Созданные ответы форума
-
Сообщения
-
Здравствуйте, Valeri! Отправляю Вам новый лог Combofix.
ComboFix 09-12-05.03 — Ivan 06.12.2009 3:46.2.2 — x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.2039.1596 [GMT 3:00]
Running from: c:documents and settingsIvanРабочий столComboFix.exe
Command switches used :: c:documents and settingsIvanРабочий столCFScript.txt
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
..
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Service_inmqqx((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.2009-12-04 22:36 . 2009-12-04 22:36
d
w- c:documents and settingsIvanApplication DataSoftOrbits
2009-12-04 22:36 . 2009-12-04 22:36
d
w- c:program filesAdvanced Woman Calendar
2009-12-04 22:29 . 2009-12-04 22:29
d
w- c:program filesFace Beauty Rank
2009-12-04 22:16 . 2009-12-04 22:20
d
w- c:program filesMultiplexCalc
2009-12-04 22:15 . 2009-12-04 22:15
d
w- c:documents and settingsAll UsersApplication DataEquation Wizard
2009-12-04 22:08 . 2009-12-04 22:08
d
w- c:program filesEquation Wizard
2009-12-04 22:03 . 2009-12-04 22:03
d
w- c:program filesGraphNow
2009-12-04 20:34 . 2009-12-04 20:34 257 —-a-w- C:DELSETUP.BAT
2009-12-04 20:20 . 2009-12-04 20:34
d
w- C:od-tools
2009-12-03 02:23 . 2009-12-03 02:23
d
w- c:program filesDigiDNA
2009-11-16 12:56 . 2009-11-20 16:48
d
w- c:program filestrend micro
2009-11-16 12:56 . 2009-11-16 12:56
d
w- C:rsit
2009-11-16 09:05 . 2009-11-16 09:05 932368 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsprofiles-1-6.dll
2009-11-16 09:05 . 2009-11-16 09:05 678416 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginscontent_interpreter-1-1.dll
2009-11-16 09:05 . 2009-11-16 09:05 604688 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsgsg-3-9.dll
2009-11-16 09:05 . 2009-11-16 09:05 522768 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsdatabase-1-5.dll
2009-11-16 09:05 . 2009-11-16 09:05 1096208 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsfiltration-4-6.dll
2009-11-16 00:26 . 2009-11-16 00:26 604140 —sha-w- c:windowssystem32driversISwift3.dat
2009-11-15 19:46 . 2009-11-16 09:04 108059 —-a-w- c:windowssystem32driversklin.dat
2009-11-15 19:46 . 2009-11-16 09:04 95259 —-a-w- c:windowssystem32driversklick.dat
2009-11-11 18:54 . 2009-11-14 00:25
d
w- c:documents and settingsAll UsersApplication Datamsuwarn.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 00:39 . 2008-11-13 21:25
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-12-06 00:16 . 2008-11-14 09:54
d
w- c:documents and settingsIvanApplication DatauTorrent
2009-12-05 23:20 . 2009-06-06 19:46
d
w- c:program filesuTorrent
2009-12-05 23:00 . 2009-08-31 14:31
d
w- c:documents and settingsIvanApplication DataSkype
2009-12-05 22:25 . 2009-09-17 18:12
d
w- c:program filesStrongDC
2009-12-05 21:08 . 2009-08-31 14:33
d
w- c:documents and settingsIvanApplication DataskypePM
2009-12-04 16:48 . 2008-11-13 20:35 66 —-a-w- c:documents and settingsIvanApplication Dataisfree3_1.tmp
2009-12-04 16:48 . 2008-11-13 20:35 66 —-a-w- c:documents and settingsIvanApplication Dataisfree3_0.tmp
2009-12-03 02:23 . 2009-03-14 14:40
d
w- c:documents and settingsIvanApplication DataDiskAid
2009-11-18 00:39 . 2009-01-25 15:06
d
w- c:program filesCommon FilesAdobe
2009-11-15 19:45 . 2008-11-13 21:53
d
w- c:program filesKaspersky Lab
2009-11-15 19:41 . 2008-11-13 21:22
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-11-15 16:31 . 2009-09-07 21:38
d
w- c:program filesQIP
2009-11-03 23:32 . 2009-09-06 19:14
d
w- c:documents and settingsIvanApplication Data3po.ru
2009-11-03 23:31 . 2009-11-03 23:31 63749 —-a-w- c:documents and settingsIvanApplication Data3po.ruUninstall.exe
2009-10-27 10:50 . 2006-03-02 12:00 84482 —-a-w- c:windowssystem32perfc019.dat
2009-10-27 10:50 . 2006-03-02 12:00 484908 —-a-w- c:windowssystem32perfh019.dat
2009-10-27 09:02 . 2009-10-27 09:02 1580544 —-a-w- c:documents and settingsIvanApplication Data3po.ruKonusic.exe
2009-10-27 08:57 . 2009-10-27 08:57 894976 —-a-w- c:documents and settingsIvanApplication Data3po.ruVkonpic.exe
2009-10-27 08:48 . 2009-10-27 08:48 720896 —-a-w- c:documents and settingsIvanApplication Data3po.ruAuth.exe
2009-10-16 11:39 . 2009-10-16 11:39
d
w- c:program filesWinDjView
2009-10-08 21:27 . 2008-09-18 16:40
d
w- c:program filesRed Kawa
2009-10-07 17:50 . 2008-08-26 05:15 664 —-a-w- c:windowssystem32d3d9caps.dat
2009-10-02 21:34 . 2008-05-31 13:06 60424 —-a-w- c:documents and settingsIvanLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-21 19:23 . 2009-02-12 09:30 4045528 —-a-w- c:documents and settingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malwarembam-setup.exe
2009-09-10 10:54 . 2009-02-03 20:36 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-10 10:53 . 2009-02-03 20:36 19160 —-a-w- c:windowssystem32driversmbam.sys
.((((((((((((((((((((((((((((( SnapShot@2009-11-26_22.39.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-06 00:57 . 2009-12-06 00:57 16384 c:windowsTempPerflib_Perfdata_7f0.dat
+ 2009-12-06 00:57 . 2004-03-02 09:13 24064 c:windowsTemp.nvdkit987239acba334648d5687f9dd9435984libsentclsentcl82.dll
+ 2009-12-06 00:57 . 2005-09-19 05:52 24576 c:windowsTemp.nvdkit987239acba334648d5687f9dd9435984libnvdtclnvdtcl82.dll
+ 2009-12-06 00:57 . 1999-11-17 19:53 40448 c:windowsTemp.nvdkit987239acba334648d5687f9dd9435984binitcl31.dll
+ 2009-12-06 00:57 . 2005-08-25 18:01 45056 c:windowsTemp.nvdkit4cbb1f5137265e7d737d992b6837ba4cbinwin32iphelper.dll
+ 2009-12-06 00:57 . 2005-05-12 13:02 73728 c:windowsTemp.nvdkit4cbb1f5137265e7d737d992b6837ba4cbinwin32biosinfo.dll
+ 2009-12-06 00:57 . 2005-06-21 06:49 8704 c:windowsTemp.nvdkit987239acba334648d5687f9dd9435984libtclsvctclsvc82.dll
+ 2009-12-06 00:57 . 2000-05-21 13:32 6656 c:windowsTemp.nvdkit987239acba334648d5687f9dd9435984libreg1.0tclreg82.dll
— 2009-09-06 13:05 . 2009-09-06 13:05 371272 c:windowsInstaller{D103C4BA-F905-437A-8049-DB24763BBE36}SkypeIcon.exe
+ 2009-11-30 21:10 . 2009-11-30 21:10 371272 c:windowsInstaller{D103C4BA-F905-437A-8049-DB24763BBE36}SkypeIcon.exe
+ 2009-11-30 21:10 . 2009-11-30 21:10 1565696 c:windowsInstaller28a291.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Advanced Woman Calendar»=»c:program filesAdvanced Woman CalendarWomanCalendar.exe» [2009-11-09 1082880][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-10-03 35696]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2009-09-04 935288]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2008-03-27 1040384]
«WatchDog»=»c:program filesInterVideoDVD CheckDVDCheck.exe» [2007-05-23 192512]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [BU]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2009-01-05 413696]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BTTray.lnk — c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2007-2-6 561152]
DVD Check.lnk — c:program filesInterVideoDVD CheckDVDCheck.exe [2008-8-26 192512][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyOneCard]
2007-02-07 01:30 74240 —-a-r- c:program filesHewlett-PackardIAMBinASWLNPkg.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\HPQ\HP Connection Manager\SwiApiMux.exe»=
«c:\Program Files\Samsung Electronics\mWiMAX U200\YotaAccess.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\ARIS6.2\JavaClient\jre\bin\java.exe»=
«c:\Program Files\ARIS6.2\LocalServer\jre\bin\java.exe»=
«c:\Program Files\ARIS6.2\LocalServer\ASA8\win32\dbsrv8.exe»=
«c:\Program Files\ARIS6.2\ScriptCv.exe»=
«c:\Program Files\ARIS6.2\Aris62.exe»=
«c:\Program Files\ARIS6.2\Regsvr32.exe»=
«c:\Program Files\ARIS6.2\regall.exe»=
«c:\Program Files\ARIS6.2\ArisAdm62.exe»=
«c:\Program Files\ARIS6.2\html\binaries\setup\WPSetup.exe»=
«c:\Program Files\ARIS6.2\simple\eM-Plant.exe»=
«c:\Program Files\ARIS6.2\JavaClient\SiteAdmin.exe»=
«c:\Program Files\ARIS6.2\JavaClient\ConverterGUI.exe»=
«c:\Program Files\ARIS6.2\JavaClient\aris502\ArisAdm.exe»=
«c:\Program Files\ARIS6.2\JavaClient\aris502\csf_srvp.exe»=
«c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe»=
«c:\Documents and Settings\Ivan\Рабочий стол\magent.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\StrongDC\StrongDC.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«8003:TCP»= 8003:TCP:aris50
«8004:TCP»= 8004:TCP:_aris50
«8005:TCP»= 8005:TCP:aris50_adm
«16040:TCP»= 16040:TCP:aris62_name_public
«16041:TCP»= 16041:TCP:aris62_name_private
«16042:TCP»= 16042:TCP:aris62_admin
«16043:TCP»= 16043:TCP:aris62_admin_agent
«16044:TCP»= 16044:TCP:aris62_Sybase
«16045:TCP»= 16045:TCP:aris62_local_public
«16046:TCP»= 16046:TCP:aris62_local_Sybase
«16047:TCP»= 16047:TCP:aris62_local_private
«16048:TCP»= 16048:TCP:aris62_local_admin
«443:TCP»= 443:TCP:aris62_SSLR0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [15.12.2008 20:41 33808]
R2 ASBroker;Logon Session Broker;c:windowsSystem32svchost.exe -k Cognizance [02.03.2006 15:00 14336]
R2 ASChannel;Local Communication Channel;c:windowsSystem32svchost.exe -k Cognizance [02.03.2006 15:00 14336]
R2 SWIHPWMI;SWIHPWMI;c:program filesHPQSharedSierra WirelessWin32UnicodeSWIHPWMI.exe [04.12.2006 15:13 292384]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [13.05.2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:windowssystem32driversklmouflt.sys [16.05.2009 20:59 19472]
S2 LogWatch;Event Log Watch;c:windowsLogWatNT.exe —> c:windowsLogWatNT.exe [?]
S2 Netmgmt;Shell Helper;c:windowssystem32svchost.exe -k netsvcs [02.03.2006 15:00 14336]
S2 rma;Radia Management Agent;c:novadigmManagementAgentnvdkit.exe [19.09.2005 8:02 1968446]
S3 C7xxUSB;Samsung CMC7xx USB Network Driver;c:windowssystem32driversC7xUSBX3.sys [26.06.2008 17:17 39296]
S3 HP24X;HP PC Card Smart Card Reader;c:windowssystem32driversHP24X.sys [26.08.2008 7:44 33024]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;»c:program filesMicrosoft Visual Studio 8Common7IDERemote Debuggerx86msvsmon.exe» /service msvsmon80 —> c:program filesMicrosoft Visual Studio 8Common7IDERemote Debuggerx86msvsmon.exe [?][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
Cognizance REG_MULTI_SZ ASBroker ASChannelHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
Netmgmt[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 09:23 452136 —-a-w- c:program filesCommon FilesLightScribeLSRunOnce.exe
.
Supplementary Scan
.
uStart Page = hxxp://www.hp.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 192.168.0.1:8080
uInternet Settings,ProxyOverride = *.local
IE: &Отправить на устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: check in my books
IE: Translate with ABBYY &Lingvo… — c:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: c:windowssystem32imon.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 03:58
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Servicesrma]
«ImagePath»=»C:/Novadigm/ManagementAgent/nvdkit.exe»[HKEY_LOCAL_MACHINESystemControlSet001Servicesrma]
«ImagePath»=»C:/Novadigm/ManagementAgent/nvdkit.exe»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmgmt]
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1480)
c:program filesHewlett-PackardIAMBinASWLNPkg.dll
c:program filesHewlett-PackardIAMbinItMsg.dll
c:program filesHewlett-PackardIAMBinTrayIcon.dll
c:program filesHewlett-PackardIAMbinHPBrand.dll
c:program filesHewlett-PackardIAMBinASChnl.dll
c:program filesHewlett-PackardIAMBinItDAC.dll
c:program filesHewlett-PackardIAMBinItReports.DLL
c:program filesHewlett-PackardIAMBinBioAuth.dll
c:program filesHewlett-PackardIAMBinASBIoAT.dll
c:program filesHewlett-PackardIAMBinittal.dll
c:program filesHewlett-PackardIAMBinSTEngine.dll
c:program filesHewlett-PackardIAMBinItVCClient.dll
c:program filesHewlett-PackardIAMBinAuthWiz.dll
c:program filesHewlett-PackardIAMBinItVCard.dll
c:windowssystem32xenroll.dll
c:windowssystem32WININET.dll
c:program filesHewlett-PackardIAMBinTokenAuth.dll
c:program filesHewlett-PackardIAMBinittalsnap.DLL
c:program filesHewlett-PackardIAMBinTpmAuth.dll
c:program filesHewlett-PackardIAMBinNetAdmin.dll— — — — — — — > ‘lsass.exe'(1536)
c:windowssystem32imon.dll— — — — — — — > ‘explorer.exe'(840)
c:windowssystem32WININET.dll
c:windowssystem32APSHook.dll
c:program filesHewlett-PackardIAMbinItClient.dll
c:windowssystem32btmmhook.dll
c:progra~1WINDOW~2wmpband.dll
c:windowssystem32msi.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32btncopy.dll
c:program filesRoxioDrag-to-DiscShellex.dll
c:windowssystem32DLAAPI_W.DLL
c:program filesRoxioDrag-to-DiscShellRes.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:program filesWIDCOMMBluetooth Softwarebinbtwdins.exe
c:windowsSystem32SCardSvr.exe
c:program filesHewlett-PackardIAMbinasghost.exe
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:program filesCommon FilesInterVideoRegMgriviRegMgr.exe
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesLightScribeLSSrvc.exe
c:program filesSprint-HPSierra WirelessSprint PCS Connection ManagerSPCSUtilityService.exe
c:program filesHewlett-PackardSharedhpqWmiEx.exe
c:windowssystem32wbemwmiapsrv.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-06 04:03 — machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 01:03
ComboFix2.txt 2009-11-26 22:45Pre-Run: 67,067,981,824 байт свободно
Post-Run: 67,122,446,336 байт свободно— — End Of File — — 30571F46A77D9A6B7DFB126887600300
Здравствуйте, Valeri! Высылаю Вам лог, созданный программой Combofix.
ComboFix 09-11-26.01 — Ivan 27.11.2009 1:30.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.2039.1608 [GMT 3:00]
Running from: c:documents and settingsIvanРабочий столComboFix.exe
Command switches used :: c:documents and settingsIvanРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsIvanApplication DataAdSubscribe
c:documents and settingsIvanApplication DataAdSubscribeAdSubscribe.dat
c:documents and settingsIvanApplication DataAdSubscribeFeed.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed1.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed10.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed11.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed12.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed13.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed14.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed15.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed2.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed3.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed4.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed5.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed6.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed7.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed8.jpg
c:documents and settingsIvanApplication DataAdSubscribeFeed9.jpg
c:program filesMail.RuAgentMradllnewmrasearch.dll
C:test.txt
c:windowsa3kebook.ini
c:windowsakebook.ini
c:windowsANS2000.INI
c:windowssystem32Penx.dat
c:windowssystem32Xpen.dat
c:windowsufdata2000.log.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Service_AVPsys((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.2009-11-16 12:56 . 2009-11-20 16:48
d
w- c:program filestrend micro
2009-11-16 12:56 . 2009-11-16 12:56
d
w- C:rsit
2009-11-16 09:05 . 2009-11-16 09:05 932368 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsprofiles-1-6.dll
2009-11-16 09:05 . 2009-11-16 09:05 678416 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginscontent_interpreter-1-1.dll
2009-11-16 09:05 . 2009-11-16 09:05 604688 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsgsg-3-9.dll
2009-11-16 09:05 . 2009-11-16 09:05 522768 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsdatabase-1-5.dll
2009-11-16 09:05 . 2009-11-16 09:05 1096208 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsfiltration-4-6.dll
2009-11-16 00:26 . 2009-11-16 00:26 604140 —sha-w- c:windowssystem32driversISwift3.dat
2009-11-15 19:46 . 2009-11-16 09:04 108059 —-a-w- c:windowssystem32driversklin.dat
2009-11-15 19:46 . 2009-11-16 09:04 95259 —-a-w- c:windowssystem32driversklick.dat
2009-11-11 18:54 . 2009-11-14 00:25
d
w- c:documents and settingsAll UsersApplication Datamsuwarn
2009-11-03 23:31 . 2009-11-03 23:31 63749 —-a-w- c:documents and settingsIvanApplication Data3po.ruUninstall.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 22:41 . 2008-11-13 21:25
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-11-26 21:54 . 2009-08-31 14:31
d
w- c:documents and settingsIvanApplication DataSkype
2009-11-22 22:40 . 2009-09-17 18:12
d
w- c:program filesStrongDC
2009-11-22 20:18 . 2009-06-06 19:46
d
w- c:program filesuTorrent
2009-11-22 09:26 . 2008-11-14 09:54
d
w- c:documents and settingsIvanApplication DatauTorrent
2009-11-19 18:43 . 2008-11-13 20:35 66 —-a-w- c:documents and settingsIvanApplication Dataisfree3_0.tmp
2009-11-19 18:43 . 2008-11-13 20:35 66 —-a-w- c:documents and settingsIvanApplication Dataisfree3_1.tmp
2009-11-18 00:39 . 2009-01-25 15:06
d
w- c:program filesCommon FilesAdobe
2009-11-15 19:45 . 2008-11-13 21:53
d
w- c:program filesKaspersky Lab
2009-11-15 19:41 . 2008-11-13 21:22
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-11-15 16:31 . 2009-09-07 21:38
d
w- c:program filesQIP
2009-11-14 06:01 . 2009-08-31 14:33
d
w- c:documents and settingsIvanApplication DataskypePM
2009-11-12 15:09 . 2009-03-14 14:40
d
w- c:documents and settingsIvanApplication DataDiskAid
2009-11-03 23:32 . 2009-09-06 19:14
d
w- c:documents and settingsIvanApplication Data3po.ru
2009-10-27 10:50 . 2006-03-02 12:00 84482 —-a-w- c:windowssystem32perfc019.dat
2009-10-27 10:50 . 2006-03-02 12:00 484908 —-a-w- c:windowssystem32perfh019.dat
2009-10-27 09:02 . 2009-10-27 09:02 1580544 —-a-w- c:documents and settingsIvanApplication Data3po.ruKonusic.exe
2009-10-27 08:57 . 2009-10-27 08:57 894976 —-a-w- c:documents and settingsIvanApplication Data3po.ruVkonpic.exe
2009-10-27 08:48 . 2009-10-27 08:48 720896 —-a-w- c:documents and settingsIvanApplication Data3po.ruAuth.exe
2009-10-16 11:39 . 2009-10-16 11:39
d
w- c:program filesWinDjView
2009-10-08 21:27 . 2008-09-18 16:40
d
w- c:program filesRed Kawa
2009-10-07 17:50 . 2008-08-26 05:15 664 —-a-w- c:windowssystem32d3d9caps.dat
2009-10-02 21:34 . 2008-05-31 13:06 60424 —-a-w- c:documents and settingsIvanLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-21 19:23 . 2009-02-12 09:30 4045528 —-a-w- c:documents and settingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malwarembam-setup.exe
2009-09-10 10:54 . 2009-02-03 20:36 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-10 10:53 . 2009-02-03 20:36 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-08-31 14:53 . 2009-08-31 14:54 410984 —-a-w- c:windowssystem32deploytk.dll
2009-08-31 14:48 . 2009-08-31 14:48 152576 —-a-w- c:documents and settingsIvanApplication DataSunJavajre1.6.0_11lzma.dll
2009-08-31 14:33 . 2009-08-31 14:33 56 —ha-w- c:windowssystem32ezsidmv.dat
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-09-10 1312080]
«AVP»=»c:program filesKaspersky LabKaspersky Internet Security 2010avp.exe» [2009-08-12 328096]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-10-03 35696]
«Adobe ARM»=»c:program filesCommon FilesAdobeARM1.0AdobeARM.exe» [2009-09-04 935288]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2008-03-27 1040384]
«WatchDog»=»c:program filesInterVideoDVD CheckDVDCheck.exe» [2007-05-23 192512][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyOneCard]
2007-02-07 01:30 74240 —-a-r- c:program filesHewlett-PackardIAMBinASWLNPkg.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\HPQ\HP Connection Manager\SwiApiMux.exe»=
«c:\Program Files\Samsung Electronics\mWiMAX U200\YotaAccess.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\ARIS6.2\JavaClient\jre\bin\java.exe»=
«c:\Program Files\ARIS6.2\LocalServer\jre\bin\java.exe»=
«c:\Program Files\ARIS6.2\LocalServer\ASA8\win32\dbsrv8.exe»=
«c:\Program Files\ARIS6.2\ScriptCv.exe»=
«c:\Program Files\ARIS6.2\Aris62.exe»=
«c:\Program Files\ARIS6.2\Regsvr32.exe»=
«c:\Program Files\ARIS6.2\regall.exe»=
«c:\Program Files\ARIS6.2\ArisAdm62.exe»=
«c:\Program Files\ARIS6.2\html\binaries\setup\WPSetup.exe»=
«c:\Program Files\ARIS6.2\simple\eM-Plant.exe»=
«c:\Program Files\ARIS6.2\JavaClient\SiteAdmin.exe»=
«c:\Program Files\ARIS6.2\JavaClient\ConverterGUI.exe»=
«c:\Program Files\ARIS6.2\JavaClient\aris502\ArisAdm.exe»=
«c:\Program Files\ARIS6.2\JavaClient\aris502\csf_srvp.exe»=
«c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe»=
«c:\Documents and Settings\Ivan\Рабочий стол\magent.exe»=
«c:\Program Files\QIP\qip.exe»=
«c:\Program Files\StrongDC\StrongDC.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«8003:TCP»= 8003:TCP:aris50
«8004:TCP»= 8004:TCP:_aris50
«8005:TCP»= 8005:TCP:aris50_adm
«16040:TCP»= 16040:TCP:aris62_name_public
«16041:TCP»= 16041:TCP:aris62_name_private
«16042:TCP»= 16042:TCP:aris62_admin
«16043:TCP»= 16043:TCP:aris62_admin_agent
«16044:TCP»= 16044:TCP:aris62_Sybase
«16045:TCP»= 16045:TCP:aris62_local_public
«16046:TCP»= 16046:TCP:aris62_local_Sybase
«16047:TCP»= 16047:TCP:aris62_local_private
«16048:TCP»= 16048:TCP:aris62_local_admin
«443:TCP»= 443:TCP:aris62_SSLR0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [15.12.2008 20:41 33808]
R2 ASBroker;Logon Session Broker;c:windowsSystem32svchost.exe -k Cognizance [02.03.2006 15:00 14336]
R2 ASChannel;Local Communication Channel;c:windowsSystem32svchost.exe -k Cognizance [02.03.2006 15:00 14336]
R2 SWIHPWMI;SWIHPWMI;c:program filesHPQSharedSierra WirelessWin32UnicodeSWIHPWMI.exe [04.12.2006 15:13 292384]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [13.05.2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:windowssystem32driversklmouflt.sys [16.05.2009 20:59 19472]
S2 LogWatch;Event Log Watch;c:windowsLogWatNT.exe —> c:windowsLogWatNT.exe [?]
S2 Netmgmt;Shell Helper;c:windowssystem32svchost.exe -k netsvcs [02.03.2006 15:00 14336]
S2 rma;Radia Management Agent;c:novadigmManagementAgentnvdkit.exe [19.09.2005 8:02 1968446]
S3 C7xxUSB;Samsung CMC7xx USB Network Driver;c:windowssystem32driversC7xUSBX3.sys [26.06.2008 17:17 39296]
S3 HP24X;HP PC Card Smart Card Reader;c:windowssystem32driversHP24X.sys [26.08.2008 7:44 33024]
S3 inmqqx;inmqqx;??c:windowssystem322.tmp —> c:windowssystem322.tmp [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;»c:program filesMicrosoft Visual Studio 8Common7IDERemote Debuggerx86msvsmon.exe» /service msvsmon80 —> c:program filesMicrosoft Visual Studio 8Common7IDERemote Debuggerx86msvsmon.exe [?][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
Cognizance REG_MULTI_SZ ASBroker ASChannelHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
Netmgmt[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
«c:program filesCommon FilesLightScribeLSRunOnce.exe»
.
Contents of the ‘Scheduled Tasks’ folder2009-11-25 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-861567501-2000478354-839522115-1003Core.job
— c:documents and settingsIvanLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-12-25 14:46]2009-11-26 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-861567501-2000478354-839522115-1003UA.job
— c:documents and settingsIvanLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-12-25 14:46]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.hp.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 192.168.0.1:8080
uInternet Settings,ProxyOverride = *.local
IE: &Отправить на устройство Bluetooth… — c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: check in my books
IE: Translate with ABBYY &Lingvo… — c:program filesABBYY Lingvo 12Lingvo.exe/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: c:windowssystem32imon.dll
.
— — — — ORPHANS REMOVED — — — —HKLM-Run-MAgent — c:program filesMail.RuAgentMAgent.exe
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} — c:program filesInstallShield Installation Information{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}setup.exe REMOVEALL**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-27 01:42
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Servicesrma]
«ImagePath»=»C:/Novadigm/ManagementAgent/nvdkit.exe»[HKEY_LOCAL_MACHINESystemControlSet001Servicesinmqqx]
«ImagePath»=»??c:windowssystem322.tmp»[HKEY_LOCAL_MACHINESystemControlSet001Servicesrma]
«ImagePath»=»C:/Novadigm/ManagementAgent/nvdkit.exe»[HKEY_LOCAL_MACHINESystemControlSet001ServicesNetmgmt]
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1504)
c:program filesHewlett-PackardIAMBinASWLNPkg.dll
c:program filesHewlett-PackardIAMbinItMsg.dll
c:program filesHewlett-PackardIAMBinTrayIcon.dll
c:program filesHewlett-PackardIAMbinHPBrand.dll
c:program filesHewlett-PackardIAMBinASChnl.dll
c:program filesHewlett-PackardIAMBinItDAC.dll
c:program filesHewlett-PackardIAMBinItReports.DLL
c:program filesHewlett-PackardIAMBinBioAuth.dll
c:program filesHewlett-PackardIAMBinASBIoAT.dll
c:program filesHewlett-PackardIAMBinittal.dll
c:program filesHewlett-PackardIAMBinSTEngine.dll
c:program filesHewlett-PackardIAMBinItVCClient.dll
c:program filesHewlett-PackardIAMBinAuthWiz.dll
c:program filesHewlett-PackardIAMBinItVCard.dll
c:windowssystem32xenroll.dll
c:windowssystem32WININET.dll
c:program filesHewlett-PackardIAMBinTokenAuth.dll
c:program filesHewlett-PackardIAMBinittalsnap.DLL
c:program filesHewlett-PackardIAMBinTpmAuth.dll
c:program filesHewlett-PackardIAMBinNetAdmin.dll— — — — — — — > ‘lsass.exe'(1560)
c:windowssystem32imon.dll— — — — — — — > ‘explorer.exe'(1056)
c:windowssystem32WININET.dll
c:windowssystem32APSHook.dll
c:program filesHewlett-PackardIAMbinItClient.dll
c:windowssystem32btmmhook.dll
c:progra~1WINDOW~2wmpband.dll
c:windowssystem32msi.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32btncopy.dll
c:program filesRoxioDrag-to-DiscShellex.dll
c:windowssystem32DLAAPI_W.DLL
c:program filesRoxioDrag-to-DiscShellRes.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:program filesWIDCOMMBluetooth Softwarebinbtwdins.exe
c:windowsSystem32SCardSvr.exe
c:program filesHewlett-PackardIAMbinasghost.exe
c:program filesWIDCOMMBluetooth SoftwareBTTray.exe
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:program filesCommon FilesInterVideoRegMgriviRegMgr.exe
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesLightScribeLSSrvc.exe
c:program filesSprint-HPSierra WirelessSprint PCS Connection ManagerSPCSUtilityService.exe
c:program filesHewlett-PackardSharedhpqWmiEx.exe
c:windowssystem32wbemwmiapsrv.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-27 01:45 — machine was rebooted
ComboFix-quarantined-files.txt 2009-11-26 22:45Pre-Run: 75,381,075,968 байт свободно
Post-Run: 75,531,501,568 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect— — End Of File — — D8F5B80DF0E2B3A2E93023B59D8962E6
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Ivan at 2009-11-20 15:51:03
Microsoft Windows XP Professional Service Pack 2
System drive C: has 76 GB (53%) free of 144 GB
Total RAM: 2039 MB (62% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:05, on 20.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHewlett-PackardIAMbinasghost.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:NovadigmManagementAgentnvdkit.exe
C:Program FilesSprint-HPSierra WirelessSprint PCS Connection ManagerSPCSUtilityService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesHewlett-PackardSharedhpqWmiEx.exe
C:Program FilesHPQSharedSierra WirelessWin32UnicodeSWIHPWMI.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsIvanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsIvanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsIvanРабочий столmagent.exe
C:Program FilesQIPqip.exe
C:WINDOWSexplorer.exe
C:Program FilesDownload Masterdmaster.exe
C:Documents and SettingsIvanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsIvanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsIvanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsIvanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsIvanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtblfs.exe
C:WINDOWSsystem32wscntfy.exe
C:Documents and SettingsIvanРабочий столRSIT.exe
C:Program Filestrend microIvan.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.hp.com/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.hp.com/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 192.168.0.1:8080
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
F2 — REG:system.ini: UserInit=C:WINDOWSSystem32userinit.exe
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2010ievkbd.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: link filter bho — {E33CF602-D945-461A-83F0-819F76A199F8} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe»
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Tutor.exe] C:Program FilesABBYY Lingvo 12Tutor.exe /AS
O8 — Extra context menu item: &Отправить на устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with ABBYY &Lingvo… — res://C:Program FilesABBYY Lingvo 12Lingvo.exe/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: &Виртуальная клавиатура — {4248FE82-7FCB-46AC-B270-339F08212110} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Проверка ссы&лок — {CCF151D8-D089-449F-A5A4-D9909053F20F} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O20 — Winlogon Notify: OneCard — C:Program FilesHewlett-PackardIAMBinASWLNPkg.dll
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: avp — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: hpqwmiex — Hewlett-Packard Development Company, L.P. — C:Program FilesHewlett-PackardSharedhpqWmiEx.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesRoxioRoxio MyDVD Basic v9InstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: IviRegMgr — InterVideo — C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: Event Log Watch (LogWatch) — Unknown owner — C:WINDOWSLogWatNT.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Radia Management Agent (rma) — Unknown owner — C:/Novadigm/ManagementAgent/nvdkit.exe
O23 — Service: RoxMediaDB9 — Sonic Solutions — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: SPCSUtilityService — Sprint Spectrum, L.L.C — C:Program FilesSprint-HPSierra WirelessSprint PCS Connection ManagerSPCSUtilityService.exe
O23 — Service: stllssvr — MicroVision Development, Inc. — C:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O23 — Service: SWIHPWMI — Sierra Wireless Inc. — C:Program FilesHPQSharedSierra WirelessWin32UnicodeSWIHPWMI.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10325 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-861567501-2000478354-839522115-1003Core.job
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-861567501-2000478354-839522115-1003UA.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2010ievkbd.dll [2009-08-12 68112][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll [2009-08-12 244240][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe -LM []
«Malwarebytes Anti-Malware (reboot)»=C:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe [2009-08-12 328096]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-10-03 35696]
«Adobe ARM»=C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2009-09-04 935288][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2006-03-02 15360]
«Tutor.exe»=C:Program FilesABBYY Lingvo 12Tutor.exe [2006-12-13 987136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2007-05-16 204800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2009-08-12 219664][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyOneCard]
C:Program FilesHewlett-PackardIAMBinASWLNPkg.dll [2007-02-07 74240][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=scecli
ASWLNPkg[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveTypeAutoRun»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«»=»»
«C:Program FilesHPQHP Connection ManagerSwiApiMux.exe»=»C:Program FilesHPQHP Connection ManagerSwiApiMux.exe:*:Enabled:SwiApiMux»
«C:Program FilesQIP Infiuminfium.exe»=»C:Program FilesQIP Infiuminfium.exe:*:Enabled:QIP Infium»
«C:WINDOWSsystem32K4hostElSvc.exe»=»C:WINDOWSsystem32K4hostElSvc.exe:*:Enabled:Группирование одноранговой сети Windows»
«C:Program FilesSplashDataFile Magic for iPhoneFile Magic.exe»=»C:Program FilesSplashDataFile Magic for iPhoneFile Magic.exe:*:Enabled:File Magic Desktop»
«C:Program FilesSamsung ElectronicsmWiMAX U200YotaAccess.exe»=»C:Program FilesSamsung ElectronicsmWiMAX U200YotaAccess.exe:*:Enabled:Yota Access»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesARIS6.2JavaClientjrebinjava.exe»=»C:Program FilesARIS6.2JavaClientjrebinjava.exe:*:Enabled:Java»
«C:Program FilesARIS6.2LocalServerjrebinjava.exe»=»C:Program FilesARIS6.2LocalServerjrebinjava.exe:*:Enabled:Java»
«C:Program FilesARIS6.2LocalServerASA8win32dbsrv8.exe»=»C:Program FilesARIS6.2LocalServerASA8win32dbsrv8.exe:*:Enabled:Adaptive Server Anywhere Network Server»
«C:Program FilesARIS6.2ScriptCv.exe»=»C:Program FilesARIS6.2ScriptCv.exe:*:Enabled:Script Converter ARIS 4.x to ARIS 5»
«C:Program FilesARIS6.2Aris62.exe»=»C:Program FilesARIS6.2Aris62.exe:*:Enabled:ARIS»
«C:Program FilesARIS6.2Regsvr32.exe»=»C:Program FilesARIS6.2Regsvr32.exe:*:Enabled:Regsvr32»
«C:Program FilesARIS6.2regall.exe»=»C:Program FilesARIS6.2regall.exe:*:Enabled:regall»
«C:Program FilesARIS6.2ArisAdm62.exe»=»C:Program FilesARIS6.2ArisAdm62.exe:*:Enabled:ARIS Database Administration Tool»
«C:Program FilesARIS6.2htmlbinariessetupWPSetup.exe»=»C:Program FilesARIS6.2htmlbinariessetupWPSetup.exe:*:Enabled: «
«C:Program FilesARIS6.2simpleeM-Plant.exe»=»C:Program FilesARIS6.2simpleeM-Plant.exe:*:Enabled:eM-Plantо»
«C:Program FilesARIS6.2JavaClientSiteAdmin.exe»=»C:Program FilesARIS6.2JavaClientSiteAdmin.exe:*:Enabled:ARIS SiteAdmin Tool»
«C:Program FilesARIS6.2JavaClientConverterGUI.exe»=»C:Program FilesARIS6.2JavaClientConverterGUI.exe:*:Enabled:ARIS Converter GUI»
«C:Program FilesARIS6.2JavaClientaris502ArisAdm.exe»=»C:Program FilesARIS6.2JavaClientaris502ArisAdm.exe:*:Enabled:ARIS Database Administration Tool»
«C:Program FilesARIS6.2JavaClientaris502csf_srvp.exe»=»C:Program FilesARIS6.2JavaClientaris502csf_srvp.exe:*:Enabled:ARIS Com. Layer Server Driver»
«C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe»=»C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe:*:Enabled:Kaspersky Anti-Virus»
«C:Documents and SettingsIvanРабочий столmagent.exe»=»C:Documents and SettingsIvanРабочий столmagent.exe:*:Enabled:Mail.Ru Агент»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesStrongDCStrongDC.exe»=»C:Program FilesStrongDCStrongDC.exe:*:Enabled:StrongDC++»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«»=»»
«C:Program FilesSamsung ElectronicsmWiMAX U200YotaAccess.exe»=»C:Program FilesSamsung ElectronicsmWiMAX U200YotaAccess.exe:*:Enabled:Yota Access»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{022b6636-2067-11de-91d6-00233ace0046}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0312958c-4b4a-11de-9207-d24e5c59d2cd}]
shellAutoRuncommand — winlog.exe
shellopencommand — winlog.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0585064e-c383-11dd-9147-001f299685cd}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{093865fb-59c6-11de-9213-001f3c6ec1bb}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0eaa4404-5c4e-11de-9214-001f299685cd}]
shellAutoRuncommand — msrdrv.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{10f98030-b54f-11dd-912d-001f299685cd}]
shellAutoRuncommand — G:yannh.cmd
shellexplorecommand — G:yannh.cmd
shellopencommand — G:yannh.cmd[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1aaded85-2905-11de-91dd-001f299685cd}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{23785424-10a0-11de-91b7-001f3c6ec1bb}]
shellAutoRuncommand — G:AutoInstall.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2e1728e3-55df-11de-920f-001f299685cd}]
shellAutoRuncommand — G:RecycleP-1-3-64-8794238531-8742492-9897532Redem.exe
shellopencommand — G:RecycleP-1-3-64-8794238531-8742492-9897532Redem.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3cc200fb-9bc3-11de-9231-001f299685cd}]
shellAutoRuncommand — G:RECYCLERS-51-9-25-3434476501-1644491932-601013333-1214LBTWiz.exe
shellopencommand — G:RECYCLERS-51-9-25-3434476501-1644491932-601013333-1214LBTWiz.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{42f7ca57-cd3c-11dd-9155-001f299685cd}]
shellAutoRuncommand — msrdrv.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{42f7ca5a-cd3c-11dd-9155-001f299685cd}]
shellAutoRuncommand — G:2u.com
shellexplorecommand — G:2u.com
shellopencommand — G:2u.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4dc7729a-24d1-11de-91d9-001f3c6ec1bb}]
shellAutoRuncommand — G:mhurest.exe -flash
shellexplorecommand — G:mhurest.exe -flash
shellopencommand — G:mhurest.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5ec6f46a-6dec-11de-9220-001f3c6ec1bb}]
shellAutoRuncommand — H:Launcher.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{65dd8ca2-02ab-11de-91a8-001f299685cd}]
shellAutoRuncommand — G:YotaAccessAutoInstall.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{69cfbb61-3e11-11de-91f9-001f299685cd}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6c1ea9ea-ad04-11dd-910e-001f3c6ec1bb}]
shellAutoRuncommand — G:nq0cq.cmd
shellexplorecommand — G:nq0cq.cmd
shellopencommand — G:nq0cq.cmd[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6c1ea9ec-ad04-11dd-910e-001f3c6ec1bb}]
shellAutoRuncommand — G:DATASYSTEMXp.exe
shellopencommand — G:DATASYSTEMXp.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{70747941-e40b-11dd-9176-b2917b2c89e5}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RecycledKESHA.EXE[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7be09059-b26d-11de-9246-001f3c6ec1bb}]
shellAutoRuncommand — H:mhurest.exe -flash
shellexplorecommand — H:mhurest.exe -flash
shellopencommand — H:mhurest.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{98cdafbf-324e-11dd-90c7-001f299685cd}]
shellОткрытьcommand — G:recycler.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{98cdafc7-324e-11dd-90c7-001f299685cd}]
shellОткрытьcommand — H:recycler.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8941cb4-33d5-11dd-90c8-001f3c6ec1bb}]
shellОткрытьcommand — G:recycler.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8beb28e-1318-11de-91c3-001f299685cd}]
shellAutoRuncommand — G:YotaAccessAutoInstall.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ae5a74c7-9a08-11dd-90f9-001f299685cd}]
shellОткрытьcommand — G:recycler.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c22b91ca-2fd6-11dd-90c3-001f3c6ec1bb}]
shellAutoRuncommand — msrdrv.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d7f91b73-7f49-11dd-90d2-001f3c6ec1bb}]
shellAutoRuncommand — mhurest.exe -flash
shellexplorecommand — mhurest.exe -flash
shellopencommand — mhurest.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f295edea-01b6-11de-91a7-001f299685cd}]
shellAutoRuncommand — G:YotaAccessAutoInstall.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f300299f-00c5-11de-91a4-001f299685cd}]
shellAutoRuncommand — G:YotaAccessAutoInstall.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f431ba51-0198-11de-91a5-001f3c6ec1bb}]
shellAutoRuncommand — G:YotaAccessAutoInstall.exe======List of files/folders created in the last 1 months======
2009-11-19 03:34:41 —-AD—- C:autorun.inf
2009-11-18 03:39:33 —-D—- C:Program FilesAdobe
2009-11-16 15:56:08 —-D—- C:Program Filestrend micro
2009-11-16 15:56:07 —-D—- C:rsit
2009-11-16 15:09:06 —-A—- C:SalityKiller.exe
2009-11-16 11:32:51 —-D—- C:WINDOWSCSC
2009-11-16 03:39:08 —-SHD—- C:Config.Msi
2009-11-15 21:08:44 —-A—- C:WINDOWSntbtlog.txt
2009-11-11 21:54:05 —-D—- C:Documents and SettingsAll UsersApplication Datamsuwarn======List of files/folders modified in the last 1 months======
2009-11-20 15:47:21 —-D—- C:WINDOWSTemp
2009-11-20 15:45:04 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-11-20 03:02:07 —-D—- C:WINDOWSPrefetch
2009-11-20 03:01:00 —-D—- C:Documents and SettingsIvanApplication DataSkype
2009-11-19 21:43:39 —-A—- C:Documents and SettingsIvanApplication Dataisfree3_0.tmp
2009-11-19 21:43:16 —-A—- C:Documents and SettingsIvanApplication Dataisfree3_1.tmp
2009-11-19 08:38:28 —-A—- C:WINDOWSSchedLgU.Txt
2009-11-18 03:40:31 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-11-18 03:40:11 —-SHD—- C:WINDOWSInstaller
2009-11-18 03:39:47 —-D—- C:Program FilesCommon FilesAdobe
2009-11-18 03:39:33 —-RD—- C:Program Files
2009-11-18 03:39:10 —-D—- C:WINDOWSsystem32
2009-11-18 00:25:18 —-D—- C:Program FilesStrongDC
2009-11-17 21:14:58 —-D—- C:Temp
2009-11-16 15:10:11 —-A—- C:WINDOWSsystem.ini
2009-11-16 13:40:54 —-HD—- C:WINDOWSinf
2009-11-16 13:37:22 —-D—- C:WINDOWS
2009-11-16 12:04:55 —-D—- C:WINDOWSsystem32drivers
2009-11-16 11:32:55 —-D—- C:Documents and Settings
2009-11-16 10:05:41 —-D—- C:WINDOWSsystem32config
2009-11-16 10:01:53 —-D—- C:WINDOWSHelp
2009-11-16 10:01:53 —-A—- C:WINDOWSwininit.ini
2009-11-16 10:01:52 —-D—- C:WINDOWSsystem
2009-11-16 03:41:15 —-D—- C:WINDOWSsystem32CatRoot
2009-11-16 03:39:15 —-D—- C:WINDOWSsystem32CatRoot2
2009-11-16 00:10:21 —-D—- C:Downloads
2009-11-15 22:45:17 —-D—- C:Program FilesKaspersky Lab
2009-11-15 22:41:09 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-11-15 21:06:09 —-D—- C:WINDOWSsystem32Restore
2009-11-15 19:31:24 —-D—- C:Program FilesQIP
2009-11-14 09:01:06 —-D—- C:Documents and SettingsIvanApplication DataskypePM
2009-11-14 01:07:18 —-D—- C:Documents and SettingsIvanApplication DatauTorrent
2009-11-12 18:09:03 —-D—- C:Documents and SettingsIvanApplication DataDiskAid
2009-11-08 16:13:03 —-A—- C:WINDOWSerwin40.ini
2009-11-08 01:01:51 —-D—- C:Program FilesuTorrent
2009-11-06 23:59:43 —-A—- C:WINDOWSavisplitter.INI
2009-11-04 02:32:57 —-D—- C:Documents and SettingsIvanApplication Data3po.ru
2009-10-27 13:50:02 —-A—- C:WINDOWSsystem32PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DLACDBHM;DLACDBHM; C:WINDOWSSystem32DriversDLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:WINDOWSSystem32DriversDLARTL_M.SYS [2007-02-08 28120]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-03-02 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-08-11 306704]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2004-08-04 8832]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2006-03-02 12032]
R2 DLABMFSM;DLABMFSM; C:WINDOWSSystem32DLADLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:WINDOWSSystem32DLADLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:WINDOWSSystem32DLADLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:WINDOWSSystem32DLADLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:WINDOWSSystem32DLADLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:WINDOWSSystem32DLADLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:WINDOWSSystem32DLADLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:WINDOWSSystem32DLADLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:WINDOWSSystem32DriversDRVNDDM.SYS [2007-02-09 51768]
R3 Accelerometer;Accelerometer; C:WINDOWSsystem32DRIVERSAccelerometer.sys [2006-07-23 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2007-01-09 288768]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-08-07 93952]
R3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2007-01-02 1160320]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2006-03-02 60800]
R3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:WINDOWSsystem32DRIVERSATSwpDrv.sys [2007-04-10 140808]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:WINDOWSsystem32DRIVERSb57xp32.sys [2007-02-27 160256]
R3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2007-02-14 530861]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2007-02-14 30459]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2007-02-14 868298]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSsystem32DRIVERSGEARAspiWDM.sys [2009-01-15 23848]
R3 HBtnKey;HBtnKey; C:WINDOWSsystem32DRIVERScpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HpqKbFiltr;HpqKbFilter Driver; C:WINDOWSsystem32DRIVERSHpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2007-05-16 5707744]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:WINDOWSsystem32DRIVERSklmouflt.sys [2009-05-16 19472]
R3 NETw4x32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows XP 32 Bit; C:WINDOWSsystem32DRIVERSNETw4x32.sys [2007-03-01 2203520]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2006-03-02 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:WINDOWSsystem32DRIVERSRimSerial.sys [2007-06-14 26368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2006-03-02 5888]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2007-01-12 201856]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-04-19 20608]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2008-03-27 503008]
S3 AVPsys;AVPsys; ??C:WINDOWSsystem32driverscdaudio.sys []
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2007-02-14 149123]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2007-02-14 67960]
S3 C7xxUSB;Samsung CMC7xx USB Network Driver; C:WINDOWSsystem32DRIVERSC7xUSBX3.sys [2009-05-19 39296]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 HP24X;HP PC Card Smart Card Reader; C:WINDOWSsystem32DRIVERSHP24X.sys [2006-10-19 33024]
S3 inmqqx;inmqqx; ??C:WINDOWSsystem322.tmp []
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; ??C:WINDOWSsystem32PCTINDIS5.SYS []
S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20); C:WINDOWSsystem32DRIVERSswumx20.sys []
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2009-02-09 7808]
S3 usb_rndisx;USB RNDIS Adapter; C:WINDOWSsystem32DRIVERSusb8023x.sys [2005-10-21 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2009-03-05 36864]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2009-02-09 7808]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2006-03-02 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-03-06 132424]
R2 ASBroker;Logon Session Broker; C:WINDOWSSystem32svchost.exe [2006-03-02 14336]
R2 ASChannel;Local Communication Channel; C:WINDOWSSystem32svchost.exe [2006-03-02 14336]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2007-02-06 266295]
R2 hpqwmiex;hpqwmiex; C:Program FilesHewlett-PackardSharedhpqWmiEx.exe [2007-12-05 144688]
R2 IviRegMgr;IviRegMgr; C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-08-31 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-04-19 75304]
R2 rma;Radia Management Agent; C:/Novadigm/ManagementAgent/nvdkit.exe []
R2 SPCSUtilityService;SPCSUtilityService; C:Program FilesSprint-HPSierra WirelessSprint PCS Connection ManagerSPCSUtilityService.exe [2007-09-05 131072]
R2 SWIHPWMI;SWIHPWMI; C:Program FilesHPQSharedSierra WirelessWin32UnicodeSWIHPWMI.exe [2006-12-04 292384]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2006-03-02 14336]
S2 avp;avp; C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe [2009-08-12 328096]
S2 LogWatch;Event Log Watch; C:WINDOWSLogWatNT.exe []
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesRoxioRoxio MyDVD Basic v9InstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2009-03-11 656168]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe [2006-11-06 887544]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2009-03-04 621056]
S3 SQLWriter;SQL Server VSS Writer; c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe [2005-10-14 87768]
S3 stllssvr;stllssvr; C:Program FilesCommon FilesSureThing Sharedstllssvr.exe [2006-11-01 73728]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:Program FilesMicrosoft Visual Studio 8Common7IDERemote Debuggerx86msvsmon.exe /service msvsmon80 []
S4 NetTcpPortSharing;Служба общего доступа к портам Net.Tcp; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
Здравствуйте, Valeri! Большое спасибо за помощь!
При загрузке компьютера окна (C:WINDOWSsystem32configWin.exe) перестали появляться. Однако теперь до входа в систему периодически появляется странное окно с какими-то иероглифами, закрыть которое можно лишь нажав ОК. Только после этого появляется возможность выбора пользователя и входа в систему. И еще периодически зависает панель задач, при этом не открывается диспетчер задач, приходится перезагружать компьютер.
На Flash_Disinfector флешки не отреагировали. Сделала все по инструкции, а Каспер после этого все равно нашел вирусы.
При полной проверке компьютера вирусы найдены не были.
Высылаю Свежие логи.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Ivan at 2009-11-16 15:56:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 78 GB (54%) free of 144 GB
Total RAM: 2039 MB (67% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:46, on 16.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesHewlett-PackardIAMbinasghost.exe
C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
C:WINDOWSsystem32ctfmon.exe
C:Documents and SettingsIvanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Program FilesQIPqip.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:NovadigmManagementAgentnvdkit.exe
C:Documents and SettingsIvanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Program FilesSprint-HPSierra WirelessSprint PCS Connection ManagerSPCSUtilityService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesHewlett-PackardSharedhpqWmiEx.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesHPQSharedSierra WirelessWin32UnicodeSWIHPWMI.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsIvanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsIvanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsIvanМои документыDownloadsRSIT.exe
C:Program Filestrend microIvan.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.hp.com/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.hp.com/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 192.168.0.1:8080
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
F3 — REG:win.ini: run=C:WINDOWSsystem32configWin.exe
F2 — REG:system.ini: UserInit=C:WINDOWSSystem32userinit.exe
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2010ievkbd.dll
O2 — BHO: link filter bho — {E33CF602-D945-461A-83F0-819F76A199F8} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [Malwarebytes Anti-Malware (reboot)] «C:Program FilesMalwarebytes’ Anti-Malwarembam.exe» /runcleanupscript
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O8 — Extra context menu item: &Отправить на устройство Bluetooth… — C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Translate with ABBYY &Lingvo… — res://C:Program FilesABBYY Lingvo 12Lingvo.exe/3000
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2010ie_banner_deny.htm
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: &Виртуальная клавиатура — {4248FE82-7FCB-46AC-B270-339F08212110} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe (file missing)
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Проверка ссы&лок — {CCF151D8-D089-449F-A5A4-D9909053F20F} — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O20 — Winlogon Notify: OneCard — C:Program FilesHewlett-PackardIAMBinASWLNPkg.dll
O23 — Service: Apple Mobile Device — Apple Inc. — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 — Service: avp — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe
O23 — Service: Bonjour Service — Apple Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: hpqwmiex — Hewlett-Packard Development Company, L.P. — C:Program FilesHewlett-PackardSharedhpqWmiEx.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesRoxioRoxio MyDVD Basic v9InstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Сервис iPod (iPod Service) — Apple Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: IviRegMgr — InterVideo — C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: Event Log Watch (LogWatch) — Unknown owner — C:WINDOWSLogWatNT.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Radia Management Agent (rma) — Unknown owner — C:/Novadigm/ManagementAgent/nvdkit.exe
O23 — Service: RoxMediaDB9 — Sonic Solutions — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: SPCSUtilityService — Sprint Spectrum, L.L.C — C:Program FilesSprint-HPSierra WirelessSprint PCS Connection ManagerSPCSUtilityService.exe
O23 — Service: stllssvr — MicroVision Development, Inc. — C:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O23 — Service: SWIHPWMI — Sierra Wireless Inc. — C:Program FilesHPQSharedSierra WirelessWin32UnicodeSWIHPWMI.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9606 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-861567501-2000478354-839522115-1003Core.job
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-861567501-2000478354-839522115-1003UA.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2010ievkbd.dll [2009-08-12 68112][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll [2009-08-12 244240][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe -LM []
«Malwarebytes Anti-Malware (reboot)»=C:Program FilesMalwarebytes’ Anti-Malwarembam.exe [2009-09-10 1312080]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe [2009-08-12 328096][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2006-03-02 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»APSHook.dll,C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2007-05-16 204800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2009-08-12 219664][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyOneCard]
C:Program FilesHewlett-PackardIAMBinASWLNPkg.dll [2007-02-07 74240][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=scecli
ASWLNPkg[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=255[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveTypeAutoRun»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«»=»»
«C:Program FilesHPQHP Connection ManagerSwiApiMux.exe»=»C:Program FilesHPQHP Connection ManagerSwiApiMux.exe:*:Enabled:SwiApiMux»
«C:Program FilesQIP Infiuminfium.exe»=»C:Program FilesQIP Infiuminfium.exe:*:Enabled:QIP Infium»
«C:WINDOWSsystem32K4hostElSvc.exe»=»C:WINDOWSsystem32K4hostElSvc.exe:*:Enabled:Группирование одноранговой сети Windows»
«C:Program FilesSplashDataFile Magic for iPhoneFile Magic.exe»=»C:Program FilesSplashDataFile Magic for iPhoneFile Magic.exe:*:Enabled:File Magic Desktop»
«C:Program FilesSamsung ElectronicsmWiMAX U200YotaAccess.exe»=»C:Program FilesSamsung ElectronicsmWiMAX U200YotaAccess.exe:*:Enabled:Yota Access»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesARIS6.2JavaClientjrebinjava.exe»=»C:Program FilesARIS6.2JavaClientjrebinjava.exe:*:Enabled:Java»
«C:Program FilesARIS6.2LocalServerjrebinjava.exe»=»C:Program FilesARIS6.2LocalServerjrebinjava.exe:*:Enabled:Java»
«C:Program FilesARIS6.2LocalServerASA8win32dbsrv8.exe»=»C:Program FilesARIS6.2LocalServerASA8win32dbsrv8.exe:*:Enabled:Adaptive Server Anywhere Network Server»
«C:Program FilesARIS6.2ScriptCv.exe»=»C:Program FilesARIS6.2ScriptCv.exe:*:Enabled:Script Converter ARIS 4.x to ARIS 5»
«C:Program FilesARIS6.2Aris62.exe»=»C:Program FilesARIS6.2Aris62.exe:*:Enabled:ARIS»
«C:Program FilesARIS6.2Regsvr32.exe»=»C:Program FilesARIS6.2Regsvr32.exe:*:Enabled:Regsvr32»
«C:Program FilesARIS6.2regall.exe»=»C:Program FilesARIS6.2regall.exe:*:Enabled:regall»
«C:Program FilesARIS6.2ArisAdm62.exe»=»C:Program FilesARIS6.2ArisAdm62.exe:*:Enabled:ARIS Database Administration Tool»
«C:Program FilesARIS6.2htmlbinariessetupWPSetup.exe»=»C:Program FilesARIS6.2htmlbinariessetupWPSetup.exe:*:Enabled: «
«C:Program FilesARIS6.2simpleeM-Plant.exe»=»C:Program FilesARIS6.2simpleeM-Plant.exe:*:Enabled:eM-Plantо»
«C:Program FilesARIS6.2JavaClientSiteAdmin.exe»=»C:Program FilesARIS6.2JavaClientSiteAdmin.exe:*:Enabled:ARIS SiteAdmin Tool»
«C:Program FilesARIS6.2JavaClientConverterGUI.exe»=»C:Program FilesARIS6.2JavaClientConverterGUI.exe:*:Enabled:ARIS Converter GUI»
«C:Program FilesARIS6.2JavaClientaris502ArisAdm.exe»=»C:Program FilesARIS6.2JavaClientaris502ArisAdm.exe:*:Enabled:ARIS Database Administration Tool»
«C:Program FilesARIS6.2JavaClientaris502csf_srvp.exe»=»C:Program FilesARIS6.2JavaClientaris502csf_srvp.exe:*:Enabled:ARIS Com. Layer Server Driver»
«C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe»=»C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe:*:Enabled:Kaspersky Anti-Virus»
«C:Documents and SettingsIvanРабочий столmagent.exe»=»C:Documents and SettingsIvanРабочий столmagent.exe:*:Enabled:Mail.Ru Агент»
«C:Program FilesQIPqip.exe»=»C:Program FilesQIPqip.exe:*:Enabled:Quiet Internet Pager»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«»=»»
«C:Program FilesSamsung ElectronicsmWiMAX U200YotaAccess.exe»=»C:Program FilesSamsung ElectronicsmWiMAX U200YotaAccess.exe:*:Enabled:Yota Access»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{022b6636-2067-11de-91d6-00233ace0046}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0312958c-4b4a-11de-9207-d24e5c59d2cd}]
shellAutoRuncommand — winlog.exe
shellopencommand — winlog.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0585064e-c383-11dd-9147-001f299685cd}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{093865fb-59c6-11de-9213-001f3c6ec1bb}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0eaa4404-5c4e-11de-9214-001f299685cd}]
shellAutoRuncommand — msrdrv.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{10f98030-b54f-11dd-912d-001f299685cd}]
shellAutoRuncommand — G:yannh.cmd
shellexplorecommand — G:yannh.cmd
shellopencommand — G:yannh.cmd[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1aaded85-2905-11de-91dd-001f299685cd}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{23785424-10a0-11de-91b7-001f3c6ec1bb}]
shellAutoRuncommand — G:AutoInstall.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2e1728e3-55df-11de-920f-001f299685cd}]
shellAutoRuncommand — G:RecycleP-1-3-64-8794238531-8742492-9897532Redem.exe
shellopencommand — G:RecycleP-1-3-64-8794238531-8742492-9897532Redem.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3cc200fb-9bc3-11de-9231-001f299685cd}]
shellAutoRuncommand — G:RECYCLERS-51-9-25-3434476501-1644491932-601013333-1214LBTWiz.exe
shellopencommand — G:RECYCLERS-51-9-25-3434476501-1644491932-601013333-1214LBTWiz.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{42f7ca57-cd3c-11dd-9155-001f299685cd}]
shellAutoRuncommand — msrdrv.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{42f7ca5a-cd3c-11dd-9155-001f299685cd}]
shellAutoRuncommand — G:2u.com
shellexplorecommand — G:2u.com
shellopencommand — G:2u.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4dc7729a-24d1-11de-91d9-001f3c6ec1bb}]
shellAutoRuncommand — G:mhurest.exe -flash
shellexplorecommand — G:mhurest.exe -flash
shellopencommand — G:mhurest.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5ec6f46a-6dec-11de-9220-001f3c6ec1bb}]
shellAutoRuncommand — H:Launcher.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{65dd8ca2-02ab-11de-91a8-001f299685cd}]
shellAutoRuncommand — G:YotaAccessAutoInstall.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{69cfbb61-3e11-11de-91f9-001f299685cd}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .RECYCLERS-5-3-42-2819952290-8240758988-879315005-3665jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6c1ea9ea-ad04-11dd-910e-001f3c6ec1bb}]
shellAutoRuncommand — G:nq0cq.cmd
shellexplorecommand — G:nq0cq.cmd
shellopencommand — G:nq0cq.cmd[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6c1ea9ec-ad04-11dd-910e-001f3c6ec1bb}]
shellAutoRuncommand — G:DATASYSTEMXp.exe
shellopencommand — G:DATASYSTEMXp.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{70747941-e40b-11dd-9176-b2917b2c89e5}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RecycledKESHA.EXE[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7be09059-b26d-11de-9246-001f3c6ec1bb}]
shellAutoRuncommand — H:mhurest.exe -flash
shellexplorecommand — H:mhurest.exe -flash
shellopencommand — H:mhurest.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{98cdafbf-324e-11dd-90c7-001f299685cd}]
shellОткрытьcommand — G:recycler.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{98cdafc7-324e-11dd-90c7-001f299685cd}]
shellОткрытьcommand — H:recycler.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8941cb4-33d5-11dd-90c8-001f3c6ec1bb}]
shellОткрытьcommand — G:recycler.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a8beb28e-1318-11de-91c3-001f299685cd}]
shellAutoRuncommand — G:YotaAccessAutoInstall.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ae5a74c7-9a08-11dd-90f9-001f299685cd}]
shellОткрытьcommand — G:recycler.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c22b91ca-2fd6-11dd-90c3-001f3c6ec1bb}]
shellAutoRuncommand — msrdrv.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d7f91b73-7f49-11dd-90d2-001f3c6ec1bb}]
shellAutoRuncommand — mhurest.exe -flash
shellexplorecommand — mhurest.exe -flash
shellopencommand — mhurest.exe -flash[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f295edea-01b6-11de-91a7-001f299685cd}]
shellAutoRuncommand — G:YotaAccessAutoInstall.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f300299f-00c5-11de-91a4-001f299685cd}]
shellAutoRuncommand — G:YotaAccessAutoInstall.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f431ba51-0198-11de-91a5-001f3c6ec1bb}]
shellAutoRuncommand — G:YotaAccessAutoInstall.exe======List of files/folders created in the last 1 months======
2009-11-16 15:56:08 —-D—- C:Program Filestrend micro
2009-11-16 15:56:07 —-D—- C:rsit
2009-11-16 15:09:06 —-A—- C:SalityKiller.exe
2009-11-16 11:32:51 —-D—- C:WINDOWSCSC
2009-11-16 03:39:08 —-SHD—- C:Config.Msi
2009-11-15 21:08:44 —-A—- C:WINDOWSntbtlog.txt
2009-11-11 21:54:05 —-D—- C:Documents and SettingsAll UsersApplication Datamsuwarn======List of files/folders modified in the last 1 months======
2009-11-16 15:56:08 —-RD—- C:Program Files
2009-11-16 15:54:22 —-D—- C:Documents and SettingsIvanApplication DataSkype
2009-11-16 15:53:49 —-D—- C:WINDOWSTemp
2009-11-16 15:53:15 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-11-16 15:32:55 —-D—- C:WINDOWSPrefetch
2009-11-16 15:10:11 —-A—- C:WINDOWSsystem.ini
2009-11-16 13:40:54 —-HD—- C:WINDOWSinf
2009-11-16 13:37:22 —-D—- C:WINDOWS
2009-11-16 12:11:18 —-A—- C:WINDOWSSchedLgU.Txt
2009-11-16 12:04:55 —-D—- C:WINDOWSsystem32drivers
2009-11-16 11:32:55 —-D—- C:Documents and Settings
2009-11-16 10:05:41 —-D—- C:WINDOWSsystem32config
2009-11-16 10:05:15 —-D—- C:WINDOWSsystem32
2009-11-16 10:01:53 —-D—- C:WINDOWSHelp
2009-11-16 10:01:53 —-A—- C:WINDOWSwininit.ini
2009-11-16 10:01:52 —-D—- C:WINDOWSsystem
2009-11-16 03:41:15 —-D—- C:WINDOWSsystem32CatRoot
2009-11-16 03:41:09 —-SHD—- C:WINDOWSInstaller
2009-11-16 03:39:15 —-D—- C:WINDOWSsystem32CatRoot2
2009-11-16 00:10:21 —-D—- C:Downloads
2009-11-15 22:45:17 —-D—- C:Program FilesKaspersky Lab
2009-11-15 22:41:09 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-11-15 21:06:09 —-D—- C:WINDOWSsystem32Restore
2009-11-15 19:31:24 —-D—- C:Program FilesQIP
2009-11-14 09:01:06 —-D—- C:Documents and SettingsIvanApplication DataskypePM
2009-11-14 01:07:18 —-D—- C:Documents and SettingsIvanApplication DatauTorrent
2009-11-13 23:13:53 —-D—- C:Program FilesStrongDC
2009-11-13 22:08:02 —-D—- C:Temp
2009-11-12 18:09:03 —-D—- C:Documents and SettingsIvanApplication DataDiskAid
2009-11-08 16:13:03 —-A—- C:WINDOWSerwin40.ini
2009-11-08 01:01:51 —-D—- C:Program FilesuTorrent
2009-11-06 23:59:43 —-A—- C:WINDOWSavisplitter.INI
2009-11-04 22:07:48 —-A—- C:Documents and SettingsIvanApplication Dataisfree3_0.tmp
2009-11-04 22:07:33 —-A—- C:Documents and SettingsIvanApplication Dataisfree3_1.tmp
2009-11-04 02:32:57 —-D—- C:Documents and SettingsIvanApplication Data3po.ru
2009-10-27 13:50:02 —-A—- C:WINDOWSsystem32PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DLACDBHM;DLACDBHM; C:WINDOWSSystem32DriversDLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:WINDOWSSystem32DriversDLARTL_M.SYS [2007-02-08 28120]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-03-02 40448]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-08-11 306704]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2004-08-04 8832]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2006-03-02 12032]
R2 DLABMFSM;DLABMFSM; C:WINDOWSSystem32DLADLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:WINDOWSSystem32DLADLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:WINDOWSSystem32DLADLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:WINDOWSSystem32DLADLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:WINDOWSSystem32DLADLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:WINDOWSSystem32DLADLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:WINDOWSSystem32DLADLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:WINDOWSSystem32DLADLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:WINDOWSSystem32DriversDRVNDDM.SYS [2007-02-09 51768]
R3 Accelerometer;Accelerometer; C:WINDOWSsystem32DRIVERSAccelerometer.sys [2006-07-23 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2007-01-09 288768]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-08-07 93952]
R3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2007-01-02 1160320]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2006-03-02 60800]
R3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:WINDOWSsystem32DRIVERSATSwpDrv.sys [2007-04-10 140808]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:WINDOWSsystem32DRIVERSb57xp32.sys [2007-02-27 160256]
R3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2007-02-14 530861]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2007-02-14 30459]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2007-02-14 868298]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSsystem32DRIVERSGEARAspiWDM.sys [2009-01-15 23848]
R3 HBtnKey;HBtnKey; C:WINDOWSsystem32DRIVERScpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HpqKbFiltr;HpqKbFilter Driver; C:WINDOWSsystem32DRIVERSHpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2007-05-16 5707744]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:WINDOWSsystem32DRIVERSklmouflt.sys [2009-05-16 19472]
R3 NETw4x32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows XP 32 Bit; C:WINDOWSsystem32DRIVERSNETw4x32.sys [2007-03-01 2203520]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2006-03-02 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:WINDOWSsystem32DRIVERSRimSerial.sys [2007-06-14 26368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2006-03-02 5888]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2007-01-12 201856]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-04-19 20608]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2008-03-27 503008]
S3 AVPsys;AVPsys; ??C:WINDOWSsystem32driverscdaudio.sys []
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2007-02-14 149123]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2007-02-14 67960]
S3 C7xxUSB;Samsung CMC7xx USB Network Driver; C:WINDOWSsystem32DRIVERSC7xUSBX3.sys [2009-05-19 39296]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 HP24X;HP PC Card Smart Card Reader; C:WINDOWSsystem32DRIVERSHP24X.sys [2006-10-19 33024]
S3 inmqqx;inmqqx; ??C:WINDOWSsystem322.tmp []
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; ??C:WINDOWSsystem32PCTINDIS5.SYS []
S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20); C:WINDOWSsystem32DRIVERSswumx20.sys []
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2009-02-09 7808]
S3 usb_rndisx;USB RNDIS Adapter; C:WINDOWSsystem32DRIVERSusb8023x.sys [2005-10-21 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2009-03-05 36864]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2006-03-02 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-03-06 132424]
R2 ASBroker;Logon Session Broker; C:WINDOWSSystem32svchost.exe [2006-03-02 14336]
R2 ASChannel;Local Communication Channel; C:WINDOWSSystem32svchost.exe [2006-03-02 14336]
R2 avp;avp; C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe [2009-08-12 328096]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2007-02-06 266295]
R2 hpqwmiex;hpqwmiex; C:Program FilesHewlett-PackardSharedhpqWmiEx.exe [2007-12-05 144688]
R2 IviRegMgr;IviRegMgr; C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-08-31 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-04-19 75304]
R2 rma;Radia Management Agent; C:/Novadigm/ManagementAgent/nvdkit.exe []
R2 SPCSUtilityService;SPCSUtilityService; C:Program FilesSprint-HPSierra WirelessSprint PCS Connection ManagerSPCSUtilityService.exe [2007-09-05 131072]
R2 SWIHPWMI;SWIHPWMI; C:Program FilesHPQSharedSierra WirelessWin32UnicodeSWIHPWMI.exe [2006-12-04 292384]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2006-03-02 14336]
S2 LogWatch;Event Log Watch; C:WINDOWSLogWatNT.exe []
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesRoxioRoxio MyDVD Basic v9InstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2009-03-11 656168]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe [2006-11-06 887544]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2009-03-04 621056]
S3 SQLWriter;SQL Server VSS Writer; c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe [2005-10-14 87768]
S3 stllssvr;stllssvr; C:Program FilesCommon FilesSureThing Sharedstllssvr.exe [2006-11-01 73728]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:Program FilesMicrosoft Visual Studio 8Common7IDERemote Debuggerx86msvsmon.exe /service msvsmon80 []
S4 NetTcpPortSharing;Служба общего доступа к портам Net.Tcp; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
info.txt logfile of random’s system information tool 1.06 2009-11-16 15:56:49
======Uninstall list======
—>C:Program FilesInstallShield Installation Information{69333A04-5134-40A5-A055-9166A7AA1EC8}setup.exe -runfromtemp -l0x0009 -removeonly
—>MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}
—>MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
—>MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
7-Zip 4.60 beta—>»C:Program Files7-ZipUninstall.exe»
ABBYY Lingvo 12 Multilingual Edition—>MsiExec.exe /I{A1200000-0004-0000-0000-074957833700}
ABBYY PDF Transformer 2.0—>MsiExec.exe /I{FA200000-0001-0000-0000-074957833700}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 9.1.3 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A91000000001}
Advanced Grapher 2.11—>»C:Program FilesAdvanced Grapherunins000.exe»
Agere Systems HDA Modem—>agrsmdel
Apple Mobile Device Support—>MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ARIS 6.2 Client—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D9B7C113-F0C0-11D6-B105-000102F9B94F}Setup.exe» -l0x9 uninstall
AT&T Communication Manager—>MsiExec.exe /X{9C41CC3E-CB42-451F-9444-BA75FB12C0AC}
AviSynth 2.5—>»C:Program FilesAviSynth 2.5Uninstall.exe»
Bonjour—>MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom NetXtreme Ethernet Controller—>MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Computer Associates ERwin 4.0—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{DA5873B5-6262-11D4-8ABC-00C04F5F14B8}Setup.exe»
ConceptDraw MINDMAP Professional Пробная версия—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A9B1F574-20BC-4F7C-934C-58A1AA9F3793}setup.exe» -l0x19 -removeonly
Credential Manager for HP ProtectTools—>MsiExec.exe /X{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}
DiskAid 3.1—>»C:Program FilesDiskAidunins000.exe»
Download Master version 5.5.6.1139—>»C:Program FilesDownload Masterunins000.exe»
Fiction Book Designer—>MsiExec.exe /I{4A6A2737-C809-4C23-9DD0-34C861DAC1CE}
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows XP (KB909394)—>»C:WINDOWS$NtUninstallKB909394$spuninstspuninst.exe»
Hotfix for Windows XP (KB915865)—>»C:WINDOWS$NtUninstallKB915865$spuninstspuninst.exe»
Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
HP 3D DriveGuard—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{429E92A4-159F-4AEC-85A1-D693E1E4274D}setup.exe» -l0x19 UNINSTALL
HP BIOS Configuration for ProtectTools—>MsiExec.exe /X{C74D0FA0-1D49-464F-A707-B427EE3385C1}
HP Broadband Wireless Modules—>MsiExec.exe /X{E0742446-2B18-4204-8A46-DA70BB003318}
HP Connection Manager—>MsiExec.exe /I{BED4104F-2480-421B-BA2F-8D3AC57B8CDB}
HP Doc Viewer—>MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}setup.exe» -l0x19 -removeonly
HP Integrated Module with Bluetooth wireless technology—>MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP Notebook Accessories Product Tour—>MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}
HP PCMCIA Smart Card Reader—>MsiExec.exe /I{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}
HP ProtectTools Security Manager—>MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.40 B2—>C:Program FilesInstallShield Installation Information{34D2AB40-150D-475D-AE32-BD23FB5EE355}setup.exe -runfromtemp -l0x0019 -removeonly uninst
HP Update—>MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guide Bluetooth Addendum 0062—>MsiExec.exe /I{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}
HP User Guides 0064—>MsiExec.exe /I{E25AA53F-6878-4C64-8130-EB8D678DF303}
HP Wireless Assistant—>MsiExec.exe /I{0289B18A-F99F-423F-B79F-1150D0F85492}
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver—>C:WINDOWSsystem32igxpun.exe -uninstall
InterVideo DVD Check—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5D97A4A7-C274-4B63-86D9-07A33435F505}setup.exe» REMOVEALL
InterVideo WinDVD—>»C:Program FilesInstallShield Installation Information{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}setup.exe» REMOVEALL
iPhoneBrowser—>MsiExec.exe /I{A0F7CEAC-8F77-4936-8DDD-0AD4028A5486}
iSpring Free 3.5.1—>»C:Program FilesiSpring Free 3unins000.exe»
iTunes—>MsiExec.exe /I{E5145D2D-793B-4A16-BA42-3F13EEAA7D5E}
Java(TM) 6 Update 11—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Runtime Environment 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kaspersky Internet Security 2010 Beta—>MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Internet Security 2010 Beta—>MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
K-Lite Mega Codec Pack 4.0.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
Mail.Ru Агент 5.2 (сборка 2405, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 1.1 Hotfix (KB928366)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{34AB2437-1B34-3E2D-9DE8-3E2D35335B3F}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{CFF15B94-E062-3701-869A-4CDF4590461E}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack — rus—>MsiExec.exe /I{95E44F11-19F0-39EA-A894-792E054AA1CF}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Device Emulator version 1.0 — ENU—>MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005—>C:Program FilesCommon FilesMicrosoft SharedHelp 8Microsoft Document Explorer 2005install.exe
Microsoft Document Explorer 2005—>MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7—>»C:WINDOWS$NtUninstallWdf01007$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003—>MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight—>MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools—>MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server Compact 3.5 Design Tools ENU—>MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU—>MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Native Client—>MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English)—>MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer—>MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Visual C# 2008 Express Edition — ENU—>C:Program FilesMicrosoft Visual Studio 9.0Microsoft Visual C# 2008 Express Edition — ENUsetup.exe
Microsoft Visual C# 2008 Express Edition — ENU—>MsiExec.exe /X{2D07422C-CA35-375A-A3A8-3631AB85BFE5}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft Visual J# 2.0 Redistributable Packageinstall.exe
Microsoft Visual Studio 2005 Professional Edition — ENU—>C:Program FilesMicrosoft Visual Studio 8Microsoft Visual Studio 2005 Professional Edition — ENUsetup.exe
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework—>MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32—>MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft WSE 3.0 Runtime—>MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MobileMe Control Panel—>MsiExec.exe /I{C7EEC93A-2A61-4B1E-B696-A264680A889D}
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)—>MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 8 Micro v8.0.3.0—>»C:Program FilesNerounins000.exe»
Nokia Connectivity Cable Driver—>MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
PC Connectivity Solution—>MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
QuickTime—>MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Roxio Creator Audio—>MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9—>MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy—>MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data—>MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools—>MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc—>MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler 3—>MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9—>MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
SAMSUNG CDMA Modem Driver Set—>C:Program FilesSAMSUNGSAMSUNG CDMA ModemSSCDUninstall.exe
sDC++ RC10 cvs131—>»C:Program FilesStrongDCunins000.exe»
Skype™ 4.1—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic Activation Module—>MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x19 -removeonly
Sprint Mobile Broadband—>MsiExec.exe /I{0669CD2D-A407-48ED-960C-FF1AD0F4F752}
Synaptics Pointing Device Driver—>rundll32.exe «C:Program FilesSynapticsSynTPSynISDLL.dll»,standAloneUninstall
THE SIMS 3—>»C:Program FilesTHE SIMS 3unins000.exe»
Total Commander (Remove or Repair)—>c:totalcmdtcuninst.exe
Videora iPod Converter 4.04—>C:Program FilesRed KawaVideo Converter Appuninstaller.exe
Vodafone Mobile Connect—>MsiExec.exe /X{7AAA82A6-832C-46D1-AC45-5AAEBCEDF922}
WinDjView 1.0.3—>C:Program FilesWinDjViewuninstall.exe
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Installer 3.1 (KB893803)—>»C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe»
Windows Internet Explorer 7—>»C:WINDOWSie7spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows Support Tools—>MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Yota Access—>MsiExec.exe /X{CC5ADE35-E63A-4AE8-9E48-9A3A144F00F2}
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Доступ к условно бесплатному контенту AdSubscribe—>C:Documents and SettingsIvanApplication DataAdSubscribeUninstall.exe
Исправление для Windows XP (KB896256)—>»C:WINDOWS$NtUninstallKB896256$spuninstspuninst.exe»
Исправление для Windows XP (KB909095)—>»C:WINDOWS$NtUninstallKB909095$spuninstspuninst.exe»
Исправление для Windows XP (KB909667)—>»C:WINDOWS$NtUninstallKB909667$spuninstspuninst.exe»
Исправление для Windows XP (KB912436)—>»C:WINDOWS$NtUninstallKB912436$spuninstspuninst.exe»
Исправление для Windows XP (KB915326)—>»C:WINDOWS$NtUninstallKB915326$spuninstspuninst.exe»
Исправление для Windows XP (KB918005)—>»C:WINDOWS$NtUninstallKB918005$spuninstspuninst.exe»
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Исправление для Windows XP (KB970653-v3)—>»C:WINDOWS$NtUninstallKB970653-v3$spuninstspuninst.exe»
Исправление для проигрывателя Windows Media 11 — (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Критическое обновление для проигрывателя Windows Media 11 — (KB959772)—>»C:WINDOWS$NtUninstallKB959772_WM11$spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB938127)—>»C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB938127-v2)—>»C:WINDOWSie7updatesKB938127-v2-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB961260)—>»C:WINDOWSie7updatesKB961260-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB972260)—>»C:WINDOWSie7updatesKB972260-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP — (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB901190)—>»C:WINDOWS$NtUninstallKB901190$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB944338-v2)—>»C:WINDOWS$NtUninstallKB944338-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956844)—>»C:WINDOWS$NtUninstallKB956844$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958215)—>»C:WINDOWS$NtUninstallKB958215$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958470)—>»C:WINDOWS$NtUninstallKB958470$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960714)—>»C:WINDOWS$NtUninstallKB960714$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961371-v2)—>»C:WINDOWS$NtUninstallKB961371-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971032)—>»C:WINDOWS$NtUninstallKB971032$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971557)—>»C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971633)—>»C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971961)—>»C:WINDOWS$NtUninstallKB971961$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973346)—>»C:WINDOWS$NtUninstallKB973346$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973354)—>»C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB968816)—>»C:WINDOWS$NtUninstallKB968816_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9L$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
Обновление для Windows XP (KB923845)—>»C:WINDOWS$NtUninstallKB923845$spuninstspuninst.exe»
Обновление для Windows XP (KB925720)—>»C:WINDOWS$NtUninstallKB925720$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Обновление для Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
Обновление для Windows XP (KB968389)—>»C:WINDOWS$NtUninstallKB968389$spuninstspuninst.exe»
Обновление для Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
Пакет драйверов Windows — Nokia pccsmcfd (08/22/2008 7.0.0.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294pccsmcfd.inf
Пакет исправлений для Windows XP — KB883667—>C:WINDOWS$NtUninstallKB883667$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB885464—>C:WINDOWS$NtUninstallKB885464$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB885855—>C:WINDOWS$NtUninstallKB885855$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB888239—>C:WINDOWS$NtUninstallKB888239$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB888402—>C:WINDOWS$NtUninstallKB888402$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB889673—>C:WINDOWS$NtUninstallKB889673$spuninstspuninst.exe
Пакет исправлений для Windows XP — KB892559—>»C:WINDOWS$NtUninstallKB892559$spuninstspuninst.exe»
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office—>MsiExec.exe /X{90120000-0020-0419-0000-0000000FF1CE}
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Языковой пакет Microsoft .NET Framework 3.5 — RUS—>c:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack — russetup.exe======Security center information======
AV: Kaspersky Internet Security
FW: Kaspersky Internet Security======System event log======
Computer Name: JULIA
Event Code: 5005
Message: DEVICE{DC2DC38B-9019-44AA-818E-2E72BB9E07B6} : сбой из-за внутренней ошибки.Record Number: 29156
Source Name: NETw4x32
Time Written: 20091014073823.000000+240
Event Type: ошибка
User:Computer Name: JULIA
Event Code: 5005
Message: DEVICE{DC2DC38B-9019-44AA-818E-2E72BB9E07B6} : сбой из-за внутренней ошибки.Record Number: 29155
Source Name: NETw4x32
Time Written: 20091014073821.000000+240
Event Type: ошибка
User:Computer Name: JULIA
Event Code: 5005
Message: DEVICE{DC2DC38B-9019-44AA-818E-2E72BB9E07B6} : сбой из-за внутренней ошибки.Record Number: 29154
Source Name: NETw4x32
Time Written: 20091014073821.000000+240
Event Type: ошибка
User:Computer Name: JULIA
Event Code: 5005
Message: DEVICE{DC2DC38B-9019-44AA-818E-2E72BB9E07B6} : сбой из-за внутренней ошибки.Record Number: 29153
Source Name: NETw4x32
Time Written: 20091014073819.000000+240
Event Type: ошибка
User:Computer Name: JULIA
Event Code: 5005
Message: DEVICE{DC2DC38B-9019-44AA-818E-2E72BB9E07B6} : сбой из-за внутренней ошибки.Record Number: 29152
Source Name: NETw4x32
Time Written: 20091014073819.000000+240
Event Type: ошибка
User:=====Application event log=====
Computer Name: JULIA
Event Code: 20
Message:
Record Number: 8727
Source Name: Google Update
Time Written: 20090825184905.000000+240
Event Type: ошибка
User: JULIAIvanComputer Name: JULIA
Event Code: 20
Message:
Record Number: 8726
Source Name: Google Update
Time Written: 20090825180430.000000+240
Event Type: ошибка
User: JULIAIvanComputer Name: JULIA
Event Code: 20
Message:
Record Number: 8725
Source Name: Google Update
Time Written: 20090825133849.000000+240
Event Type: ошибка
User: JULIAIvanComputer Name: JULIA
Event Code: 20
Message:
Record Number: 8724
Source Name: Google Update
Time Written: 20090825124905.000000+240
Event Type: ошибка
User: JULIAIvanComputer Name: JULIA
Event Code: 20
Message:
Record Number: 8723
Source Name: Google Update
Time Written: 20090825122743.000000+240
Event Type: ошибка
User: JULIAIvan======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesSupport Tools;C:Program FilesHewlett-PackardIAMbin;C:Program FilesCommon FilesRoxio SharedDLLShared;C:Program FilesCommon FilesRoxio SharedDLLShared;C:Program FilesCommon FilesRoxio Shared9.0DLLShared;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 23 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=1706
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«RoxioCentral»=C:Program FilesCommon FilesRoxio Shared9.0Roxio Central33
«VS80COMNTOOLS»=C:Program FilesMicrosoft Visual Studio 8Common7Tools
«CLASSPATH»=.;C:Program FilesJavajre1.6.0libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.6.0libextQTJava.zip
«ARISHOME62″=C:Program FilesARIS6.2
EOF
