Созданные ответы форума
-
Сообщения
-
Здравствуйте. Я проделала все указанные выше процедуры и высылаю лог
ComboFix 09-03-06.02 — Наташа 2009-03-20 18:26:43.3 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1251.1.1049.18.511.247 [GMT 3:00]
Running from: c:documents and settingsНаташаРабочий столComboFix.exe
Command switches used :: c:documents and settingsНаташаРабочий столCFScript.txt
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
— REDUCED FUNCTIONALITY MODE —
.((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.2009-03-15 15:04 . 2009-03-15 15:04 96,976 —a
c:windowssystem32driversklin.dat
2009-03-15 15:04 . 2009-03-15 15:04 87,855 —a
c:windowssystem32driversklick.dat
2009-03-15 14:56 . 2009-03-15 14:56d
c:program filesKaspersky Lab
2009-03-15 14:56 . 2009-03-15 14:56d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-03-15 14:45 . 2009-03-15 14:46d
c:documents and settingsНаташаApplication DataYaChatData
2009-03-15 14:45 . 2009-03-15 14:45d
c:documents and settingsНаташаApplication DataMozilla
2009-03-15 14:44 . 2009-03-15 14:44d
c:program filesYandex
2009-03-15 14:44 . 2009-03-15 14:44d
c:documents and settingsНаташаApplication DataYandex
2009-03-11 16:40 . 2009-03-11 16:40 54,156 —ah
c:windowsQTFont.qfn
2009-03-11 16:40 . 2009-03-11 16:40 1,409 —a
c:windowsQTFont.for
2009-03-10 15:10 . 2009-03-10 15:10d
c:program filesGames.Mail.Ru
2009-03-05 12:07 . 2009-03-05 12:07d—hs—- C:FOUND.024
2009-02-24 14:55 . 2009-02-24 14:55d
c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-02-24 14:54 . 2009-02-24 14:54d
c:program filesGames.Rambler.ru.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 09:31 32 —sha-w c:windowssystem32driversfidbox.idx
2009-03-20 09:31 32 —sha-w c:windowssystem32driversfidbox.dat
2009-03-20 09:31 3,378,976 —sha-w c:windowssystem32driversfidbox2.dat
2009-03-20 09:31 13,024,160 —sha-w c:windowssystem32driversfidbox2.idx
2009-02-18 16:20
d
w c:documents and settingsНаташаApplication DatauTorrent
2009-02-11 10:23
d
w c:program filesOpera
2009-02-10 09:39
d
w c:documents and settingsНаташаApplication DataUniblue
2009-02-10 09:27 410,984 —-a-w c:windowssystem32deploytk.dll
2009-01-31 16:29
d
w c:program filestrend micro
2008-12-25 10:05 115,712 —sha-w c:program filesThumbs.db
2007-01-20 09:20 19,936 —-a-w c:documents and settingsНаташаApplication DataGDIPFONTCACHEV1.DAT
.
Sigcheck
2002-01-24 22:00 431616 a97cdf94514818775bde18f33b37f74f c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-03_16.55.24.20 )))))))))))))))))))))))))))))))))))))))))
.
— 2009-02-23 15:38:04 32,768 —-a-w c:windowssystem32configsystemprofileCookiesindex.dat
+ 2009-03-05 09:09:48 32,768 —-a-w c:windowssystem32configsystemprofileCookiesindex.dat
— 2009-02-23 15:38:04 32,768 —-a-w c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
+ 2009-03-05 09:09:48 32,768 —-a-w c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
+ 2009-03-05 09:09:48 32,768 —-a-w c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
+ 2007-10-31 10:41:16 110,096 —-a-w c:windowssystem32driverskl1.sys
— 2007-04-28 09:23:58 161,040 —-a-w c:windowssystem32driversklif.sys
+ 2007-12-19 11:49:38 194,832 —-a-w c:windowssystem32driversklif.sys
+ 2007-12-13 10:28:40 24,592 —-a-w c:windowssystem32driversklim5.sys
+ 2007-12-17 21:43:02 23,396 —-a-w c:windowssystem32driversklopp.dat
+ 2007-12-17 21:44:54 219,664 —-a-w c:windowssystem32klogon.dll
+ 2008-10-05 03:24:02 3,695,008 —-a-w c:windowssystem32MacromedFlashNPSWF32.dll
+ 2008-10-05 03:24:04 235,936 —-a-w c:windowssystem32MacromedFlashNPSWF32_FlashUtil.exe
+ 2009-03-15 17:10:54 84,661 —-a-w c:windowssystem32MacromedFlashuninstall_plugin.exe
+ 2009-03-20 15:23:44 16,384 —-a-w c:windowsTempPerflib_Perfdata_598.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2001-08-02 1077277]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2002-12-05 198656]
«ctfmon.exe»=»c:windowsSystem32ctfmon.exe» [2001-10-20 13312]
«Uniblue RegistryBooster 2009″=»c:program filesUniblueRegistryBoosterRegistryBooster.exe» [BU][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»NvQTwk» [X]
«SiSUSBRG»=»c:windowsSiSUSBrg.exe» [2002-04-26 102400]
«OfficeGuard RegChecker»=»c:program filesKaspersky LabKaspersky Anti-Virus Personal Proogrc.exe» [BU]
«HomeAlarm»=»d:винамповские часыWCLOCK.EXE» [BU]
«NVRTCLK»=»c:windowsSystem32NVRTCLKNVRTClk.exe» [2003-12-30 24576]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2003-10-31 32768]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2005-10-26 159744]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2003-12-13 33792]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«FaxCenterServer»=»c:program filesLexmark Fax Solutionsfm3032.exe» [2007-03-06 312240]
«lxdimon.exe»=»c:program filesLexmark 3500-4500 Serieslxdimon.exe» [2007-03-06 435120]
«lxdiamon»=»c:program filesLexmark 3500-4500 Serieslxdiamon.exe» [2007-03-05 20480]
«LXDICATS»=»c:windowsSystem32spoolDRIVERSW32X863LXDItime.dll» [2007-02-26 102400]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-03-16 155648]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-02-10 148888]
«nwiz»=»nwiz.exe» [2002-07-16 c:windowssystem32nwiz.exe]
«SoundMan»=»SOUNDMAN.EXE» [2002-07-12 c:windowssoundman.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2001-10-20 13312]c:documents and settingsЌ в и ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BIRTHDAY! millennium.lnk — c:program filesBIRTHDAYbirthmil.exe [2004-07-30 97280]
Calendarium.lnk — c:program filesCalendariumCalendarium.exe [2001-02-20 1512960]
€бва㬥⠯஢ҐаЄЁ ®бЁвҐ«п ¤«п Cyber-shot Viewer.lnk — c:program filesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe [2006-11-05 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.DIVF»= DivX412.dll
«vidc.vp31″= vp31vfw.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:program filesEsetESET NOD32 Antivirusekrn.exe [2007-12-21 468224]
R2 lxdi_device;lxdi_device;c:windowsSystem32lxdicoms.exe -service —> c:windowsSystem32lxdicoms.exe -service [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [2007-12-13 24592]
S0 ati0xbxx;ati0xbxx;c:windowsSystem32Driversati0xbxx.sys —> c:windowsSystem32Driversati0xbxx.sys [?]
S0 ati2hkxx;ati2hkxx;c:windowsSystem32Driversati2hkxx.sys —> c:windowsSystem32Driversati2hkxx.sys [?]
S0 ati2jmxx;ati2jmxx;c:windowsSystem32Driversati2jmxx.sys —> c:windowsSystem32Driversati2jmxx.sys [?]
S0 ati3twxx;ati3twxx;c:windowsSystem32Driversati3twxx.sys —> c:windowsSystem32Driversati3twxx.sys [?]
S0 ati3uxxx;ati3uxxx;c:windowsSystem32Driversati3uxxx.sys —> c:windowsSystem32Driversati3uxxx.sys [?]
S0 ati4fixx;ati4fixx;c:windowsSystem32Driversati4fixx.sys —> c:windowsSystem32Driversati4fixx.sys [?]
S0 ati5ikxx;ati5ikxx;c:windowsSystem32Driversati5ikxx.sys —> c:windowsSystem32Driversati5ikxx.sys [?]
S0 ati5xbxx;ati5xbxx;c:windowsSystem32Driversati5xbxx.sys —> c:windowsSystem32Driversati5xbxx.sys [?]
S0 ati6xbxx;ati6xbxx;c:windowsSystem32Driversati6xbxx.sys —> c:windowsSystem32Driversati6xbxx.sys [?]
S0 ati7gjxx;ati7gjxx;c:windowsSystem32Driversati7gjxx.sys —> c:windowsSystem32Driversati7gjxx.sys [?]
S0 ati7hkxx;ati7hkxx;c:windowsSystem32Driversati7hkxx.sys —> c:windowsSystem32Driversati7hkxx.sys [?]
S0 ati7psxx;ati7psxx;c:windowsSystem32Driversati7psxx.sys —> c:windowsSystem32Driversati7psxx.sys [?]
S0 ati7ycxx;ati7ycxx;c:windowsSystem32Driversati7ycxx.sys —> c:windowsSystem32Driversati7ycxx.sys [?]
S0 ati8bdxx;ati8bdxx;c:windowsSystem32Driversati8bdxx.sys —> c:windowsSystem32Driversati8bdxx.sys [?]
S0 ati8ycxx;ati8ycxx;c:windowsSystem32Driversati8ycxx.sys —> c:windowsSystem32Driversati8ycxx.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:windowsSystem32DRIVERSAmps2prt.sys —> c:windowsSystem32DRIVERSAmps2prt.sys [?]
S3 IrUSB;ArkMicro USB Infrared Miniport Adapter;c:windowssystem32driversIrUSB.sys [2007-03-25 13568]
S3 SiS7012;Service for AC’97 Sample Driver (WDM);c:windowssystem32driverssis7012.sys [2004-07-30 177280]
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-YandexOnline — c:program filesYandexOnlineonline.exe
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru?clid=38910&yasoft=online
mStart Page = hxxp://mail.ru
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Add to AMV Convert Tool… — c:program filesMP3 Player Utilities 4.00AMVConvertergrab.html
IE: MediaManager tool grab multimedia file — c:program filesMP3 Player Utilities 4.00MediaManagergrab.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} — %SystemRoot%webrelated.htm
TCP: {80387CB4-E04F-4F7A-8174-4FA6F203B148} = 89.151.191.2,89.151.190.213
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 18:27:09
Windows 5.1.2600 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
LXDICATS = rundll32 c:windowsSystem32spoolDRIVERSW32X863LXDItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINEsoftwareH+H Software GmbHVirtual CD 5Settings]
@DACL=(02 0000)
«VCDDrivesNo»=»1»
«VCDDriveLetters»=»X»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1132)
c:windowssystem32ODBC32.dll
c:windowsSystem32klogon.dll— — — — — — — > ‘lsass.exe'(1248)
c:windowssystem32mswsock.dll
c:windowsSystem32dssenh.dll
.
Completion time: 2009-03-20 18:28:59
ComboFix-quarantined-files.txt 2009-03-20 15:28:58
ComboFix2.txt 2009-03-03 14:01:44Pre-Run: 15 117 713 408 байт свободно
Post-Run: 15,136,342,016 байт свободно183
Здравствуйте. А можно использовать Opera?
Вот мой лог combofix
ComboFix 09-03-02.03 — Наташа 2009-03-03 16:57:39.2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1251.1.1049.18.511.238 [GMT 3:00]
Running from: c:documents and settingsНаташаРабочий столComboFix.exe
Command switches used :: c:documents and settingsНаташаРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
—- Previous Run
.
c:documents and settingsНаташаLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.jpg
c:documents and settingsНаташаLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.jpg
c:documents and settingsНаташаLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.jpg
c:documents and settingsНаташаLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsНаташаLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.gif
c:documents and settingsНаташаLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.jpg
c:documents and settingsНаташаLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsНаташаLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsНаташаLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.jpg
c:documents and settingsНаташаLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.gif
c:documents and settingsНаташаLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsНаташаLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsНаташаLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsНаташаLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.gif
c:documents and settingsНаташаLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsНаташаLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.jpg
c:documents and settingsНаташаLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.gif
c:windowsIE4 Error Log.txt.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_POWERMANAGER
Legacy_TCPSR((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.2009-02-24 20:06 . 2009-02-28 15:56 54,156 —ah
c:windowsQTFont.qfn
2009-02-24 20:06 . 2009-02-24 20:06 1,409 —a
c:windowsQTFont.for
2009-02-24 14:55 . 2009-02-24 14:55d
c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-02-24 14:54 . 2009-02-24 14:54d
c:program filesGames.Rambler.ru
2009-02-18 19:20 . 2009-02-18 19:20d
c:program filesuTorrent
2009-02-18 19:20 . 2009-02-18 19:20d
c:documents and settingsНаташаApplication DatauTorrent
2009-02-13 11:12 . 2009-02-13 11:12d
c:windowssystem32Adobe
2009-02-11 13:23 . 2009-02-11 13:23d
c:program filesOpera
2009-02-11 13:23 . 2009-02-11 13:23d
c:documents and settingsНаташаApplication DataOpera
2009-02-10 14:11 . 2009-02-10 14:11d—hs—- C:FOUND.023
2009-02-10 12:39 . 2009-02-10 12:39d
c:documents and settingsНаташаApplication DataUniblue
2009-02-10 12:28 . 2009-02-10 12:27 410,984 —a
c:windowssystem32deploytk.dll
2009-02-10 12:28 . 2009-02-10 12:27 73,728 —a
c:windowssystem32javacpl.cpl
2009-02-10 12:06 . 2009-02-10 12:06d—hs—- C:FOUND.022
2009-02-05 18:24 . 2009-02-05 18:24d
C:_OTMoveIt.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 13:52 32 —sha-w c:windowssystem32driversfidbox.idx
2009-03-03 13:52 32 —sha-w c:windowssystem32driversfidbox.dat
2009-03-03 13:52 3,275,296 —sha-w c:windowssystem32driversfidbox2.dat
2009-03-03 13:52 12,590,336 —sha-w c:windowssystem32driversfidbox2.idx
2009-01-31 16:29
d
w c:program filestrend micro
2009-01-19 09:37
d
w c:program filesD-Link
2008-12-25 10:05 115,712 —sha-w c:program filesThumbs.db
2007-01-20 09:20 19,936 —-a-w c:documents and settingsНаташаApplication DataGDIPFONTCACHEV1.DAT
.
Sigcheck
2002-01-24 22:00 431616 a97cdf94514818775bde18f33b37f74f c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2001-08-02 1077277]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2002-12-05 198656]
«ctfmon.exe»=»c:windowsSystem32ctfmon.exe» [2001-10-20 13312]
«Uniblue RegistryBooster 2009″=»c:program filesUniblueRegistryBoosterRegistryBooster.exe» [BU][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»NvQTwk» [X]
«SiSUSBRG»=»c:windowsSiSUSBrg.exe» [2002-04-26 102400]
«OfficeGuard RegChecker»=»c:program filesKaspersky LabKaspersky Anti-Virus Personal Proogrc.exe» [BU]
«HomeAlarm»=»d:винамповские часыWCLOCK.EXE» [BU]
«NVRTCLK»=»c:windowsSystem32NVRTCLKNVRTClk.exe» [2003-12-30 24576]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2003-10-31 32768]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2005-10-26 159744]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2003-12-13 33792]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«FaxCenterServer»=»c:program filesLexmark Fax Solutionsfm3032.exe» [2007-03-06 312240]
«lxdimon.exe»=»c:program filesLexmark 3500-4500 Serieslxdimon.exe» [2007-03-06 435120]
«lxdiamon»=»c:program filesLexmark 3500-4500 Serieslxdiamon.exe» [2007-03-05 20480]
«LXDICATS»=»c:windowsSystem32spoolDRIVERSW32X863LXDItime.dll» [2007-02-26 102400]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-03-16 155648]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-02-10 148888]
«nwiz»=»nwiz.exe» [2002-07-16 c:windowssystem32nwiz.exe]
«SoundMan»=»SOUNDMAN.EXE» [2002-07-12 c:windowssoundman.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2001-10-20 13312]c:documents and settingsЌ в и ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BIRTHDAY! millennium.lnk — c:program filesBIRTHDAYbirthmil.exe [2004-07-30 97280]
Calendarium.lnk — c:program filesCalendariumCalendarium.exe [2001-02-20 1512960]
€бва㬥⠯஢ҐаЄЁ ®бЁвҐ«п ¤«п Cyber-shot Viewer.lnk — c:program filesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe [2006-11-05 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.DIVF»= DivX412.dll
«vidc.vp31″= vp31vfw.dllR1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:program filesEsetESET NOD32 Antivirusekrn.exe [2007-12-21 468224]
R2 lxdi_device;lxdi_device;c:windowsSystem32lxdicoms.exe -service —> c:windowsSystem32lxdicoms.exe -service [?]
S0 ati0xbxx;ati0xbxx;c:windowsSystem32Driversati0xbxx.sys —> c:windowsSystem32Driversati0xbxx.sys [?]
S0 ati2hkxx;ati2hkxx;c:windowsSystem32Driversati2hkxx.sys —> c:windowsSystem32Driversati2hkxx.sys [?]
S0 ati2jmxx;ati2jmxx;c:windowsSystem32Driversati2jmxx.sys —> c:windowsSystem32Driversati2jmxx.sys [?]
S0 ati3twxx;ati3twxx;c:windowsSystem32Driversati3twxx.sys —> c:windowsSystem32Driversati3twxx.sys [?]
S0 ati3uxxx;ati3uxxx;c:windowsSystem32Driversati3uxxx.sys —> c:windowsSystem32Driversati3uxxx.sys [?]
S0 ati4fixx;ati4fixx;c:windowsSystem32Driversati4fixx.sys —> c:windowsSystem32Driversati4fixx.sys [?]
S0 ati5ikxx;ati5ikxx;c:windowsSystem32Driversati5ikxx.sys —> c:windowsSystem32Driversati5ikxx.sys [?]
S0 ati5xbxx;ati5xbxx;c:windowsSystem32Driversati5xbxx.sys —> c:windowsSystem32Driversati5xbxx.sys [?]
S0 ati6xbxx;ati6xbxx;c:windowsSystem32Driversati6xbxx.sys —> c:windowsSystem32Driversati6xbxx.sys [?]
S0 ati7gjxx;ati7gjxx;c:windowsSystem32Driversati7gjxx.sys —> c:windowsSystem32Driversati7gjxx.sys [?]
S0 ati7hkxx;ati7hkxx;c:windowsSystem32Driversati7hkxx.sys —> c:windowsSystem32Driversati7hkxx.sys [?]
S0 ati7psxx;ati7psxx;c:windowsSystem32Driversati7psxx.sys —> c:windowsSystem32Driversati7psxx.sys [?]
S0 ati7ycxx;ati7ycxx;c:windowsSystem32Driversati7ycxx.sys —> c:windowsSystem32Driversati7ycxx.sys [?]
S0 ati8bdxx;ati8bdxx;c:windowsSystem32Driversati8bdxx.sys —> c:windowsSystem32Driversati8bdxx.sys [?]
S0 ati8ycxx;ati8ycxx;c:windowsSystem32Driversati8ycxx.sys —> c:windowsSystem32Driversati8ycxx.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:windowsSystem32DRIVERSAmps2prt.sys —> c:windowsSystem32DRIVERSAmps2prt.sys [?]
S3 IrUSB;ArkMicro USB Infrared Miniport Adapter;c:windowssystem32driversIrUSB.sys [2007-03-25 13568]
S3 SiS7012;Service for AC’97 Sample Driver (WDM);c:windowssystem32driverssis7012.sys [2004-07-30 177280]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Add to AMV Convert Tool… — c:program filesMP3 Player Utilities 4.00AMVConvertergrab.html
IE: MediaManager tool grab multimedia file — c:program filesMP3 Player Utilities 4.00MediaManagergrab.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} — %SystemRoot%webrelated.htm
TCP: {80387CB4-E04F-4F7A-8174-4FA6F203B148} = 89.151.191.2,89.151.190.213
TCP: {BF61008C-73C5-4636-8B1F-0ED82B6BB023} = 89.151.191.2 89.151.190.213
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 17:00:00
Windows 5.1.2600 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
LXDICATS = rundll32 c:windowsSystem32spoolDRIVERSW32X863LXDItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINEsoftwareH+H Software GmbHVirtual CD 5Settings]
@DACL=(02 0000)
«VCDDrivesNo»=»1»
«VCDDriveLetters»=»X»
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(760)
c:windowssystem32ODBC32.dll— — — — — — — > ‘lsass.exe'(816)
c:windowssystem32mswsock.dll
c:windowsSystem32dssenh.dll
.
Completion time: 2009-03-03 17:01:40
ComboFix-quarantined-files.txt 2009-03-03 14:01:38Pre-Run: 17,031,512,064 байт свободно
Post-Run: 17,020,665,856 байт свободно170
Здравствуйте, присылаю лог OTMoveIt3
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service a4hhtf5n .
Service tcpsr stopped successfully.
Service tcpsr deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\rs32net deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati0xbxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2hkxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2jmxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3twxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3uxxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4fixx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5ikxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5xbxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6xbxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7gjxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7hkxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7psxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7ycxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8bdxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8ycxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati0xbxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2hkxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2jmxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati3twxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati3uxxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4fixx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5ikxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5xbxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6xbxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7gjxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7hkxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7psxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7ycxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8bdxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8ycxx.sys\ deleted successfully.
========== FILES ==========
File/Folder C:WINDOWSSystem32driverstcpsr.sys not found.
File/Folder C:WINDOWSSystem32rs32net.exe not found.
File/Folder C:WINDOWSSystem32driversa4hhtf5n.sys not found.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempPerflib_Perfdata_1e4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 02182009_181644
Files moved on Reboot…
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat moved successfully.
File C:WINDOWStempPerflib_Perfdata_1e4.dat not found!Также логи RSIT:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Наташа at 2009-02-18 18:23:12
Microsoft Windows XP Professional
System drive C: has 18 GB (64%) free of 29 GB
Total RAM: 511 MB (47% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:19, on 18.02.2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:Program FilesWinampwinampa.exe
C:Program FilesLexmark 3500-4500 Serieslxdimon.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Program FilesLexmark 3500-4500 Serieslxdiamon.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesPunto Switcherps.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesCalendariumCalendarium.exe
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:WINDOWSSystem32cisvc.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSSystem32lxdicoms.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32nvsvc32.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesOperaOpera.exe
C:Documents and SettingsНаташаРабочий столRSIT.exe
C:Program Filestrend microНаташа.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Lexmark Панель инструментов — {1017A80C-6F09-4548-A84D-EDD6AC9525F0} — C:Program FilesLexmark Toolbartoolband.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: &Радио — {8E718888-423F-11D2-876E-00A0C9082467} — C:WINDOWSSystem32msdxm.ocx
O3 — Toolbar: Lexmark Панель инструментов — {1017A80C-6F09-4548-A84D-EDD6AC9525F0} — C:Program FilesLexmark Toolbartoolband.dll
O4 — HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [OfficeGuard RegChecker] «C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Proogrc.exe»
O4 — HKLM..Run: [HomeAlarm] D:ВИНАМПОВСКИЕ ЧАСЫWCLOCK.EXE
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NVRTCLK] C:WINDOWSSystem32NVRTCLKNVRTClk.exe
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [FaxCenterServer] «C:Program FilesLexmark Fax Solutionsfm3032.exe» /s
O4 — HKLM..Run: [lxdimon.exe] «C:Program FilesLexmark 3500-4500 Serieslxdimon.exe»
O4 — HKLM..Run: [lxdiamon] «C:Program FilesLexmark 3500-4500 Serieslxdiamon.exe»
O4 — HKLM..Run: [LXDICATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXDItime.dll,_RunDLLEntry@16
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 — HKCU..Run: [Uniblue RegistryBooster 2009] C:Program FilesUniblueRegistryBoosterRegistryBooster.exe /S
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: BIRTHDAY! millennium.lnk = C:Program FilesBIRTHDAYbirthmil.exe
O4 — Startup: Calendarium.lnk = C:Program FilesCalendariumCalendarium.exe
O4 — Startup: Инструмент проверки носителя для Cyber-shot Viewer.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Add to AMV Convert Tool… — C:Program FilesMP3 Player Utilities 4.00AMVConvertergrab.html
O8 — Extra context menu item: MediaManager tool grab multimedia file — C:Program FilesMP3 Player Utilities 4.00MediaManagergrab.html
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Related — {c95fe080-8f5d-11d2-a20b-00aa003c157a} — C:WINDOWSwebrelated.htm
O9 — Extra ‘Tools’ menuitem: Show &Related Links — {c95fe080-8f5d-11d2-a20b-00aa003c157a} — C:WINDOWSwebrelated.htm
O17 — HKLMSystemCCSServicesTcpip..{80387CB4-E04F-4F7A-8174-4FA6F203B148}: NameServer = 89.151.191.2,89.151.190.213
O17 — HKLMSystemCCSServicesTcpip..{BF61008C-73C5-4636-8B1F-0ED82B6BB023}: NameServer = 89.151.191.2 89.151.190.213
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSSystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: lxdi_device — — C:WINDOWSSystem32lxdicoms.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSSystem32mnmsrvc.exe
O23 — Service: Служба сетевого DDE (NetDDE) — Корпорация Майкрософт — C:WINDOWSsystem32netdde.exe
O23 — Service: Диспетчер сетевого DDE (NetDDEdsdm) — Корпорация Майкрософт — C:WINDOWSsystem32netdde.exe
O23 — Service: NVIDIA Driver Helper Service (NVSvc) — NVIDIA Corporation — C:WINDOWSSystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Модуль поддержки смарт-карт (SCardDrv) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSSystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSSystem32wbemwmiapsrv.exe
O24 — Desktop Component 1: Aqua Real — 7db39a0d-580f-4be9-9195-8bfcd226f6c2—
End of file — 8619 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Панель инструментов — C:Program FilesLexmark Toolbartoolband.dll [2007-01-26 262144][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-02-10 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-02-10 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8E718888-423F-11D2-876E-00A0C9082467} — &Радио — C:WINDOWSSystem32msdxm.ocx [2001-10-20 845340]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} — Lexmark Панель инструментов — C:Program FilesLexmark Toolbartoolband.dll [2007-01-26 262144][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=C:WINDOWSSiSUSBrg.exe [2002-04-26 102400]
«NvCplDaemon»=NvQTwk []
«nwiz»=nwiz.exe /install []
«OfficeGuard RegChecker»=C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Proogrc.exe []
«HomeAlarm»=D:ВИНАМПОВСКИЕ ЧАСЫWCLOCK.EXE []
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2002-07-12 46592]
«NVRTCLK»=C:WINDOWSSystem32NVRTCLKNVRTClk.exe [2003-12-30 24576]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2005-10-26 159744]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2003-12-13 33792]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«FaxCenterServer»=C:Program FilesLexmark Fax Solutionsfm3032.exe [2007-03-06 312240]
«lxdimon.exe»=C:Program FilesLexmark 3500-4500 Serieslxdimon.exe [2007-03-06 435120]
«lxdiamon»=C:Program FilesLexmark 3500-4500 Serieslxdiamon.exe [2007-03-05 20480]
«LXDICATS»=rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXDItime.dll []
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-03-16 155648]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-02-10 148888][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2001-08-02 1077277]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2002-12-05 198656]
«ctfmon.exe»=C:WINDOWSSystem32ctfmon.exe [2001-10-20 13312]
«Uniblue RegistryBooster 2009″=C:Program FilesUniblueRegistryBoosterRegistryBooster.exe /S []C:Documents and SettingsНаташаГлавное менюПрограммыАвтозагрузка
BIRTHDAY! millennium.lnk — C:Program FilesBIRTHDAYbirthmil.exe
Calendarium.lnk — C:Program FilesCalendariumCalendarium.exe
Инструмент проверки носителя для Cyber-shot Viewer.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2009-02-13 11:12:44 —-D—- C:WINDOWSSystem32Adobe
2009-02-11 13:23:55 —-D—- C:Documents and SettingsНаташаApplication DataOpera
2009-02-11 13:23:44 —-D—- C:Program FilesOpera
2009-02-10 14:11:34 —-SHD—- C:FOUND.023
2009-02-10 12:39:27 —-D—- C:Documents and SettingsНаташаApplication DataUniblue
2009-02-10 12:28:14 —-A—- C:WINDOWSSystem32javaws.exe
2009-02-10 12:28:14 —-A—- C:WINDOWSSystem32javaw.exe
2009-02-10 12:28:14 —-A—- C:WINDOWSSystem32java.exe
2009-02-10 12:28:14 —-A—- C:WINDOWSSystem32deploytk.dll
2009-02-10 12:06:46 —-SHD—- C:FOUND.022
2009-02-05 18:24:52 —-D—- C:_OTMoveIt
2009-01-31 19:29:32 —-D—- C:Program Filestrend micro
2009-01-31 19:29:31 —-D—- C:rsit
2009-01-30 20:04:47 —-RASHD—- C:autorun.inf
2009-01-21 18:56:55 —-A—- C:WINDOWSIE4 Error Log.txt
2009-01-19 16:02:01 —-D—- C:WINDOWSSun
2009-01-19 16:02:01 —-D—- C:Documents and SettingsНаташаApplication DataSun
2009-01-19 15:39:54 —-SHD—- C:FOUND.021
2009-01-19 12:37:01 —-D—- C:Program FilesD-Link======List of files/folders modified in the last 1 months======
2009-02-18 18:17:48 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-18 18:01:08 —-A—- C:WINDOWSwinamp.ini
2009-02-14 20:45:58 —-A—- C:WINDOWSNeroDigital.ini
2009-01-27 18:22:42 —-A—- C:WINDOWSSystem32PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSSystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSSystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 klif;Klif; ??C:WINDOWSSystem32driversklif.sys []
R1 StarOpen;StarOpen; C:WINDOWSSystem32driversStarOpen.sys [2006-07-24 5632]
R2 Aspi32;Aspi32; C:WINDOWSSystem32driversaspi32.sys [2004-07-16 16512]
R2 eamon;EAMON; C:WINDOWSSystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 irda;ИК-протокол IrDA; C:WINDOWSSystem32DRIVERSirda.sys [2001-08-17 55296]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:WINDOWSSYSTEM32DRIVERSWibukey.sys [2004-08-18 67584]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2002-07-12 655596]
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; C:WINDOWSSystem32DRIVERSdlkfet5b.sys [2006-12-27 46080]
R3 GVCplDrv;GVCplDrv; C:WINDOWSSystem32driversGVCplDrv.sys [2004-05-02 23040]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2002-07-16 981466]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 usbhub;USB2 концентратор; C:WINDOWSSystem32DRIVERSusbhub.sys [2001-10-20 50688]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSSystem32DRIVERSusbohci.sys [2001-10-20 15616]
S3 actser;actser; C:WINDOWSsystem32driversactser.sys [2004-08-23 29440]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:WINDOWSSystem32DRIVERSAmps2prt.sys []
S3 aoifd73w;aoifd73w; C:WINDOWSSystem32driversaoifd73w.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSSystem32DRIVERSblueletaudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSSystem32DRIVERSbtnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSSystem32DRIVERSvbtenum.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSSystem32DRIVERSCCDECODE.sys [2004-07-09 16384]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSSystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 IrUSB;ArkMicro USB Infrared Miniport Adapter; C:WINDOWSSystem32DRIVERSIrUSB.sys [2006-03-06 13568]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:WINDOWSSystem32DRIVERSk750bus.sys [2006-08-01 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:WINDOWSSystem32DRIVERSk750mdfl.sys [2006-08-01 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:WINDOWSSystem32DRIVERSk750mdm.sys [2006-08-01 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:WINDOWSSystem32DRIVERSk750mgmt.sys [2006-08-01 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:WINDOWSSystem32DRIVERSk750obex.sys [2006-08-01 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSSystem32DRIVERSNABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSSystem32DRIVERSNdisIP.sys [2004-07-09 10112]
S3 nv4;nv4; C:WINDOWSSystem32DRIVERSnv4.sys [2001-08-17 731648]
S3 SiS7012;Service for AC’97 Sample Driver (WDM); C:WINDOWSsystem32driverssis7012.sys [2002-04-23 177280]
S3 slabbus;USB Data Cable driver (WDM); C:WINDOWSSystem32DRIVERSslabbus.sys []
S3 slabser;USB Data Cable Drivers; C:WINDOWSSystem32DRIVERSslabser.sys []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSSystem32DRIVERSSLIP.sys [2004-07-09 10880]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSSystem32DRIVERSssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSSystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSSystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSSystem32DRIVERSStreamIP.sys [2004-07-09 14976]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSSystem32DRIVERSusbccgp.sys [2001-08-17 24960]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSSystem32DRIVERSusbprint.sys [2001-08-17 24832]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSSystem32DRIVERSusbscan.sys [2001-08-17 13824]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2001-08-17 21760]
S3 VComm;Virtual Serial port driver; C:WINDOWSSystem32DRIVERSVComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys []
S3 W700bus;Sony Ericsson W700 Driver driver (WDM); C:WINDOWSSystem32DRIVERSW700bus.sys [2006-08-01 61536]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter; C:WINDOWSSystem32DRIVERSW700mdfl.sys [2006-08-01 9264]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver; C:WINDOWSSystem32DRIVERSW700mdm.sys [2006-08-01 97056]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM); C:WINDOWSSystem32DRIVERSW700mgmt.sys [2006-08-01 88560]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface; C:WINDOWSSystem32DRIVERSW700obex.sys [2006-08-01 86368]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSSystem32DRIVERSWSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:WINDOWSSystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-20 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2005-09-30 96341]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2007-12-21 468224]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSSystem32svchost.exe [2001-10-20 12800]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-02-10 152984]
R2 lxdi_device;lxdi_device; C:WINDOWSSystem32lxdicoms.exe [2007-03-06 517040]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:WINDOWSSystem32nvsvc32.exe [2002-07-16 61440]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Здравствуйте. После нескольких дней безоблачного пребывания в интернете, лента новостей вышла вновь. Я удачно, вроде, ее убрала, но все-таки высылаю новые логи RSIT.
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Наташа at 2009-02-14 20:07:02
Microsoft Windows XP Professional
System drive C: has 18 GB (64%) free of 29 GB
Total RAM: 511 MB (35% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:12, on 14.02.2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:Program FilesWinampwinampa.exe
C:Program FilesLexmark 3500-4500 Serieslxdimon.exe
C:Program FilesLexmark 3500-4500 Serieslxdiamon.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesPunto Switcherps.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesCalendariumCalendarium.exe
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:WINDOWSSystem32cisvc.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSSystem32lxdicoms.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32nvsvc32.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesOperaOpera.exe
C:WINDOWSSystem32cidaemon.exe
C:WINDOWSSystem32cidaemon.exe
C:Documents and SettingsНаташаРабочий столRSIT.exe
C:Program Filestrend microНаташа.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Lexmark Панель инструментов — {1017A80C-6F09-4548-A84D-EDD6AC9525F0} — C:Program FilesLexmark Toolbartoolband.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: &Радио — {8E718888-423F-11D2-876E-00A0C9082467} — C:WINDOWSSystem32msdxm.ocx
O3 — Toolbar: Lexmark Панель инструментов — {1017A80C-6F09-4548-A84D-EDD6AC9525F0} — C:Program FilesLexmark Toolbartoolband.dll
O4 — HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [OfficeGuard RegChecker] «C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Proogrc.exe»
O4 — HKLM..Run: [HomeAlarm] D:ВИНАМПОВСКИЕ ЧАСЫWCLOCK.EXE
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NVRTCLK] C:WINDOWSSystem32NVRTCLKNVRTClk.exe
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [FaxCenterServer] «C:Program FilesLexmark Fax Solutionsfm3032.exe» /s
O4 — HKLM..Run: [lxdimon.exe] «C:Program FilesLexmark 3500-4500 Serieslxdimon.exe»
O4 — HKLM..Run: [lxdiamon] «C:Program FilesLexmark 3500-4500 Serieslxdiamon.exe»
O4 — HKLM..Run: [LXDICATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXDItime.dll,_RunDLLEntry@16
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 — HKCU..Run: [rs32net] C:WINDOWSSystem32rs32net.exe
O4 — HKCU..Run: [Uniblue RegistryBooster 2009] C:Program FilesUniblueRegistryBoosterRegistryBooster.exe /S
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: BIRTHDAY! millennium.lnk = C:Program FilesBIRTHDAYbirthmil.exe
O4 — Startup: Calendarium.lnk = C:Program FilesCalendariumCalendarium.exe
O4 — Startup: Инструмент проверки носителя для Cyber-shot Viewer.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Add to AMV Convert Tool… — C:Program FilesMP3 Player Utilities 4.00AMVConvertergrab.html
O8 — Extra context menu item: MediaManager tool grab multimedia file — C:Program FilesMP3 Player Utilities 4.00MediaManagergrab.html
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Related — {c95fe080-8f5d-11d2-a20b-00aa003c157a} — C:WINDOWSwebrelated.htm
O9 — Extra ‘Tools’ menuitem: Show &Related Links — {c95fe080-8f5d-11d2-a20b-00aa003c157a} — C:WINDOWSwebrelated.htm
O17 — HKLMSystemCCSServicesTcpip..{80387CB4-E04F-4F7A-8174-4FA6F203B148}: NameServer = 89.151.191.2,89.151.190.213
O17 — HKLMSystemCCSServicesTcpip..{BF61008C-73C5-4636-8B1F-0ED82B6BB023}: NameServer = 89.151.191.2 89.151.190.213
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSSystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: lxdi_device — — C:WINDOWSSystem32lxdicoms.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSSystem32mnmsrvc.exe
O23 — Service: Служба сетевого DDE (NetDDE) — Корпорация Майкрософт — C:WINDOWSsystem32netdde.exe
O23 — Service: Диспетчер сетевого DDE (NetDDEdsdm) — Корпорация Майкрософт — C:WINDOWSsystem32netdde.exe
O23 — Service: NVIDIA Driver Helper Service (NVSvc) — NVIDIA Corporation — C:WINDOWSSystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Модуль поддержки смарт-карт (SCardDrv) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSSystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSSystem32wbemwmiapsrv.exe
O24 — Desktop Component 1: Aqua Real — 7db39a0d-580f-4be9-9195-8bfcd226f6c2—
End of file — 8748 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Панель инструментов — C:Program FilesLexmark Toolbartoolband.dll [2007-01-26 262144][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-02-10 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-02-10 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8E718888-423F-11D2-876E-00A0C9082467} — &Радио — C:WINDOWSSystem32msdxm.ocx [2001-10-20 845340]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} — Lexmark Панель инструментов — C:Program FilesLexmark Toolbartoolband.dll [2007-01-26 262144][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=C:WINDOWSSiSUSBrg.exe [2002-04-26 102400]
«NvCplDaemon»=NvQTwk []
«nwiz»=nwiz.exe /install []
«OfficeGuard RegChecker»=C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Proogrc.exe []
«HomeAlarm»=D:ВИНАМПОВСКИЕ ЧАСЫWCLOCK.EXE []
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2002-07-12 46592]
«NVRTCLK»=C:WINDOWSSystem32NVRTCLKNVRTClk.exe [2003-12-30 24576]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2005-10-26 159744]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2003-12-13 33792]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«FaxCenterServer»=C:Program FilesLexmark Fax Solutionsfm3032.exe [2007-03-06 312240]
«lxdimon.exe»=C:Program FilesLexmark 3500-4500 Serieslxdimon.exe [2007-03-06 435120]
«lxdiamon»=C:Program FilesLexmark 3500-4500 Serieslxdiamon.exe [2007-03-05 20480]
«LXDICATS»=rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXDItime.dll []
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-03-16 155648]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-02-10 148888][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2001-08-02 1077277]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2002-12-05 198656]
«ctfmon.exe»=C:WINDOWSSystem32ctfmon.exe [2001-10-20 13312]
«rs32net»=C:WINDOWSSystem32rs32net.exe []
«Uniblue RegistryBooster 2009″=C:Program FilesUniblueRegistryBoosterRegistryBooster.exe /S []C:Documents and SettingsНаташаГлавное менюПрограммыАвтозагрузка
BIRTHDAY! millennium.lnk — C:Program FilesBIRTHDAYbirthmil.exe
Calendarium.lnk — C:Program FilesCalendariumCalendarium.exe
Инструмент проверки носителя для Cyber-shot Viewer.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati0xbxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2hkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2jmxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3twxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3uxxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4fixx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5ikxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5xbxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6xbxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7gjxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7hkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7psxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7ycxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8bdxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8ycxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati0xbxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2hkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2jmxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati3twxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati3uxxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4fixx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5ikxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5xbxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6xbxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7gjxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7hkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7psxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7ycxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8bdxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8ycxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2009-02-13 11:12:44 —-D—- C:WINDOWSSystem32Adobe
2009-02-11 13:23:55 —-D—- C:Documents and SettingsНаташаApplication DataOpera
2009-02-11 13:23:44 —-D—- C:Program FilesOpera
2009-02-10 14:11:34 —-SHD—- C:FOUND.023
2009-02-10 12:39:27 —-D—- C:Documents and SettingsНаташаApplication DataUniblue
2009-02-10 12:28:14 —-A—- C:WINDOWSSystem32javaws.exe
2009-02-10 12:28:14 —-A—- C:WINDOWSSystem32javaw.exe
2009-02-10 12:28:14 —-A—- C:WINDOWSSystem32java.exe
2009-02-10 12:28:14 —-A—- C:WINDOWSSystem32deploytk.dll
2009-02-10 12:06:46 —-SHD—- C:FOUND.022
2009-02-05 18:24:52 —-D—- C:_OTMoveIt
2009-01-31 19:29:32 —-D—- C:Program Filestrend micro
2009-01-31 19:29:31 —-D—- C:rsit
2009-01-30 20:04:47 —-RASHD—- C:autorun.inf
2009-01-21 18:56:55 —-A—- C:WINDOWSIE4 Error Log.txt
2009-01-19 16:02:01 —-D—- C:WINDOWSSun
2009-01-19 16:02:01 —-D—- C:Documents and SettingsНаташаApplication DataSun
2009-01-19 15:39:54 —-SHD—- C:FOUND.021
2009-01-19 12:37:01 —-D—- C:Program FilesD-Link======List of files/folders modified in the last 1 months======
2009-02-13 20:35:04 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-11 21:10:18 —-A—- C:WINDOWSwinamp.ini
2009-01-27 18:22:42 —-A—- C:WINDOWSSystem32PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSSystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSSystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 klif;Klif; ??C:WINDOWSSystem32driversklif.sys []
R1 StarOpen;StarOpen; C:WINDOWSSystem32driversStarOpen.sys [2006-07-24 5632]
R2 Aspi32;Aspi32; C:WINDOWSSystem32driversaspi32.sys [2004-07-16 16512]
R2 eamon;EAMON; C:WINDOWSSystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 irda;ИК-протокол IrDA; C:WINDOWSSystem32DRIVERSirda.sys [2001-08-17 55296]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:WINDOWSSYSTEM32DRIVERSWibukey.sys [2004-08-18 67584]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2002-07-12 655596]
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; C:WINDOWSSystem32DRIVERSdlkfet5b.sys [2006-12-27 46080]
R3 GVCplDrv;GVCplDrv; C:WINDOWSSystem32driversGVCplDrv.sys [2004-05-02 23040]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2002-07-16 981466]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 usbhub;USB2 концентратор; C:WINDOWSSystem32DRIVERSusbhub.sys [2001-10-20 50688]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSSystem32DRIVERSusbohci.sys [2001-10-20 15616]
S3 a4hhtf5n;a4hhtf5n; C:WINDOWSSystem32driversa4hhtf5n.sys []
S3 actser;actser; C:WINDOWSsystem32driversactser.sys [2004-08-23 29440]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:WINDOWSSystem32DRIVERSAmps2prt.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSSystem32DRIVERSblueletaudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSSystem32DRIVERSbtnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSSystem32DRIVERSvbtenum.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSSystem32DRIVERSCCDECODE.sys [2004-07-09 16384]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSSystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 IrUSB;ArkMicro USB Infrared Miniport Adapter; C:WINDOWSSystem32DRIVERSIrUSB.sys [2006-03-06 13568]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:WINDOWSSystem32DRIVERSk750bus.sys [2006-08-01 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:WINDOWSSystem32DRIVERSk750mdfl.sys [2006-08-01 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:WINDOWSSystem32DRIVERSk750mdm.sys [2006-08-01 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:WINDOWSSystem32DRIVERSk750mgmt.sys [2006-08-01 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:WINDOWSSystem32DRIVERSk750obex.sys [2006-08-01 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSSystem32DRIVERSNABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSSystem32DRIVERSNdisIP.sys [2004-07-09 10112]
S3 nv4;nv4; C:WINDOWSSystem32DRIVERSnv4.sys [2001-08-17 731648]
S3 SiS7012;Service for AC’97 Sample Driver (WDM); C:WINDOWSsystem32driverssis7012.sys [2002-04-23 177280]
S3 slabbus;USB Data Cable driver (WDM); C:WINDOWSSystem32DRIVERSslabbus.sys []
S3 slabser;USB Data Cable Drivers; C:WINDOWSSystem32DRIVERSslabser.sys []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSSystem32DRIVERSSLIP.sys [2004-07-09 10880]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSSystem32DRIVERSssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSSystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSSystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSSystem32DRIVERSStreamIP.sys [2004-07-09 14976]
S3 tcpsr;tcpsr; ??C:WINDOWSSystem32driverstcpsr.sys []
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSSystem32DRIVERSusbccgp.sys [2001-08-17 24960]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSSystem32DRIVERSusbprint.sys [2001-08-17 24832]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSSystem32DRIVERSusbscan.sys [2001-08-17 13824]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2001-08-17 21760]
S3 VComm;Virtual Serial port driver; C:WINDOWSSystem32DRIVERSVComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys []
S3 W700bus;Sony Ericsson W700 Driver driver (WDM); C:WINDOWSSystem32DRIVERSW700bus.sys [2006-08-01 61536]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter; C:WINDOWSSystem32DRIVERSW700mdfl.sys [2006-08-01 9264]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver; C:WINDOWSSystem32DRIVERSW700mdm.sys [2006-08-01 97056]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM); C:WINDOWSSystem32DRIVERSW700mgmt.sys [2006-08-01 88560]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface; C:WINDOWSSystem32DRIVERSW700obex.sys [2006-08-01 86368]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSSystem32DRIVERSWSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:WINDOWSSystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-20 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2005-09-30 96341]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2007-12-21 468224]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSSystem32svchost.exe [2001-10-20 12800]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-02-10 152984]
R2 lxdi_device;lxdi_device; C:WINDOWSSystem32lxdicoms.exe [2007-03-06 517040]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:WINDOWSSystem32nvsvc32.exe [2002-07-16 61440]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
info.txt logfile of random’s system information tool 1.05 2009-02-14 20:07:16======Uninstall list======
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4E7DC12A-3597-4A94-9429-F6C6987361B1}setup.exe» -l0x19 -removeonly
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7DADB304-AF20-48C3-A780-4B4133A08817}setup.exe» -l0x19 -removeonly
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}setup.exe» -l0x19 -removeonly
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}setup.exe» -l0x19 -removeonly
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee 5.0 Standard—>MsiExec.exe /I{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}
Act 3d Silex Screensaver—>C:Program FilesAct 3dSilex Screensaveruninstall.exe
Adobe Flash Player 10 ActiveX—>C:WINDOWSSystem32MacromedFlashuninstall_activeX.exe
Adobe Shockwave Player 11—>C:WINDOWSSystem32adobeSHOCKW~1UNWISE.EXE C:WINDOWSSystem32AdobeSHOCKW~1Install.log
ArchiCAD 9 INT—>C:Program FilesGraphisoftArchiCAD 9Uninstall.ACuninstaller.exe
AudioCatalyst—>C:PROGRA~1XINGAUDIOC~1UNINST~1.EXE C:PROGRA~1XINGAUDIOC~1install.log
AudioConvert—>C:PROGRA~1AUDIOC~1UNWISE.EXE C:PROGRA~1AUDIOC~1INSTALL.LOG
Avance AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
BIRTHDAY! millennium—>C:WINDOWSbmuninst.exe
Calendarium v2.7—>»C:Program FilesCalendariumunins000.exe»
Canon Camera Access Library—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonCALUninst.ini»
Canon Camera Support Core Library—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonCSCLIBUninst.ini»
Canon Camera Window DC_DV 6 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDVC6Uninst.ini»
Canon Camera Window MC 6 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowMCUninst.ini»
Canon G.726 WMP-Decoder—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonG726DecoderG726DecUnInstall.ini»
Canon RAW Image Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonRAW Image TaskUninst.ini»
Canon RemoteCapture Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonCameraWindowRemoteCaptureTask DCUninst.ini»
Canon Utilities EOS Utility—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonEOS UtilityUninst.ini»
Canon Utilities PhotoStitch—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonPhotoStitchUninst.ini»
Canon Utilities ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramUninst.ini»
Clock OPT—>C:WINDOWSiun505.exe C:Program FilesClock OPTirunin.ini
Colin McRae Rally 2.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EE4656A6-3283-11D6-A077-9EE0D9E64843}Setup.exe» -l0x19
DivX 5.0 Pro Bundle—>C:WINDOWSunvise32.exe C:Program FilesDivXuninstal.log
DivX 5.0.5 Pro Video Codec—>C:WINDOWSSystem32rundll32.exe setupapi.dll,InstallHinfSection Remove_Mpeg_NT 132 C:WINDOWSINFdivx50.inf
DivX Codec—>C:WINDOWSunvise32.exe C:Program FilesDivXDivX Codecuninstal.log
DivX Player—>C:WINDOWSunvise32.exe C:Program FilesDivXDivX Playeruninstal.log
D-Link DFE520TX—>C:PROGRA~1COMMON~1INSTAL~1Driver10INTEL3~1IDriver.exe /M{9629C9A1-74F7-4DD0-B99B-9066925E63F8}
D-Link PCI Fast Ethernet Adapter—>Rundll32.exe vuins32.dll,vuins32Ex $Rhine $D-Link
ESET NOD32 Antivirus—>MsiExec.exe /I{3407FD83-0A2F-475E-BE94-34F1FA342C84}
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
IGI 2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll
Java(TM) 6 Update 12—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
K-Lite Mega Codec Pack 1.61—>»C:Program FilesK-Lite Codec Packunins000.exe»
Lernout & Hauspie TruVoice for Microsoft Agent—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFcgminst.inf, RemoveCgram
Lexmark 3500-4500 Series—>C:Program FilesLexmark 3500-4500 SeriesInstallx86Uninst.exe
Lexmark Панель инструментов—>regsvr32.exe /s /u «C:Program FilesLexmark Toolbartoolband.dll»
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Agent 1.5—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFagtinst.inf, RemoveAgent
Microsoft Command & Control Engine—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFmscnc.inf, Uninstall
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003—>MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Speech API 3.0—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFspchapi.inf, Uninstall
Microsoft Speech Lexicon—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFmslex.inf, Uninstall
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
MP3 Player Utilities 4.00—>MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MS Visio 2003 Руссификатор—>C:PROGRA~1MICROS~2UNWISE.EXE C:PROGRA~1MICROS~2INSTALL.LOG
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NVIDIA Windows 2000/XP Display Drivers—>rundll32.exe C:WINDOWSSystem32nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Opera 9.63—>MsiExec.exe /X{2C0CD17D-0B06-4700-83FA-7344B868B0A2}
PL-2303 USB-to-Serial—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}Setup.exe» -l0x9 Installed
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
Punto Switcher 2.5—>C:Program FilesPunto Switcheruninstall.exe
QuickTime—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Russian interface language for ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /X{A32C73ED-D8AD-4805-B293-39022C3DF15D}
Russian Nature Screen Saver—>C:PROGRA~1RNSSUNWISE.EXE C:PROGRA~1RNSSINSTALL.LOG
SAMSUNG CDMA Modem Driver Set—>C:WINDOWSSystem32Samsung_USB_Drivers3SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software—>C:WINDOWSSystem32Samsung_USB_Drivers1SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software—>C:WINDOWSSystem32Samsung_USB_Drivers2SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}setup.exe» -l0x19 -removeonly
Samsung PC Studio 3—>»C:Program FilesInstallShield Installation Information{C4A4722E-79F9-417C-BD72-8D359A090C97}setup.exe» -runfromtemp -l0x0019 -removeonly
Samsung Samples Installer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7AC15160-A49B-4A89-B181-D4619C025FFF}setup.exe» -l0x19 -removeonly
SiS Audio Driver—>C:Progra~1SiS7012Uninstuninst2k.exe PCIVEN_1039&DEV_7012
Sony Ericsson PC Suite 1.20.173—>MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Sony Picture Utility—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D5068583-D569-468B-9755-5FBF5848F46F}setup.exe» -l0x19 /removeonly uninstall -removeonly
Sony USB Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}Setup.exe» UNINSTALL
The Playa—>»C:Program FilesThe Playauninstall.exe»
WIBU-KEY Setup (WIBU-KEY Remove)—>C:Program FilesWIBUKEYSetupSetup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
XingMP3 Player—>C:PROGRA~1XINGXINGMP~1UNINST~1.EXE C:PROGRA~1XINGXINGMP~1install.log
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
ОргПанель 2.1—>»C:WINDOWSUNISTB32.EXE» /U «C:Program FilesOrgPanelUNINST0.000» «C:Program FilesOrgPanelUNINST1.000»
Решения факса Lexmark—>C:Program FilesLexmark Fax SolutionsInstallx86Uninst.exe /R:faxunst
Салон красоты 2—>C:WINDOWSIsUn0419.exe -f»C:Program FilesChanges 2Uninst.isu»
Телефонный справочник—>C:Program FilesСправочникиТелефоныuninstall.exeSystem event log
Computer Name: HOME-BLQYLVIA8I
Event Code: 7035
Message: Служба «Сетевые подключения» успешно отправила управляющий элемент «запустить».Record Number: 45065
Source Name: Service Control Manager
Time Written: 20081103133608.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: HOME-BLQYLVIA8I
Event Code: 7035
Message: Служба «Служба COM записи компакт-дисков IMAPI» успешно отправила управляющий элемент «запустить».Record Number: 45064
Source Name: Service Control Manager
Time Written: 20081103133608.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: HOME-BLQYLVIA8I
Event Code: 7036
Message: Служба «Совместимость быстрого переключения пользователей» перешла в состояние Работает.Record Number: 45063
Source Name: Service Control Manager
Time Written: 20081103133608.000000+180
Event Type: информация
User:Computer Name: HOME-BLQYLVIA8I
Event Code: 7035
Message: Служба «Совместимость быстрого переключения пользователей» успешно отправила управляющий элемент «запустить».Record Number: 45062
Source Name: Service Control Manager
Time Written: 20081103133607.000000+180
Event Type: информация
User: HOME-BLQYLVIA8IНаташаComputer Name: HOME-BLQYLVIA8I
Event Code: 26
Message: Всплывающее окно приложения: : Machine Check: RegsRecord Number: 45061
Source Name: Application Popup
Time Written: 20081103133430.000000+180
Event Type: информация
User:Application event log
Computer Name: HOME-BLQYLVIA8I
Event Code: 1000
Message: Ошибка приложения winamp.exe, версия 5.0.0.5, модуль wmvcore.dll, версия 8.0.0.4477, адрес 0x0001f26b.Record Number: 3737
Source Name: Application Error
Time Written: 20070602192138.000000+240
Event Type: ошибка
User:Computer Name: HOME-BLQYLVIA8I
Event Code: 4144
Message: Добавить область d: в индекс.Record Number: 3736
Source Name: Ci
Time Written: 20070602183231.000000+240
Event Type: информация
User:Computer Name: HOME-BLQYLVIA8I
Event Code: 4144
Message: Добавить область c: в индекс.Record Number: 3735
Source Name: Ci
Time Written: 20070602183225.000000+240
Event Type: информация
User:Computer Name: HOME-BLQYLVIA8I
Event Code: 4137
Message: Служба индексирования начала просмотр каталога c:documents and settingsall usersapplication datamicrosoftvisiocatalog.wci.Record Number: 3734
Source Name: Ci
Time Written: 20070602183224.000000+240
Event Type: информация
User:Computer Name: HOME-BLQYLVIA8I
Event Code: 4144
Message: Добавить область c:documents and settings в индекс.Record Number: 3733
Source Name: Ci
Time Written: 20070602183218.000000+240
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesTeleca Shared;C:Program FilesSamsungSamsung PC Studio 3;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
«PROCESSOR_REVISION»=0801
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«DEFAULT_CA_NR»=CA6
«CLASSPATH»=C:Program FilesJavajre1.5.0_06libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.5.0_06libextQTJava.zip
EOF
Спасибо большое. С вашей помощью пропала лента новостей. Надеюсь таких неприятных неожиданностей больше не будет.
Здравстуйте. Лента исчезла, или удалилась — не знаю как правильно. 😀
Спасибо за поддержку и помощь. Вот что выдал OTMoveIt3
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\OrgPanel deleted successfully.
========== FILES ==========
C:Documents and SettingsAll UsersApplication Datarjxlib.dll unregistered successfully.
C:Documents and SettingsAll UsersApplication Datarjxlib.dll moved successfully.
C:Documents and SettingsAll UsersApplication Dataxiglib.dll unregistered successfully.
C:Documents and SettingsAll UsersApplication Dataxiglib.dll moved successfully.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 02052009_202357
Files moved on Reboot…
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat moved successfully.И новый RSIT лог:
info.txt logfile of random’s system information tool 1.05 2009-02-06 20:05:05======Uninstall list======
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4E7DC12A-3597-4A94-9429-F6C6987361B1}setup.exe» -l0x19 -removeonly
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7DADB304-AF20-48C3-A780-4B4133A08817}setup.exe» -l0x19 -removeonly
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}setup.exe» -l0x19 -removeonly
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}setup.exe» -l0x19 -removeonly
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee 5.0 Standard—>MsiExec.exe /I{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}
Act 3d Silex Screensaver—>C:Program FilesAct 3dSilex Screensaveruninstall.exe
Adobe Flash Player 10 ActiveX—>C:WINDOWSSystem32MacromedFlashuninstall_activeX.exe
ArchiCAD 9 INT—>C:Program FilesGraphisoftArchiCAD 9Uninstall.ACuninstaller.exe
AudioCatalyst—>C:PROGRA~1XINGAUDIOC~1UNINST~1.EXE C:PROGRA~1XINGAUDIOC~1install.log
AudioConvert—>C:PROGRA~1AUDIOC~1UNWISE.EXE C:PROGRA~1AUDIOC~1INSTALL.LOG
Avance AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
BIRTHDAY! millennium—>C:WINDOWSbmuninst.exe
Calendarium v2.7—>»C:Program FilesCalendariumunins000.exe»
Canon Camera Access Library—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonCALUninst.ini»
Canon Camera Support Core Library—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonCSCLIBUninst.ini»
Canon Camera Window DC_DV 6 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDVC6Uninst.ini»
Canon Camera Window MC 6 for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowMCUninst.ini»
Canon G.726 WMP-Decoder—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonG726DecoderG726DecUnInstall.ini»
Canon RAW Image Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonRAW Image TaskUninst.ini»
Canon RemoteCapture Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonCameraWindowRemoteCaptureTask DCUninst.ini»
Canon Utilities EOS Utility—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonEOS UtilityUninst.ini»
Canon Utilities PhotoStitch—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonPhotoStitchUninst.ini»
Canon Utilities ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.0.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramUninst.ini»
Clock OPT—>C:WINDOWSiun505.exe C:Program FilesClock OPTirunin.ini
Colin McRae Rally 2.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EE4656A6-3283-11D6-A077-9EE0D9E64843}Setup.exe» -l0x19
DivX 5.0 Pro Bundle—>C:WINDOWSunvise32.exe C:Program FilesDivXuninstal.log
DivX 5.0.5 Pro Video Codec—>C:WINDOWSSystem32rundll32.exe setupapi.dll,InstallHinfSection Remove_Mpeg_NT 132 C:WINDOWSINFdivx50.inf
DivX Codec—>C:WINDOWSunvise32.exe C:Program FilesDivXDivX Codecuninstal.log
DivX Player—>C:WINDOWSunvise32.exe C:Program FilesDivXDivX Playeruninstal.log
D-Link DFE520TX—>C:PROGRA~1COMMON~1INSTAL~1Driver10INTEL3~1IDriver.exe /M{9629C9A1-74F7-4DD0-B99B-9066925E63F8}
D-Link PCI Fast Ethernet Adapter—>Rundll32.exe vuins32.dll,vuins32Ex $Rhine $D-Link
ESET NOD32 Antivirus—>MsiExec.exe /I{3407FD83-0A2F-475E-BE94-34F1FA342C84}
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
IGI 2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll
J2SE Runtime Environment 5.0 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
K-Lite Mega Codec Pack 1.61—>»C:Program FilesK-Lite Codec Packunins000.exe»
Lernout & Hauspie TruVoice for Microsoft Agent—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFcgminst.inf, RemoveCgram
Lexmark 3500-4500 Series—>C:Program FilesLexmark 3500-4500 SeriesInstallx86Uninst.exe
Lexmark Панель инструментов—>regsvr32.exe /s /u «C:Program FilesLexmark Toolbartoolband.dll»
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Agent 1.5—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFagtinst.inf, RemoveAgent
Microsoft Command & Control Engine—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFmscnc.inf, Uninstall
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003—>MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Speech API 3.0—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFspchapi.inf, Uninstall
Microsoft Speech Lexicon—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFmslex.inf, Uninstall
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
MP3 Player Utilities 4.00—>MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MS Visio 2003 Руссификатор—>C:PROGRA~1MICROS~2UNWISE.EXE C:PROGRA~1MICROS~2INSTALL.LOG
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NVIDIA Windows 2000/XP Display Drivers—>rundll32.exe C:WINDOWSSystem32nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
PL-2303 USB-to-Serial—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}Setup.exe» -l0x9 Installed
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
Punto Switcher 2.5—>C:Program FilesPunto Switcheruninstall.exe
QuickTime—>C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Russian interface language for ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /X{A32C73ED-D8AD-4805-B293-39022C3DF15D}
Russian Nature Screen Saver—>C:PROGRA~1RNSSUNWISE.EXE C:PROGRA~1RNSSINSTALL.LOG
SAMSUNG CDMA Modem Driver Set—>C:WINDOWSSystem32Samsung_USB_Drivers3SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software—>C:WINDOWSSystem32Samsung_USB_Drivers1SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software—>C:WINDOWSSystem32Samsung_USB_Drivers2SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}setup.exe» -l0x19 -removeonly
Samsung PC Studio 3—>»C:Program FilesInstallShield Installation Information{C4A4722E-79F9-417C-BD72-8D359A090C97}setup.exe» -runfromtemp -l0x0019 -removeonly
Samsung Samples Installer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7AC15160-A49B-4A89-B181-D4619C025FFF}setup.exe» -l0x19 -removeonly
SiS Audio Driver—>C:Progra~1SiS7012Uninstuninst2k.exe PCIVEN_1039&DEV_7012
Sony Ericsson PC Suite 1.20.173—>MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Sony Picture Utility—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D5068583-D569-468B-9755-5FBF5848F46F}setup.exe» -l0x19 /removeonly uninstall -removeonly
Sony USB Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}Setup.exe» UNINSTALL
The Playa—>»C:Program FilesThe Playauninstall.exe»
WIBU-KEY Setup (WIBU-KEY Remove)—>C:Program FilesWIBUKEYSetupSetup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
XingMP3 Player—>C:PROGRA~1XINGXINGMP~1UNINST~1.EXE C:PROGRA~1XINGXINGMP~1install.log
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
ОргПанель 2.1—>»C:WINDOWSUNISTB32.EXE» /U «C:Program FilesOrgPanelUNINST0.000» «C:Program FilesOrgPanelUNINST1.000»
Решения факса Lexmark—>C:Program FilesLexmark Fax SolutionsInstallx86Uninst.exe /R:faxunst
Салон красоты 2—>C:WINDOWSIsUn0419.exe -f»C:Program FilesChanges 2Uninst.isu»
Телефонный справочник—>C:Program FilesСправочникиТелефоныuninstall.exeSystem event log
Computer Name: HOME-BLQYLVIA8I
Event Code: 7035
Message: Служба «Диспетчер авто-подключений удаленного доступа» успешно отправила управляющий элемент «запустить».Record Number: 44413
Source Name: Service Control Manager
Time Written: 20080808202217.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: HOME-BLQYLVIA8I
Event Code: 7036
Message: Служба «Диспетчер подключений удаленного доступа» перешла в состояние Работает.Record Number: 44412
Source Name: Service Control Manager
Time Written: 20080808202217.000000+240
Event Type: информация
User:Computer Name: HOME-BLQYLVIA8I
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Остановлена.Record Number: 44411
Source Name: Service Control Manager
Time Written: 20080808202217.000000+240
Event Type: информация
User:Computer Name: HOME-BLQYLVIA8I
Event Code: 7035
Message: Служба «Диспетчер подключений удаленного доступа» успешно отправила управляющий элемент «запустить».Record Number: 44410
Source Name: Service Control Manager
Time Written: 20080808202217.000000+240
Event Type: информация
User: HOME-BLQYLVIA8IНаташаComputer Name: HOME-BLQYLVIA8I
Event Code: 7036
Message: Служба «Телефония» перешла в состояние Работает.Record Number: 44409
Source Name: Service Control Manager
Time Written: 20080808202217.000000+240
Event Type: информация
User:Application event log
Computer Name: HOME-BLQYLVIA8I
Event Code: 2001
Message: Служба EAPOL успешно запущенаRecord Number: 3519
Source Name: EAPOL
Time Written: 20070428134044.000000+240
Event Type: информация
User:Computer Name: HOME-BLQYLVIA8I
Event Code: 4137
Message: Служба индексирования начала просмотр каталога c:documents and settingsall usersapplication datamicrosoftvisiocatalog.wci.Record Number: 3518
Source Name: Ci
Time Written: 20070428132810.000000+240
Event Type: информация
User:Computer Name: HOME-BLQYLVIA8I
Event Code: 4130
Message: Восстановление для PropertyStore в каталоге c:system volume informationcatalog.wci проведено успешно.Record Number: 3517
Source Name: Ci
Time Written: 20070428132752.000000+240
Event Type: информация
User:Computer Name: HOME-BLQYLVIA8I
Event Code: 4129
Message: Начинается восстановление PropertyStore в каталоге c:system volume informationcatalog.wci.Record Number: 3516
Source Name: Ci
Time Written: 20070428132626.000000+240
Event Type: информация
User:Computer Name: HOME-BLQYLVIA8I
Event Code: 4137
Message: Служба индексирования начала просмотр каталога c:system volume informationcatalog.wci.Record Number: 3515
Source Name: Ci
Time Written: 20070428132626.000000+240
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesTeleca Shared;C:Program FilesSamsungSamsung PC Studio 3;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
«PROCESSOR_REVISION»=0801
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«DEFAULT_CA_NR»=CA6
«CLASSPATH»=C:Program FilesJavajre1.5.0_06libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.5.0_06libextQTJava.zip
EOF
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Наташа at 2009-02-06 20:04:54
Microsoft Windows XP Professional
System drive C: has 19 GB (65%) free of 29 GB
Total RAM: 511 MB (50% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:01, on 06.02.2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:Program FilesWinampwinampa.exe
C:Program FilesLexmark 3500-4500 Serieslxdimon.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Program FilesLexmark 3500-4500 Serieslxdiamon.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesPunto Switcherps.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesCalendariumCalendarium.exe
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:WINDOWSSystem32cisvc.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:WINDOWSSystem32lxdicoms.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32nvsvc32.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSystem32cidaemon.exe
C:WINDOWSSystem32cidaemon.exe
C:Documents and SettingsНаташаРабочий столRSIT.exe
C:Program Filestrend microНаташа.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Lexmark Панель инструментов — {1017A80C-6F09-4548-A84D-EDD6AC9525F0} — C:Program FilesLexmark Toolbartoolband.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.5.0_06binssv.dll
O3 — Toolbar: &Радио — {8E718888-423F-11D2-876E-00A0C9082467} — C:WINDOWSSystem32msdxm.ocx
O3 — Toolbar: Lexmark Панель инструментов — {1017A80C-6F09-4548-A84D-EDD6AC9525F0} — C:Program FilesLexmark Toolbartoolband.dll
O4 — HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [OfficeGuard RegChecker] «C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Proogrc.exe»
O4 — HKLM..Run: [HomeAlarm] D:ВИНАМПОВСКИЕ ЧАСЫWCLOCK.EXE
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NVRTCLK] C:WINDOWSSystem32NVRTCLKNVRTClk.exe
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [FaxCenterServer] «C:Program FilesLexmark Fax Solutionsfm3032.exe» /s
O4 — HKLM..Run: [lxdimon.exe] «C:Program FilesLexmark 3500-4500 Serieslxdimon.exe»
O4 — HKLM..Run: [lxdiamon] «C:Program FilesLexmark 3500-4500 Serieslxdiamon.exe»
O4 — HKLM..Run: [LXDICATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXDItime.dll,_RunDLLEntry@16
O4 — HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: BIRTHDAY! millennium.lnk = C:Program FilesBIRTHDAYbirthmil.exe
O4 — Startup: Calendarium.lnk = C:Program FilesCalendariumCalendarium.exe
O4 — Startup: Инструмент проверки носителя для Cyber-shot Viewer.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Add to AMV Convert Tool… — C:Program FilesMP3 Player Utilities 4.00AMVConvertergrab.html
O8 — Extra context menu item: MediaManager tool grab multimedia file — C:Program FilesMP3 Player Utilities 4.00MediaManagergrab.html
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_06binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.5.0_06binssv.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Related — {c95fe080-8f5d-11d2-a20b-00aa003c157a} — C:WINDOWSwebrelated.htm
O9 — Extra ‘Tools’ menuitem: Show &Related Links — {c95fe080-8f5d-11d2-a20b-00aa003c157a} — C:WINDOWSwebrelated.htm
O17 — HKLMSystemCCSServicesTcpip..{80387CB4-E04F-4F7A-8174-4FA6F203B148}: NameServer = 89.151.191.2,89.151.190.213
O17 — HKLMSystemCCSServicesTcpip..{BF61008C-73C5-4636-8B1F-0ED82B6BB023}: NameServer = 89.151.191.2 89.151.190.213
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSSystem32imapi.exe
O23 — Service: lxdi_device — — C:WINDOWSSystem32lxdicoms.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSSystem32mnmsrvc.exe
O23 — Service: Служба сетевого DDE (NetDDE) — Корпорация Майкрософт — C:WINDOWSsystem32netdde.exe
O23 — Service: Диспетчер сетевого DDE (NetDDEdsdm) — Корпорация Майкрософт — C:WINDOWSsystem32netdde.exe
O23 — Service: NVIDIA Driver Helper Service (NVSvc) — NVIDIA Corporation — C:WINDOWSSystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Модуль поддержки смарт-карт (SCardDrv) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSSystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSSystem32wbemwmiapsrv.exe
O24 — Desktop Component 1: Aqua Real — 7db39a0d-580f-4be9-9195-8bfcd226f6c2—
End of file — 8614 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Панель инструментов — C:Program FilesLexmark Toolbartoolband.dll [2007-01-26 262144][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.5.0_06binssv.dll [2005-11-10 184423][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8E718888-423F-11D2-876E-00A0C9082467} — &Радио — C:WINDOWSSystem32msdxm.ocx [2001-10-20 845340]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} — Lexmark Панель инструментов — C:Program FilesLexmark Toolbartoolband.dll [2007-01-26 262144][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SiSUSBRG»=C:WINDOWSSiSUSBrg.exe [2002-04-26 102400]
«NvCplDaemon»=NvQTwk []
«nwiz»=nwiz.exe /install []
«OfficeGuard RegChecker»=C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Proogrc.exe []
«HomeAlarm»=D:ВИНАМПОВСКИЕ ЧАСЫWCLOCK.EXE []
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2002-07-12 46592]
«NVRTCLK»=C:WINDOWSSystem32NVRTCLKNVRTClk.exe [2003-12-30 24576]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2005-10-26 159744]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2003-12-13 33792]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«FaxCenterServer»=C:Program FilesLexmark Fax Solutionsfm3032.exe [2007-03-06 312240]
«lxdimon.exe»=C:Program FilesLexmark 3500-4500 Serieslxdimon.exe [2007-03-06 435120]
«lxdiamon»=C:Program FilesLexmark 3500-4500 Serieslxdiamon.exe [2007-03-05 20480]
«LXDICATS»=rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXDItime.dll []
«SunJavaUpdateSched»=C:Program FilesJavajre1.5.0_06binjusched.exe [2005-11-10 36975]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-03-16 155648]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2001-08-02 1077277]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2002-12-05 198656]
«ctfmon.exe»=C:WINDOWSSystem32ctfmon.exe [2001-10-20 13312]C:Documents and SettingsНаташаГлавное менюПрограммыАвтозагрузка
BIRTHDAY! millennium.lnk — C:Program FilesBIRTHDAYbirthmil.exe
Calendarium.lnk — C:Program FilesCalendariumCalendarium.exe
Инструмент проверки носителя для Cyber-shot Viewer.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2009-02-05 18:24:52 —-D—- C:_OTMoveIt
2009-01-31 19:29:32 —-D—- C:Program Filestrend micro
2009-01-31 19:29:31 —-D—- C:rsit
2009-01-30 20:04:47 —-RASHD—- C:autorun.inf
2009-01-21 18:56:55 —-A—- C:WINDOWSIE4 Error Log.txt
2009-01-19 16:02:01 —-D—- C:WINDOWSSun
2009-01-19 16:02:01 —-D—- C:Documents and SettingsНаташаApplication DataSun
2009-01-19 15:39:54 —-SHD—- C:FOUND.021
2009-01-19 12:37:01 —-D—- C:Program FilesD-Link======List of files/folders modified in the last 1 months======
2009-02-06 17:10:24 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-30 18:29:12 —-A—- C:WINDOWSwinamp.ini
2009-01-27 18:22:42 —-A—- C:WINDOWSSystem32PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSSystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSSystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 klif;Klif; ??C:WINDOWSSystem32driversklif.sys []
R1 StarOpen;StarOpen; C:WINDOWSSystem32driversStarOpen.sys [2006-07-24 5632]
R2 Aspi32;Aspi32; C:WINDOWSSystem32driversaspi32.sys [2004-07-16 16512]
R2 eamon;EAMON; C:WINDOWSSystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 irda;ИК-протокол IrDA; C:WINDOWSSystem32DRIVERSirda.sys [2001-08-17 55296]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:WINDOWSSYSTEM32DRIVERSWibukey.sys [2004-08-18 67584]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2002-07-12 655596]
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; C:WINDOWSSystem32DRIVERSdlkfet5b.sys [2006-12-27 46080]
R3 GVCplDrv;GVCplDrv; C:WINDOWSSystem32driversGVCplDrv.sys [2004-05-02 23040]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2002-07-16 981466]
R3 Rasirda;Минипорт WAN (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 usbhub;USB2 концентратор; C:WINDOWSSystem32DRIVERSusbhub.sys [2001-10-20 50688]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSSystem32DRIVERSusbohci.sys [2001-10-20 15616]
S3 a386uepn;a386uepn; C:WINDOWSSystem32driversa386uepn.sys []
S3 actser;actser; C:WINDOWSsystem32driversactser.sys [2004-08-23 29440]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:WINDOWSSystem32DRIVERSAmps2prt.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSSystem32DRIVERSblueletaudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSSystem32DRIVERSbtnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSSystem32DRIVERSvbtenum.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSSystem32DRIVERSCCDECODE.sys [2004-07-09 16384]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSSystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 IrUSB;ArkMicro USB Infrared Miniport Adapter; C:WINDOWSSystem32DRIVERSIrUSB.sys [2006-03-06 13568]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:WINDOWSSystem32DRIVERSk750bus.sys [2006-08-01 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:WINDOWSSystem32DRIVERSk750mdfl.sys [2006-08-01 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:WINDOWSSystem32DRIVERSk750mdm.sys [2006-08-01 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:WINDOWSSystem32DRIVERSk750mgmt.sys [2006-08-01 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:WINDOWSSystem32DRIVERSk750obex.sys [2006-08-01 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSSystem32DRIVERSNABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSSystem32DRIVERSNdisIP.sys [2004-07-09 10112]
S3 nv4;nv4; C:WINDOWSSystem32DRIVERSnv4.sys [2001-08-17 731648]
S3 SiS7012;Service for AC’97 Sample Driver (WDM); C:WINDOWSsystem32driverssis7012.sys [2002-04-23 177280]
S3 slabbus;USB Data Cable driver (WDM); C:WINDOWSSystem32DRIVERSslabbus.sys []
S3 slabser;USB Data Cable Drivers; C:WINDOWSSystem32DRIVERSslabser.sys []
S3 SLIP;BDA Slip De-Framer; C:WINDOWSSystem32DRIVERSSLIP.sys [2004-07-09 10880]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSSystem32DRIVERSssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSSystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSSystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSSystem32DRIVERSStreamIP.sys [2004-07-09 14976]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSSystem32DRIVERSusbccgp.sys [2001-08-17 24960]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSSystem32DRIVERSusbprint.sys [2001-08-17 24832]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSSystem32DRIVERSusbscan.sys [2001-08-17 13824]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2001-08-17 21760]
S3 VComm;Virtual Serial port driver; C:WINDOWSSystem32DRIVERSVComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys []
S3 W700bus;Sony Ericsson W700 Driver driver (WDM); C:WINDOWSSystem32DRIVERSW700bus.sys [2006-08-01 61536]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter; C:WINDOWSSystem32DRIVERSW700mdfl.sys [2006-08-01 9264]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver; C:WINDOWSSystem32DRIVERSW700mdm.sys [2006-08-01 97056]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM); C:WINDOWSSystem32DRIVERSW700mgmt.sys [2006-08-01 88560]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface; C:WINDOWSSystem32DRIVERSW700obex.sys [2006-08-01 86368]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSSystem32DRIVERSWSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:WINDOWSSystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-20 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2005-09-30 96341]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2007-12-21 468224]
R2 Irmon;Монитор инфракрасной связи; C:WINDOWSSystem32svchost.exe [2001-10-20 12800]
R2 lxdi_device;lxdi_device; C:WINDOWSSystem32lxdicoms.exe [2007-03-06 517040]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:WINDOWSSystem32nvsvc32.exe [2002-07-16 61440]
R2 StarWindService;StarWind iSCSI Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe [2005-04-02 217600]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
