SPYWARE-RU.COM

Созданные ответы форума

Просмотр 15 сообщений - с 1 по 15 (из 18 всего)

1 2 →

Автор

Сообщения
5 февраля, 2011 в 11:54 дп в ответ на: Троян и червь #31904
albash
Participant
- Темы:2
- Сообщений:20
Здравствуйте.
Какие действия нужно предпринимать дальше.
Спасибо.
19 января, 2011 в 8:31 дп в ответ на: Троян и червь #31911
albash
Participant
- Темы:2
- Сообщений:20
Лог RSIT:
Logfile of random’s system information tool 1.08 (written by random/random)
Run by Общий компьютер at 2011-01-19 13:27:31
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 85 GB (59%) free of 145 GB
Total RAM: 2046 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:27:57, on 19.01.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:PROGRAM FILESPANDA SECURITYPANDA INTERNET SECURITY 2010WebProxy.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:WindowsSystem32mobsync.exe
C:Program FilesRealtekAudioHDARtHDVCpl.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe
C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe
C:Program FilesPanda SecurityPanda Internet Security 2010ApVxdWin.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
C:Program FilesHewlett-PackardDigital ImagingbinHpqSRmon.exe
C:Program FilesHewlett-PackardHP Software Updatehpwuschd2.exe
C:Program FilesMicrosoft Security Essentialsmsseces.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:Program FilesLogitechLWSWebcam SoftwareLWS.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesLogitechVid HDVid.exe
C:Program FilesSkypePhoneSkype.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesPanda SecurityPanda Internet Security 2010PavBckPT.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersОбщий компьютерDesktopRSIT.exe
C:Program Filestrend microОбщий компьютер.exe
C:Program FilesPanda SecurityPanda Internet Security 2010avciman.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0419&s=1&o=vb32&d=1006&m=aspire_x3810
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Search Helper — {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} — C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — (no file)
O2 — BHO: Windows Live ID Sign-in Helper — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: Windows Live Messenger Companion Helper — {9FDDE16B-836F-4806-AB1F-1455CBEFF289} — C:Program FilesWindows LiveCompanioncompanioncore.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 — BHO: SkypeIEPluginBHO — {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.6.5805.1910swg.dll
O2 — BHO: Bing Bar BHO — {d2ce3e00-f94a-4740-988e-03dc2f38c34f} — C:Program FilesMSN ToolbarPlatform6.3.2322.0npwinext.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O3 — Toolbar: @C:Program FilesMSN ToolbarPlatform6.3.2322.0npwinext.dll,-100 — {8dcb7100-df86-4384-8842-8fa844297b3f} — C:Program FilesMSN ToolbarPlatform6.3.2322.0npwinext.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 — HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
O4 — HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe
O4 — HKLM..Run: [Google Desktop Search] «C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe» /startup
O4 — HKLM..Run: [EgisTecLiveUpdate] «C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe»
O4 — HKLM..Run: [mwlDaemon] C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe
O4 — HKLM..Run: [APVXDWIN] «C:Program FilesPanda SecurityPanda Internet Security 2010APVXDWIN.EXE» /s
O4 — HKLM..Run: [SCANINICIO] «C:Program FilesPanda SecurityPanda Internet Security 2010Inicio.exe»
O4 — HKLM..Run: [Skytel] C:Program FilesRealtekAudioHDASkytel.exe
O4 — HKLM..Run: [Share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
O4 — HKLM..Run: [hpqSRMon] C:Program FilesHewlett-PackardDigital ImagingbinhpqSRMon.exe
O4 — HKLM..Run: [HP Software Update] C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [MSSE] «C:Program FilesMicrosoft Security Essentialsmsseces.exe» -hide -runkey
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesCommon FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKLM..Run: [LWS] C:Program FilesLogitechLWSWebcam SoftwareLWS.exe -hide
O4 — HKCU..Run: [swg] «C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe»
O4 — HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe
O4 — HKCU..Run: [msnmsgr] «C:Program FilesWindows LiveMessengermsnmsgr.exe» /background
O4 — HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 — HKCU..Run: [CollaborationHost] C:Windowssystem32p2phost.exe -s
O4 — HKCU..Run: [Logitech Vid] «C:Program FilesLogitechVid HDVid.exe» -bootmode
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — Startup: Logitech . Регистрация Продукта.lnk = C:Program FilesLogitechEregeReg.exe
O4 — Global Startup: Монитор АПС-Печать.lnk = H:bp6RSPrintPrintMon.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Google ВикиКомментарии… — res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 — Extra button: @C:Program FilesWindows LiveCompanioncompanionlang.dll,-600 — {0000036B-C524-4050-81A0-243669A86B9F} — C:Program FilesWindows LiveCompanioncompanioncore.dll
O9 — Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra ‘Tools’ menuitem: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Skype Plug-In — {898EA8C8-E7FF-479B-8935-AEC46303B9E5} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O9 — Extra ‘Tools’ menuitem: Skype Plug-In — {898EA8C8-E7FF-479B-8935-AEC46303B9E5} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O16 — DPF: {0013C359-980C-4916-B47A-B313DDF56755} (Alfa-Direct Signer Control) — https://www.alfadirect.ru/ADSign/ADCrypto.cab
O16 — DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} — http://download.eset.com/special/eos/OnlineScanner.cab
O16 — DPF: {D27CDB6E-AE6D-91CF-96B8-744553240000} — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 — Protocol: skype-ie-addon-data — {91774881-D725-4E58-B298-07617B9B86A8} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: wlpg — {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} — C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O20 — AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GoogleDesktopNetwork3.dll
O20 — Winlogon Notify: cpcsp — C:Program FilesCrypto ProCSPcpcspi.dll
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:Windowssystem32browseui.dll
O23 — Service: BlueSoleil Hid Service — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: @dfsrres.dll,-101 (DFSR) — Корпорация Майкрософт — C:Windowssystem32DFSR.exe
O23 — Service: Диспетчер Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) — Google — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 — Service: Служба Google Update (gupdate) (gupdate) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) — Intel Corporation — C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe
O23 — Service: Process Monitor (LVPrcSrv) — Logitech Inc. — C:Program FilesCommon FilesLogishrdLVMVFMLVPrcSrv.exe
O23 — Service: MyWinLocker Service (MWLService) — EgisTec Inc. — C:Program FilesEgisTecMyWinLocker 3×86\MWLService.exe
O23 — Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) — NewTech InfoSystems, Inc. — C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 — Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) — NewTech Infosystems, Inc. — C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:Windowssystem32nvvsvc.exe
O23 — Service: Panda Software Controller — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2010PsCtrls.exe
O23 — Service: Panda Function Service (PAVFNSVR) — Unknown owner — C:Program FilesPanda SecurityPanda Internet Security 2010PavFnSvr.exe
O23 — Service: Panda Process Protection Service (PavPrSrv) — Unknown owner — C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe
O23 — Service: Panda On-Access Anti-Malware Service (PAVSRV) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2010pavsrvx86.exe
O23 — Service: Panda Host Service (PSHost) — Unknown owner — c:program filespanda securitypanda internet security 2010firewallPSHOST.EXE
O23 — Service: Panda IManager Service (PSIMSVC) — Panda Security S.L. — C:Program FilesPanda SecurityPanda Internet Security 2010PsImSvc.exe
O23 — Service: Panda PSK service (PskSvcRetail) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2010PskSvc.exe
O23 — Service: Start BT in service — Unknown owner — C:Program FilesIVT CorporationBlueSoleilStartSkysolSvc.exe
O23 — Service: Panda TPSrv (TPSrv) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2010TPSrv.exe
O23 — Service: @C:WindowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) — Корпорация Майкрософт — C:WindowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe

—
End of file — 12236 bytes

======Scheduled tasks folder======

C:WindowstasksGoogleUpdateTaskMachineCore.job
C:WindowstasksGoogleUpdateTaskMachineUA.job
C:WindowstasksUser_Feed_Synchronization-{40CBA629-AF20-4EA7-B068-C4E5C2E3414E}.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper — C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper — C:Program FilesWindows LiveCompanioncompanioncore.dll [2010-09-22 393600]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2010-12-09 297648]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.6.5805.1910swg.dll [2010-10-25 843832]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO — C:Program FilesMSN ToolbarPlatform6.3.2322.0npwinext.dll [2010-09-22 612616]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} — @C:Program FilesMSN ToolbarPlatform6.3.2322.0npwinext.dll,-100 — C:Program FilesMSN ToolbarPlatform6.3.2322.0npwinext.dll [2010-09-22 612616]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2010-12-09 297648]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«IAAnotif»=C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe [2008-09-12 182808]
«RtHDVCpl»=C:Program FilesRealtekAudioHDARtHDVCpl.exe [2009-03-10 6957600]
«Google Desktop Search»=C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2010-07-25 30192]
«EgisTecLiveUpdate»=C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe [2008-10-27 199464]
«mwlDaemon»=C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe [2008-10-27 346672]
«APVXDWIN»=C:Program FilesPanda SecurityPanda Internet Security 2010APVXDWIN.EXE [2009-09-25 906496]
«SCANINICIO»=C:Program FilesPanda SecurityPanda Internet Security 2010Inicio.exe [2009-08-12 56064]
«Skytel»=C:Program FilesRealtekAudioHDASkytel.exe [2009-03-10 1833504]
«Share-to-Web Namespace Daemon»=C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe [2002-04-17 69632]
«hpqSRMon»=C:Program FilesHewlett-PackardDigital ImagingbinhpqSRMon.exe [2008-08-20 150016]
«HP Software Update»=C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe [2008-12-08 54576]
«MSSE»=C:Program FilesMicrosoft Security Essentialsmsseces.exe [2010-09-15 1094224]
«SunJavaUpdateSched»=C:Program FilesCommon FilesJavaJava Updatejusched.exe [2010-05-14 248552]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2010-09-23 35760]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2010-09-20 932288]
«LWS»=C:Program FilesLogitechLWSWebcam SoftwareLWS.exe [2010-05-07 165208]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-11-28 68856]
«Sidebar»=C:Program FilesWindows Sidebarsidebar.exe [2009-04-11 1233920]
«msnmsgr»=C:Program FilesWindows LiveMessengermsnmsgr.exe [2010-09-22 4240760]
«WMPNSCFG»=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2008-01-21 202240]
«CollaborationHost»=C:Windowssystem32p2phost.exe [2008-01-21 192000]
«Logitech Vid»=C:Program FilesLogitechVid HDVid.exe [2010-10-30 5915480]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2011-01-03 15028104]

C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Монитор АПС-Печать.lnk — H:bp6RSPrintPrintMon.exe

C:UsersОбщий компьютерAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Logitech . Регистрация Продукта.lnk — C:Program FilesLogitechEregeReg.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLs»=»C:PROGRA~1GoogleGOOGLE~1GoogleDesktopNetwork3.dll»

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavldr]
C:Windowssystem32avldr.dll [2008-03-18 58672]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycpcsp]
C:Program FilesCrypto ProCSPcpcspi.dll [2009-07-29 717824]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{AEB6717E-7E19-11d0-97EE-00C04FD91972}»= []

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalR5BaseSmc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSCardSvr]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaltoken]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMsMpSvc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkR5BaseSmc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworktoken]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfPf]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfRd]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfSvc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfUsbccidDriver]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableUIADesktopToggle»=0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«BindDirectlyToPropertySetStorage»=0
«NoDrives»=0

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

======File associations======

.js — edit — C:WindowsSystem32Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-01-19 11:30:52 —-D—- C:UsersОбщий компьютерAppDataRoamingMalwarebytes
2011-01-19 11:30:44 —-A—- C:Windowssystem32driversmbamswissarmy.sys
2011-01-19 11:30:43 —-D—- C:ProgramDataMalwarebytes
2011-01-19 11:30:39 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2011-01-19 11:30:39 —-A—- C:Windowssystem32driversmbam.sys
2011-01-16 18:50:47 —-ASH—- C:hiberfil.sys
2011-01-13 09:25:40 —-A—- C:Windowssystem32odbc32.dll
2011-01-13 09:25:19 —-A—- C:Windowssystem32sdclt.exe
2011-01-11 14:57:56 —-D—- C:Windowstemp
2011-01-11 14:46:06 —-SHD—- C:$RECYCLE.BIN
2011-01-11 14:45:57 —-A—- C:ComboFix.txt
2011-01-11 14:30:55 —-A—- C:Windowszip.exe
2011-01-11 14:30:55 —-A—- C:WindowsSWSC.exe
2011-01-11 14:30:55 —-A—- C:WindowsSWREG.exe
2011-01-11 14:30:55 —-A—- C:Windowssed.exe
2011-01-11 14:30:55 —-A—- C:WindowsPEV.exe
2011-01-11 14:30:55 —-A—- C:WindowsNIRCMD.exe
2011-01-11 14:30:55 —-A—- C:WindowsMBR.exe
2011-01-11 14:30:55 —-A—- C:Windowsgrep.exe
2011-01-11 14:30:38 —-D—- C:WindowsERDNT
2011-01-11 14:30:37 —-D—- C:ComboFix
2011-01-11 14:30:26 —-D—- C:Qoobox
2011-01-11 14:30:04 —-A—- C:WindowsSWXCACLS.exe
2011-01-09 14:54:17 —-A—- C:Windowssystem32javaws.exe
2011-01-09 14:54:17 —-A—- C:Windowssystem32javaw.exe
2011-01-09 14:54:17 —-A—- C:Windowssystem32java.exe
2011-01-08 18:10:24 —-D—- C:Program FilesCommon FilesSkype
2011-01-04 15:10:12 —-D—- C:Program FilesMicrosoft CAPICOM 2.1.0.2
2011-01-03 18:19:20 —-D—- C:ProgramDataLogiShrd
2011-01-03 18:15:37 —-D—- C:UsersОбщий компьютерAppDataRoamingLeadertech
2011-01-03 18:15:15 —-D—- C:Windowssystem32logishrd
2011-01-03 18:15:00 —-D—- C:ProgramDataLogitech
2011-01-03 18:14:57 —-D—- C:Program FilesCommon FilesLWS
2011-01-03 18:14:21 —-D—- C:Program FilesLogitech
2011-01-03 18:01:41 —-D—- C:Program FilesCommon Fileslogishrd
2010-12-28 10:27:37 —-D—- C:UsersОбщий компьютерAppDataRoamingPeerNetworking
2010-12-23 22:24:06 —-D—- C:ProgramDataGuard.Mail.Ru

======List of files/folders modified in the last 1 months======

2011-01-19 13:27:54 —-D—- C:WindowsPrefetch
2011-01-19 13:27:44 —-D—- C:Program Filestrend micro
2011-01-19 13:23:09 —-D—- C:UsersОбщий компьютерAppDataRoamingSkype
2011-01-19 12:21:17 —-D—- C:Windowssystem32driversetc
2011-01-19 11:54:31 —-D—- C:Windowssystem32drivers
2011-01-19 11:51:38 —-D—- C:UsersОбщий компьютерAppDataRoamingskypePM
2011-01-19 11:49:17 —-D—- C:WindowsSystem32
2011-01-19 11:30:43 —-D—- C:ProgramData
2011-01-19 11:30:39 —-D—- C:Program Files
2011-01-19 11:16:26 —-SHD—- C:System Volume Information
2011-01-17 17:41:17 —-D—- C:ProgramDataeSobi
2011-01-16 18:50:06 —-D—- C:WindowsMinidump
2011-01-16 18:50:05 —-A—- C:Windowsntbtlog.txt
2011-01-16 18:49:55 —-D—- C:Windows
2011-01-13 09:27:19 —-A—- C:Windowssystem32mrt.exe
2011-01-13 09:27:15 —-D—- C:Windowswinsxs
2011-01-13 09:25:01 —-D—- C:Windowssystem32catroot
2011-01-13 09:25:00 —-D—- C:Windowssystem32catroot2
2011-01-11 14:43:36 —-A—- C:Windowssystem.ini
2011-01-11 14:38:38 —-D—- C:WindowsAppPatch
2011-01-11 14:38:36 —-D—- C:Program FilesCommon Files
2011-01-11 14:20:14 —-D—- C:Windowsinf
2011-01-11 14:20:14 —-A—- C:Windowssystem32PerfStringBackup.INI
2011-01-09 14:54:31 —-SHD—- C:WindowsInstaller
2011-01-09 14:54:14 —-D—- C:Program Filesjava
2011-01-08 18:10:50 —-RD—- C:Program FilesSkype
2011-01-08 18:10:31 —-D—- C:Windowssystem32Tasks
2011-01-08 18:10:04 —-D—- C:ProgramDataSkype
2011-01-03 18:15:36 —-SD—- C:UsersОбщий компьютерAppDataRoamingMicrosoft
2011-01-03 18:01:42 —-D—- C:Windowstwain_32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:WindowsSystem32Driversvbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:WindowsSystem32DriversBTHidMgr.sys [2007-03-05 35600]
R0 iaStor;Intel AHCI Controller; C:Windowssystem32DRIVERSiaStor.sys [2008-09-12 327192]
R0 pavboot;Panda boot driver; C:Windowssystem32Driverspavboot.sys [2009-06-30 28552]
R1 APPFLT;App Filter Plugin; ??C:Windowssystem32DriversAPPFLT.SYS [2009-09-30 75016]
R1 CProCtrl;КриптоПро CSP драйвер; C:Windowssystem32DRIVERSCProCtrl.sys [2009-04-23 54536]
R1 DSAFLT;DSA Filter Plugin; ??C:Windowssystem32DriversDSAFLT.SYS [2009-06-16 53128]
R1 FNETMON;NetMon Filter Plugin; ??C:Windowssystem32Driversfnetmon.SYS [2008-03-28 22072]
R1 IDSFLT;Ids Filter Plugin; ??C:Windowssystem32DriversIDSFLT.SYS [2009-06-16 193800]
R1 MpFilter;Microsoft Malware Protection Driver; C:Windowssystem32DRIVERSMpFilter.sys [2010-03-25 151216]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; ??C:Windowssystem32DriversNETFLTDI.SYS [2009-06-16 159112]
R2 AmFSM;AmFSM; C:Windowssystem32DRIVERSamm8660.sys [2009-08-06 49160]
R2 ComFiltr;Panda Anti-Dialer; ??C:Windowssystem32DRIVERSCOMFiltr.sys [2009-11-28 13880]
R2 mwlPSDFilter;mwlPSDFilter; C:Windowssystem32DRIVERSmwlPSDFilter.sys [2008-10-09 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:Windowssystem32DRIVERSmwlPSDNServ.sys [2008-10-09 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:Windowssystem32DRIVERSmwlPSDVDisk.sys [2008-10-09 59952]
R2 PavProc;Panda Process Protection Driver; ??C:Windowssystem32DRIVERSPavProc.sys [2009-06-30 163336]
R3 AvFlt;Antivirus Filter Driver; C:Windowssystem32driversav5flt.sys []
R3 BlueletAudio;Bluetooth Audio Service; C:Windowssystem32DRIVERSblueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:Windowssystem32DRIVERSBlueletSCOAudio.sys [2007-06-24 27656]
R3 BT;Bluetooth PAN Network Adapter; C:Windowssystem32DRIVERSbtnetdrv.sys [2007-03-05 18320]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WindowsSystem32Driversbtcusb.sys [2007-06-24 38920]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:Windowssystem32DRIVERSe1y6032.sys [2008-11-21 220288]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2009-03-10 2338720]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:Windowssystem32DRIVERSLVPr2Mon.sys [2010-05-07 25824]
R3 LVUVC;Logitech Webcam C100(UVC); C:Windowssystem32DRIVERSlvuvc.sys [2010-11-10 4323040]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39; C:Windowssystem32DRIVERSneti1639.sys [2009-09-09 199432]
R3 NTIDrvr;Upper Class Filter Driver; C:Windowssystem32DRIVERSNTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:Windowssystem32driversnvhda32v.sys [2009-05-11 64544]
R3 nvlddmkm;nvlddmkm; C:Windowssystem32DRIVERSnvlddmkm.sys [2010-04-03 11573800]
R3 PavSRK.sys;PavSRK.sys; ??C:Windowssystem32PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys; ??C:Windowssystem32PavTPK.sys []
S1 aatksjzf;aatksjzf; ??C:Windowssystem32driversaatksjzf.sys []
S1 abrqfgyd;abrqfgyd; ??C:Windowssystem32driversabrqfgyd.sys []
S1 acbmeiun;acbmeiun; ??C:Windowssystem32driversacbmeiun.sys []
S1 acejoghr;acejoghr; ??C:Windowssystem32driversacejoghr.sys []
S1 acipanif;acipanif; ??C:Windowssystem32driversacipanif.sys []
S1 aeqvvcmr;aeqvvcmr; ??C:Windowssystem32driversaeqvvcmr.sys []
S1 aitmohax;aitmohax; ??C:Windowssystem32driversaitmohax.sys []
S1 alejpbzl;alejpbzl; ??C:Windowssystem32driversalejpbzl.sys []
S1 alpbmjcf;alpbmjcf; ??C:Windowssystem32driversalpbmjcf.sys []
S1 anhtuzog;anhtuzog; ??C:Windowssystem32driversanhtuzog.sys []
S1 aoftixqm;aoftixqm; ??C:Windowssystem32driversaoftixqm.sys []
S1 aotupanc;aotupanc; ??C:Windowssystem32driversaotupanc.sys []
S1 atbexzho;atbexzho; ??C:Windowssystem32driversatbexzho.sys []
S1 atvfxbzn;atvfxbzn; ??C:Windowssystem32driversatvfxbzn.sys []
S1 awxsrvva;awxsrvva; ??C:Windowssystem32driversawxsrvva.sys []
S1 axuuvqef;axuuvqef; ??C:Windowssystem32driversaxuuvqef.sys []
S1 aytplndr;aytplndr; ??C:Windowssystem32driversaytplndr.sys []
S1 azmdbhwx;azmdbhwx; ??C:Windowssystem32driversazmdbhwx.sys []
S1 bbtpsyfr;bbtpsyfr; ??C:Windowssystem32driversbbtpsyfr.sys []
S1 bcidwhou;bcidwhou; ??C:Windowssystem32driversbcidwhou.sys []
S1 bgsmmbsc;bgsmmbsc; ??C:Windowssystem32driversbgsmmbsc.sys []
S1 bqbxdjmt;bqbxdjmt; ??C:Windowssystem32driversbqbxdjmt.sys []
S1 bqhycprx;bqhycprx; ??C:Windowssystem32driversbqhycprx.sys []
S1 brhcvzbf;brhcvzbf; ??C:Windowssystem32driversbrhcvzbf.sys []
S1 bsjaimrf;bsjaimrf; ??C:Windowssystem32driversbsjaimrf.sys []
S1 btjbbssp;btjbbssp; ??C:Windowssystem32driversbtjbbssp.sys []
S1 bubiasay;bubiasay; ??C:Windowssystem32driversbubiasay.sys []
S1 bxrnwnny;bxrnwnny; ??C:Windowssystem32driversbxrnwnny.sys []
S1 byjdvhzh;byjdvhzh; ??C:Windowssystem32driversbyjdvhzh.sys []
S1 bylzosep;bylzosep; ??C:Windowssystem32driversbylzosep.sys []
S1 bymmbyxi;bymmbyxi; ??C:Windowssystem32driversbymmbyxi.sys []
S1 bzqtzjbi;bzqtzjbi; ??C:Windowssystem32driversbzqtzjbi.sys []
S1 cefofiee;cefofiee; ??C:Windowssystem32driverscefofiee.sys []
S1 cfsazvnn;cfsazvnn; ??C:Windowssystem32driverscfsazvnn.sys []
S1 cndlmavp;cndlmavp; ??C:Windowssystem32driverscndlmavp.sys []
S1 coigdlwv;coigdlwv; ??C:Windowssystem32driverscoigdlwv.sys []
S1 cphuhgif;cphuhgif; ??C:Windowssystem32driverscphuhgif.sys []
S1 ctywrpdm;ctywrpdm; ??C:Windowssystem32driversctywrpdm.sys []
S1 cwfalzch;cwfalzch; ??C:Windowssystem32driverscwfalzch.sys []
S1 cxtlmqyh;cxtlmqyh; ??C:Windowssystem32driverscxtlmqyh.sys []
S1 dbmbwhpe;dbmbwhpe; ??C:Windowssystem32driversdbmbwhpe.sys []
S1 ddikyqhp;ddikyqhp; ??C:Windowssystem32driversddikyqhp.sys []
S1 dgxpqedg;dgxpqedg; ??C:Windowssystem32driversdgxpqedg.sys []
S1 dgyqgatp;dgyqgatp; ??C:Windowssystem32driversdgyqgatp.sys []
S1 diaflwqh;diaflwqh; ??C:Windowssystem32driversdiaflwqh.sys []
S1 dkuaflna;dkuaflna; ??C:Windowssystem32driversdkuaflna.sys []
S1 dltxvnqk;dltxvnqk; ??C:Windowssystem32driversdltxvnqk.sys []
S1 dmiulizo;dmiulizo; ??C:Windowssystem32driversdmiulizo.sys []
S1 donzuqdt;donzuqdt; ??C:Windowssystem32driversdonzuqdt.sys []
S1 dujxocev;dujxocev; ??C:Windowssystem32driversdujxocev.sys []
S1 dvwnhqor;dvwnhqor; ??C:Windowssystem32driversdvwnhqor.sys []
S1 eakwgpou;eakwgpou; ??C:Windowssystem32driverseakwgpou.sys []
S1 eevsksml;eevsksml; ??C:Windowssystem32driverseevsksml.sys []
S1 efjjypxs;efjjypxs; ??C:Windowssystem32driversefjjypxs.sys []
S1 efwrpwmu;efwrpwmu; ??C:Windowssystem32driversefwrpwmu.sys []
S1 ehfnlbsq;ehfnlbsq; ??C:Windowssystem32driversehfnlbsq.sys []
S1 eidougqr;eidougqr; ??C:Windowssystem32driverseidougqr.sys []
S1 eilkguuw;eilkguuw; ??C:Windowssystem32driverseilkguuw.sys []
S1 ejkooqsa;ejkooqsa; ??C:Windowssystem32driversejkooqsa.sys []
S1 ekvpogxj;ekvpogxj; ??C:Windowssystem32driversekvpogxj.sys []
S1 ekwztbum;ekwztbum; ??C:Windowssystem32driversekwztbum.sys []
S1 enuoasje;enuoasje; ??C:Windowssystem32driversenuoasje.sys []
S1 eqaqkjim;eqaqkjim; ??C:Windowssystem32driverseqaqkjim.sys []
S1 eqxfonpl;eqxfonpl; ??C:Windowssystem32driverseqxfonpl.sys []
S1 errumlez;errumlez; ??C:Windowssystem32driverserrumlez.sys []
S1 esasovqg;esasovqg; ??C:Windowssystem32driversesasovqg.sys []
S1 esycgabw;esycgabw; ??C:Windowssystem32driversesycgabw.sys []
S1 fcfydytc;fcfydytc; ??C:Windowssystem32driversfcfydytc.sys []
S1 fdbwmcpi;fdbwmcpi; ??C:Windowssystem32driversfdbwmcpi.sys []
S1 fdsdzupx;fdsdzupx; ??C:Windowssystem32driversfdsdzupx.sys []
S1 fgivbtnq;fgivbtnq; ??C:Windowssystem32driversfgivbtnq.sys []
S1 fhllpztt;fhllpztt; ??C:Windowssystem32driversfhllpztt.sys []
S1 fizssudi;fizssudi; ??C:Windowssystem32driversfizssudi.sys []
S1 fngnvxll;fngnvxll; ??C:Windowssystem32driversfngnvxll.sys []
S1 freytfbq;freytfbq; ??C:Windowssystem32driversfreytfbq.sys []
S1 fureaasy;fureaasy; ??C:Windowssystem32driversfureaasy.sys []
S1 fvbwzkkp;fvbwzkkp; ??C:Windowssystem32driversfvbwzkkp.sys []
S1 fvlqrhpt;fvlqrhpt; ??C:Windowssystem32driversfvlqrhpt.sys []
S1 fyidhqov;fyidhqov; ??C:Windowssystem32driversfyidhqov.sys []
S1 gaytihvd;gaytihvd; ??C:Windowssystem32driversgaytihvd.sys []
S1 gogdsdmo;gogdsdmo; ??C:Windowssystem32driversgogdsdmo.sys []
S1 gprteagp;gprteagp; ??C:Windowssystem32driversgprteagp.sys []
S1 gqeejjtb;gqeejjtb; ??C:Windowssystem32driversgqeejjtb.sys []
S1 gscdthoz;gscdthoz; ??C:Windowssystem32driversgscdthoz.sys []
S1 gzhwuqvk;gzhwuqvk; ??C:Windowssystem32driversgzhwuqvk.sys []
S1 gztqehrp;gztqehrp; ??C:Windowssystem32driversgztqehrp.sys []
S1 haffqyqv;haffqyqv; ??C:Windowssystem32drivershaffqyqv.sys []
S1 hbnvknit;hbnvknit; ??C:Windowssystem32drivershbnvknit.sys []
S1 hcyhzuhj;hcyhzuhj; ??C:Windowssystem32drivershcyhzuhj.sys []
S1 hffabfxo;hffabfxo; ??C:Windowssystem32drivershffabfxo.sys []
S1 hgqnqluw;hgqnqluw; ??C:Windowssystem32drivershgqnqluw.sys []
S1 hmmmlata;hmmmlata; ??C:Windowssystem32drivershmmmlata.sys []
S1 hnetxblh;hnetxblh; ??C:Windowssystem32drivershnetxblh.sys []
S1 hpqtoyod;hpqtoyod; ??C:Windowssystem32drivershpqtoyod.sys []
S1 hqbngjah;hqbngjah; ??C:Windowssystem32drivershqbngjah.sys []
S1 hqiqgtqi;hqiqgtqi; ??C:Windowssystem32drivershqiqgtqi.sys []
S1 hqugyugt;hqugyugt; ??C:Windowssystem32drivershqugyugt.sys []
S1 hqzoraoc;hqzoraoc; ??C:Windowssystem32drivershqzoraoc.sys []
S1 hvpjrtbv;hvpjrtbv; ??C:Windowssystem32drivershvpjrtbv.sys []
S1 iayzuuru;iayzuuru; ??C:Windowssystem32driversiayzuuru.sys []
S1 idianbud;idianbud; ??C:Windowssystem32driversidianbud.sys []
S1 idzvgyqx;idzvgyqx; ??C:Windowssystem32driversidzvgyqx.sys []
S1 ieqdlapz;ieqdlapz; ??C:Windowssystem32driversieqdlapz.sys []
S1 ieumuczk;ieumuczk; ??C:Windowssystem32driversieumuczk.sys []
S1 iffsabmm;iffsabmm; ??C:Windowssystem32driversiffsabmm.sys []
S1 iganksje;iganksje; ??C:Windowssystem32driversiganksje.sys []
S1 igokxigz;igokxigz; ??C:Windowssystem32driversigokxigz.sys []
S1 ihlnrsxw;ihlnrsxw; ??C:Windowssystem32driversihlnrsxw.sys []
S1 imlgogyn;imlgogyn; ??C:Windowssystem32driversimlgogyn.sys []
S1 iowcrjrp;iowcrjrp; ??C:Windowssystem32driversiowcrjrp.sys []
S1 isbhwhxo;isbhwhxo; ??C:Windowssystem32driversisbhwhxo.sys []
S1 ivhuhxge;ivhuhxge; ??C:Windowssystem32driversivhuhxge.sys []
S1 jaetqehf;jaetqehf; ??C:Windowssystem32driversjaetqehf.sys []
S1 jdvhvzgn;jdvhvzgn; ??C:Windowssystem32driversjdvhvzgn.sys []
S1 jmzuwuuo;jmzuwuuo; ??C:Windowssystem32driversjmzuwuuo.sys []
S1 jnbmxsjy;jnbmxsjy; ??C:Windowssystem32driversjnbmxsjy.sys []
S1 jsklditq;jsklditq; ??C:Windowssystem32driversjsklditq.sys []
S1 jtwypmkj;jtwypmkj; ??C:Windowssystem32driversjtwypmkj.sys []
S1 jwdvlagf;jwdvlagf; ??C:Windowssystem32driversjwdvlagf.sys []
S1 jwkyqtum;jwkyqtum; ??C:Windowssystem32driversjwkyqtum.sys []
S1 jxzhrvla;jxzhrvla; ??C:Windowssystem32driversjxzhrvla.sys []
S1 jynozbbb;jynozbbb; ??C:Windowssystem32driversjynozbbb.sys []
S1 jyqrhxej;jyqrhxej; ??C:Windowssystem32driversjyqrhxej.sys []
S1 kejwwrbu;kejwwrbu; ??C:Windowssystem32driverskejwwrbu.sys []
S1 klakawzg;klakawzg; ??C:Windowssystem32driversklakawzg.sys []
S1 klgkhivm;klgkhivm; ??C:Windowssystem32driversklgkhivm.sys []
S1 kmbhlagz;kmbhlagz; ??C:Windowssystem32driverskmbhlagz.sys []
S1 kmveivqg;kmveivqg; ??C:Windowssystem32driverskmveivqg.sys []
S1 knlxtreg;knlxtreg; ??C:Windowssystem32driversknlxtreg.sys []
S1 kqnckoqq;kqnckoqq; ??C:Windowssystem32driverskqnckoqq.sys []
S1 krewdlfi;krewdlfi; ??C:Windowssystem32driverskrewdlfi.sys []
S1 ksgblcjx;ksgblcjx; ??C:Windowssystem32driversksgblcjx.sys []
S1 ktnoennw;ktnoennw; ??C:Windowssystem32driversktnoennw.sys []
S1 kxhgjyet;kxhgjyet; ??C:Windowssystem32driverskxhgjyet.sys []
S1 kzveidaj;kzveidaj; ??C:Windowssystem32driverskzveidaj.sys []
S1 laiufytq;laiufytq; ??C:Windowssystem32driverslaiufytq.sys []
S1 lczjgfhi;lczjgfhi; ??C:Windowssystem32driverslczjgfhi.sys []
S1 lfvbpqlh;lfvbpqlh; ??C:Windowssystem32driverslfvbpqlh.sys []
S1 lkarqfvj;lkarqfvj; ??C:Windowssystem32driverslkarqfvj.sys []
S1 lvhfdujb;lvhfdujb; ??C:Windowssystem32driverslvhfdujb.sys []
S1 lvrsnmra;lvrsnmra; ??C:Windowssystem32driverslvrsnmra.sys []
S1 lwqixjeo;lwqixjeo; ??C:Windowssystem32driverslwqixjeo.sys []
S1 lwzvxtve;lwzvxtve; ??C:Windowssystem32driverslwzvxtve.sys []
S1 lxryrkpn;lxryrkpn; ??C:Windowssystem32driverslxryrkpn.sys []
S1 lznkwpkc;lznkwpkc; ??C:Windowssystem32driverslznkwpkc.sys []
S1 mggmngcr;mggmngcr; ??C:Windowssystem32driversmggmngcr.sys []
S1 miwkbueh;miwkbueh; ??C:Windowssystem32driversmiwkbueh.sys []
S1 mkihfbkt;mkihfbkt; ??C:Windowssystem32driversmkihfbkt.sys []
S1 mkjojxaq;mkjojxaq; ??C:Windowssystem32driversmkjojxaq.sys []
S1 mkncivjr;mkncivjr; ??C:Windowssystem32driversmkncivjr.sys []
S1 mlctwxlm;mlctwxlm; ??C:Windowssystem32driversmlctwxlm.sys []
S1 mpawwhsx;mpawwhsx; ??C:Windowssystem32driversmpawwhsx.sys []
S1 mpwsoqhj;mpwsoqhj; ??C:Windowssystem32driversmpwsoqhj.sys []
S1 mskxhnya;mskxhnya; ??C:Windowssystem32driversmskxhnya.sys []
S1 mvjtogda;mvjtogda; ??C:Windowssystem32driversmvjtogda.sys []
S1 mwvcvsmd;mwvcvsmd; ??C:Windowssystem32driversmwvcvsmd.sys []
S1 mxkdudoe;mxkdudoe; ??C:Windowssystem32driversmxkdudoe.sys []
S1 mxnzlfyl;mxnzlfyl; ??C:Windowssystem32driversmxnzlfyl.sys []
S1 myuxbdtk;myuxbdtk; ??C:Windowssystem32driversmyuxbdtk.sys []
S1 najbglvg;najbglvg; ??C:Windowssystem32driversnajbglvg.sys []
S1 nbbmyosw;nbbmyosw; ??C:Windowssystem32driversnbbmyosw.sys []
S1 nbiwgjdq;nbiwgjdq; ??C:Windowssystem32driversnbiwgjdq.sys []
S1 nbozuaso;nbozuaso; ??C:Windowssystem32driversnbozuaso.sys []
S1 nhsedhkh;nhsedhkh; ??C:Windowssystem32driversnhsedhkh.sys []
S1 nkkxbmyp;nkkxbmyp; ??C:Windowssystem32driversnkkxbmyp.sys []
S1 nkybroxs;nkybroxs; ??C:Windowssystem32driversnkybroxs.sys []
S1 nnlszqob;nnlszqob; ??C:Windowssystem32driversnnlszqob.sys []
S1 nuaqhgyd;nuaqhgyd; ??C:Windowssystem32driversnuaqhgyd.sys []
S1 nxklmxkz;nxklmxkz; ??C:Windowssystem32driversnxklmxkz.sys []
S1 oagdongv;oagdongv; ??C:Windowssystem32driversoagdongv.sys []
S1 oaixvntl;oaixvntl; ??C:Windowssystem32driversoaixvntl.sys []
S1 ocgwakwa;ocgwakwa; ??C:Windowssystem32driversocgwakwa.sys []
S1 oeeckuki;oeeckuki; ??C:Windowssystem32driversoeeckuki.sys []
S1 oehrdddh;oehrdddh; ??C:Windowssystem32driversoehrdddh.sys []
S1 ogmiwfoh;ogmiwfoh; ??C:Windowssystem32driversogmiwfoh.sys []
S1 oteumqwh;oteumqwh; ??C:Windowssystem32driversoteumqwh.sys []
S1 otktpmqx;otktpmqx; ??C:Windowssystem32driversotktpmqx.sys []
S1 pafrqmpe;pafrqmpe; ??C:Windowssystem32driverspafrqmpe.sys []
S1 pahbmmhx;pahbmmhx; ??C:Windowssystem32driverspahbmmhx.sys []
S1 pdltmxeu;pdltmxeu; ??C:Windowssystem32driverspdltmxeu.sys []
S1 pepoclzz;pepoclzz; ??C:Windowssystem32driverspepoclzz.sys []
S1 phmwgmng;phmwgmng; ??C:Windowssystem32driversphmwgmng.sys []
S1 piyqdjog;piyqdjog; ??C:Windowssystem32driverspiyqdjog.sys []
S1 pjdonhme;pjdonhme; ??C:Windowssystem32driverspjdonhme.sys []
S1 plltqkbi;plltqkbi; ??C:Windowssystem32driversplltqkbi.sys []
S1 pndvqwva;pndvqwva; ??C:Windowssystem32driverspndvqwva.sys []
S1 posdnnth;posdnnth; ??C:Windowssystem32driversposdnnth.sys []
S1 ppspouac;ppspouac; ??C:Windowssystem32driversppspouac.sys []
S1 pwslvwth;pwslvwth; ??C:Windowssystem32driverspwslvwth.sys []
S1 pxvkangc;pxvkangc; ??C:Windowssystem32driverspxvkangc.sys []
S1 pyidrukl;pyidrukl; ??C:Windowssystem32driverspyidrukl.sys []
S1 pzuyxxqf;pzuyxxqf; ??C:Windowssystem32driverspzuyxxqf.sys []
S1 qajnvodv;qajnvodv; ??C:Windowssystem32driversqajnvodv.sys []
S1 qenavxvl;qenavxvl; ??C:Windowssystem32driversqenavxvl.sys []
S1 qgbbkada;qgbbkada; ??C:Windowssystem32driversqgbbkada.sys []
S1 qgqysdqe;qgqysdqe; ??C:Windowssystem32driversqgqysdqe.sys []
S1 qhgitbff;qhgitbff; ??C:Windowssystem32driversqhgitbff.sys []
S1 qjywaelf;qjywaelf; ??C:Windowssystem32driversqjywaelf.sys []
S1 qjzjtopt;qjzjtopt; ??C:Windowssystem32driversqjzjtopt.sys []
S1 qkxlnwwb;qkxlnwwb; ??C:Windowssystem32driversqkxlnwwb.sys []
S1 qmlhyzwp;qmlhyzwp; ??C:Windowssystem32driversqmlhyzwp.sys []
S1 qqsxopba;qqsxopba; ??C:Windowssystem32driversqqsxopba.sys []
S1 qrsqppvv;qrsqppvv; ??C:Windowssystem32driversqrsqppvv.sys []
S1 qrtkwssi;qrtkwssi; ??C:Windowssystem32driversqrtkwssi.sys []
S1 quxvaxyd;quxvaxyd; ??C:Windowssystem32driversquxvaxyd.sys []
S3 BthEnum;Драйвер блока запроса Bluetooth; C:Windowssystem32DRIVERSBthEnum.sys [2009-04-11 22528]
S3 BthPan;Устройства Bluetooth (личной сети); C:Windowssystem32DRIVERSbthpan.sys [2008-01-21 92160]
S3 BTHPORT;Драйвер порта Bluetooth; C:WindowsSystem32DriversBTHport.sys [2009-04-11 507904]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WindowsSystem32DriversBTHUSB.sys [2009-04-11 29696]
S3 catchme;catchme; ??C:UsersC588~1AppDataLocalTempcatchme.sys []
S3 drmkaud;Звуковой дешифратор DRM ядра системы; C:Windowssystem32driversdrmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:Windowssystem32DRIVERSfssfltr.sys [2010-09-22 39272]
S3 HdAudAddService;Драйвер функции UAA для службы High Definition Audio (Microsoft), версия 1.1; C:Windowssystem32driversHdAudio.sys [2006-11-02 235520]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:Windowssystem32DRIVERSMpNWMon.sys [2010-03-25 42368]
S3 MSKSSRV;Представитель служб потоков Microsoft; C:Windowssystem32driversMSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Посредник синхронизации потоков Microsoft; C:Windowssystem32driversMSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Представитель диспетчера качества потоков Microsoft; C:Windowssystem32driversMSPQM.sys [2008-01-21 5504]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:Windowssystem32driversMSTEE.sys [2008-01-21 6016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2007-12-27 166520]
R2 cpcsp1;КриптоПро CSP KC1; C:Windowssystem32svchost.exe [2008-01-21 21504]
R2 Gwmsrv;Panda Goodware Cache Manager; C:Windowssystem32svchost -k Panda []
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe [2008-09-12 354840]
R2 LVPrcSrv;Process Monitor; C:Program FilesCommon FilesLogishrdLVMVFMLVPrcSrv.exe [2010-05-07 162648]
R2 MsMpSvc;Microsoft Antimalware Service; C:Program FilesMicrosoft Security EssentialsMsMpEng.exe [2010-03-25 17904]
R2 MWLService;MyWinLocker Service; C:Program FilesEgisTecMyWinLocker 3×86\MWLService.exe [2008-10-27 306736]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe [2008-09-23 144632]
R2 nvsvc;NVIDIA Display Driver Service; C:Windowssystem32nvvsvc.exe [2010-04-03 129640]
R2 Panda Software Controller;Panda Software Controller; C:Program FilesPanda SecurityPanda Internet Security 2010PsCtrls.exe [2009-08-10 173312]
R2 PAVFNSVR;Panda Function Service; C:Program FilesPanda SecurityPanda Internet Security 2010PavFnSvr.exe [2009-08-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:Program FilesPanda SecurityPanda Internet Security 2010pavsrvx86.exe [2009-09-17 293120]
R2 PSHost;Panda Host Service; c:program filespanda securitypanda internet security 2010firewallPSHOST.EXE [2009-04-08 226560]
R2 PSIMSVC;Panda IManager Service; C:Program FilesPanda SecurityPanda Internet Security 2010PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:Program FilesPanda SecurityPanda Internet Security 2010PskSvc.exe [2009-08-25 28928]
R3 FontCache;@%systemroot%system32FntCache.dll,-100; C:Windowssystem32svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Служба Google Update (gupdate); C:Program FilesGoogleUpdateGoogleUpdate.exe [2010-02-01 135664]
S3 fsssvc;Windows Live Family Safety Service; C:Program FilesWindows LiveFamily Safetyfsssvc.exe [2010-09-22 1493352]
S3 GoogleDesktopManager-051210-111108;Диспетчер Google Desktop 5.9.1005.12335; C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2010-07-25 30192]
S3 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-11-28 182768]
S3 hpqcxs08;hpqcxs08; C:Windowssystem32svchost.exe [2008-01-21 21504]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S4 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2008-01-21 21504]

EOF
19 января, 2011 в 8:26 дп в ответ на: Троян и червь #31910
albash
Participant
- Темы:2
- Сообщений:20
Здравствуйте. лог MBAM:
Malwarebytes’ Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Версия базы данных: 5552

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

19.01.2011 13:21:22
mbam-log-2011-01-19 (13-21-22).txt

Тип сканирования: Полное сканирование (C:|D:|E:|F:|G:|H:|I:|K:|L:|)
Просканированные объекты: 277898
Времени прошло: 1 часов, 25 минут, 38 секунд

Заражённые процессы в памяти: 0
Заражённые модули в памяти: 0
Заражённые ключи в реестре: 0
Заражённые параметры в реестре: 0
Объекты реестра заражены: 0
Заражённые папки: 0
Заражённые файлы: 0

Заражённые процессы в памяти:
(Вредоносных программ не обнаружено)

Заражённые модули в памяти:
(Вредоносных программ не обнаружено)

Заражённые ключи в реестре:
(Вредоносных программ не обнаружено)

Заражённые параметры в реестре:
(Вредоносных программ не обнаружено)

Объекты реестра заражены:
(Вредоносных программ не обнаружено)

Заражённые папки:
(Вредоносных программ не обнаружено)

Заражённые файлы:
(Вредоносных программ не обнаружено)
16 января, 2011 в 8:36 дп в ответ на: Троян и червь #31908
albash
Participant
- Темы:2
- Сообщений:20
Лог Extras:
OTL Extras logfile created on: 16.01.2011 12:33:38 — Run 1
OTL by OldTimer — Version 3.2.20.2 Folder = C:UsersОбщий компьютерDesktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) — Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
Drive C: | 141,29 Gb Total Space | 81,25 Gb Free Space | 57,50% Space Free | Partition Type: NTFS
Drive F: | 141,29 Gb Total Space | 141,20 Gb Free Space | 99,93% Space Free | Partition Type: NTFS

Computer Name: ОБЩИЙ-ПК | User Name: Общий компьютер | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses]
.hlp [@ = hlpfile] — C:Windowswinhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINESOFTWAREClassesshell[command]command]
batfile [open] — «%1» %*
cmdfile [open] — «%1» %*
comfile [open] — «%1» %*
exefile [open] — «%1» %*
helpfile [open] — Reg Error: Key error.
hlpfile [open] — %SystemRoot%winhlp32.exe %1 (Microsoft Corporation)
piffile [open] — «%1» %*
regfile [merge] — Reg Error: Key error.
scrfile [config] — «%1»
scrfile [install] — rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] — «%1» /S
txtfile [edit] — Reg Error: Key error.
Unknown [openas] — %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [cmd] — cmd.exe /s /k pushd «%V» (Microsoft Corporation)
Directory [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] — %SystemRoot%Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] — %SystemRoot%Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
«cval» = 1
«FirewallDisableNotify» = 0
«AntiVirusDisableNotify» = 0
«UpdatesDisableNotify» = 0

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
«AntiVirusOverride» = 0
«AntiSpywareOverride» = 0
«FirewallOverride» = 0
«VistaSp1» = Reg Error: Unknown registry data type — File not found
«VistaSp2» = Reg Error: Unknown registry data type — File not found

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]
«DisableSR» = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
«EnableFirewall» = 1
«DisableNotifications» = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
«EnableFirewall» = 0
«DisableNotifications» = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
«EnableFirewall» = 1
«DisableNotifications» = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
«{08C68459-A223-40A0-BABB-55EF50544CAE}» = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
«{26A09244-EC58-4D00-BD96-835F4C792FD0}» = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |
«{28EA0969-CC84-44F7-9445-D2C80AF9FD9D}» = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%system32svchost.exe |
«{3F3FAFE5-3D0B-440B-AA3C-9F6E1D702C75}» = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%system32svchost.exe |
«{4958402E-178F-49B6-9BC5-F907B1F7959D}» = lport=139 | protocol=6 | dir=in | app=system |
«{4B46F493-ABEB-45FC-B6A8-9371E009F6D1}» = lport=2869 | protocol=6 | dir=in | app=system |
«{4B7CD7B1-F04F-415B-89B0-77F1E72DB058}» = rport=139 | protocol=6 | dir=out | app=system |
«{4BDD8365-00E8-41FD-AC85-622E5E5A6821}» = rport=138 | protocol=17 | dir=out | app=system |
«{57469917-C399-4024-845D-D2F524744EB7}» = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
«{5B694C12-42EA-48F6-BE98-D9F70E682542}» = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%system32svchost.exe |
«{67923EC0-1E54-4F3F-A926-91F1CE044BF1}» = lport=137 | protocol=17 | dir=in | app=system |
«{6EEF2781-D1E1-4F56-957C-62EA5836414B}» = lport=138 | protocol=17 | dir=in | app=system |
«{88F741A2-7AA8-494A-9F23-C1C6C24D239D}» = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |
«{AAC32147-6629-42FE-84C1-4762F819BDA4}» = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%system32svchost.exe |
«{B08F6341-B14F-4DE1-854A-E19D9F6F3D01}» = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
«{D5779E5D-2EC9-40CF-AC33-A84D6C81F93C}» = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%system32svchost.exe |
«{DDD2D6D7-FC48-402D-87BA-23BF98FD0C03}» = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
«{E05BB445-FD92-45F7-B1F9-78099F053CAD}» = rport=445 | protocol=6 | dir=out | app=system |
«{E2122D09-1DE2-45E9-8B2B-B9BDDE657A87}» = rport=137 | protocol=17 | dir=out | app=system |
«{E3ADD3E8-90DA-4F22-8723-FDD947B3EE06}» = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%system32svchost.exe |
«{E465187B-7AFF-4047-B9C3-4F2CB3FC752F}» = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |
«{FD9D36E0-81E6-4E6E-8D69-B20648CAB66D}» = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
«{08479E98-BB97-452D-A95E-212A65B77303}» = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
«{0BA625BF-258D-414C-850A-CC0861E427F2}» = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
«{0E82E578-83C3-4C6A-9B8F-7834377AC99A}» = dir=in | app=c:program fileswindows livemessengermsnmsgr.exe |
«{0EFF2B83-1B83-4F18-8742-CE04D7D79608}» = protocol=17 | dir=in | app=c:program filesnewtech infosystemsnti backup now 5backupsvc.exe |
«{0F97F01F-8BCC-47F1-96AE-B9DCC854CBC3}» = protocol=17 | dir=in | app=c:program filesivt corporationbluesoleilbluesoleil.exe |
«{1881BA75-8E4A-4707-80D8-8C2D9C9B221F}» = protocol=6 | dir=in | app=c:program filesmicrosoft officeoffice12onenote.exe |
«{2D44502B-0536-433C-BC65-FD6A9F727064}» = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
«{2E1C4E26-AEFB-4F8B-B82D-ECF7EDF97270}» = protocol=17 | dir=in | app=c:program filesmail.rusputniksputnikhelper.exe |
«{2EA52A94-DE46-48DE-A9E4-F581DB34E1A0}» = dir=in | app=c:program fileshewlett-packarddigital imagingbinhpqgplgtupl.exe |
«{2EDC6089-B0C9-4E52-8BE6-46D281112B3C}» = protocol=6 | dir=in | app=c:program filesnewtech infosystemsnti backup now 5backupsvc.exe |
«{30EC5D0B-9121-40DF-A615-CCF7051080CF}» = dir=in | app=c:program fileshewlett-packarddigital imagingbinhpqgpc01.exe |
«{3401A129-CF65-4F61-B3F8-96E89E3FD16E}» = protocol=6 | dir=out | svc=upnphost | app=%systemroot%system32svchost.exe |
«{4BCAAB3C-1205-4D33-BFFF-52582BED0B8D}» = dir=in | app=c:program fileshewlett-packarddigital imagingbinhpqpse.exe |
«{4CCABA30-2753-4961-AFBC-58FA482733E5}» = dir=in | app=c:program fileshewlett-packarddigital imagingbinhpqsudi.exe |
«{4F67B330-AD87-425A-9ED4-520BAE90612B}» = protocol=17 | dir=in | app=c:program filesivt corporationbluesoleilbluesoleil.exe |
«{590FFF10-0099-49D1-806A-1395DD5B7D96}» = protocol=17 | dir=in | app=c:program filesmicrosoft officeoffice12onenote.exe |
«{5AE2CB97-ADF3-4FB1-A4A5-39B856F16E27}» = protocol=17 | dir=in | app=c:program filesmicrosoft officeoffice12onenote.exe |
«{5D02A8D3-3F9E-463A-89D5-4AC4021B3F95}» = protocol=6 | dir=in | app=c:program filesmail.rusputniksputnikhelper.exe |
«{6264DD64-ABC5-434E-8D69-0A9AE1350BA5}» = protocol=6 | dir=in | app=c:program filesivt corporationbluesoleilbluesoleil.exe |
«{62C29A2E-4CCB-44FE-852D-6E5F54A613E7}» = dir=in | app=c:program filesskypephoneskype.exe |
«{6A2F23D4-CCC8-4D99-A375-6AA18A3D77B6}» = protocol=6 | dir=in | app=c:program filesivt corporationbluesoleilbluesoleil.exe |
«{6F220302-5992-454F-872D-9ECDDD3DA57A}» = dir=in | app=c:program filescommon fileshpdigital imagingbinhpqphotocrm.exe |
«{88A6A17A-7DE4-4838-B85B-7A285B9761CB}» = protocol=6 | dir=in | app=c:program filesmail.rusputniksputnikflashplayer.exe |
«{902DAF92-60E5-435F-8985-E745E8F9B7D2}» = dir=in | app=c:program fileswindows livesyncwindowslivesync.exe |
«{952D3757-F322-4D7C-94F4-B387454588E5}» = dir=in | app=c:program fileshewlett-packarddigital imagingbinhpiscnapp.exe |
«{957F13D0-7855-42CA-AE8E-874AED2D9525}» = protocol=17 | dir=in | app=c:program filesmail.rusputniksputnikflashplayer.exe |
«{9B15F9F6-3C9B-4A22-83AB-F97EF5DF4B2C}» = dir=in | app=c:program fileshewlett-packarddigital imagingbinhpqscnvw.exe |
«{A3B21322-A7ED-4C7D-9210-E4B726DC225D}» = dir=in | app=c:program fileshewlett-packarddigital imagingbinhpfccopy.exe |
«{A7BD600F-8519-4C8D-B291-55D1CB030596}» = protocol=6 | dir=in | app=c:program filesmicrosoft officeoffice12onenote.exe |
«{BBE383C2-DBC0-423B-AAE2-426CA87527F5}» = protocol=17 | dir=in | app=c:program filesnewtech infosystemsnti backup now 5schedulersvc.exe |
«{BF6D1787-5173-40C4-9530-29AB9A0407F4}» = protocol=6 | dir=in | app=c:program fileslogitechvid hdvid.exe |
«{CA558ACD-C44F-4E8A-9E89-90B5C098741C}» = dir=in | app=c:program fileshewlett-packardhp software updatehpwucli.exe |
«{CB8C9DC0-C69B-4525-8D88-17C87670369D}» = dir=in | app=c:program fileswindows livemeshmoe.exe |
«{CEB8754B-45EF-4863-8403-6A8C245E7B32}» = dir=in | app=c:program fileswindows livecontactswlcomm.exe |
«{D5EBED24-B67B-4095-A439-A6EBAEB5EE14}» = protocol=6 | dir=in | app=c:program filesnewtech infosystemsnti backup now 5schedulersvc.exe |
«{DCBFAC71-9EE2-4C6D-90F3-6944A14C843E}» = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
«{E4201F91-7050-40C8-BC98-D0335217BE5E}» = dir=in | app=c:program fileshewlett-packarddigital imagingbinhpqkygrp.exe |
«{EDB00B78-89CB-48B1-B592-BB1D56FB10E1}» = protocol=17 | dir=in | app=c:program fileslogitechvid hdvid.exe |
«{FD348BBE-9BF6-47BC-9F46-D33D75883F3F}» = dir=in | app=c:program fileshewlett-packarddigital imagingbinhpqpsapp.exe |
«TCP Query User{69C673D6-76D6-4F56-9974-605D7743461E}C:program filesmail.ruagentmagent.exe» = protocol=6 | dir=in | app=c:program filesmail.ruagentmagent.exe |
«UDP Query User{4241B978-7AA5-4512-9834-95405CD3AD2E}C:program filesmail.ruagentmagent.exe» = protocol=17 | dir=in | app=c:program filesmail.ruagentmagent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«{00000000-0000-ACTI-RUSS-BARBIEISLAND}_is1» = «Barbie(TM) — Barbie(TM) в роли Принцессы острова» 1.0c
«{02407A7A-D333-477C-B870-7BEB1EB47E33}» = Windows Live Family Safety
«{039480EE-6933-4845-88B8-77FD0C3D059D}» = Windows Live Mesh
«{06A1D88C-E102-4527-AF70-29FFD7AF215A}» = Scan
«{08234a0d-cf39-4dca-99f0-0c5cb496da81}» = Панель Bing
«{08610298-29AE-445B-B37D-EFBE05802967}» = LWS Pictures And Video
«{08BB86A3-BD8B-491F-9751-CDA93D8E0B59}» = Windows Live Sync
«{0B0F231F-CE6A-483D-AA23-77B364F75917}» = Windows Live Installer
«{12EFA1A4-AC3B-443C-8143-237EDE760403}» = NTI Backup Now Standard
«{138A4072-9E64-46BD-B5F9-DB2BB395391F}» = LWS VideoEffects
«{15634701-BACE-4449-8B25-1567DA8C9FD3}» = CameraHelperMsi
«{15D967B5-A4BE-42AE-9E84-64CD062B25AA}» = eSobi v2
«{1651216E-E7AD-4250-92A1-FB8ED61391C9}» = LWS Help_main
«{168E7302-890A-4138-9109-A225ACAF7AD1}» = Windows Live Photo Common
«{174A3B31-4C43-43DD-866F-73C9DB887B48}» = LWS Twitter
«{18455581-E099-4BA8-BC6B-F34B2F06600C}» = Google Toolbar for Internet Explorer
«{19A4A990-5343-4FF7-B3B5-6F046C091EDF}» = Windows Live Remote Client
«{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}» = Junk Mail filter update
«{200FEC62-3C34-4D60-9CE8-EC372E01C08F}» = Windows Live SOXE Definitions
«{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}» = LWS YouTube Plugin
«{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}» = Windows Live Remote Service
«{2318C2B1-4965-11d4-9B18-009027A5CD4F}» = Google Toolbar for Internet Explorer
«{2374BED8-2605-45E1-ACA8-D2AB38B3C63C}» = «Начальная школа Кирилла и Мефодия. Русский язык. 1 класс»
«{2413930C-8309-47A6-BC61-5EF27A4222BC}» = NTI Media Maker 8
«{26A24AE4-039D-4CA4-87B4-2F83216016FF}» = Java(TM) 6 Update 23
«{26A24AE4-039D-4CA4-87B4-2F83216018F0}» = Java(TM) 6 Update 18
«{2744791F-4E7C-32F5-AB40-AEC6A6C86DBF}» = Microsoft .NET Framework 3.5 Language Pack SP1 — rus
«{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}» = BufferChm
«{3336F667-9049-4D46-98B6-4C743EEBC5B1}» = Windows Live Photo Gallery
«{3705D53F-BB01-4BEE-8585-289E71CAC4B4}» = Компаньон Messenger
«{3C3901C5-3455-3E0A-A214-0B093A5070A6}» = Microsoft .NET Framework 4 Client Profile
«{3D3E663D-4E7E-4577-A560-7ECDDD45548A}» = PVSonyDll
«{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}» = erLT
«{43CDF946-F5D9-4292-B006-BA0D92013021}» = WebReg
«{4A03706F-666A-4037-7777-5F2748764D10}» = Java Auto Updater
«{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}» = SolutionCenter
«{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}» = Windows Live PIMT Platform
«{5208FDB2-D561-3FB4-9763-6B10B06745B7}» = Microsoft .NET Framework 4 Client Profile RUS Language Pack
«{54A08450-B343-40B0-924E-68F031450996}» = КриптоПро CSP
«{568161BB-4D77-4534-AB92-55040CD92798}» = Panda Internet Security 2010
«{56C049BE-79E9-4502-BEA7-9754A3E60F9B}» = neroxml
«{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}» = ShareIns
«{5C2F4253-6243-45CD-BE1D-C80409788370}» = OpenOffice.org 3.2
«{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}» = Segoe UI
«{61AD15B2-50DB-4686-A739-14FE180D4429}» = Windows Live ID Sign-in Assistant
«{63FF21C9-A810-464F-B60A-3111747B1A6D}» = GPBaseService2
«{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}» = Bing Bar Platform
«{682B3E4F-696A-42DE-A41C-4C07EA1678B4}» = Windows Live SOXE
«{68301905-2DEA-41CE-A4D4-E8B443B099BA}» = MyWinLocker
«{6986737B-F286-40D1-87AF-938339DCF6AB}» = Windows Live Messenger
«{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}» = LWS Gallery
«{6F7ECD56-E224-4263-9B7E-158E5CECC43B}» = HP Photo and Imaging 2.1 — Scanjet 2400 Series
«{71E66D3F-A009-44AB-8784-75E2819BA4BA}» = LWS Motion Detection
«{7320F37D-592C-4270-BDAA-E43CC977A77C}» = «Начальная школа Кирилла и Мефодия. Математика. 1 класс. Часть 2»
«{7465A996-0FCA-4D2D-A52C-F833B0829B5B}» = Windows Live Movie Maker
«{770657D0-A123-3C07-8E44-1C83EC895118}» = Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053
«{77F69CA1-E53D-4D77-8BA3-FA07606CC851}» = Фотоальбом Windows Live
«{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}» = Windows Live Messenger Companion Core
«{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}» = Panda Internet Security 2010
«{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}» = Acer ScreenSaver
«{7A143876-9658-4A58-82E7-B5F02D942957}» = Windows Live Remote Client Resources
«{7F811A54-5A09-4579-90E1-C93498E230D9}» = Acer eRecovery Management
«{7FF11E53-C002-4F40-8D68-6BE751E5DD62}» = Windows Live Writer Resources
«{818ABC3C-635C-4651-8183-D0E9640B7DD1}» = HP Update
«{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}» = Zuma Deluxe
«{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}» = Chicken Invaders 2
«{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}» = Mystery Solitaire — Secret Island
«{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}» = Bookworm Adventures
«{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}» = Heroes of Hellas
«{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}» = Dream Day First Home
«{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}» = Go-Go Gourmet
«{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}» = Magic Match Adventures
«{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}» = Magic Farm
«{837b34e3-7c30-493c-8f6a-2b0f04e2912c}» = Microsoft Visual C++ 2005 Redistributable
«{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}» = LWS Launcher
«{8937D274-C281-42E4-8CDB-A0B2DF979189}» = LWS Webcam Software
«{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}» = Microsoft Silverlight
«{8BAE6262-5FB8-46FF-BF6E-AEE4970164AF}» = ABBYY FineReader 7.0 Home Edition
«{8C6D6116-B724-4810-8F2D-D047E6B7D68E}» = Mesh Runtime
«{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}» = MSVCRT
«{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}» = Bluesoleil2.7.0.13 VoIP Release 071227
«{90120000-0016-0419-0000-0000000FF1CE}» = Microsoft Office Excel MUI (Russian) 2007
«{90120000-0016-0419-0000-0000000FF1CE}_HOMESTUDENTR_{DCB382C1-7F1B-42B2-9D47-EDC4262E832F}» = Microsoft Office 2007 Service Pack 2 (SP2)
«{90120000-0018-0419-0000-0000000FF1CE}» = Microsoft Office PowerPoint MUI (Russian) 2007
«{90120000-0018-0419-0000-0000000FF1CE}_HOMESTUDENTR_{DCB382C1-7F1B-42B2-9D47-EDC4262E832F}» = Microsoft Office 2007 Service Pack 2 (SP2)
«{90120000-001B-0419-0000-0000000FF1CE}» = Microsoft Office Word MUI (Russian) 2007
«{90120000-001B-0419-0000-0000000FF1CE}_HOMESTUDENTR_{DCB382C1-7F1B-42B2-9D47-EDC4262E832F}» = Microsoft Office 2007 Service Pack 2 (SP2)
«{90120000-001F-0407-0000-0000000FF1CE}» = Microsoft Office Proof (German) 2007
«{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}» = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
«{90120000-001F-0409-0000-0000000FF1CE}» = Microsoft Office Proof (English) 2007
«{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}» = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
«{90120000-001F-0419-0000-0000000FF1CE}» = Microsoft Office Proof (Russian) 2007
«{90120000-001F-0419-0000-0000000FF1CE}_HOMESTUDENTR_{57A92C5E-E76A-49CC-9EC2-A7B6CE1255EA}» = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
«{90120000-001F-0422-0000-0000000FF1CE}» = Microsoft Office Proof (Ukrainian) 2007
«{90120000-001F-0422-0000-0000000FF1CE}_HOMESTUDENTR_{6F177D09-F21D-4F50-9436-353972D1D232}» = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
«{90120000-0020-0419-0000-0000000FF1CE}» = Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office
«{90120000-002C-0419-0000-0000000FF1CE}» = Microsoft Office Proofing (Russian) 2007
«{90120000-006E-0419-0000-0000000FF1CE}» = Microsoft Office Shared MUI (Russian) 2007
«{90120000-006E-0419-0000-0000000FF1CE}_HOMESTUDENTR_{37317C49-30C4-412C-B0B9-D95090F330D8}» = Microsoft Office 2007 Service Pack 2 (SP2)
«{90120000-00A1-0419-0000-0000000FF1CE}» = Microsoft Office OneNote MUI (Russian) 2007
«{90120000-00A1-0419-0000-0000000FF1CE}_HOMESTUDENTR_{DCB382C1-7F1B-42B2-9D47-EDC4262E832F}» = Microsoft Office 2007 Service Pack 2 (SP2)
«{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}» = Intel(R) Matrix Storage Manager
«{91120000-002F-0000-0000-0000000FF1CE}» = Microsoft Office Home and Student 2007
«{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}» = Microsoft Office 2007 Service Pack 2 (SP2)
«{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}» = Security Update for Microsoft Office system 2007 (972581)
«{92EA4134-10D1-418A-91E1-5A0453131A38}» = Windows Live Movie Maker
«{95120000-00B9-0409-0000-0000000FF1CE}» = Microsoft Application Error Reporting
«{9B362566-EC1B-4700-BB9C-EC661BDE2175}» = DocProc
«{9D56775A-93F3-44A3-8092-840E3826DE30}» = Windows Live Mail
«{9DAEA76B-E50F-4272-A595-0124E826553D}» = LWS WLM Plugin
«{a289dbea-4877-48b3-bdf8-752e7a690d97}» = Nero 9 Lite
«{A726AE06-AAA3-43D1-87E3-70F510314F04}» = Windows Live Writer
«{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}» = Google Update Helper
«{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}» = Windows Live Photo Common
«{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}» = Windows Live Writer
«{AC76BA86-7AD7-1049-7B44-A94000000001}» = Adobe Reader 9.4.1 — Russian
«{AF844339-2F8A-4593-81B3-9F4C54038C4E}» = Windows Live MIME IFilter
«{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}» = Почта Windows Live
«{BC41DF50-6D8F-4F2F-B21E-38A1C452565D}» = Rutoken Drivers
«{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}» = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
«{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}» = Destinations
«{C021A311-1124-4E23-A06A-0D8B5557E9C1}_is1» = «Barbie(TM) — Приключения на ранчо» 1.0с
«{C43326F5-F135-4551-8270-7F7ABA0462E1}» = HPProductAssistant
«{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}» = Skype Toolbars
«{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}» = Windows Live Writer
«{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}» = Microsoft .NET Framework 3.5 SP1
«{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}» = Windows Live UX Platform
«{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}» = Microsoft Search Enhancement Pack
«{D3CAE2CA-BE71-4CA4-9EB9-46E1C82E778B}» = Windows Live Remote Service Resources
«{D40EB009-0499-459c-A8AF-C9C110766215}» = Logitech Webcam Software
«{D45240D3-B6B3-4FF9-B243-54ECE3E10066}» = Windows Live Communications Platform
«{D79113E7-274C-470B-BD46-01B10219DF6A}» = HPPhotosmartEssential
«{D8DAB025-C2CE-4821-8117-494E95ADA031}» = Windows Live UX Platform Language Pack
«{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}» = Acer Product Registration
«{DECDCB7C-58CC-4865-91AF-627F9798FE48}» = Windows Live Mesh
«{E09C4DB7-630C-4F06-A631-8EA7239923AF}» = D3DX10
«{E3B67F67-F1BA-4709-96CE-72E92A8BF5E3}» = hpg2410
«{E5B04674-1885-4B08-BAE7-ECDEC1F84677}» = HP Scanjet G2410 and 2400
«{E62A1F01-07B7-4541-A835-EE5B0BF064C2}» = Microsoft Antimalware
«{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}» = Skype™ 5.1
«{E83DC314-C926-4214-AD58-147691D6FE9F}» = Основные компоненты Windows Live
«{E8A80433-302B-4FF1-815D-FCC8EAC482FF}» = Nero Installer
«{EB4DF488-AAEF-406F-A341-CB2AAA315B90}» = Windows Live Messenger
«{EED027B7-0DB6-404B-8F45-6DFEE34A0441}» = LWS Video Mask Maker
«{EF98A02A-1748-4762-9B7D-5ED1600520D5}» = Microsoft Security Essentials
«{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}» = Microsoft SQL Server 2005 Compact Edition [ENU]
«{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}» = Realtek High Definition Audio Driver
«{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}» = Microsoft Office Live Add-in 1.5
«{F53D678E-238F-4A71-9742-08BB6774E9DC}» = Windows Live Family Safety
«{F6589A22-AFB4-4458-BBA3-90B75BB57044}» = Rutoken Magistra Drivers
«{FA8BA2B5-EB0E-428B-AAB2-2D608D959B18}» = Microsoft Antimalware Service RU-RU Language Pack
«{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}» = LWS Facebook
«22 игры с собаками_is1» = 22 игры с собаками
«Adobe Flash Player ActiveX» = Adobe Flash Player 10 ActiveX
«AlfaDirect» = Терминал Альфа-Директ™
«Cats_Theatre.exe» = Театр кошек
«ESET Online Scanner» = ESET Online Scanner v3
«FBReader for Windows XP» = FBReader for Windows XP
«Google Desktop» = Google Desktop
«Guard.Mail.ru» = Guard.Mail.ru
«HOMESTUDENTR» = Microsoft Office Home and Student 2007
«HP Imaging Device Functions» = HP Imaging Device Functions 13.0
«HP Photosmart Essential» = HP Photosmart Essential 3.5
«HP Solution Center & Imaging Support Tools» = HP Solution Center 13.0
«HPOCR» = OCR Software by I.R.I.S. 13.0
«InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}» = NTI Backup Now 5
«InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}» = eSobi v2
«InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}» = NTI Media Maker 8
«KLiteCodecPack_is1» = K-Lite Mega Codec Pack 6.5.0
«Logitech Vid» = Logitech Vid HD
«MailRuSputnik» = Mail.Ru Спутник 2.3.0.289
«Microsoft .NET Framework 3.5 Language Pack SP1 — rus» = Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS
«Microsoft .NET Framework 3.5 SP1» = Microsoft .NET Framework 3.5 SP1
«Microsoft .NET Framework 4 Client Profile» = Microsoft .NET Framework 4 Client Profile
«Microsoft .NET Framework 4 Client Profile RUS Language Pack» = Языковой пакет клиентского профиля Microsoft.NET Framework 4 — RUS
«Microsoft Security Essentials» = Microsoft Security Essentials
«NVIDIA Display Control Panel» = NVIDIA Display Control Panel
«NVIDIA Drivers» = NVIDIA Drivers
«ViewpointMediaPlayer» = Viewpoint Media Player (Remove Only)
«WinLiveSuite» = Основные компоненты Windows Live
«WinRAR archiver» = WinRAR archiver
«Король лев — Новые приключения» = Король лев — Новые приключения
«Пятачок В Подводном Царстве_is1» = Пятачок В Подводном Царстве

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error — 19.09.2010 23:42:30 | Computer Name = Общий-ПК | Source = WinMgmt | ID = 10
Description =

Error — 20.09.2010 10:33:11 | Computer Name = Общий-ПК | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error — 20.09.2010 10:33:11 | Computer Name = Общий-ПК | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error — 20.09.2010 10:33:11 | Computer Name = Общий-ПК | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error — 20.09.2010 10:33:35 | Computer Name = Общий-ПК | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error — 20.09.2010 10:40:29 | Computer Name = Общий-ПК | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error — 20.09.2010 10:40:30 | Computer Name = Общий-ПК | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error — 20.09.2010 10:40:31 | Computer Name = Общий-ПК | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error — 20.09.2010 10:41:08 | Computer Name = Общий-ПК | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error — 20.09.2010 10:47:16 | Computer Name = Общий-ПК | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error — 05.10.2010 0:24:08 | Computer Name = Общий-ПК | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error — 07.10.2010 9:37:13 | Computer Name = Общий-ПК | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error — 07.10.2010 9:50:02 | Computer Name = Общий-ПК | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error — 10.10.2010 5:31:12 | Computer Name = Общий-ПК | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error — 08.11.2010 0:00:24 | Computer Name = Общий-ПК | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error — 08.11.2010 12:57:16 | Computer Name = Общий-ПК | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error — 08.11.2010 13:00:35 | Computer Name = Общий-ПК | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error — 08.11.2010 13:01:23 | Computer Name = Общий-ПК | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error — 03.12.2010 12:31:07 | Computer Name = Общий-ПК | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error — 21.12.2010 11:07:05 | Computer Name = Общий-ПК | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error — 13.01.2011 0:35:40 | Computer Name = Общий-ПК | Source = Service Control Manager | ID = 7000
Description =

Error — 13.01.2011 0:36:03 | Computer Name = Общий-ПК | Source = Microsoft Antimalware | ID = 3002
Description = %%861: при выполнении функции защиты в режиме реального времени произошла
ошибка, приведшая к завершению работы данной функции. Функция: %%835 Код ошибки:
0x80004005 Описание ошибки: Неопознанная ошибка Причина: %%842

Error — 13.01.2011 11:22:43 | Computer Name = Общий-ПК | Source = Microsoft Antimalware | ID = 3002
Description = %%861: при выполнении функции защиты в режиме реального времени произошла
ошибка, приведшая к завершению работы данной функции. Функция: %%835 Код ошибки:
0x80004005 Описание ошибки: Неопознанная ошибка Причина: %%842

Error — 13.01.2011 23:51:40 | Computer Name = Общий-ПК | Source = Microsoft Antimalware | ID = 3002
Description = %%861: при выполнении функции защиты в режиме реального времени произошла
ошибка, приведшая к завершению работы данной функции. Функция: %%835 Код ошибки:
0x80004005 Описание ошибки: Неопознанная ошибка Причина: %%842

Error — 14.01.2011 7:43:14 | Computer Name = Общий-ПК | Source = Dhcp | ID = 1002
Description = Аренда IP-адреса 192.168.0.100 для сетевого адаптера с сетевым адресом
001F16F40336 отклонена DHCP-сервером 192.168.0.1 (DHCP-сервер отправил сообщение
DHCPNACK).

Error — 14.01.2011 7:43:42 | Computer Name = Общий-ПК | Source = Microsoft Antimalware | ID = 3002
Description = %%861: при выполнении функции защиты в режиме реального времени произошла
ошибка, приведшая к завершению работы данной функции. Функция: %%835 Код ошибки:
0x80004005 Описание ошибки: Неопознанная ошибка Причина: %%842

Error — 14.01.2011 7:44:14 | Computer Name = Общий-ПК | Source = Service Control Manager | ID = 7011
Description =

Error — 14.01.2011 10:16:59 | Computer Name = Общий-ПК | Source = Microsoft Antimalware | ID = 3002
Description = %%861: при выполнении функции защиты в режиме реального времени произошла
ошибка, приведшая к завершению работы данной функции. Функция: %%835 Код ошибки:
0x80004005 Описание ошибки: Неопознанная ошибка Причина: %%842

Error — 15.01.2011 1:45:33 | Computer Name = Общий-ПК | Source = Microsoft Antimalware | ID = 3002
Description = %%861: при выполнении функции защиты в режиме реального времени произошла
ошибка, приведшая к завершению работы данной функции. Функция: %%835 Код ошибки:
0x80004005 Описание ошибки: Неопознанная ошибка Причина: %%842

Error — 16.01.2011 3:01:55 | Computer Name = Общий-ПК | Source = Microsoft Antimalware | ID = 3002
Description = %%861: при выполнении функции защиты в режиме реального времени произошла
ошибка, приведшая к завершению работы данной функции. Функция: %%834 Код ошибки:
0x80004005 Описание ошибки: Неопознанная ошибка Причина: %%838
16 января, 2011 в 8:34 дп в ответ на: Троян и червь #31907
albash
Participant
- Темы:2
- Сообщений:20
Продолжение:
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders — Created Within 30 Days ==========

[2011.01.16 12:29:23 | 000,602,112 | —- | C] (OldTimer Tools) — C:UsersОбщий компьютерDesktopOTL.exe
[2011.01.11 14:57:56 | 000,000,000 | —D | C] — C:Windowstemp
[2011.01.11 14:46:06 | 000,000,000 | -HSD | C] — C:$RECYCLE.BIN
[2011.01.11 14:30:55 | 000,161,792 | —- | C] (SteelWerX) — C:WindowsSWREG.exe
[2011.01.11 14:30:55 | 000,136,704 | —- | C] (SteelWerX) — C:WindowsSWSC.exe
[2011.01.11 14:30:55 | 000,031,232 | —- | C] (NirSoft) — C:WindowsNIRCMD.exe
[2011.01.11 14:30:38 | 000,000,000 | —D | C] — C:WindowsERDNT
[2011.01.11 14:30:37 | 000,000,000 | —D | C] — C:ComboFix
[2011.01.11 14:30:26 | 000,000,000 | —D | C] — C:Qoobox
[2011.01.11 14:30:04 | 000,212,480 | —- | C] (SteelWerX) — C:WindowsSWXCACLS.exe
[2011.01.08 18:10:25 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsSkype
[2011.01.08 18:10:24 | 000,000,000 | —D | C] — C:Program FilesCommon FilesSkype
[2011.01.04 15:10:12 | 000,000,000 | —D | C] — C:Program FilesMicrosoft CAPICOM 2.1.0.2
[2011.01.03 18:19:20 | 000,000,000 | —D | C] — C:ProgramDataLogiShrd
[2011.01.03 18:17:26 | 000,000,000 | —D | C] — C:UsersОбщий компьютерAppDataLocalLogiShrd
[2011.01.03 18:15:37 | 000,000,000 | —D | C] — C:UsersОбщий компьютерAppDataRoamingLeadertech
[2011.01.03 18:15:15 | 000,000,000 | —D | C] — C:WindowsSystem32logishrd
[2011.01.03 18:15:00 | 000,000,000 | —D | C] — C:ProgramDataLogitech
[2011.01.03 18:14:57 | 000,000,000 | —D | C] — C:Program FilesCommon FilesLWS
[2011.01.03 18:14:25 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsLogitech
[2011.01.03 18:14:21 | 000,000,000 | —D | C] — C:Program FilesLogitech
[2011.01.03 18:01:41 | 000,000,000 | —D | C] — C:Program FilesCommon Fileslogishrd
[2010.12.28 10:27:37 | 000,000,000 | —D | C] — C:UsersОбщий компьютерAppDataRoamingPeerNetworking
[2010.12.23 22:24:06 | 000,000,000 | —D | C] — C:ProgramDataGuard.Mail.Ru
[2009.05.21 12:04:28 | 000,049,152 | R— | C] ( ) — C:WindowsInterop.IWshRuntimeLibrary.dll
[2002.03.11 14:06:30 | 001,822,520 | —- | C] (Microsoft Corporation) — C:Program Filesinstmsiw.exe
[2002.03.11 13:45:04 | 001,708,856 | —- | C] (Microsoft Corporation) — C:Program Filesinstmsia.exe
[2 C:WindowsSystem32*.tmp files -> C:WindowsSystem32*.tmp -> ]

========== Files — Modified Within 30 Days ==========

[2011.01.16 12:46:35 | 002,621,440 | -HS- | M] () — C:UsersОбщий компьютерntuser.dat
[2011.01.16 12:30:59 | 000,602,112 | —- | M] (OldTimer Tools) — C:UsersОбщий компьютерDesktopOTL.exe
[2011.01.16 12:05:23 | 000,000,199 | —- | M] () — C:WindowsSystem32driversetcpfdnnt.act
[2011.01.16 12:05:19 | 000,001,132 | —- | M] () — C:WindowsSystem32driversAPPFLTR.CFG.bck
[2011.01.16 12:05:19 | 000,001,132 | —- | M] () — C:WindowsSystem32driversAPPFLTR.CFG
[2011.01.16 12:05:19 | 000,000,252 | —- | M] () — C:WindowsSystem32driversetcIdsFlt.cfg.bck
[2011.01.16 12:05:19 | 000,000,252 | —- | M] () — C:WindowsSystem32driversetcIdsFlt.cfg
[2011.01.16 12:05:19 | 000,000,092 | —- | M] () — C:WindowsSystem32driversetcNetLoc.wlt.bck
[2011.01.16 12:05:19 | 000,000,092 | —- | M] () — C:WindowsSystem32driversetcNetLoc.wlt
[2011.01.16 12:05:19 | 000,000,068 | —- | M] () — C:WindowsSystem32driversetcNetFlt.cfg.bck
[2011.01.16 12:05:19 | 000,000,068 | —- | M] () — C:WindowsSystem32driversetcNetFlt.cfg
[2011.01.16 12:05:19 | 000,000,056 | —- | M] () — C:WindowsSystem32driversetcWnmFlt.cfg.bck
[2011.01.16 12:05:19 | 000,000,056 | —- | M] () — C:WindowsSystem32driversetcWnmFlt.cfg
[2011.01.16 12:05:19 | 000,000,056 | —- | M] () — C:WindowsSystem32driversetcDsaFlt.cfg.bck
[2011.01.16 12:05:19 | 000,000,056 | —- | M] () — C:WindowsSystem32driversetcDsaFlt.cfg
[2011.01.16 12:05:03 | 000,418,468 | —- | M] () — C:WindowsSystem32driversetcDsaFlt.rls.bck
[2011.01.16 12:05:03 | 000,418,468 | —- | M] () — C:WindowsSystem32driversetcDsaFlt.rls
[2011.01.16 12:02:39 | 000,000,464 | -H— | M] () — C:WindowstasksUser_Feed_Synchronization-{40CBA629-AF20-4EA7-B068-C4E5C2E3414E}.job
[2011.01.16 12:02:22 | 000,000,136 | —- | M] () — C:WindowsSystem32driversetcNetAdapt.cfg.bck
[2011.01.16 12:02:22 | 000,000,136 | —- | M] () — C:WindowsSystem32driversetcNetAdapt.cfg
[2011.01.16 12:02:21 | 000,000,064 | —- | M] () — C:WindowsSystem32driversetcNetAR.wlt.bck
[2011.01.16 12:02:21 | 000,000,064 | —- | M] () — C:WindowsSystem32driversetcNetAR.wlt
[2011.01.16 12:02:01 | 000,054,181 | —- | M] () — C:ProgramDatanvModes.dat
[2011.01.16 12:02:00 | 000,054,181 | —- | M] () — C:ProgramDatanvModes.001
[2011.01.16 11:59:44 | 000,000,928 | —- | M] () — C:WindowstasksGoogleUpdateTaskMachineCore.job
[2011.01.16 11:59:40 | 000,003,216 | -H— | M] () — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.16 11:59:40 | 000,000,006 | -H— | M] () — C:WindowstasksSA.DAT
[2011.01.16 11:59:39 | 000,003,216 | -H— | M] () — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.16 11:59:31 | 000,067,584 | —S- | M] () — C:Windowsbootstat.dat
[2011.01.16 11:59:28 | 000,000,000 | —- | M] () — C:WindowsSystem32driverslvuvc.hs
[2011.01.16 11:59:27 | 2146,619,392 | -HS- | M] () — C:hiberfil.sys
[2011.01.15 21:58:00 | 000,524,288 | -HS- | M] () — C:UsersОбщий компьютерntuser.dat{176ebc84-5348-11df-a606-00158333c2b0}.TMContainer00000000000000000001.regtrans-ms
[2011.01.15 21:58:00 | 000,065,536 | -HS- | M] () — C:UsersОбщий компьютерntuser.dat{176ebc84-5348-11df-a606-00158333c2b0}.TM.blf
[2011.01.15 21:57:40 | 003,279,506 | -H— | M] () — C:UsersОбщий компьютерAppDataLocalIconCache.db
[2011.01.15 21:54:01 | 000,000,932 | —- | M] () — C:WindowstasksGoogleUpdateTaskMachineUA.job
[2011.01.15 10:48:35 | 000,322,592 | —- | M] () — C:WindowsSystem32driversAPPFCONT.DAT.bck
[2011.01.15 10:48:35 | 000,322,592 | —- | M] () — C:WindowsSystem32driversAPPFCONT.DAT
[2011.01.14 09:51:47 | 000,008,627 | —- | M] () — C:WindowsSystem32PAV_FOG.OPC
[2011.01.11 14:43:36 | 000,000,215 | —- | M] () — C:Windowssystem.ini
[2011.01.11 14:43:24 | 000,000,027 | —- | M] () — C:WindowsSystem32driversetchosts
[2011.01.11 14:29:57 | 004,152,003 | R— | M] () — C:UsersОбщий компьютерDesktopComboFix.exe
[2011.01.11 14:20:14 | 001,484,556 | —- | M] () — C:WindowsSystem32PerfStringBackup.INI
[2011.01.11 14:20:14 | 000,662,300 | —- | M] () — C:WindowsSystem32perfh019.dat
[2011.01.11 14:20:14 | 000,595,798 | —- | M] () — C:WindowsSystem32perfh009.dat
[2011.01.11 14:20:14 | 000,129,218 | —- | M] () — C:WindowsSystem32perfc019.dat
[2011.01.11 14:20:14 | 000,103,872 | —- | M] () — C:WindowsSystem32perfc009.dat
[2011.01.10 09:59:36 | 251,797,106 | —- | M] () — C:WindowsMEMORY.DMP
[2011.01.08 18:10:25 | 000,001,878 | —- | M] () — C:UsersPublicDesktopSkype.lnk
[2011.01.05 20:41:08 | 000,000,877 | —- | M] () — C:UsersОбщий компьютерAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupLogitech . Регистрация Продукта.lnk
[2011.01.04 11:42:23 | 000,021,504 | —- | M] () — C:UsersОбщий компьютерAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.03 18:16:30 | 000,001,750 | —- | M] () — C:UsersPublicDesktopLogitech Vid HD.lnk
[2011.01.03 18:14:25 | 000,001,437 | —- | M] () — C:UsersPublicDesktopLogitech Webcam Software .lnk
[2010.12.28 10:27:44 | 000,024,064 | —- | M] () — C:UsersОбщий компьютерAppDataRoamingUserTile.png
[2 C:WindowsSystem32*.tmp files -> C:WindowsSystem32*.tmp -> ]

========== Files Created — No Company Name ==========

[2011.01.11 14:30:55 | 000,256,512 | —- | C] () — C:WindowsPEV.exe
[2011.01.11 14:30:55 | 000,098,816 | —- | C] () — C:Windowssed.exe
[2011.01.11 14:30:55 | 000,089,088 | —- | C] () — C:WindowsMBR.exe
[2011.01.11 14:30:55 | 000,080,412 | —- | C] () — C:Windowsgrep.exe
[2011.01.11 14:30:55 | 000,068,096 | —- | C] () — C:Windowszip.exe
[2011.01.11 14:29:26 | 004,152,003 | R— | C] () — C:UsersОбщий компьютерDesktopComboFix.exe
[2011.01.10 10:00:29 | 2146,619,392 | -HS- | C] () — C:hiberfil.sys
[2011.01.08 18:10:25 | 000,001,878 | —- | C] () — C:UsersPublicDesktopSkype.lnk
[2011.01.05 20:41:08 | 000,000,877 | —- | C] () — C:UsersОбщий компьютерAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupLogitech . Регистрация Продукта.lnk
[2011.01.03 18:16:30 | 000,001,750 | —- | C] () — C:UsersPublicDesktopLogitech Vid HD.lnk
[2011.01.03 18:14:25 | 000,001,437 | —- | C] () — C:UsersPublicDesktopLogitech Webcam Software .lnk
[2011.01.03 18:01:59 | 000,000,000 | —- | C] () — C:WindowsSystem32driverslvuvc.hs
[2010.12.28 10:27:37 | 000,024,064 | —- | C] () — C:UsersОбщий компьютерAppDataRoamingUserTile.png
[2010.12.09 13:14:37 | 000,000,036 | —- | C] () — C:UsersОбщий компьютерAppDataLocalhousecall.guid.cache
[2010.11.10 02:45:30 | 010,871,128 | —- | C] () — C:WindowsSystem32LogiDPP.dll
[2010.11.10 02:45:20 | 000,316,248 | —- | C] () — C:WindowsSystem32DevManagerCore.dll
[2010.11.10 02:31:42 | 000,026,286 | —- | C] () — C:WindowsSystem32lvcoinst.ini
[2010.11.03 16:33:41 | 000,165,376 | —- | C] () — C:WindowsSystem32unrar.dll
[2010.11.03 16:33:40 | 000,000,038 | —- | C] () — C:Windowsavisplitter.ini
[2010.11.03 16:33:29 | 000,790,528 | —- | C] () — C:WindowsSystem32xvidcore.dll
[2010.11.03 16:33:29 | 000,134,144 | —- | C] () — C:WindowsSystem32xvidvfw.dll
[2010.11.03 16:33:28 | 000,108,032 | —- | C] () — C:WindowsSystem32ff_vfw.dll
[2010.11.03 16:33:28 | 000,000,547 | —- | C] () — C:WindowsSystem32ff_vfw.dll.manifest
[2010.08.03 09:24:27 | 000,311,296 | —- | C] () — C:WindowsSystem32ibank2ccom.dll
[2010.08.03 09:24:27 | 000,102,400 | —- | C] () — C:WindowsSystem32ibank2agava.dll
[2010.05.28 17:40:52 | 003,091,968 | —- | C] () — C:Program Filesopenofficeorg32.msi
[2010.05.28 17:37:28 | 128,699,053 | —- | C] () — C:Program Filesopenofficeorg1.cab
[2010.05.28 16:49:02 | 000,000,290 | —- | C] () — C:Program Filessetup.ini
[2010.05.20 11:48:46 | 000,031,744 | —- | C] () — C:WindowsSystem32driverseps2kt1.sys
[2010.05.20 11:48:46 | 000,004,608 | —- | C] () — C:WindowsSystem32R5CoInst.dll
[2010.05.07 18:46:36 | 000,014,168 | —- | C] () — C:WindowsSystem32driversiKeyLFT2.dll
[2010.05.07 18:43:30 | 000,025,824 | —- | C] () — C:WindowsSystem32driversLVPr2Mon.sys
[2010.02.20 08:55:13 | 000,000,084 | —- | C] () — C:Windowsnetdet.ini
[2010.02.20 08:54:15 | 000,237,568 | —- | C] () — C:WindowsSystem32lame_enc.dll
[2010.02.14 15:23:25 | 000,018,944 | —- | C] () — C:WindowsSystem32ventmon.dll
[2010.02.04 09:34:48 | 000,000,810 | —- | C] () — C:WindowsNTIWVEDT.INI
[2010.02.01 10:52:37 | 000,000,000 | —- | C] () — C:WindowsJCMKR32.INI
[2010.01.31 18:34:35 | 000,000,790 | —- | C] () — C:ProgramDatahpzinstall.log
[2009.12.18 12:00:50 | 000,000,069 | —- | C] () — C:Windowscm.ini
[2009.11.30 13:54:24 | 000,021,504 | —- | C] () — C:UsersОбщий компьютерAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.30 13:32:35 | 000,000,091 | —- | C] () — C:ProgramDataPS.log
[2009.11.29 19:01:42 | 000,117,248 | —- | C] () — C:WindowsSystem32EhStorAuthn.dll
[2009.11.29 19:01:25 | 000,368,640 | —- | C] () — C:WindowsSystem32msjetoledb40.dll
[2009.11.28 18:56:16 | 000,000,056 | -H— | C] () — C:ProgramDataezsidmv.dat
[2009.11.28 18:18:33 | 000,013,880 | —- | C] () — C:WindowsSystem32driversCOMFiltr.sys
[2009.11.28 17:11:14 | 003,279,506 | -H— | C] () — C:UsersОбщий компьютерAppDataLocalIconCache.db
[2009.11.28 16:59:17 | 000,000,272 | —- | C] () — C:Windowshpqcopy.INI
[2009.11.28 16:56:53 | 000,000,235 | —- | C] () — C:UsersОбщий компьютерAppDataRoamingdevices.xml
[2009.11.28 16:56:53 | 000,000,012 | —- | C] () — C:UsersОбщий компьютерAppDataRoamingsettings.xml
[2009.11.28 16:38:08 | 000,106,496 | —- | C] () — C:WindowsSystem32VSHP1018.DLL
[2009.11.28 16:29:33 | 000,082,384 | —- | C] () — C:UsersОбщий компьютерAppDataLocalGDIPFONTCACHEV1.DAT
[2008.01.21 10:59:39 | 001,484,556 | —- | C] () — C:WindowsSystem32PerfStringBackup.INI
[2008.01.21 07:34:22 | 000,060,124 | —- | C] () — C:WindowsSystem32tcpmon.ini
[2006.11.02 17:48:00 | 000,000,174 | -HS- | C] () — C:Program Filesdesktop.ini
[2006.11.02 15:24:31 | 000,001,405 | —- | C] () — C:Windowsmsdfmap.ini
[2006.11.02 15:23:31 | 000,000,221 | —- | C] () — C:Windowswin.ini
[2006.11.02 15:23:31 | 000,000,215 | —- | C] () — C:Windowssystem.ini
[2006.11.02 12:40:29 | 000,013,750 | —- | C] () — C:WindowsSystem32pacerprf.ini
[2006.11.02 12:09:45 | 000,027,097 | —- | C] () — C:WindowsSystem32country.sys
[2006.11.02 12:09:44 | 000,042,809 | —- | C] () — C:WindowsSystem32KEY01.SYS
[2006.11.02 12:09:44 | 000,042,537 | —- | C] () — C:WindowsSystem32KEYBOARD.SYS
[2006.11.02 12:09:42 | 000,009,029 | —- | C] () — C:WindowsSystem32ANSI.SYS
[2006.11.02 12:09:41 | 000,004,768 | —- | C] () — C:WindowsSystem32HIMEM.SYS
[2006.11.02 12:09:40 | 000,029,274 | —- | C] () — C:WindowsSystem32NTDOS412.SYS
[2006.11.02 12:09:38 | 000,029,370 | —- | C] () — C:WindowsSystem32NTDOS411.SYS
[2006.11.02 12:09:35 | 000,029,146 | —- | C] () — C:WindowsSystem32NTDOS404.SYS
[2006.11.02 12:09:31 | 000,029,146 | —- | C] () — C:WindowsSystem32NTDOS804.SYS
[2006.11.02 12:09:29 | 000,027,866 | —- | C] () — C:WindowsSystem32NTDOS.SYS
[2006.11.02 12:09:26 | 000,035,536 | —- | C] () — C:WindowsSystem32NTIO412.SYS
[2006.11.02 12:09:24 | 000,035,776 | —- | C] () — C:WindowsSystem32NTIO411.SYS
[2006.11.02 12:09:23 | 000,034,672 | —- | C] () — C:WindowsSystem32NTIO404.SYS
[2006.11.02 12:09:22 | 000,034,672 | —- | C] () — C:WindowsSystem32NTIO804.SYS
[2006.11.02 12:09:20 | 000,033,952 | —- | C] () — C:WindowsSystem32NTIO.SYS
[2006.11.02 11:25:08 | 000,013,312 | —- | C] () — C:WindowsSystem32win87em.dll
[2006.10.10 14:08:14 | 000,000,044 | —- | C] () — C:WindowsAcer(Normal).ini
[2006.10.10 14:08:14 | 000,000,042 | —- | C] () — C:WindowsAcer(Wide).ini
[2006.10.10 14:04:58 | 000,007,372 | —- | C] () — C:ProgramDataArcadeDeluxe2.log
[2006.10.10 13:59:17 | 000,054,181 | —- | C] () — C:ProgramDatanvModes.001
[2006.10.10 13:59:16 | 000,054,181 | —- | C] () — C:ProgramDatanvModes.dat

========== LOP Check ==========

[2009.05.21 01:58:02 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingAcer GameZone Console
[2009.11.30 18:19:14 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingBarbieIP
[2010.01.16 17:52:42 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingcerasus.media
[2010.02.20 16:40:10 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingCrypto Pro
[2009.11.28 22:21:49 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingeSobi
[2011.01.03 18:15:37 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingLeadertech
[2010.11.03 16:30:09 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingMail.Ru
[2010.02.08 16:33:28 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingMeridian93
[2010.08.02 14:03:11 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingMra
[2009.12.07 10:17:45 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingOpenOffice.org
[2009.11.28 18:17:38 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingPanda Security
[2010.12.28 10:27:37 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingPeerNetworking
[2009.11.28 16:33:50 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingSoftDMA
[2009.11.28 16:55:01 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingПапка выгрузки Share-to-Web
[2011.01.15 21:58:09 | 000,032,568 | —- | M] () — C:WindowsTasksSCHEDLGU.TXT
[2011.01.16 12:02:39 | 000,000,464 | -H— | M] () — C:WindowsTasksUser_Feed_Synchronization-{40CBA629-AF20-4EA7-B068-C4E5C2E3414E}.job

========== Purity Check ==========

========== Custom Scans ==========

[2009.05.21 01:58:02 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingAcer GameZone Console
[2009.12.14 12:23:43 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingAdobe
[2010.01.19 20:56:27 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingApple Computer
[2009.11.30 18:19:14 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingBarbieIP
[2010.01.16 17:52:42 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingcerasus.media
[2010.02.20 16:40:10 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingCrypto Pro
[2010.02.04 10:28:02 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingCyberLink
[2009.11.28 22:21:49 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingeSobi
[2009.11.28 16:41:46 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingGoogle
[2010.01.31 21:35:59 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingHP
[2010.07.30 22:05:59 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingHpUpdate
[2009.11.28 16:29:19 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingIdentities
[2011.01.03 18:15:37 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingLeadertech
[2009.11.28 16:29:49 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingMacromedia
[2010.11.03 16:30:09 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingMail.Ru
[2010.11.03 16:48:04 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingMedia Player Classic
[2010.02.08 16:33:28 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingMeridian93
[2011.01.03 18:15:36 | 000,000,000 | —SD | M] — C:UsersОбщий компьютерAppDataRoamingMicrosoft
[2010.08.02 14:03:11 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingMra
[2010.01.27 15:42:58 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingNero
[2009.12.07 10:17:45 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingOpenOffice.org
[2009.11.28 18:17:38 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingPanda Security
[2010.12.28 10:27:37 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingPeerNetworking
[2011.01.16 12:04:10 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingSkype
[2011.01.16 12:03:20 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingskypePM
[2009.11.28 16:33:50 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingSoftDMA
[2010.01.29 12:37:24 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingWinRAR
[2009.11.28 16:55:01 | 000,000,000 | —D | M] — C:UsersОбщий компьютерAppDataRoamingПапка выгрузки Share-to-Web

[2011.01.03 18:15:36 | 000,053,248 | R— | M] (Acresso Software Inc.) — C:UsersОбщий компьютерAppDataRoamingMicrosoftInstaller{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}ARPPRODUCTICON.exe

[2008.01.21 07:32:22 | 000,056,376 | —- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 — C:WindowsERDNTcacheAGP440.sys
[2008.01.21 07:32:22 | 000,056,376 | —- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 — C:WindowsSystem32driversAGP440.sys
[2008.01.21 07:32:22 | 000,056,376 | —- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 — C:WindowsSystem32DriverStoreFileRepositorymachine.inf_51b95d75AGP440.sys
[2008.01.21 07:32:22 | 000,056,376 | —- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 — C:WindowsSystem32DriverStoreFileRepositorymachine.inf_f750e484AGP440.sys
[2008.01.21 07:32:22 | 000,056,376 | —- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 — C:Windowswinsxsx86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97aAGP440.sys
[2008.01.21 07:32:22 | 000,056,376 | —- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 — C:Windowswinsxsx86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6AGP440.sys
[2006.11.02 14:49:52 | 000,053,864 | —- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 — C:WindowsSystem32DriverStoreFileRepositorymachine.inf_920a2c1fAGP440.sys

[2009.04.11 11:32:26 | 000,019,944 | —- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 — C:WindowsSystem32DriverStoreFileRepositorymshdc.inf_b12d8e84atapi.sys
[2009.04.11 11:32:26 | 000,019,944 | —- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 — C:Windowswinsxsx86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8atapi.sys
[2008.01.21 07:32:21 | 000,021,560 | —- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 — C:WindowsERDNTcacheatapi.sys
[2008.01.21 07:32:21 | 000,021,560 | —- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 — C:WindowsSystem32driversatapi.sys
[2008.01.21 07:32:21 | 000,021,560 | —- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 — C:WindowsSystem32DriverStoreFileRepositorymshdc.inf_cc18792datapi.sys
[2008.01.21 07:32:21 | 000,021,560 | —- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 — C:Windowswinsxsx86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9catapi.sys
[2006.11.02 14:49:36 | 000,019,048 | —- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F — C:WindowsSystem32DriverStoreFileRepositorymshdc.inf_c6c2e699atapi.sys

[2009.04.11 11:27:20 | 000,643,072 | —- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 — C:WindowsSystem32autochk.exe
[2009.04.11 11:27:20 | 000,643,072 | —- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 — C:Windowswinsxsx86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3bautochk.exe
[2008.01.21 07:34:33 | 000,642,560 | —- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 — C:Windowswinsxsx86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122efautochk.exe

[2008.01.21 07:33:14 | 000,006,144 | —- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 — C:WindowsERDNTcachebeep.sys
[2008.01.21 07:33:14 | 000,006,144 | —- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 — C:WindowsSystem32driversbeep.sys
[2008.01.21 07:33:14 | 000,006,144 | —- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 — C:Windowswinsxsx86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485bbeep.sys

[2006.11.02 14:46:03 | 000,011,776 | —- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D — C:WindowsERDNTcachecngaudit.dll
[2006.11.02 14:46:03 | 000,011,776 | —- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D — C:WindowsSystem32cngaudit.dll
[2006.11.02 14:46:03 | 000,011,776 | —- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D — C:Windowswinsxsx86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6cngaudit.dll

[2008.10.29 11:20:29 | 002,923,520 | —- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE — C:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3explorer.exe
[2008.10.29 11:29:41 | 002,927,104 | —- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D — C:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8explorer.exe
[2008.10.30 08:59:17 | 002,927,616 | —- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E — C:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1explorer.exe
[2009.04.11 11:27:36 | 002,926,592 | —- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 — C:WindowsERDNTcacheexplorer.exe
[2009.04.11 11:27:36 | 002,926,592 | —- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 — C:Windowsexplorer.exe
[2009.04.11 11:27:36 | 002,926,592 | —- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 — C:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0bexplorer.exe
[2008.10.28 07:15:02 | 002,923,520 | —- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB — C:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990bexplorer.exe
[2008.01.21 07:34:05 | 002,927,104 | —- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F — C:Windowswinsxsx86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebfexplorer.exe

[2008.09.12 14:48:26 | 000,406,040 | —- | M] (Intel Corporation) MD5=756879FA65978DF948437CE3FD1EACCD — C:Program FilesIntelIntel Matrix Storage Managerdriver64IaStor.sys
[2008.09.12 14:32:56 | 000,327,192 | —- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 — C:Program FilesIntelIntel Matrix Storage ManagerdriverIaStor.sys
[2008.09.12 14:32:56 | 000,327,192 | —- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 — C:WindowsSystem32driversiaStor.sys
[2008.09.12 14:32:56 | 000,327,192 | —- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 — C:WindowsSystem32DriverStoreFileRepositoryiaahci.inf_3c4af4a0iaStor.sys

[2008.01.21 07:32:49 | 000,235,064 | —- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 — C:WindowsSystem32driversiaStorV.sys
[2008.01.21 07:32:49 | 000,235,064 | —- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 — C:WindowsSystem32DriverStoreFileRepositoryiastorv.inf_c9df7691iaStorV.sys
[2008.01.21 07:32:49 | 000,235,064 | —- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 — C:Windowswinsxsx86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8fiaStorV.sys
[2006.11.02 14:51:25 | 000,232,040 | —- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 — C:WindowsSystem32DriverStoreFileRepositoryiastorv.inf_37cdafa4iaStorV.sys

[2009.04.11 11:28:20 | 000,114,688 | —- | M] (Microsoft Corporation) MD5=C8BDCECEE082B54F0BAC838BF0A34597 — C:WindowsERDNTcacheimm32.dll
[2008.01.21 07:34:05 | 000,114,688 | —- | M] (Microsoft Corporation) MD5=EC17194A193CD8E90D27CFB93DFA9A2E — C:Windowswinsxsx86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02imm32.dll
[2009.04.11 11:28:20 | 000,114,688 | —- | M] (Microsoft Corporation) Unable to obtain MD5 — C:WindowsSystem32imm32.dll
[2009.04.11 11:28:20 | 000,114,688 | —- | M] (Microsoft Corporation) Unable to obtain MD5 — C:Windowswinsxsx86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84eimm32.dll

[2009.02.13 13:21:09 | 000,890,880 | —- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 — C:Windowswinsxsx86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67kernel32.dll
[2009.02.13 12:26:37 | 000,875,520 | —- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 — C:Windowswinsxsx86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529edkernel32.dll
[2009.02.13 12:13:01 | 000,875,520 | —- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 — C:Windowswinsxsx86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108kernel32.dll
[2009.04.11 11:28:20 | 000,891,392 | —- | M] (Microsoft Corporation) MD5=BB8509089E7DF514310814E1B2593FFC — C:WindowsERDNTcachekernel32.dll
[2009.02.13 13:49:05 | 000,888,832 | —- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 — C:Windowswinsxsx86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0kernel32.dll
[2008.01.21 07:33:52 | 000,888,320 | —- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD — C:Windowswinsxsx86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88aekernel32.dll
[2009.04.11 11:28:20 | 000,891,392 | —- | M] (Microsoft Corporation) Unable to obtain MD5 — C:WindowsSystem32kernel32.dll
[2009.04.11 11:28:20 | 000,891,392 | —- | M] (Microsoft Corporation) Unable to obtain MD5 — C:Windowswinsxsx86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fakernel32.dll

[2009.04.11 11:28:22 | 000,223,232 | —- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB — C:WindowsERDNTcachemswsock.dll
[2009.04.11 11:28:22 | 000,223,232 | —- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB — C:WindowsSystem32mswsock.dll
[2009.04.11 11:28:22 | 000,223,232 | —- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB — C:Windowswinsxsx86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89damswsock.dll
[2008.01.21 07:33:36 | 000,223,232 | —- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 — C:Windowswinsxsx86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8emswsock.dll

[2009.04.11 11:32:49 | 000,527,848 | —- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 — C:WindowsERDNTcachendis.sys
[2009.04.11 11:32:49 | 000,527,848 | —- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 — C:WindowsSystem32driversndis.sys
[2009.04.11 11:32:49 | 000,527,848 | —- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 — C:Windowswinsxsx86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864ndis.sys
[2008.01.21 07:33:22 | 000,529,464 | —- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 — C:Windowswinsxsx86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18ndis.sys

[2009.04.11 11:28:23 | 000,592,896 | —- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE — C:WindowsERDNTcachenetlogon.dll
[2009.04.11 11:28:23 | 000,592,896 | —- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE — C:WindowsSystem32netlogon.dll
[2009.04.11 11:28:23 | 000,592,896 | —- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE — C:Windowswinsxsx86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3netlogon.dll
[2008.01.21 07:33:41 | 000,592,384 | —- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F — C:Windowswinsxsx86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857netlogon.dll

[2009.04.11 11:32:49 | 001,083,880 | —- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 — C:WindowsERDNTcachentfs.sys
[2009.04.11 11:32:49 | 001,083,880 | —- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 — C:WindowsSystem32driversntfs.sys
[2009.04.11 11:32:49 | 001,083,880 | —- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 — C:Windowswinsxsx86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64dfntfs.sys
[2008.01.21 07:33:23 | 001,081,912 | —- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D — C:Windowswinsxsx86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993ntfs.sys

[2008.01.21 07:35:18 | 000,460,288 | —- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 — C:Windowswinsxsx86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007ntmssvc.dll

[2006.11.02 14:50:13 | 000,040,040 | —- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC — C:WindowsSystem32DriverStoreFileRepositorynvraid.inf_733654ffnvstor.sys
[2008.01.21 07:32:47 | 000,045,112 | —- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 — C:WindowsSystem32driversnvstor.sys
[2008.01.21 07:32:47 | 000,045,112 | —- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 — C:WindowsSystem32DriverStoreFileRepositorynvraid.inf_31c3d71dnvstor.sys
[2008.01.21 07:32:47 | 000,045,112 | —- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 — C:Windowswinsxsx86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467nvstor.sys

[2006.11.02 14:45:33 | 000,027,648 | —- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 — C:WindowsSystem32proquota.exe
[2006.11.02 14:45:33 | 000,027,648 | —- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 — C:Windowswinsxsx86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715proquota.exe

[2008.01.21 07:34:49 | 000,758,272 | —- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D — C:Windowswinsxsx86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8cqmgr.dll
[2009.04.11 11:28:23 | 000,758,784 | —- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F — C:WindowsERDNTcacheqmgr.dll
[2009.04.11 11:28:23 | 000,758,784 | —- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F — C:WindowsSystem32qmgr.dll
[2009.04.11 11:28:23 | 000,758,784 | —- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F — C:Windowswinsxsx86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8qmgr.dll

[2008.01.21 07:34:39 | 000,177,152 | —- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 — C:Windowswinsxsx86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12scecli.dll
[2009.04.11 11:28:24 | 000,177,152 | —- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 — C:WindowsERDNTcachescecli.dll
[2009.04.11 11:28:24 | 000,177,152 | —- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 — C:WindowsSystem32scecli.dll
[2009.04.11 11:28:24 | 000,177,152 | —- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 — C:Windowswinsxsx86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5escecli.dll

[2010.08.17 18:32:33 | 000,126,464 | —- | M] (Microsoft Corporation) MD5=3665F79026A3F91FBCA63F2C65A09B19 — C:Windowswinsxsx86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21spoolsv.exe
[2009.04.11 11:28:05 | 000,127,488 | —- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E — C:Windowswinsxsx86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062spoolsv.exe
[2008.01.21 07:34:33 | 000,125,952 | —- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 — C:Windowswinsxsx86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516spoolsv.exe
[2010.08.17 19:11:37 | 000,128,000 | —- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 — C:WindowsERDNTcachespoolsv.exe
[2010.08.17 19:11:37 | 000,128,000 | —- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 — C:WindowsSystem32spoolsv.exe
[2010.08.17 19:11:37 | 000,128,000 | —- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 — C:Windowswinsxsx86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2spoolsv.exe
[2010.08.17 19:20:09 | 000,128,000 | —- | M] (Microsoft Corporation) MD5=AAE98B295E88D439A6E0F6E8929424FB — C:Windowswinsxsx86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4cspoolsv.exe
[2010.08.17 18:27:48 | 000,128,000 | —- | M] (Microsoft Corporation) MD5=E807FC542C295BA256CE3567829E02A6 — C:Windowswinsxsx86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93spoolsv.exe

[2008.01.21 07:33:13 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF — C:WindowsERDNTcachesvchost.exe
[2008.01.21 07:33:13 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF — C:WindowsSystem32svchost.exe
[2008.01.21 07:33:13 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF — C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5svchost.exe

[2008.04.26 13:08:16 | 000,891,448 | —- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7tcpip.sys
[2009.04.11 11:33:02 | 000,897,000 | —- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42tcpip.sys
[2009.12.09 01:52:30 | 000,897,624 | —- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63tcpip.sys
[2009.08.16 02:30:53 | 000,816,640 | —- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF — C:Windowswinsxsx86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00tcpip.sys
[2009.08.14 22:01:55 | 000,900,168 | —- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850ftcpip.sys
[2010.02.18 16:51:51 | 000,818,688 | —- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 — C:Windowswinsxsx86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15btcpip.sys
[2010.02.18 19:49:38 | 000,898,952 | —- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5tcpip.sys
[2009.08.14 19:24:47 | 000,813,568 | —- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 — C:Windowswinsxsx86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4tcpip.sys
[2009.12.09 01:15:00 | 000,907,832 | —- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560dtcpip.sys
[2010.02.18 19:07:16 | 000,904,576 | —- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bectcpip.sys
[2010.02.18 17:05:37 | 000,815,104 | —- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 — C:Windowswinsxsx86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7tcpip.sys
[2009.12.09 01:37:09 | 000,900,696 | —- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54tcpip.sys
[2010.06.16 20:55:58 | 000,902,032 | —- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys
[2009.08.14 21:27:34 | 000,904,776 | —- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25ftcpip.sys
[2010.06.16 21:39:32 | 000,912,776 | —- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63tcpip.sys
[2010.06.16 20:59:54 | 000,898,952 | —- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10tcpip.sys
[2008.04.26 13:26:49 | 000,891,448 | —- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1tcpip.sys
[2009.12.08 22:58:13 | 000,813,568 | —- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 — C:Windowswinsxsx86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8tcpip.sys
[2009.08.14 22:07:56 | 000,897,608 | —- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3tcpip.sys
[2010.02.18 22:36:50 | 000,902,024 | —- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60tcpip.sys
[2010.06.16 21:04:57 | 000,905,088 | —- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF — C:WindowsERDNTcachetcpip.sys
[2010.06.16 21:04:57 | 000,905,088 | —- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF — C:WindowsSystem32driverstcpip.sys
[2010.06.16 21:04:57 | 000,905,088 | —- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22tcpip.sys
[2009.12.08 22:45:32 | 000,816,640 | —- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA — C:Windowswinsxsx86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692tcpip.sys
[2010.02.18 19:22:11 | 000,910,216 | —- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2tcpip.sys
[2009.12.09 01:01:08 | 000,904,776 | —- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325ctcpip.sys
[2008.01.21 07:34:55 | 000,891,448 | —- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6tcpip.sys
[2009.08.14 21:33:50 | 000,905,784 | —- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 — C:Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80tcpip.sys

[2009.04.11 11:28:24 | 000,449,024 | —- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D — C:WindowsERDNTcachetermsrv.dll
[2009.04.11 11:28:24 | 000,449,024 | —- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D — C:WindowsSystem32termsrv.dll
[2009.04.11 11:28:24 | 000,449,024 | —- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D — C:Windowswinsxsx86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2aetermsrv.dll
[2008.01.21 07:33:51 | 000,448,512 | —- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 — C:Windowswinsxsx86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762termsrv.dll

[2008.01.21 07:34:37 | 000,025,088 | —- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 — C:WindowsERDNTcacheuserinit.exe
[2008.01.21 07:34:37 | 000,025,088 | —- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 — C:WindowsSystem32userinit.exe
[2008.01.21 07:34:37 | 000,025,088 | —- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 — C:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80buserinit.exe

[2008.01.21 07:34:36 | 000,179,200 | —- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B — C:WindowsERDNTcachews2_32.dll
[2008.01.21 07:34:36 | 000,179,200 | —- | M] (Microsoft Corporation) Unable to obtain MD5 — C:WindowsSystem32ws2_32.dll
[2008.01.21 07:34:36 | 000,179,200 | —- | M] (Microsoft Corporation) Unable to obtain MD5 — C:Windowswinsxsx86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4ws2_32.dll

[2009.03.08 16:31:42 | 000,348,160 | —- | M] (Microsoft Corporation) Unable to obtain MD5 — C:WindowsSystem32dxtmsft.dll
[2009.03.08 16:31:37 | 000,216,064 | —- | M] (Microsoft Corporation) Unable to obtain MD5 — C:WindowsSystem32dxtrans.dll
[2009.04.11 11:27:47 | 000,241,128 | —- | M] (Microsoft Corporation) Unable to obtain MD5 — C:WindowsSystem32rsaenh.dll
[2009.04.11 11:28:23 | 000,228,352 | —- | M] (Microsoft Corporation) Unable to obtain MD5 — C:WindowsSystem32SLC.dll
[2 C:Windowssystem32*.tmp files -> C:Windowssystem32*.tmp -> ]

[2008.01.21 08:31:11 | 015,716,352 | —- | M] () — C:WindowsSystem32configCOMPONENTS.SAV
[2008.01.21 08:31:01 | 000,102,400 | —- | M] () — C:WindowsSystem32configDEFAULT.SAV
[2008.01.21 08:31:12 | 000,020,480 | —- | M] () — C:WindowsSystem32configSECURITY.SAV
[2006.11.02 15:34:08 | 010,133,504 | —- | M] () — C:WindowsSystem32configSOFTWARE.SAV
[2006.11.02 15:34:08 | 001,826,816 | —- | M] () — C:WindowsSystem32configSYSTEM.SAV

[2010.11.10 02:49:50 | 004,323,040 | —- | M] (Logitech Inc.) — C:WindowsSystem32driverslvuvc.sys

========== Alternate Data Streams ==========

@Alternate Data Stream — 144 bytes -> C:ProgramDataTemp:B623B5B8
@Alternate Data Stream — 131 bytes -> C:ProgramDataTemp:A42A9F39
@Alternate Data Stream — 130 bytes -> C:ProgramDataTemp:F880DE59
@Alternate Data Stream — 124 bytes -> C:ProgramDataTemp:5D7E5A8F
@Alternate Data Stream — 122 bytes -> C:ProgramDataTemp:793F316E
@Alternate Data Stream — 121 bytes -> C:ProgramDataTemp:7CACEF61
@Alternate Data Stream — 120 bytes -> C:ProgramDataTemp:4CF61E54
@Alternate Data Stream — 117 bytes -> C:ProgramDataTemp:F3176E45
@Alternate Data Stream — 117 bytes -> C:ProgramDataTemp:798A3728
@Alternate Data Stream — 116 bytes -> C:ProgramDataTemp:4D066AD2
@Alternate Data Stream — 109 bytes -> C:ProgramDataTemp:DAFD38AE
@Alternate Data Stream — 109 bytes -> C:ProgramDataTemp:AB689DEA
16 января, 2011 в 8:32 дп в ответ на: Троян и червь #31906
albash
Participant
- Темы:2
- Сообщений:20
Логи OTL:
OTL logfile created on: 16.01.2011 12:33:38 — Run 1
OTL by OldTimer — Version 3.2.20.2 Folder = C:UsersОбщий компьютерDesktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) — Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
Drive C: | 141,29 Gb Total Space | 81,25 Gb Free Space | 57,50% Space Free | Partition Type: NTFS
Drive F: | 141,29 Gb Total Space | 141,20 Gb Free Space | 99,93% Space Free | Partition Type: NTFS

Computer Name: ОБЩИЙ-ПК | User Name: Общий компьютер | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC — C:UsersОбщий компьютерDesktopOTL.exe (OldTimer Tools)
PRC — C:Program FilesMail.RuGuardGuardMailRu.exe ()
PRC — C:Program FilesLogitechVid HDVid.exe (Logitech Inc.)
PRC — C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe (Microsoft Corporation)
PRC — C:Program FilesMicrosoft Security Essentialsmsseces.exe (Microsoft Corporation)
PRC — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe (Google)
PRC — C:Program FilesCommon FileslogishrdLVMVFMLVPrcSrv.exe (Logitech Inc.)
PRC — C:Program FilesLogitechLWSWebcam SoftwareLWS.exe (Logitech Inc.)
PRC — C:Program FilesMicrosoft Security EssentialsMsMpEng.exe (Microsoft Corporation)
PRC — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (Google Inc.)
PRC — C:Program FilesPanda SecurityPanda Internet Security 2010ApVxdWin.exe (Panda Security, S.L.)
PRC — C:Program FilesPanda SecurityPanda Internet Security 2010pavsrvx86.exe (Panda Security, S.L.)
PRC — C:Program FilesPanda SecurityPanda Internet Security 2010AVENGINE.EXE (Panda Security, S.L.)
PRC — C:Program FilesPanda SecurityPanda Internet Security 2010psksvc.exe (Panda Security, S.L.)
PRC — C:Program FilesPanda SecurityPanda Internet Security 2010PsCtrlS.exe (Panda Security, S.L.)
PRC — C:Program FilesPanda SecurityPanda Internet Security 2010PavFnSvr.exe (Panda Security, S.L.)
PRC — C:Program FilesPanda SecurityPanda Internet Security 2010PavBckPT.exe (Panda Security, S.L.)
PRC — C:Program FilesPanda SecurityPanda Internet Security 2010WebProxy.exe (Panda Security, S.L.)
PRC — C:Program FilesPanda SecurityPanda Internet Security 2010TPSrv.exe (Panda Security, S.L.)
PRC — C:Windowsexplorer.exe (Microsoft Corporation)
PRC — c:Program FilesPanda SecurityPanda Internet Security 2010FIREWALLPSHost.exe (Panda Security International)
PRC — C:Program FilesRealtekAudioHDARtHDVCpl.exe (Realtek Semiconductor)
PRC — C:Program FilesHewlett-PackardHP Software Updatehpwuschd2.exe (Hewlett-Packard)
PRC — C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe (EgisTec Inc.)
PRC — C:Program FilesEgisTecMyWinLocker 3x86MWLService.exe (EgisTec Inc.)
PRC — C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe (EgisTec Inc.)
PRC — C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC — C:Program FilesIntelIntel Matrix Storage ManagerIAANTmon.exe (Intel Corporation)
PRC — C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe (Intel Corporation)
PRC — C:Program FilesHewlett-PackardDigital ImagingbinHpqSRmon.exe (Hewlett-Packard)
PRC — C:Program FilesPanda SecurityPanda Internet Security 2010SrvLoad.exe (Panda Security, S.L.)
PRC — C:Program FilesPanda SecurityPanda Internet Security 2010PsImSvc.exe (Panda Security S.L.)
PRC — C:Program FilesCommon FilesPanda SecurityPavShldPavPrSrv.exe (Panda Security, S.L.)
PRC — C:Program FilesIVT CorporationBlueSoleilBTNtService.exe ()
PRC — C:Program FilesIVT CorporationBlueSoleilStartSkysolSvc.exe ()
PRC — C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe ()
PRC — C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe (Hewlett-Packard)

========== Modules (SafeList) ==========

MOD — C:UsersОбщий компьютерDesktopOTL.exe (OldTimer Tools)
MOD — C:Windowswinsxsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3comctl32.dll (Microsoft Corporation)
MOD — C:Program FilesPanda SecurityPanda Internet Security 2010PavTrc.dll (Panda Security, S.L.)
MOD — C:Program FilesPanda SecurityPanda Internet Security 2010PavOEpl.dll (Panda Security, S.L.)
MOD — C:Program FilesCrypto ProCSPcpadvai.dll (Компания Крипто-Про)
MOD — C:Program FilesCrypto ProCSPdetoured.dll (Microsoft Corporation)
MOD — C:WindowsSystem32PavSHook.dll (Panda Security, S.L.)
MOD — C:WindowsSystem32PavLspHook.dll (Panda Security, S.L.)
MOD — C:WindowsSystem32SYSTOOLS.DLL (Panda Software)

========== Win32 Services (SafeList) ==========

SRV — (Guard.Mail.ru) — C:Program FilesMail.RuGuardGuardMailRu.exe ()
SRV — (fsssvc) — C:Program FilesWindows LiveFamily Safetyfsssvc.exe (Microsoft Corporation)
SRV — (wlcrasvc) — C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)
SRV — (SeaPort) — C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe (Microsoft Corporation)
SRV — (GoogleDesktopManager-051210-111108) — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe (Google)
SRV — (LVPrcSrv) — C:Program FilesCommon FilesLogishrdLVMVFMLVPrcSrv.exe (Logitech Inc.)
SRV — (MsMpSvc) — C:Program FilesMicrosoft Security EssentialsMsMpEng.exe (Microsoft Corporation)
SRV — (WPFFontCache_v0400) — C:WindowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe (Корпорация Майкрософт)
SRV — (clr_optimization_v4.0.30319_32) — C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)
SRV — (FontCache) — C:WindowsSystem32FntCache.dll (Microsoft Corporation)
SRV — (PAVSRV) — C:Program FilesPanda SecurityPanda Internet Security 2010pavsrvx86.exe (Panda Security, S.L.)
SRV — (PskSvcRetail) — C:Program FilesPanda SecurityPanda Internet Security 2010PskSvc.exe (Panda Security, S.L.)
SRV — (Panda Software Controller) — C:Program FilesPanda SecurityPanda Internet Security 2010PsCtrls.exe (Panda Security, S.L.)
SRV — (PAVFNSVR) — C:Program FilesPanda SecurityPanda Internet Security 2010PavFnSvr.exe (Panda Security, S.L.)
SRV — (cpcsp1) — C:Program FilesCrypto ProCSPcpcspi.dll (Компания Крипто-Про)
SRV — (hpqcxs08) — C:Program FilesHewlett-PackardDigital Imagingbinhpqcxs08.dll (Hewlett-Packard Co.)
SRV — (TPSrv) — C:Program FilesPanda SecurityPanda Internet Security 2010TPSrv.exe (Panda Security, S.L.)
SRV — (DFSR) — C:WindowsSystem32dfsr.exe (Корпорация Майкрософт)
SRV — (PSHost) — c:program filespanda securitypanda internet security 2010firewallPSHOST.EXE (Panda Security International)
SRV — (MWLService) — C:Program FilesEgisTecMyWinLocker 3×86\MWLService.exe ()
SRV — (NTISchedulerSvc) — C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV — (NTIBackupSvc) — C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV — (IAANTMON) Intel(R) — C:Program FilesIntelIntel Matrix Storage ManagerIAANTmon.exe (Intel Corporation)
SRV — (Gwmsrv) — C:Program FilesPanda SecurityPanda Internet Security 2010GWMsrv.dll (Panda Security, S.L.)
SRV — (PSIMSVC) — C:Program FilesPanda SecurityPanda Internet Security 2010PsImSvc.exe (Panda Security S.L.)
SRV — (PavPrSrv) — C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe (Panda Security, S.L.)
SRV — (WinDefend) — C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SRV — (BlueSoleil Hid Service) — C:Program FilesIVT CorporationBlueSoleilBTNtService.exe ()
SRV — (Start BT in service) — C:Program FilesIVT CorporationBlueSoleilStartSkysolSvc.exe ()

========== Driver Services (SafeList) ==========

DRV — (PavTPK.sys) — File not found
DRV — (PavSRK.sys) — File not found
DRV — (AvFlt) — File not found
DRV — (LVUVC) Logitech Webcam C100(UVC) — C:WindowsSystem32driverslvuvc.sys (Logitech Inc.)
DRV — (fssfltr) — C:WindowsSystem32driversfssfltr.sys (Microsoft Corporation)
DRV — (token) — C:WindowsSystem32driverseps2kt1.sys ()
DRV — (R5BaseSmc) — C:WindowsSystem32driverssmccard.sys (OEM)
DRV — (LVPr2Mon) — C:WindowsSystem32driversLVPr2Mon.sys ()
DRV — (nvlddmkm) — C:WindowsSystem32driversnvlddmkm.sys (NVIDIA Corporation)
DRV — (MpNWMon) — C:WindowsSystem32driversMpNWMon.sys (Microsoft Corporation)
DRV — (ComFiltr) — C:WindowsSystem32driversCOMFiltr.sys ()
DRV — (APPFLT) — C:WindowsSystem32driversAPPFLT.SYS (Panda Security, S.L.)
DRV — (NETIMFLT01060039) — C:WindowsSystem32driversneti1639.sys (Panda Security, S.L.)
DRV — (AmFSM) — C:WindowsSystem32driversamm8660.sys (Panda Security, S.L.)
DRV — (RTUSB) — C:WindowsSystem32driversrtUSB.sys (Компания «Актив»)
DRV — (RTIFDH) — C:WindowsSystem32driversrtIFDH.sys (Компания «Актив»)
DRV — (PavProc) — C:WindowsSystem32driversPavProc.sys (Panda Security, S.L.)
DRV — (pavboot) — C:Windowssystem32Driverspavboot.sys (Panda Security, S.L.)
DRV — (WNMFLT) — C:WindowsSystem32driverswnmflt.sys (Panda Security, S.L.)
DRV — (NETFLTDI) — C:WindowsSystem32driversNETFLTDI.SYS (Panda Security, S.L.)
DRV — (IDSFLT) — C:WindowsSystem32driversidsflt.sys (Panda Security, S.L.)
DRV — (DSAFLT) — C:WindowsSystem32driversdsaflt.sys (Panda Security, S.L.)
DRV — (NVHDA) — C:WindowsSystem32driversnvhda32v.sys (NVIDIA Corporation)
DRV — (CProCtrl) — C:WindowsSystem32driversCProCtrl.sys (Компания Крипто-Про)
DRV — (IntcAzAudAddService) Service for Realtek HD Audio (WDM) — C:WindowsSystem32driversRTKVHDA.sys (Realtek Semiconductor Corp.)
DRV — (e1yexpress) Intel(R) — C:WindowsSystem32driverse1y6032.sys (Intel Corporation)
DRV — (mwlPSDVDisk) — C:WindowsSystem32driversmwlPSDVDisk.sys (Egis Incorporated.)
DRV — (mwlPSDFilter) — C:WindowsSystem32driversmwlPSDFilter.sys (Egis Incorporated.)
DRV — (mwlPSDNServ) — C:WindowsSystem32driversmwlPSDNserv.sys (Egis Incorporated.)
DRV — (iaStor) — C:Windowssystem32DRIVERSiaStor.sys (Intel Corporation)
DRV — (FNETMON) — C:WindowsSystem32driversfnetmon.sys (Panda Security, S.L.)
DRV — (ShldDrv) — C:WindowsSystem32driversShlDrv51.sys (Panda Security, S.L.)
DRV — (NTIDrvr) — C:WindowsSystem32driversNTIDrvr.sys (NewTech Infosystems, Inc.)
DRV — (UBHelper) — C:WindowsSystem32driversUBHelper.sys (NewTech Infosystems Corporation)
DRV — (adpu320) — C:Windowssystem32driversadpu320.sys (Adaptec, Inc.)
DRV — (megasas) — C:Windowssystem32driversmegasas.sys (LSI Corporation)
DRV — (MegaSR) — C:Windowssystem32driversmegasr.sys (LSI Corporation, Inc.)
DRV — (adpu160m) — C:Windowssystem32driversadpu160m.sys (Adaptec, Inc.)
DRV — (SiSRaid4) — C:Windowssystem32driverssisraid4.sys (Silicon Integrated Systems)
DRV — (HpCISSs) — C:Windowssystem32drivershpcisss.sys (Hewlett-Packard Company)
DRV — (adpahci) — C:Windowssystem32driversadpahci.sys (Adaptec, Inc.)
DRV — (LSI_SAS) — C:Windowssystem32driverslsi_sas.sys (LSI Logic)
DRV — (ql2300) — C:Windowssystem32driversql2300.sys (QLogic Corporation)
DRV — (E1G60) Intel(R) — C:WindowsSystem32driversE1G60I32.sys (Корпорация Intel)
DRV — (arcsas) — C:Windowssystem32driversarcsas.sys (Adaptec, Inc.)
DRV — (iaStorV) — C:Windowssystem32driversiastorv.sys (Intel Corporation)
DRV — (vsmraid) — C:Windowssystem32driversvsmraid.sys (VIA Technologies Inc.,Ltd)
DRV — (ulsata2) — C:Windowssystem32driversulsata2.sys (Promise Technology, Inc.)
DRV — (LSI_FC) — C:Windowssystem32driverslsi_fc.sys (LSI Logic)
DRV — (arc) — C:Windowssystem32driversarc.sys (Adaptec, Inc.)
DRV — (elxstor) — C:Windowssystem32driverselxstor.sys (Emulex)
DRV — (LSI_SCSI) — C:Windowssystem32driverslsi_scsi.sys (LSI Logic)
DRV — (nvraid) — C:Windowssystem32driversnvraid.sys (NVIDIA Corporation)
DRV — (nvstor) — C:Windowssystem32driversnvstor.sys (NVIDIA Corporation)
DRV — (adp94xx) — C:Windowssystem32driversadp94xx.sys (Adaptec, Inc.)
DRV — (uliahci) — C:Windowssystem32driversuliahci.sys (ULi Electronics Inc.)
DRV — (viaide) — C:Windowssystem32driversviaide.sys (VIA Technologies, Inc.)
DRV — (cmdide) — C:Windowssystem32driverscmdide.sys (CMD Technology, Inc.)
DRV — (aliide) — C:Windowssystem32driversaliide.sys (Acer Laboratories Inc.)
DRV — (Btcsrusb) — C:WindowsSystem32driversbtcusb.sys (IVT Corporation.)
DRV — (BlueletSCOAudio) — C:WindowsSystem32driversBlueletSCOAudio.sys (IVT Corporation.)
DRV — (BlueletAudio) — C:WindowsSystem32driversblueletaudio.sys (IVT Corporation.)
DRV — (BT) — C:WindowsSystem32driversbtnetdrv.sys (IVT Corporation.)
DRV — (BTHidMgr) — C:WindowsSystem32DriversBTHidMgr.sys (IVT Corporation.)
DRV — (BTHidEnum) — C:WindowsSystem32Driversvbtenum.sys (IVT Corporation.)
DRV — (VcommMgr) — C:WindowsSystem32driversVCommMgr.sys (IVT Corporation.)
DRV — (VComm) — C:WindowsSystem32driversVComm.sys (IVT Corporation.)
DRV — (ql40xx) — C:Windowssystem32driversql40xx.sys (QLogic Corporation)
DRV — (UlSata) — C:Windowssystem32driversulsata.sys (Promise Technology, Inc.)
DRV — (nfrd960) — C:Windowssystem32driversnfrd960.sys (IBM Corporation)
DRV — (iirsp) — C:Windowssystem32driversiirsp.sys (Intel Corp./ICP vortex GmbH)
DRV — (aic78xx) — C:Windowssystem32driversdjsvs.sys (Adaptec, Inc.)
DRV — (iteraid) — C:Windowssystem32driversiteraid.sys (Integrated Technology Express, Inc.)
DRV — (iteatapi) — C:Windowssystem32driversiteatapi.sys (Integrated Technology Express, Inc.)
DRV — (Symc8xx) — C:Windowssystem32driverssymc8xx.sys (LSI Logic)
DRV — (Sym_u3) — C:Windowssystem32driverssym_u3.sys (LSI Logic)
DRV — (Mraid35x) — C:Windowssystem32driversmraid35x.sys (LSI Logic Corporation)
DRV — (Sym_hi) — C:Windowssystem32driverssym_hi.sys (LSI Logic)
DRV — (Brserid) Brother MFC Serial Port Interface Driver (WDM) — C:Windowssystem32driversbrserid.sys (Brother Industries Ltd.)
DRV — (BrUsbSer) — C:Windowssystem32driversbrusbser.sys (Brother Industries Ltd.)
DRV — (BrFiltUp) — C:Windowssystem32driversbrfiltup.sys (Brother Industries, Ltd.)
DRV — (BrFiltLo) — C:Windowssystem32driversbrfiltlo.sys (Brother Industries, Ltd.)
DRV — (BrSerWdm) — C:Windowssystem32driversbrserwdm.sys (Brother Industries Ltd.)
DRV — (BrUsbMdm) — C:Windowssystem32driversbrusbmdm.sys (Brother Industries Ltd.)
DRV — (ntrigdigi) — C:Windowssystem32driversntrigdigi.sys (N-trig Innovative Technologies)
DRV — (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) — C:WindowsSystem32driversssm_bus.sys (MCCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE — HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0419&s=1&o=vb32&d=1006&m=aspire_x3810

IE — HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0

IE — HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0

IE — HKUS-1-5-21-4185180753-1838458010-2851130701-1000SOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE — HKUS-1-5-21-4185180753-1838458010-2851130701-1000SOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE — HKUS-1-5-21-4185180753-1838458010-2851130701-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://yandex.ru/
IE — HKUS-1-5-21-4185180753-1838458010-2851130701-1000SOFTWAREMicrosoftInternet ExplorerMain,StartPageCache = 1
IE — HKUS-1-5-21-4185180753-1838458010-2851130701-1000..URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll (@Mail.Ru)
IE — HKUS-1-5-21-4185180753-1838458010-2851130701-1000SoftwareMicrosoftWindowsCurrentVersionInternet Settings: «ProxyEnable» = 0

O1 HOSTS File: ([2011.01.11 14:43:24 | 000,000,027 | —- | M]) — C:WindowsSystem32driversetchosts
O1 — Hosts: 127.0.0.1 localhost
O2 — BHO: (Search Helper) — {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} — C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll (Microsoft Corporation)
O2 — BHO: (MailRuBHO Class) — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll (@Mail.Ru)
O2 — BHO: (Windows Live Messenger Companion Helper) — {9FDDE16B-836F-4806-AB1F-1455CBEFF289} — C:Program FilesWindows LiveCompanioncompanioncore.dll (Microsoft Corporation)
O2 — BHO: (Google Toolbar Helper) — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
O2 — BHO: (Skype Plug-In) — {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O2 — BHO: (Google Toolbar Notifier BHO) — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.6.5805.1910swg.dll (Google Inc.)
O2 — BHO: (Bing Bar BHO) — {d2ce3e00-f94a-4740-988e-03dc2f38c34f} — C:Program FilesMSN ToolbarPlatform6.3.2322.0npwinext.dll (Microsoft Corporation)
O3 — HKLM..Toolbar: (Спутник@Mail.Ru) — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll (@Mail.Ru)
O3 — HKLM..Toolbar: (Google Toolbar) — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
O3 — HKLM..Toolbar: (@C:Program FilesMSN ToolbarPlatform6.3.2322.0npwinext.dll,-100) — {8dcb7100-df86-4384-8842-8fa844297b3f} — C:Program FilesMSN ToolbarPlatform6.3.2322.0npwinext.dll (Microsoft Corporation)
O3 — HKU.DEFAULT..ToolbarWebBrowser: (Google Toolbar) — {2318C2B1-4965-11D4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
O3 — HKUS-1-5-18..ToolbarWebBrowser: (Google Toolbar) — {2318C2B1-4965-11D4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
O3 — HKUS-1-5-21-4185180753-1838458010-2851130701-1000..ToolbarWebBrowser: (Спутник@Mail.Ru) — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll (@Mail.Ru)
O3 — HKUS-1-5-21-4185180753-1838458010-2851130701-1000..ToolbarWebBrowser: (Google Toolbar) — {2318C2B1-4965-11D4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
O4 — HKLM..Run: [APVXDWIN] C:Program FilesPanda SecurityPanda Internet Security 2010APVXDWIN.EXE (Panda Security, S.L.)
O4 — HKLM..Run: [EgisTecLiveUpdate] C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe (EgisTec Inc.)
O4 — HKLM..Run: [Google Desktop Search] C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe (Google)
O4 — HKLM..Run: [Guard.Mail.ru.gui] C:Program FilesMail.RuGuardGuardMailRu.exe ()
O4 — HKLM..Run: [HP Software Update] C:Program FilesHewlett-PackardHP Software Updatehpwuschd2.exe (Hewlett-Packard)
O4 — HKLM..Run: [hpqSRMon] C:Program FilesHewlett-PackardDigital ImagingbinHpqSRmon.exe (Hewlett-Packard)
O4 — HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe (Intel Corporation)
O4 — HKLM..Run: [LWS] C:Program FilesLogitechLWSWebcam SoftwareLWS.exe (Logitech Inc.)
O4 — HKLM..Run: [MSSE] C:Program FilesMicrosoft Security Essentialsmsseces.exe (Microsoft Corporation)
O4 — HKLM..Run: [mwlDaemon] C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe (EgisTec Inc.)
O4 — HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe (Realtek Semiconductor)
O4 — HKLM..Run: [SCANINICIO] C:Program FilesPanda SecurityPanda Internet Security 2010Inicio.exe (Panda Security, S.L.)
O4 — HKLM..Run: [Share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe (Hewlett-Packard)
O4 — HKLM..Run: [Skytel] C:Program FilesRealtekAudioHDASkyTel.exe (Realtek Semiconductor Corp.)
O4 — HKUS-1-5-21-4185180753-1838458010-2851130701-1000..Run: [CollaborationHost] C:WindowsSystem32p2phost.exe (Microsoft Corporation)
O4 — HKUS-1-5-21-4185180753-1838458010-2851130701-1000..Run: [Logitech Vid] C:Program FilesLogitechVid HDVid.exe (Logitech Inc.)
O4 — HKUS-1-5-21-4185180753-1838458010-2851130701-1000..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (Google Inc.)
O4 — Startup: C:UsersОбщий компьютерAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupLogitech . Регистрация Продукта.lnk = C:Program FilesLogitechEregeReg.exe (Leader Technologies/Logitech)
O6 — HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 — HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O7 — HKU.DEFAULTSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-18SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-19SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-20SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-21-4185180753-1838458010-2851130701-1000SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 — HKUS-1-5-21-4185180753-1838458010-2851130701-1000SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O8 — Extra context menu item: Google ВикиКомментарии… — C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 — Extra Button: @C:Program FilesWindows LiveCompanioncompanionlang.dll,-600 — {0000036B-C524-4050-81A0-243669A86B9F} — C:Program FilesWindows LiveCompanioncompanioncore.dll (Microsoft Corporation)
O9 — Extra Button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll (Microsoft Corporation)
O9 — Extra ‘Tools’ menuitem : @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 — {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll (Microsoft Corporation)
O9 — Extra Button: Skype Plug-In — {898EA8C8-E7FF-479B-8935-AEC46303B9E5} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O9 — Extra ‘Tools’ menuitem : Skype Plug-In — {898EA8C8-E7FF-479B-8935-AEC46303B9E5} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O15 — HKUS-1-5-21-4185180753-1838458010-2851130701-1000..Trusted Domains: localhost ([]http in Local intranet)
O15 — HKUS-1-5-21-4185180753-1838458010-2851130701-1000..Trusted Ranges: GD ([http] in Local intranet)
O16 — DPF: {0013C359-980C-4916-B47A-B313DDF56755} https://www.alfadirect.ru/ADSign/ADCrypto.cab (Alfa-Direct Signer Control)
O16 — DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 — DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 — DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 — DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 — DPF: {D27CDB6E-AE6D-91CF-96B8-744553240000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 — HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1
O18 — ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies)
O18 — ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O18 — ProtocolHandlerwlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} — C:Program FilesWindows LiveMailmailcomm.dll (Microsoft Corporation)
O18 — ProtocolHandlerwlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} — C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 — AppInit_DLLs: (C:PROGRA~1GoogleGOOGLE~1GoogleDesktopNetwork3.dll) — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopNetwork3.dll (Google)
O20 — HKLM Winlogon: Shell — (Explorer.exe) — C:Windowsexplorer.exe (Microsoft Corporation)
O20 — WinlogonNotifyavldr: DllName — avldr.dll — C:WindowsSystem32avldr.dll (Panda Security, S.L.)
O20 — WinlogonNotifycpcsp: DllName — C:Program FilesCrypto ProCSPcpcspi.dll — C:Program FilesCrypto ProCSPcpcspi.dll (Компания Крипто-Про)
O24 — Desktop WallPaper: C:UsersОбщий компьютерAppDataRoamingMicrosoftInternet ExplorerInternet Explorer Wallpaper.bmp
O24 — Desktop BackupWallPaper: C:UsersОбщий компьютерAppDataRoamingMicrosoftInternet ExplorerInternet Explorer Wallpaper.bmp
O28 — HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} — Reg Error: Key error. File not found
O30 — LSA: Security Packages — (cpssl) — C:WindowsSystem32cpssl.dll (Компания Крипто-Про)
O32 — HKLM CDRom: AutoRun — 1
O32 — AutoRun File — [2006.09.19 02:43:36 | 000,000,024 | —- | M] () — C:autoexec.bat — [ NTFS ]
O34 — HKLM BootExecute: (autocheck autochk *) — File not found
O35 — HKLM..comfile [open] — «%1» %*
O35 — HKLM..exefile [open] — «%1» %*
O37 — HKLM…com [@ = ComFile] — «%1» %*
O37 — HKLM…exe [@ = exefile] — «%1» %*

NetSvcs: FastUserSwitchingCompatibility — File not found
NetSvcs: Ias — File not found
NetSvcs: Nla — File not found
NetSvcs: Ntmssvc — File not found
NetSvcs: NWCWorkstation — File not found
NetSvcs: Nwsapagent — File not found
NetSvcs: SRService — File not found
NetSvcs: WmdmPmSp — File not found
NetSvcs: LogonHours — File not found
NetSvcs: PCAudit — File not found
NetSvcs: helpsvc — File not found
NetSvcs: uploadmgr — File not found

MsConfig — State: «services» — 0

SafeBootMin: AppMgmt — File not found
SafeBootMin: Base — Driver Group
SafeBootMin: Boot Bus Extender — Driver Group
SafeBootMin: Boot file system — Driver Group
SafeBootMin: File system — Driver Group
SafeBootMin: Filter — Driver Group
SafeBootMin: HelpSvc — Service
SafeBootMin: MsMpSvc — C:Program FilesMicrosoft Security EssentialsMsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS — File not found
SafeBootMin: PCI Configuration — Driver Group
SafeBootMin: PNP Filter — Driver Group
SafeBootMin: Primary disk — Driver Group
SafeBootMin: PskSvcRetail — C:Program FilesPanda SecurityPanda Internet Security 2010PskSvc.exe (Panda Security, S.L.)
SafeBootMin: R5BaseSmc — C:WindowsSystem32driverssmccard.sys (OEM)
SafeBootMin: sacsvr — Service
SafeBootMin: SCSI Class — Driver Group
SafeBootMin: System Bus Extender — Driver Group
SafeBootMin: token — C:WindowsSystem32driverseps2kt1.sys ()
SafeBootMin: WinDefend — C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} — Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} — CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} — DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} — Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} — Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} — Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} — Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} — PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} — SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} — System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} — Floppy disk drive
SafeBootMin: {50DD5230-BA8A-11D1-BF5D-0000F805F530} — Reg Error: Value error.
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} — Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} — IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} — Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} — Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} — SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} — SecurityDevices

SafeBootNet: AppMgmt — File not found
SafeBootNet: Base — Driver Group
SafeBootNet: Boot Bus Extender — Driver Group
SafeBootNet: Boot file system — Driver Group
SafeBootNet: File system — Driver Group
SafeBootNet: Filter — Driver Group
SafeBootNet: HelpSvc — Service
SafeBootNet: Messenger — Service
SafeBootNet: MsMpSvc — C:Program FilesMicrosoft Security EssentialsMsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper — Driver Group
SafeBootNet: NetBIOSGroup — Driver Group
SafeBootNet: NetDDEGroup — Driver Group
SafeBootNet: Network — Driver Group
SafeBootNet: NetworkProvider — Driver Group
SafeBootNet: NTDS — File not found
SafeBootNet: PCI Configuration — Driver Group
SafeBootNet: PNP Filter — Driver Group
SafeBootNet: PNP_TDI — Driver Group
SafeBootNet: Primary disk — Driver Group
SafeBootNet: R5BaseSmc — C:WindowsSystem32driverssmccard.sys (OEM)
SafeBootNet: rdsessmgr — Service
SafeBootNet: sacsvr — Service
SafeBootNet: SCSI Class — Driver Group
SafeBootNet: Streams Drivers — Driver Group
SafeBootNet: System Bus Extender — Driver Group
SafeBootNet: TDI — Driver Group
SafeBootNet: token — C:WindowsSystem32driverseps2kt1.sys ()
SafeBootNet: WinDefend — C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf — Driver
SafeBootNet: WudfUsbccidDriver — Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} — Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} — CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} — DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} — Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} — Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} — Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} — Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} — Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} — NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} — NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} — NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} — PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} — SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} — System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} — Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} — Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} — Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} — IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} — Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} — Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} — SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} — SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} — Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} —
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} — Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} — %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} — Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} — .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} — «%ProgramFiles%Windows MailWinMail.exe» OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} —
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} — DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} — Internet Explorer Help
ActiveX: {47B3BDBB-F2AE-4B55-95C8-921C25DB3B76} — .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} — Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} — Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} — Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} — Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} — MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} — Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} — .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} — regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} — C:Windowssystem32ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} — C:Windowssystem32Rundll32.exe C:Windowssystem32mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} — Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} — Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} — Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} — Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} — HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} — Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} — C:Windowssystem32unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} — C:Windowssystem32ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} — «C:WindowsSystem32rundll32.exe» «C:WindowsSystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm — C:WindowsSystem32ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm — C:WindowsSystem32l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg — C:WindowsSystem32mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo — C:WindowsSystem32vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 — C:WindowsSystem32vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid — C:WindowsSystem32iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS — C:WindowsSystem32ff_vfw.dll ()
Drivers32: vidc.i420 — C:WindowsSystem32lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID — C:WindowsSystem32xvidvfw.dll ()
Drivers32: VIDC.YV12 — C:WindowsSystem32yv12vfw.dll (http://www.helixcommunity.org)
11 января, 2011 в 9:54 дп в ответ на: Троян и червь #31903
albash
Participant
- Темы:2
- Сообщений:20
Здравствуйте. лог Combofix:
ComboFix 11-01-10.07 — Общий компьютер 11.01.2011 14:33:14.1.2 — x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1251.7.1049.18.2046.916 [GMT 5:00]
Running from: c:usersОбщий компьютерDesktopComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Panda Internet Security 2010 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2010 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Panda Internet Security 2010 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:program files\setup.exe
c:program filesSetup.exe
c:usersОбщий компьютерAppDataRoaming.#

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 09:43 . 2011-01-11 09:43

d

w- c:usersDefaultAppDataLocaltemp
2011-01-11 09:03 . 2010-11-10 04:33 6273872 —-a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{7F402425-31C9-468E-B678-69386F841A22}mpengine.dll
2011-01-08 13:10 . 2011-01-08 13:10

d

w- c:program filesCommon FilesSkype
2011-01-04 10:10 . 2011-01-04 10:10

d

w- c:program filesMicrosoft CAPICOM 2.1.0.2
2011-01-03 13:19 . 2011-01-03 13:19

d

w- c:programdataLogiShrd
2011-01-03 13:17 . 2011-01-03 13:17

d

w- c:usersОбщий компьютерAppDataLocalLogiShrd
2011-01-03 13:15 . 2011-01-03 13:15

d

w- c:usersОбщий компьютерAppDataRoamingLeadertech
2011-01-03 13:15 . 2011-01-03 13:15 53248 —-a-r- c:usersОбщий компьютерAppDataRoamingMicrosoftInstaller{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}ARPPRODUCTICON.exe
2011-01-03 13:15 . 2011-01-11 08:57

d

w- c:windowssystem32logishrd
2011-01-03 13:15 . 2011-01-03 13:15

d

w- c:programdataLogitech
2011-01-03 13:14 . 2011-01-03 13:14

d

w- c:program filesCommon FilesLWS
2011-01-03 13:14 . 2011-01-03 13:16

d

w- c:program filesLogitech
2011-01-03 13:01 . 2011-01-03 13:16

d

w- c:program filesCommon Fileslogishrd
2010-12-28 05:27 . 2010-12-28 05:27

d

w- c:usersОбщий компьютерAppDataRoamingPeerNetworking
2010-12-23 17:24 . 2010-12-23 17:24

d

w- c:programdataGuard.Mail.Ru
2010-12-16 04:57 . 2010-10-18 13:37 81920 —-a-w- c:windowssystem32consent.exe
2010-12-16 04:56 . 2010-10-28 13:20 2048 —-a-w- c:windowssystem32tzres.dll
2010-12-16 04:55 . 2010-11-03 10:51 2409784 —-a-w- c:program filesWindows MailOESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-03 13:15 . 2011-01-03 13:15 53248 —-a-r- c:usersОбщий компьютерAppDataRoamingMicrosoftInstaller{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}ARPPRODUCTICON.exe
2011-01-03 13:15 . 2011-01-03 13:15 53248 —-a-r- c:usersОбщий компьютерAppDataRoamingMicrosoftInstaller{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}ARPPRODUCTICON.exe
2010-11-12 13:53 . 2010-05-04 14:18 472808 —-a-w- c:windowssystem32deployJava1.dll
2010-11-10 04:33 . 2010-08-26 03:23 6273872 —-a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll
2010-11-09 21:49 . 2010-11-09 21:49 4323040 —-a-w- c:windowssystem32driverslvuvc.sys
2010-11-09 21:49 . 2010-11-09 21:49 539232 —-a-w- c:windowssystem32LVUI2RC.dll
2010-11-09 21:49 . 2010-11-09 21:49 543328 —-a-w- c:windowssystem32LVUI2.dll
2010-11-09 21:47 . 2010-11-09 21:47 195168 —-a-w- c:windowssystem32lvci13101216.dll
2010-11-09 21:47 . 2010-11-09 21:47 416352 —-a-w- c:windowssystem32lvcodec2.dll
2010-11-09 21:45 . 2010-11-09 21:45 102744 —-a-w- c:windowssystem32LogiDPPApp.exe
2010-11-09 21:45 . 2010-11-09 21:45 10871128 —-a-w- c:windowssystem32LogiDPP.dll
2010-11-09 21:45 . 2010-11-09 21:45 316248 —-a-w- c:windowssystem32DevManagerCore.dll
2010-10-19 20:51 . 2009-12-21 04:50 222080

w- c:windowssystem32MpSigStub.exe
2010-10-18 08:00 . 2010-11-03 11:33 108032 —-a-w- c:windowssystem32ff_vfw.dll
2010-05-28 12:40 . 2010-05-28 12:40 3091968 —-a-w- c:program filesopenofficeorg32.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 —-a-w- c:program filesinstmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 —-a-w- c:program filesinstmsia.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersegisPSDP]
@=»{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}»
[HKEY_CLASSES_ROOTCLSID{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 08:05 40496 —-a-w- c:program filesEgisTecMyWinLocker 3x86PSDProtect.dll

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-11-28 68856]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2009-04-11 1233920]
«msnmsgr»=»c:program filesWindows LiveMessengermsnmsgr.exe» [2010-09-22 4240760]
«WMPNSCFG»=»c:program filesWindows Media PlayerWMPNSCFG.exe» [2008-01-21 202240]
«CollaborationHost»=»c:windowssystem32p2phost.exe» [2008-01-21 192000]
«Logitech Vid»=»c:program filesLogitechVid HDVid.exe» [2010-10-29 5915480]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2011-01-03 15028104]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IAAnotif»=»c:program filesIntelIntel Matrix Storage Manageriaanotif.exe» [2008-09-12 182808]
«RtHDVCpl»=»c:program filesRealtekAudioHDARtHDVCpl.exe» [2009-03-10 6957600]
«Google Desktop Search»=»c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe» [2010-07-25 30192]
«EgisTecLiveUpdate»=»c:program filesEgisTec Egis Software UpdateEgisUpdate.exe» [2008-10-27 199464]
«mwlDaemon»=»c:program filesEgisTecMyWinLocker 3x86mwlDaemon.exe» [2008-10-27 346672]
«APVXDWIN»=»c:program filesPanda SecurityPanda Internet Security 2010APVXDWIN.EXE» [2009-09-25 906496]
«SCANINICIO»=»c:program filesPanda SecurityPanda Internet Security 2010Inicio.exe» [2009-08-12 56064]
«Skytel»=»c:program filesRealtekAudioHDASkytel.exe» [2009-03-10 1833504]
«Share-to-Web Namespace Daemon»=»c:program filesHewlett-PackardHP Share-to-Webhpgs2wnd.exe» [2002-04-17 69632]
«hpqSRMon»=»c:program filesHewlett-PackardDigital ImagingbinhpqSRMon.exe» [2008-08-20 150016]
«HP Software Update»=»c:program filesHewlett-PackardHP Software UpdateHPWuSchd2.exe» [2008-12-08 54576]
«MSSE»=»c:program filesMicrosoft Security Essentialsmsseces.exe» [2010-09-14 1094224]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-05-14 248552]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2010-09-22 35760]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2010-09-20 932288]
«Guard.Mail.ru.gui»=»c:program filesMail.RuGuardGuardMailRu.exe» [2010-12-23 1041088]
«LWS»=»c:program filesLogitechLWSWebcam SoftwareLWS.exe» [2010-05-07 165208]

c:usersЋЎйЁ© Є®¬ЇмовҐаAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Logitech . ђҐЈЁбва жЁп Џа®¤гЄв .lnk — c:program filesLogitechEregeReg.exe [2009-11-16 517384]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
Њ®Ёв®а ЂЏ‘-ЏҐз вм.lnk — h:bp6RSPrintPrintMon.exe [N/A]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableUIADesktopToggle»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavldr]
2008-03-18 11:58 58672 —-a-w- c:windowsSystem32avldr.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifycpcsp]
2009-07-29 04:47 717824 —-a-w- c:program filesCrypto ProCSPcpcspi.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:progra~1GoogleGOOGLE~1GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«mixer6″=wdmaud.drv

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 wdigest tspkg cpssl

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]
@=»Service»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalR5BaseSmc]
@=»»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSCardSvr]
@=»»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaltoken]
@=»»

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
@=»»

R1 aatksjzf;aatksjzf;c:windowssystem32driversaatksjzf.sys [x]
R1 abrqfgyd;abrqfgyd;c:windowssystem32driversabrqfgyd.sys [x]
R1 acbmeiun;acbmeiun;c:windowssystem32driversacbmeiun.sys [x]
R1 acejoghr;acejoghr;c:windowssystem32driversacejoghr.sys [x]
R1 acipanif;acipanif;c:windowssystem32driversacipanif.sys [x]
R1 aeqvvcmr;aeqvvcmr;c:windowssystem32driversaeqvvcmr.sys [x]
R1 aitmohax;aitmohax;c:windowssystem32driversaitmohax.sys [x]
R1 alejpbzl;alejpbzl;c:windowssystem32driversalejpbzl.sys [x]
R1 alpbmjcf;alpbmjcf;c:windowssystem32driversalpbmjcf.sys [x]
R1 anhtuzog;anhtuzog;c:windowssystem32driversanhtuzog.sys [x]
R1 aoftixqm;aoftixqm;c:windowssystem32driversaoftixqm.sys [x]
R1 aotupanc;aotupanc;c:windowssystem32driversaotupanc.sys [x]
R1 atbexzho;atbexzho;c:windowssystem32driversatbexzho.sys [x]
R1 atvfxbzn;atvfxbzn;c:windowssystem32driversatvfxbzn.sys [x]
R1 awxsrvva;awxsrvva;c:windowssystem32driversawxsrvva.sys [x]
R1 axuuvqef;axuuvqef;c:windowssystem32driversaxuuvqef.sys [x]
R1 aytplndr;aytplndr;c:windowssystem32driversaytplndr.sys [x]
R1 azmdbhwx;azmdbhwx;c:windowssystem32driversazmdbhwx.sys [x]
R1 bbtpsyfr;bbtpsyfr;c:windowssystem32driversbbtpsyfr.sys [x]
R1 bcidwhou;bcidwhou;c:windowssystem32driversbcidwhou.sys [x]
R1 bgsmmbsc;bgsmmbsc;c:windowssystem32driversbgsmmbsc.sys [x]
R1 bqbxdjmt;bqbxdjmt;c:windowssystem32driversbqbxdjmt.sys [x]
R1 bqhycprx;bqhycprx;c:windowssystem32driversbqhycprx.sys [x]
R1 brhcvzbf;brhcvzbf;c:windowssystem32driversbrhcvzbf.sys [x]
R1 bsjaimrf;bsjaimrf;c:windowssystem32driversbsjaimrf.sys [x]
R1 btjbbssp;btjbbssp;c:windowssystem32driversbtjbbssp.sys [x]
R1 bubiasay;bubiasay;c:windowssystem32driversbubiasay.sys [x]
R1 bxrnwnny;bxrnwnny;c:windowssystem32driversbxrnwnny.sys [x]
R1 byjdvhzh;byjdvhzh;c:windowssystem32driversbyjdvhzh.sys [x]
R1 bylzosep;bylzosep;c:windowssystem32driversbylzosep.sys [x]
R1 bymmbyxi;bymmbyxi;c:windowssystem32driversbymmbyxi.sys [x]
R1 bzqtzjbi;bzqtzjbi;c:windowssystem32driversbzqtzjbi.sys [x]
R1 cefofiee;cefofiee;c:windowssystem32driverscefofiee.sys [x]
R1 cfsazvnn;cfsazvnn;c:windowssystem32driverscfsazvnn.sys [x]
R1 cndlmavp;cndlmavp;c:windowssystem32driverscndlmavp.sys [x]
R1 coigdlwv;coigdlwv;c:windowssystem32driverscoigdlwv.sys [x]
R1 cphuhgif;cphuhgif;c:windowssystem32driverscphuhgif.sys [x]
R1 ctywrpdm;ctywrpdm;c:windowssystem32driversctywrpdm.sys [x]
R1 cwfalzch;cwfalzch;c:windowssystem32driverscwfalzch.sys [x]
R1 cxtlmqyh;cxtlmqyh;c:windowssystem32driverscxtlmqyh.sys [x]
R1 dbmbwhpe;dbmbwhpe;c:windowssystem32driversdbmbwhpe.sys [x]
R1 ddikyqhp;ddikyqhp;c:windowssystem32driversddikyqhp.sys [x]
R1 dgxpqedg;dgxpqedg;c:windowssystem32driversdgxpqedg.sys [x]
R1 dgyqgatp;dgyqgatp;c:windowssystem32driversdgyqgatp.sys [x]
R1 diaflwqh;diaflwqh;c:windowssystem32driversdiaflwqh.sys [x]
R1 dkuaflna;dkuaflna;c:windowssystem32driversdkuaflna.sys [x]
R1 dltxvnqk;dltxvnqk;c:windowssystem32driversdltxvnqk.sys [x]
R1 dmiulizo;dmiulizo;c:windowssystem32driversdmiulizo.sys [x]
R1 donzuqdt;donzuqdt;c:windowssystem32driversdonzuqdt.sys [x]
R1 dujxocev;dujxocev;c:windowssystem32driversdujxocev.sys [x]
R1 dvwnhqor;dvwnhqor;c:windowssystem32driversdvwnhqor.sys [x]
R1 eakwgpou;eakwgpou;c:windowssystem32driverseakwgpou.sys [x]
R1 eevsksml;eevsksml;c:windowssystem32driverseevsksml.sys [x]
R1 efjjypxs;efjjypxs;c:windowssystem32driversefjjypxs.sys [x]
R1 efwrpwmu;efwrpwmu;c:windowssystem32driversefwrpwmu.sys [x]
R1 ehfnlbsq;ehfnlbsq;c:windowssystem32driversehfnlbsq.sys [x]
R1 eidougqr;eidougqr;c:windowssystem32driverseidougqr.sys [x]
R1 eilkguuw;eilkguuw;c:windowssystem32driverseilkguuw.sys [x]
R1 ejkooqsa;ejkooqsa;c:windowssystem32driversejkooqsa.sys [x]
R1 ekvpogxj;ekvpogxj;c:windowssystem32driversekvpogxj.sys [x]
R1 ekwztbum;ekwztbum;c:windowssystem32driversekwztbum.sys [x]
R1 enuoasje;enuoasje;c:windowssystem32driversenuoasje.sys [x]
R1 eqaqkjim;eqaqkjim;c:windowssystem32driverseqaqkjim.sys [x]
R1 eqxfonpl;eqxfonpl;c:windowssystem32driverseqxfonpl.sys [x]
R1 errumlez;errumlez;c:windowssystem32driverserrumlez.sys [x]
R1 esasovqg;esasovqg;c:windowssystem32driversesasovqg.sys [x]
R1 esycgabw;esycgabw;c:windowssystem32driversesycgabw.sys [x]
R1 fcfydytc;fcfydytc;c:windowssystem32driversfcfydytc.sys [x]
R1 fdbwmcpi;fdbwmcpi;c:windowssystem32driversfdbwmcpi.sys [x]
R1 fdsdzupx;fdsdzupx;c:windowssystem32driversfdsdzupx.sys [x]
R1 fgivbtnq;fgivbtnq;c:windowssystem32driversfgivbtnq.sys [x]
R1 fhllpztt;fhllpztt;c:windowssystem32driversfhllpztt.sys [x]
R1 fizssudi;fizssudi;c:windowssystem32driversfizssudi.sys [x]
R1 fngnvxll;fngnvxll;c:windowssystem32driversfngnvxll.sys [x]
R1 freytfbq;freytfbq;c:windowssystem32driversfreytfbq.sys [x]
R1 fureaasy;fureaasy;c:windowssystem32driversfureaasy.sys [x]
R1 fvbwzkkp;fvbwzkkp;c:windowssystem32driversfvbwzkkp.sys [x]
R1 fvlqrhpt;fvlqrhpt;c:windowssystem32driversfvlqrhpt.sys [x]
R1 fyidhqov;fyidhqov;c:windowssystem32driversfyidhqov.sys [x]
R1 gaytihvd;gaytihvd;c:windowssystem32driversgaytihvd.sys [x]
R1 gogdsdmo;gogdsdmo;c:windowssystem32driversgogdsdmo.sys [x]
R1 gprteagp;gprteagp;c:windowssystem32driversgprteagp.sys [x]
R1 gqeejjtb;gqeejjtb;c:windowssystem32driversgqeejjtb.sys [x]
R1 gscdthoz;gscdthoz;c:windowssystem32driversgscdthoz.sys [x]
R1 gzhwuqvk;gzhwuqvk;c:windowssystem32driversgzhwuqvk.sys [x]
R1 gztqehrp;gztqehrp;c:windowssystem32driversgztqehrp.sys [x]
R1 haffqyqv;haffqyqv;c:windowssystem32drivershaffqyqv.sys [x]
R1 hbnvknit;hbnvknit;c:windowssystem32drivershbnvknit.sys [x]
R1 hcyhzuhj;hcyhzuhj;c:windowssystem32drivershcyhzuhj.sys [x]
R1 hffabfxo;hffabfxo;c:windowssystem32drivershffabfxo.sys [x]
R1 hgqnqluw;hgqnqluw;c:windowssystem32drivershgqnqluw.sys [x]
R1 hmmmlata;hmmmlata;c:windowssystem32drivershmmmlata.sys [x]
R1 hnetxblh;hnetxblh;c:windowssystem32drivershnetxblh.sys [x]
R1 hpqtoyod;hpqtoyod;c:windowssystem32drivershpqtoyod.sys [x]
R1 hqbngjah;hqbngjah;c:windowssystem32drivershqbngjah.sys [x]
R1 hqiqgtqi;hqiqgtqi;c:windowssystem32drivershqiqgtqi.sys [x]
R1 hqugyugt;hqugyugt;c:windowssystem32drivershqugyugt.sys [x]
R1 hqzoraoc;hqzoraoc;c:windowssystem32drivershqzoraoc.sys [x]
R1 hvpjrtbv;hvpjrtbv;c:windowssystem32drivershvpjrtbv.sys [x]
R1 iayzuuru;iayzuuru;c:windowssystem32driversiayzuuru.sys [x]
R1 idianbud;idianbud;c:windowssystem32driversidianbud.sys [x]
R1 idzvgyqx;idzvgyqx;c:windowssystem32driversidzvgyqx.sys [x]
R1 ieqdlapz;ieqdlapz;c:windowssystem32driversieqdlapz.sys [x]
R1 ieumuczk;ieumuczk;c:windowssystem32driversieumuczk.sys [x]
R1 iffsabmm;iffsabmm;c:windowssystem32driversiffsabmm.sys [x]
R1 iganksje;iganksje;c:windowssystem32driversiganksje.sys [x]
R1 igokxigz;igokxigz;c:windowssystem32driversigokxigz.sys [x]
R1 ihlnrsxw;ihlnrsxw;c:windowssystem32driversihlnrsxw.sys [x]
R1 imlgogyn;imlgogyn;c:windowssystem32driversimlgogyn.sys [x]
R1 iowcrjrp;iowcrjrp;c:windowssystem32driversiowcrjrp.sys [x]
R1 isbhwhxo;isbhwhxo;c:windowssystem32driversisbhwhxo.sys [x]
R1 ivhuhxge;ivhuhxge;c:windowssystem32driversivhuhxge.sys [x]
R1 jaetqehf;jaetqehf;c:windowssystem32driversjaetqehf.sys [x]
R1 jdvhvzgn;jdvhvzgn;c:windowssystem32driversjdvhvzgn.sys [x]
R1 jmzuwuuo;jmzuwuuo;c:windowssystem32driversjmzuwuuo.sys [x]
R1 jnbmxsjy;jnbmxsjy;c:windowssystem32driversjnbmxsjy.sys [x]
R1 jsklditq;jsklditq;c:windowssystem32driversjsklditq.sys [x]
R1 jtwypmkj;jtwypmkj;c:windowssystem32driversjtwypmkj.sys [x]
R1 jwdvlagf;jwdvlagf;c:windowssystem32driversjwdvlagf.sys [x]
R1 jwkyqtum;jwkyqtum;c:windowssystem32driversjwkyqtum.sys [x]
R1 jxzhrvla;jxzhrvla;c:windowssystem32driversjxzhrvla.sys [x]
R1 jynozbbb;jynozbbb;c:windowssystem32driversjynozbbb.sys [x]
R1 jyqrhxej;jyqrhxej;c:windowssystem32driversjyqrhxej.sys [x]
R1 kejwwrbu;kejwwrbu;c:windowssystem32driverskejwwrbu.sys [x]
R1 klakawzg;klakawzg;c:windowssystem32driversklakawzg.sys [x]
R1 klgkhivm;klgkhivm;c:windowssystem32driversklgkhivm.sys [x]
R1 kmbhlagz;kmbhlagz;c:windowssystem32driverskmbhlagz.sys [x]
R1 kmveivqg;kmveivqg;c:windowssystem32driverskmveivqg.sys [x]
R1 knlxtreg;knlxtreg;c:windowssystem32driversknlxtreg.sys [x]
R1 kqnckoqq;kqnckoqq;c:windowssystem32driverskqnckoqq.sys [x]
R1 krewdlfi;krewdlfi;c:windowssystem32driverskrewdlfi.sys [x]
R1 ksgblcjx;ksgblcjx;c:windowssystem32driversksgblcjx.sys [x]
R1 ktnoennw;ktnoennw;c:windowssystem32driversktnoennw.sys [x]
R1 kxhgjyet;kxhgjyet;c:windowssystem32driverskxhgjyet.sys [x]
R1 kzveidaj;kzveidaj;c:windowssystem32driverskzveidaj.sys [x]
R1 laiufytq;laiufytq;c:windowssystem32driverslaiufytq.sys [x]
R1 lczjgfhi;lczjgfhi;c:windowssystem32driverslczjgfhi.sys [x]
R1 lfvbpqlh;lfvbpqlh;c:windowssystem32driverslfvbpqlh.sys [x]
R1 lkarqfvj;lkarqfvj;c:windowssystem32driverslkarqfvj.sys [x]
R1 lvhfdujb;lvhfdujb;c:windowssystem32driverslvhfdujb.sys [x]
R1 lvrsnmra;lvrsnmra;c:windowssystem32driverslvrsnmra.sys [x]
R1 lwqixjeo;lwqixjeo;c:windowssystem32driverslwqixjeo.sys [x]
R1 lwzvxtve;lwzvxtve;c:windowssystem32driverslwzvxtve.sys [x]
R1 lxryrkpn;lxryrkpn;c:windowssystem32driverslxryrkpn.sys [x]
R1 lznkwpkc;lznkwpkc;c:windowssystem32driverslznkwpkc.sys [x]
R1 mggmngcr;mggmngcr;c:windowssystem32driversmggmngcr.sys [x]
R1 miwkbueh;miwkbueh;c:windowssystem32driversmiwkbueh.sys [x]
R1 mkihfbkt;mkihfbkt;c:windowssystem32driversmkihfbkt.sys [x]
R1 mkjojxaq;mkjojxaq;c:windowssystem32driversmkjojxaq.sys [x]
R1 mkncivjr;mkncivjr;c:windowssystem32driversmkncivjr.sys [x]
R1 mlctwxlm;mlctwxlm;c:windowssystem32driversmlctwxlm.sys [x]
R1 mpawwhsx;mpawwhsx;c:windowssystem32driversmpawwhsx.sys [x]
R1 mpwsoqhj;mpwsoqhj;c:windowssystem32driversmpwsoqhj.sys [x]
R1 mskxhnya;mskxhnya;c:windowssystem32driversmskxhnya.sys [x]
R1 mvjtogda;mvjtogda;c:windowssystem32driversmvjtogda.sys [x]
R1 mwvcvsmd;mwvcvsmd;c:windowssystem32driversmwvcvsmd.sys [x]
R1 mxkdudoe;mxkdudoe;c:windowssystem32driversmxkdudoe.sys [x]
R1 mxnzlfyl;mxnzlfyl;c:windowssystem32driversmxnzlfyl.sys [x]
R1 myuxbdtk;myuxbdtk;c:windowssystem32driversmyuxbdtk.sys [x]
R1 najbglvg;najbglvg;c:windowssystem32driversnajbglvg.sys [x]
R1 nbbmyosw;nbbmyosw;c:windowssystem32driversnbbmyosw.sys [x]
R1 nbiwgjdq;nbiwgjdq;c:windowssystem32driversnbiwgjdq.sys [x]
R1 nbozuaso;nbozuaso;c:windowssystem32driversnbozuaso.sys [x]
R1 nhsedhkh;nhsedhkh;c:windowssystem32driversnhsedhkh.sys [x]
R1 nkkxbmyp;nkkxbmyp;c:windowssystem32driversnkkxbmyp.sys [x]
R1 nkybroxs;nkybroxs;c:windowssystem32driversnkybroxs.sys [x]
R1 nnlszqob;nnlszqob;c:windowssystem32driversnnlszqob.sys [x]
R1 nuaqhgyd;nuaqhgyd;c:windowssystem32driversnuaqhgyd.sys [x]
R1 nxklmxkz;nxklmxkz;c:windowssystem32driversnxklmxkz.sys [x]
R1 oagdongv;oagdongv;c:windowssystem32driversoagdongv.sys [x]
R1 oaixvntl;oaixvntl;c:windowssystem32driversoaixvntl.sys [x]
R1 ocgwakwa;ocgwakwa;c:windowssystem32driversocgwakwa.sys [x]
R1 oeeckuki;oeeckuki;c:windowssystem32driversoeeckuki.sys [x]
R1 oehrdddh;oehrdddh;c:windowssystem32driversoehrdddh.sys [x]
R1 ogmiwfoh;ogmiwfoh;c:windowssystem32driversogmiwfoh.sys [x]
R1 oteumqwh;oteumqwh;c:windowssystem32driversoteumqwh.sys [x]
R1 otktpmqx;otktpmqx;c:windowssystem32driversotktpmqx.sys [x]
R1 pafrqmpe;pafrqmpe;c:windowssystem32driverspafrqmpe.sys [x]
R1 pahbmmhx;pahbmmhx;c:windowssystem32driverspahbmmhx.sys [x]
R1 pdltmxeu;pdltmxeu;c:windowssystem32driverspdltmxeu.sys [x]
R1 pepoclzz;pepoclzz;c:windowssystem32driverspepoclzz.sys [x]
R1 phmwgmng;phmwgmng;c:windowssystem32driversphmwgmng.sys [x]
R1 piyqdjog;piyqdjog;c:windowssystem32driverspiyqdjog.sys [x]
R1 pjdonhme;pjdonhme;c:windowssystem32driverspjdonhme.sys [x]
R1 plltqkbi;plltqkbi;c:windowssystem32driversplltqkbi.sys [x]
R1 pndvqwva;pndvqwva;c:windowssystem32driverspndvqwva.sys [x]
R1 posdnnth;posdnnth;c:windowssystem32driversposdnnth.sys [x]
R1 ppspouac;ppspouac;c:windowssystem32driversppspouac.sys [x]
R1 pwslvwth;pwslvwth;c:windowssystem32driverspwslvwth.sys [x]
R1 pxvkangc;pxvkangc;c:windowssystem32driverspxvkangc.sys [x]
R1 pyidrukl;pyidrukl;c:windowssystem32driverspyidrukl.sys [x]
R1 pzuyxxqf;pzuyxxqf;c:windowssystem32driverspzuyxxqf.sys [x]
R1 qajnvodv;qajnvodv;c:windowssystem32driversqajnvodv.sys [x]
R1 qenavxvl;qenavxvl;c:windowssystem32driversqenavxvl.sys [x]
R1 qgbbkada;qgbbkada;c:windowssystem32driversqgbbkada.sys [x]
R1 qgqysdqe;qgqysdqe;c:windowssystem32driversqgqysdqe.sys [x]
R1 qhgitbff;qhgitbff;c:windowssystem32driversqhgitbff.sys [x]
R1 qjywaelf;qjywaelf;c:windowssystem32driversqjywaelf.sys [x]
R1 qjzjtopt;qjzjtopt;c:windowssystem32driversqjzjtopt.sys [x]
R1 qkxlnwwb;qkxlnwwb;c:windowssystem32driversqkxlnwwb.sys [x]
R1 qmlhyzwp;qmlhyzwp;c:windowssystem32driversqmlhyzwp.sys [x]
R1 qqsxopba;qqsxopba;c:windowssystem32driversqqsxopba.sys [x]
R1 qrsqppvv;qrsqppvv;c:windowssystem32driversqrsqppvv.sys [x]
R1 qrtkwssi;qrtkwssi;c:windowssystem32driversqrtkwssi.sys [x]
R1 quxvaxyd;quxvaxyd;c:windowssystem32driversquxvaxyd.sys [x]
R1 rcrglqzt;rcrglqzt;c:windowssystem32driversrcrglqzt.sys [x]
R1 rjhousmg;rjhousmg;c:windowssystem32driversrjhousmg.sys [x]
R1 rluhnqtz;rluhnqtz;c:windowssystem32driversrluhnqtz.sys [x]
R1 rmhxhrit;rmhxhrit;c:windowssystem32driversrmhxhrit.sys [x]
R1 rnnbsajz;rnnbsajz;c:windowssystem32driversrnnbsajz.sys [x]
R1 romgulfv;romgulfv;c:windowssystem32driversromgulfv.sys [x]
R1 rpvuarzc;rpvuarzc;c:windowssystem32driversrpvuarzc.sys [x]
R1 rqpsdyvh;rqpsdyvh;c:windowssystem32driversrqpsdyvh.sys [x]
R1 rscjfvhd;rscjfvhd;c:windowssystem32driversrscjfvhd.sys [x]
R1 rvocjati;rvocjati;c:windowssystem32driversrvocjati.sys [x]
R1 rvpjhthx;rvpjhthx;c:windowssystem32driversrvpjhthx.sys [x]
R1 ryzewucx;ryzewucx;c:windowssystem32driversryzewucx.sys [x]
R1 rzvcycfm;rzvcycfm;c:windowssystem32driversrzvcycfm.sys [x]
R1 satjyvbl;satjyvbl;c:windowssystem32driverssatjyvbl.sys [x]
R1 scammfqe;scammfqe;c:windowssystem32driversscammfqe.sys [x]
R1 sdzowcsg;sdzowcsg;c:windowssystem32driverssdzowcsg.sys [x]
R1 sjddvsys;sjddvsys;c:windowssystem32driverssjddvsys.sys [x]
R1 slvfzaon;slvfzaon;c:windowssystem32driversslvfzaon.sys [x]
R1 snbulavj;snbulavj;c:windowssystem32driverssnbulavj.sys [x]
R1 snpuvskk;snpuvskk;c:windowssystem32driverssnpuvskk.sys [x]
R1 svtqjbjh;svtqjbjh;c:windowssystem32driverssvtqjbjh.sys [x]
R1 syigsfep;syigsfep;c:windowssystem32driverssyigsfep.sys [x]
R1 szaqwaha;szaqwaha;c:windowssystem32driversszaqwaha.sys [x]
R1 tbcjqswc;tbcjqswc;c:windowssystem32driverstbcjqswc.sys [x]
R1 tegapedi;tegapedi;c:windowssystem32driverstegapedi.sys [x]
R1 tjcxupzx;tjcxupzx;c:windowssystem32driverstjcxupzx.sys [x]
R1 tklhloni;tklhloni;c:windowssystem32driverstklhloni.sys [x]
R1 tkmtqjqt;tkmtqjqt;c:windowssystem32driverstkmtqjqt.sys [x]
R1 tlplzhvs;tlplzhvs;c:windowssystem32driverstlplzhvs.sys [x]
R1 tlvjwskd;tlvjwskd;c:windowssystem32driverstlvjwskd.sys [x]
R1 tosjqfgp;tosjqfgp;c:windowssystem32driverstosjqfgp.sys [x]
R1 tqikgrrh;tqikgrrh;c:windowssystem32driverstqikgrrh.sys [x]
R1 trqgltio;trqgltio;c:windowssystem32driverstrqgltio.sys [x]
R1 tvhbqxus;tvhbqxus;c:windowssystem32driverstvhbqxus.sys [x]
R1 tvrulqcp;tvrulqcp;c:windowssystem32driverstvrulqcp.sys [x]
R1 ubeetzmh;ubeetzmh;c:windowssystem32driversubeetzmh.sys [x]
R1 uenvymmv;uenvymmv;c:windowssystem32driversuenvymmv.sys [x]
R1 ugifxsgk;ugifxsgk;c:windowssystem32driversugifxsgk.sys [x]
R1 uhmhwvfn;uhmhwvfn;c:windowssystem32driversuhmhwvfn.sys [x]
R1 uierngev;uierngev;c:windowssystem32driversuierngev.sys [x]
R1 ukfevhxs;ukfevhxs;c:windowssystem32driversukfevhxs.sys [x]
R1 uthhpste;uthhpste;c:windowssystem32driversuthhpste.sys [x]
R1 utvnwreg;utvnwreg;c:windowssystem32driversutvnwreg.sys [x]
R1 vcpeikkf;vcpeikkf;c:windowssystem32driversvcpeikkf.sys [x]
R1 vebtyqzy;vebtyqzy;c:windowssystem32driversvebtyqzy.sys [x]
R1 vixfedri;vixfedri;c:windowssystem32driversvixfedri.sys [x]
R1 vlocunyf;vlocunyf;c:windowssystem32driversvlocunyf.sys [x]
R1 vogkrjtg;vogkrjtg;c:windowssystem32driversvogkrjtg.sys [x]
R1 voyukojo;voyukojo;c:windowssystem32driversvoyukojo.sys [x]
R1 vrqcaudg;vrqcaudg;c:windowssystem32driversvrqcaudg.sys [x]
R1 vshllhbm;vshllhbm;c:windowssystem32driversvshllhbm.sys [x]
R1 vwojjbbc;vwojjbbc;c:windowssystem32driversvwojjbbc.sys [x]
R1 vwuocgcz;vwuocgcz;c:windowssystem32driversvwuocgcz.sys [x]
R1 vxhwcrko;vxhwcrko;c:windowssystem32driversvxhwcrko.sys [x]
R1 vzfqsqer;vzfqsqer;c:windowssystem32driversvzfqsqer.sys [x]
R1 wbcnqiac;wbcnqiac;c:windowssystem32driverswbcnqiac.sys [x]
R1 weszgous;weszgous;c:windowssystem32driversweszgous.sys [x]
R1 whxvfnfi;whxvfnfi;c:windowssystem32driverswhxvfnfi.sys [x]
R1 wmlexebm;wmlexebm;c:windowssystem32driverswmlexebm.sys [x]
R1 wqrayuid;wqrayuid;c:windowssystem32driverswqrayuid.sys [x]
R1 wsrafeob;wsrafeob;c:windowssystem32driverswsrafeob.sys [x]
R1 wthnylnv;wthnylnv;c:windowssystem32driverswthnylnv.sys [x]
R1 wtohdiod;wtohdiod;c:windowssystem32driverswtohdiod.sys [x]
R1 wuglshpn;wuglshpn;c:windowssystem32driverswuglshpn.sys [x]
R1 wvjfasqc;wvjfasqc;c:windowssystem32driverswvjfasqc.sys [x]
R1 wxhytjax;wxhytjax;c:windowssystem32driverswxhytjax.sys [x]
R1 wzzlxvcw;wzzlxvcw;c:windowssystem32driverswzzlxvcw.sys [x]
R1 xaqenenp;xaqenenp;c:windowssystem32driversxaqenenp.sys [x]
R1 xcyhzjfs;xcyhzjfs;c:windowssystem32driversxcyhzjfs.sys [x]
R1 xlcjabba;xlcjabba;c:windowssystem32driversxlcjabba.sys [x]
R1 xltdbqsw;xltdbqsw;c:windowssystem32driversxltdbqsw.sys [x]
R1 xuihzmyr;xuihzmyr;c:windowssystem32driversxuihzmyr.sys [x]
R1 xxehihwk;xxehihwk;c:windowssystem32driversxxehihwk.sys [x]
R1 xyxvxnzb;xyxvxnzb;c:windowssystem32driversxyxvxnzb.sys [x]
R1 ycubbghw;ycubbghw;c:windowssystem32driversycubbghw.sys [x]
R1 yedcpluf;yedcpluf;c:windowssystem32driversyedcpluf.sys [x]
R1 yeprmeqr;yeprmeqr;c:windowssystem32driversyeprmeqr.sys [x]
R1 yfgarfcn;yfgarfcn;c:windowssystem32driversyfgarfcn.sys [x]
R1 yihckcvy;yihckcvy;c:windowssystem32driversyihckcvy.sys [x]
R1 yotbjdtv;yotbjdtv;c:windowssystem32driversyotbjdtv.sys [x]
R1 ywtxjzae;ywtxjzae;c:windowssystem32driversywtxjzae.sys [x]
R1 ywzxcgul;ywzxcgul;c:windowssystem32driversywzxcgul.sys [x]
R1 zackbtpe;zackbtpe;c:windowssystem32driverszackbtpe.sys [x]
R1 zgmmmjqw;zgmmmjqw;c:windowssystem32driverszgmmmjqw.sys [x]
R1 zgrxcghi;zgrxcghi;c:windowssystem32driverszgrxcghi.sys [x]
R1 zgxlumyo;zgxlumyo;c:windowssystem32driverszgxlumyo.sys [x]
R1 zirjktry;zirjktry;c:windowssystem32driverszirjktry.sys [x]
R1 zkkwdjdm;zkkwdjdm;c:windowssystem32driverszkkwdjdm.sys [x]
R1 zmpeccrk;zmpeccrk;c:windowssystem32driverszmpeccrk.sys [x]
R1 zmqraynb;zmqraynb;c:windowssystem32driverszmqraynb.sys [x]
R1 zrofwamv;zrofwamv;c:windowssystem32driverszrofwamv.sys [x]
R1 zttzszgy;zttzszgy;c:windowssystem32driverszttzszgy.sys [x]
R1 zvddqptv;zvddqptv;c:windowssystem32driverszvddqptv.sys [x]
R1 zxnsrywm;zxnsrywm;c:windowssystem32driverszxnsrywm.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Служба Google Update (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-01 135664]
R3 GoogleDesktopManager-051210-111108;Диспетчер Google Desktop 5.9.1005.12335;c:program filesGoogleGoogle Desktop SearchGoogleDesktop.exe [2010-07-25 30192]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:program filesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe [2008-09-23 50424]
R3 token;USB Token Service;c:windowssystem32DRIVERSeps2kt1.sys [2010-05-20 31744]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 51040]
S0 pavboot;Panda boot driver;c:windowssystem32Driverspavboot.sys [2009-06-30 28552]
S1 APPFLT;App Filter Plugin;c:windowssystem32DriversAPPFLT.SYS [2009-09-30 75016]
S1 CProCtrl;КриптоПро CSP драйвер;c:windowssystem32DRIVERSCProCtrl.sys [2009-04-22 54536]
S1 DSAFLT;DSA Filter Plugin;c:windowssystem32DriversDSAFLT.SYS [2009-06-16 53128]
S1 FNETMON;NetMon Filter Plugin;c:windowssystem32Driversfnetmon.SYS [2008-03-28 22072]
S1 IDSFLT;Ids Filter Plugin;c:windowssystem32DriversIDSFLT.SYS [2009-06-16 193800]
S1 NETFLTDI;Panda Net Driver [TDI Layer];c:windowssystem32DriversNETFLTDI.SYS [2009-06-16 08:33 159112]
S1 ShldDrv;Panda File Shield Driver;c:windowssystem32DRIVERSShlDrv51.sys [2008-03-04 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:windowssystem32DriversWNMFLT.SYS [2009-06-16 46728]
S2 AmFSM;AmFSM;c:windowssystem32DRIVERSamm8660.sys [2009-08-06 49160]
S2 ComFiltr;Panda Anti-Dialer;c:windowssystem32DRIVERSCOMFiltr.sys [2009-11-28 13880]
S2 cpcsp1;КриптоПро CSP KC1;c:windowssystem32svchost.exe [2008-01-21 21504]
S2 Guard.Mail.ru;Guard.Mail.ru;c:program filesMail.RuGuardGuardMailRu.exe [2010-12-23 1041088]
S2 Gwmsrv;Panda Goodware Cache Manager;c:windowssystem32svchost [x]
S2 mwlPSDFilter;mwlPSDFilter;c:windowssystem32DRIVERSmwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:windowssystem32DRIVERSmwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:windowssystem32DRIVERSmwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:program filesEgisTecMyWinLocker 3×86\MWLService.exe [2008-10-27 306736]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:program filesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe [2008-09-23 144632]
S2 PavProc;Panda Process Protection Driver;c:windowssystem32DRIVERSPavProc.sys [2009-06-30 163336]
S2 PskSvcRetail;Panda PSK service;c:program filesPanda SecurityPanda Internet Security 2010PskSvc.exe [2009-08-25 28928]
S2 Start BT in service;Start BT in service;c:program filesIVT CorporationBlueSoleilStartSkysolSvc.exe [2007-12-27 51816]
S3 AvFlt;Antivirus Filter Driver;c:windowssystem32driversav5flt.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:windowssystem32DRIVERSe1y6032.sys [2008-11-21 220288]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [2010-03-25 42368]
S3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:windowssystem32DRIVERSneti1639.sys [2009-09-09 199432]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:windowssystem32driversnvhda32v.sys [2009-05-11 64544]
S3 PavSRK.sys;PavSRK.sys;c:windowssystem32PavSRK.sys [x]
S3 PavTPK.sys;PavTPK.sys;c:windowssystem32PavTPK.sys [x]
S3 R5BaseSmc;USB Token Holder Service;c:windowssystem32DRIVERSsmccard.sys [2010-05-20 14592]
S3 RTIFDH;RTIFDH;c:windowssystem32DRIVERSrtIFDH.sys [2009-07-01 13312]
S3 RTUSB;Rutoken;c:windowssystem32DRIVERSrtUSB.sys [2009-07-01 29824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
panda REG_MULTI_SZ Gwmsrv
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08
cpcsp REG_MULTI_SZ cpcsp1
.
Contents of the ‘Scheduled Tasks’ folder

2011-01-11 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-01 16:29]

2011-01-11 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-01 16:29]

2011-01-11 c:windowsTasksUser_Feed_Synchronization-{40CBA629-AF20-4EA7-B068-C4E5C2E3414E}.job
— c:windowssystem32msfeedssync.exe [2010-12-16 04:25]
.
.

Supplementary Scan

.
uStart Page = hxxp://yandex.ru/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0419&s=1&o=vb32&d=1006&m=aspire_x3810
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {0013C359-980C-4916-B47A-B313DDF56755} — hxxps://www.alfadirect.ru/ADSign/ADCrypto.cab
.
— — — — ORPHANS REMOVED — — — —

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} — (no file)
HKCU-Run-PCHDPlayer — c:program filespchdPCHDPlayer.exe
HKLM-Run-WinampAgent — c:program filesWinampwinampa.exe
AddRemove-Dexster_is1 — i:dexsterunins000.exe
AddRemove-PV_BP_7_is1 — d:bp7unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 14:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKCUSoftwareMicrosoftWindowsCurrentVersionRun
PCHDPlayer = c:program filespchdPCHDPlayer.exe??W????[Zi?? ???x???u?r?r?e?n?t?V?e?r?s?i?o?n??R?u?n???????]??]Qi?? ???x??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
«BlindDial»=dword:00000000
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(952)
c:program filesCrypto ProCSPdetoured.dll

— — — — — — — > ‘lsass.exe'(876)
c:program filesCrypto ProCSPdetoured.dll

— — — — — — — > ‘csrss.exe'(756)
c:program filesCrypto ProCSPdetoured.dll

— — — — — — — > ‘csrss.exe'(824)
c:program filesCrypto ProCSPdetoured.dll
.
Completion time: 2011-01-11 14:45:56
ComboFix-quarantined-files.txt 2011-01-11 09:45

Pre-Run: 84 908 834 816 байт свободно
Post-Run: 88 691 605 504 байт свободно

— — End Of File — — F45F50BD5EBA6AEC4E3A7218D8CE0D7A
9 января, 2011 в 11:28 дп в ответ на: Троян и червь #31901
albash
Participant
- Темы:2
- Сообщений:20
Здравствуйте! Посмотрите, пожалуйста, логи. Нужно ли лечить компьютер? Спасибо.
2 декабря, 2010 в 7:20 дп в ответ на: Троян и червь #31900
albash
Participant
- Темы:2
- Сообщений:20
Оба лога не поместились. Прикрепляю второй:
info.txt logfile of random’s system information tool 1.08 2010-12-02 11:51:27

======Uninstall list======

«Barbie(TM) — Barbie(TM) в роли Принцессы острова» 1.0c—>»C:Program FilesBarbie(TM)Barbie(TM) as Island Princessunins000.exe»
«Barbie(TM) — Приключения на ранчо» 1.0с—>»C:Program FilesBarbie(TM)Barbie(TM) — Приключения на ранчоunins000.exe»
«Начальная школа Кирилла и Мефодия. Математика. 1 класс. Часть 2»—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7320F37D-592C-4270-BDAA-E43CC977A77C}setup.exe» -l0x19
«Начальная школа Кирилла и Мефодия. Русский язык. 1 класс»—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2374BED8-2605-45E1-ACA8-D2AB38B3C63C}setup.exe» -l0x19
22 игры с собаками—>»C:Program FilesBuka22 игры с собакамиunins000.exe»
ABBYY FineReader 7.0 Home Edition—>MsiExec.exe /I{8BAE6262-5FB8-46FF-BF6E-AEE4970164AF}
Acer eRecovery Management—>»C:Program FilesInstallShield Installation Information{7F811A54-5A09-4579-90E1-C93498E230D9}setup.exe» -runfromtemp -l0x0019 -removeonly
Acer Product Registration—>»C:Program FilesInstallShield Installation Information{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}setup.exe» -runfromtemp -l0x0019 -removeonly
Acer ScreenSaver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}setup.exe» -l0x9 -removeonly
Adobe Flash Player 10 ActiveX—>C:Windowssystem32MacromedFlashFlashUtil10l_ActiveX.exe -maintain activex
Adobe Reader 9.4.1 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A94000000001}
Bing Bar Platform—>MsiExec.exe /I{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}
Bluesoleil2.7.0.13 VoIP Release 071227—>MsiExec.exe /X{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}
Bookworm Adventures—>»C:Program FilesAcer GameZoneBookworm AdventuresUninstall.exe» «C:Program FilesAcer GameZoneBookworm Adventuresinstall.log»
Chicken Invaders 2—>»C:Program FilesAcer GameZoneChicken Invaders 2Uninstall.exe» «C:Program FilesAcer GameZoneChicken Invaders 2install.log»
D3DX10—>MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Dexster v3.3—>»I:Dexsterunins000.exe»
Dream Day First Home—>»C:Program FilesAcer GameZoneDream Day First HomeUninstall.exe» «C:Program FilesAcer GameZoneDream Day First Homeinstall.log»
eSobi v2—>C:Program FilesInstallShield Installation Information{15D967B5-A4BE-42AE-9E84-64CD062B25AA}setup.exe -runfromtemp -l0x0419
FBReader for Windows XP—>»C:Program FilesFBReaderuninstall.exe»
Go-Go Gourmet—>»C:Program FilesAcer GameZoneGo-Go GourmetUninstall.exe» «C:Program FilesAcer GameZoneGo-Go Gourmetinstall.log»
Google Desktop—>C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_AC0049E063DE2AEA.exe» /uninstall
Google Toolbar for Internet Explorer—>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guard.Mail.ru—>»C:Program FilesMail.RuGuardGuardMailRu.exe» /uninstall
Heroes of Hellas—>»C:Program FilesAcer GameZoneHeroes of HellasUninstall.exe» «C:Program FilesAcer GameZoneHeroes of Hellasinstall.log»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
HP Imaging Device Functions 13.0—>C:Program FilesHewlett-PackardDigital ImagingDeviceManagementhpzscr01.exe -datfile hpqbud01.dat
HP Photo and Imaging 2.1 — Scanjet 2400 Series—>MsiExec.exe /I{6F7ECD56-E224-4263-9B7E-158E5CECC43B}
HP Photosmart Essential 3.5—>C:Program FilesHewlett-PackardDigital ImagingPhotosmartEssentialhpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Scanjet G2410 and 2400—>C:Program FilesHewlett-PackardDigital Imaging{E5B04674-1885-4B08-BAE7-ECDEC1F84677}setuphpzscr01.exe -datfile hpgscr40.dat
HP Solution Center 13.0—>C:Program FilesHewlett-PackardDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update—>MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
Intel(R) Matrix Storage Manager—>C:Program FilesIntelIntel Matrix Storage ManagerUninstallimsmudlg.exe -uninstall
Java(TM) 6 Update 18—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018F0}
Java(TM) 6 Update 22—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Junk Mail filter update—>MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
K-Lite Mega Codec Pack 6.5.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
Magic Farm—>»C:Program FilesAcer GameZoneMagic FarmUninstall.exe» «C:Program FilesAcer GameZoneMagic Farminstall.log»
Magic Match Adventures—>»C:Program FilesAcer GameZoneMagic Match AdventuresUninstall.exe» «C:Program FilesAcer GameZoneMagic Match Adventuresinstall.log»
Mail.Ru Спутник 2.3.0.289—>C:Program FilesMail.RuSputnikMailRuSputnik.exe uninstall
Mesh Runtime—>MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 3.5 Language Pack SP1 — rus—>MsiExec.exe /I{2744791F-4E7C-32F5-AB40-AEC6A6C86DBF}
Microsoft .NET Framework 3.5 SP1—>C:WindowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile RUS Language Pack—>MsiExec.exe /X{5208FDB2-D561-3FB4-9763-6B10B06745B7}
Microsoft .NET Framework 4 Client Profile—>C:WindowsMicrosoft.NETFrameworkv4.0.30319SetupCacheClientSetup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile—>MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Antimalware Service RU-RU Language Pack—>MsiExec.exe /X{FA8BA2B5-EB0E-428B-AAB2-2D608D959B18}
Microsoft Antimalware—>MsiExec.exe /X{E62A1F01-07B7-4541-A835-EE5B0BF064C2}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-0018-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001B-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-006E-0419-0000-0000000FF1CE} /uninstall {37317C49-30C4-412C-B0B9-D95090F330D8}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-00A1-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel 2007 Help Обновление (KB963678)—>msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {420938DB-BF97-4664-BE29-0C68B4802C00}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Home and Student 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007—>MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5—>MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Powerpoint 2007 Help Обновление (KB963669)—>msiexec /package {90120000-0018-0419-0000-0000000FF1CE} /uninstall {BD1C2AC7-63F3-4C75-8B44-DE3D700B3BC8}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {57A92C5E-E76A-49CC-9EC2-A7B6CE1255EA}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0422-0000-0000000FF1CE} /uninstall {6F177D09-F21D-4F50-9436-353972D1D232}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word 2007 Help Обновление (KB963665)—>msiexec /package {90120000-001B-0419-0000-0000000FF1CE} /uninstall {D3A002FB-0F62-4840-80AD-2D2C63F83449}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Search Enhancement Pack—>MsiExec.exe /X{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}
Microsoft Security Essentials—>C:Program FilesMicrosoft Security Essentialssetup.exe /x
Microsoft Security Essentials—>MsiExec.exe /I{EF98A02A-1748-4762-9B7D-5ED1600520D5}
Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]—>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MSVCRT—>MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)—>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mystery Solitaire — Secret Island—>»C:Program FilesAcer GameZoneMystery Solitaire — Secret IslandUninstall.exe» «C:Program FilesAcer GameZoneMystery Solitaire — Secret Islandinstall.log»
MyWinLocker—>MsiExec.exe /X{68301905-2DEA-41CE-A4D4-E8B443B099BA}
Nero 9 Lite—>C:Program FilesCommon FilesNeroNero ProductInstaller 4SetupX.exe REMOVESERIALNUMBER=»XM2C-50A9-HH4M-0ZM8-4X06-9P25-5A46-618P-AH19-6647″
Nero Installer—>MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTI Backup Now 5—>C:Program FilesInstallShield Installation Information{12EFA1A4-AC3B-443C-8143-237EDE760403}setup.exe -runfromtemp -l0x0419
NTI Media Maker 8—>C:Program FilesInstallShield Installation Information{2413930C-8309-47A6-BC61-5EF27A4222BC}setup.exe -runfromtemp -l0x0419
NVIDIA Display Control Panel—>C:Program FilesNVIDIA CorporationUninstallnvuninst.exe DisplayControlPanel
NVIDIA Drivers—>C:Program FilesNVIDIA CorporationUninstallnvuninst.exe UninstallGUI
OCR Software by I.R.I.S. 13.0—>C:Program FilesHewlett-PackardDigital ImagingOCRhpzscr01.exe -datfile hpqbud11.dat
OpenOffice.org 3.2—>MsiExec.exe /I{5C2F4253-6243-45CD-BE1D-C80409788370}
Panda Internet Security 2010—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}SETUP.exe» -l0x19 -removeonly
PVSonyDll—>MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Realtek High Definition Audio Driver—>C:Program FilesRealtekAudioHDARtlUpd.exe -r -m -nrg2709
Rutoken Drivers—>MsiExec.exe /X{BC41DF50-6D8F-4F2F-B21E-38A1C452565D}
Rutoken Magistra Drivers—>MsiExec.exe /X{F6589A22-AFB4-4458-BBA3-90B75BB57044}
Security Update for 2007 Microsoft Office System (KB2288621)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2289158)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=»»
Security Update for Microsoft Office Excel 2007 (KB2345035)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office system 2007 (972581)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Segoe UI—>MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Skype Toolbars—>MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Update for 2007 Microsoft Office System (KB967642)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:Windowssystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
Update for Microsoft Office OneNote 2007 (KB980729)—>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Viewpoint Media Player (Remove Only)—>C:Program FilesViewpointViewpoint Media PlayermtsAxInstaller.exe -u
Windows Live Communications Platform—>MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Family Safety—>MsiExec.exe /I{02407A7A-D333-477C-B870-7BEB1EB47E33}
Windows Live Family Safety—>MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}
Windows Live ID Sign-in Assistant—>MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer—>MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail—>MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mesh—>MsiExec.exe /I{039480EE-6933-4845-88B8-77FD0C3D059D}
Windows Live Mesh—>MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core—>MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger—>MsiExec.exe /X{6986737B-F286-40D1-87AF-938339DCF6AB}
Windows Live Messenger—>MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter—>MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker—>MsiExec.exe /X{7465A996-0FCA-4D2D-A52C-F833B0829B5B}
Windows Live Movie Maker—>MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common—>MsiExec.exe /X{168E7302-890A-4138-9109-A225ACAF7AD1}
Windows Live Photo Common—>MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery—>MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform—>MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live Remote Client Resources—>MsiExec.exe /I{7A143876-9658-4A58-82E7-B5F02D942957}
Windows Live Remote Client—>MsiExec.exe /I{19A4A990-5343-4FF7-B3B5-6F046C091EDF}
Windows Live Remote Service Resources—>MsiExec.exe /I{D3CAE2CA-BE71-4CA4-9EB9-46E1C82E778B}
Windows Live Remote Service—>MsiExec.exe /I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}
Windows Live SOXE Definitions—>MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE—>MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync—>MsiExec.exe /X{08BB86A3-BD8B-491F-9751-CDA93D8E0B59}
Windows Live UX Platform Language Pack—>MsiExec.exe /I{D8DAB025-C2CE-4821-8117-494E95ADA031}
Windows Live UX Platform—>MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources—>MsiExec.exe /X{7FF11E53-C002-4F40-8D68-6BE751E5DD62}
Windows Live Writer—>MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer—>MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer—>MsiExec.exe /X{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}
WinRAR archiver—>C:Program FilesWinRARuninstall.exe
Zuma Deluxe—>»C:Program FilesAcer GameZoneZuma DeluxeUninstall.exe» «C:Program FilesAcer GameZoneZuma Deluxeinstall.log»
Бизнес Пак 7.4.0.939—>»D:bp7unins000.exe»
Компаньон Messenger—>MsiExec.exe /I{3705D53F-BB01-4BEE-8585-289E71CAC4B4}
Король лев — Новые приключения—>C:WindowsIsUninst.exe -f»C:Program FilesDisney InteractiveLion_King_ACDeIsL1.isu»
КриптоПро CSP—>MsiExec.exe /I{54A08450-B343-40B0-924E-68F031450996}
Основные компоненты Windows Live—>C:Program FilesWindows LiveInstallerwlarp.exe
Основные компоненты Windows Live—>MsiExec.exe /I{E83DC314-C926-4214-AD58-147691D6FE9F}
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office—>MsiExec.exe /X{90120000-0020-0419-0000-0000000FF1CE}
Панель Bing—>C:Program FilesBing Bar InstallerInstallManager.exe /UNINSTALL
Почта Windows Live—>MsiExec.exe /I{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}
Пятачок В Подводном Царстве—>»C:Program FilesBukaПятачок В Подводном Царствеunins000.exe»
Театр кошек—>C:Program FilesCom.MediaCats_TheatreCats_TheatreCats_Theatre.exe -u
Терминал Альфа-Директ™—>»C:Program FilesAlfaDirectADirect.exe» -remove
Фотоальбом Windows Live—>MsiExec.exe /X{77F69CA1-E53D-4D77-8BA3-FA07606CC851}
Элемент управления Windows Live Mesh ActiveX для удаленных подключений—>MsiExec.exe /I{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}
Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS—>C:WindowsMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — russetup.exe
Языковой пакет клиентского профиля Microsoft.NET Framework 4 — RUS—>C:WindowsMicrosoft.NETFrameworkv4.0.30319SetupCacheClientLPSetup.exe /repair /x86 /lcid 1049 /parameterfolder ClientLP

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Общий-ПК
Event Code: 7036
Message: Служба «Инструментарий управления Windows» перешла в состояние Работает.
Record Number: 132905
Source Name: Service Control Manager
Time Written: 20100715032425.000000-000
Event Type: Сведения
User:

Computer Name: Общий-ПК
Event Code: 7036
Message: Служба «Служба регистрации ошибок Windows» перешла в состояние Работает.
Record Number: 132904
Source Name: Service Control Manager
Time Written: 20100715032425.000000-000
Event Type: Сведения
User:

Computer Name: Общий-ПК
Event Code: 7036
Message: Служба «Служба времени Windows» перешла в состояние Работает.
Record Number: 132903
Source Name: Service Control Manager
Time Written: 20100715032425.000000-000
Event Type: Сведения
User:

Computer Name: Общий-ПК
Event Code: 7036
Message: Служба «Узел универсальных PNP-устройств» перешла в состояние Работает.
Record Number: 132902
Source Name: Service Control Manager
Time Written: 20100715032425.000000-000
Event Type: Сведения
User:

Computer Name: Общий-ПК
Event Code: 7036
Message: Служба «Службы терминалов» перешла в состояние Работает.
Record Number: 132901
Source Name: Service Control Manager
Time Written: 20100715032425.000000-000
Event Type: Сведения
User:

=====Application event log=====

Computer Name: Общий-ПК
Event Code: 1000
Message: Cчетчики производительности для службы WmiApRpl (WmiApRpl) загружены успешно. Данные в секции данных содержат новые значения индексов, назначенные этой службе.
Record Number: 7208
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100122112227.000000-000
Event Type: Сведения
User:

Computer Name: Общий-ПК
Event Code: 1001
Message: Счетчики производительности для службы WmiApRpl (WmiApRpl) успешно удалены. Данные записи содержат новые значения разделов системного реестра Last Counter и Last Help.
Record Number: 7207
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100122112227.000000-000
Event Type: Сведения
User:

Computer Name: Общий-ПК
Event Code: 1000
Message: Cчетчики производительности для службы WmiApRpl (WmiApRpl) загружены успешно. Данные в секции данных содержат новые значения индексов, назначенные этой службе.
Record Number: 7206
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100122111658.000000-000
Event Type: Сведения
User:

Computer Name: Общий-ПК
Event Code: 1001
Message: Счетчики производительности для службы WmiApRpl (WmiApRpl) успешно удалены. Данные записи содержат новые значения разделов системного реестра Last Counter и Last Help.
Record Number: 7205
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100122111658.000000-000
Event Type: Сведения
User:

Computer Name: Общий-ПК
Event Code: 1
Message: Служба центра обеспечения безопасности Windows запущена.
Record Number: 7204
Source Name: SecurityCenter
Time Written: 20100122111449.000000-000
Event Type: Сведения
User:

=====Security event log=====

Computer Name: Общий-ПК
Event Code: 4672
Message: Новому сеансу входа назначены специальные привилегии.

Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: SYSTEM
Домен учетной записи: NT AUTHORITY
Код входа: 0x3e7

Привилегии: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 39649
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100711154035.206113-000
Event Type: Аудит выполнен успешно
User:

Computer Name: Общий-ПК
Event Code: 4624
Message: Вход с учетной записью выполнен успешно.

Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: ОБЩИЙ-ПК$
Домен учетной записи: WORKGROUP
Код входа: 0x3e7

Тип входа: 5

Новый вход:
ИД безопасности: S-1-5-18
Имя учетной записи: SYSTEM
Домен учетной записи: NT AUTHORITY
Код входа: 0x3e7
GUID входа: {00000000-0000-0000-0000-000000000000}

Сведения о процессе:
Идентификатор процесса: 0x350
Имя процесса: C:WindowsSystem32services.exe

Сведения о сети:
Имя рабочей станции:
Сетевой адрес источника: —
Порт источника: —

Сведения о проверке подлинности:
Процесс входа: Advapi
Пакет проверки подлинности: Negotiate
Промежуточные службы: —
Имя пакета (только NTLM): —
Длина ключа: 0

Данное событие возникает при создании сеанса входа. Оно создается в системе, вход в которую выполнен.

Поля «Субъект» указывают на учетную запись локальной системы, запросившую вход. Обычно это служба, например служба «Сервер», или локальный процесс, такой как Winlogon.exe или Services.exe.

В поле «Тип входа» указан тип выполненного входа. Самыми распространенными являются типы 2 (интерактивный) и 3 (сетевой).

Поля «Новый вход» указывают на учетную запись, для которой создан новый сеанс входа, то есть на учетную запись, с которой выполнен вход.

В полях, которые относятся к сети, указан источник запроса на удаленный вход. Имя рабочей станции доступно не всегда, и в некоторых случаях это поле может оставаться незаполненным.

Поля сведений о проверке подлинности содержат подробные данные о конкретном запросе на вход.
— GUID входа — это уникальный идентификатор, который позволяет сопоставить данное событие с событием KDC.
— В поле «Промежуточные службы» указано, какие промежуточные службы участвовали в данном запросе на вход.
— Поле «Имя пакета» указывает на подпротокол, использованный с протоколами NTLM.
— Поле «Длина ключа» содержит длину созданного ключа сеанса. Это поле может иметь значение «0», если ключ сеанса не запрашивался.
Record Number: 39648
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100711154035.206113-000
Event Type: Аудит выполнен успешно
User:

Computer Name: Общий-ПК
Event Code: 4648
Message: Выполнена попытка входа в систему с явным указанием учетных данных.

Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: ОБЩИЙ-ПК$
Домен учетной записи: WORKGROUP
Код входа: 0x3e7
GUID входа: {00000000-0000-0000-0000-000000000000}

Были использованы учетные данные следующей учетной записи:
Имя учетной записи: SYSTEM
Домен учетной записи: NT AUTHORITY
GUID входа: {00000000-0000-0000-0000-000000000000}

Целевой сервер:
Имя целевого сервера: localhost
Дополнительные сведения: localhost

Сведения о процессе:
Идентификатор процесса: 0x350
Имя процесса: C:WindowsSystem32services.exe

Сведения о сети:
Сетевой адрес: —
Порт: —

Данное событие возникает, когда процесс пытается выполнить вход с учетной записью, явно указав ее учетные данные. Это обычно происходит при использовании конфигураций пакетного типа, например назначенных задач, или выполнении команды RUNAS.
Record Number: 39647
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100711154035.206113-000
Event Type: Аудит выполнен успешно
User:

Computer Name: Общий-ПК
Event Code: 4672
Message: Новому сеансу входа назначены специальные привилегии.

Субъект:
ИД безопасности: S-1-5-20
Имя учетной записи: NETWORK SERVICE
Домен учетной записи: NT AUTHORITY
Код входа: 0x3e4

Привилегии: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 39646
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100711154035.096912-000
Event Type: Аудит выполнен успешно
User:

Computer Name: Общий-ПК
Event Code: 4624
Message: Вход с учетной записью выполнен успешно.

Субъект:
ИД безопасности: S-1-5-18
Имя учетной записи: ОБЩИЙ-ПК$
Домен учетной записи: WORKGROUP
Код входа: 0x3e7

Тип входа: 5

Новый вход:
ИД безопасности: S-1-5-20
Имя учетной записи: NETWORK SERVICE
Домен учетной записи: NT AUTHORITY
Код входа: 0x3e4
GUID входа: {00000000-0000-0000-0000-000000000000}

Сведения о процессе:
Идентификатор процесса: 0x350
Имя процесса: C:WindowsSystem32services.exe

Сведения о сети:
Имя рабочей станции:
Сетевой адрес источника: —
Порт источника: —

Сведения о проверке подлинности:
Процесс входа: Advapi
Пакет проверки подлинности: Negotiate
Промежуточные службы: —
Имя пакета (только NTLM): —
Длина ключа: 0

Данное событие возникает при создании сеанса входа. Оно создается в системе, вход в которую выполнен.

Поля «Субъект» указывают на учетную запись локальной системы, запросившую вход. Обычно это служба, например служба «Сервер», или локальный процесс, такой как Winlogon.exe или Services.exe.

В поле «Тип входа» указан тип выполненного входа. Самыми распространенными являются типы 2 (интерактивный) и 3 (сетевой).

Поля «Новый вход» указывают на учетную запись, для которой создан новый сеанс входа, то есть на учетную запись, с которой выполнен вход.

В полях, которые относятся к сети, указан источник запроса на удаленный вход. Имя рабочей станции доступно не всегда, и в некоторых случаях это поле может оставаться незаполненным.

Поля сведений о проверке подлинности содержат подробные данные о конкретном запросе на вход.
— GUID входа — это уникальный идентификатор, который позволяет сопоставить данное событие с событием KDC.
— В поле «Промежуточные службы» указано, какие промежуточные службы участвовали в данном запросе на вход.
— Поле «Имя пакета» указывает на подпротокол, использованный с протоколами NTLM.
— Поле «Длина ключа» содержит длину созданного ключа сеанса. Это поле может иметь значение «0», если ключ сеанса не запрашивался.
Record Number: 39645
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100711154035.096912-000
Event Type: Аудит выполнен успешно
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«Path»=C:Program FilesCommon FilesMicrosoft SharedWindows Live;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesEgisTecMyWinLocker 3×86;C:Program FilesEgisTecMyWinLocker 3×64;C:Program FilesPanda SecurityPanda Internet Security 2010;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program FilesWindows LiveShared
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
«PROCESSOR_ARCHITECTURE»=x86
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«USERNAME»=SYSTEM
«windir»=%SystemRoot%
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«TRACE_FORMAT_SEARCH_PATH»=\NTREL202.ntdev.corp.microsoft.com4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0TraceFormat
«DFSTRACINGON»=FALSE
«Pathtem»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesEgisTecMyWinLocker 3×86;C:Program FilesEgisTecMyWinLocker 3×64
«NTIPath»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesEgisTecMyWinLocker 3×86;C:Program FilesEgisTecMyWinLocker 3×64;C:Program FilesNewTech InfosystemsNTI Backup Now 5;
«PSModulePath»=%SystemRoot%system32WindowsPowerShellv1.0Modules

EOF
7 апреля, 2009 в 5:01 дп в ответ на: Antivirus XP Pro 2009 #22135
albash
Participant
- Темы:2
- Сообщений:20
Здравствуйте!
Медленно загружаются сайты.
В IE выдаются сообщения: поиск узла, загрузка с узла
В Google Chrome: определение хоста, ожидание, соединение, отправка запроса.
Файлы загружаются быстро.
На другом компьютере с интернетом от того же провайдера проблем нет, всё грузится быстро.
Можно ли что-то исправить?
Спасибо.
4 марта, 2009 в 3:06 пп в ответ на: Antivirus XP Pro 2009 #22133
albash
Participant
- Темы:2
- Сообщений:20
ComboFix 09-03-03.01 — d 2009-03-04 13:21:02.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.1.1049.18.510.83 [GMT 5:00]
Running from: c:documents and settingsdРабочий столComboFix.exe
AV: Panda Internet Security 2009 *On-access scanning disabled* (Updated)
FW: Panda Personal Firewall 2009 *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem321

.
((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-04 13:19 . 2009-03-04 13:19
d

C:32788R22FWJFW
2009-02-23 19:34 . 2009-02-23 19:34 d—hs—- c:documents and settingsdUserData
2009-02-19 14:49 . 2009-02-19 14:49 d

c:documents and settingsAll UsersApplication DataPanda Software
2009-02-18 22:30 . 2009-02-24 09:27 d

c:program filestrend micro
2009-02-18 21:09 . 2009-02-18 21:09 d

c:windowsInstall
2009-02-18 09:50 . 2009-02-18 09:50 d

c:documents and settingsdApplication DataMalwarebytes
2009-02-18 09:49 . 2009-02-18 09:49 d

c:documents and settingsAll UsersApplication DataMalwarebytes
2009-02-18 09:48 . 2009-02-18 09:48 2,876,720 —a

c:program filesmbam-setup.exe
2009-02-17 13:00 . 2008-04-14 21:11 26,624 —a—c— c:windowssystem32dllcacheuserinit.exe
2009-02-16 21:20 . 2009-02-16 21:20 d

c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-02-16 21:20 . 2009-02-16 21:20 43,130,072 —a

c:program fileskis8.0.0.506ru.exe
2009-02-16 15:52 . 2009-02-16 21:40 d

c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-13 21:32 . 2009-02-13 21:32 d

c:documents and settingsdApplication DataApple Computer
2009-02-13 20:35 . 2009-02-13 20:35 d

c:program filesQuickTime
2009-02-13 20:35 . 2009-02-13 20:35 d

c:documents and settingsAll UsersApplication DataApple Computer
2009-02-13 20:34 . 2009-02-13 20:34 d

c:program filesApple Software Update
2009-02-13 20:34 . 2009-02-13 20:34 d

c:documents and settingsAll UsersApplication DataApple
2009-02-13 20:33 . 2009-02-13 20:34 21,878,064 —a

c:program filesQuickTimeInstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 08:11 13,880 —-a-w c:windowssystem32driversCOMFiltr.sys
2009-03-04 08:11 1,132 —-a-w c:windowssystem32driversAPPFLTR.CFG.bck
2009-03-04 08:11 1,132 —-a-w c:windowssystem32driversAPPFLTR.CFG
2009-03-03 04:31 294,752 —-a-w c:windowssystem32driversAPPFCONT.DAT.bck
2009-03-03 04:31 294,752 —-a-w c:windowssystem32driversAPPFCONT.DAT
2009-03-02 09:19

d

w c:program filesMetaTrader — Masterforex
2009-03-02 08:59

d

w c:documents and settingsAll UsersApplication DataGoogle Updater
2009-02-25 04:53

d

w c:documents and settingsdApplication DataSkype
2009-02-25 04:52

d

w c:documents and settingsdApplication DataskypePM
2009-02-01 13:36

d

w c:program filesCommon FilesEduSetup
2009-02-01 13:36

d

w c:program filesCommon Files1C Education Shared
2009-02-01 13:36

d

w c:program files1C Education
2009-01-23 17:20

d

w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-01-19 13:52

d

w c:program files1C Repetitor
2009-01-19 13:16

d

w c:documents and settingsAll UsersApplication DataQuickTime
2009-01-19 13:13

d

w c:program filesViewpoint
2009-01-19 13:10

d—h—w c:program filesInstallShield Installation Information
2009-01-17 15:43 399,360 —-a-w c:windowssystem32dllcacherpcss.dll
2009-01-15 13:27

d

r c:program filesAlfaDirect
2009-01-14 14:41

d

w c:program filesMSBuild
2009-01-14 14:41

d

w c:program filesMicrosoft Works
2009-01-14 14:39

d

w c:program filesMicrosoft.NET
2009-01-04 12:23

d

w c:program filesDisney Interactive
2008-12-20 23:03 826,368 —-a-w c:windowssystem32wininet.dll
2008-09-25 03:59 1,684,200 —-a-w c:program filesADSetup.exe
2008-09-16 04:11 164 —ha-w c:documents and settingsAll Usershpothb07.dat
2008-09-16 04:11 156 —ha-w c:documents and settingsdhpothb07.dat
2008-09-10 09:44 135,071,428 —-a-w c:program filesOOo_2.4.1_Win32Intel_install_wJRE_ru.exe
2008-09-08 08:03 6,114,816 —-a-w c:program filesrambler-icq5_1.exe
2008-08-24 14:39 1,662,925 —-a-w c:program filestetris.zip
2008-03-18 09:30 3,650,904 —-a-w c:program filesmt4setup.exe
2005-12-21 15:18 0 —-a-w c:documents and settingsdApplication Datawklnhst.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-04_13.04.41,04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-04 08:10:16 16,384 —-atw c:windowsTempPerflib_Perfdata_740.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Yupdate!»=»c:program filesCommon FilesYandexYupdateyupdate.exe» [2008-03-14 457992]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-02-02 68856]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«RaidTool»=»c:program filesVIARAIDraid_tool.exe» [2005-06-20 1056768]
«type32″=»c:program filesMicrosoft IntelliType Protype32.exe» [2005-06-10 196608]
«IntelliPoint»=»c:program filesMicrosoft IntelliPointpoint32.exe» [2005-06-10 217088]
«NeroCheck»=»c:windowssystem32\NeroCheck.exe» [2001-07-09 155648]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2005-09-14 344064]
«MBBalloon»=»c:program filesHOTALBUMMyBOXMBBalloon.exe» [2006-12-15 787096]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2008-08-04 36352]
«Share-to-Web Namespace Daemon»=»c:program filesHewlett-PackardHP Share-to-Webhpgs2wnd.exe» [2002-04-17 69632]
«APVXDWIN»=»c:program filesPanda SecurityPanda Internet Security 2009APVXDWIN.EXE» [2008-12-03 869632]
«SCANINICIO»=»c:program filesPanda SecurityPanda Internet Security 2009Inicio.exe» [2008-07-07 50432]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-10-15 39792]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-11-10 136600]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-27 31016]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2009-01-05 413696]
«VTTimer»=»VTTimer.exe» [2005-03-08 c:windowssystem32VTTimer.exe]
«VTTrayp»=»VTtrayp.exe» [2005-03-11 c:windowssystem32VTTrayp.exe]
«SoundMan»=»SOUNDMAN.EXE» [2005-10-04 c:windowssoundman.exe]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-14 c:windowssystem32bthprops.cpl]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

c:documents and settingsdѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HotSync Manager.lnk — c:program filesPalmHOTSYNC.EXE [2002-09-12 299008]
OpenOffice.org 3.0.lnk — c:program filesOpenOffice.org 3programquickstart.exe [2008-09-12 384000]
‚лаҐ§Є нЄа Ё Їа®Ја ¬¬ § ЇгбЄ ¤«п OneNote 2007.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632]
€бваг¬Ґв Їа®ўҐаЄЁ ®бЁвҐ«п Picture Motion Browser.lnk — c:program filesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe [2008-06-21 385024]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BlueSoleil.lnk — c:program filesIVT CorporationBlueSoleilBlueSoleil.exe [2006-04-28 872526]
MediaChecker.lnk — c:program filesHOTALBUMMyBOXMediaChecker.exe [2006-12-15 913560]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOfficeOSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifycpcsp]
2008-07-28 14:53 726528 c:program filesCrypto ProCSPcpcspi.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavldr]
2008-03-18 15:58 58672 c:windowssystem32avldr.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.ffds»= c:program filesffdshowffdshow.ax
«msacm.avis»= c:program filesffdshowffdshow.ax

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 wdigest cpssl

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]
@=»Service»

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\WINDOWS\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\Common Files\1C Education Shared\fb\bin\ibserver.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«443:UDP»= 443:UDP:*:Disabled:ooVoo UDP порт443
«37674:TCP»= 37674:TCP:*:Disabled:ooVoo TCP порт37674
«37674:UDP»= 37674:UDP:*:Disabled:ooVoo UDP порт37674
«37675:UDP»= 37675:UDP:*:Disabled:ooVoo UDP порт37675

R0 pavboot;Panda boot driver;c:windowssystem32driverspavboot.sys [2008-10-03 28544]
R0 PzWDM;PzWDM;c:windowssystem32driversPzWDM.sys [2007-08-05 15172]
R1 APPFLT;App Filter Plugin;c:windowssystem32driversAPPFLT.SYS [2008-10-03 73728]
R1 CProCtrl;КриптоПро CSP драйвер;c:windowssystem32driversCProCtrl.sys [2008-07-21 54024]
R1 DSAFLT;DSA Filter Plugin;c:windowssystem32driversdsaflt.sys [2008-10-03 52992]
R1 FNETMON;NetMon Filter Plugin;c:windowssystem32driversfnetmon.sys [2008-10-03 22072]
R1 IDSFLT;Ids Filter Plugin;c:windowssystem32driversidsflt.sys [2008-10-03 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:windowssystem32driversNETFLTDI.SYS [2008-10-03 20:47:08 158848]
R1 ShldDrv;Panda File Shield Driver;c:windowssystem32driversShlDrv51.sys [2008-10-03 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:windowssystem32driverswnmflt.sys [2008-10-03 46720]
R2 cpcsp1;КриптоПро CSP KC1;c:windowssystem32svchost.exe -k cpcsp [2004-08-18 14336]
R2 Gwmsrv;Panda Goodware Cache Manager;c:windowssystem32svchost -k Panda —> c:windowssystem32svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:windowssystem32driversPavProc.sys [2008-10-03 179640]
R2 PskSvcRetail;Panda PSK service;c:program filesPanda SecurityPanda Internet Security 2009psksvc.exe [2008-10-03 28928]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:windowssystem32driversneti1634.sys [2008-10-03 197888]
R3 PavTPK.sys;PavTPK.sys;??c:windowssystem32PavTPK.sys —> c:windowssystem32PavTPK.sys [?]
R3 RTIFDH;RTIFDH;c:windowssystem32driversrtIFDH.sys [2007-03-23 13056]
S3 RTUSB;Rutoken;c:windowssystem32driversrtUSB.sys [2008-09-24 29440]
S3 s3chipid;s3chipid;??c:docume~1dLOCALS~1Temps3chipid.sys —> c:docume~1dLOCALS~1Temps3chipid.sys [?]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
cpcsp REG_MULTI_SZ cpcsp1
panda REG_MULTI_SZ Gwmsrv
.
Contents of the ‘Scheduled Tasks’ folder

2009-03-04 c:windowsTasksUser_Feed_Synchronization-{5797FC88-E461-4A06-B2D1-D81ECB1BB3DF}.job
— c:windowssystem32msfeedssync.exe [2006-10-17 10:58]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MI1933~1Office12EXCEL.EXE/3000
IE: Закачать все при помощи FlashGet — c:program filesFlashGetjc_all.htm
IE: Закачать при помощи FlashGet — c:program filesFlashGetjc_link.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
Trusted Zone: webmoney.rubanking
Trusted Zone: webmoney.ruwww
TCP: {85C977D4-A0C4-4E9D-A888-0CC8849B01E4} = 213.135.97.131,195.128.128.1
DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} — hxxp://demo.bankline.ru/servlets/ibc?File=11309.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 13:25:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(1472)
c:windowssystem32Ati2evxx.dll
c:windowssystem32avldr.dll
.
Completion time: 2009-03-04 13:28:51
ComboFix-quarantined-files.txt 2009-03-04 08:28:33
ComboFix2.txt 2009-03-04 08:06:20

Pre-Run: 35 679 416 320 байт свободно
Post-Run: 35,664,580,608 байт свободно

202 — E O F — 2009-02-11 08:

Медленно открываются сайты.
Скорость скачивания программ (например Combofix) нормальная в соответствии с тарифом.
с цифрами всё нормально были сбиты настройки рабочего стола.
28 февраля, 2009 в 5:15 дп в ответ на: Antivirus XP Pro 2009 #22131
albash
Participant
- Темы:2
- Сообщений:20
Здравствуйте!
1. Компьютер все вноввь создаваемые документы сохраняет с расширением .docx
2. Замедлилось исполнение команд (Открыть файл, запустить программу)
3. Заметно упала скорость интернета, на открываемых страницах некоторые цифры выглядят сжатыми, некоторые нормальные
4. Кажется увеличился входящий трафик (точно не сравнивал).
Можно ли что-то сделать?
Спасибо.
24 февраля, 2009 в 4:30 дп в ответ на: Antivirus XP Pro 2009 #22129
albash
Participant
- Темы:2
- Сообщений:20
Свежий лог RSIT:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by d at 2009-02-24 09:27:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 34 GB (45%) free of 76 GB
Total RAM: 510 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:53, on 24.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe
C:PROGRAM FILESPANDA SECURITYPANDA INTERNET SECURITY 2009WebProxy.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe
C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe
C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe
C:Program FilesPanda SecurityPanda Internet Security 2009AVENGINE.EXE
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE
C:Program FilesPanda SecurityPanda Internet Security 2009ApvxdWin.exe
C:Program FilesPanda SecurityPanda Internet Security 2009SRVLOAD.EXE
C:Program FilesPanda SecurityPanda Internet Security 2009PavBckPT.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32msfeedssync.exe
C:WINDOWSsystem32VTTimer.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesVIARAIDraid_tool.exe
C:Program FilesMicrosoft IntelliType Protype32.exe
C:Program FilesMicrosoft IntelliPointpoint32.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesWinampwinampa.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesQuickTimeQTTask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesYandexYupdateyupdate.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
C:Program FilesHOTALBUMMyBOXMediaChecker.exe
C:Program FilesPalmHOTSYNC.EXE
C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesIVT CorporationBlueSoleilBlueSoleil.000
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsdМои документыАнтивирусыRSIT.exe
C:Program Filestrend microd.exe

R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Windows Live Sign-in Helper — {9030D464-4C02-4ABF-8ECC-5164760863C6} — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 — BHO: (no name) — {A5366673-E8CA-11D3-9CD9-0090271D075B} — (no file)
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll
O2 — BHO: Google Dictionary Compression sdch — {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: &Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 — HKLM..Run: [VTTimer] VTTimer.exe
O4 — HKLM..Run: [VTTrayp] VTtrayp.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [RaidTool] C:Program FilesVIARAIDraid_tool.exe
O4 — HKLM..Run: [type32] «C:Program FilesMicrosoft IntelliType Protype32.exe»
O4 — HKLM..Run: [IntelliPoint] «C:Program FilesMicrosoft IntelliPointpoint32.exe»
O4 — HKLM..Run: [NeroCheck] C:WINDOWSsystem32\NeroCheck.exe
O4 — HKLM..Run: [ATIPTA] «C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe»
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [MBBalloon] C:Program FilesHOTALBUMMyBOXMBBalloon.exe
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [Share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
O4 — HKLM..Run: [APVXDWIN] «C:Program FilesPanda SecurityPanda Internet Security 2009APVXDWIN.EXE» /s
O4 — HKLM..Run: [SCANINICIO] «C:Program FilesPanda SecurityPanda Internet Security 2009Inicio.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeQTTask.exe» -atboottime
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [feedreader.exe] «C:Program FilesFeedReader30feedreader.exe»
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKCU..Run: [YandexOnline] «C:Program FilesYandexOnlineonline.exe» -AutoStart
O4 — HKCU..Run: [updateMgr] «C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» AcRdB7_0_9 -reboot 1
O4 — HKCU..Run: [MsnMsgr] «C:Program FilesMSN MessengerMsnMsgr.Exe» /background
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKUSS-1-5-19..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [ctfmon.exe] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [ctfmon.exe] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: HotSync Manager.lnk = C:Program FilesPalmHOTSYNC.EXE
O4 — Startup: OpenOffice.org 3.0.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Startup: Инструмент проверки носителя Picture Motion Browser.lnk = C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe
O4 — Global Startup: BlueSoleil.lnk = C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
O4 — Global Startup: MediaChecker.lnk = C:Program FilesHOTALBUMMyBOXMediaChecker.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MI1933~1Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать все при помощи FlashGet — C:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — C:Program FilesFlashGetjc_link.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MI1933~1Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MI1933~1Office12ONBttnIE.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MI1933~1Office12REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) — http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 — DPF: {C6DBEB23-7475-11D2-8968-0060080BBFF8} (SecureEx Class) — http://demo.bankline.ru/servlets/ibc?File=11309.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 — HKLMSystemCCSServicesTcpip..{2F06BCB7-AB6A-479B-849E-50D0F72759D1}: NameServer = 213.135.96.250
O17 — HKLMSystemCCSServicesTcpip..{85C977D4-A0C4-4E9D-A888-0CC8849B01E4}: NameServer = 213.135.97.131,195.128.128.1
O17 — HKLMSystemCS1ServicesTcpip..{2F06BCB7-AB6A-479B-849E-50D0F72759D1}: NameServer = 213.135.96.250
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MI1933~1Office12GR99D3~1.DLL
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: cpcsp — C:Program FilesCrypto ProCSPcpcspi.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Panda Software Controller — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe
O23 — Service: Panda Function Service (PAVFNSVR) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe
O23 — Service: Panda Process Protection Service (PavPrSrv) — Panda Security, S.L. — C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe
O23 — Service: Panda On-Access Anti-Malware Service (PAVSRV) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Panda Host Service (PSHost) — Panda Software International — c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE
O23 — Service: Panda IManager Service (PSIMSVC) — Panda Security S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe
O23 — Service: Panda PSK service (PskSvcRetail) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Panda TPSrv (TPSrv) — Panda Security, S.L. — C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe

—
End of file — 14568 bytes

======Scheduled tasks folder======

C:WINDOWStasksUser_Feed_Synchronization-{5797FC88-E461-4A06-B2D1-D81ECB1BB3DF}.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A5366673-E8CA-11D3-9CD9-0090271D075B}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-01-01 251504]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll [2009-01-01 657904]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch — C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll [2009-01-01 522224]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-01-01 251504]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«VTTimer»=C:WINDOWSSYSTEM32VTTimer.exe [2005-03-08 53248]
«VTTrayp»=C:WINDOWSSYSTEM32VTtrayp.exe [2005-03-11 147456]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-10-04 90112]
«RaidTool»=C:Program FilesVIARAIDraid_tool.exe [2005-06-20 1056768]
«type32″=C:Program FilesMicrosoft IntelliType Protype32.exe [2005-06-10 196608]
«IntelliPoint»=C:Program FilesMicrosoft IntelliPointpoint32.exe [2005-06-10 217088]
«NeroCheck»=C:WINDOWSsystem32\NeroCheck.exe [2001-07-09 155648]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-09-14 344064]
«BluetoothAuthenticationAgent»=C:WINDOWSSYSTEM32bthprops.cpl [2008-04-14 110592]
«MBBalloon»=C:Program FilesHOTALBUMMyBOXMBBalloon.exe [2006-12-15 787096]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2008-08-04 36352]
«Share-to-Web Namespace Daemon»=C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe [2002-04-17 69632]
«APVXDWIN»=C:Program FilesPanda SecurityPanda Internet Security 2009APVXDWIN.EXE [2008-12-03 869632]
«SCANINICIO»=C:Program FilesPanda SecurityPanda Internet Security 2009Inicio.exe [2008-07-07 50432]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-11-10 136600]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«QuickTime Task»=C:Program FilesQuickTimeQTTask.exe [2009-01-05 413696]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«feedreader.exe»=C:Program FilesFeedReader30feedreader.exe []
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2008-03-14 457992]
«YandexOnline»=C:Program FilesYandexOnlineonline.exe -AutoStart []
«updateMgr»=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
«MsnMsgr»=C:Program FilesMSN MessengerMsnMsgr.Exe /background []
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-02-02 68856]
«SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe []

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BlueSoleil.lnk — C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
MediaChecker.lnk — C:Program FilesHOTALBUMMyBOXMediaChecker.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

C:Documents and SettingsdГлавное менюПрограммыАвтозагрузка
HotSync Manager.lnk — C:Program FilesPalmHOTSYNC.EXE
OpenOffice.org 3.0.lnk — C:Program FilesOpenOffice.org 3programquickstart.exe
Вырезка экрана и программа запуска для OneNote 2007.lnk — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
Инструмент проверки носителя Picture Motion Browser.lnk — C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSSYSTEM32Ati2evxx.dll [2005-09-15 46080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyavldr]
C:WINDOWSSYSTEM32avldr.dll [2008-03-18 58672]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycpcsp]
C:Program FilesCrypto ProCSPcpcspi.dll [2008-07-28 726528]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MI1933~1Office12GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableTaskMgr»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF
«NoSetActiveDesktop»=0
«NoActiveDesktopChanges»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoSetActiveDesktop»=
«NoActiveDesktopChanges»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.000″=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.000:*:Enabled:BlueSoleil»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesInternet ExplorerIEXPLORE.EXE»=»C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Disabled:Internet Explorer»
«C:Program FilesWinamp RemotebinOrb.exe»=»C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb»
«C:Program FilesWinamp RemotebinOrbTray.exe»=»C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray»
«C:Program FilesWinamp RemotebinOrbStreamerClient.exe»=»C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:Program FilesCommon Files1C Education Sharedfbbinibserver.exe»=»C:Program FilesCommon Files1C Education Sharedfbbinibserver.exe:*:Enabled:Firebird Database Server»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1»
«C:Program FilesMSN Messengerlivecall.exe»=»C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)»

======File associations======

.js — open — C:PROGRA~1PANDAS~2PANDAI~2PAVSCRIP.EXE «%1» %*
.vbs — open — C:PROGRA~1PANDAS~2PANDAI~2PAVSCRIP.EXE «%1» %*

======List of files/folders created in the last 1 months======

2009-02-24 08:53:49 —-D—- C:_OTMoveIt
2009-02-21 22:18:25 —-D—- C:Avenger
2009-02-21 22:18:25 —-A—- C:avenger.txt
2009-02-21 13:54:48 —-SHD—- C:Config.Msi
2009-02-21 11:23:31 —-RASHD—- C:autorun.inf
2009-02-19 14:49:35 —-D—- C:Documents and SettingsAll UsersApplication DataPanda Software
2009-02-18 22:30:25 —-D—- C:Program Filestrend micro
2009-02-18 22:30:22 —-D—- C:rsit
2009-02-18 21:09:55 —-D—- C:WINDOWSInstall
2009-02-18 09:50:24 —-D—- C:Documents and SettingsdApplication DataMalwarebytes
2009-02-18 09:49:37 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-02-18 09:49:37 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-02-18 09:48:12 —-A—- C:Program Filesmbam-setup.exe
2009-02-16 21:20:52 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-02-16 21:20:19 —-A—- C:Program Fileskis8.0.0.506ru.exe
2009-02-16 15:52:36 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-16 14:34:04 —-A—- C:WINDOWScalc.exe
2009-02-13 21:32:51 —-D—- C:Documents and SettingsdApplication DataApple Computer
2009-02-13 20:35:12 —-D—- C:Program FilesQuickTime
2009-02-13 20:35:11 —-D—- C:Documents and SettingsAll UsersApplication DataApple Computer
2009-02-13 20:34:47 —-D—- C:Program FilesApple Software Update
2009-02-13 20:34:47 —-D—- C:Documents and SettingsAll UsersApplication DataApple
2009-02-13 20:33:57 —-A—- C:Program FilesQuickTimeInstaller.exe
2009-02-11 13:06:13 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-02-01 18:36:14 —-D—- C:Program FilesCommon FilesEduSetup
2009-02-01 18:36:02 —-D—- C:Program FilesCommon Files1C Education Shared
2009-02-01 18:36:02 —-D—- C:Program Files1C Education

======List of files/folders modified in the last 1 months======

2009-02-24 09:26:46 —-D—- C:WINDOWSPrefetch
2009-02-24 09:05:31 —-D—- C:WINDOWSTemp
2009-02-24 08:59:23 —-D—- C:WINDOWSsystem32drivers
2009-02-24 08:59:02 —-A—- C:WINDOWSModemLog_Bluetooth Fax Modem.txt
2009-02-24 08:59:02 —-A—- C:WINDOWSModemLog_Bluetooth DUN Modem.txt
2009-02-24 08:58:56 —-A—- C:WINDOWSModemLog_Conexant SC56D External PnP, V.92,V.90,Voice,Speakerphone.txt
2009-02-24 08:58:55 —-A—- C:WINDOWSModemLog_Стандартный модем 56000 bps.txt
2009-02-24 08:58:55 —-A—- C:WINDOWSModemLog_GPRS via Bluetooth(tm) #5.txt
2009-02-24 08:58:32 —-D—- C:WINDOWSsystem32
2009-02-24 08:57:36 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-24 08:52:55 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-23 20:14:42 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2009-02-21 22:18:25 —-RD—- C:Program Files
2009-02-21 15:06:09 —-D—- C:WINDOWS
2009-02-21 13:57:32 —-SHD—- C:WINDOWSInstaller
2009-02-21 13:56:25 —-HD—- C:WINDOWSinf
2009-02-21 10:41:25 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-21 10:20:08 —-A—- C:WINDOWShpqcopy.INI
2009-02-16 08:38:40 —-A—- C:WINDOWSupdate.exe
2009-02-15 21:49:16 —-D—- C:Documents and SettingsdApplication DataSkype
2009-02-15 19:24:54 —-D—- C:Documents and SettingsdApplication DataskypePM
2009-02-13 20:36:00 —-D—- C:Program FilesInternet Explorer
2009-02-11 13:06:12 —-HD—- C:WINDOWS$hf_mig$
2009-02-11 13:06:06 —-A—- C:WINDOWSimsins.BAK
2009-02-11 13:05:32 —-D—- C:WINDOWSie7updates
2009-02-09 12:54:24 —-D—- C:Program FilesMetaTrader — Masterforex
2009-02-04 04:21:12 —-A—- C:WINDOWSsystem32MRT.exe
2009-02-01 18:36:41 —-A—- C:WINDOWSODBC.INI
2009-02-01 18:36:25 —-A—- C:WINDOWSODBCINST.INI
2009-02-01 18:36:14 —-D—- C:Program FilesCommon Files
2009-01-31 22:12:27 —-SD—- C:Documents and SettingsdApplication DataMicrosoft
2009-01-28 08:58:47 —-A—- C:WINDOWSwin.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:WINDOWSsystem32driversAFS2K.sys [2008-08-20 82380]
R1 APPFLT;App Filter Plugin; ??C:WINDOWSsystem32DriversAPPFLT.SYS []
R1 CProCtrl;КриптоПро CSP драйвер; C:WINDOWSsystem32DRIVERSCProCtrl.sys [2008-07-21 54024]
R1 DSAFLT;DSA Filter Plugin; ??C:WINDOWSsystem32DriversDSAFLT.SYS []
R1 FNETMON;NetMon Filter Plugin; ??C:WINDOWSsystem32Driversfnetmon.SYS []
R1 IDSFLT;Ids Filter Plugin; ??C:WINDOWSsystem32DriversIDSFLT.SYS []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; ??C:WINDOWSsystem32DriversNETFLTDI.SYS []
R1 ShldDrv;Panda File Shield Driver; C:WINDOWSSystem32DRIVERSShlDrv51.sys [2008-03-04 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin; ??C:WINDOWSsystem32DriversWNMFLT.SYS []
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]
R2 irda;ИК-протокол IrDA; C:WINDOWSsystem32DRIVERSirda.sys [2008-04-13 88192]
R2 PAVDRV;pavdrv; C:WINDOWSsystem32DRIVERSpavdrv51.sys [2008-04-28 84024]
R2 PavProc;Panda Process Protection Driver; ??C:WINDOWSsystem32DRIVERSPavProc.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-10-04 3797632]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2005-09-15 1339392]
R3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2005-08-31 20480]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2006-01-19 10068]
R3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys [2005-07-29 11988]
R3 ComFiltr;Panda Anti-Dialer; ??C:WINDOWSsystem32DRIVERSCOMFiltr.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2005-03-18 42496]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34; C:WINDOWSsystem32DRIVERSneti1634.sys [2008-06-26 197888]
R3 PavTPK.sys;PavTPK.sys; ??C:WINDOWSsystem32PavTPK.sys []
R3 Point32;Microsoft IntelliPoint Filter Driver; C:WINDOWSsystem32DRIVERSpoint32.sys [2005-06-10 21760]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-18 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2004-08-18 5888]
R3 RTIFDH;RTIFDH; C:WINDOWSsystem32DRIVERSrtIFDH.sys [2008-04-16 13056]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2006-02-28 84836]
S3 actser;actser; C:WINDOWSsystem32driversactser.sys [2004-06-07 29440]
S3 Bridge;MAC-мост; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-13 71552]
S3 BridgeMP;Минипорт MAC-моста; C:WINDOWSsystem32DRIVERSbridge.sys [2008-04-13 71552]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys [2005-10-23 23000]
S3 BthEnum;Служба Bluetooth Enumerator; C:WINDOWSsystem32DRIVERSBthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth-Modem Communication Driver; C:WINDOWSsystem32DRIVERSbthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2008-04-13 101120]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2008-06-14 272512]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-18 27165]
S3 irsir;Драйвер для инфракрасного последовательного порта Microsoft; C:WINDOWSsystem32DRIVERSirsir.sys [2001-08-18 18688]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:WINDOWSsystem32driversPalmUSBD.sys [2002-09-12 16509]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2008-04-13 59136]
S3 RTUSB;Rutoken; C:WINDOWSsystem32DRIVERSrtUSB.SYS [2008-04-16 29440]
S3 s3chipid;s3chipid; ??C:DOCUME~1dLOCALS~1Temps3chipid.sys []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2006-11-10 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2006-11-10 6096]
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2006-11-10 84512]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 Via4in1;Via4in1; ??D:Via4in1.sys []
S3 viagfx;viagfx; C:WINDOWSsystem32DRIVERSvtmini.sys [2005-08-24 237312]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2005-09-15 376832]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 cpcsp1;КриптоПро CSP KC1; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-10-12 168432]
R2 Gwmsrv;Panda Goodware Cache Manager; C:WINDOWSsystem32svchost -k Panda []
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-10 152984]
R2 Panda Software Controller;Panda Software Controller; C:Program FilesPanda SecurityPanda Internet Security 2009PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:Program FilesPanda SecurityPanda Internet Security 2009PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:Program FilesCommon FilesPanda SecurityPavShldpavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:Program FilesPanda SecurityPanda Internet Security 2009pavsrv51.exe [2008-07-04 288512]
R2 PSHost;Panda Host Service; c:program filespanda securitypanda internet security 2009firewallPSHOST.EXE [2008-06-12 226608]
R2 PSIMSVC;Panda IManager Service; C:Program FilesPanda SecurityPanda Internet Security 2009PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:Program FilesPanda SecurityPanda Internet Security 2009PskSvc.exe [2008-06-25 28928]
R2 TPSrv;Panda TPSrv; C:Program FilesPanda SecurityPanda Internet Security 2009TPSrv.exe [2008-07-17 157440]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2005-09-14 516096]
S2 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]

EOF
24 февраля, 2009 в 4:26 дп в ответ на: Antivirus XP Pro 2009 #22128
albash
Participant
- Темы:2
- Сообщений:20
Здравствуйте!
Лог OTMoveIt3:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{21c46712-3501-11dc-a151-001583b3d7be}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{321bbbf0-4308-11dc-a15b-001583b3d7be}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{46855e9e-5814-11dd-a458-00142aa0ed4b}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{46855e9f-5814-11dd-a458-00142aa0ed4b}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4e7b03cc-9b39-11db-9f8a-001583b3d7be}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{64347be4-d063-11db-a027-001583b3d7be}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8d100bb8-62b9-11dd-a473-00142aa0ed4b}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b2e2ac22-11c9-11dd-a3c8-00142aa0ed4b}\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~1dLOCALS~1Temp~DF191B.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DF36CF.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DF36DA.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DF5E40.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DF5E71.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFD70.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF738.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF747.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF762.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF7CD.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF7DF.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1dLOCALS~1Temp~DFF7EB.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStemp25b488549c374092c67ec4030dfbd63aPSK_PLUGINS_0 scheduled to be deleted on reboot.
File delete failed. C:WINDOWStemp25b488549c374092c67ec4030dfbd63aPSK_PLUGINS_1 scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempPerflib_Perfdata_1f0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 02242009_085349

Files moved on Reboot…
File C:DOCUME~1dLOCALS~1Temp~DF191B.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DF36CF.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DF36DA.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DF5E40.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DF5E71.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFD70.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF738.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF747.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF762.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF7CD.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF7DF.tmp not found!
File C:DOCUME~1dLOCALS~1Temp~DFF7EB.tmp not found!
File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.
C:WINDOWStemp25b488549c374092c67ec4030dfbd63aPSK_PLUGINS_0 moved successfully.
C:WINDOWStemp25b488549c374092c67ec4030dfbd63aPSK_PLUGINS_1 moved successfully.
File C:WINDOWStempPerflib_Perfdata_1f0.dat not found!
21 февраля, 2009 в 5:32 пп в ответ на: Antivirus XP Pro 2009 #22126
albash
Participant
- Темы:2
- Сообщений:20
свежий лог avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.
Автор

Сообщения