всплывающие порно баннеры

[boeing767]

[attachment=0:nq6cto6p]log.txt[/attachment:nq6cto6p][attachment=1:nq6cto6p]info.txt[/attachment:nq6cto6p]

[boeing767]

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-09-05 14:21:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (69%) free of 31 GB
Total RAM: 1023 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:47, on 05.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesABBYYLingvo14.0LicensingNetworkLicenseServer.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1A4TechKeyboardIkeymain.exe
C:Program FilesABBYY Lingvo x3LvAgent.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSSystem32spoolDRIVERSW32X863fpdisp5a.exe
D:MainProgramsAcrobat-8AcrobatAcrotray.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesYandexPunto Switcherpunto.exe
C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
D:MainProgramsOpera-9-64opera.exe
D:MainProgramsAcrobat-8AcrobatAcrobat.exe
C:WINDOWSSystem32TuneUpDefragService.exe
C:Documents and SettingsAdminРабочий столRSIT.exe
C:Program Filestrend microAdmin.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — D:MAINPR~1OFF-2008Office12GRA8E1~1.DLL
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: HunterSite Class — {A83E9D7E-119A-4A2C-94FE-2D4315ED3D40} — (no file)
O2 — BHO: Adobe PDF Conversion Toolbar Helper — {AE7CD045-E861-484f-8273-0445EE161910} — D:MainProgramsAcrobat-8AcrobatAcroIEFavClient.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: Adobe PDF — {47833539-D0C5-4125-9FA8-0819E2EAAC93} — D:MainProgramsAcrobat-8AcrobatAcroIEFavClient.dll
O4 — HKLM..Run: [iKeyWorks] C:PROGRA~1A4TechKeyboardIkeymain.exe
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo x3LvAgent.exe» /STARTUP
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [FinePrint Dispatcher v5] C:WINDOWSSystem32spoolDRIVERSW32X863fpdisp5a.exe
O4 — HKLM..Run: [Acrobat Assistant 8.0] «D:MainProgramsAcrobat-8AcrobatAcrotray.exe»
O4 — HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe /boot
O4 — HKLM..Run: [adGuard] C:Program FilesadGuardadGuard.exe
O4 — HKCU..Run: [H/PC Connection Agent] «C:Program FilesMicrosoft ActiveSyncwcescomm.exe»
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: Punto Switcher.lnk = C:Program FilesYandexPunto Switcherpunto.exe
O4 — Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 — Global Startup: Adobe Acrobat Synchronizer.lnk = D:MainProgramsAcrobat-8AcrobatAdobeCollabSync.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://D:MAINPR~1OFF-2008Office12EXCEL.EXE/3000
O8 — Extra context menu item: Save Flash to GetFlash — res://C:Program FilesSuperhunterGetFlashGetFlash.dll/GetFlash.htm
O8 — Extra context menu item: Добавить в существующий PDF — res://D:MainProgramsACROBAT- 8AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Добавить выделенное в существующий PDF — res://D:MainProgramsAcrobat-8AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Добавить выделенные ссылки в существующий PDF — res://D:MainProgramsAcrobat-8AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 — Extra context menu item: Добавить целевую ссылку в существующий PDF — res://D:MainProgramsAcrobat-8AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Перевести с помощью ABBYY Lingvo x&3 — res://C:Program FilesABBYY Lingvo x3Lingvo.exe/3000
O8 — Extra context menu item: Преобразовать в Adobe PDF — res://D:MainProgramsAcrobat-8AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Преобразовать выбранные ссылки в Adobe PDF — res://D:MainProgramsACROBAT- 8AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 — Extra context menu item: Преобразовать выделенную область в Adobe PDF — res://D:MainProgramsAcrobat-8AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 — Extra context menu item: Преобразовать целевую ссылку в Adobe PDF — res://D:MainProgramsAcrobat-8AcrobatAcroIEFavClient.dll/AcroIECapture.html
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — D:MAINPR~1OFF-2008Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — D:MAINPR~1OFF-2008Office12ONBttnIE.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Create Mobile Favorite… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: GetFlash — {348821E2-5D36-42c5-9821-E3293F6699F9} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra ‘Tools’ menuitem: GetFlash — {348821E2-5D36-42c5-9821-E3293F6699F9} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra button: GetFlash — {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} — (no file)
O9 — Extra ‘Tools’ menuitem: GetFlash — {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} — (no file)
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — D:MAINPR~1OFF-2008Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: GetFlash — {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} — (no file) (HKCU)
O9 — Extra ‘Tools’ menuitem: GetFlash — {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} — (no file) (HKCU)
O11 — Options group: [!AGetFlash] GetFlash
O17 — HKLMSystemCCSServicesTcpip..{51458CB1-D51D-4140-80B9-EC5597ABB03B}: NameServer = 94.158.48.2 94.158.48.1
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — D:MAINPR~1OFF-2008Office12GR99D3~1.DLL
O23 — Service: Сервис лицензирования ABBYY Lingvo x3 (ABBYY.Licensing.Lingvo.Desktop.14.0) — ABBYY Software Ltd — C:Program FilesCommon FilesABBYYLingvo14.0LicensingNetworkLicenseServer.exe
O23 — Service: Acronis Scheduler2 Service (AcrSch2Svc) — Acronis — C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software GmbH — C:WINDOWSSystem32TuneUpDefragService.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 11519 bytes

======Scheduled tasks folder======

C:WINDOWStasks1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2009-06-30 308832]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — D:MAINPR~1OFF-2008Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-06-30 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A83E9D7E-119A-4A2C-94FE-2D4315ED3D40}]
HunterSite Class

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper — D:MainProgramsAcrobat-8AcrobatAcroIEFavClient.dll [2006-10-23 321120]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-06-30 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-06-30 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} — Adobe PDF — D:MainProgramsAcrobat-8AcrobatAcroIEFavClient.dll [2006-10-23 321120]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«iKeyWorks»=C:PROGRA~1A4TechKeyboardIkeymain.exe [2004-08-31 61440]
«Lingvo Launcher»=C:Program FilesABBYY Lingvo x3LvAgent.exe [2008-11-19 1770784]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-08-17 81000]
«FinePrint Dispatcher v5″=C:WINDOWSSystem32spoolDRIVERSW32X863fpdisp5a.exe [2004-11-10 442368]
«Acrobat Assistant 8.0″=D:MainProgramsAcrobat-8AcrobatAcrotray.exe [2006-10-23 620152]
«TrojanScanner»=C:Program FilesTrojan RemoverTrjscan.exe [2009-09-03 1069448]
«adGuard»=C:Program FilesadGuardadGuard.exe [2009-08-05 5400576]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«H/PC Connection Agent»=C:Program FilesMicrosoft ActiveSyncwcescomm.exe [2006-11-13 1289000]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2008-03-23 132096]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-12-19 37376]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcronis Scheduler2 Service]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFinePrint Dispatcher v5]
C:WINDOWSSystem32spoolDRIVERSW32X863fpdisp5a.exe [2004-11-10 442368]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
C:Program FilesMicrosoft ActiveSyncWcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSPM Startup]
C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSScheduler]
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2009-06-30 185872]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Acrobat Speed Launcher.lnk]
C:WINDOWSINSTAL~1{AC76B~1_SC_AC~1.EXE [2009-07-28 295606]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Acrobat Speed Launcher.lnk — C:WINDOWSInstaller{AC76BA86-1050-0000-7760-000000000003}_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk — D:MainProgramsAcrobat-8AcrobatAdobeCollabSync.exe

C:Documents and SettingsAdminГлавное менюПрограммыАвтозагрузка
Punto Switcher.lnk — C:Program FilesYandexPunto Switcherpunto.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSSYSTEM32Ati2evxx.dll [2007-09-14 122880]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32wpdshserviceobj.dll [2007-06-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=D:MAINPR~1OFF-2008Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSMConfigurePrograms»=1
«NoToolbarCustomize»=0
«NoBandCustomize»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoToolbarCustomize»=
«NoBandCustomize»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
«C:Program FilesadGuardadGuard.exe»=»C:Program FilesadGuardadGuard.exe:*:Enabled: Banner Advertising Blocker»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»

======List of files/folders created in the last 1 months======

2009-09-03 00:14:07 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-09-03 00:06:21 —-A—- C:WINDOWSsystem32ztvunrar36.dll
2009-09-03 00:06:21 —-A—- C:WINDOWSsystem32ztvunace26.dll
2009-09-03 00:06:21 —-A—- C:WINDOWSsystem32ztvcabinet.dll
2009-09-03 00:06:21 —-A—- C:WINDOWSsystem32UNRAR3.dll
2009-09-03 00:06:21 —-A—- C:WINDOWSsystem32unacev2.dll
2009-09-03 00:06:19 —-D—- C:Program FilesTrojan Remover
2009-09-03 00:06:19 —-D—- C:Documents and SettingsAll UsersApplication DataSimply Super Software
2009-09-03 00:06:19 —-D—- C:Documents and SettingsAdminApplication DataSimply Super Software
2009-09-01 16:10:27 —-D—- C:Documents and SettingsAdminApplication DataLavasoft
2009-09-01 16:10:19 —-D—- C:Program FilesLavasoft
2009-08-30 18:59:23 —-D—- C:Documents and SettingsAdminApplication DataBitDefender
2009-08-30 18:53:49 —-SHD—- C:Config.Msi
2009-08-30 18:23:03 —-D—- C:Program FilesCommon FilesSoftwin
2009-08-30 18:15:55 —-AT—- C:WINDOWSsystem32DRWEBSP.DLL
2009-08-29 22:53:45 —-N—- C:WINDOWSSetup1.exe
2009-08-29 11:24:45 —-D—- C:Documents and SettingsAdminApplication DataU3
2009-08-28 18:08:49 —-A—- C:WINDOWSsystem32PnkBstrA.exe
2009-08-28 18:08:49 —-A—- C:WINDOWSsystem32pbsvc.exe
2009-08-27 22:34:26 —-D—- C:Program FilesadGuard
2009-08-26 23:03:20 —-A—- C:WINDOWSsystem32TUKernel.exe
2009-08-26 21:22:17 —-A—- C:WINDOWSModemLog_Последовательный кабель для связи компьютеров.txt
2009-08-26 15:02:50 —-D—- C:WINDOWSLogs
2009-08-26 15:01:39 —-A—- C:WINDOWSsystem32PnkBstrB.exe
2009-08-26 15:01:37 —-D—- C:WINDOWSsystem32LogFiles
2009-08-26 13:25:50 —-D—- C:Program Filestrend micro
2009-08-26 13:25:49 —-D—- C:rsit
2009-08-25 15:27:11 —-D—- C:Program FilesAcronis
2009-08-25 14:01:04 —-D—- C:Documents and SettingsAdminApplication DataThinstall
2009-08-25 13:57:07 —-D—- C:Program FilesPanda USB Vaccine
2009-08-24 12:20:07 —-D—- C:WINDOWSsystem32appmgmt
2009-08-23 22:11:34 —-SHD—- C:RECYCLER
2009-08-23 22:08:02 —-A—- C:ComboFix.txt
2009-08-23 21:32:36 —-A—- C:WINDOWSntbtlog.txt
2009-08-23 20:39:15 —-A—- C:WINDOWSNIRCMD.exe
2009-08-23 20:39:14 —-A—- C:WINDOWSzip.exe
2009-08-23 20:39:14 —-A—- C:WINDOWSSWXCACLS.exe
2009-08-23 20:39:14 —-A—- C:WINDOWSSWSC.exe
2009-08-23 20:39:14 —-A—- C:WINDOWSSWREG.exe
2009-08-23 20:39:14 —-A—- C:WINDOWSsed.exe
2009-08-23 20:39:14 —-A—- C:WINDOWSgrep.exe
2009-08-23 18:59:52 —-HD—- C:WINDOWSPIF
2009-08-23 18:05:54 —-D—- C:WINDOWSERDNT
2009-08-23 18:05:40 —-D—- C:Qoobox
2009-08-23 17:46:39 —-A—- C:logit.txt
2009-08-22 22:11:25 —-A—- C:WINDOWSimsins.BAK
2009-08-22 21:52:39 —-A—- C:WINDOWSModemLog_Bluetooth LAP Modem.txt
2009-08-22 21:45:38 —-A—- C:WINDOWSModemLog_Bluetooth LAP Modem #2.txt
2009-08-22 16:15:07 —-A—- C:WINDOWSModemLog_Bluetooth Fax Modem.txt
2009-08-22 15:59:58 —-D—- C:Program FilesWise Registry Cleaner 3
2009-08-21 23:29:24 —-A—- C:WINDOWSModemLog_Bluetooth DUN Modem.txt
2009-08-21 23:09:53 —-A—- C:WINDOWSLogonStudio.ini
2009-08-21 21:31:55 —-A—- C:WINDOWSsystem32setupnt.dll
2009-08-21 21:24:05 —-D—- C:Program FilesText2Phone
2009-08-21 21:24:04 —-D—- C:Program FilesTechSmith
2009-08-21 21:24:04 —-D—- C:Program FilesRegCleaner
2009-08-21 21:24:02 —-D—- C:Program FilesQIP7700
2009-08-21 21:23:55 —-D—- C:Program FilesQIP
2009-08-21 21:23:46 —-D—- C:Program FilesOpera
2009-08-21 21:23:46 —-D—- C:Program FilesLight Alloy
2009-08-21 21:23:46 —-D—- C:Program FilesKristanix
2009-08-21 21:23:38 —-D—- C:Program FilesEverest
2009-08-21 20:54:25 —-D—- C:!KillBox
2009-08-21 20:48:28 —-D—- C:Vdefs
2009-08-21 19:30:13 —-D—- C:Program FilesDisk Manager
2009-08-21 14:17:17 —-A—- C:WINDOWSVPlay801.exe
2009-08-21 14:15:42 —-A—- C:WINDOWSsystem32Dversion.dll
2009-08-21 14:15:41 —-A—- C:WINDOWSsystem32DVC.dll
2009-08-21 14:02:33 —-A—- C:WINDOWSWininit.ini
2009-08-21 14:02:31 —-SD—- C:WINDOWSsystem32%SystemDrive%
2009-08-21 13:33:03 —-A—- C:WINDOWSsystem32btinstall.dll
2009-08-21 13:33:03 —-A—- C:WINDOWSsystem32btfunc.dll
2009-08-21 13:30:23 —-A—- C:WINDOWSsystem32wshirda.dll
2009-08-21 13:30:23 —-A—- C:WINDOWSsystem32irmon.dll
2009-08-21 13:30:23 —-A—- C:WINDOWSsystem32irftp.exe
2009-08-20 14:56:58 —-D—- C:757-200_ALL_SRM_D634N201_TD
2009-08-17 12:59:49 —-D—- C:Program FilesGoogle
2009-08-14 21:01:07 —-D—- C:Program Filescache
2009-08-14 21:01:01 —-D—- C:Program FilesSystem
2009-08-14 21:01:01 —-D—- C:Program FilesSkins
2009-08-14 20:46:23 —-D—- C:Program FilesSimpli Software
2009-08-14 15:00:46 —-D—- C:Documents and SettingsAdminApplication DataVSRevoGroup
2009-08-14 12:59:47 —-N—- C:WINDOWSwb.ini
2009-08-14 12:51:07 —-N—- C:WINDOWSsystem32wbsys.dll
2009-08-14 12:51:07 —-A—- C:WINDOWSsystem32wbload.dll
2009-08-14 12:51:06 —-D—- C:Program FilesStardock
2009-08-14 12:40:29 —-D—- C:Program FilesGlobe Software
2009-08-13 23:23:18 —-A—- C:WINDOWSPROTOCOL.INI
2009-08-13 23:12:25 —-D—- C:WINDOWScompile
2009-08-13 23:05:20 —-A—- C:WINDOWSwinreg.ini
2009-08-13 22:48:41 —-A—- C:WINDOWSST6UNST.EXE
2009-08-13 22:20:08 —-A—- C:WINDOWS#1 Video Converter.INI
2009-08-10 23:05:22 —-A—- C:WINDOWSsystem32cygz.dll
2009-08-10 23:05:22 —-A—- C:WINDOWSsystem32cygwin1.dll
2009-08-10 23:05:22 —-A—- C:WINDOWScygz.dll
2009-08-10 23:05:22 —-A—- C:WINDOWScygwin1.dll
2009-08-10 22:40:27 —-A—- C:DMF2_WKLog.txt
2009-08-10 22:40:21 —-D—- C:Documents and SettingsAdminApplication DataUlead Systems
2009-08-10 22:39:52 —-D—- C:Program FilesUlead Systems
2009-08-10 22:39:50 —-D—- C:Program FilesCommon FilesUlead Systems
2009-08-10 22:39:46 —-D—- C:Documents and SettingsAll UsersApplication DataUlead Systems
2009-08-10 15:12:47 —-D—- C:Documents and SettingsAll UsersApplication DataYandex
2009-08-10 14:47:45 —-D—- C:Program FilesYandex
2009-08-10 14:47:45 —-D—- C:Program FilesCommon FilesYandex
2009-08-10 14:08:05 —-D—- C:ProgramData
2009-08-10 12:03:33 —-D—- C:Documents and SettingsAdminApplication Datagtopala
2009-08-09 21:54:23 —-A—- C:WINDOWSpro.INI
2009-08-08 14:10:45 —-D—- C:CMI
2009-08-08 14:10:28 —-D—- C:WINDOWSA4W_DATA
2009-08-08 11:03:39 —-D—- C:Documents and SettingsAdminApplication DataHelp
2009-08-06 13:25:26 —-A—- C:WINDOWSsystem32Snounin.exe
2009-08-06 13:19:16 —-A—- C:WINDOWSiScreensaver.ini
2009-08-06 13:19:10 —-D—- C:Documents and SettingsAdminApplication DataiScreensaver

======List of files/folders modified in the last 1 months======

2009-09-05 14:21:21 —-A—- C:WINDOWSModemLog_Courier V.Everything V.90 X2 European PnP.txt
2009-09-05 14:20:24 —-D—- C:WINDOWSPrefetch
2009-09-05 14:11:06 —-D—- C:Program FilesMozilla Firefox 3.1 Beta 1
2009-09-05 14:07:17 —-D—- C:WINDOWSTemp
2009-09-05 13:51:43 —-D—- C:WINDOWSsystem32
2009-09-05 13:51:43 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-09-04 22:41:17 —-A—- C:WINDOWSSchedLgU.Txt
2009-09-04 13:11:14 —-D—- C:WINDOWS
2009-09-03 15:26:11 —-D—- C:WINDOWSsystem32CatRoot2
2009-09-03 14:39:24 —-D—- C:WINDOWSsystem32drivers
2009-09-03 13:51:59 —-D—- C:WINDOWSsystem32config
2009-09-03 00:06:19 —-AD—- C:Program Files
2009-09-02 16:56:46 —-AD—- C:Program FilesCommon Files
2009-09-01 16:22:28 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-09-01 13:44:13 —-AD—- C:Program FilesTuneUp Utilities 2008
2009-08-30 21:19:49 —-D—- C:Program FilesWindows Media Connect 2
2009-08-30 20:32:08 —-D—- C:Program FilesWinRAR
2009-08-30 20:01:53 —-SHD—- C:WINDOWSInstaller
2009-08-30 20:01:32 —-A—- C:WINDOWSwin.ini
2009-08-30 19:53:10 —-D—- C:WINDOWSsystem32wbem
2009-08-30 18:29:23 —-HD—- C:WINDOWSinf
2009-08-30 18:15:54 —-HD—- C:Program FilesInstallShield Installation Information
2009-08-29 22:48:08 —-D—- C:WINDOWSsystem32NEOASPIR
2009-08-29 17:17:51 —-D—- C:WINDOWSRegistration
2009-08-28 18:12:44 —-D—- C:Program FilesAdobe
2009-08-28 18:11:07 —-D—- C:WINDOWSsystem32DirectX
2009-08-28 18:10:50 —-RSD—- C:WINDOWSassembly
2009-08-26 23:09:05 —-RSH—- C:boot.ini
2009-08-26 22:34:26 —-D—- C:WINDOWSsystem32Macromed
2009-08-26 21:22:27 —-D—- C:WINDOWSsystem32ias
2009-08-26 16:23:50 —-D—- C:Documents and SettingsAdminApplication DataAcronis
2009-08-26 16:21:38 —-D—- C:Documents and SettingsAll UsersApplication DataAcronis
2009-08-26 15:03:16 —-D—- C:WINDOWSMicrosoft.NET
2009-08-26 15:02:47 —-D—- C:WINDOWSWinSxS
2009-08-26 13:01:52 —-A—- C:WINDOWSWORDPAD.INI
2009-08-26 12:26:44 —-D—- C:WINDOWSpss
2009-08-26 12:19:15 —-A—- C:WINDOWSsystem.ini
2009-08-25 15:27:20 —-D—- C:Program FilesCommon FilesAcronis
2009-08-24 22:09:09 —-A—- C:WINDOWSA5W.INI
2009-08-24 22:09:08 —-D—- C:WINDOWSA5W_DATA
2009-08-23 22:05:46 —-D—- C:WINDOWSAppPatch
2009-08-23 21:17:49 —-D—- C:WINDOWSsystem32Restore
2009-08-23 20:51:51 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-08-23 20:50:47 —-D—- C:WINDOWSSoftwareDistribution
2009-08-23 18:55:43 —-SD—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-08-23 16:10:58 —-D—- C:WINDOWSHelp
2009-08-23 15:43:21 —-D—- C:Program FilesInternet Explorer
2009-08-22 23:42:56 —-D—- C:WINDOWSsecurity
2009-08-22 21:12:28 —-D—- C:WINDOWSDebug
2009-08-22 14:39:30 —-D—- C:Program FilesOnline Services
2009-08-21 22:29:43 —-SD—- C:WINDOWSTasks
2009-08-21 21:24:18 —-D—- C:WINDOWSMedia
2009-08-21 21:23:41 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-08-21 14:17:25 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-08-18 20:05:25 —-D—- C:WINDOWSA3W_DATA
2009-08-17 21:10:20 —-A—- C:WINDOWSsystem32aswBoot.exe
2009-08-17 14:11:58 —-D—- C:Downloads
2009-08-13 23:04:12 —-A—- C:WINDOWScontrol.ini
2009-08-13 21:55:19 —-D—- C:WINDOWSDownloaded Installations
2009-08-10 23:06:49 —-D—- C:temp
2009-08-10 22:39:59 —-RSD—- C:WINDOWSFonts
2009-08-10 14:47:45 —-D—- C:Documents and SettingsAdminApplication DataYandex
2009-08-08 11:13:45 —-D—- C:Program FilesVS Revo Group

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-08-17 26944]
R1 AFS2K;AFS2k; C:WINDOWSsystem32driversAFS2K.sys [2009-07-03 82380]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-08-17 51376]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-08-17 94160]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-12-16 3842560]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-09-14 2455040]
R3 fcdabus;fcdabus; C:WINDOWSsystem32DRIVERSfcdabus.sys [2003-08-07 10899]
R3 fsRamDsk;RamDisk Drive Service; C:WINDOWSSystem32DriversfsRamDsk.sys [2004-09-22 37409]
R3 FVDSCSI;FVDSCSI; C:WINDOWSsystem32DRIVERSfvdscsi.sys [2004-09-08 72478]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
S3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2006-01-04 243712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.Lingvo.Desktop.14.0;Сервис лицензирования ABBYY Lingvo x3; C:Program FilesCommon FilesABBYYLingvo14.0LicensingNetworkLicenseServer.exe [2008-11-19 808224]
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-09-14 483328]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-08-17 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-06-30 152984]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-07-28 654848]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2009-06-30 355584]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-09-14 593920]
S3 AcrSch2Svc;Acronis Scheduler2 Service; C:Program FilesCommon FilesAcronisSchedule2schedul2.exe [2007-11-20 427288]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-08-17 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:MainProgramsOFF-2008Office12GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2008-04-15 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]

---

EOF

---

info.txt logfile of random’s system information tool 1.06 2009-08-26 13:28:14

======Uninstall list======

—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
757-200 TT Generic—>C:WINDOWSuninst.exe -fC:757_TTDeIsL2.isu
A4Tech iKeyWorks 7.64—>C:Program FilesA4TechKeyboardUninst32.exe
ABBYY Lingvo x3—>MsiExec.exe /I{A1400000-0000-0000-0000-074957833700}
Adobe Acrobat 8 Professional — Croatian, Ukrainien, Russian, Turkish—>msiexec /I {AC76BA86-1050-0000-7760-000000000003}
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Alcohol 120%—>MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AllWallpapers 2.0—>»C:Program FilesAllWallpapersunins000.exe»
ATI — Утилита деинсталляции—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI AVIVO Codecs—>MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe» -l0x0
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{083F79E4-6FE9-46FB-A6C6-4F8862742947}setup.exe»
ATI Parental Control & Encoder—>MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard—>MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
BrainWave Generator—>C:WINDOWSIsUninst.exe -fd:mainprogramsutility25Uninst.isu
CDClose—>C:WINDOWSsystem32ShellExtCDClosedel.bat
CorelDRAW Graphics Suite X3—>MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
DVD X Player 4.1 Professional—>»C:Program FilesDVD X StudiosDVD X Player 4.1 Professionalunins000.exe»
FinePrint—>C:WINDOWSSystem32spoolDRIVERSW32X863fpinst5.exe /uninstall
FontNav—>MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
GetFlash—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0AECFC8C-1721-4F74-9C60-6A726067D028}Setup.exe»
GetRight—>C:Program FilesGetRightGETRIGHT.EXE /UNINSTALL
Google Earth 4.3.7284—>C:Program FilesGoogle EarthUninstall.exe
HashTab 2.1.0—>C:WINDOWSsystem32ShellExthtdel32.bat
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
HP Photo and Imaging 2.1 — Scanjet 2400 Series—>MsiExec.exe /I{6F7ECD56-E224-4263-9B7E-158E5CECC43B}
Java(TM) 6 Update 10—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
K-Lite Mega Codec Pack 4.1.7—>»C:Program FilesK-Lite Codec Packunins000.exe»
Language Extender—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{86E843F0-E334-11D4-8868-008048EB2595}Setup.exe» -uninst
Lernout & Hauspie TruVoice for Microsoft Agent—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFcgminst.inf, RemoveCgram
Magic Gooddy 2—>MsiExec.exe /I{19FC198B-DD59-11D3-8562-00E0294855E2}
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync—>MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Speech Recognition Engine 4.0 (English)—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFmscsrgpc.inf, Uninstall.NT
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.1b1)—>C:Program FilesMozilla Firefox 3.1 Beta 1uninstallhelper.exe
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Opera 9.64—>MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}
Punto Switcher 3.1—>C:Program FilesYandexPunto Switcheruninstall.exe
PuntoSwitcher 3.0.1.67—>C:Program FilesPuntoSwitcherUninstall.exe
QuickTime—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RealPlayer—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» -l0x19 -removeonly
Revo Uninstaller 1.83—>C:Program FilesVS Revo GroupRevo Uninstalleruninst.exe
R-Studio 4.5—>C:Program FilesR-StudioUninstall.exe
RU—>MsiExec.exe /I{01AE68B4-C785-4865-BC7E-78456372BB75}
SIW version 2009-07-28—>»D:MainProgramsUtilitySIWunins000.exe»
SpeedFan (remove only)—>»C:Program FilesSpeed Fanuninstall.exe»
StatBar 2.406—>»C:Program FilesGlobe SoftwareStatBarunins000.exe»
Technical Documents—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3B259031-0BEB-11D4-9518-00C04F8B6595}setup.exe» -uninst
ThemeMaker McDeb 4 DEMO—>MsiExec.exe /I{F5E07709-0D95-42FA-9168-D6BA4E63C47E}
Throttle—>»C:Program FilesThrottleunins000.exe»
Total Commander 7.04 PowerPack—>»C:Program FilesTotal Commanderuninstall.exe»
TuneUp Utilities 2008—>MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Ulead DVD MovieFactory 2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime700Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}setup.exe» -l0x9
Update Manager—>MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
vanBasco’s Screen Saver—>C:WINDOWSvbsaveru.exe
VBA—>MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VirtualDrive—>»C:Program FilesFarStoneVirtualDriveSetup.exe»
Vista Drive Icon—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFVistaDrv.inf,Uninstall
WebZIP—>C:Program FilesWebZIP 7SXUNINST.EXE
Wise Registry Cleaner 4 Free 4.63—>»C:Program FilesWise Registry Cleanerunins000.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Дополнительные апплеты—>»C:WINDOWSsystem32CPLDAPUunins000.exe»
Мультимедиа альбом HP—>MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090825-1]

======System event log======

Computer Name: MICROSOF-2A2010
Event Code: 7035
Message: Служба «Совместимость быстрого переключения пользователей» успешно отправила управляющий элемент «запустить».

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090826121640.000000+300
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: MICROSOF-2A2010
Event Code: 7036
Message: Служба «Службы терминалов» перешла в состояние Работает.

Record Number: 4
Source Name: Service Control Manager
Time Written: 20090826121640.000000+300
Event Type: информация
User:

Computer Name: MICROSOF-2A2010
Event Code: 7036
Message: Служба «avast! Web Scanner» перешла в состояние Работает.

Record Number: 3
Source Name: Service Control Manager
Time Written: 20090826121640.000000+300
Event Type: информация
User:

Computer Name: MICROSOF-2A2010
Event Code: 7035
Message: Служба «avast! Web Scanner» успешно отправила управляющий элемент «запустить».

Record Number: 2
Source Name: Service Control Manager
Time Written: 20090826121640.000000+300
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: MICROSOF-2A2010
Event Code: 7035
Message: Служба «avast! Mail Scanner» успешно отправила управляющий элемент «запустить».

Record Number: 1
Source Name: Service Control Manager
Time Written: 20090826121640.000000+300
Event Type: информация
User: NT AUTHORITYSYSTEM

=====Application event log=====

Computer Name: MICROSOF-2A2010
Event Code: 105
Message: The service was started.

Record Number: 5
Source Name: ATI Smart
Time Written: 20090804210918.000000+300
Event Type: информация
User:

Computer Name: MICROSOF-2A2010
Event Code: 105
Message: The service was started.

Record Number: 4
Source Name: ATI Smart
Time Written: 20090804202036.000000+300
Event Type: информация
User:

Computer Name: MICROSOF-2A2010
Event Code: 105
Message: The service was started.

Record Number: 3
Source Name: ATI Smart
Time Written: 20090804155810.000000+300
Event Type: информация
User:

Computer Name: MICROSOF-2A2010
Event Code: 105
Message: The service was started.

Record Number: 2
Source Name: ATI Smart
Time Written: 20090804155123.000000+300
Event Type: информация
User:

Computer Name: MICROSOF-2A2010
Event Code: 105
Message: The service was started.

Record Number: 1
Source Name: ATI Smart
Time Written: 20090804122959.000000+300
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SYSTEMROOT%SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%SYSTEM32WBEM;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC;C:PROGRA~1FARSTONEVIRTUA~1;C:WINDOWS;C:WINDOWSSYSTEM32WBEM;C:WINDOWSSYSTEM32;C:Program FilesQuickTimeQTSystem;C:Program FilesCommon FilesUlead SystemsMPEG
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 6 Stepping 5, GenuineIntel
«PROCESSOR_REVISION»=0605
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=.;C:Program FilesJavajre6libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre6libextQTJava.zip

---

EOF

---

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.

[Автор]

Сообщения