Созданные ответы форума
-
Сообщения
-
Все работает отлично, как прежде. СПАСИБО Вам огромное! Вы опять же мне очень помогли. Переставлять винду очень не хочется… 🙂 Очень благодарен.
Лог от OTMoveIt3 by OldTimer
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
ServiceDriver asxuxss1 not found.
ServiceDriver asxuxss1 not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Performance Center deleted successfully.
========== FILES ==========
File/Folder C:WINDOWSsystem32driversasxuxss1.sys not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~19335~1LOCALS~1Temp~DF8256.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.10.0 log created on 04102009_191258
Files moved on Reboot…
C:DOCUME~19335~1LOCALS~1Temp~DF8256.tmp moved successfully.Лог от RSIT
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-04-10 19:23:14
Microsoft Windows XP Professional Service Pack 2
System drive C: has 38 GB (63%) free of 60 GB
Total RAM: 2047 MB (68% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:16, on 10.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:program filesVolumeControlvolume.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesVibrateGameDeviceDriverRFPIcon.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesMy Lockboxflockbox.exe
C:WINDOWSRTHDCPL.EXE
C:Documents and SettingsАдминистраторРабочий столВсё МоёWodomerkaновая версияWMClicker.exe
C:Program FilesPunto Switcherps.exe
C:Program FilesLClockLClock.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesA!K Research LabsOff-roadOffRoad.exe
C:Documents and SettingsАдминистраторLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
T:usrlocalprogramapachestart.exe
T:usrlocalmysql5binmysqld-max-nt.exe
T:usrlocalFTPSlimFTPd.exe
T:usrlocalApachebinApache.exe
T:usrlocalApachebinApache.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesOperaopera.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsАдминистраторРабочий столэкзешкиRSIT.exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = start.qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.kornet.ru/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: MailRuBHO Class — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: TBSB03223 Class — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyP0.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyP0.dll
O4 — HKLM..Run: [VolumeControl] C:program filesVolumeControlvolume.exe
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTBatteryMeter] C:Program FilesVibrateGameDeviceDriverRFPIcon.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [flockbox] C:Program FilesMy Lockboxflockbox.exe /a
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [WMClicker] C:Documents and SettingsАдминистраторРабочий столВсё МоёWodomerkaновая версияWMClicker.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [LClock] C:Program FilesLClockLClock.exe
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [A!K Mouse Off-road] C:Program FilesA!K Research LabsOff-roadOffRoad.exe
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsАдминистраторLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
O4 — HKUSS-1-5-19..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: Create virtual drive for Denwer.lnk = C:DenwerdenwerBoot.exe
O4 — Startup: TopServer 2.1.lnk = C:WINDOWSsystem32topserver.bat
O4 — Startup: Tuning.lnk = ?
O4 — Global Startup: BTTray.lnk = ?
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O17 — HKLMSystemCCSServicesTcpip..{9EF80E47-E2CB-4FB5-9EDD-4843CD427B8D}: NameServer = 172.27.137.10,172.27.137.20
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — C:WINDOWSSystem32appdrvrem01.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SlimFTPd — Unknown owner — T:usrlocalFTPSlimFTPd.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 13298 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-823518204-117609710-725345543-500.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-02-12 119808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}]
MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyP0.dll [2009-03-03 1883672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU1.dll [2008-11-05 804336]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736]
{dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyP0.dll [2009-03-03 1883672][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«VolumeControl»=C:program filesVolumeControlvolume.exe [2003-09-15 36864]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2009-01-15 86016]
«RTBatteryMeter»=C:Program FilesVibrateGameDeviceDriverRFPIcon.exe [2003-01-16 49152]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-03-31 6210744]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-16 206088]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2009-01-15 13680640]
«nwiz»=nwiz.exe /install []
«flockbox»=C:Program FilesMy Lockboxflockbox.exe [2007-12-14 1071472]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-05-10 16342528]
«WMClicker»=C:Documents and SettingsАдминистраторРабочий столВсё МоёWodomerkaновая версияWMClicker.exe [2009-04-09 471552][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2007-01-25 201728]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2007-07-02 132608]
«LClock»=C:Program FilesLClockLClock.exe [2004-09-19 65536]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-29 687560]
«A!K Mouse Off-road»=C:Program FilesA!K Research LabsOff-roadOffRoad.exe [2008-04-02 620032]
«Google Update»=C:Documents and SettingsАдминистраторLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-03-04 133104]
«ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregICQ]
C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2008-10-04 1091768][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Администратор^Главное меню^Программы^Автозагрузка^hamachi.lnk]
C:PROGRA~1Hamachihamachi.exe [2008-11-13 625952]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
Create virtual drive for Denwer.lnk — C:DenwerdenwerBoot.exe
TopServer 2.1.lnk — C:WINDOWSsystem32topserver.bat
Tuning.lnk — C:WINDOWSCacheUninstallffice.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesSmartFTP ClientSmartFTP.exe»=»C:Program FilesSmartFTP ClientSmartFTP.exe:*:Enabled:SmartFTP Client 3.0»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-04-03 14:34:28 —-SHD—- C:Config.Msi
2009-04-03 12:04:22 —-A—- C:WINDOWSntbtlog.txt
2009-03-31 16:16:46 —-D—- C:Documents and SettingsАдминистраторApplication DataTeamViewer
2009-03-23 17:08:10 —-D—- C:Program FilesКулинарный Блокнот
2009-03-21 15:23:30 —-A—- C:WINDOWSsystem32appdrvrem01.exe
2009-03-20 23:03:15 —-D—- C:Documents and SettingsАдминистраторApplication DataKeys manager
2009-03-17 18:31:31 —-D—- C:Program Fileswin-rp
2009-03-17 18:31:31 —-D—- C:Program Filesrp-xlz
2009-03-17 18:31:30 —-D—- C:Program Filesrerait-pro
2009-03-16 19:37:24 —-D—- C:Program FilesKaspersky Lab
2009-03-16 19:37:24 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-03-14 22:47:40 —-A—- C:WINDOWSWORDPAD.INI
2009-03-14 15:03:14 —-D—- C:Program FilesFreePromote 3
2009-03-14 11:42:14 —-HD—- C:WINDOWSPIF
2009-03-13 18:59:38 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools Pro
2009-03-13 18:59:32 —-D—- C:Documents and SettingsAll UsersApplication DataDAEMON Tools Lite
2009-03-13 18:59:25 —-D—- C:Program FilesDAEMON Tools Toolbar
2009-03-13 18:59:22 —-D—- C:Program FilesDAEMON Tools Lite
2009-03-13 18:59:14 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools Lite
2009-03-13 17:46:15 —-A—- C:memory.txt
2009-03-13 17:45:54 —-D—- C:Documents and SettingsAll UsersApplication DataTrymedia
2009-03-11 18:46:25 —-D—- C:Program FilesForum Poster 2
2009-03-11 15:14:33 —-A—- C:WINDOWSsystem32p11.exe======List of files/folders modified in the last 1 months======
2009-04-10 19:23:15 —-D—- C:Program Filestrend micro
2009-04-10 19:23:12 —-D—- C:WINDOWSTemp
2009-04-10 19:19:46 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-10 19:02:15 —-D—- C:Program FilesMozilla Firefox
2009-04-10 18:29:58 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-04-10 17:31:53 —-D—- C:Documents and SettingsАдминистраторApplication DataWebMoney
2009-04-10 15:18:32 —-D—- C:Documents and SettingsАдминистраторApplication DataTor
2009-04-09 21:15:56 —-D—- C:Documents and SettingsАдминистраторApplication DataHamachi
2009-04-09 20:22:23 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2009-04-09 16:32:25 —-SD—- C:Documents and SettingsАдминистраторApplication DataMicrosoft
2009-04-08 07:01:20 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobeUM
2009-04-07 15:17:20 —-D—- C:WINDOWSPrefetch
2009-04-07 15:16:23 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-06 21:05:44 —-D—- C:Documents and SettingsАдминистраторApplication DataThe Bat!
2009-04-04 12:03:34 —-A—- C:WINDOWSNeroDigital.ini
2009-04-03 14:34:28 —-SHD—- C:WINDOWSInstaller
2009-04-03 14:34:25 —-D—- C:Program FilesTopServer 2.1
2009-04-03 12:04:22 —-D—- C:WINDOWS
2009-04-02 22:13:05 —-D—- C:WINDOWSsystem32drivers
2009-04-02 22:11:26 —-D—- C:WINDOWSsystem32
2009-04-02 20:47:11 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-31 18:09:06 —-D—- C:Documents and SettingsАдминистраторApplication DataMra
2009-03-29 12:41:26 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-28 17:08:26 —-D—- C:Program FilesQIP Infium
2009-03-25 16:26:08 —-D—- C:WINDOWSWinSxS
2009-03-22 16:07:45 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2009-03-19 09:15:59 —-D—- C:Program FilesICQ6Toolbar
2009-03-18 18:07:22 —-D—- C:Program FilesICQ6.5
2009-03-18 17:52:04 —-D—- C:Documents and SettingsAll UsersApplication DataICQ
2009-03-18 17:08:37 —-D—- C:Program FilesICQ6
2009-03-16 19:37:47 —-HD—- C:WINDOWSinf
2009-03-15 23:12:28 —-D—- C:Program FilesHfs
2009-03-15 11:19:15 —-D—- C:WINDOWSsystem
2009-03-13 19:26:49 —-RSD—- C:WINDOWSFonts
2009-03-13 19:13:49 —-D—- C:Fraps
2009-03-13 19:00:53 —-D—- C:WINDOWSMinidump
2009-03-13 18:59:38 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools
2009-03-13 18:48:25 —-D—- C:Program FilesFxClub
2009-03-13 18:46:47 —-D—- C:Poker
2009-03-13 18:46:06 —-D—- C:Игры
2009-03-13 18:45:15 —-D—- C:Program FilesГоворилка======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 appdrv01;Application Driver (01); C:WINDOWSSystem32Driversappdrv01.sys [2009-03-21 3110512]
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-03-16 213520]
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2004-05-05 4228]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2005-08-29 853258]
R3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2008-11-13 25280]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-05-10 4419584]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-01-15 6301248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-08-07 98944]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2007-10-15 30208]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2007-10-15 59392]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2007-10-15 17152]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
S3 ao63kgf1;ao63kgf1; C:WINDOWSsystem32driversao63kgf1.sys []
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2005-08-29 428269]
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2005-08-29 30363]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2005-08-29 64344]
S3 DynCal;Dynamic Calibration Service; C:WINDOWSsystem32driversDyncal.sys [2007-11-07 12928]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 MSICPL;MSICPL; ??F:install4MSICPL.sys []
S3 NTACCESS;NTACCESS; ??F:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??F:NTGLM7X.sys []
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-18 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-16 206088]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2005-08-29 266295]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2009-01-15 163908]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-11-18 66872]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WINDOWSSystem32appdrvrem01.exe [2009-03-21 316816]
S2 SlimFTPd;SlimFTPd; T:usrlocalFTPSlimFTPd.exe [2006-07-15 74240]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-11-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
___Кроме этого сообщите вам знакома эта программа C:Documents and SettingsАдминистраторРабочий столWMClicker.exe ?
Да, программа знакома, каждый день пользусюь.
Лог от OTMoveIt3 by OldTimer
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders\»SecurityProviders»|»msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll» /E : value set successfully!
========== FILES ==========
Folder C:WINDOWSdigeste.dll not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~19335~1LOCALS~1TempJET8B67.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsTemporary Internet FilesContent.IE5JH7RTD8index[2].htm scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps002md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps002url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps002w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps002wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001wb.vx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000md.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000url.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000w.ax scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.10.0 log created on 04042009_220103
Files moved on Reboot…
File C:DOCUME~19335~1LOCALS~1TempJET8B67.tmp not found!
C:Documents and SettingsАдминистраторLocal SettingsTemporary Internet FilesContent.IE5JH7RTD8index[2].htm moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps009wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps008wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps007wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps006wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps005wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps004wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps003wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps002adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps002md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps002url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps002w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps002wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps001wb.vx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000adoc.bx moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000md.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000url.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000w.ax moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataOperaOperaProfilevps000wb.vx moved successfully.RSIT лог:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-04-04 22:06:16
Microsoft Windows XP Professional Service Pack 2
System drive C: has 38 GB (63%) free of 60 GB
Total RAM: 2047 MB (74% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:18, on 04.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:program filesVolumeControlvolume.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesVibrateGameDeviceDriverRFPIcon.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesMy Lockboxflockbox.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesPunto Switcherps.exe
C:Program FilesLClockLClock.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesA!K Research LabsOff-roadOffRoad.exe
C:Documents and SettingsАдминистраторLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:Program FilesICQ6.5ICQ.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
T:usrlocalprogramapachestart.exe
T:usrlocalmysql5binmysqld-max-nt.exe
T:usrlocalFTPSlimFTPd.exe
T:usrlocalApachebinApache.exe
T:usrlocalApachebinApache.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesOperaopera.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsАдминистраторРабочий столэкзешкиRSIT.exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = start.qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.kornet.ru/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: MailRuBHO Class — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: TBSB03223 Class — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyP0.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyP0.dll
O4 — HKLM..Run: [VolumeControl] C:program filesVolumeControlvolume.exe
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTBatteryMeter] C:Program FilesVibrateGameDeviceDriverRFPIcon.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [WMClicker] C:Documents and SettingsАдминистраторРабочий столWMClicker.exe
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [flockbox] C:Program FilesMy Lockboxflockbox.exe /a
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [LClock] C:Program FilesLClockLClock.exe
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [A!K Mouse Off-road] C:Program FilesA!K Research LabsOff-roadOffRoad.exe
O4 — HKCU..Run: [Performance Center] C:Program FilesAscentivePerformance CenterApcMain.exe -m
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsАдминистраторLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
O4 — HKUSS-1-5-19..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: Create virtual drive for Denwer.lnk = C:DenwerdenwerBoot.exe
O4 — Startup: TopServer 2.1.lnk = C:WINDOWSsystem32topserver.bat
O4 — Startup: Tuning.lnk = ?
O4 — Global Startup: BTTray.lnk = ?
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O17 — HKLMSystemCCSServicesTcpip..{9EF80E47-E2CB-4FB5-9EDD-4843CD427B8D}: NameServer = 172.27.137.10,172.27.137.20
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — C:WINDOWSSystem32appdrvrem01.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SlimFTPd — Unknown owner — T:usrlocalFTPSlimFTPd.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 13050 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-823518204-117609710-725345543-500.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-02-12 119808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}]
MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyP0.dll [2009-03-03 1883672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU1.dll [2008-11-05 804336]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736]
{dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyP0.dll [2009-03-03 1883672][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«VolumeControl»=C:program filesVolumeControlvolume.exe [2003-09-15 36864]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2009-01-15 86016]
«RTBatteryMeter»=C:Program FilesVibrateGameDeviceDriverRFPIcon.exe [2003-01-16 49152]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-03-31 6210744]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-16 206088]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2009-01-15 13680640]
«WMClicker»=C:Documents and SettingsАдминистраторРабочий столWMClicker.exe [2009-03-25 512000]
«nwiz»=nwiz.exe /install []
«flockbox»=C:Program FilesMy Lockboxflockbox.exe [2007-12-14 1071472]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-05-10 16342528][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2007-01-25 201728]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2007-07-02 132608]
«LClock»=C:Program FilesLClockLClock.exe [2004-09-19 65536]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-29 687560]
«A!K Mouse Off-road»=C:Program FilesA!K Research LabsOff-roadOffRoad.exe [2008-04-02 620032]
«Performance Center»=C:Program FilesAscentivePerformance CenterApcMain.exe -m []
«Google Update»=C:Documents and SettingsАдминистраторLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-03-04 133104]
«ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregICQ]
C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2008-10-04 1091768][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Администратор^Главное меню^Программы^Автозагрузка^hamachi.lnk]
C:PROGRA~1Hamachihamachi.exe [2008-11-13 625952]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
Create virtual drive for Denwer.lnk — C:DenwerdenwerBoot.exe
TopServer 2.1.lnk — C:WINDOWSsystem32topserver.bat
Tuning.lnk — C:WINDOWSCacheUninstallffice.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesSmartFTP ClientSmartFTP.exe»=»C:Program FilesSmartFTP ClientSmartFTP.exe:*:Enabled:SmartFTP Client 3.0»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-04-03 14:34:28 —-SHD—- C:Config.Msi
2009-04-03 12:04:22 —-A—- C:WINDOWSntbtlog.txt
2009-03-31 16:16:46 —-D—- C:Documents and SettingsАдминистраторApplication DataTeamViewer
2009-03-23 17:08:10 —-D—- C:Program FilesКулинарный Блокнот
2009-03-21 15:23:30 —-A—- C:WINDOWSsystem32appdrvrem01.exe
2009-03-20 23:03:15 —-D—- C:Documents and SettingsАдминистраторApplication DataKeys manager
2009-03-17 18:31:31 —-D—- C:Program Fileswin-rp
2009-03-17 18:31:31 —-D—- C:Program Filesrp-xlz
2009-03-17 18:31:30 —-D—- C:Program Filesrerait-pro
2009-03-16 19:37:24 —-D—- C:Program FilesKaspersky Lab
2009-03-16 19:37:24 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-03-14 22:47:40 —-A—- C:WINDOWSWORDPAD.INI
2009-03-14 15:03:14 —-D—- C:Program FilesFreePromote 3
2009-03-14 11:42:14 —-HD—- C:WINDOWSPIF
2009-03-13 18:59:38 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools Pro
2009-03-13 18:59:32 —-D—- C:Documents and SettingsAll UsersApplication DataDAEMON Tools Lite
2009-03-13 18:59:25 —-D—- C:Program FilesDAEMON Tools Toolbar
2009-03-13 18:59:22 —-D—- C:Program FilesDAEMON Tools Lite
2009-03-13 18:59:14 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools Lite
2009-03-13 17:46:15 —-A—- C:memory.txt
2009-03-13 17:45:54 —-D—- C:Documents and SettingsAll UsersApplication DataTrymedia
2009-03-11 18:46:25 —-D—- C:Program FilesForum Poster 2
2009-03-11 15:14:33 —-A—- C:WINDOWSsystem32p11.exe
2009-03-10 23:12:53 —-A—- C:WINDOWSsystem32icqpc2.exe
2009-03-08 19:22:30 —-D—- C:avtokliker
2009-03-08 00:04:11 —-D—- C:WINDOWSulead.dat
2009-03-08 00:04:11 —-A—- C:WINDOWSULead32.ini
2009-03-08 00:03:53 —-D—- C:WINDOWSNoslip
2009-03-06 18:22:04 —-D—- C:Program FilesSafeSurf
2009-03-05 18:45:20 —-D—- C:Program FilesEye Corrector
2009-03-05 16:23:13 —-D—- C:Documents and SettingsАдминистраторApplication DataFileZilla======List of files/folders modified in the last 1 months======
2009-04-04 22:06:17 —-D—- C:Program Filestrend micro
2009-04-04 22:03:12 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-04 22:02:56 —-D—- C:Documents and SettingsАдминистраторApplication DataTor
2009-04-04 22:01:57 —-D—- C:WINDOWSTemp
2009-04-04 21:36:51 —-D—- C:Documents and SettingsАдминистраторApplication DataWebMoney
2009-04-04 20:59:29 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-04-04 13:35:58 —-D—- C:Documents and SettingsАдминистраторApplication DataHamachi
2009-04-04 12:03:34 —-A—- C:WINDOWSNeroDigital.ini
2009-04-04 10:32:33 —-D—- C:Program FilesMozilla Firefox
2009-04-03 22:42:33 —-D—- C:WINDOWSPrefetch
2009-04-03 14:34:30 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2009-04-03 14:34:28 —-SHD—- C:WINDOWSInstaller
2009-04-03 14:34:25 —-D—- C:Program FilesTopServer 2.1
2009-04-03 12:04:22 —-D—- C:WINDOWS
2009-04-02 22:13:05 —-D—- C:WINDOWSsystem32drivers
2009-04-02 22:11:26 —-D—- C:WINDOWSsystem32
2009-04-02 22:11:26 —-D—- C:Program Files
2009-04-02 20:47:11 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-31 18:09:06 —-D—- C:Documents and SettingsАдминистраторApplication DataMra
2009-03-31 07:41:41 —-D—- C:WINDOWSsystem32CatRoot2
2009-03-29 12:41:26 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-28 17:08:26 —-D—- C:Program FilesQIP Infium
2009-03-25 16:26:08 —-D—- C:WINDOWSWinSxS
2009-03-22 16:07:45 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2009-03-20 09:42:08 —-D—- C:Documents and SettingsАдминистраторApplication DataThe Bat!
2009-03-19 09:15:59 —-D—- C:Program FilesICQ6Toolbar
2009-03-18 18:07:22 —-D—- C:Program FilesICQ6.5
2009-03-18 17:52:04 —-D—- C:Documents and SettingsAll UsersApplication DataICQ
2009-03-18 17:08:37 —-D—- C:Program FilesICQ6
2009-03-16 19:37:47 —-HD—- C:WINDOWSinf
2009-03-15 23:12:28 —-D—- C:Program FilesHfs
2009-03-15 11:19:15 —-D—- C:WINDOWSsystem
2009-03-13 19:26:49 —-RSD—- C:WINDOWSFonts
2009-03-13 19:13:49 —-D—- C:Fraps
2009-03-13 19:00:53 —-D—- C:WINDOWSMinidump
2009-03-13 18:59:38 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools
2009-03-13 18:48:25 —-D—- C:Program FilesFxClub
2009-03-13 18:46:47 —-D—- C:Poker
2009-03-13 18:46:06 —-D—- C:Игры
2009-03-13 18:45:15 —-D—- C:Program FilesГоворилка
2009-03-10 20:59:26 —-D—- C:Documents and SettingsАдминистраторApplication DataSkype
2009-03-10 20:08:35 —-D—- C:Documents and SettingsАдминистраторApplication DataskypePM
2009-03-08 19:24:48 —-D—- C:Documents and SettingsАдминистраторApplication DataOpera======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 appdrv01;Application Driver (01); C:WINDOWSSystem32Driversappdrv01.sys [2009-03-21 3110512]
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-03-16 213520]
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2004-05-05 4228]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2005-08-29 853258]
R3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2008-11-13 25280]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-05-10 4419584]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-01-15 6301248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-08-07 98944]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2007-10-15 30208]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2007-10-15 59392]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2007-10-15 17152]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
S3 asxuxss1;asxuxss1; C:WINDOWSsystem32driversasxuxss1.sys []
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2005-08-29 428269]
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2005-08-29 30363]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2005-08-29 64344]
S3 DynCal;Dynamic Calibration Service; C:WINDOWSsystem32driversDyncal.sys [2007-11-07 12928]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 MSICPL;MSICPL; ??F:install4MSICPL.sys []
S3 NTACCESS;NTACCESS; ??F:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??F:NTGLM7X.sys []
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-18 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2005-08-29 266295]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2009-01-15 163908]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-11-18 66872]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WINDOWSSystem32appdrvrem01.exe [2009-03-21 316816]
S2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-16 206088]
S2 SlimFTPd;SlimFTPd; T:usrlocalFTPSlimFTPd.exe [2006-07-15 74240]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-11-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
Спасибо! 🙂
Вот лог от программы Malwarebytes Anti-malware :
Malwarebytes’ Anti-Malware 1.35
Версия базы данных: 1904
Windows 5.1.2600 Service Pack 202.04.2009 22:11:26
mbam-log-2009-04-02 (22-11-26).txtТип проверки: Полная (C:|D:|E:|T:|)
Проверено объектов: 351109
Прошло времени: 1 hour(s), 23 minute(s), 13 second(s)Заражено процессов в памяти: 1
Заражено модулей в памяти: 0
Заражено ключей реестра: 11
Заражено значений реестра: 4
Заражено параметров реестра: 4
Заражено папок: 1
Заражено файлов: 16Заражено процессов в памяти:
C:WINDOWSservices.exe (Trojan.Agent) -> Unloaded process successfully.Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
HKEY_CLASSES_ROOTTypeLib{ded81a35-b5e6-49cb-8a32-b53d1fb02c98} (Pup.Anonymous friend) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{3d334e7d-08b5-4eaf-98f6-48af1500e139} (Pup.Anonymous friend) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{a3884b05-8d20-483a-a2e3-c70a66e75c34} (Pup.Anonymous friend) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{a3884b05-8d20-483a-a2e3-c70a66e75c34} (Pup.Anonymous friend) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTurlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTurlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMozillaMSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstalltbsb03223.tbsb03223toolbar (Adware.Trace) -> Quarantined and deleted successfully.Заражено значений реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar{a3884b05-8d20-483a-a2e3-c70a66e75c34} (Pup.Anonymous friend) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDLLsC:WINDOWSsystem32ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftkr_done1 (Malware.Trace) -> Quarantined and deleted successfully.Заражено параметров реестра:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSecurityProviders (Trojan.Agent) -> Data: digiwet.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Заражено папок:
C:Program FilesMicrosoft Common (Trojan.Agent) -> Quarantined and deleted successfully.Заражено файлов:
C:Documents and SettingsАдминистраторРабочий столВсе мои проектыМОЙ ФОРУМСмайликиSmileyCentralSetup2.3.50.26.ZSman000.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
C:Documents and SettingsАдминистраторРабочий столэкзешкиavenger.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:Program FilesAnonymous FriendAnonymousFriend.dll (Pup.Anonymous friend) -> Quarantined and deleted successfully.
C:Program FilesMyPlayCityRUMyPlayCityRUToolbarHelper.exe (Adware.Speedapps) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:WINDOWSTempD34C.tmp (Backdoor.KeyStart) -> Quarantined and deleted successfully.
C:WINDOWSTempFAB5.tmp (Backdoor.KeyStart) -> Quarantined and deleted successfully.
C:WINDOWSTempwpv631238318368.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:WINDOWSTempwpv691238422083.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:WINDOWSTemp5606.tmp (Backdoor.KeyStart) -> Quarantined and deleted successfully.
C:_OTMoveItMovedFiles1232009_202955DOCUME~19335~1LOCALS~1Temp~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSservices.exe (Trojan.Agent) -> Delete on reboot.
C:WINDOWSsystem32wpv141235998315.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSTempwpv261238107706.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32digiwet.dll (Trojan.Agent) -> Quarantined and deleted successfully.И лог от RSIT :
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-04-02 22:15:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 38 GB (63%) free of 60 GB
Total RAM: 2047 MB (70% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:50, on 02.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:program filesVolumeControlvolume.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesVibrateGameDeviceDriverRFPIcon.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Documents and SettingsАдминистраторРабочий столWMClicker.exe
C:Program FilesMy Lockboxflockbox.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesPunto Switcherps.exe
C:Program FilesLClockLClock.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesA!K Research LabsOff-roadOffRoad.exe
C:Documents and SettingsАдминистраторLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:Program FilesICQ6.5ICQ.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
T:usrlocalprogramapachestart.exe
T:usrlocalFTPSlimFTPd.exe
T:usrlocalApachebinApache.exe
T:usrlocalmysql5binmysqld-max-nt.exe
T:usrlocalApachebinApache.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesOperaopera.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsАдминистраторРабочий столэкзешкиRSIT.exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.qip.ru/ie
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = start.qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.qip.ru/ie
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.kornet.ru/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: IEVkbdBHO — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: MailRuBHO Class — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: TBSB03223 Class — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyP0.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyP0.dll
O4 — HKLM..Run: [VolumeControl] C:program filesVolumeControlvolume.exe
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RTBatteryMeter] C:Program FilesVibrateGameDeviceDriverRFPIcon.exe
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [WMClicker] C:Documents and SettingsАдминистраторРабочий столWMClicker.exe
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [flockbox] C:Program FilesMy Lockboxflockbox.exe /a
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [LClock] C:Program FilesLClockLClock.exe
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [A!K Mouse Off-road] C:Program FilesA!K Research LabsOff-roadOffRoad.exe
O4 — HKCU..Run: [Performance Center] C:Program FilesAscentivePerformance CenterApcMain.exe -m
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsАдминистраторLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
O4 — HKUSS-1-5-19..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: Create virtual drive for Denwer.lnk = C:DenwerdenwerBoot.exe
O4 — Startup: TopServer 2.1.lnk = C:WINDOWSsystem32topserver.bat
O4 — Startup: Tuning.lnk = ?
O4 — Global Startup: BTTray.lnk = ?
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O17 — HKLMSystemCCSServicesTcpip..{9EF80E47-E2CB-4FB5-9EDD-4843CD427B8D}: NameServer = 172.27.137.10,172.27.137.20
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — C:WINDOWSSystem32appdrvrem01.exe
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SlimFTPd — Unknown owner — T:usrlocalFTPSlimFTPd.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 13403 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-823518204-117609710-725345543-500.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsАдминистраторApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-02-12 119808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}]
MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyP0.dll [2009-03-03 1883672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU1.dll [2008-11-05 804336]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736]
{dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyP0.dll [2009-03-03 1883672][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«VolumeControl»=C:program filesVolumeControlvolume.exe [2003-09-15 36864]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2009-01-15 86016]
«RTBatteryMeter»=C:Program FilesVibrateGameDeviceDriverRFPIcon.exe [2003-01-16 49152]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-03-31 6210744]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-16 206088]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2009-01-15 13680640]
«WMClicker»=C:Documents and SettingsАдминистраторРабочий столWMClicker.exe [2009-03-25 512000]
«nwiz»=nwiz.exe /install []
«flockbox»=C:Program FilesMy Lockboxflockbox.exe [2007-12-14 1071472]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-05-10 16342528][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2007-01-25 201728]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2007-07-02 132608]
«LClock»=C:Program FilesLClockLClock.exe [2004-09-19 65536]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-29 687560]
«A!K Mouse Off-road»=C:Program FilesA!K Research LabsOff-roadOffRoad.exe [2008-04-02 620032]
«Performance Center»=C:Program FilesAscentivePerformance CenterApcMain.exe -m []
«Google Update»=C:Documents and SettingsАдминистраторLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-03-04 133104]
«ICQ»=C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregICQ]
C:Program FilesICQ6.5ICQ.exe [2009-03-01 172792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2008-10-04 1091768][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Администратор^Главное меню^Программы^Автозагрузка^hamachi.lnk]
C:PROGRA~1Hamachihamachi.exe [2008-11-13 625952]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
Create virtual drive for Denwer.lnk — C:DenwerdenwerBoot.exe
TopServer 2.1.lnk — C:WINDOWSsystem32topserver.bat
Tuning.lnk — C:WINDOWSCacheUninstallffice.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesSmartFTP ClientSmartFTP.exe»=»C:Program FilesSmartFTP ClientSmartFTP.exe:*:Enabled:SmartFTP Client 3.0»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-03-31 16:16:46 —-D—- C:Documents and SettingsАдминистраторApplication DataTeamViewer
2009-03-23 17:08:10 —-D—- C:Program FilesКулинарный Блокнот
2009-03-21 15:23:30 —-A—- C:WINDOWSsystem32appdrvrem01.exe
2009-03-20 23:03:15 —-D—- C:Documents and SettingsАдминистраторApplication DataKeys manager
2009-03-17 18:31:31 —-D—- C:Program Fileswin-rp
2009-03-17 18:31:31 —-D—- C:Program Filesrp-xlz
2009-03-17 18:31:30 —-D—- C:Program Filesrerait-pro
2009-03-16 19:37:24 —-D—- C:Program FilesKaspersky Lab
2009-03-16 19:37:24 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-03-14 22:47:40 —-A—- C:WINDOWSWORDPAD.INI
2009-03-14 15:03:14 —-D—- C:Program FilesFreePromote 3
2009-03-14 11:42:14 —-HD—- C:WINDOWSPIF
2009-03-13 18:59:38 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools Pro
2009-03-13 18:59:32 —-D—- C:Documents and SettingsAll UsersApplication DataDAEMON Tools Lite
2009-03-13 18:59:25 —-D—- C:Program FilesDAEMON Tools Toolbar
2009-03-13 18:59:22 —-D—- C:Program FilesDAEMON Tools Lite
2009-03-13 18:59:14 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools Lite
2009-03-13 17:46:15 —-A—- C:memory.txt
2009-03-13 17:45:54 —-D—- C:Documents and SettingsAll UsersApplication DataTrymedia
2009-03-11 18:46:25 —-D—- C:Program FilesForum Poster 2
2009-03-11 15:14:33 —-A—- C:WINDOWSsystem32p11.exe
2009-03-10 23:12:53 —-A—- C:WINDOWSsystem32icqpc2.exe
2009-03-08 19:22:30 —-D—- C:avtokliker
2009-03-08 00:04:11 —-D—- C:WINDOWSulead.dat
2009-03-08 00:04:11 —-A—- C:WINDOWSULead32.ini
2009-03-08 00:03:53 —-D—- C:WINDOWSNoslip
2009-03-06 18:22:04 —-D—- C:Program FilesSafeSurf
2009-03-05 18:45:20 —-D—- C:Program FilesEye Corrector
2009-03-05 16:23:13 —-D—- C:Documents and SettingsАдминистраторApplication DataFileZilla======List of files/folders modified in the last 1 months======
2009-04-02 22:15:48 —-D—- C:Program Filestrend micro
2009-04-02 22:15:25 —-D—- C:WINDOWSTemp
2009-04-02 22:13:05 —-D—- C:WINDOWSsystem32drivers
2009-04-02 22:13:05 —-D—- C:WINDOWS
2009-04-02 22:12:21 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-02 22:11:26 —-D—- C:WINDOWSsystem32
2009-04-02 22:11:26 —-D—- C:Program Files
2009-04-02 21:04:55 —-A—- C:WINDOWSNeroDigital.ini
2009-04-02 20:52:12 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-04-02 20:47:11 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-04-02 20:41:24 —-D—- C:Documents and SettingsАдминистраторApplication DataHamachi
2009-04-02 19:57:38 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2009-04-02 18:18:10 —-D—- C:Documents and SettingsАдминистраторApplication DataWebMoney
2009-04-01 23:05:59 —-D—- C:Documents and SettingsАдминистраторApplication DataTor
2009-04-01 23:03:53 —-D—- C:Program FilesMozilla Firefox
2009-03-31 18:09:06 —-D—- C:Documents and SettingsАдминистраторApplication DataMra
2009-03-31 07:41:41 —-D—- C:WINDOWSsystem32CatRoot2
2009-03-29 12:41:26 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-28 17:08:26 —-D—- C:Program FilesQIP Infium
2009-03-25 20:29:00 —-D—- C:WINDOWSPrefetch
2009-03-25 16:26:09 —-SHD—- C:WINDOWSInstaller
2009-03-25 16:26:08 —-D—- C:WINDOWSWinSxS
2009-03-25 16:26:05 —-D—- C:Program FilesTopServer 2.1
2009-03-22 16:07:45 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2009-03-20 09:42:08 —-D—- C:Documents and SettingsАдминистраторApplication DataThe Bat!
2009-03-19 09:15:59 —-D—- C:Program FilesICQ6Toolbar
2009-03-18 18:07:22 —-D—- C:Program FilesICQ6.5
2009-03-18 17:52:04 —-D—- C:Documents and SettingsAll UsersApplication DataICQ
2009-03-18 17:08:37 —-D—- C:Program FilesICQ6
2009-03-16 19:37:47 —-HD—- C:WINDOWSinf
2009-03-15 23:12:28 —-D—- C:Program FilesHfs
2009-03-15 11:19:15 —-D—- C:WINDOWSsystem
2009-03-13 19:26:49 —-RSD—- C:WINDOWSFonts
2009-03-13 19:13:49 —-D—- C:Fraps
2009-03-13 19:00:53 —-D—- C:WINDOWSMinidump
2009-03-13 18:59:38 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools
2009-03-13 18:48:25 —-D—- C:Program FilesFxClub
2009-03-13 18:46:47 —-D—- C:Poker
2009-03-13 18:46:06 —-D—- C:Игры
2009-03-13 18:45:15 —-D—- C:Program FilesГоворилка
2009-03-10 20:59:26 —-D—- C:Documents and SettingsАдминистраторApplication DataSkype
2009-03-10 20:08:35 —-D—- C:Documents and SettingsАдминистраторApplication DataskypePM
2009-03-08 19:24:48 —-D—- C:Documents and SettingsАдминистраторApplication DataOpera
2009-03-04 22:34:32 —-SD—- C:WINDOWSTasks
2009-03-04 18:31:56 —-D—- C:Documents and SettingsАдминистраторApplication DataReal
2009-03-03 23:12:28 —-D—- C:Program FilesMyPlayCityRU
2009-03-03 19:35:02 —-D—- C:Program FilesOpera======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 appdrv01;Application Driver (01); C:WINDOWSSystem32Driversappdrv01.sys [2009-03-21 3110512]
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-03-16 213520]
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2004-05-05 4228]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2005-08-29 853258]
R3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2008-11-13 25280]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-05-10 4419584]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-01-15 6301248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-08-07 98944]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2007-10-15 30208]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2007-10-15 59392]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2007-10-15 17152]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
S3 aa0byfhc;aa0byfhc; C:WINDOWSsystem32driversaa0byfhc.sys []
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2005-08-29 428269]
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2005-08-29 30363]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2005-08-29 64344]
S3 DynCal;Dynamic Calibration Service; C:WINDOWSsystem32driversDyncal.sys [2007-11-07 12928]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 MSICPL;MSICPL; ??F:install4MSICPL.sys []
S3 NTACCESS;NTACCESS; ??F:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??F:NTGLM7X.sys []
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2004-08-18 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-03-16 206088]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2005-08-29 266295]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2009-01-15 163908]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-11-18 66872]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WINDOWSSystem32appdrvrem01.exe [2009-03-21 316816]
S2 SlimFTPd;SlimFTPd; T:usrlocalFTPSlimFTPd.exe [2006-07-15 74240]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-11-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
Присоединяюсь ко всем поздравлениям!) Уже лучше поздно, чем никогда. Желаю дальнейших успехов! Проект супер! 😉
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service agu8wfev .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\alls deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\avast! deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\Path deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Path deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\MSFox deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Ameba not found.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\14197584677636430179385521643027 not found.
========== FILES ==========
File/Folder C:Program FilesAntivirus 2009 not found.
File/Folder C:WINDOWSsystem32driversagu8wfev.sys not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~19335~1LOCALS~1Tempert52968.exe scheduled to be deleted on reboot.
File delete failed. C:DOCUME~19335~1LOCALS~1Temp~tmpb.exe scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 01232009_202955
Files moved on Reboot…
C:DOCUME~19335~1LOCALS~1Tempert52968.exe moved successfully.
C:DOCUME~19335~1LOCALS~1Temp~tmpb.exe moved successfully.
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat moved successfully.логи от RSIT
log.txt
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-01-23 20:37:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 41 GB (69%) free of 60 GB
Total RAM: 2047 MB (72% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:20, on 23.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSnotepad.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:program filesVolumeControlvolume.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesWebMoney Agentwmagent.exe
C:Program FilesMy Lockboxflockbox.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesPunto Switcherps.exe
C:Program FilesLClockLClock.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesA!K Research LabsOff-roadOffRoad.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
T:usrlocalprogramapachestart.exe
T:usrlocalApachebinApache.exe
T:usrlocalmysql5binmysqld-max-nt.exe
T:usrlocalFTPSlimFTPd.exe
T:usrlocalApachebinApache.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesOperaopera.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsАдминистраторРабочий столRSIT.exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = start.qip.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.kornet.ru/
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: IEVkbdBHO Class — {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: MailRuBHO Class — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: TBSB03223 Class — {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — C:Program FilesWebMoney Advisorwmadvisor.dll
O2 — BHO: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyPl.dll
O3 — Toolbar: DM Bar — {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — C:Program FilesDownload Masterdmbar.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O3 — Toolbar: MyPlayCityRU Toolbar — {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — C:Program FilesMyPlayCityRUtbMyPl.dll
O3 — Toolbar: Anonymous Friend — {A3884B05-8D20-483A-A2E3-C70A66E75C34} — C:Program FilesAnonymous FriendAnonymousFriend.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [VolumeControl] C:program filesVolumeControlvolume.exe
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [flockbox] C:Program FilesMy Lockboxflockbox.exe /a
O4 — HKLM..Run: [AVP] «C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [LClock] C:Program FilesLClockLClock.exe
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [A!K Mouse Off-road] C:Program FilesA!K Research LabsOff-roadOffRoad.exe
O4 — HKCU..Run: [Performance Center] C:Program FilesAscentivePerformance CenterApcMain.exe -m
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6ICQ.exe» silent
O4 — HKUSS-1-5-19..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_013] rebuild.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Startup: Create virtual drive for Denwer.lnk = C:DenwerdenwerBoot.exe
O4 — Startup: TopServer 2.1.lnk = C:WINDOWSsystem32topserver.bat
O4 — Startup: Tuning.lnk = ?
O4 — Global Startup: BTTray.lnk = ?
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Cтатистика защиты веб-трафика — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 — Extra button: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra ‘Tools’ menuitem: WebMoney Advisor — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — C:Program FilesWebMoney Advisorwmadvisor.dll
O9 — Extra button: Titan Poker — {49783ED4-258D-4f9f-BE11-137C18D3E543} — C:PokerTitan Pokercasino.exe
O9 — Extra ‘Tools’ menuitem: Titan Poker — {49783ED4-258D-4f9f-BE11-137C18D3E543} — C:PokerTitan Pokercasino.exe
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O17 — HKLMSystemCCSServicesTcpip..{9EF80E47-E2CB-4FB5-9EDD-4843CD427B8D}: NameServer = 172.27.137.10,172.27.137.20
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Kaspersky Internet Security (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SlimFTPd — Unknown owner — T:usrlocalFTPSlimFTPd.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 12254 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class — C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-07-29 62728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-24 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10}]
TBSB03223 Class — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}]
MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyPl.dll [2008-08-05 1610264][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU1.dll [2008-11-05 804336]
{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — WebMoney Advisor — C:Program FilesWebMoney Advisorwmadvisor.dll [2008-03-20 2469888]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-12-09 958200]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-10-02 665800]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736]
{dfbeb35b-444d-4f25-8d7d-eb2683c206ec} — MyPlayCityRU Toolbar — C:Program FilesMyPlayCityRUtbMyPl.dll [2008-08-05 1610264]
{A3884B05-8D20-483A-A2E3-C70A66E75C34} — Anonymous Friend — C:Program FilesAnonymous FriendAnonymousFriend.dll [2007-11-22 86016][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2007-07-13 8466432]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2007-07-13 81920]
«VolumeControl»=C:program filesVolumeControlvolume.exe [2003-09-15 36864]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-05-10 16342528]
«Alcmtr»=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-10-02 4417016]
«wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2008-10-01 209376]
«flockbox»=C:Program FilesMy Lockboxflockbox.exe [2007-12-14 1071472]
«AVP»=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2008-07-29 206088]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=C:Program FilesPunto Switcherps.exe [2007-01-25 201728]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2007-07-02 132608]
«LClock»=C:Program FilesLClockLClock.exe [2004-09-19 65536]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952]
«A!K Mouse Off-road»=C:Program FilesA!K Research LabsOff-roadOffRoad.exe [2008-04-02 620032]
«Performance Center»=C:Program FilesAscentivePerformance CenterApcMain.exe -m []
«ICQ»=C:Program FilesICQ6ICQ.exe [2008-09-01 173304][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregICQ]
C:Program FilesICQ6.5ICQ.exe silent [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Total Commander.lnk]
C:PROGRA~1TOTALC~1Totalcmd.exe [2008-10-04 1091768][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Администратор^Главное меню^Программы^Автозагрузка^hamachi.lnk]
C:PROGRA~1Hamachihamachi.exe [2008-11-13 625952]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
BTTray.lnk — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
Create virtual drive for Denwer.lnk — C:DenwerdenwerBoot.exe
TopServer 2.1.lnk — C:WINDOWSsystem32topserver.bat
Tuning.lnk — C:WINDOWSCacheUninstallffice.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-07-29 218376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesSmartFTP ClientSmartFTP.exe»=»C:Program FilesSmartFTP ClientSmartFTP.exe:*:Enabled:SmartFTP Client 3.0»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-01-23 20:29:55 —-D—- C:_OTMoveIt
2009-01-20 22:43:14 —-D—- C:rsit
2009-01-20 22:43:14 —-D—- C:Program Filestrend micro
2009-01-20 22:39:47 —-A—- C:WINDOWSsystem32CF11768.exe
2009-01-20 22:39:40 —-D—- C:32788R22FWJFW
2009-01-20 22:39:01 —-A—- C:WINDOWSsystem32CF11618.exe
2009-01-20 22:38:18 —-A—- C:WINDOWSsystem32CF11478.exe
2009-01-20 22:34:21 —-A—- C:WINDOWSsystem32CF10704.exe
2009-01-20 22:33:58 —-A—- C:WINDOWSsystem32CF10612.exe
2009-01-20 22:32:47 —-D—- C:WINDOWSERDNT
2009-01-20 22:32:47 —-D—- C:Qoobox
2009-01-20 22:32:46 —-D—- C:ComboFix
2009-01-20 22:32:42 —-A—- C:WINDOWSsystem32CF10338.exe
2009-01-20 22:32:42 —-A—- C:WINDOWSsystem32CF10335.exe
2009-01-20 22:32:27 —-A—- C:Bug.txt
2009-01-20 22:32:26 —-A—- C:WINDOWSsystem32cmd.execf
2009-01-20 21:32:45 —-D—- C:Documents and SettingsАдминистраторApplication DataMalwarebytes
2009-01-20 21:32:36 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-01-20 21:32:36 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-01-20 21:24:36 —-A—- C:avenger.txt
2009-01-20 21:13:36 —-D—- C:Avenger
2009-01-20 17:04:14 —-D—- C:Documents and SettingsАдминистраторApplication DataAmeba
2009-01-20 17:03:30 —-D—- C:Program FilesAmeba
2009-01-18 22:56:29 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-01-11 21:17:32 —-D—- C:Program FilesAddSite FREE
2009-01-11 11:41:27 —-D—- C:Program FilesFreePromote 2.1
2009-01-10 19:20:18 —-D—- C:Program FilesAddPromo
2009-01-09 12:31:12 —-A—- C:WINDOWShfs.new.exe
2009-01-03 13:56:36 —-D—- C:Program FilesMicrosoft Common
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32XAudio2_1.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32XAPOFX1_0.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32xactengine3_1.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32X3DAudio1_4.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32d3dx10_38.dll
2009-01-03 12:04:58 —-A—- C:WINDOWSsystem32D3DCompiler_38.dll
2009-01-03 12:04:57 —-A—- C:WINDOWSsystem32D3DX9_38.dll
2009-01-03 12:04:15 —-D—- C:WINDOWSLogs
2009-01-03 00:12:13 —-D—- C:Program FilesEarthView
2009-01-03 00:12:13 —-D—- C:Documents and SettingsАдминистраторApplication DataDeskSoft
2009-01-01 22:15:11 —-D—- C:Documents and SettingsАдминистраторApplication DataSmartFTP
2009-01-01 22:14:31 —-D—- C:Program FilesSmartFTP Client
2009-01-01 22:14:20 —-D—- C:Program FilesSmartFTP Client 3.0 Setup Files
2009-01-01 02:49:20 —-D—- C:WINDOWSvf_hip
2009-01-01 02:49:19 —-D—- C:Program FilesHide IP Platinum
2009-01-01 00:28:24 —-A—- C:WINDOWSavisplitter.INI
2008-12-31 21:14:37 —-D—- C:Program FilesDreamRender
2008-12-30 20:52:11 —-D—- C:Inf1188
2008-12-29 19:37:45 —-D—- C:WINDOWSpss
2008-12-28 23:40:40 —-D—- C:Program FilesTopServer 2.1
2008-12-28 22:51:25 —-D—- C:Denwer
2008-12-28 19:39:03 —-D—- C:Program FilesMySQL
2008-12-28 19:32:37 —-D—- C:Program FilesApache Group
2008-12-27 21:28:21 —-D—- C:Program FilesICQ6.5
2008-12-25 12:17:50 —-D—- C:Program FilesXvid
2008-12-25 11:42:32 —-D—- C:Fraps======List of files/folders modified in the last 1 months======
2009-01-23 20:37:01 —-D—- C:WINDOWSTemp
2009-01-23 20:36:38 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-01-23 20:34:43 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-23 20:19:04 —-A—- C:WINDOWSNeroDigital.ini
2009-01-23 14:32:27 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-01-23 14:32:10 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2009-01-23 14:15:12 —-D—- C:Documents and SettingsАдминистраторApplication DataWebMoney
2009-01-22 21:45:21 —-RD—- C:Program Files
2009-01-22 17:57:03 —-D—- C:Program FilesMozilla Firefox
2009-01-22 16:06:51 —-D—- C:Program FilesQIP Infium
2009-01-22 15:38:21 —-D—- C:WINDOWS
2009-01-22 15:36:13 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-21 21:12:53 —-D—- C:Program FilesHfs
2009-01-20 22:39:47 —-D—- C:WINDOWSsystem32
2009-01-20 22:33:58 —-D—- C:WINDOWSsystem32drivers
2009-01-20 22:16:34 —-D—- C:WINDOWSMinidump
2009-01-20 21:10:40 —-D—- C:Documents and SettingsАдминистраторApplication DataHamachi
2009-01-20 21:02:24 —-D—- C:WINDOWSPrefetch
2009-01-20 21:01:05 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2009-01-19 21:25:20 —-D—- C:Program FilesICQ6
2009-01-19 17:54:17 —-D—- C:Documents and SettingsАдминистраторApplication DataICQ
2009-01-18 22:56:29 —-D—- C:Program FilesCommon Files
2009-01-18 20:07:46 —-D—- C:Documents and SettingsАдминистраторApplication DataTor
2009-01-17 17:15:33 —-D—- C:Documents and SettingsАдминистраторApplication DataYandex
2009-01-14 18:13:54 —-D—- C:Documents and SettingsАдминистраторApplication DataSkype
2009-01-14 17:53:12 —-D—- C:Documents and SettingsАдминистраторApplication DataskypePM
2009-01-14 17:31:16 —-RSD—- C:WINDOWSFonts
2009-01-09 12:38:51 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-01-09 11:40:06 —-SH—- C:boot.ini
2009-01-09 11:40:06 —-A—- C:WINDOWSwin.ini
2009-01-09 11:40:06 —-A—- C:WINDOWSsystem.ini
2009-01-06 22:46:34 —-D—- C:Program FilesTotal Commander
2009-01-03 12:12:14 —-SHD—- C:WINDOWSInstaller
2009-01-03 12:04:59 —-HD—- C:WINDOWSinf
2009-01-03 12:04:59 —-D—- C:WINDOWSsystem32DirectX
2009-01-03 12:04:51 —-RSD—- C:WINDOWSassembly
2009-01-01 01:44:19 —-A—- C:WINDOWSsystem32PnkBstrB.exe
2008-12-30 16:22:26 —-D—- C:Program FilesFieryAds
2008-12-28 09:56:51 —-D—- C:Program FilesICQ6Toolbar
2008-12-27 21:29:38 —-D—- C:Documents and SettingsAll UsersApplication DataICQ
2008-12-26 20:37:23 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2008-12-26 10:28:29 —-D—- C:Poker======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2008-11-03 213008]
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2004-05-05 4228]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 BTKRNL;Нумератор шины Bluetooth; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2005-08-29 853258]
R3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2008-11-13 25280]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-05-10 4419584]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2007-07-13 6807744]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-08-07 98944]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2007-10-15 30208]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:WINDOWSsystem32DRIVERSusbhub.sys [2007-10-15 59392]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2007-10-15 17152]
R3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
S3 a499cg5k;a499cg5k; C:WINDOWSsystem32driversa499cg5k.sys []
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys [2005-08-29 428269]
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2005-08-29 30363]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2005-08-29 64344]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 MSICPL;MSICPL; ??F:install4MSICPL.sys []
S3 NTACCESS;NTACCESS; ??F:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??F:NTGLM7X.sys []
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2008-07-29 206088]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2005-08-29 266295]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-10-19 222456]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2007-07-13 155716]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-11-18 66872]
S2 SlimFTPd;SlimFTPd; T:usrlocalFTPSlimFTPd.exe [2006-07-15 74240]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-11-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
EOF
