- This topic has 25 ответов, 2 участника, and was last updated 16 years назад by
.
-
Сообщения
-
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-08-20 14:10:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 79 MB (1%) free of 15 GB
Total RAM: 2046 MB (67% free)HijackThis download failed
======Scheduled tasks folder======
C:windowstasksNeroLiveEpgUpdate-MICROSOF-5C7FE7_Admin.job
C:windowstasksUser_Feed_Synchronization-{0CEC74DE-9A99-4037-86AC-4CD3BFEBFC08}.job
C:windowstasksWise Registry Cleaner 4.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader — C:Program FilesTechSmithSnagIt 8SnagItBHO.dll [2007-05-01 63048][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A057A204-BACC-4D26-8287-79A187E26987}]
VMN Toolbar Astro Gemini — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL [2009-04-15 1950656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-07-15 2215960][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — SnagIt — C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll [2007-05-01 161352]
{ecdee021-0d17-467f-a1ff-c7a115230949} — free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-07-15 2215960]
{A057A204-BACC-4D26-8287-79A187E26987} — VMN Toolbar Astro Gemini — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL [2009-04-15 1950656][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe /background []
«CTFMON.EXE»=C:windowssystem32ctfmon.exe [2007-12-21 30208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»ice_time.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:windowsSYSTEM32WgaLogon.dll [2009-03-10 265096][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDesktop»=0
«NoActiveDesktop»=0
«HideClock»=0
«NoStartMenuPinnedList»=0
«NoStartMenuMFUprogramsList»=0
«NoUserNameInStartMenu»=0
«StartmenuLogoff»=0
«NoStartMenuSubFolders»=0
«NoCommonGroups»=0
«NoPrinterTabs»=0
«NoDeletePrinter»=0
«NoAddPrinter»=0
«NoPrinters»=0
«NoFavoritesMenu»=0
«NoRun»=0
«NoFind»=0
«NoClose»=0
«NoSetFolders»=0
«NoViewContextMenu»=0
«NoDrives»=0
«NoToolbarCustomize»=0
«NoChangeAnimation»=0
«NoChangeKeyboardNavigationIndicators»=0
«NoThemesTab»=0
«EnableShellExecuteHooks»=1
«NoInstrumentation»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesNorton AntiVirusEngine16.0.0.125ccSvcHst.exe»=»C:Program FilesNorton AntiVirusEngine16.0.0.125ccSvcHst.exe:*:Enabled:Symantec Service Framework»
«D:Gamesmedal of honorMohaa.exe»=»D:Gamesmedal of honorMohaa.exe:*:Enabled:Medal of Honor Allied Assault»
«C:Program FilesFlylinkDC++FlylinkDC.exe»=»C:Program FilesFlylinkDC++FlylinkDC.exe:*:Enabled:FlylinkDC++»
«D:GamesPES 2009pes2009.exe»=»D:GamesPES 2009pes2009.exe:*:Enabled:Pro Evolution Soccer 2009»
«D:GamesSystemZombie.exe»=»D:GamesSystemZombie.exe:*:Enabled:Day of the Zombie»
«D:GamesS.T.A.L.K.E.R. — Clear SkybinxrEngine.exe»=»D:GamesS.T.A.L.K.E.R. — Clear SkybinxrEngine.exe:*:Enabled:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)»
«D:GamesS.T.A.L.K.E.R. — Clear SkybindedicatedxrEngine.exe»=»D:GamesS.T.A.L.K.E.R. — Clear SkybindedicatedxrEngine.exe:*:Enabled:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)»
«D:GamesPro Evolution Soccer 2009 — Украинская Премьер-лигаpes2009.exe»=»D:GamesPro Evolution Soccer 2009 — Украинская Премьер-лигаpes2009.exe:*:Enabled:Pro Evolution Soccer 2009»
«C:Program FilesCommFortCommFort.exe»=»C:Program FilesCommFortCommFort.exe:*:Enabled:CommFort»
«C:Program FilesWindows Media Playerwmplayer.exe»=»C:Program FilesWindows Media Playerwmplayer.exe:*:Enabled:Windows Media Player»
«C:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe»=»C:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe:*:Enabled:Kaspersky Anti-Virus»
«C:Program FileseMuleemule.exe»=»C:Program FileseMuleemule.exe:*:Enabled:eMule»
«D:insstalКазаки II — Битва за Европуengine.exe»=»D:insstalКазаки II — Битва за Европуengine.exe:*:Enabled:Cossacks 2: Battle for Europe»
«C:Program FilesGolden FTP Server ProGFTPpro.exe»=»C:Program FilesGolden FTP Server ProGFTPpro.exe:*:Enabled:Easy to use FTP server for Windows.»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G]
shellAutoRuncommand — G:autorun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{67efa2a2-e785-11dd-a5c9-001a4df7a292}]
shellAutoRuncommand — H:80avp08.com
shellexplorecommand — H:80avp08.com
shellopencommand — H:80avp08.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ca8f4fdf-ad5c-11dd-a508-001a4df7a292}]
shellAutoRuncommand — F:autorun.exe======List of files/folders created in the last 1 months======
2009-08-20 14:10:48 —-D—- C:Program Filestrend micro
2009-08-20 14:10:47 —-DC—- C:rsit
2009-08-20 13:12:33 —-D—- C:windowssystem32appmgmt
2009-08-20 13:11:51 —-DC—- C:Documents and SettingsAdminApplication DataAdobe
2009-08-20 09:39:52 —-DC—- C:Documents and SettingsAdminApplication DataEmailNotifier
2009-08-18 18:57:43 —-DC—- C:Documents and SettingsAdminApplication DataAuslogics
2009-08-18 10:00:19 —-A—- C:windowssystem32LogFile.txt
2009-08-15 08:35:40 —-DC—- C:Documents and SettingsAdminApplication DataMacromedia
2009-08-13 12:42:02 —-DC—- C:Documents and SettingsAdminApplication DataPC Suite
2009-08-13 09:23:58 —-D—- C:Program FilesESET
2009-08-13 09:23:58 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2009-08-12 20:35:30 —-HDC—- C:windows$NtUninstallKB960859$
2009-08-12 20:35:26 —-HDC—- C:windows$NtUninstallKB971657$
2009-08-12 20:35:22 —-HDC—- C:windows$NtUninstallKB971557$
2009-08-12 20:35:17 —-D—- C:windowsServicePackFiles
2009-08-12 20:35:15 —-HDC—- C:windows$NtUninstallKB956744$
2009-08-12 20:35:11 —-HDC—- C:windows$NtUninstallKB973869$
2009-08-12 20:35:02 —-HDC—- C:windows$NtUninstallKB973540_WM9L$
2009-08-12 20:34:53 —-HDC—- C:windows$NtUninstallKB973507$
2009-08-12 20:34:48 —-HDC—- C:windows$NtUninstallKB973354$
2009-08-12 20:34:15 —-HDC—- C:windows$NtUninstallKB973815$
2009-08-12 20:34:10 —-HDC—- C:windows$NtUninstallKB971032$
2009-08-12 20:34:02 —-HDC—- C:windows$NtUninstallKB968389$
2009-08-11 15:53:45 —-A—- C:windowsWININIT.INI
2009-08-11 15:48:21 —-D—- C:Documents and SettingsAll UsersApplication DataSony Corporation
2009-08-11 11:28:08 —-D—- C:Program FilesWinamp
2009-07-25 19:18:36 —-DC—- C:Documents and SettingsAdminApplication DataSoundSpectrum
2009-07-24 12:19:12 —-DC—- C:Documents and SettingsAdminApplication DataMozilla
2009-07-24 11:55:54 —-DC—- C:Documents and SettingsAdminApplication DataNero
2009-07-24 11:51:07 —-DC—- C:Documents and SettingsAdminApplication DataVMNTOOLBAR
2009-07-24 11:50:19 —-SDC—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-07-23 11:36:52 —-N—- C:windowssystem32px.dll
2009-07-23 07:21:51 —-A—- C:Program FilesAstonWriteTest.txt
2009-07-23 06:56:41 —-D—- C:Program FilesDAP======List of files/folders modified in the last 1 months======
2009-08-20 14:10:48 —-D—- C:Program Files
2009-08-20 14:10:43 —-D—- C:windowsPrefetch
2009-08-20 14:09:00 —-D—- C:windowsTemp
2009-08-20 13:31:34 —-D—- C:Program FilesUltraISO
2009-08-20 13:12:33 —-SHD—- C:windowsInstaller
2009-08-20 13:12:33 —-D—- C:windowssystem32
2009-08-20 13:10:43 —-D—- C:Program FilesMozilla Firefox
2009-08-20 11:33:56 —-A—- C:windowsSchedLgU.Txt
2009-08-20 10:03:29 —-D—- C:WINDOWS
2009-08-20 10:01:13 —-D—- C:windowssystem32spool
2009-08-20 08:55:10 —-D—- C:Documents and SettingsAll UsersApplication DataEmailNotifier
2009-08-20 08:55:06 —-D—- C:windowssystem32CatRoot2
2009-08-20 08:55:03 —-HD—- C:windowssystem32GroupPolicy
2009-08-20 08:55:03 —-D—- C:windowsWinSxS
2009-08-20 08:55:03 —-D—- C:windowssystem32oobe
2009-08-20 08:55:03 —-D—- C:windowssystem32mui
2009-08-20 08:55:03 —-D—- C:windowssystem32Macromed
2009-08-20 08:55:03 —-D—- C:windowssecurity
2009-08-20 08:55:03 —-D—- C:windowsRegistration
2009-08-20 08:55:03 —-D—- C:windowspchealth
2009-08-20 08:55:03 —-D—- C:windowsime
2009-08-20 08:55:02 —-SD—- C:windowsassembly
2009-08-20 08:55:02 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-08-20 08:55:02 —-HD—- C:windows$hf_mig$
2009-08-20 08:55:02 —-HD—- C:Program FilesInstallShield Installation Information
2009-08-20 08:55:02 —-D—- C:Program FilesWindows Media Player
2009-08-20 08:55:02 —-D—- C:Program FilesTotal Commander
2009-08-20 08:55:02 —-D—- C:Program FilesRealtek
2009-08-20 08:55:02 —-D—- C:Program FilesQIP
2009-08-20 08:55:02 —-D—- C:Program FilesMaxthon2
2009-08-20 08:55:02 —-D—- C:Program FilesFlylinkDC++
2009-08-20 08:55:02 —-D—- C:Program FilesCommon FilesAdobe
2009-08-20 08:55:02 —-D—- C:Program FilesCommon Files
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataSolo9RusEngNum
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataPC Suite
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-08-19 20:11:55 —-D—- C:Program FilesuTorrent
2009-08-19 17:15:53 —-A—- C:windowsNeroDigital.ini
2009-08-19 07:19:06 —-D—- C:windowssystem32rserver30
2009-08-18 18:55:23 —-A—- C:windowsimsins.BAK
2009-08-18 08:19:01 —-D—- C:Program FilesInternet Explorer
2009-08-14 10:48:01 —-D—- C:Program FilesUninstall Tool
2009-08-14 10:13:47 —-D—- C:Program FilesNero
2009-08-13 09:57:09 —-D—- C:windowsI386
2009-08-13 09:28:18 —-D—- C:Program FilesOutlook Express
2009-08-13 09:24:38 —-HD—- C:windowsinf
2009-08-13 09:24:38 —-D—- C:windowssystem32drivers
2009-08-13 08:34:19 —-D—- C:windowssystem32Setup
2009-08-12 20:35:33 —-SHDC—- C:windowssystem32dllcache
2009-08-12 20:35:17 —-D—- C:windowssystem32ru-ru
2009-08-12 10:59:18 —-DC—- C:windowssystem32DRVSTORE
2009-08-12 10:23:01 —-D—- C:Program FilesSoundSpectrum
2009-08-12 09:50:00 —-D—- C:windowsnetwork diagnostic
2009-08-11 10:23:42 —-D—- C:windowsMinidump
2009-08-05 12:08:09 —-A—- C:windowssystem32mswebdvd.dll
2009-07-30 03:49:14 —-A—- C:windowssystem32MRT.exe
2009-07-26 18:22:51 —-D—- C:Program FilesEverest
2009-07-23 07:04:02 —-SD—- C:windowsFonts
2009-07-21 20:12:17 —-D—- C:windowssystem32CatRoot======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:windowssystem32DRIVERSAmdK8.sys [2006-06-18 43520]
R1 ehdrv;ehdrv; C:windowssystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:windowssystem32DRIVERSepfwtdir.sys [2009-02-06 93336]
R1 raddrvv3;raddrvv3; ??C:WINDOWSsystem32rserver30raddrvv3.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; ??C:WINDOWSsystem32driverssp_rsdrv2.sys []
R2 atksgt;atksgt; C:windowssystem32DRIVERSatksgt.sys [2008-11-06 278728]
R2 eamon;eamon; C:windowssystem32DRIVERSeamon.sys [2009-02-06 113448]
R2 lirsgt;lirsgt; C:windowssystem32DRIVERSlirsgt.sys [2008-11-06 25416]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:windowssystem32DRIVERSrspndr.sys [2006-12-04 62336]
R2 TBPanel;TBPanel; C:windowssystem32driversTBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:windowssystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:windowssystem32driversRtkHDAud.sys [2007-05-10 4419584]
R3 mirrorv3;mirrorv3; C:windowssystem32DRIVERSrminiv3.sys [2006-11-01 3328]
R3 nv;nv; C:windowssystem32DRIVERSnv4_mini.sys [2008-05-03 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:windowssystem32DRIVERSRtnicxp.sys [2006-12-14 85120]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:windowssystem32DRIVERSusbehci.sys [2007-12-21 30208]
R3 usbhub;USB2 концентратор; C:windowssystem32DRIVERSusbhub.sys [2007-12-21 59392]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:windowssystem32DRIVERSusbohci.sys [2007-12-21 17152]
S3 afuedn2a;afuedn2a; C:windowssystem32driversafuedn2a.sys []
S3 att89cfg;att89cfg; C:windowssystem32driversatt89cfg.sys []
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 dtscsi;dtscsi; C:windowsSystem32Driversdtscsi.sys [2009-02-22 223128]
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 nmwcd;Nokia USB Phone Parent; C:windowssystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:windowssystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:windowssystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:windowssystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:windowssystem32DRIVERSusbccgp.sys [2007-12-21 31616]
S3 usbscan;Драйвер USB-сканера; C:windowssystem32DRIVERSusbscan.sys [2007-12-21 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:windowssystem32DRIVERSUSBSTOR.SYS [2007-12-21 26496]
S3 vaxscsi;vaxscsi; C:windowsSystem32Driversvaxscsi.sys [2009-03-31 223128]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:windowssystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:windowssystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:windowsSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe [2008-09-24 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:windowssystem32nvsvc32.exe [2008-05-03 159812]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-05-03 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2005-08-08 167936]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:Program FilesSpyware Terminatorsp_rsser.exe [2009-03-05 540672]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:windowssystem32svchost.exe [2004-08-18 14336]
S2 pr2aqfjb;9th Company Drivers Auto Removal (pr2aqfjb); C:windowssystem32pr2aqfjb.exe [2008-03-13 415096]
S2 RServer3;Radmin Server V3; C:WINDOWSsystem32rserver30RServer3.exe /service []
S2 StarWindService;StarWind iSCSI Service; D:Alcohol 52StarWindStarWindService.exe []
S2 StarWindServiceAE;StarWind AE Service; D:програмыалкогольAlcohol 120StarWindStarWindServiceAE.exe []
S3 aspnet_state;ASP.NET State Service; C:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:windowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:windowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe []
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:windowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-03-26 267824]
EOF
info.txt logfile of random’s system information tool 1.06 2009-08-20 14:11:10======Uninstall list======
—>C:windowsUNNeroBackItUp.exe /UNINSTALL
—>C:windowsUNNeroMediaHome.exe /UNINSTALL
—>C:windowsUNNeroShowTime.exe /UNINSTALL
—>C:windowsUNNeroVision.exe /UNINSTALL
—>C:windowsUNRecode.exe /UNINSTALL
—>MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
—>MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
AGEIA PhysX v7.03.21—>MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
AusLogics Disk Defrag—>»D:СофтAusLogics Disk Defragunins000.exe»
CommFort 4.10a—>»C:Program FilesCommFortunins000.exe»
DirectX10 LV (Last Version)—>»C:Program FilesCommon Filesunins000.exe»
EXPERTool—>RunDll32 Setupapi.dll,InstallHinfSection TB.Remove 4 TBNT4.inf
FIFA 2009 — Ukrainian Premier League—>»D:insstalFIFA 2009 — Ukrainian Premier Leagueunins000.exe»
FlylinkDC++ r(321)—>»C:Program FilesFlylinkDC++unins000.exe»
free-downloads.net Toolbar—>C:PROGRA~1FREE-D~1.NETUNWISE.EXE /U C:PROGRA~1FREE-D~1.NETINSTALL.LOG
G-Force—>C:Program FilesSoundSpectrumG-ForceUninstall.exe
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LClock—>C:Program FilesLClockUninstall.exe
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{34AB2437-1B34-3E2D-9DE8-3E2D35335B3F}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{CFF15B94-E062-3701-869A-4CDF4590461E}
Microsoft .NET Framework 3.0 Service Pack 1—>MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack — rus—>MsiExec.exe /I{95E44F11-19F0-39EA-A894-792E054AA1CF}
Microsoft .NET Framework 3.5—>C:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5setup.exe
Microsoft .NET Framework 3.5—>MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.5.2)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)—>MsiExec.exe /I{12ADA7E9-D69A-4FF3-BA89-7EA3DF5A9A6A}
Nero 9—>C:Program FilesCommon FilesNeroNero ProductInstaller 4SetupX.exe REMOVESERIALNUMBER=»9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A»
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}setup.exe /LANG=»1049″
Nokia PC Suite—>MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
NVIDIA Drivers—>C:windowssystem32nvuninst.exe UninstallGUI
PC Connectivity Solution—>MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Radmin Server 3.0—>MsiExec.exe /X{AAD51583-6D43-4444-A1FF-0C8345345526}
Radmin Viewer 3.1—>MsiExec.exe /X{016CF441-8F40-469E-923B-35E2F9363E54}
REALTEK GbE & FE Ethernet PCI NIC Driver—>C:Program FilesInstallShield Installation Information{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}SETUP.EXE -runfromtemp -l0x0019 -removeonly
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}SETUP.EXE» -l0x19 -removeonly
Red Button 3.5—>D:insstalRedButton35uninstall.exe
Restless Worker 1.4.0—>»D:insstalRestless Workerunins000.exe»
Revo Uninstaller 1.83—>D:insstalRevo Uninstalleruninst.exe
S81 PC Suite Tool—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{59F8D656-329B-4975-9D78-2F1951FD6FDF}setup.exe» -l0x9 -removeonly
SnagIt 8—>MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Soccer Flags Screensaver 1.3—>»D:СофтSoccer Flags Screensaverunins000.exe»
Stamina 2.5—>»D:GamesStaminauninstall.exe»
Undelete Plus 2.94—>»C:Program FilesTouchStoneSoftwareUndeletePlusunins000.exe»
Uninstall Tool—>»D:insstalUninstall Toolunins000.exe»
Unlocker 1.8.5—>C:Program FilesUnlockeruninst.exe
Vit Registry Fix 8.0 (remove only)—>D:insstalVit Registry FixUninstall.exe
VMN Toolbar—>C:Program Filesvmntoolbaruninstall.exe
Windows Driver Package — Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33Epccswpddriver.inf
Windows Driver Package — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
Windows Imaging Component—>»C:windows$NtUninstallWIC$spuninstspuninst.exe»
Windows Internet Explorer 8—>»C:windowsie8spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
XML Paper Specification Shared Components Language Pack 1.0—>»C:windows$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Исправление для Windows XP (KB952287)—>»C:windows$NtUninstallKB952287$spuninstspuninst.exe»
Критическое обновление для проигрывателя Windows Media 11 — (KB959772)—>»C:windows$NtUninstallKB959772_WM11$spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 8 (KB969897)—>»C:windowsie8updatesKB969897-IE8spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 8 (KB972260)—>»C:windowsie8updatesKB972260-IE8spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923561)—>»C:windows$NtUninstallKB923561$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464-v2)—>»C:windows$NtUninstallKB938464-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:windows$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:windows$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:windows$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:windows$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:windows$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952004)—>»C:windows$NtUninstallKB952004$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:windows$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:windows$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:windows$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956572)—>»C:windows$NtUninstallKB956572$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956744)—>»C:windows$NtUninstallKB956744$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:windows$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:windows$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:windows$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:windows$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:windows$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB959426)—>»C:windows$NtUninstallKB959426$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960225)—>»C:windows$NtUninstallKB960225$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960803)—>»C:windows$NtUninstallKB960803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960859)—>»C:windows$NtUninstallKB960859$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961371)—>»C:windows$NtUninstallKB961371$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961501)—>»C:windows$NtUninstallKB961501$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB968537)—>»C:windows$NtUninstallKB968537$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB970238)—>»C:windows$NtUninstallKB970238$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971032)—>»C:windows$NtUninstallKB971032$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971557)—>»C:windows$NtUninstallKB971557$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971633)—>»C:windows$NtUninstallKB971633$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971657)—>»C:windows$NtUninstallKB971657$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973346)—>»C:windows$NtUninstallKB973346$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973354)—>»C:windows$NtUninstallKB973354$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973507)—>»C:windows$NtUninstallKB973507$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973869)—>»C:windows$NtUninstallKB973869$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:windows$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB973540)—>»C:windows$NtUninstallKB973540_WM9L$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:windows$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows Internet Explorer 8 (KB971930)—>»C:windowsie8updatesKB971930-IE8spuninstspuninst.exe»
Обновление для Windows XP (KB932823-v3)—>»C:windows$NtUninstallKB932823-v3$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:windows$NtUninstallKB955839$spuninstspuninst.exe»
Обновление для Windows XP (KB967715)—>»C:windows$NtUninstallKB967715$spuninstspuninst.exe»
Обновление для Windows XP (KB968389)—>»C:windows$NtUninstallKB968389$spuninstspuninst.exe»
Обновление для Windows XP (KB973815)—>»C:windows$NtUninstallKB973815$spuninstspuninst.exe»
Пакет драйверов Windows — Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)—>C:PROGRA~1DIFX7B44739871F4D539FA473F57A832EA4B6A59EF06DPInst.exe /d /u C:WINDOWSsystem32DRVSTOREamdk8_A8D26169E6EDA9205D39A3918FEA7EFFFE870B0Aamdk8.inf
Пакет драйверов Windows — Nokia Modem (11/03/2006 6.82.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567nokbtmdm.inf
Языковой пакет Microsoft .NET Framework 3.5 — RUS—>C:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack — russetup.exe======Hosts File======
127.0.0.1 mpa.one.microsoft.com
======Security center information======
AV: ESET NOD32 Antivirus 4.0 (disabled)
======System event log======
Computer Name: MICROSOF-5C7FE7
Event Code: 6006
Message: Служба журнала событий остановлена.Record Number: 10473
Source Name: EventLog
Time Written: 20090728122439.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 20159
Message: Подключение пользователя «sorokan» к «CKC — internet», выполненное с помощью устройства «VPN5-1», было прервано.Record Number: 10472
Source Name: RemoteAccess
Time Written: 20090728122430.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 20158
Message: Успешно выполнено подключение пользователя «sorokan»к «CKC — internet», с помощью устройства «VPN5-1».Record Number: 10471
Source Name: RemoteAccess
Time Written: 20090728114206.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Остановлена.Record Number: 10470
Source Name: Service Control Manager
Time Written: 20090728114125.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 7036
Message: Служба «Обозреватель компьютеров» перешла в состояние Остановлена.Record Number: 10469
Source Name: Service Control Manager
Time Written: 20090728114121.000000+180
Event Type: информация
User:=====Application event log=====
Computer Name: MICROSOF-5C7FE7
Event Code: 4096
Message:
Record Number: 4848
Source Name: F-PROT Antivirus
Time Written: 20090729210423.000000+180
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-5C7FE7
Event Code: 4096
Message:
Record Number: 4847
Source Name: F-PROT Antivirus
Time Written: 20090729210423.000000+180
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-5C7FE7
Event Code: 4096
Message:
Record Number: 4846
Source Name: F-PROT Antivirus
Time Written: 20090729210423.000000+180
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-5C7FE7
Event Code: 4096
Message:
Record Number: 4845
Source Name: F-PROT Antivirus
Time Written: 20090729210423.000000+180
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-5C7FE7
Event Code: 4096
Message:
Record Number: 4844
Source Name: F-PROT Antivirus
Time Written: 20090729210422.000000+180
Event Type: предупреждение
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:PROGRAM FILESPC CONNECTIVITY SOLUTION;%SYSTEMROOT%SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%SYSTEM32WBEM;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=6b02
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«cdrom»=E:
EOF
привет всем у меня переполнен диск С пробовал удалял ненужные программы на диске С но результата никакого info.txt logfile of random’s system information tool 1.06 2009-08-20 14:11:10
======Uninstall list======
—>C:windowsUNNeroBackItUp.exe /UNINSTALL
—>C:windowsUNNeroMediaHome.exe /UNINSTALL
—>C:windowsUNNeroShowTime.exe /UNINSTALL
—>C:windowsUNNeroVision.exe /UNINSTALL
—>C:windowsUNRecode.exe /UNINSTALL
—>MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
—>MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
AGEIA PhysX v7.03.21—>MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
AusLogics Disk Defrag—>»D:СофтAusLogics Disk Defragunins000.exe»
CommFort 4.10a—>»C:Program FilesCommFortunins000.exe»
DirectX10 LV (Last Version)—>»C:Program FilesCommon Filesunins000.exe»
EXPERTool—>RunDll32 Setupapi.dll,InstallHinfSection TB.Remove 4 TBNT4.inf
FIFA 2009 — Ukrainian Premier League—>»D:insstalFIFA 2009 — Ukrainian Premier Leagueunins000.exe»
FlylinkDC++ r(321)—>»C:Program FilesFlylinkDC++unins000.exe»
free-downloads.net Toolbar—>C:PROGRA~1FREE-D~1.NETUNWISE.EXE /U C:PROGRA~1FREE-D~1.NETINSTALL.LOG
G-Force—>C:Program FilesSoundSpectrumG-ForceUninstall.exe
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LClock—>C:Program FilesLClockUninstall.exe
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{34AB2437-1B34-3E2D-9DE8-3E2D35335B3F}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{CFF15B94-E062-3701-869A-4CDF4590461E}
Microsoft .NET Framework 3.0 Service Pack 1—>MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack — rus—>MsiExec.exe /I{95E44F11-19F0-39EA-A894-792E054AA1CF}
Microsoft .NET Framework 3.5—>C:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5setup.exe
Microsoft .NET Framework 3.5—>MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.5.2)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)—>MsiExec.exe /I{12ADA7E9-D69A-4FF3-BA89-7EA3DF5A9A6A}
Nero 9—>C:Program FilesCommon FilesNeroNero ProductInstaller 4SetupX.exe REMOVESERIALNUMBER=»9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A»
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}setup.exe /LANG=»1049″
Nokia PC Suite—>MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
NVIDIA Drivers—>C:windowssystem32nvuninst.exe UninstallGUI
PC Connectivity Solution—>MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Radmin Server 3.0—>MsiExec.exe /X{AAD51583-6D43-4444-A1FF-0C8345345526}
Radmin Viewer 3.1—>MsiExec.exe /X{016CF441-8F40-469E-923B-35E2F9363E54}
REALTEK GbE & FE Ethernet PCI NIC Driver—>C:Program FilesInstallShield Installation Information{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}SETUP.EXE -runfromtemp -l0x0019 -removeonly
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}SETUP.EXE» -l0x19 -removeonly
Red Button 3.5—>D:insstalRedButton35uninstall.exe
Restless Worker 1.4.0—>»D:insstalRestless Workerunins000.exe»
Revo Uninstaller 1.83—>D:insstalRevo Uninstalleruninst.exe
S81 PC Suite Tool—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{59F8D656-329B-4975-9D78-2F1951FD6FDF}setup.exe» -l0x9 -removeonly
SnagIt 8—>MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Soccer Flags Screensaver 1.3—>»D:СофтSoccer Flags Screensaverunins000.exe»
Stamina 2.5—>»D:GamesStaminauninstall.exe»
Undelete Plus 2.94—>»C:Program FilesTouchStoneSoftwareUndeletePlusunins000.exe»
Uninstall Tool—>»D:insstalUninstall Toolunins000.exe»
Unlocker 1.8.5—>C:Program FilesUnlockeruninst.exe
Vit Registry Fix 8.0 (remove only)—>D:insstalVit Registry FixUninstall.exe
VMN Toolbar—>C:Program Filesvmntoolbaruninstall.exe
Windows Driver Package — Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33Epccswpddriver.inf
Windows Driver Package — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
Windows Imaging Component—>»C:windows$NtUninstallWIC$spuninstspuninst.exe»
Windows Internet Explorer 8—>»C:windowsie8spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
XML Paper Specification Shared Components Language Pack 1.0—>»C:windows$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Исправление для Windows XP (KB952287)—>»C:windows$NtUninstallKB952287$spuninstspuninst.exe»
Критическое обновление для проигрывателя Windows Media 11 — (KB959772)—>»C:windows$NtUninstallKB959772_WM11$spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 8 (KB969897)—>»C:windowsie8updatesKB969897-IE8spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 8 (KB972260)—>»C:windowsie8updatesKB972260-IE8spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923561)—>»C:windows$NtUninstallKB923561$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464-v2)—>»C:windows$NtUninstallKB938464-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:windows$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:windows$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:windows$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:windows$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:windows$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952004)—>»C:windows$NtUninstallKB952004$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:windows$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:windows$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:windows$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956572)—>»C:windows$NtUninstallKB956572$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956744)—>»C:windows$NtUninstallKB956744$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:windows$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:windows$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:windows$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:windows$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:windows$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB959426)—>»C:windows$NtUninstallKB959426$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960225)—>»C:windows$NtUninstallKB960225$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960803)—>»C:windows$NtUninstallKB960803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960859)—>»C:windows$NtUninstallKB960859$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961371)—>»C:windows$NtUninstallKB961371$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961501)—>»C:windows$NtUninstallKB961501$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB968537)—>»C:windows$NtUninstallKB968537$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB970238)—>»C:windows$NtUninstallKB970238$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971032)—>»C:windows$NtUninstallKB971032$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971557)—>»C:windows$NtUninstallKB971557$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971633)—>»C:windows$NtUninstallKB971633$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971657)—>»C:windows$NtUninstallKB971657$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973346)—>»C:windows$NtUninstallKB973346$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973354)—>»C:windows$NtUninstallKB973354$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973507)—>»C:windows$NtUninstallKB973507$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973869)—>»C:windows$NtUninstallKB973869$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:windows$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB973540)—>»C:windows$NtUninstallKB973540_WM9L$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:windows$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows Internet Explorer 8 (KB971930)—>»C:windowsie8updatesKB971930-IE8spuninstspuninst.exe»
Обновление для Windows XP (KB932823-v3)—>»C:windows$NtUninstallKB932823-v3$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:windows$NtUninstallKB955839$spuninstspuninst.exe»
Обновление для Windows XP (KB967715)—>»C:windows$NtUninstallKB967715$spuninstspuninst.exe»
Обновление для Windows XP (KB968389)—>»C:windows$NtUninstallKB968389$spuninstspuninst.exe»
Обновление для Windows XP (KB973815)—>»C:windows$NtUninstallKB973815$spuninstspuninst.exe»
Пакет драйверов Windows — Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)—>C:PROGRA~1DIFX7B44739871F4D539FA473F57A832EA4B6A59EF06DPInst.exe /d /u C:WINDOWSsystem32DRVSTOREamdk8_A8D26169E6EDA9205D39A3918FEA7EFFFE870B0Aamdk8.inf
Пакет драйверов Windows — Nokia Modem (11/03/2006 6.82.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567nokbtmdm.inf
Языковой пакет Microsoft .NET Framework 3.5 — RUS—>C:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack — russetup.exe======Hosts File======
127.0.0.1 mpa.one.microsoft.com
======Security center information======
AV: ESET NOD32 Antivirus 4.0 (disabled)
======System event log======
Computer Name: MICROSOF-5C7FE7
Event Code: 6006
Message: Служба журнала событий остановлена.Record Number: 10473
Source Name: EventLog
Time Written: 20090728122439.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 20159
Message: Подключение пользователя «sorokan» к «CKC — internet», выполненное с помощью устройства «VPN5-1», было прервано.Record Number: 10472
Source Name: RemoteAccess
Time Written: 20090728122430.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 20158
Message: Успешно выполнено подключение пользователя «sorokan»к «CKC — internet», с помощью устройства «VPN5-1».Record Number: 10471
Source Name: RemoteAccess
Time Written: 20090728114206.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Остановлена.Record Number: 10470
Source Name: Service Control Manager
Time Written: 20090728114125.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 7036
Message: Служба «Обозреватель компьютеров» перешла в состояние Остановлена.Record Number: 10469
Source Name: Service Control Manager
Time Written: 20090728114121.000000+180
Event Type: информация
User:=====Application event log=====
Computer Name: MICROSOF-5C7FE7
Event Code: 4096
Message:
Record Number: 4848
Source Name: F-PROT Antivirus
Time Written: 20090729210423.000000+180
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-5C7FE7
Event Code: 4096
Message:
Record Number: 4847
Source Name: F-PROT Antivirus
Time Written: 20090729210423.000000+180
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-5C7FE7
Event Code: 4096
Message:
Record Number: 4846
Source Name: F-PROT Antivirus
Time Written: 20090729210423.000000+180
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-5C7FE7
Event Code: 4096
Message:
Record Number: 4845
Source Name: F-PROT Antivirus
Time Written: 20090729210423.000000+180
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-5C7FE7
Event Code: 4096
Message:
Record Number: 4844
Source Name: F-PROT Antivirus
Time Written: 20090729210422.000000+180
Event Type: предупреждение
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:PROGRAM FILESPC CONNECTIVITY SOLUTION;%SYSTEMROOT%SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%SYSTEM32WBEM;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=6b02
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«cdrom»=E:
EOF
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-08-20 14:10:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 79 MB (1%) free of 15 GB
Total RAM: 2046 MB (67% free)HijackThis download failed
======Scheduled tasks folder======
C:windowstasksNeroLiveEpgUpdate-MICROSOF-5C7FE7_Admin.job
C:windowstasksUser_Feed_Synchronization-{0CEC74DE-9A99-4037-86AC-4CD3BFEBFC08}.job
C:windowstasksWise Registry Cleaner 4.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader — C:Program FilesTechSmithSnagIt 8SnagItBHO.dll [2007-05-01 63048][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A057A204-BACC-4D26-8287-79A187E26987}]
VMN Toolbar Astro Gemini — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL [2009-04-15 1950656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-07-15 2215960][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — SnagIt — C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll [2007-05-01 161352]
{ecdee021-0d17-467f-a1ff-c7a115230949} — free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-07-15 2215960]
{A057A204-BACC-4D26-8287-79A187E26987} — VMN Toolbar Astro Gemini — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL [2009-04-15 1950656][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe /background []
«CTFMON.EXE»=C:windowssystem32ctfmon.exe [2007-12-21 30208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»ice_time.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:windowsSYSTEM32WgaLogon.dll [2009-03-10 265096][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDesktop»=0
«NoActiveDesktop»=0
«HideClock»=0
«NoStartMenuPinnedList»=0
«NoStartMenuMFUprogramsList»=0
«NoUserNameInStartMenu»=0
«StartmenuLogoff»=0
«NoStartMenuSubFolders»=0
«NoCommonGroups»=0
«NoPrinterTabs»=0
«NoDeletePrinter»=0
«NoAddPrinter»=0
«NoPrinters»=0
«NoFavoritesMenu»=0
«NoRun»=0
«NoFind»=0
«NoClose»=0
«NoSetFolders»=0
«NoViewContextMenu»=0
«NoDrives»=0
«NoToolbarCustomize»=0
«NoChangeAnimation»=0
«NoChangeKeyboardNavigationIndicators»=0
«NoThemesTab»=0
«EnableShellExecuteHooks»=1
«NoInstrumentation»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesNorton AntiVirusEngine16.0.0.125ccSvcHst.exe»=»C:Program FilesNorton AntiVirusEngine16.0.0.125ccSvcHst.exe:*:Enabled:Symantec Service Framework»
«D:Gamesmedal of honorMohaa.exe»=»D:Gamesmedal of honorMohaa.exe:*:Enabled:Medal of Honor Allied Assault»
«C:Program FilesFlylinkDC++FlylinkDC.exe»=»C:Program FilesFlylinkDC++FlylinkDC.exe:*:Enabled:FlylinkDC++»
«D:GamesPES 2009pes2009.exe»=»D:GamesPES 2009pes2009.exe:*:Enabled:Pro Evolution Soccer 2009»
«D:GamesSystemZombie.exe»=»D:GamesSystemZombie.exe:*:Enabled:Day of the Zombie»
«D:GamesS.T.A.L.K.E.R. — Clear SkybinxrEngine.exe»=»D:GamesS.T.A.L.K.E.R. — Clear SkybinxrEngine.exe:*:Enabled:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)»
«D:GamesS.T.A.L.K.E.R. — Clear SkybindedicatedxrEngine.exe»=»D:GamesS.T.A.L.K.E.R. — Clear SkybindedicatedxrEngine.exe:*:Enabled:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)»
«D:GamesPro Evolution Soccer 2009 — Украинская Премьер-лигаpes2009.exe»=»D:GamesPro Evolution Soccer 2009 — Украинская Премьер-лигаpes2009.exe:*:Enabled:Pro Evolution Soccer 2009»
«C:Program FilesCommFortCommFort.exe»=»C:Program FilesCommFortCommFort.exe:*:Enabled:CommFort»
«C:Program FilesWindows Media Playerwmplayer.exe»=»C:Program FilesWindows Media Playerwmplayer.exe:*:Enabled:Windows Media Player»
«C:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe»=»C:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe:*:Enabled:Kaspersky Anti-Virus»
«C:Program FileseMuleemule.exe»=»C:Program FileseMuleemule.exe:*:Enabled:eMule»
«D:insstalКазаки II — Битва за Европуengine.exe»=»D:insstalКазаки II — Битва за Европуengine.exe:*:Enabled:Cossacks 2: Battle for Europe»
«C:Program FilesGolden FTP Server ProGFTPpro.exe»=»C:Program FilesGolden FTP Server ProGFTPpro.exe:*:Enabled:Easy to use FTP server for Windows.»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G]
shellAutoRuncommand — G:autorun.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{67efa2a2-e785-11dd-a5c9-001a4df7a292}]
shellAutoRuncommand — H:80avp08.com
shellexplorecommand — H:80avp08.com
shellopencommand — H:80avp08.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ca8f4fdf-ad5c-11dd-a508-001a4df7a292}]
shellAutoRuncommand — F:autorun.exe======List of files/folders created in the last 1 months======
2009-08-20 14:10:48 —-D—- C:Program Filestrend micro
2009-08-20 14:10:47 —-DC—- C:rsit
2009-08-20 13:12:33 —-D—- C:windowssystem32appmgmt
2009-08-20 13:11:51 —-DC—- C:Documents and SettingsAdminApplication DataAdobe
2009-08-20 09:39:52 —-DC—- C:Documents and SettingsAdminApplication DataEmailNotifier
2009-08-18 18:57:43 —-DC—- C:Documents and SettingsAdminApplication DataAuslogics
2009-08-18 10:00:19 —-A—- C:windowssystem32LogFile.txt
2009-08-15 08:35:40 —-DC—- C:Documents and SettingsAdminApplication DataMacromedia
2009-08-13 12:42:02 —-DC—- C:Documents and SettingsAdminApplication DataPC Suite
2009-08-13 09:23:58 —-D—- C:Program FilesESET
2009-08-13 09:23:58 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2009-08-12 20:35:30 —-HDC—- C:windows$NtUninstallKB960859$
2009-08-12 20:35:26 —-HDC—- C:windows$NtUninstallKB971657$
2009-08-12 20:35:22 —-HDC—- C:windows$NtUninstallKB971557$
2009-08-12 20:35:17 —-D—- C:windowsServicePackFiles
2009-08-12 20:35:15 —-HDC—- C:windows$NtUninstallKB956744$
2009-08-12 20:35:11 —-HDC—- C:windows$NtUninstallKB973869$
2009-08-12 20:35:02 —-HDC—- C:windows$NtUninstallKB973540_WM9L$
2009-08-12 20:34:53 —-HDC—- C:windows$NtUninstallKB973507$
2009-08-12 20:34:48 —-HDC—- C:windows$NtUninstallKB973354$
2009-08-12 20:34:15 —-HDC—- C:windows$NtUninstallKB973815$
2009-08-12 20:34:10 —-HDC—- C:windows$NtUninstallKB971032$
2009-08-12 20:34:02 —-HDC—- C:windows$NtUninstallKB968389$
2009-08-11 15:53:45 —-A—- C:windowsWININIT.INI
2009-08-11 15:48:21 —-D—- C:Documents and SettingsAll UsersApplication DataSony Corporation
2009-08-11 11:28:08 —-D—- C:Program FilesWinamp
2009-07-25 19:18:36 —-DC—- C:Documents and SettingsAdminApplication DataSoundSpectrum
2009-07-24 12:19:12 —-DC—- C:Documents and SettingsAdminApplication DataMozilla
2009-07-24 11:55:54 —-DC—- C:Documents and SettingsAdminApplication DataNero
2009-07-24 11:51:07 —-DC—- C:Documents and SettingsAdminApplication DataVMNTOOLBAR
2009-07-24 11:50:19 —-SDC—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-07-23 11:36:52 —-N—- C:windowssystem32px.dll
2009-07-23 07:21:51 —-A—- C:Program FilesAstonWriteTest.txt
2009-07-23 06:56:41 —-D—- C:Program FilesDAP======List of files/folders modified in the last 1 months======
2009-08-20 14:10:48 —-D—- C:Program Files
2009-08-20 14:10:43 —-D—- C:windowsPrefetch
2009-08-20 14:09:00 —-D—- C:windowsTemp
2009-08-20 13:31:34 —-D—- C:Program FilesUltraISO
2009-08-20 13:12:33 —-SHD—- C:windowsInstaller
2009-08-20 13:12:33 —-D—- C:windowssystem32
2009-08-20 13:10:43 —-D—- C:Program FilesMozilla Firefox
2009-08-20 11:33:56 —-A—- C:windowsSchedLgU.Txt
2009-08-20 10:03:29 —-D—- C:WINDOWS
2009-08-20 10:01:13 —-D—- C:windowssystem32spool
2009-08-20 08:55:10 —-D—- C:Documents and SettingsAll UsersApplication DataEmailNotifier
2009-08-20 08:55:06 —-D—- C:windowssystem32CatRoot2
2009-08-20 08:55:03 —-HD—- C:windowssystem32GroupPolicy
2009-08-20 08:55:03 —-D—- C:windowsWinSxS
2009-08-20 08:55:03 —-D—- C:windowssystem32oobe
2009-08-20 08:55:03 —-D—- C:windowssystem32mui
2009-08-20 08:55:03 —-D—- C:windowssystem32Macromed
2009-08-20 08:55:03 —-D—- C:windowssecurity
2009-08-20 08:55:03 —-D—- C:windowsRegistration
2009-08-20 08:55:03 —-D—- C:windowspchealth
2009-08-20 08:55:03 —-D—- C:windowsime
2009-08-20 08:55:02 —-SD—- C:windowsassembly
2009-08-20 08:55:02 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-08-20 08:55:02 —-HD—- C:windows$hf_mig$
2009-08-20 08:55:02 —-HD—- C:Program FilesInstallShield Installation Information
2009-08-20 08:55:02 —-D—- C:Program FilesWindows Media Player
2009-08-20 08:55:02 —-D—- C:Program FilesTotal Commander
2009-08-20 08:55:02 —-D—- C:Program FilesRealtek
2009-08-20 08:55:02 —-D—- C:Program FilesQIP
2009-08-20 08:55:02 —-D—- C:Program FilesMaxthon2
2009-08-20 08:55:02 —-D—- C:Program FilesFlylinkDC++
2009-08-20 08:55:02 —-D—- C:Program FilesCommon FilesAdobe
2009-08-20 08:55:02 —-D—- C:Program FilesCommon Files
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataSolo9RusEngNum
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataPC Suite
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-08-19 20:11:55 —-D—- C:Program FilesuTorrent
2009-08-19 17:15:53 —-A—- C:windowsNeroDigital.ini
2009-08-19 07:19:06 —-D—- C:windowssystem32rserver30
2009-08-18 18:55:23 —-A—- C:windowsimsins.BAK
2009-08-18 08:19:01 —-D—- C:Program FilesInternet Explorer
2009-08-14 10:48:01 —-D—- C:Program FilesUninstall Tool
2009-08-14 10:13:47 —-D—- C:Program FilesNero
2009-08-13 09:57:09 —-D—- C:windowsI386
2009-08-13 09:28:18 —-D—- C:Program FilesOutlook Express
2009-08-13 09:24:38 —-HD—- C:windowsinf
2009-08-13 09:24:38 —-D—- C:windowssystem32drivers
2009-08-13 08:34:19 —-D—- C:windowssystem32Setup
2009-08-12 20:35:33 —-SHDC—- C:windowssystem32dllcache
2009-08-12 20:35:17 —-D—- C:windowssystem32ru-ru
2009-08-12 10:59:18 —-DC—- C:windowssystem32DRVSTORE
2009-08-12 10:23:01 —-D—- C:Program FilesSoundSpectrum
2009-08-12 09:50:00 —-D—- C:windowsnetwork diagnostic
2009-08-11 10:23:42 —-D—- C:windowsMinidump
2009-08-05 12:08:09 —-A—- C:windowssystem32mswebdvd.dll
2009-07-30 03:49:14 —-A—- C:windowssystem32MRT.exe
2009-07-26 18:22:51 —-D—- C:Program FilesEverest
2009-07-23 07:04:02 —-SD—- C:windowsFonts
2009-07-21 20:12:17 —-D—- C:windowssystem32CatRoot======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:windowssystem32DRIVERSAmdK8.sys [2006-06-18 43520]
R1 ehdrv;ehdrv; C:windowssystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:windowssystem32DRIVERSepfwtdir.sys [2009-02-06 93336]
R1 raddrvv3;raddrvv3; ??C:WINDOWSsystem32rserver30raddrvv3.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; ??C:WINDOWSsystem32driverssp_rsdrv2.sys []
R2 atksgt;atksgt; C:windowssystem32DRIVERSatksgt.sys [2008-11-06 278728]
R2 eamon;eamon; C:windowssystem32DRIVERSeamon.sys [2009-02-06 113448]
R2 lirsgt;lirsgt; C:windowssystem32DRIVERSlirsgt.sys [2008-11-06 25416]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:windowssystem32DRIVERSrspndr.sys [2006-12-04 62336]
R2 TBPanel;TBPanel; C:windowssystem32driversTBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:windowssystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:windowssystem32driversRtkHDAud.sys [2007-05-10 4419584]
R3 mirrorv3;mirrorv3; C:windowssystem32DRIVERSrminiv3.sys [2006-11-01 3328]
R3 nv;nv; C:windowssystem32DRIVERSnv4_mini.sys [2008-05-03 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:windowssystem32DRIVERSRtnicxp.sys [2006-12-14 85120]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:windowssystem32DRIVERSusbehci.sys [2007-12-21 30208]
R3 usbhub;USB2 концентратор; C:windowssystem32DRIVERSusbhub.sys [2007-12-21 59392]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:windowssystem32DRIVERSusbohci.sys [2007-12-21 17152]
S3 afuedn2a;afuedn2a; C:windowssystem32driversafuedn2a.sys []
S3 att89cfg;att89cfg; C:windowssystem32driversatt89cfg.sys []
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 dtscsi;dtscsi; C:windowsSystem32Driversdtscsi.sys [2009-02-22 223128]
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 nmwcd;Nokia USB Phone Parent; C:windowssystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:windowssystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:windowssystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:windowssystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:windowssystem32DRIVERSusbccgp.sys [2007-12-21 31616]
S3 usbscan;Драйвер USB-сканера; C:windowssystem32DRIVERSusbscan.sys [2007-12-21 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:windowssystem32DRIVERSUSBSTOR.SYS [2007-12-21 26496]
S3 vaxscsi;vaxscsi; C:windowsSystem32Driversvaxscsi.sys [2009-03-31 223128]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:windowssystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:windowssystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:windowsSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe [2008-09-24 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:windowssystem32nvsvc32.exe [2008-05-03 159812]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-05-03 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2005-08-08 167936]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:Program FilesSpyware Terminatorsp_rsser.exe [2009-03-05 540672]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:windowssystem32svchost.exe [2004-08-18 14336]
S2 pr2aqfjb;9th Company Drivers Auto Removal (pr2aqfjb); C:windowssystem32pr2aqfjb.exe [2008-03-13 415096]
S2 RServer3;Radmin Server V3; C:WINDOWSsystem32rserver30RServer3.exe /service []
S2 StarWindService;StarWind iSCSI Service; D:Alcohol 52StarWindStarWindService.exe []
S2 StarWindServiceAE;StarWind AE Service; D:програмыалкогольAlcohol 120StarWindStarWindServiceAE.exe []
S3 aspnet_state;ASP.NET State Service; C:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:windowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:windowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe []
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:windowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-03-26 267824]
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Подробнее опишите ваши проблемы. Кроме переполнения диска С, компьютер работает нормально ?
Судя по этой информации
System drive C: has 79 MB (1%) free of 15 GB
на диске действительно очень мало места.
Создайте новую точку восстановления и удалите все старые. Это может высвободить некоторое место.
Удалите старые точки восстановления, так как в них возможно нахождения инфицированных файлов, троянов и других вредоносных программ. Для этого кликните по иконке Мой компьютер, выберите пункт Свойства. В открывшемся окне выберите вкладку Восстановление системы. Поставьте галочку напротив пункта Отключить восстановление системы на всех дисках. Кликните по кнопке Применить. Подтвердите свои действия кликнув по кнопке OK в открывшемся диалоге. Закройте окно Свойства системы, кликнув по кнопке OK.
После загрузки компьютера выполните действия описанные выше, только в этот раз снимите галочку.
Создайте новую точку восстановления. Это поможет вам в случае необходимости загрузить текущую конфигурацию Windows и быстро излечиться от спайваре/вируса. Для этого кликните по кнопке Пуск, далее выберите пункт Стандартные, в нём Служебные и запустите программу Восстановление системы. В открывшемся окне выберите задачу Создать точку восстановления и нажмите кнопку Далее и следуйте указаниям.
Пришлите свежий RSIT лог.
info.txt logfile of random’s system information tool 1.06 2009-08-30 19:58:54
======Uninstall list======
—>C:windowsUNNeroBackItUp.exe /UNINSTALL
—>C:windowsUNNeroMediaHome.exe /UNINSTALL
—>C:windowsUNNeroShowTime.exe /UNINSTALL
—>C:windowsUNNeroVision.exe /UNINSTALL
—>C:windowsUNRecode.exe /UNINSTALL
—>MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
—>MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
AGEIA PhysX v7.03.21—>MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
CommFort 4.10a—>»C:Program FilesCommFortunins000.exe»
CpuIdle (remove only)—>»D:програмыCpuIdleuninstall.exe»
DirectX10 LV (Last Version)—>»C:Program FilesCommon Filesunins000.exe»
EXPERTool—>RunDll32 Setupapi.dll,InstallHinfSection TB.Remove 4 TBNT4.inf
FIFA 2009 — Ukrainian Premier League—>»D:ИгрыFIFA 2009 — Ukrainian Premier Leagueunins000.exe»
FlylinkDC++ r(321)—>»C:Program FilesFlylinkDC++unins000.exe»
free-downloads.net Toolbar—>C:PROGRA~1FREE-D~1.NETUNWISE.EXE /U C:PROGRA~1FREE-D~1.NETINSTALL.LOG
G-Force—>C:Program FilesSoundSpectrumG-ForceUninstall.exe
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LClock—>C:Program FilesLClockUninstall.exe
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{34AB2437-1B34-3E2D-9DE8-3E2D35335B3F}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{CFF15B94-E062-3701-869A-4CDF4590461E}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack — rus—>MsiExec.exe /I{95E44F11-19F0-39EA-A894-792E054AA1CF}
Microsoft .NET Framework 3.5 SP1—>C:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.5.2)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)—>MsiExec.exe /I{12ADA7E9-D69A-4FF3-BA89-7EA3DF5A9A6A}
Nero 9—>C:Program FilesCommon FilesNeroNero ProductInstaller 4SetupX.exe REMOVESERIALNUMBER=»9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A»
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}setup.exe /LANG=»1049″
Nokia PC Suite—>MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
NVIDIA Drivers—>C:windowssystem32nvuninst.exe UninstallGUI
PC Connectivity Solution—>MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Radmin Server 3.0—>MsiExec.exe /X{AAD51583-6D43-4444-A1FF-0C8345345526}
Radmin Viewer 3.1—>MsiExec.exe /X{016CF441-8F40-469E-923B-35E2F9363E54}
REALTEK GbE & FE Ethernet PCI NIC Driver—>C:Program FilesInstallShield Installation Information{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}SETUP.EXE -runfromtemp -l0x0019 -removeonly
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}SETUP.EXE» -l0x19 -removeonly
S81 PC Suite Tool—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{59F8D656-329B-4975-9D78-2F1951FD6FDF}setup.exe» -l0x9 -removeonly
SnagIt 8—>MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Soccer Flags Screensaver 1.3—>»D:СофтSoccer Flags Screensaverunins000.exe»
Stamina 2.5—>»D:GamesStaminauninstall.exe»
Undelete Plus 2.94—>»C:Program FilesTouchStoneSoftwareUndeletePlusunins000.exe»
Unlocker 1.8.5—>C:Program FilesUnlockeruninst.exe
VMN Toolbar—>C:Program Filesvmntoolbaruninstall.exe
Winamp—>»D:СофтWinampUninstWA.exe»
Windows Driver Package — Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33Epccswpddriver.inf
Windows Driver Package — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
Windows Imaging Component—>»C:windows$NtUninstallWIC$spuninstspuninst.exe»
Windows Internet Explorer 8—>»C:windowsie8spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
XML Paper Specification Shared Components Language Pack 1.0—>»C:windows$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Исправление для Windows XP (KB952287)—>»C:windows$NtUninstallKB952287$spuninstspuninst.exe»
Исправление для Windows XP (KB961118)—>»C:windows$NtUninstallKB961118$spuninstspuninst.exe»
Исправление для Windows XP (KB970653-v3)—>»C:windows$NtUninstallKB970653-v3$spuninstspuninst.exe»
Критическое обновление для проигрывателя Windows Media 11 — (KB959772)—>»C:windows$NtUninstallKB959772_WM11$spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 8 (KB969897)—>»C:windowsie8updatesKB969897-IE8spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 8 (KB972260)—>»C:windowsie8updatesKB972260-IE8spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923561)—>»C:windows$NtUninstallKB923561$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464-v2)—>»C:windows$NtUninstallKB938464-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:windows$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:windows$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:windows$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:windows$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:windows$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952004)—>»C:windows$NtUninstallKB952004$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:windows$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:windows$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:windows$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956572)—>»C:windows$NtUninstallKB956572$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956744)—>»C:windows$NtUninstallKB956744$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:windows$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:windows$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:windows$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:windows$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:windows$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB959426)—>»C:windows$NtUninstallKB959426$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960225)—>»C:windows$NtUninstallKB960225$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960803)—>»C:windows$NtUninstallKB960803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960859)—>»C:windows$NtUninstallKB960859$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961371)—>»C:windows$NtUninstallKB961371$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961501)—>»C:windows$NtUninstallKB961501$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB968537)—>»C:windows$NtUninstallKB968537$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB970238)—>»C:windows$NtUninstallKB970238$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971032)—>»C:windows$NtUninstallKB971032$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971557)—>»C:windows$NtUninstallKB971557$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971633)—>»C:windows$NtUninstallKB971633$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971657)—>»C:windows$NtUninstallKB971657$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973346)—>»C:windows$NtUninstallKB973346$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973354)—>»C:windows$NtUninstallKB973354$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973507)—>»C:windows$NtUninstallKB973507$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973869)—>»C:windows$NtUninstallKB973869$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:windows$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB973540)—>»C:windows$NtUninstallKB973540_WM9L$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:windows$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows Internet Explorer 8 (KB971930)—>»C:windowsie8updatesKB971930-IE8spuninstspuninst.exe»
Обновление для Windows XP (KB932823-v3)—>»C:windows$NtUninstallKB932823-v3$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:windows$NtUninstallKB955839$spuninstspuninst.exe»
Обновление для Windows XP (KB967715)—>»C:windows$NtUninstallKB967715$spuninstspuninst.exe»
Обновление для Windows XP (KB968389)—>»C:windows$NtUninstallKB968389$spuninstspuninst.exe»
Обновление для Windows XP (KB973815)—>»C:windows$NtUninstallKB973815$spuninstspuninst.exe»
Пакет драйверов Windows — Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)—>C:PROGRA~1DIFX7B44739871F4D539FA473F57A832EA4B6A59EF06DPInst.exe /d /u C:WINDOWSsystem32DRVSTOREamdk8_A8D26169E6EDA9205D39A3918FEA7EFFFE870B0Aamdk8.inf
Пакет драйверов Windows — Nokia Modem (11/03/2006 6.82.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567nokbtmdm.inf
Языковой пакет Microsoft .NET Framework 3.5 — RUS—>C:windowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack — russetup.exe======Hosts File======
127.0.0.1 mpa.one.microsoft.com
======Security center information======
AV: ESET NOD32 Antivirus 4.0
======System event log======
Computer Name: MICROSOF-5C7FE7
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Остановлена.Record Number: 11667
Source Name: Service Control Manager
Time Written: 20090811151341.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 7036
Message: Служба «Обозреватель компьютеров» перешла в состояние Остановлена.Record Number: 11666
Source Name: Service Control Manager
Time Written: 20090811151339.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 7036
Message: Служба «Диспетчер подключений удаленного доступа» перешла в состояние Работает.Record Number: 11665
Source Name: Service Control Manager
Time Written: 20090811151337.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 7036
Message: Служба «Служба шлюза уровня приложения» перешла в состояние Работает.Record Number: 11664
Source Name: Service Control Manager
Time Written: 20090811151337.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 7035
Message: Служба «Служба шлюза уровня приложения» успешно отправила управляющий элемент «запустить».Record Number: 11663
Source Name: Service Control Manager
Time Written: 20090811151337.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM=====Application event log=====
Computer Name: MICROSOF-5C7FE7
Event Code: 4096
Message:
Record Number: 4970
Source Name: F-PROT Antivirus
Time Written: 20090801210432.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-5C7FE7
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.Record Number: 4969
Source Name: SecurityCenter
Time Written: 20090801210232.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 0
Message:
Record Number: 4968
Source Name: RichVideo
Time Written: 20090801210218.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 4
Message: The LightScribe Service started successfully.Record Number: 4967
Source Name: LightScribeService
Time Written: 20090801210211.000000+180
Event Type: информация
User:Computer Name: MICROSOF-5C7FE7
Event Code: 4137
Message: Служба индексирования начала просмотр каталога d:system volume informationcatalog.wci.Record Number: 4966
Source Name: Ci
Time Written: 20090801171253.000000+180
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%systemroot%system32;%systemroot%;%systemroot%system32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=6b02
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«cdrom»=E:
EOF
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-08-30 19:58:24
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (27%) free of 15 GB
Total RAM: 2046 MB (76% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:45, on 30.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:windowsSystem32smss.exe
C:windowssystem32winlogon.exe
C:windowssystem32services.exe
C:windowssystem32lsass.exe
C:windowssystem32svchost.exe
C:windowsSystem32svchost.exe
C:windowssystem32svchost.exe
C:windowssystem32spoolsv.exe
C:windowsExplorer.EXE
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:windowsSystem32svchost.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
C:windowssystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:Program FilesSpyware Terminatorsp_rsser.exe
C:windowssystem32svchost.exe
D:програмыCpuIdlecpuidle.exe
D:СофтWinampwinampa.exe
C:windowssystem32ctfmon.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
D:СофтRSIT.exe
C:Program Filestrend microAdmin.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — C:Program Filesfree-downloads.nettbfre1.dll
O2 — BHO: SnagIt Toolbar Loader — {00C6482D-C502-44C8-8409-FCE54AD9C208} — C:Program FilesTechSmithSnagIt 8SnagItBHO.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: VMN Toolbar Astro Gemini — {A057A204-BACC-4D26-8287-79A187E26987} — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL
O2 — BHO: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — C:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: SnagIt — {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll
O3 — Toolbar: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — C:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: VMN Toolbar Astro Gemini — {A057A204-BACC-4D26-8287-79A187E26987} — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [CpuIdle] D:програмыCpuIdlecpuidle.exe
O4 — HKLM..Run: [WinampAgent] D:СофтWinampwinampa.exe
O4 — HKCU..Run: [ctfmon.exe] C:windowssystem32ctfmon.exe
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:windowsNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:windowsNetwork Diagnosticxpnetdiag.exe
O17 — HKLMSystemCCSServicesTcpip..{36ECF653-D146-4851-ADD2-21DACAF6DB34}: NameServer = 194.79.63.1 194.79.63.1
O17 — HKLMSystemCCSServicesTcpip..{87F13F3F-BE9B-4061-B87E-FB3E44377E90}: NameServer = 192.168.59.1
O18 — Protocol: soloresinternetrusengnum — {1B7043A7-84E1-443A-804F-20A75728892C} — (no file)
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:windowssystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:windowssystem32imapi.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: NBService — Unknown owner — C:Program FilesNeroNero 7Nero BackItUpNBService.exe (file missing)
O23 — Service: Nero BackItUp Scheduler 4.0 — Nero AG — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:windowssystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:windowssystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: 9th Company Drivers Auto Removal (pr2aqfjb) (pr2aqfjb) — Noviy Disk — C:windowssystem32pr2aqfjb.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
O23 — Service: Radmin Server V3 (RServer3) — Unknown owner — C:WINDOWSsystem32rserver30RServer3.exe (file missing)
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:windowsSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Spyware Terminator Realtime Shield Service (sp_rssrv) — Crawler.com — C:Program FilesSpyware Terminatorsp_rsser.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Unknown owner — D:Alcohol 52StarWindStarWindService.exe (file missing)
O23 — Service: StarWind AE Service (StarWindServiceAE) — Unknown owner — D:програмыалкогольAlcohol 120StarWindStarWindServiceAE.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:windowssystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:windowsSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7672 bytes======Scheduled tasks folder======
C:windowstasksNeroLiveEpgUpdate-MICROSOF-5C7FE7_Admin.job
C:windowstasksUser_Feed_Synchronization-{0CEC74DE-9A99-4037-86AC-4CD3BFEBFC08}.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader — C:Program FilesTechSmithSnagIt 8SnagItBHO.dll [2007-05-01 63048][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A057A204-BACC-4D26-8287-79A187E26987}]
VMN Toolbar Astro Gemini — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL [2009-04-15 1950656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-07-15 2215960][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — SnagIt — C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll [2007-05-01 161352]
{ecdee021-0d17-467f-a1ff-c7a115230949} — free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-07-15 2215960]
{A057A204-BACC-4D26-8287-79A187E26987} — VMN Toolbar Astro Gemini — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL [2009-04-15 1950656][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:windowssystem32NvCpl.dll [2008-05-03 13529088]
«CpuIdle»=D:програмыCpuIdlecpuidle.exe [2009-08-27 824832]
«WinampAgent»=D:СофтWinampwinampa.exe [2009-04-10 37888][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:windowssystem32ctfmon.exe [2007-12-21 30208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:windowssystem32WgaLogon.dll [2009-03-10 265096][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=
:windowssystem32srr[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoStartMenuPinnedList»=0
«NoStartMenuMFUprogramsList»=0
«NoUserNameInStartMenu»=0
«NoStartMenuSubFolders»=0
«NoCommonGroups»=0
«NoPrinterTabs»=0
«NoDeletePrinter»=0
«NoAddPrinter»=0
«NoPrinters»=0
«NoFavoritesMenu»=0
«NoDrives»=0
«NoChangeAnimation»=0
«NoChangeKeyboardNavigationIndicators»=0
«EnableShellExecuteHooks»=1
«NoInstrumentation»=1
«NoDriveAutoRun»=67108863[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesFlylinkDC++FlylinkDC.exe»=»C:Program FilesFlylinkDC++FlylinkDC.exe:*:Enabled:FlylinkDC++»
«C:Program FilesCommFortCommFort.exe»=»C:Program FilesCommFortCommFort.exe:*:Enabled:CommFort»
«C:Program FilesWindows Media Playerwmplayer.exe»=»C:Program FilesWindows Media Playerwmplayer.exe:*:Enabled:Windows Media Player»
«C:Program FilesGolden FTP Server ProGFTPpro.exe»=»C:Program FilesGolden FTP Server ProGFTPpro.exe:*:Enabled:Easy to use FTP server for Windows.»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-08-30 19:58:24 —-DC—- C:rsit
2009-08-30 19:37:26 —-D—- C:windowsPrefetch
2009-08-30 19:12:54 —-N—- C:windowssystem32qmgr.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32userinit.exe
2009-08-30 19:12:36 —-N—- C:windowssystem32services.exe
2009-08-30 19:12:36 —-N—- C:windowssystem32rasauto.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32oleaut32.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32msgsvc.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32kernel32.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32comctl32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32wkssvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32win32spl.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32untfs.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ulib.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32tcpmonui.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32syssetup.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32srvsvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32smss.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32setupapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32sessmgr.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32schannel.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32scardsvr.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32savedump.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32samsrv.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32samlib.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rshx32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rastapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rasman.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rasdlg.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rasapi32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32printui.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32perfctrs.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32olecnv32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32nwprovau.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ntvdm.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32ntprint.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ntlsapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ntdll.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32nslookup.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32msv1_0.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32mgmtapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32lsasrv.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32locator.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32localspl.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32lmhsvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32imagehlp.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ftp.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32format.com
2009-08-30 19:12:36 —-A—- C:windowssystem32dhcpcsvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32csrsrv.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32comdlg32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32cmd.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32cacls.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32autoconv.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32autochk.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32advapi32.dll
2009-08-30 19:12:32 —-N—- C:windowssystem32ntoskrnl.exe
2009-08-30 19:12:32 —-N—- C:windowssystem32ntkrnlpa.exe
2009-08-30 19:12:32 —-A—- C:windowssystem32hal.dll
2009-08-30 19:12:32 —-A—- C:windowssystem32asfsipc.dll
2009-08-30 11:44:36 —-N—- C:windowssystem32_004444_.tmp.dll
2009-08-30 11:44:36 —-N—- C:windowssystem32_004439_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004438_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004437_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004436_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004435_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004432_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004431_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004430_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004429_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004427_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004425_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004424_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004422_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004421_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004417_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004416_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004413_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004410_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004409_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004408_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004401_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004396_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004388_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004387_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004383_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004382_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004380_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004344_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004340_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004337_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004336_.tmp.dll
2009-08-30 11:39:37 —-HDC—- C:windows$NtUninstallKB970653-v3$
2009-08-28 11:39:32 —-DC—- C:Documents and SettingsAdminApplication DataWinamp
2009-08-27 09:15:45 —-D—- C:Program FilesMessenger
2009-08-27 09:15:34 —-D—- C:windowsl2schemas
2009-08-27 09:08:49 —-N—- C:windowssystem32_004412_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004407_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004406_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004405_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004404_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004403_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004400_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004399_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004398_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004397_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004395_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004393_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004392_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004390_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004389_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004385_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004384_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004381_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004379_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004378_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004376_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004374_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004373_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004360_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004358_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004352_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004351_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004350_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004333_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004328_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004327_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004326_.tmp.dll
2009-08-27 09:01:11 —-HDC—- C:windows$NtUninstallKB961118$
2009-08-26 10:19:43 —-DC—- C:Documents and SettingsAdminApplication DataWeather Pulse
2009-08-25 15:49:47 —-D—- C:windowssystem32CatRoot_bak
2009-08-25 15:49:29 —-A—- C:windowssystem32SET33E.tmp
2009-08-23 17:09:08 —-SHDC—- C:Config.Msi
2009-08-23 17:04:09 —-D—- C:windowsSxsCaPendDel
2009-08-22 15:28:10 —-SHDC—- C:RECYCLER
2009-08-22 14:27:43 —-D—- C:windowstemp
2009-08-22 14:21:43 —-AC—- C:Av-test.txt
2009-08-22 14:12:05 —-A—- C:windowsPEV.exe
2009-08-22 14:12:01 —-D—- C:windowsERDNT
2009-08-21 11:50:21 —-DC—- C:Documents and SettingsAdminApplication DataWinRAR
2009-08-20 14:10:48 —-D—- C:Program Filestrend micro
2009-08-20 13:12:33 —-D—- C:windowssystem32appmgmt
2009-08-20 13:11:51 —-DC—- C:Documents and SettingsAdminApplication DataAdobe
2009-08-20 09:39:52 —-DC—- C:Documents and SettingsAdminApplication DataEmailNotifier
2009-08-18 10:00:19 —-A—- C:windowssystem32LogFile.txt
2009-08-15 08:35:40 —-DC—- C:Documents and SettingsAdminApplication DataMacromedia
2009-08-13 12:42:02 —-DC—- C:Documents and SettingsAdminApplication DataPC Suite
2009-08-13 09:23:58 —-D—- C:Program FilesESET
2009-08-13 09:23:58 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2009-08-12 20:35:30 —-HDC—- C:windows$NtUninstallKB960859$
2009-08-12 20:35:26 —-HDC—- C:windows$NtUninstallKB971657$
2009-08-12 20:35:22 —-HDC—- C:windows$NtUninstallKB971557$
2009-08-12 20:35:17 —-D—- C:windowsServicePackFiles
2009-08-12 20:35:15 —-HDC—- C:windows$NtUninstallKB956744$
2009-08-12 20:35:11 —-HDC—- C:windows$NtUninstallKB973869$
2009-08-12 20:35:02 —-HDC—- C:windows$NtUninstallKB973540_WM9L$
2009-08-12 20:34:53 —-HDC—- C:windows$NtUninstallKB973507$
2009-08-12 20:34:48 —-HDC—- C:windows$NtUninstallKB973354$
2009-08-12 20:34:15 —-HDC—- C:windows$NtUninstallKB973815$
2009-08-12 20:34:10 —-HDC—- C:windows$NtUninstallKB971032$
2009-08-12 20:34:02 —-HDC—- C:windows$NtUninstallKB968389$
2009-08-11 15:53:45 —-A—- C:windowsWININIT.INI
2009-08-11 15:48:21 —-D—- C:Documents and SettingsAll UsersApplication DataSony Corporation
2009-08-11 11:28:08 —-D—- C:Program FilesWinamp======List of files/folders modified in the last 1 months======
2009-08-30 19:51:09 —-D—- C:Program FilesMozilla Firefox
2009-08-30 19:45:36 —-D—- C:windowssystem32config
2009-08-30 19:45:23 —-D—- C:windowssystem32wbem
2009-08-30 19:45:23 —-D—- C:windowsRegistration
2009-08-30 19:45:14 —-HD—- C:windowsinf
2009-08-30 19:44:55 —-A—- C:windowsSchedLgU.Txt
2009-08-30 19:44:49 —-D—- C:windowssystem32Restore
2009-08-30 19:44:27 —-D—- C:windowssystem32CatRoot
2009-08-30 19:44:26 —-D—- C:windowssystem32CatRoot2
2009-08-30 19:38:05 —-SHD—- C:System Volume Information
2009-08-30 19:37:53 —-D—- C:windowssystem32
2009-08-30 19:37:26 —-D—- C:WINDOWS
2009-08-30 19:37:12 —-SD—- C:windowsFonts
2009-08-30 19:37:12 —-D—- C:windowssystem32Setup
2009-08-30 19:37:12 —-D—- C:windowsAppPatch
2009-08-30 19:36:17 —-D—- C:windowssecurity
2009-08-30 19:24:55 —-D—- C:windowsWinSxS
2009-08-30 19:24:54 —-SHDC—- C:windowssystem32dllcache
2009-08-30 19:24:49 —-D—- C:windowssystem32usmt
2009-08-30 19:24:47 —-D—- C:windowssystem32ru
2009-08-30 19:24:47 —-D—- C:windowssystem32oobe
2009-08-30 19:24:46 —-D—- C:windowssystem32npp
2009-08-30 19:24:45 —-D—- C:windowssystem32drivers
2009-08-30 19:24:00 —-D—- C:windowssystem32Com
2009-08-30 19:24:00 —-D—- C:windowssystem32bits
2009-08-30 19:22:54 —-D—- C:windowssystem
2009-08-30 19:22:54 —-D—- C:windowssrchasst
2009-08-30 19:22:54 —-D—- C:windowsPeerNet
2009-08-30 19:22:53 —-D—- C:windowsnetwork diagnostic
2009-08-30 19:22:53 —-D—- C:windowsmsagent
2009-08-30 19:22:42 —-D—- C:windowsime
2009-08-30 19:22:42 —-D—- C:windowsHelp
2009-08-30 19:22:38 —-D—- C:Program FilesWindows NT
2009-08-30 19:22:38 —-D—- C:Program FilesWindows Media Player
2009-08-30 19:22:38 —-D—- C:Program FilesOutlook Express
2009-08-30 19:22:38 —-D—- C:Program FilesMovie Maker
2009-08-30 19:22:35 —-D—- C:Program FilesCommon FilesSystem
2009-08-30 19:22:09 —-D—- C:windowssystem32inetsrv
2009-08-30 19:21:58 —-D—- C:windowsehome
2009-08-30 19:21:56 —-SD—- C:windowsTasks
2009-08-30 19:20:15 —-D—- C:windowssystem32ru-ru
2009-08-30 11:58:55 —-A—- C:windowsimsins.BAK
2009-08-27 14:20:11 —-D—- C:Program Files
2009-08-27 09:01:02 —-HD—- C:windows$hf_mig$
2009-08-26 09:17:55 —-D—- C:windowsMicrosoft.NET
2009-08-26 09:17:34 —-SD—- C:windowsassembly
2009-08-24 10:15:09 —-DC—- C:Documents and SettingsAdminApplication DataVMNTOOLBAR
2009-08-23 17:11:03 —-SHD—- C:windowsInstaller
2009-08-23 17:10:03 —-A—- C:windowssystem32PerfStringBackup.INI
2009-08-23 17:05:29 —-D—- C:windowssystem32XPSViewer
2009-08-23 17:05:27 —-D—- C:windowssystem32en-us
2009-08-23 17:02:43 —-D—- C:Program FilesInternet Explorer
2009-08-22 14:27:42 —-AC—- C:Log.txt
2009-08-22 14:25:22 —-AC—- C:windowssystem.ini
2009-08-22 14:23:10 —-D—- C:Program FilesCommon Files
2009-08-21 16:14:20 —-D—- C:Program FilesFlylinkDC++
2009-08-21 15:17:32 —-A—- C:windowssystem32CmdLineExt.dll
2009-08-20 22:46:56 —-SDC—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-08-20 16:07:41 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-08-20 13:31:34 —-D—- C:Program FilesUltraISO
2009-08-20 13:10:43 —-DC—- C:Documents and SettingsAdminApplication DataMozilla
2009-08-20 10:01:13 —-D—- C:windowssystem32spool
2009-08-20 08:55:10 —-D—- C:Documents and SettingsAll UsersApplication DataEmailNotifier
2009-08-20 08:55:03 —-HD—- C:windowssystem32GroupPolicy
2009-08-20 08:55:03 —-D—- C:windowssystem32mui
2009-08-20 08:55:03 —-D—- C:windowssystem32Macromed
2009-08-20 08:55:03 —-D—- C:windowspchealth
2009-08-20 08:55:02 —-HD—- C:Program FilesInstallShield Installation Information
2009-08-20 08:55:02 —-D—- C:Program FilesTotal Commander
2009-08-20 08:55:02 —-D—- C:Program FilesRealtek
2009-08-20 08:55:02 —-D—- C:Program FilesQIP
2009-08-20 08:55:02 —-D—- C:Program FilesMaxthon2
2009-08-20 08:55:02 —-D—- C:Program FilesCommon FilesAdobe
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataSolo9RusEngNum
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataPC Suite
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-08-19 20:11:55 —-D—- C:Program FilesuTorrent
2009-08-19 17:15:53 —-A—- C:windowsNeroDigital.ini
2009-08-19 07:19:06 —-D—- C:windowssystem32rserver30
2009-08-14 10:48:01 —-D—- C:Program FilesUninstall Tool
2009-08-14 10:13:47 —-D—- C:Program FilesNero
2009-08-13 09:57:09 —-D—- C:windowsI386
2009-08-12 10:59:18 —-DC—- C:windowssystem32DRVSTORE
2009-08-12 10:23:01 —-D—- C:Program FilesSoundSpectrum
2009-08-11 10:23:42 —-D—- C:windowsMinidump
2009-08-05 12:08:09 —-A—- C:windowssystem32mswebdvd.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:windowssystem32DRIVERSAmdK8.sys [2006-06-18 43520]
R1 cpuidlep;CpuIdle Pro System Driver; C:windowssystem32driverscpuidlep.sys [2009-08-27 4484]
R1 ehdrv;ehdrv; C:windowssystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:windowssystem32DRIVERSepfwtdir.sys [2009-02-06 93336]
R1 raddrvv3;raddrvv3; ??C:WINDOWSsystem32rserver30raddrvv3.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; ??C:WINDOWSsystem32driverssp_rsdrv2.sys []
R2 atksgt;atksgt; C:windowssystem32DRIVERSatksgt.sys [2008-11-06 278728]
R2 eamon;eamon; C:windowssystem32DRIVERSeamon.sys [2009-02-06 113448]
R2 lirsgt;lirsgt; C:windowssystem32DRIVERSlirsgt.sys [2008-11-06 25416]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:windowssystem32DRIVERSrspndr.sys [2006-12-04 62336]
R2 TBPanel;TBPanel; C:windowssystem32driversTBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:windowssystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:windowssystem32driversRtkHDAud.sys [2007-05-10 4419584]
R3 mirrorv3;mirrorv3; C:windowssystem32DRIVERSrminiv3.sys [2006-11-01 3328]
R3 nv;nv; C:windowssystem32DRIVERSnv4_mini.sys [2008-05-03 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:windowssystem32DRIVERSRtnicxp.sys [2006-12-14 85120]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:windowssystem32DRIVERSusbehci.sys [2007-12-21 30208]
R3 usbhub;USB2 концентратор; C:windowssystem32DRIVERSusbhub.sys [2007-12-21 59392]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:windowssystem32DRIVERSusbohci.sys [2007-12-21 17152]
S3 a05074ja;a05074ja; C:windowssystem32driversa05074ja.sys []
S3 a0bm3u9f;a0bm3u9f; C:windowssystem32driversa0bm3u9f.sys []
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 dtscsi;dtscsi; C:windowsSystem32Driversdtscsi.sys [2009-02-22 223128]
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 nmwcd;Nokia USB Phone Parent; C:windowssystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:windowssystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:windowssystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:windowssystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:windowssystem32DRIVERSusbccgp.sys [2007-12-21 31616]
S3 usbscan;Драйвер USB-сканера; C:windowssystem32DRIVERSusbscan.sys [2007-12-21 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:windowssystem32DRIVERSUSBSTOR.SYS [2007-12-21 26496]
S3 vaxscsi;vaxscsi; C:windowsSystem32Driversvaxscsi.sys [2009-03-31 223128]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:windowssystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:windowssystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:windowsSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe [2008-09-24 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:windowssystem32nvsvc32.exe [2008-05-03 159812]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-05-03 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2005-08-08 167936]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:Program FilesSpyware Terminatorsp_rsser.exe [2009-03-05 540672]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:windowssystem32svchost.exe [2004-08-18 14336]
S2 pr2aqfjb;9th Company Drivers Auto Removal (pr2aqfjb); C:windowssystem32pr2aqfjb.exe [2008-03-13 415096]
S2 RServer3;Radmin Server V3; C:WINDOWSsystem32rserver30RServer3.exe /service []
S2 StarWindService;StarWind iSCSI Service; D:Alcohol 52StarWindStarWindService.exe []
S2 StarWindServiceAE;StarWind AE Service; D:програмыалкогольAlcohol 120StarWindStarWindServiceAE.exe []
S3 aspnet_state;Служба состояний ASP.NET; C:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:windowsMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:windowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe []
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:windowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-03-26 267824]
EOF
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ и приложите свежий RSIT лог.Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.
PUSHD «C:32788R22FWJFW»
SET «Comspec=C:windowssystem32cmd.execf»
IF NOT EXIST C:windowssystem32cmd.exe GOTO Not_NT
VER 1>OsVer
GREP.cfxxe -F «5.1.2» OsVer 1>XP.mac
IF 0 == 0 GOTO NT
SET «Ver_CF=09-09-07.05»
IF NOT EXIST NircmdB.exe COPY /Y Nircmd.cfxxe NircmdB.exe
╤ъюяшЁютрэю Їрщыют: 1.PEV UZIP Licensepv_5_2_2.zip .
MOVE /Y PV.exe PV.cfxxe
IF NOT EXIST PEV.cfxxe COPY /Y PEV.exe PEV.cfxxe
╤ъюяшЁютрэю Їрщыют: 1.GREP.cfxxe -isq «ProductType.*WinNT» WinNT00 || GOTO Not_NT
SED «/^PATH=/I!d; s///; s/x22//g» Oripath 1>OriPath00
PEV -rtf -s+901 .OriPath00 && (
SED -r «s/x22//g; s/(.{900}).*/1/; s/;[^;]*$//» OriPath00 1>OriPath01
FOR /F «TOKENS=*» %G IN (OriPath01) DO @SET «PATH=C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;%G»
)IF NOT EXIST OriPath01 FOR /F «TOKENS=*» %G IN (OriPath00) DO SET «PATH=C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;%G»
SET «PATH=C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:ComboFix;C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:Program FilesMozilla Firefox;C:windowssystem32;C:windows;C:windowssystem32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC»
Killing ‘runonce.exe’
Killing ‘grpconv.exe’
Killing ‘procmon.exe’
Killing ‘ANDRE.EXE’
Killing ‘TOLO.exe’
Killing ‘Merlin.scr’
Killing ‘jalang.exe’
Killing ‘jalangkung.exe’
Killing ‘jantungan.exe’
Killing ‘DOSEN.exe’
Killing ‘C3W3K4MPUS.exe’
pv: No matching processes foundPEV -rtf —c:##5# .* and { License.exe or 32788R22FWJFW.exe or OsVer.exe or WinNT.exe or N_.exe } 1>temp00 && (
PV -o%f * 1>temp01
PEV -tf -t!o —files:temp01 —c:##5#b#f# 1>temp02
GREP -Fif temp00 temp02 1>temp03
SED «/.* /!d; s///» temp03 1>temp04
SED «:a; $!N; s/n/x22 x22/; ta; s/.*/x22&x22/» temp04 1>temp05
FOR /F «TOKENS=*» %G IN (temp05) DO @NIRCMD KILLPROCESS %G
)
Текущая кодовая страница: 1251
═х єфрхЄё эрщЄш C:32788R22FWJFWAbortBCALL :MDCheck
═х єфрхЄё эрщЄш C:32788R22FWJFWmd5sum00.pifPEV -rtf -md54C31434B834B14D226AEA1A0A5C172C4 .md5sum.pif || CALL :MDFaiL ChkSum_Fail
.md5sum.pifPEV -tf —files:files.pif —c:##5#b#f# 1>mdCheck00.dat
GREP -vs «^!MD5:» mdCheck00.dat 1>mdCheck0a.dat
GREP -Fvf md5sum.pif mdCheck0a.dat 1>mdCheck01.dat && CALL :MDFaiL
GOTO :EOF
=============================================
ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsAdminApplication Data
cdrom=E:
cfExt=cfxxe
CFLDR=32788R22FWJFW
Chksum=4C31434B834B14D226AEA1A0A5C172C4
CLIENTNAME=Console
Command switches used=Command switches used
CommonProgramFiles=C:Program FilesCommon Files
Completion time=Completion time
COMPUTERNAME=MICROSOF-5C7FE7
ComSpec=C:windowssystem32cmd.execf
Connecting to=Connecting to
Connecting to ComboFix servers=Connecting to ComboFix servers
ControlSet=ControlSet001
Cryptography Services Error=Cryptography Services Error
CS000=HKEY_LOCAL_MACHINEsystemControlSet001Services
Disclaimer=The following websites are not in any way affiliated to ComboFix:~n~n http://www.combofix.org/~n http://www.combofixdownload.com/~n~nIf you have purchased anything from them, I suggest you instruct your~nfinanciers to cancel the transaction.~n~n
~n~nA guide on proper ComboFix usage may be found at:~nhttp://www.bleepingcomputer.com/combofix/how-to-use-combofix~n~nComboFix is meant for private use. It should never be used in an~nunsupervised environment. If infections are found, it will automatically~nreboot the machine to complete the removal process. Please ensure all~nopened windows are closed before proceeding.~n~nThis software is provided ‘as is’, without warranty of any kind. All~nimplied warranties are expressly disclaimed. If you do not agree to the~nabove terms, please click No to exit» «DISCLAIMER OF WARRANTY ON SOFTWARE.
DLLs Loaded Under Running Processes=DLLs Loaded Under Running Processes
Drivers/Services=Drivers/Services
Fail2Delete=failed to delete
File Associations=File Associations
File Replicators=File Replicators
FileName=ComboFix
FilePath=D:Program Files
Files Infected — Patched=Files Infected — Patched
FIREFOX POLICIES=FIREFOX POLICIES
FP_NO_HOST_CHECK=NO
hidden files=hidden files
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsAdmin
is infected=is infected
is missing=is missing
KMD=CF15211.exe
Line1=Please wait.
Line10=ComboFix has detected the presence of rootkit activity and needs to reboot the machine~nKindly note down on paper, the name of each file. We may need it later~n~n%~G» «Rootkit !!
Line10A=ComboFix has detected the presence of rootkit activity and needs to reboot the machine» «Rootkit !!
Line11=Scanning for infected files . . .
Line12=This typically doesn’t take more than 10 minutes
Line13=However, scan times for badly infected machines may easily double
Line14=%G …… driver unloaded successfully.
Line15=Rootkit driver %G is still present. A rootkit scan is required
Line16=ComboFix has changed your clock settings.
Line17=Do not change it back. It shall be restored later
Line18=ComboFix encountered a terminal error!! Please upload this file — C:ComboFix_error.dat
Line19=to: http://www.bleepingcomputer.com/submit-malware.php?channel=4
Line2=ComboFix is preparing to run.
Line20=Preparing Log Report.
Line21=Do not run any programs until ComboFix has finished
Line22=No new files created in this timespan
Line23=*Note* empty entries ^& legit default entries are not shown
Line24=Contents of the ‘Scheduled Tasks’ folder
Line25=Almost done . . This window will close in a short while
Line26=Please wait a few seconds for the report log to pop up
Line27=ComboFix’s log shall be located at C:COMBOFIX.TXT
Line28=Rebooting Windows . . . Please wait
Line29=Please allow ComboFix to reboot the machine.
Line3=You need Administrative privileges to run this tool» «Not Admin !!
Line30=Overlay aborted … Please run ComboFix once more
Line31=Date Error: ~%CurrDate.yyyy-MM-dd%~n~nCheck your settings» «DATE ERROR
Line32=C:windowssystem32HAL.DLL is missing !!~n~nIt’s IMPORTANT that you DO NOT reboot/shutdown the machine~n~nPost to the forums for immediate help. Do not click OK until further instructed» «CRITICAL WARNING !!
Line33=ComboFix needs to submit malware files for further analysis.~n~nPlease ensure that you’re connected to the internet before clicking OK» «Submit Files for further analysis
Line34=Submit malware to Bleeping Computer for analysis.
Line35=Copy/Paste the filepath below into the box above and click Send.
Line36=Infected copy of %~1 was found and disinfected
Line36A=Restored copy from — %~2
Line37=%~1 . . . is infected!!
Line38=((((((((((((((((((((((((( Files Created from %thirty% to %dateX% )))))))))))))))))))))))))))))))
Line39=(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
Line4=C:windowsregedit.exe is missing~n~nCopy one from another machine» «Terminal Error — Missing file
Line40=Webserver appears to be temporarily inaccessible.~nFor your convenience, ComboFix created a submissions form located at:~n~n* C:CF-Submit.htm~n~nPlease use that to manually upload it later. » «Upload Failed!!
Line41=((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
Line42=((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
Line43=Deleting Files:
Line43A=Deleting Folders:
Line44=- REDUCED FUNCTIONALITY MODE —
Line45=SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
Line46=scanning hidden processes …
Line47=scanning hidden autostart entries …
Line48=scanning hidden files …
Line49=— Snapshot reset to current date —
Line5=Current date is ~%CurrDate.yyyy-MM-dd%. ComboFix has expired~n~nClick ‘Yes’ to run in REDUCED FUNCTIONALITY mode~n~nClick ‘No’ to exit» «Version_%ver_CF%
Line50=ComboFix is uninstalled» «Info
Line51=Will only install the Recovery Console for Windows XP
Line52=Boot Partition cannot be enumerated correctly
Line53=%BootDir%Boot.ini is not correctly formated
Line54=This machine already has the Recovery Console installed.~n~nAborting operations
Line55=Please click ‘YES’ in the End User License Agreement (EULA) dialog that follows …» «Installing the Recovery Console
Line56=Installation file — %~G — cannot be found
Line57=You didn’t select YES~n~nInstallation is aborted
Line58=Contents of %BootDir%cmdcons are not in order.~n~nPlease disable your security programs before trying again
Line59=Congratulations!!! The Microsoft Recovery Console was successfully installed.~n~nOn each restart of the machine, a black screen will offer you the option to boot into recovery console mode.~nFor normal use, just ignore the black screen. Windows shall boot normally in 2 seconds~n~nClick ‘Yes’ to continue scanning for malware» «Info
Line6=Were you trying to run CFScript?~n~nThe name, CFScript appears to be incorrectly spelt» «CFScript Name Error
Line60=Click ‘Yes’ to continue scanning for malware~n~nClick ‘No’ to exit» «What’s next ?
Line62=There’s a newer version of ComboFix available.~n~nWould you like to update ComboFix?» «Update
Line63=— WARNING !! —~n~nA critical update is required.~n~nComboFix shall now update itself.~n~n— WARNING !! —» «Mandatory Update
Line64=Failed to download updated copy.~n~nWill continue with existing copy» «Failed Download
Line65=ComboFix shall now restart» «Updated
Line66=Interference detected~n~nPlease perform a Rootkit Scan» «Abort!
Line67=You cannot rename ComboFix as %FileName%~n~nPlease use another name, preferbaly made up of alphanumeric characters
Line68=%cd% not in expected location~n~n Inform sUBs now!!
Line69=ComboFix effected repairs on missing C:windowssystem32hal.dll
Line7=Attempting to create a new System Restore point
Line70=This machine does not have the ‘Microsoft Windows recovery console’ installed~n~nWithout it, ComboFix shall not attempt the fixing of some serious infections.~n~nClick ‘Yes’ to have ComboFix download/install it.~n~nNOTE: this requires an active internet connection.» «Microsoft Windows Recovery Console
Line71=Click ‘Yes’ if this is a WINDOWS XP *HOME EDITION* machine» «XP Home Edition
Line72=Failed to download required files. Aborting … ~n~nShall continue scanning for malware
Line73=Internal error! Failed to enumerate download path. ~n~nAborting … Shall continue scanning for malware
Line74=You do not appear to be connected to the internet. Kindly connect before clicking ‘OK’
Line75=The following files were trying to attach to ComboFix. They shall be disabled~nKindly note down on paper, the name of each file. We may need it later~n~n%~G» «Parasites found !!
Line76=ComboFix has detected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and intrusion prevention programs are known to interfere~nwith ComboFix’s running. This may lead to unpredictable results or~npossible machine damage.~n~nPlease disable these scanners before clicking ‘OK’.» «Warning !!
Line77=%G~n~nThe above real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kindly note that this is at your own risk» «Warning !!
Line78=%~1 was missing
Line79=%~1 . . . is missing!!
Line8=Rich text formats (RTF) are unacceptable !!~n~nPlease save CFScript commands as a textfile, using Notepad.exe» «ERROR — Script format is incorrect
Line80=!! ALERT !! It is NOT SAFE to continue!~n~nThe contents of the ComboFix package has been compromised.~nPlease download a fresh copy from:~n~nhttp://www.bleepingcomputer.com/combofix/how-to-use-combofix~n~nNote: You may be infected with a file patching virus ‘Virut'» «Error
Line81=ComboFix’s script appears tampered. It is not safe to continue.~nComboFix shall now exit. Please inform the forum helper that’s aiding~nyou. Unless further instructed to do so, do not run ComboFix again.» «Failed Verification
Line82=Webserver appears to be temporarily inaccessible.~nFor your convenience, a zipped file has been created at:~n~nC:CFCollect.zip~n~nPlease upload the file to BleepingComputer~n~nDo not forget to fill in the ‘Comments’ section» «Upload Failed!!
Line83=NETSVCS REQUIRES REPAIRS — current entries shown
Line84=http://download.bleepingcomputer.com/sUBs/ComboFix.exe~nhttp://www.forospyware.com/sUBs/ComboFix.exe~n~nComboFix.exe may be downloaded from any of the above sites. If you~nhave downloaded from some other site, there’s a likely chance that it~nmay be tainted. For peace of mind, I suggest that you delete the current~ncopy and get a fresh one.» «Caution
Line85=Manual Fix is required for restoring CommonStartup
Line9=Rootkit driver %G is present. … attempting disinfection
Line90=ComboFix needs to perform a deeper scan
Line91=This should not take more than 10-15 minutes
Line92=Infected HTML files detected.
Line93=ComboFix will now attempt to disinfect
Line94=This is going to take some time
Line95=Disinfection complete !!! … continuing Log Report preparation
Line96=Recovery in Progress . . .
Line97=WARNING !! Do not manually reboot the machine yourself
LOCKED REGISTRY KEYS=LOCKED REGISTRY KEYS
LOGONSERVER=\MICROSOF-5C7FE7
machine was rebooted=machine was rebooted
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:Documents and SettingsAdminApplication DataMozillaFirefoxCrash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:Program FilesMozilla Firefoxfirefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:Program FilesMozilla Firefoxcrashreporter-override.ini
not completed=not completed
NUMBER_OF_PROCESSORS=2
ORPHANS REMOVED=ORPHANS REMOVED
OS=Windows_NT
Other Running Processes=Other Running Processes
Other Services/Drivers In Memory=Other Services/Drivers In Memory
Path=C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:ComboFix;C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:Program FilesMozilla Firefox;C:windowssystem32;C:windows;C:windowssystem32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC
PATHEXT=.cfxxe;.cfxxe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
Possible infected sites=Possible infected sites
Post-Run=Post-Run
Pre-Run=Pre-Run
Previous Run=Previous Run
PROCESS=PROCESS
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=C:Program Files
PROMPT=$
Qrntn=C:QooboxQuarantine
RecoveryConsole=WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Resident AV is active=Resident AV is active
RestorePoint= * Created a new restore point
RKEY_=hklmsoftwaremicrosoftwindows ntcurrentversionwindows
Running from=Running from
scan completed successfully=scan completed successfully
SESSIONNAME=Console
sfxcmd=»D:Program FilesComboFix.exe»
sfxname=D:Program FilesComboFix.exe
Stage=Completed Stage_
Supplementary Scan=Supplementary Scan
SYSTEM=C:windowssystem32
SystemDrive=C:
SystemRoot=C:windows
Test=C:QooboxTest
The following files were disabled during the run=The following files were disabled during the run
Upload was successful=Upload was successful
Uploading files to server=Uploading files to server
USERDOMAIN=MICROSOF-5C7FE7
USERNAME=Admin
USERPROFILE=C:Documents and SettingsAdmin
Ver_CF=09-09-07.05
windir=C:windows=============================================
IF NOT DEFINED sfxname GOTO END
GREP -F temp01 && CALL :Aux
GREP -Fi «C:windowssystem32userinit.exe» Userinit00 || (SWREG ADD «hklmsoftwaremicrosoftwindows ntcurrentversionwinlogon» /v Userinit /d «C:windowssystem32userinit.exe,» )
Userinit REG_SZ C:windowssystem32userinit.exe,SET SfxCmd 1>SET00
SED -r «/SfxCmd=/I!d; s///; s/s*$//; s/^(x22[^x22]*x22|[^x22]S*) +//; s/^x22*D:\Program Files\ComboFix.exex22*//I; s/^([^x22]S*)/@SET SfxCmd=x221x22/; s/^(x22.*)/@SET SfxCmd=1/» SET00 1>sfx.cmd
DEL /A/F SET00
ATTRIB +R «D:Program FilesComboFix.exe»
CALL sfx.cmd
CALL AV.cmd
SET /a AVCount+=1
NIRCMD EXEC HIDE PV -d9000 -kf CSCRIPT.EXE
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
PV -kf CSCRIPT.exe PV.*
Killing ‘CSCRIPT.exe’
Killing ‘PV.*’IF NOT EXIST AvBlack00 GREP -Fisf AVBlack resident.txt 1>AvBlack00 && (
SED -r «s/x22//g; s/.*) //; s/.*({.{8}-.{4}-.{4}-.{4}-.{12}}).*/1/» AvBlack00 1>AvBlack01
FOR /F «TOKENS=*» %G IN (AvBlack01) DO @CSCRIPT.EXE //NOLOGO //E:VBSCRIPT //T:5 wmi_rem.vbs «%~G»
NIRCMD EXEC HIDE PV -d6000 -kf CSCRIPT.EXE
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
PV -kf CSCRIPT.exe PV.*
)GREP -Fivf AVWhite resident.txt | GREP -E «^(AV|SP): .*enabled* (» 1>AVChk && (
SED -r «s/^AV:/antivirus: /; s/^SP:/antispyware: /; s/ *(On-access scanning |)enabled*.*//» AVChk | SED «:a; $!N;s/n/~n/;ta» 1>AVChkB
NIRCMD LOOP 2 80 BEEP 3000 200
IF 1 LEQ 1 FOR /F «TOKENS=*» %G IN (AVChkB) DO @NIRCMD INFOBOX «ComboFix has detected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and intrusion prevention programs are known to interfere~nwith ComboFix’s running. This may lead to unpredictable results or~npossible machine damage.~n~nPlease disable these scanners before clicking ‘OK’.» «Warning !!» «» && GOTO Av-check
IF 1 GTR 1 FOR /F «TOKENS=*» %G IN (AVChkB) DO @NIRCMD INFOBOX «%G~n~nThe above real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kindly note that this is at your own risk» «Warning !!» «»
)DEL /A/F/Q AVChk? AvWhite AvBlack AvBlack0?
SET AVCount=
IF EXIST vista.mac CALL :Vista
GREP -Fx «REGEDIT4» Fin.dat || (
ECHO.1>»tdsstdss»
PEV -rtf «tdsstdss» || (
ECHO.1>wtf_tdssserv
CALL c.bat
GOTO END
)GOTO AbortD
)
REGEDIT4IF /I «C:32788R22FWJFW» NEQ «C:32788R22FWJFW» GOTO Abort
IF EXIST «32788R22FWJFW32788R22FWJFW.log» DEL /A/F «32788R22FWJFW32788R22FWJFW.log»
COPY /Y /B «C:windowssystem32cmd.execf» «C:windowssystem32CF15211.exe»
╤ъюяшЁютрэю Їрщыют: 1.SET «COMSPEC=C:windowssystem32CF15211.exe»
FOR /F «TOKENS=*» %G IN («D:Program FilesComboFix.exe») DO (
SET «FileName=%~NG»
SET «FilePath=%~DPG»
)(
SET «FileName=ComboFix»
SET «FilePath=D:Program Files»
)SET FileName 1>FileName
GREP -ix «FileName=[-[:alnum:]@.]*» FileName || GOTO AbortB
FileName=ComboFixDIR /AD/B C:* 1>DirName00
GREP -ivx ComboFix DirName00 1>DirName01
GREP -Fisqx «ComboFix» DirName01 && CALL :NameChk
IF EXIST DirName0? DEL /A/F/Q DirName0?
IF EXIST Oldsfxname00 DEL /A/F Oldsfxname00
IF EXIST «ComboFix» (
SWXCACLS «ComboFix» /RESET /Q
RD /S/Q «ComboFix»
IF EXIST «ComboFix» (
PV -kf *.cfxxe
RD /S/Q «ComboFix»
)
IF EXIST «ComboFix» (
HANDLE «C:ComboFix» 1>temp00
SED -R «/.* pid: (d*) +(S*):.*/I!d;s//@ECHO.y|Handle -c 2 -p 1/» temp00 1>temp00.bat
CALL temp00.bat
DEL /A/F temp00.bat temp00
RD /S/Q «ComboFix»
)
)IF EXIST «ComboFix» RD /S/Q «ComboFix»
IF EXIST «ComboFix» GOTO :EOF
PEV UZIP «Licensestreamtools.zip» License && MOVE /Y LicenseSF.exe 1>N_3477 2>&1
GREP -Eisq «=./u.$» sfx.cmd && IF EXIST MsName.bat (ECHO.@SET SfxCmd= 1>sfx.cmd ) ELSE echo..1>ItsBeenPhun
DEL /A/F prep.done MsName.bat
CD ..
(
ECHO.MD «ComboFix»
ECHO.ATTRIB -H -S «32788R22FWJFW*»
ECHO.MOVE /y «32788R22FWJFW*» «ComboFix»
ECHO.RD /S/Q «32788R22FWJFW»
IF EXIST «32788R22FWJFW.0.tmp» ECHO.RD /S/Q «32788R22FWJFW.0.tmp»
IF EXIST «C:32788R22FWJFWItsBeenPhun» ECHO.NIRCMD EXEC2 HIDE «C:ComboFix» «C:windowssystem32CF15211.exe» /c c.bat
IF NOT EXIST «C:32788R22FWJFWItsBeenPhun» ECHO.START «.» /d»C:ComboFix» «C:windowssystem32CF15211.exe» /k c.bat
ECHO.PV -kf cmd.exe cmd.execf
ECHO.DEL /A/F C:Start_.cmd
) 1>Start_.cmdSET «PATH=C:ComboFix;C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:ComboFix;C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:Program FilesMozilla Firefox;C:windowssystem32;C:windows;C:windowssystem32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC»
HIDEC «C:windowssystem32CF15211.exe» /F:OFF /D /C C:Start_.cmd
NIRCMD WAIT 2000
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-09-08 14:33:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (22%) free of 15 GB
Total RAM: 2046 MB (75% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:54, on 08.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:windowsSystem32smss.exe
C:windowssystem32winlogon.exe
C:windowssystem32services.exe
C:windowssystem32lsass.exe
C:windowssystem32svchost.exe
C:windowsSystem32svchost.exe
C:windowssystem32svchost.exe
C:windowssystem32spoolsv.exe
D:6A00~1acs.exe
C:windowsExplorer.EXE
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:windowsSystem32svchost.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
C:windowssystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:Program FilesSpyware Terminatorsp_rsser.exe
D:програмыCpuIdlecpuidle.exe
D:СофтWinampwinampa.exe
D:6A00~1op_mon.exe
C:windowssystem32ctfmon.exe
C:windowssystem32svchost.exe
C:Program FilesMozilla Firefoxfirefox.exe
D:СофтRSIT.exe
C:Program Filestrend microAdmin.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — C:Program Filesfree-downloads.nettbfre1.dll
O2 — BHO: SnagIt Toolbar Loader — {00C6482D-C502-44C8-8409-FCE54AD9C208} — C:Program FilesTechSmithSnagIt 8SnagItBHO.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: VMN Toolbar Astro Gemini — {A057A204-BACC-4D26-8287-79A187E26987} — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL
O2 — BHO: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — C:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: SnagIt — {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll
O3 — Toolbar: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — C:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: VMN Toolbar Astro Gemini — {A057A204-BACC-4D26-8287-79A187E26987} — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [CpuIdle] D:програмыCpuIdlecpuidle.exe
O4 — HKLM..Run: [WinampAgent] D:СофтWinampwinampa.exe
O4 — HKLM..Run: [OutpostMonitor] «D:6A00~1op_mon.exe» /tray /noservice
O4 — HKLM..Run: [OutpostFeedBack] «D:установкиfeedback.exe» /dump:os_startup
O4 — HKCU..Run: [ctfmon.exe] C:windowssystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] C:Program FilesMessengermsmsgs.exe /background
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Быстрая настройка Outpost Firewall Pro — {44627E97-789B-40d4-B5C2-58BD171129A1} — D:установкиie_bar.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:windowsNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:windowsNetwork Diagnosticxpnetdiag.exe
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 — HKLMSystemCCSServicesTcpip..{36ECF653-D146-4851-ADD2-21DACAF6DB34}: NameServer = 194.79.63.1 194.79.63.1
O17 — HKLMSystemCCSServicesTcpip..{87F13F3F-BE9B-4061-B87E-FB3E44377E90}: NameServer = 192.168.59.1
O18 — Protocol: soloresinternetrusengnum — {1B7043A7-84E1-443A-804F-20A75728892C} — (no file)
O23 — Service: Agnitum Client Security Service (acssrv) — Agnitum Ltd. — D:6A00~1acs.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:windowssystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:windowssystem32imapi.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: NBService — Unknown owner — C:Program FilesNeroNero 7Nero BackItUpNBService.exe (file missing)
O23 — Service: Nero BackItUp Scheduler 4.0 — Nero AG — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:windowssystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:windowssystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: 9th Company Drivers Auto Removal (pr2aqfjb) (pr2aqfjb) — Noviy Disk — C:windowssystem32pr2aqfjb.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
O23 — Service: Radmin Server V3 (RServer3) — Unknown owner — C:WINDOWSsystem32rserver30RServer3.exe (file missing)
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:windowsSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Spyware Terminator Realtime Shield Service (sp_rssrv) — Crawler.com — C:Program FilesSpyware Terminatorsp_rsser.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Unknown owner — D:Alcohol 52StarWindStarWindService.exe (file missing)
O23 — Service: StarWind AE Service (StarWindServiceAE) — Unknown owner — D:програмыалкогольAlcohol 120StarWindStarWindServiceAE.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:windowssystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:windowsSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 8113 bytes======Scheduled tasks folder======
C:windowstasksNeroLiveEpgUpdate-MICROSOF-5C7FE7_Admin.job
C:windowstasksUser_Feed_Synchronization-{0CEC74DE-9A99-4037-86AC-4CD3BFEBFC08}.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader — C:Program FilesTechSmithSnagIt 8SnagItBHO.dll [2007-05-01 63048][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A057A204-BACC-4D26-8287-79A187E26987}]
VMN Toolbar Astro Gemini — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL [2009-04-15 1950656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-07-15 2215960][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — SnagIt — C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll [2007-05-01 161352]
{ecdee021-0d17-467f-a1ff-c7a115230949} — free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-07-15 2215960]
{A057A204-BACC-4D26-8287-79A187E26987} — VMN Toolbar Astro Gemini — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL [2009-04-15 1950656][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:windowssystem32NvCpl.dll [2008-05-03 13529088]
«CpuIdle»=D:програмыCpuIdlecpuidle.exe [2009-08-27 824832]
«WinampAgent»=D:СофтWinampwinampa.exe [2009-04-10 37888]
«OutpostMonitor»=D:6A00~1op_mon.exe [2009-07-24 1259336]
«OutpostFeedBack»=D:установкиfeedback.exe [2009-07-24 436552][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:windowssystem32ctfmon.exe [2007-12-21 30208]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe /background [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:windowssystem32WgaLogon.dll [2009-03-10 265096][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=
:windowssystem32srr
scecli[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoStartMenuPinnedList»=0
«NoStartMenuMFUprogramsList»=0
«NoUserNameInStartMenu»=0
«NoStartMenuSubFolders»=0
«NoCommonGroups»=0
«NoPrinterTabs»=0
«NoDeletePrinter»=0
«NoAddPrinter»=0
«NoPrinters»=0
«NoFavoritesMenu»=0
«NoDrives»=0
«NoChangeAnimation»=0
«NoChangeKeyboardNavigationIndicators»=0
«EnableShellExecuteHooks»=1
«NoInstrumentation»=1
«NoDriveAutoRun»=67108863
«NoActiveDesktop»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesFlylinkDC++FlylinkDC.exe»=»C:Program FilesFlylinkDC++FlylinkDC.exe:*:Enabled:FlylinkDC++»
«C:Program FilesCommFortCommFort.exe»=»C:Program FilesCommFortCommFort.exe:*:Enabled:CommFort»
«C:Program FilesWindows Media Playerwmplayer.exe»=»C:Program FilesWindows Media Playerwmplayer.exe:*:Enabled:Windows Media Player»
«C:Program FilesGolden FTP Server ProGFTPpro.exe»=»C:Program FilesGolden FTP Server ProGFTPpro.exe:*:Enabled:Easy to use FTP server for Windows.»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-09-08 14:17:59 —-SDC—- C:ComboFix
2009-09-08 14:17:59 —-A—- C:windowssystem32CF15211.exe
2009-09-08 14:16:35 —-A—- C:windowssystem32CF18577.exe
2009-09-07 11:08:10 —-A—- C:windowssystem32CF27163.exe
2009-09-07 11:01:45 —-A—- C:windowsNIRCMD.exe
2009-09-07 11:01:44 —-A—- C:windowszip.exe
2009-09-07 11:01:44 —-A—- C:windowsSWXCACLS.exe
2009-09-07 11:01:44 —-A—- C:windowsSWSC.exe
2009-09-07 11:01:44 —-A—- C:windowsSWREG.exe
2009-09-07 11:01:44 —-A—- C:windowssed.exe
2009-09-07 11:01:44 —-A—- C:windowsgrep.exe
2009-09-07 11:01:37 —-A—- C:windowssystem32CF20409.exe
2009-09-07 11:01:26 —-DC—- C:Qoobox
2009-09-07 11:01:26 —-AC—- C:Bug.txt
2009-09-03 12:29:35 —-HDC—- C:windows$NtUninstallKB946026$
2009-09-03 12:29:20 —-HDC—- C:windows$NtUninstallKB945553$
2009-09-03 12:29:04 —-HDC—- C:windows$NtUninstallKB950749$
2009-09-03 12:28:57 —-HDC—- C:windows$NtUninstallKB943055$
2009-09-03 10:05:54 —-DC—- C:tmp
2009-09-02 14:07:54 —-DC—- C:Documents and SettingsAdminApplication DataHelp
2009-09-02 13:01:37 —-D—- C:windowssystem32Filt
2009-09-02 13:00:11 —-D—- C:Documents and SettingsAll UsersApplication DataAgnitum
2009-09-02 12:43:28 —-DC—- C:Documents and SettingsAdminApplication DataESET
2009-09-01 09:26:03 —-A—- C:windowsMY1.INI
2009-09-01 09:26:03 —-A—- C:windowsMY.INI
2009-08-30 19:58:24 —-DC—- C:rsit
2009-08-30 19:37:26 —-D—- C:windowsPrefetch
2009-08-30 19:12:54 —-N—- C:windowssystem32qmgr.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32userinit.exe
2009-08-30 19:12:36 —-N—- C:windowssystem32services.exe
2009-08-30 19:12:36 —-N—- C:windowssystem32rasauto.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32oleaut32.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32msgsvc.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32kernel32.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32comctl32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32wkssvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32win32spl.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32untfs.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ulib.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32tcpmonui.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32syssetup.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32srvsvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32smss.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32setupapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32sessmgr.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32schannel.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32scardsvr.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32savedump.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32samsrv.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32samlib.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rshx32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rastapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rasman.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rasdlg.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rasapi32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32printui.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32perfctrs.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32olecnv32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32nwprovau.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ntvdm.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32ntprint.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ntlsapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ntdll.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32nslookup.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32msv1_0.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32mgmtapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32lsasrv.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32locator.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32localspl.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32lmhsvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32imagehlp.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ftp.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32format.com
2009-08-30 19:12:36 —-A—- C:windowssystem32dhcpcsvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32csrsrv.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32comdlg32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32cmd.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32cacls.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32autoconv.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32autochk.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32advapi32.dll
2009-08-30 19:12:32 —-N—- C:windowssystem32ntoskrnl.exe
2009-08-30 19:12:32 —-N—- C:windowssystem32ntkrnlpa.exe
2009-08-30 19:12:32 —-A—- C:windowssystem32hal.dll
2009-08-30 19:12:32 —-A—- C:windowssystem32asfsipc.dll
2009-08-30 11:44:36 —-N—- C:windowssystem32_004444_.tmp.dll
2009-08-30 11:44:36 —-N—- C:windowssystem32_004439_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004438_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004437_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004436_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004435_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004432_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004431_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004430_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004429_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004427_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004425_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004424_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004422_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004421_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004417_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004416_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004413_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004410_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004409_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004408_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004401_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004396_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004388_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004387_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004383_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004382_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004380_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004344_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004340_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004337_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004336_.tmp.dll
2009-08-30 11:39:37 —-HDC—- C:windows$NtUninstallKB970653-v3$
2009-08-28 11:39:32 —-DC—- C:Documents and SettingsAdminApplication DataWinamp
2009-08-27 09:15:45 —-D—- C:Program FilesMessenger
2009-08-27 09:15:34 —-D—- C:windowsl2schemas
2009-08-27 09:08:49 —-N—- C:windowssystem32_004412_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004407_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004406_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004405_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004404_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004403_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004400_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004399_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004398_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004397_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004395_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004393_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004392_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004390_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004389_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004385_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004384_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004381_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004379_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004378_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004376_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004374_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004373_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004360_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004358_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004352_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004351_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004350_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004333_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004328_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004327_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004326_.tmp.dll
2009-08-27 09:01:11 —-HDC—- C:windows$NtUninstallKB961118$
2009-08-26 10:19:43 —-DC—- C:Documents and SettingsAdminApplication DataWeather Pulse
2009-08-25 15:49:47 —-D—- C:windowssystem32CatRoot_bak
2009-08-25 15:49:29 —-A—- C:windowssystem32SET33E.tmp
2009-08-23 17:04:09 —-D—- C:windowsSxsCaPendDel
2009-08-22 15:28:10 —-SHDC—- C:RECYCLER
2009-08-22 14:27:43 —-D—- C:windowstemp
2009-08-22 14:12:05 —-A—- C:windowsPEV.exe
2009-08-22 14:12:01 —-D—- C:windowsERDNT
2009-08-21 11:50:21 —-DC—- C:Documents and SettingsAdminApplication DataWinRAR
2009-08-20 14:10:48 —-D—- C:Program Filestrend micro
2009-08-20 13:12:33 —-D—- C:windowssystem32appmgmt
2009-08-20 13:11:51 —-DC—- C:Documents and SettingsAdminApplication DataAdobe
2009-08-20 09:39:52 —-DC—- C:Documents and SettingsAdminApplication DataEmailNotifier
2009-08-18 10:00:19 —-A—- C:windowssystem32LogFile.txt
2009-08-15 08:35:40 —-DC—- C:Documents and SettingsAdminApplication DataMacromedia
2009-08-13 12:42:02 —-DC—- C:Documents and SettingsAdminApplication DataPC Suite
2009-08-13 09:23:58 —-D—- C:Program FilesESET
2009-08-13 09:23:58 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2009-08-12 20:35:30 —-HDC—- C:windows$NtUninstallKB960859$
2009-08-12 20:35:26 —-HDC—- C:windows$NtUninstallKB971657$
2009-08-12 20:35:22 —-HDC—- C:windows$NtUninstallKB971557$
2009-08-12 20:35:17 —-D—- C:windowsServicePackFiles
2009-08-12 20:35:15 —-HDC—- C:windows$NtUninstallKB956744$
2009-08-12 20:35:11 —-HDC—- C:windows$NtUninstallKB973869$
2009-08-12 20:35:02 —-HDC—- C:windows$NtUninstallKB973540_WM9L$
2009-08-12 20:34:53 —-HDC—- C:windows$NtUninstallKB973507$
2009-08-12 20:34:48 —-HDC—- C:windows$NtUninstallKB973354$
2009-08-12 20:34:15 —-HDC—- C:windows$NtUninstallKB973815$
2009-08-12 20:34:10 —-HDC—- C:windows$NtUninstallKB971032$
2009-08-12 20:34:02 —-HDC—- C:windows$NtUninstallKB968389$
2009-08-11 15:53:45 —-A—- C:windowsWININIT.INI
2009-08-11 15:48:21 —-D—- C:Documents and SettingsAll UsersApplication DataSony Corporation
2009-08-11 11:28:08 —-D—- C:Program FilesWinamp======List of files/folders modified in the last 1 months======
2009-09-08 14:25:25 —-D—- C:Program FilesMozilla Firefox
2009-09-08 14:18:15 —-A—- C:windowsSchedLgU.Txt
2009-09-08 14:18:00 —-D—- C:windowssystem32
2009-09-08 14:16:31 —-D—- C:windowssystem32CatRoot2
2009-09-07 11:01:45 —-D—- C:WINDOWS
2009-09-03 15:06:01 —-D—- C:windowsMicrosoft.NET
2009-09-03 12:50:42 —-HD—- C:windowsinf
2009-09-03 12:29:37 —-SHDC—- C:windowssystem32dllcache
2009-09-03 12:29:37 —-D—- C:windowssystem32drivers
2009-09-03 12:29:30 —-SHD—- C:windowsInstaller
2009-09-03 12:29:22 —-A—- C:windowsimsins.BAK
2009-09-03 12:29:12 —-D—- C:windowsWinSxS
2009-09-03 10:06:00 —-A—- C:windowsNeroDigital.ini
2009-09-02 15:18:02 —-SDC—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-09-02 15:07:09 —-HD—- C:windows$hf_mig$
2009-09-02 14:40:40 —-D—- C:windowssystem32config
2009-09-02 14:40:06 —-DC—- C:Documents and SettingsAdminApplication DataVMNTOOLBAR
2009-09-01 17:38:05 —-D—- C:Program Files
2009-09-01 17:38:02 —-SD—- C:windowsDownloaded Program Files
2009-09-01 16:55:22 —-D—- C:windowssystem32CatRoot
2009-09-01 15:51:10 —-D—- C:windowsSoftwareDistribution
2009-09-01 09:31:43 —-A—- C:windowssystem32PerfStringBackup.INI
2009-09-01 09:23:09 —-A—- C:windowssystem32Agate.ini
2009-09-01 09:21:04 —-A—- C:windowssystem32unins000.exe
2009-08-30 19:45:23 —-D—- C:windowssystem32wbem
2009-08-30 19:45:23 —-D—- C:windowsRegistration
2009-08-30 19:44:49 —-D—- C:windowssystem32Restore
2009-08-30 19:38:05 —-SHD—- C:System Volume Information
2009-08-30 19:37:12 —-SD—- C:windowsFonts
2009-08-30 19:37:12 —-D—- C:windowssystem32Setup
2009-08-30 19:37:12 —-D—- C:windowsAppPatch
2009-08-30 19:36:17 —-D—- C:windowssecurity
2009-08-30 19:24:49 —-D—- C:windowssystem32usmt
2009-08-30 19:24:47 —-D—- C:windowssystem32ru
2009-08-30 19:24:47 —-D—- C:windowssystem32oobe
2009-08-30 19:24:46 —-D—- C:windowssystem32npp
2009-08-30 19:24:00 —-D—- C:windowssystem32Com
2009-08-30 19:24:00 —-D—- C:windowssystem32bits
2009-08-30 19:22:54 —-D—- C:windowssystem
2009-08-30 19:22:54 —-D—- C:windowssrchasst
2009-08-30 19:22:54 —-D—- C:windowsPeerNet
2009-08-30 19:22:53 —-D—- C:windowsnetwork diagnostic
2009-08-30 19:22:53 —-D—- C:windowsmsagent
2009-08-30 19:22:42 —-D—- C:windowsime
2009-08-30 19:22:42 —-D—- C:windowsHelp
2009-08-30 19:22:38 —-D—- C:Program FilesWindows NT
2009-08-30 19:22:38 —-D—- C:Program FilesWindows Media Player
2009-08-30 19:22:38 —-D—- C:Program FilesOutlook Express
2009-08-30 19:22:38 —-D—- C:Program FilesMovie Maker
2009-08-30 19:22:35 —-D—- C:Program FilesCommon FilesSystem
2009-08-30 19:22:09 —-D—- C:windowssystem32inetsrv
2009-08-30 19:21:58 —-D—- C:windowsehome
2009-08-30 19:21:56 —-SD—- C:windowsTasks
2009-08-30 19:20:15 —-D—- C:windowssystem32ru-ru
2009-08-26 09:17:34 —-SD—- C:windowsassembly
2009-08-23 17:05:29 —-D—- C:windowssystem32XPSViewer
2009-08-23 17:05:27 —-D—- C:windowssystem32en-us
2009-08-23 17:02:43 —-D—- C:Program FilesInternet Explorer
2009-08-22 14:27:42 —-AC—- C:Log.txt
2009-08-22 14:25:22 —-AC—- C:windowssystem.ini
2009-08-22 14:23:10 —-D—- C:Program FilesCommon Files
2009-08-21 16:14:20 —-D—- C:Program FilesFlylinkDC++
2009-08-21 15:17:32 —-A—- C:windowssystem32CmdLineExt.dll
2009-08-20 16:07:41 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-08-20 13:31:34 —-D—- C:Program FilesUltraISO
2009-08-20 13:10:43 —-DC—- C:Documents and SettingsAdminApplication DataMozilla
2009-08-20 10:01:13 —-D—- C:windowssystem32spool
2009-08-20 08:55:10 —-D—- C:Documents and SettingsAll UsersApplication DataEmailNotifier
2009-08-20 08:55:03 —-HD—- C:windowssystem32GroupPolicy
2009-08-20 08:55:03 —-D—- C:windowssystem32mui
2009-08-20 08:55:03 —-D—- C:windowssystem32Macromed
2009-08-20 08:55:03 —-D—- C:windowspchealth
2009-08-20 08:55:02 —-HD—- C:Program FilesInstallShield Installation Information
2009-08-20 08:55:02 —-D—- C:Program FilesTotal Commander
2009-08-20 08:55:02 —-D—- C:Program FilesRealtek
2009-08-20 08:55:02 —-D—- C:Program FilesQIP
2009-08-20 08:55:02 —-D—- C:Program FilesMaxthon2
2009-08-20 08:55:02 —-D—- C:Program FilesCommon FilesAdobe
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataSolo9RusEngNum
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataPC Suite
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-08-19 20:11:55 —-D—- C:Program FilesuTorrent
2009-08-19 07:19:06 —-D—- C:windowssystem32rserver30
2009-08-14 10:48:01 —-D—- C:Program FilesUninstall Tool
2009-08-14 10:13:47 —-D—- C:Program FilesNero
2009-08-13 09:57:09 —-D—- C:windowsI386
2009-08-12 10:59:18 —-DC—- C:windowssystem32DRVSTORE
2009-08-12 10:23:01 —-D—- C:Program FilesSoundSpectrum
2009-08-11 10:23:42 —-D—- C:windowsMinidump======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:windowssystem32DRIVERSAmdK8.sys [2006-06-18 43520]
R1 cpuidlep;CpuIdle Pro System Driver; C:windowssystem32driverscpuidlep.sys [2009-08-27 4484]
R1 ehdrv;ehdrv; C:windowssystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 epfwtdi;epfwtdi; C:windowssystem32DRIVERSepfwtdi.sys [2009-02-06 56280]
R1 raddrvv3;raddrvv3; ??C:WINDOWSsystem32rserver30raddrvv3.sys []
R1 SandBox;SandBox; ??C:windowssystem32driversSandBox.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; ??C:WINDOWSsystem32driverssp_rsdrv2.sys []
R2 atksgt;atksgt; C:windowssystem32DRIVERSatksgt.sys [2008-11-06 278728]
R2 epfw;epfw; C:windowssystem32DRIVERSepfw.sys [2009-02-06 130952]
R2 lirsgt;lirsgt; C:windowssystem32DRIVERSlirsgt.sys [2008-11-06 25416]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:windowssystem32DRIVERSrspndr.sys [2006-12-04 62336]
R2 TBPanel;TBPanel; C:windowssystem32driversTBPanel.sys [2007-03-16 12256]
R3 afw;Agnitum firewall driver; C:windowssystem32DRIVERSafw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:windowssystem32driversafwcore.sys [2009-07-13 256792]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:windowssystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:windowssystem32driversRtkHDAud.sys [2007-05-10 4419584]
R3 mirrorv3;mirrorv3; C:windowssystem32DRIVERSrminiv3.sys [2006-11-01 3328]
R3 nv;nv; C:windowssystem32DRIVERSnv4_mini.sys [2008-05-03 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:windowssystem32DRIVERSRtnicxp.sys [2006-12-14 85120]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:windowssystem32DRIVERSusbehci.sys [2007-12-21 30208]
R3 usbhub;USB2 концентратор; C:windowssystem32DRIVERSusbhub.sys [2007-12-21 59392]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:windowssystem32DRIVERSusbohci.sys [2007-12-21 17152]
S3 a26ked65;a26ked65; C:windowssystem32driversa26ked65.sys []
S3 ao8ol9dk;ao8ol9dk; C:windowssystem32driversao8ol9dk.sys []
S3 ASWFilt;ASWFilt; ??C:windowssystem32FiltASWFilt.dll []
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 dtscsi;dtscsi; C:windowsSystem32Driversdtscsi.sys [2009-02-22 223128]
S3 eamon;eamon; C:windowssystem32DRIVERSeamon.sys [2009-02-06 113448]
S3 Epfwndis;Eset Personal Firewall; C:windowssystem32DRIVERSEpfwndis.sys [2009-02-06 33096]
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 nmwcd;Nokia USB Phone Parent; C:windowssystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:windowssystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:windowssystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:windowssystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:windowssystem32DRIVERSusbccgp.sys [2007-12-21 31616]
S3 usbscan;Драйвер USB-сканера; C:windowssystem32DRIVERSusbscan.sys [2007-12-21 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:windowssystem32DRIVERSUSBSTOR.SYS [2007-12-21 26496]
S3 vaxscsi;vaxscsi; C:windowsSystem32Driversvaxscsi.sys [2009-03-31 223128]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:windowssystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:windowssystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:windowsSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 acssrv;Agnitum Client Security Service; D:6A00~1acs.exe [2009-07-24 1312584]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe [2008-09-24 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:windowssystem32nvsvc32.exe [2008-05-03 159812]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-05-03 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2005-08-08 167936]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:Program FilesSpyware Terminatorsp_rsser.exe [2009-03-05 540672]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:windowssystem32svchost.exe [2004-08-18 14336]
S2 pr2aqfjb;9th Company Drivers Auto Removal (pr2aqfjb); C:windowssystem32pr2aqfjb.exe [2008-03-13 415096]
S2 RServer3;Radmin Server V3; C:WINDOWSsystem32rserver30RServer3.exe /service []
S2 StarWindService;StarWind iSCSI Service; D:Alcohol 52StarWindStarWindService.exe []
S2 StarWindServiceAE;StarWind AE Service; D:програмыалкогольAlcohol 120StarWindStarWindServiceAE.exe []
S3 aspnet_state;Служба состояний ASP.NET; C:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:windowsMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:windowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe []
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:windowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-03-26 267824]
EOF
Судя по всему в программе Combofix произошёл сбой.
Отключите ваш антивирус.
Скачайте свежую версию программы и сохраните на ваш рабочий стол.
Запустите Combofix, получившийся лог вставьте в ваше ответное сообщение.Проверим ваш компьютер с помощью программы которая ищет руткиты.
Скачайте программу GMER кликнув по этой ссылке.
Распакуйте программу на ваш рабочий стол.
Отключите Интернет и все антивирусы.
Запустите программу.
В правой части программы, в небольшом окошке будут перечислены все ваши диски, пожалуйста выделите их галочками.
Кликните по кнопке Scan.
Когда сканирование закончится, кликните по кнопке Copy.
Запустите Блокнот (Пуск -> Выполнить, введите notepad и нажмите Enter).
Вставьте результаты сканирования в блокнот (CTRL + V). Сохраните получившийся файл на ваш рабочий стол.
Содержимое этого лога вставьте в ваше следующее сообщение.GMER 1.0.15.15086 — http://www.gmer.net
Rootkit scan 2009-09-16 15:27:05
Windows 5.1.2600 Service Pack 2
Running: gmer.exe—- Registry — GMER 1.0.15 —-
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@h0 2
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D04
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D04@p0 D:????????????????Alcohol 120
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D04@h0 1
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D04@ujdew 0x48 0x36 0xDE 0x13 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D040000001
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D040000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D040000001@ujdew 0xCB 0xF0 0xC0 0x97 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D040000001jdgg40
Reg HKLMSYSTEMCurrentControlSetServicessptdCfgD79C293C1ED61418462E24595C90D040000001jdgg40@ujdew 0x88 0x18 0x13 0x11 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x4B 0xA9 0x92 0xA6 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 D:DAEMON Tools
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0x3A 0x34 0x5B 0x3D …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x9A 0xA5 0x28 0xC1 …
Reg HKLMSYSTEMCurrentControlSetServicesSysmonLogLog Queries{15086684-e3c6-4f13-8d27-1bb70a69ec48}@204B4@480414C4B4K4 E4@0404=0454=484O4 0040404=4=4K4E4 33
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D04@p0 D:????????????????Alcohol 120
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D04@h0 1
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D04@ujdew 0x48 0x36 0xDE 0x13 …
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D040000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D040000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D040000001@ujdew 0xCB 0xF0 0xC0 0x97 …
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D040000001jdgg40 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfgD79C293C1ED61418462E24595C90D040000001jdgg40@ujdew 0x88 0x18 0x13 0x11 …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x4B 0xA9 0x92 0xA6 …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 D:DAEMON Tools
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0x3A 0x34 0x5B 0x3D …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x9A 0xA5 0x28 0xC1 …
Reg HKLMSYSTEMControlSet002ServicesSysmonLogLog Queries{15086684-e3c6-4f13-8d27-1bb70a69ec48}@204B4@480414C4B4K4 E4@0404=0454=484O4 0040404=4=4K4E4 33
Reg HKLMSYSTEMControlSet003ServicessptdCfgD79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLMSYSTEMControlSet003ServicessptdCfgD79C293C1ED61418462E24595C90D04@p0 D:????????????????Alcohol 120
Reg HKLMSYSTEMControlSet003ServicessptdCfgD79C293C1ED61418462E24595C90D04@h0 1
Reg HKLMSYSTEMControlSet003ServicessptdCfgD79C293C1ED61418462E24595C90D04@ujdew 0x48 0x36 0xDE 0x13 …
Reg HKLMSYSTEMControlSet003ServicessptdCfgD79C293C1ED61418462E24595C90D040000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet003ServicessptdCfgD79C293C1ED61418462E24595C90D040000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet003ServicessptdCfgD79C293C1ED61418462E24595C90D040000001@ujdew 0xCB 0xF0 0xC0 0x97 …
Reg HKLMSYSTEMControlSet003ServicessptdCfgD79C293C1ED61418462E24595C90D040000001jdgg40 (not active ControlSet)
Reg HKLMSYSTEMControlSet003ServicessptdCfgD79C293C1ED61418462E24595C90D040000001jdgg40@ujdew 0x88 0x18 0x13 0x11 …
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x4B 0xA9 0x92 0xA6 …
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 D:DAEMON Tools
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0x3A 0x34 0x5B 0x3D …
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40 (not active ControlSet)
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x9A 0xA5 0x28 0xC1 …
Reg HKLMSYSTEMControlSet003ServicesSysmonLogLog Queries{15086684-e3c6-4f13-8d27-1bb70a69ec48}@204B4@480414C4B4K4 E4@0404=0454=484O4 0040404=4=4K4E4 33
Reg HKLMSYSTEMControlSet004ServicessptdCfgD79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLMSYSTEMControlSet004ServicessptdCfgD79C293C1ED61418462E24595C90D04@p0 D:????????????????Alcohol 120
Reg HKLMSYSTEMControlSet004ServicessptdCfgD79C293C1ED61418462E24595C90D04@h0 1
Reg HKLMSYSTEMControlSet004ServicessptdCfgD79C293C1ED61418462E24595C90D04@ujdew 0x48 0x36 0xDE 0x13 …
Reg HKLMSYSTEMControlSet004ServicessptdCfgD79C293C1ED61418462E24595C90D040000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet004ServicessptdCfgD79C293C1ED61418462E24595C90D040000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet004ServicessptdCfgD79C293C1ED61418462E24595C90D040000001@ujdew 0xCB 0xF0 0xC0 0x97 …
Reg HKLMSYSTEMControlSet004ServicessptdCfgD79C293C1ED61418462E24595C90D040000001jdgg40 (not active ControlSet)
Reg HKLMSYSTEMControlSet004ServicessptdCfgD79C293C1ED61418462E24595C90D040000001jdgg40@ujdew 0x88 0x18 0x13 0x11 …
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x4B 0xA9 0x92 0xA6 …
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 D:DAEMON Tools
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0x3A 0x34 0x5B 0x3D …
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40 (not active ControlSet)
Reg HKLMSYSTEMControlSet004ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x9A 0xA5 0x28 0xC1 …
Reg HKLMSYSTEMControlSet004ServicesSysmonLogLog Queries{15086684-e3c6-4f13-8d27-1bb70a69ec48}@204B4@480414C4B4K4 E4@0404=0454=484O4 0040404=4=4K4E4 33
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 ?4;0404=484@4>0424I484:0404 ?0404:0454B4>0424 1?2?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (L002TP) 1?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPTP) 1?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (PPPoE) 1?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4494 ?0404@0404;4;0454;4L4=4K494 ?4>4@4B4 1?
Reg HKLMSYSTEMControlSet005ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 WAN (IP) 1?
Reg HKLMSYSTEMControlSet005ServicessptdCfgD79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLMSYSTEMControlSet005ServicessptdCfgD79C293C1ED61418462E24595C90D04@p0 D:????????????????Alcohol 120
Reg HKLMSYSTEMControlSet005ServicessptdCfgD79C293C1ED61418462E24595C90D04@h0 1
Reg HKLMSYSTEMControlSet005ServicessptdCfgD79C293C1ED61418462E24595C90D04@ujdew 0x48 0x36 0xDE 0x13 …
Reg HKLMSYSTEMControlSet005ServicessptdCfgD79C293C1ED61418462E24595C90D040000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet005ServicessptdCfgD79C293C1ED61418462E24595C90D040000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet005ServicessptdCfgD79C293C1ED61418462E24595C90D040000001@ujdew 0xCB 0xF0 0xC0 0x97 …
Reg HKLMSYSTEMControlSet005ServicessptdCfgD79C293C1ED61418462E24595C90D040000001jdgg40 (not active ControlSet)
Reg HKLMSYSTEMControlSet005ServicessptdCfgD79C293C1ED61418462E24595C90D040000001jdgg40@ujdew 0x88 0x18 0x13 0x11 …
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x4B 0xA9 0x92 0xA6 …
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 D:DAEMON Tools
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001@khjeh 0x3A 0x34 0x5B 0x3D …
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40 (not active ControlSet)
Reg HKLMSYSTEMControlSet005ServicessptdCfg19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x9A 0xA5 0x28 0xC1 …
Reg HKLMSYSTEMControlSet005ServicesSysmonLogLog Queries{15086684-e3c6-4f13-8d27-1bb70a69ec48}@204B4@480414C4B4K4 E4@0404=0454=484O4 0040404=4=4K4E4 33
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@DeviceNotSelectedTimeout 15
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@GDIProcessHandleQuota 10000
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@Spooler yes
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@swapdisk
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@TransmissionRetryTimeout 90
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@USERProcessHandleQuota 10000
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@LoadAppInit_DLLs 1
Reg HKLMSOFTWAREClassesCLSID{421C8D71-3C14-6E74-E561-F063A86477E0}InProcServer32
Reg HKLMSOFTWAREClassesCLSID{421C8D71-3C14-6E74-E561-F063A86477E0}InProcServer32@kx20acpphooofadgpcihmbbfmd 0x62 0x00 0x70
Reg HKCUSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{421C8D71-3C14-6E74-E561-F063A86477E0}
Reg HKCUSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{421C8D71-3C14-6E74-E561-F063A86477E0}@jajpeaoihiifjoklhdjj 0x62 0x61 0x6E 0x63 …
Reg HKCUSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{421C8D71-3C14-6E74-E561-F063A86477E0}@jajpeaoihiifjoklhdnp 0x62 0x61 0x68 0x62 …
Reg HKCUSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{421C8D71-3C14-6E74-E561-F063A86477E0}@iajcjpnfgppmoipigc 0x6B 0x61 0x6D 0x63 …—- EOF — GMER 1.0.15 —-
Скачайте программу RegDelNull кликнув по этой ссылке и расспакуйте её в корень диска C (C:).
Кликните Пуск, Выполнить, введите
RegDelNull.exe HKEY_CURRENT_USER -sНажмите Enter.
Если во время работы программы появится сообщение «Delete (y/n)», введите y.Просканируйте запустить Combofix снова и получившийся лог вставьте в ваш ответ. Так же сообщите программа RegDelNull спрашивала вас (delete y/n) или нет ?
- Для ответа в этой теме необходимо авторизоваться.
