c508f3f}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d857a96-3fb7-11de-924a-00e04c508f3f}\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~1C4C4~1LOCALS~1Temp~DF559C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps008md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps008url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps008w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps008wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps007md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps007url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps007w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps007wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps006md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps006url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps006w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps006wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps005md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps005url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps005w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps005wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps004md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps004url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps004w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps004wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps003md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps003url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps003w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps003wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps002md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps002url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps002w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps002wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx-j scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000md.dat-j scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000url.ax-j scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000w.ax-j scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000wb.vx-j scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 06142009_200848
Files moved on Reboot...
C:DOCUME~1C4C4~1LOCALS~1Temp~DF559C.tmp moved successfully.
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps008md.dat moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps008url.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps008w.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps008wb.vx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps007md.dat moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps007url.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps007w.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps007wb.vx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps006md.dat moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps006url.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps006w.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps006wb.vx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps005md.dat moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps005url.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps005w.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps005wb.vx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps004md.dat moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps004url.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps004w.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps004wb.vx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps003md.dat moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps003url.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps003w.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps003wb.vx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps002md.dat moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps002url.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps002w.ax moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps002wb.vx moved successfully.
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx moved successfully.
File C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx-j not found!
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000md.dat moved successfully.
File C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000md.dat-j not found!
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000url.ax moved successfully.
File C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000url.ax-j not found!
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000w.ax moved successfully.
File C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000w.ax-j not found!
C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000wb.vx moved successfully.
File C:Documents and SettingsДимаLocal SettingsApplication DataOperaOperaProfilevps000wb.vx-j not found!
Логи RSIT’a
info.txt
info.txt logfile of random's system information tool 1.06 2009-06-14 20:15:44
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {D7CE14BC-96D9-41C5-822D-F5B1C2C35AA2}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0422-0000-0000000FF1CE} /uninstall {DC154E48-5278-423A-80A1-B93247E38A1A}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 Plugin-->C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX-->C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Photoshop CS3-->"C:Program FilesAdobeunins000.exe"
Adobe Reader 7.0.5 - Russian-->MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70500000002}
AI RoboForm (All Users)-->"C:Program FilesSiber SystemsAI RoboFormrfwipeout.exe"
ATI - Утилита деинсталляции-->C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Control Panel-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe"
ATI Display Driver-->rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update-->"C:Program FilesInstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}Setup.exe" -runfromtemp -l0x0019 -removeonly
BearPaw 2448SC Plus v1.1-->C:PROGRA~1BEARPA~1DriverUNINST.EXE
CityInfo 2.7-->"C:Program FilesESMA LtdCityInfounins000.exe"
Command and Conquer Generals-->D:GamesCommand and Conquer Generals\UnIns.exe
Dreamfall - Бесконечное путешествие-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{C79FD7CA-7BCE-440D-B854-EBB8DEDD28FE}setup.exe" -l0x19
Far Manager v1.70-->C:Program FilesFaruninstall.exe
Gordon's Gate Flash Driver 2.2.0.1-->C:Program FilesSony EricssonGordons Gateuninst.exe
HijackThis 2.0.2-->"C:Program Filestrend microHijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6-->"C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.3.1 (Full)-->"C:Program FilesK-Lite Codec Packunins000.exe"
Mail.Ru Агент 5.4 (сборка 2620, для всех пользователей)-->C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - RUS-->MsiExec.exe /I{736D8DEB-66C6-3655-9D59-DF6493A81F77}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - RUS-->MsiExec.exe /I{6CF6A814-CE65-39FC-BBBC-6CB340A4028B}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - rus-->MsiExec.exe /I{2744791F-4E7C-32F5-AB40-AEC6A6C86DBF}
Microsoft .NET Framework 3.5 SP1-->C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:WINDOWS$NtUninstallWdf01007$spuninstspuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0419-0000-0000000FF1CE} /uninstall {37317C49-30C4-412C-B0B9-D95090F330D8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office Access MUI (Russian) 2007-->MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007-->MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007-->MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007-->MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007-->MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007-->MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007-->MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007-->MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007-->MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007-->MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007-->MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007-->MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007-->MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (2.0.0.4)-->C:Program FilesMozilla Firefoxuninstallhelper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Audio Driver-->C:WINDOWSsystem32nvuAudio.exe Uninstall C:WINDOWSsystem32NvAudio.nvu,NVIDIA Audio Driver
NVIDIA nForce Utilities-->C:WINDOWSsystem32rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:WINDOWSINFnvautils.inf
NVIDIA Windows 2000/XP nForce Drivers-->rundll32.exe C:WINDOWSsystem32NVNFINST.DLL,NvUninstallCrush
Opera 9.52-->MsiExec.exe /X{1A1A08FA-D01E-40AD-AC13-8CA48ACA0192}
Opera 9.62-->MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}
Remote Administrator v2.2-->C:Program FilesRadminuninstal.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Ericsson PC Suite 3.106.00-->C:Program FilesInstallShield Installation Information{2FFE93F0-BB72-4E52-8761-354D1AAA9387}Setup.exe -runfromtemp -l0x0019 -removeonly
Total Commander 7.04 PowerPack-->"C:Program FilesTotal Commanderuninstall.exe"
Traffic Inspector PE-->MsiExec.exe /I{2E2448C5-1ACC-41F3-A621-3285C23E904A}
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Unlocker 1.8.7-->C:Program FilesUnlockeruninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {6533B670-0073-4FAC-8EC7-F857AD665370}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {A7C6A9C6-5FB9-4B5A-8E72-63BAD4E91D11}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
XML Paper Specification Shared Components Language Pack 1.0-->"C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe"
Архиватор WinRAR-->C:Program FilesWinRARuninstall.exe
Белазар v.5.1-->"C:Program FilesBelazarunins000.exe"
Бесконечное путешествие-->C:WINDOWSIsUninstR.Exe -fd:games2D06~1DeIsL1.isu -cd:games2D06~1TLJ_RE~1.DLL
Исправление для Windows XP (KB961118)-->"C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe"
Критическое обновление для проигрывателя Windows Media 11 - (KB959772)-->"C:WINDOWS$NtUninstallKB959772_WM11$spuninstspuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB938127-v2)-->"C:WINDOWSie7updatesKB938127-v2-IE7spuninstspuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB961260)-->"C:WINDOWSie7updatesKB961260-IE7spuninstspuninst.exe"
Обновление безопасности для Windows Internet Explorer 7 (KB963027)-->"C:WINDOWSie7updatesKB963027-IE7spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB923561)-->"C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB938464-v2)-->"C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB946648)-->"C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB950974)-->"C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB951066)-->"C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB952004)-->"C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB952954)-->"C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB954459)-->"C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB954600)-->"C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB955069)-->"C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB956572)-->"C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB956802)-->"C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB956803)-->"C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB956841)-->"C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB957097)-->"C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB958644)-->"C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB958687)-->"C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB958690)-->"C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB959426)-->"C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB960225)-->"C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB960715)-->"C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB960803)-->"C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe"
Обновление безопасности для Windows XP (KB961373)-->"C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe"
Обновление безопасности для проигрывателя Windows Media - (KB952069)-->"C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe"
Обновление безопасности для проигрывателя Windows Media 11 - (KB954154)-->"C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe"
Обновление для Windows XP (KB955839)-->"C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe"
Обновление для Windows XP (KB967715)-->"C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe"
Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS-->c:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 - russetup.exe
Яндекс.Бар для Internet Explorer 3.5.4-->"C:Program FilesYandexYandexBarIEunins000.exe"
======System event log======
Computer Name: SNIPER
Event Code: 7036
Message: Служба "Совместимость быстрого переключения пользователей" перешла в состояние Работает.
Record Number: 2127
Source Name: Service Control Manager
Time Written: 20090525101026.000000+180
Event Type: информация
User:
Computer Name: SNIPER
Event Code: 7035
Message: Служба "Совместимость быстрого переключения пользователей" успешно отправила управляющий элемент "запустить".
Record Number: 2126
Source Name: Service Control Manager
Time Written: 20090525101026.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM
Computer Name: SNIPER
Event Code: 7036
Message: Служба "Службы терминалов" перешла в состояние Работает.
Record Number: 2125
Source Name: Service Control Manager
Time Written: 20090525101026.000000+180
Event Type: информация
User:
Computer Name: SNIPER
Event Code: 26
Message: Всплывающее окно приложения: : Machine Check: Regs
Record Number: 2124
Source Name: Application Popup
Time Written: 20090525101009.000000+180
Event Type: информация
User:
Computer Name: SNIPER
Event Code: 26
Message: Всплывающее окно приложения: : Machine Check:
Record Number: 2123
Source Name: Application Popup
Time Written: 20090525101009.000000+180
Event Type: информация
User:
=====Application event log=====
Computer Name: SNIPER
Event Code: 3
Message:
Record Number: 935
Source Name: TrafSvc
Time Written: 20090421215250.000000+180
Event Type:
User:
Computer Name: SNIPER
Event Code: 3
Message:
Record Number: 934
Source Name: TrafSvc
Time Written: 20090421215249.000000+180
Event Type:
User:
Computer Name: SNIPER
Event Code: 3
Message:
Record Number: 933
Source Name: TrafSvc
Time Written: 20090421215249.000000+180
Event Type:
User:
Computer Name: SNIPER
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.
Record Number: 932
Source Name: SecurityCenter
Time Written: 20090421215243.000000+180
Event Type: информация
User:
Computer Name: SNIPER
Event Code: 105
Message: The service was started.
Record Number: 931
Source Name: ATI Smart
Time Written: 20090421215234.000000+180
Event Type: информация
User:
======Environment variables======
"ComSpec"=%SystemRoot%system32cmd.exe
"Path"=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%TEMP
"TMP"=%SystemRoot%TEMP
EOF
log.txt
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Дима at 2009-06-14 20:15:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (24%) free of 10 GB
Total RAM: 767 MB (57% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:42, on 14.06.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSnotepad.exe
C:WINDOWSsystem32sstray.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe
C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:WINDOWSsystem32r_server.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesOperaopera.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsДимаРабочий столПрограммыRSIT.exe
C:Program Filestrend microДима.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: (no name) — {724d43a9-0d85-11d4-9908-00400523e39a} — C:Program FilesSiber SystemsAI RoboFormroboform.dll
O3 — Toolbar: (no name) — {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} — (no file)
O3 — Toolbar: &RoboForm — {724d43a0-0d85-11d4-9908-00400523e39a} — C:Program FilesSiber SystemsAI RoboFormroboform.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [nForce Tray Options] sstray.exe /r
O4 — HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe» -H
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe» /systray /nologon
O4 — HKCU..Run: [AlcoholAutomount] «C:Program FilesAlcohol SoftAlcohol 120axcmd.exe» /automount
O4 — HKCU..Run: [RoboForm] «C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [TuneUp OneClick Starter] C:Program FilesTuneUp Utilities 2008OneClickStarter.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘Default user’)
O4 — Global Startup: Total Commander.lnk = C:Program FilesTotal CommanderTotalcmd.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 — Extra context menu item: Заполнить формы — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O8 — Extra context menu item: Настроить Меню — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html
O8 — Extra context menu item: Сохранить формы — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O8 — Extra context menu item: Тулбар RoboForm — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra button: Заполнить — {320AF880-6646-11D3-ABEE-C5DBF3571F46} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 — Extra ‘Tools’ menuitem: Заполнить формы — {320AF880-6646-11D3-ABEE-C5DBF3571F46} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 — Extra button: Сохранить — {320AF880-6646-11D3-ABEE-C5DBF3571F49} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 — Extra ‘Tools’ menuitem: Сохранить формы — {320AF880-6646-11D3-ABEE-C5DBF3571F49} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 — Extra button: RoboForm — {724d43aa-0d85-11d4-9908-00400523e39a} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 — Extra ‘Tools’ menuitem: Тулбар RoboForm — {724d43aa-0d85-11d4-9908-00400523e39a} — file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Remote Administrator Service (r_server) — Unknown owner — C:WINDOWSsystem32r_server.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Traffic Inspector (TrafInspSrv) — Unknown owner — C:Program FilesTrafInspTrafInsp.exe (file missing)
O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software GmbH — C:WINDOWSSystem32TuneUpDefragService.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9786 bytes======Scheduled tasks folder======
C:WINDOWStasks1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 63136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-10-29 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{724d43a9-0d85-11d4-9908-00400523e39a}]
C:Program FilesSiber SystemsAI RoboFormroboform.dll [2009-05-07 5690184][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{3F5A62E2-51F2-11D3-A075-CC7364CAE42A}
{724d43a0-0d85-11d4-9908-00400523e39a} — &RoboForm — C:Program FilesSiber SystemsAI RoboFormroboform.dll [2009-05-07 5690184]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2008-10-16 1578248][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«nForce Tray Options»=sstray.exe /r []
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-05-03 344064]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2008-05-02 15872]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-04-10 6209208][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe [2007-11-20 356352]
«AlcoholAutomount»=C:Program FilesAlcohol SoftAlcohol 120axcmd.exe [2008-03-20 217544]
«RoboForm»=C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe [2009-05-07 160592]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-07-24 490952]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-10-20 479496]
«TuneUp OneClick Starter»=C:Program FilesTuneUp Utilities 2008OneClickStarter.exe [2008-06-20 903936]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Total Commander.lnk — C:Program FilesTotal CommanderTotalcmd.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2005-05-04 46080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSNetwork Diagnosticxpnetdiag.exe»=»C:WINDOWSNetwork Diagnosticxpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«D:GamesCSwar crafthl.exe»=»D:GamesCSwar crafthl.exe:*:Enabled:Half-Life Launcher»
«D:GamesHalf-Lifehl.exe»=»D:GamesHalf-Lifehl.exe:*:Enabled:ipsec»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesTotal CommanderTotalcmd.exe»=»C:Program FilesTotal CommanderTotalcmd.exe:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows»
«C:Program FilesMail.RuAgentmagent.exe»=»C:Program FilesMail.RuAgentmagent.exe:*:Enabled:Mail.Ru Агент»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:WINDOWSsystem32cmd.exe»=»C:WINDOWSsystem32cmd.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32Ati2evxx.exe»=»C:WINDOWSsystem32Ati2evxx.exe:*:Enabled:ipsec»
«C:Program FilesATI TechnologiesATI Control Panelatiprbxx.exe»=»C:Program FilesATI TechnologiesATI Control Panelatiprbxx.exe:*:Enabled:ipsec»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{35c37760-25e3-11de-9c14-806d6172696f}]
shellAutoRuncommand — E:AUTORUN.EXE======List of files/folders created in the last 1 months======
2009-06-08 16:03:09 —-A—- C:WINDOWSsystem32RootkitReveal.txt
2009-06-07 22:10:56 —-A—- C:WINDOWSsystem32TuneUpDefragService.exe
2009-06-07 22:07:23 —-D—- C:Documents and SettingsAll UsersApplication DataTuneUp Software
2009-06-07 22:06:46 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-06-07 21:11:44 —-D—- C:WINDOWS2E2448C51ACC41F3A6213285C23E904A.TMP
2009-06-07 20:08:56 —-D—- C:Program Filestrend micro
2009-06-07 20:08:55 —-D—- C:rsit
2009-06-07 18:08:14 —-RASHD—- C:autorun.inf
2009-06-07 17:17:15 —-D—- C:Config.Msi
2009-06-07 13:14:02 —-D—- C:Program FilesICQ6Toolbar
2009-06-07 13:14:02 —-D—- C:Documents and SettingsAll UsersApplication DataICQ
2009-06-07 13:13:26 —-D—- C:Documents and SettingsДимаApplication DataICQ
2009-06-07 13:12:42 —-D—- C:Program FilesICQ6
2009-06-06 20:28:41 —-A—- C:WINDOWSModemLog_Sony Ericsson Device 217 USB WMC Modem.txt
2009-06-06 16:45:25 —-A—- C:WINDOWSsystem32huffyuv.dll
2009-06-06 16:45:24 —-A—- C:WINDOWSsystem32x264vfw.dll
2009-06-06 16:45:24 —-A—- C:WINDOWSsystem32vp7vfw.dll
2009-06-02 19:22:01 —-A—- C:WINDOWSsystem32vp6vfw.dll
2009-06-02 19:22:01 —-A—- C:WINDOWSsystem32vp6install.exe
2009-06-02 19:21:58 —-A—- C:WINDOWSsystem32Vb5db.dll
2009-06-02 19:21:58 —-A—- C:WINDOWSsystem32msxml4a.dll
2009-06-02 19:21:58 —-A—- C:WINDOWSsystem32msvcr80.dll
2009-06-02 19:21:57 —-A—- C:WINDOWSsystem32msvcp80.dll
2009-06-02 19:21:57 —-A—- C:WINDOWSsystem32msvcp70d.dll
2009-06-02 19:21:56 —-A—- C:WINDOWSsystem32msvci70d.dll
2009-06-02 19:21:55 —-A—- C:WINDOWSsystem32eax.dll
2009-06-02 19:21:53 —-A—- C:WINDOWSsystem32xmltok.dll
2009-06-02 19:21:53 —-A—- C:WINDOWSsystem32xmlparse.dll
2009-06-02 19:21:53 —-A—- C:WINDOWSsystem32xmlinst.exe
2009-06-02 19:21:53 —-A—- C:WINDOWSsystem32Cc3250mt.dll
2009-06-02 19:21:53 —-A—- C:WINDOWSsystem32Borlndmm.dll
2009-06-02 17:13:59 —-D—- C:Documents and SettingsAll UsersApplication DataNokia
2009-06-02 17:10:22 —-D—- C:Documents and SettingsДимаApplication DataCommFort
2009-06-02 17:10:15 —-D—- C:Program FilesCommFort
2009-05-30 12:57:16 —-D—- C:Program FilesYandex
2009-05-30 12:57:16 —-D—- C:Program FilesCommon FilesYandex
2009-05-30 12:57:16 —-D—- C:Documents and SettingsДимаApplication DataYandex
2009-05-30 12:57:05 —-D—- C:Program FilesDAEMON Tools Lite
2009-05-30 12:55:07 —-D—- C:Documents and SettingsДимаApplication DataDAEMON Tools
2009-05-29 21:13:29 —-A—- C:WINDOWSIsUninstR.Exe
2009-05-29 21:05:24 —-A—- C:WINDOWSIsUninst.exe
2009-05-28 08:45:08 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-05-27 22:47:27 —-D—- C:Documents and SettingsAll UsersApplication DataBVRP Software
2009-05-27 18:43:17 —-D—- C:Documents and SettingsДимаApplication DataCommand & Conquer 3 Tiberium Wars Demo
2009-05-27 18:14:23 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft======List of files/folders modified in the last 1 months======
2009-06-14 20:15:27 —-D—- C:WINDOWSPrefetch
2009-06-14 20:11:34 —-D—- C:WINDOWSTemp
2009-06-14 20:09:55 —-A—- C:WINDOWSSchedLgU.Txt
2009-06-14 19:43:44 —-D—- C:WINDOWS
2009-06-13 11:26:34 —-A—- C:WINDOWSModemLog_Sony Ericsson Device 217 USB WMC Data Modem.txt
2009-06-13 11:05:35 —-D—- C:WINDOWSsystem32
2009-06-13 11:05:34 —-HD—- C:WINDOWSinf
2009-06-13 11:05:32 —-D—- C:WINDOWSsystem32CatRoot2
2009-06-12 11:16:19 —-A—- C:FONTLOG.TXT
2009-06-10 16:33:32 —-D—- C:Documents and SettingsДимаApplication DataAdobe
2009-06-08 16:23:44 —-A—- C:WINDOWSwin.ini
2009-06-08 15:47:22 —-D—- C:WINDOWSsystem32drivers
2009-06-08 11:39:18 —-D—- C:Documents and SettingsДимаApplication DataDesktopicon
2009-06-08 11:37:41 —-SHD—- C:System Volume Information
2009-06-08 11:37:41 —-D—- C:WINDOWSsystem32Restore
2009-06-08 11:16:20 —-D—- C:WINDOWSsystem32config
2009-06-07 22:09:57 —-D—- C:Program FilesTuneUp Utilities 2008
2009-06-07 22:09:07 —-SHD—- C:WINDOWSInstaller
2009-06-07 22:07:23 —-RD—- C:Program Files
2009-06-07 22:06:46 —-D—- C:Program FilesCommon Files
2009-06-07 21:12:13 —-HD—- C:Program FilesInstallShield Installation Information
2009-06-07 21:11:02 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-06-07 21:10:30 —-D—- C:WINDOWSWinSxS
2009-06-07 21:10:30 —-D—- C:Program FilesNokia
2009-06-07 17:29:43 —-D—- C:Program FilesK-Lite Codec Pack
2009-06-05 22:36:25 —-A—- C:WINDOWSsystem.ini
2009-06-04 22:49:10 —-D—- C:Documents and SettingsДимаApplication DataSkype
2009-06-04 22:23:46 —-D—- C:Documents and SettingsДимаApplication DataskypePM
2009-06-02 19:22:11 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-06-02 19:21:47 —-RSD—- C:WINDOWSFonts
2009-05-30 17:15:04 —-D—- C:Program FilesCommon FilesInstallShield
2009-05-29 20:20:58 —-SD—- C:Documents and SettingsДимаApplication DataMicrosoft
2009-05-29 15:04:50 —-D—- C:Program FilesFar
2009-05-27 18:41:55 —-D—- C:WINDOWSsystem32CatRoot
2009-05-27 18:40:02 —-D—- C:WINDOWSsystem32DirectX
2009-05-27 18:36:27 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-05-27 18:28:39 —-D—- C:Program FilesCommon FilesSystem
2009-05-27 18:19:50 —-D—- C:Program FilesUnlocker
2009-05-27 18:17:23 —-D—- C:Program FilesWindows Media Connect 2
2009-05-27 18:16:50 —-D—- C:WINDOWSMinidump======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys [2008-07-18 41984]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [2002-07-17 16877]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-07-08 62848]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-07-18 60800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-05-04 1133056]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2008-07-18 2944]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-07-18 61824]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:WINDOWSsystem32driversnvax.sys [2003-03-19 29696]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:WINDOWSsystem32driversnvapu.sys [2003-03-19 280704]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2008-07-18 20992]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-07-18 30336]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-07-18 17152]
S1 wceusbsh;Драйвер последовательного USB для Windows CE; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2008-07-18 31872]
S3 atcbjtu4;atcbjtu4; C:WINDOWSsystem32driversatcbjtu4.sys []
S3 azy90kch;azy90kch; C:WINDOWSsystem32driversazy90kch.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:WINDOWSsystem32DRIVERSggflt.sys [2008-09-24 10976]
S3 ggsemc;SEMC USB Flash Driver; C:WINDOWSsystem32DRIVERSggsemc.sys [2008-09-24 22368]
S3 GT680x;BearPaw 2448CS Plus Usb Scanner; C:WINDOWSSystem32DriversGt680x.sys [2006-06-16 12416]
S3 GVCplDrv;GVCplDrv; C:WINDOWSsystem32driversGVCplDrv.sys [2004-05-02 23040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys []
S3 s217bus;Sony Ericsson Device 217 driver (WDM); C:WINDOWSsystem32DRIVERSs217bus.sys [2007-11-02 83496]
S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs217mdfl.sys [2007-11-02 15016]
S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs217mdm.sys [2007-11-02 109992]
S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs217mgmt.sys [2007-11-02 103976]
S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS); C:WINDOWSsystem32DRIVERSs217nd5.sys [2007-11-02 24872]
S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs217obex.sys [2007-11-02 100008]
S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM); C:WINDOWSsystem32DRIVERSs217unic.sys [2007-11-02 105896]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:WINDOWSsystem32DRIVERSs716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:WINDOWSsystem32DRIVERSs716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:WINDOWSsystem32DRIVERSs716unic.sys [2007-04-04 98952]
S3 ticapdrv;Traffic Inspector network driver; C:WINDOWSsystem32DRIVERSticap.sys []
S3 TMETER;TMeter Service; C:WINDOWSsystem32DRIVERSTMETER.sys []
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-07-18 32384]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-07-18 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-07-18 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-05-04 364544]
R2 r_server;Remote Administrator Service; C:WINDOWSsystem32r_server.exe [2004-06-16 708608]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2005-05-03 516096]
S2 TrafInspSrv;Traffic Inspector; C:Program FilesTrafInspTrafInsp.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2009-06-07 355584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
p.s. Ссылка на скачивание OTMoveIt3 by oldtimer битая, пишет страница не найдена, пришлось искать через поисковик. Вот вам новая ссылка http://virusnet.info/soft/OTMoveIt3.exe
и flasdetecter’om я пользуюсь. Он у меня есть на всех дисках, кроме того на котором найдем тот вирус ренафи, незнаю почему.
Лог выглядит нормально.
p.s. Ссылка на скачивание OTMoveIt3 by oldtimer битая, пишет страница не найдена, пришлось искать через поисковик. Вот вам новая ссылка
Это не официальная ссылка. К сожалению автор программы убрал её из свободного доступа.
DrWeb находит сейчас что-либо ?
- Для ответа в этой теме необходимо авторизоваться.
