- This topic has 1 ответ, 2 участника, and was last updated 16 years, 1 month назад by
.
Просмотр 2 сообщений - с 1 по 2 (из 2 всего)
-
Сообщения
-
На рабочем компьютере обнаружил файл 0 байт khq и системный процесс csrsc.exe. Антивирус стоит NOD32, но он не видит вирус. Оказывается эта гадость расползлась по всем компьютерам.
Логи с моего.
Спасибо.Logfile of random's system information tool 1.06 (written by random/random)
Run by Dima at 2009-08-31 15:34:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (26%) free of 50 GB
Total RAM: 2047 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:37, on 31.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program Files2gisUpdateClientWin32UpdateClientService.exe
C:Program FilesCobian Backup 9cbService.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Documents and SettingsAll UsersApplication DataEPSONEPW!3 SSRPE_S30RP1.EXE
C:Program FilesESETESET Remote AdministratorServerera.exe
C:WINDOWSsystem32nhsrvice.exe
C:WINDOWSsystem32hasplms.exe
C:Program FilesJavajre6binjqs.exe
C:PROGRA~1MI6841~1MSSQLbinnsqlservr.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCDBurnerXPNMSAccessU.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32tlntsvr.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.exe
C:Program FilesrnqR&Q.exe
C:WINDOWSsystem32SUPDSvc.exe
C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGraphtecGraphtec Network UtilityConnect.exe
C:Program FilesScanning Master 21 PlusSMASTER.EXE
C:Program FilesAdobeReader 8.0ReaderAcroRd32.exe
C:PROGRA~1SunXVMVIR~1VBoxSVC.exe
C:PROGRA~1SunXVMVIR~1VirtualBox.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTotal CommanderTotalcmd.exe
C:Documents and SettingsDimaРабочий столRSIT.exe
C:Program Filestrend microDima.exe
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = socks=
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Trustpilot.Toolbar.Guard - {5260b01f-6c6d-43af-ba6d-46dc0cb73a3e} - mscoree.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: FieryAds advertising module v1.5.0 - {CF272101-7F6E-4CF2-9453-B4C5D2FC32C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [2gis update client UI] "C:Program Files2gisUpdateClientWin32UpdateClientUI.exe" -minimized
O4 - HKLM..Run: [egui] "C:Program FilesESETESET NOD32 Antivirusegui.exe" /hide /waitservice
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [EPSON Stylus Photo R270 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIBNP.EXE /FU "C:WINDOWSTEMPE_S479.tmp" /EF "HKCU"
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-21-152193461-3311493758-2939073326-1011..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User 'test')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Startup: Graphtec Network Utility.lnk = C:Program FilesGraphtecGraphtec Network UtilityCostart.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O17 - HKLMSystemCCSServicesTcpip..{917197EB-EE18-4A4B-BCA1-A14787FE445F}: NameServer = 208.67.222.222,192.168.0.2
O23 - Service: 2GIS UpdateClientService - ДубльГИС - C:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:WINDOWSATKKBService.exe (file missing)
O23 - Service: Служба Cobian Backup 9 (CobianBackupAmanita) - Luis Cobian - C:Program FilesCobian Backup 9cbService.exe
O23 - Service: Courier Mail Server (CourierMS) - Unknown owner - D:MailCourierMS.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:Documents and SettingsAll UsersApplication DataEPSONEPW!3 SSRPE_S30RP1.EXE
O23 - Service: ESET RA HTTP Server (ERA_HTTP_SERVER) - ESET - C:Program FilesESETESET Remote AdministratorServerEHttpSrv.exe
O23 - Service: ESET Remote Administrator Server (ERA_SERVER) - ESET - C:Program FilesESETESET Remote AdministratorServerera.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:WINDOWSsystem32services.exe
O23 - Service: HASP Loader - Aladdin Knowledge Systems Ltd. - C:WINDOWSsystem32nhsrvice.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:WINDOWSsystem32hasplms.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:WINDOWSsystem32imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:WINDOWSsystem32mnmsrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:Program FilesCDBurnerXPNMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:WINDOWSsystem32services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:WINDOWSsystem32sessmgr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:WINDOWSsystem32SUPDSvc.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:WINDOWSSystem32SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:WINDOWSsystem32smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Корпорация Майкрософт - C:WINDOWSsystem32tlntsvr.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:WINDOWSSystem32vssvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:Program FilesTightVNCWinVNC.exe (file missing)
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:WINDOWSsystem32wbemwmiapsrv.exe
--
End of file - 8993 bytes
======Scheduled tasks folder======
C:WINDOWStasksshut.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5260b01f-6c6d-43af-ba6d-46dc0cb73a3e}]
Trustpilot.Toolbar.Guard - C:WINDOWSsystem32mscoree.dll [2005-09-23 270848]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:PROGRA~1SPYBOT~1SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:Program FilesJavajre6binssv.dll [2009-01-19 320920]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CF272101-7F6E-4CF2-9453-B4C5D2FC32C0}]
FieryAds advertising module v1.5.0
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:Program FilesJavajre6binjp2ssv.dll [2009-01-19 34816]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-01-19 73728]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-21 368640]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:WINDOWSsystem32NvMcTray.dll [2007-09-16 81920]
"2gis update client UI"=C:Program Files2gisUpdateClientWin32UpdateClientUI.exe [2008-09-17 4055040]
"egui"=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-10-24 1451264]
"NvCplDaemon"=C:WINDOWSsystem32NvCpl.dll [2007-09-16 8491008]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"=C:WINDOWSsystem32ctfmon.exe [2006-03-02 15360]
"EPSON Stylus Photo R270 Series"=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIBNP.EXE [2006-05-19 139264]
"SpybotSD TeaTimer"=C:Program FilesSpybot - Search & DestroyTeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
C:WINDOWSALCMTR.EXE [2005-05-03 69632]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUSGamerOSD]
C:Program FilesASUSGamerOSDGamerOSD.exe []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCobian Backup 9 interface]
C:Program FilesCobian Backup 9cbInterface.exe [2009-01-22 2749952]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregComodoBackup]
C:Program FilesComodoBackUpCmdBackUp.exe tray []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSsystem32NvCpl.dll [2007-09-16 8491008]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
C:WINDOWSRTHDCPL.EXE [2007-03-21 16126464]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUDC Integration]
[]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
C:Program FilesUnlockerUnlockerAssistant.exe -H []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregvmware-tray]
C:Program FilesVMwareVMware Workstationvmware-tray.exe []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinVNC]
C:Program FilesTightVNCWinVNC.exe -servicehelper []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Service Manager.lnk]
C:PROGRA~1MI6841~180ToolsBinnsqlmangr.exe [2000-08-06 69632]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Windows Search.lnk]
C:PROGRA~1WINDOW~4WINDOW~1.EXE /startup []
C:Documents and SettingsDimaГлавное менюПрограммыАвтозагрузка
Graphtec Network Utility.lnk - C:Program FilesGraphtecGraphtec Network UtilityCostart.exe
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"="C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:Program FilesPacket Tracer 5.0binPacketTracer5.exe"="C:Program FilesPacket Tracer 5.0binPacketTracer5.exe:*:Enabled:PacketTracer5"
"E:iperf.exe"="E:iperf.exe:*:Enabled:iperf"
"C:Program FilesSunxVM VirtualBoxVirtualBox.exe"="C:Program FilesSunxVM VirtualBoxVirtualBox.exe:*:Enabled:VirtualBox"
"C:Program FilesCyberLinkPCM4EverioPCM4Everio.exe"="C:Program FilesCyberLinkPCM4EverioPCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:Program FilesCyberLinkPCM4EverioEverioService.exe"="C:Program FilesCyberLinkPCM4EverioEverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:Program FilesCyberLinkPowerDirector ExpressPDX.exe"="C:Program FilesCyberLinkPowerDirector ExpressPDX.exe:*:Enabled:CyberLink PowerDirector Express"
"C:Program FilesGraphtecGraphtec Network UtilityConnect.exe"="C:Program FilesGraphtecGraphtec Network UtilityConnect.exe:*:Enabled:Graphtec Network Utility"
"C:WINDOWSsystem32SUPDSvc.exe"="C:WINDOWSsystem32SUPDSvc.exe:*:Enabled:Samsung UPD Service"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{48a8794f-06e7-11de-b847-00221527bc2f}]
shellAutoplaycommand - icondrv.exe
shellAutoRuncommand - icondrv.exe
shellopencommand - icondrv.exe
======List of files/folders created in the last 1 months======
2009-08-31 15:33:01 ----D---- C:Program Filestrend micro
2009-08-31 15:32:59 ----D---- C:rsit
2009-08-31 12:59:29 ----A---- C:WINDOWSssndii.exe
2009-08-31 12:59:28 ----A---- C:WINDOWSsystem32msxml2a.dll
2009-08-31 12:59:27 ----D---- C:WINDOWSSamsung
2009-08-31 12:58:35 ----A---- C:WINDOWSsystem32SUPDSvcA.dll
2009-08-31 12:58:35 ----A---- C:WINDOWSsystem32SUPDSvc.exe
2009-08-31 12:58:34 ----A---- C:WINDOWSsystem32spd__l3.dll
2009-08-31 12:58:34 ----A---- C:WINDOWSsystem32spd__ci.exe
2009-08-31 12:58:34 ----A---- C:WINDOWSsystem32spd__ci.dll
2009-08-31 12:58:34 ----A---- C:WINDOWSsystem32SIPDUtil.dll
2009-08-31 12:58:34 ----A---- C:WINDOWSsystem32DscPnt1.dll
2009-08-31 12:58:34 ----A---- C:WINDOWSsystem32DscPnt0.dll
2009-08-31 12:58:34 ----A---- C:WINDOWSsystem32DscPnt.dll
2009-08-31 12:58:21 ----D---- C:Program FilesSamsung
2009-08-31 11:40:19 ----D---- C:WINDOWSLastGood
2009-08-31 08:21:48 ----D---- C:Program FilesSun
2009-08-28 10:01:14 ----D---- C:Documents and SettingsAll UsersApplication DataSCAD Soft
2009-08-27 18:02:04 ----D---- C:Program FilesSoftLogica
2009-08-27 09:09:21 ----D---- C:ConsLocalUserData
2009-08-26 14:58:56 ----D---- C:Program Files2gis
2009-08-26 14:52:13 ----D---- C:ConsUserData
2009-08-26 10:01:41 ----D---- C:Program FilesTotal Commander
2009-08-25 14:07:25 ----A---- C:WINDOWSsystem32hpipn6fh.dll
2009-08-25 14:07:24 ----A---- C:WINDOWSsystem32hpic36fh.dll
2009-08-25 14:02:34 ----D---- C:Program FilesHPDesignjetT610PrinterSeries
2009-08-25 10:40:13 ----D---- C:Program Files3proxy
2009-08-24 15:54:33 ----D---- C:Program FilesToucan
2009-08-24 11:32:49 ----D---- C:Documents and SettingsDimaApplication DatannBackup
2009-08-24 11:29:02 ----D---- C:Program FilesnnCron
2009-08-24 11:18:51 ----D---- C:Documents and SettingsDimaApplication DataComodo
2009-08-24 11:18:23 ----D---- C:Program FilesComodo
2009-08-24 11:07:04 ----A---- C:WINDOWSsystem32myodbc-installer.exe
2009-08-24 11:07:04 ----A---- C:WINDOWSsystem32myodbc5S.dll
2009-08-24 11:07:04 ----A---- C:WINDOWSsystem32myodbc5.dll
2009-08-24 11:06:54 ----D---- C:Program FilesZmanda
2009-08-24 10:08:15 ----D---- C:Documents and SettingsAll UsersApplication DataSoftland
2009-08-24 10:08:05 ----D---- C:Documents and SettingsDimaApplication DataSoftland
2009-08-24 09:31:06 ----D---- C:Program FilesCobian Backup 9
2009-08-22 01:00:00 ----A---- C:WINDOWSsystem32DevCon.exe
2009-08-22 00:15:28 ----A---- C:WINDOWSsystem32B4FM.dll
2009-08-18 17:28:03 ----D---- C:Program FilesSwitch Off
2009-08-18 09:59:22 ----A---- C:WINDOWSsystem32hasplms.exe
2009-08-18 09:59:12 ----A---- C:WINDOWSsystem32aksllmtp.exe
2009-08-18 09:58:59 ----A---- C:WINDOWSsystem32aksusb2.dll
2009-08-18 09:58:59 ----A---- C:WINDOWSsystem32akshsp50.dll
2009-08-18 09:58:59 ----A---- C:WINDOWSsystem32akshhl26.dll
2009-08-18 09:58:56 ----A---- C:WINDOWSsystem32nhsrvice.exe
2009-08-17 10:36:26 ----A---- C:WINDOWShpntwksetup.ini
2009-08-14 11:48:41 ----D---- C:WINDOWSsystem32LogFiles
2009-08-13 11:36:42 ----D---- C:Program FilesFotosizer
2009-08-05 16:20:08 ----A---- C:WINDOWSsystem32VBoxNetFltNotify.dll
======List of files/folders modified in the last 1 months======
2009-08-31 15:33:01 ----RD---- C:Program Files
2009-08-31 15:14:18 ----D---- C:WINDOWSTemp
2009-08-31 15:02:03 ----D---- C:Program FilesMozilla Firefox
2009-08-31 14:41:16 ----D---- C:WINDOWSPrefetch
2009-08-31 14:38:36 ----SHD---- C:System Volume Information
2009-08-31 14:33:38 ----D---- C:WINDOWSsystem32
2009-08-31 12:59:39 ----RSHDC---- C:WINDOWSsystem32dllcache
2009-08-31 12:59:29 ----D---- C:WINDOWS
2009-08-31 12:58:46 ----HD---- C:WINDOWSinf
2009-08-31 11:40:19 ----D---- C:WINDOWSsystem32drivers
2009-08-31 11:40:16 ----D---- C:WINDOWSsystem32CatRoot2
2009-08-31 08:25:59 ----A---- C:WINDOWSntbtlog.txt
2009-08-31 08:24:24 ----A---- C:WINDOWSSchedLgU.Txt
2009-08-31 08:22:29 ----SHD---- C:WINDOWSInstaller
2009-08-31 08:22:27 ----DC---- C:WINDOWSsystem32DRVSTORE
2009-08-28 12:42:37 ----D---- C:Program FilesWinRAR
2009-08-28 10:46:24 ----D---- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-08-28 10:40:51 ----D---- C:Program FilesCommon FilesMicrosoft Shared
2009-08-28 10:02:00 ----D---- C:Program FilesCommon Files
2009-08-28 10:01:14 ----HD---- C:Program FilesInstallShield Installation Information
2009-08-28 09:52:32 ----D---- C:Documents and SettingsDimaApplication DataFileZilla
2009-08-27 17:24:59 ----D---- C:Program FilesMozilla Thunderbird
2009-08-27 12:25:45 ----RASH---- C:boot.ini
2009-08-27 12:25:45 ----A---- C:WINDOWSwin.ini
2009-08-27 12:25:45 ----A---- C:WINDOWSsystem.ini
2009-08-27 12:25:44 ----D---- C:WINDOWSpss
2009-08-26 17:21:18 ----D---- C:Program FilesScanning Master 21 Plus
2009-08-25 14:08:03 ----D---- C:Program FilesHewlett-Packard
2009-08-25 12:56:59 ----D---- C:WINDOWSsecurity
2009-08-25 08:34:14 ----D---- C:Program FilesSpybot - Search & Destroy
2009-08-24 11:07:04 ----A---- C:WINDOWSODBCINST.INI
2009-08-24 10:13:21 ----D---- C:Program FilesSoftland
2009-08-24 10:13:13 ----SD---- C:WINDOWSTasks
2009-08-20 17:06:40 ----D---- C:Program FilesEPSON Print CD
2009-08-19 15:09:52 ----SHD---- C:WINDOWSCSC
2009-08-13 11:32:31 ----D---- C:Program FilesElcomSoft
2009-08-13 11:32:24 ----A---- C:WINDOWSAPDFPRP.INI
2009-08-10 16:42:56 ----D---- C:Documents and SettingsDimaApplication DataXnView
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-10-24 53256]
R1 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-10-24 34824]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-03-02 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R1 uzg4njgz;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzg4njgz.sys []
R1 VBoxDrv;VirtualBox Service; C:WINDOWSsystem32DRIVERSVBoxDrv.sys [2009-08-05 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:WINDOWSsystem32DRIVERSVBoxUSBMon.sys [2009-08-05 41424]
R2 aksfridge;HASP Fridge; C:WINDOWSsystem32DRIVERSaksfridge.sys [2008-03-18 350720]
R2 Consult;Consult; ??C:WINDOWSsystem32driversConsult.sys []
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-10-24 39944]
R2 Hardlock;Hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 sxuptp;Graphtec Network Driver; C:WINDOWSsystem32DRIVERSsxuptp.sys [2007-08-29 79976]
R3 akshasp;Aladdin HASP Key; C:WINDOWSsystem32DRIVERSakshasp.sys [2007-07-05 238976]
R3 akshhl;Aladdin HASP HL Key; C:WINDOWSsystem32DRIVERSakshhl.sys [2007-07-23 46336]
R3 aksusb;Aladdin USB Key; C:WINDOWSsystem32DRIVERSaksusb.sys [2007-07-05 14976]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:WINDOWSsystem32driversasusgsb.sys [2007-07-12 12416]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:WINDOWSsystem32DRIVERSl151x86.sys [2007-11-01 36864]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2006-03-02 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-03-26 4395008]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2006-03-02 12160]
R3 mpfilt;mpfilt; ??C:WINDOWSsystem32driversmpfilt.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-09-16 6853088]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-04 20480]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:WINDOWSsystem32DRIVERSVBoxNetAdp.sys [2009-08-05 91472]
R3 VBoxNetFlt;VBoxNetFlt Service; C:WINDOWSsystem32DRIVERSVBoxNetFlt.sys [2009-08-05 99472]
R4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2006-03-02 73472]
S1 asuskbnt;Enhanced Display Driver Helper Service; C:WINDOWSsystem32driversatkkbnt.sys []
S2 DgiVecp;DgiVecp; ??C:WINDOWSsystem32DriversDgiVecp.sys []
S2 SSPORT;SSPORT; ??C:WINDOWSsystem32DriversSSPORT.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 Dot4;Драйвер MS IEEE-1284.4; C:WINDOWSsystem32DRIVERSDot4.sys [2004-08-03 207360]
S3 Dot4Print;Драйвер класса принтеров для IEEE-1284.4; C:WINDOWSsystem32DRIVERSDot4Prt.sys [2001-08-17 12928]
S3 dot4ufd;HP Dot4USB Filter; C:WINDOWSsystem32DRIVERShppaufd0.sys [2008-05-08 16800]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 nm;Драйвер сетевого монитора; C:WINDOWSsystem32DRIVERSNMnt.sys [2006-03-02 40320]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro; C:WINDOWSsystem32DRIVERSSNTNLUSB.SYS [2007-04-27 35328]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 VBoxUSB;VirtualBox USB; C:WINDOWSSystem32DriversVBoxUSB.sys [2009-08-05 32016]
S3 Video3D;ASUS Video3D Service; C:WINDOWSSystem32DriversVideo3D32.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:WINDOWSsystem32DRIVERSvmnetadapter.sys []
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:WINDOWSsystem32DRIVERSZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:WINDOWSsystem32DRIVERSZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:WINDOWSsystem32DRIVERSZTEusbser6k.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2006-03-02 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 2GIS UpdateClientService;2GIS UpdateClientService; C:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 CobianBackupAmanita;Служба Cobian Backup 9; C:Program FilesCobian Backup 9cbService.exe [2009-01-22 583168]
R2 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-10-24 19200]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-10-24 468224]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:Documents and SettingsAll UsersApplication DataEPSONEPW!3 SSRPE_S30RP1.EXE [2006-04-18 102400]
R2 ERA_SERVER;ESET Remote Administrator Server; C:Program FilesESETESET Remote AdministratorServerera.exe [2008-06-17 1291520]
R2 HASP Loader;HASP Loader; C:WINDOWSsystem32nhsrvice.exe [2008-04-25 249856]
R2 hasplms;HASP License Manager; C:WINDOWSsystem32hasplms.exe [2008-03-19 2558464]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-01-19 152984]
R2 MSSQLSERVER;MSSQLSERVER; C:PROGRA~1MI6841~1MSSQLbinnsqlservr.exe [2000-08-06 7442493]
R2 Net Driver HPZ12;Net Driver HPZ12; C:WINDOWSSystem32svchost.exe [2006-03-02 14336]
R2 NMSAccessU;NMSAccessU; C:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-09-16 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSSystem32svchost.exe [2006-03-02 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2006-12-20 272024]
R3 Samsung UPD Service;Samsung UPD Service; C:WINDOWSsystem32SUPDSvc.exe [2009-03-24 127656]
S2 ATKKeyboardService;ATK Keyboard Service; C:WINDOWSATKKBService.exe []
S2 CourierMS;Courier Mail Server; D:MailCourierMS.exe /service []
S2 winvnc;VNC Server; C:Program FilesTightVNCWinVNC.exe -service []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 ERA_HTTP_SERVER;ESET RA HTTP Server; C:Program FilesESETESET Remote AdministratorServerEHttpSrv.exe [2008-06-17 75008]
S3 HP Port Resolver;HP Port Resolver; C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [2000-08-06 65602]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:PROGRA~1MI6841~1MSSQLbinnsqlagent.exe [2000-08-06 303170]
info.txt logfile of random's system information tool 1.06 2009-08-31 15:33:25
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
2007 Microsoft Office system-->"C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
7-Zip 4.42-->MsiExec.exe /I{23170F69-40C1-2701-0442-000001000000}
7-Zip 4.65-->"C:Program Files7-ZipUninstall.exe"
Adobe Flash Player 10 ActiveX-->C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin-->C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6E19F210-3813-4002-B561-94D66AA182B6}Setup.exe" -l0x9 -removeonly
Attansic Ethernet Utility-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{1F698102-5739-441E-96F0-74F4EA540F06}setup.exe" -l0x9 -removeonly
Bricscad 8.2-->C:Program FilesInstallShield Installation Information{DD551D95-9478-4A6C-B1C9-E8DC09299911}setup.exe -runfromtemp -l0x0019 -removeonly
Bricscad 9.2-->C:Program FilesInstallShield Installation Information{D28D2C69-3482-4CCB-A994-61DFF3B45354}setup.exe -runfromtemp -l0x0019 -removeonly
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}SETUP.EXE" -l0x19 UNINST
CDBurnerXP-->"C:Program FilesCDBurnerXPunins000.exe"
Cisco Packet Tracer 5.2-->"C:Program FilesPacket Tracer 5.2unins000.exe"
Cobian Backup 9-->C:Program FilesCobian Backup 9cbUninstall.exe
doPDF 6.2 printer-->"C:Program FilesSoftlanddoPDF 6unins000.exe"
EPSON Attach To Email-->C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}SETUP.EXE" -l0x19 UNINST
EPSON File Manager-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{2EB81825-E9EE-44F4-8F51-1240C3898DC6}Setup.exe" -l0x19 UNINST
EPSON Print CD-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}SETUP.EXE" -l0x19 -SYSTEM
EPSON Printer Software-->C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}Setup.exe" -l0x19 -u
EPSON Web-To-Page-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}SETUP.EXE" -l0x19 -anything
ESET NOD32 Antivirus-->MsiExec.exe /I{FBDB29C1-D297-4996-938E-F1590EF6C000}
ESET Remote Administrator Console-->MsiExec.exe /I{EB678624-04F2-47BB-89B8-A0ED4E53CF37}
ESET Remote Administrator Server-->MsiExec.exe /I{FE170A5D-2CF6-4EEA-9BCE-8A775A08655A}
ESPR270 Руководство пользователя-->C:Program FilesEPSONTPMANUALESPR270RUSUSE_GDOCUNINS.EXE
Fotosizer 1.25-->C:Program FilesFotosizeruninst.exe
Graphtec Network Utility-->C:Program FilesGraphtecGraphtec Network UtilityCouninst.exe
HASP License Manager-->C:WINDOWSsystem32UNWISE.EXE C:WINDOWSsystem32hasplm.log
High Definition Audio Driver Package - KB888111-->"C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe"
HijackThis 2.0.2-->"C:Program Filestrend microHijackThis.exe" /uninstall
Hotfix for Windows XP (KB915800-v4)-->"C:WINDOWS$NtUninstallKB915800-v4$spuninstspuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:WINDOWS$NtUninstallKB915865$spuninstspuninst.exe"
HP Designjet T610 Printer Series-->"C:Program FilesHewlett-PackardInstall EnginesHP Designjet T610 Printer Seriessetup.exe" /x
HP LaserJet M5035 MFP PCL 5,HP LaserJet M5025 MFP PCL 5 [HP LaserJet M5025 MFP PCL 5]-->"C:Program FilesCommon FilesHewlett-PackardHPDIU 2.5HPDIU_Uninstall.exe" /d "HP LaserJet M5035 MFP PCL 5,HP LaserJet M5025 MFP PCL 5" /m "ARP"
HP LaserJet M5035 MFP PCL 6,HP LaserJet M5025 MFP PCL 6 [HP LaserJet M5025 MFP PCL 6]-->"C:Program FilesCommon FilesHewlett-PackardHPDIU 2.5HPDIU_Uninstall.exe" /d "HP LaserJet M5035 MFP PCL 6,HP LaserJet M5025 MFP PCL 6" /m "ARP"
HP USB Disk Storage Format Tool-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}Setup.exe" -l0x9
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Mega Codec Pack 4.7.5-->"C:Program FilesK-Lite Codec Packunins000.exe"
marvell 61xx-->C:Program FilesMarvell61xxuninst-61xx.exe
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Office Access MUI (Russian) 2007-->MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office Excel MUI (Russian) 2007-->MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007-->MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007-->MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007-->MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007-->MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007-->MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007-->MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007-->MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007-->MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft SQL Server 2000-->C:WINDOWSIsUninst.exe -f"C:Program FilesMicrosoft SQL ServerMSSQLUninst.isu" -c"C:Program FilesMicrosoft SQL ServerMSSQLsqlsun.dll" -msql.mif i=MSSQLSERVER
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.5.2)-->C:Program FilesMozilla Firefoxuninstallhelper.exe
Mozilla Thunderbird (2.0.0.19)-->C:Program FilesMozilla Thunderbirduninstallhelper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Notepad++-->C:Program FilesNotepad++uninstall.exe
NVIDIA Drivers-->C:WINDOWSsystem32nvudisp.exe UninstallGUI
pdfsam-->C:Program Filespdfsamuninstall.exe
PowerDirector Express-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{EDE721EC-870A-11D8-9D75-000129760D75}setup.exe" -uninstall
PowerProducer-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{B7A0CE06-068E-11D6-97FD-0050BACBF861}setup.exe" -uninstall
Realtek High Definition Audio Driver-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}setup.exe" -l0x19 -removeonly
Samsung Universal Print Driver-->C:Program FilesSamsungSamsung Universal Print DriverInstallSetup.exe /R
Scanning Master 21+-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{486449C5-D9EC-438B-B940-B8D42DF28B1D}setup.exe" -l0x19 -uninst -removeonly
Spybot - Search & Destroy-->"C:Program FilesSpybot - Search & Destroyunins000.exe"
Sun xVM VirtualBox-->MsiExec.exe /I{CD41004C-3C24-45E2-9D66-1ADB3EC678A6}
Swiff Player 1.5-->"C:Program FilesGlobFXSwiff Playerunins000.exe"
Switch Off-->"C:Program FilesSwitch Offuninstall.exe"
Total Commander 7.50 PowerPack-->"C:Program FilesTotal Commanderuninstall.exe"
Web-регистрация HP-->MsiExec.exe /X{CA5710C5-184C-4294-8848-871431EA80FB}
Windows Installer 3.1 (KB893803)-->"C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe"
Windows PowerShell(TM) 1.0-->"C:WINDOWS$NtUninstallKB926140-v5$spuninstspuninst.exe"
XRECODE-->"C:Program FilesXRECODEunins000.exe"
Данные ДубльГИС г.Самара 01.08.2009-->MsiExec.exe /X{15BB95AD-894B-4F7D-B28E-EC1A0FAE75B2}
ДубльГИС 3.0.5.4-->MsiExec.exe /X{67A1DF48-1CEA-468C-ADAA-74BA915437D8}
Обновление для Windows XP (KB898461)-->"C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe"
Центр обновлений ДубльГИС-->MsiExec.exe /X{2FB165EB-69C0-416D-9B4E-E805ABC8CB1F}
======Hosts File======
192.168.0.125 mailserver.avr.ru
======Security center information======
AV: ESET NOD32 Antivirus 3.0 (disabled)
======System event log======
Computer Name: ADMINISTRATOR
Event Code: 3019
Message: Перенаправитель не смог определить тип подключения.
Record Number: 12577
Source Name: MRxSmb
Time Written: 20090804110258.000000+300
Event Type: предупреждение
User:
Computer Name: ADMINISTRATOR
Event Code: 3019
Message: Перенаправитель не смог определить тип подключения.
Record Number: 12576
Source Name: MRxSmb
Time Written: 20090804110258.000000+300
Event Type: предупреждение
User:
Computer Name: ADMINISTRATOR
Event Code: 7036
Message: Служба "Служба COM записи компакт-дисков IMAPI" перешла в состояние Остановлена.
Record Number: 12575
Source Name: Service Control Manager
Time Written: 20090804105816.000000+300
Event Type: информация
User:
Computer Name: ADMINISTRATOR
Event Code: 7035
Message: Служба "Служба COM записи компакт-дисков IMAPI" успешно отправила управляющий элемент "запустить".
Record Number: 12574
Source Name: Service Control Manager
Time Written: 20090804105808.000000+300
Event Type: информация
User: NT AUTHORITYSYSTEM
Computer Name: ADMINISTRATOR
Event Code: 7036
Message: Служба "Служба COM записи компакт-дисков IMAPI" перешла в состояние Работает.
Record Number: 12573
Source Name: Service Control Manager
Time Written: 20090804105808.000000+300
Event Type: информация
User:
=====Application event log=====
Computer Name: ADMINISTRATOR
Event Code: 17055
Message: 17124 :
SQL Server configured for thread mode processing.
Record Number: 2514
Source Name: MSSQLSERVER
Time Written: 20090701141945.000000+300
Event Type: информация
User:
Computer Name: ADMINISTRATOR
Event Code: 17055
Message: 17162 :
SQL Server is starting at priority class 'normal'(2 CPUs detected).
Record Number: 2513
Source Name: MSSQLSERVER
Time Written: 20090701141945.000000+300
Event Type: информация
User:
Computer Name: ADMINISTRATOR
Event Code: 17055
Message: 17104 :
Server Process ID is 2144.
Record Number: 2512
Source Name: MSSQLSERVER
Time Written: 20090701141945.000000+300
Event Type: информация
User:
Computer Name: ADMINISTRATOR
Event Code: 17055
Message: 17052 :
Microsoft SQL Server 2000 - 8.00.194 (Intel X86)
Aug 6 2000 00:57:48
Copyright (c) 1988-2000 Microsoft Corporation
Developer Edition on Windows NT 5.1 (Build 2600: Service Pack 2)
Record Number: 2511
Source Name: MSSQLSERVER
Time Written: 20090701141945.000000+300
Event Type: информация
User:
Computer Name: ADMINISTRATOR
Event Code: 17055
Message: 17050 :
initerrlog: Could not open error log file 'C:Program FilesMicrosoft SQL ServerMSSQLlogERRORLOG'. Operating system error = 32(Процесс не может получить доступ к файлу, так как этот файл занят другим процессом.).
Record Number: 2510
Source Name: MSSQLSERVER
Time Written: 20090701141939.000000+300
Event Type: ошибка
User:
======Environment variables======
"ComSpec"=%SystemRoot%system32cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesMicrosoft SQL Server80ToolsBinn;C:WINDOWSsystem32WindowsPowerShellv1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"TEMP"=%SystemRoot%TEMP
"TMP"=%SystemRoot%TEMP
"windir"=%SystemRoot%
"PT5HOME"=C:Program FilesPacket Tracer 5.2
"VBOX_INSTALL_PATH"=C:Program FilesSunxVM VirtualBox
Здравствуйте, добро пожаловать на Spyware-ru форум.
Проверим ещё одной программой.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
Просмотр 2 сообщений - с 1 по 2 (из 2 всего)
- Для ответа в этой теме необходимо авторизоваться.
