Созданные ответы форума
-
Сообщения
-
И снова здравствуйте, Valeri !!! 😀 На этот раз дочка поймала тоже самое, только у нее не девушки по рабочему столу ходят, а кролики, коты и т.д. Все остальное аналог( загрузка сразу, иконка в трее, возможность закрыть программу, но не удалить ). Программа себя называет vpets.ru… Помогите пожалуйста… 😕
Еще раз ОГРОМНОЕ СПАСИБО!!! 🙄 😀 Всё сделала, надеюсь, что больше никуда не вляпаюсь! Желаю удачи!!!
УУУУУУУРРРРААААААААААА!!! Все сделала, комп перегрузился, стрёмная программа с тётками исчезла!!! 😀 😀 😀 СПАСИБО ОГРОМНОЕ!!! 😀 :roll:[attachment=1:28ax8acj]11062010_213217.log[/attachment:28ax8acj][attachment=0:28ax8acj]log.txt[/attachment:28ax8acj]
Если это поможет программа себя обозвала pchd Загружается сразу вместе с анивирусом, интернетом и т.д. Выглядит как красный квадрат с белой буквой Е внутри и располагается снизу справа на рабочем столе. Из нее, слава Богу, можно выйти нажав ВЫХОД. Но вот как удалить не понятно… её нигде нет на дисках… Заранее спасибо! 🙂 Татьяна.
RSIT info:
info.txt logfile of random’s system information tool 1.06 2009-06-15 11:09:42
======Uninstall list======
—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
7-Zip 4.65—>»C:Program Files7-ZipUninstall.exe»
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 9.1.2 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A91000000001}
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
Download Master version 5.5.6.1139—>»C:Program FilesDownload Masterunins000.exe»
FastStone Image Viewer 3.2—>C:Program FilesFastStone Image Vieweruninst.exe
FIFA 09—>MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
J2SE Runtime Environment 5.0 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 13—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Mega Codec Pack 4.7.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
Microsoft .NET Framework 1.1 Hotfix (KB928366)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp»
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Basic 2007—>MsiExec.exe /X{91120000-0013-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Базовый 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall BASICR /dll OSETUP.DLL
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Nero Suite—>C:Program FilesCommon FilesNeroUninstallSetupx.exe /uninstall ExtraUninstallID=»»
NevoSoft Adventure Chronicles (remove only)—>»E:Adventure Chroniclesuninstall.exe»
NevoSoft Alchemists Apprentice (remove only)—>»E:Alchemists Apprenticeuninstall.exe»
NevoSoft Coyotes Tale (remove only)—>»E:Coyotes Taleuninstall.exe»
NevoSoft Hidden Object Show (remove only)—>»E:Hidden Object Showuninstall.exe»
NevoSoft Treasure Seekers 2 (remove only)—>»E:Treasure Seekers 2uninstall.exe»
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}setup.exe -runfromtemp -l0x0019 -removeonly
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)—>msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)—>msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB956358)—>msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Outlook 2007 (KB946983)—>msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Update for 2007 Microsoft Office System (KB967642)—>msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Office 2007 (KB934391)—>msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Outlook 2007 Junk Email Filter (kb970012)—>msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Домашний терминал заказа—>E:InstallMicroUtkonosuninstall.exe
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 8 (KB969897)—>»C:WINDOWSie8updatesKB969897-IE8spuninstspuninst.exe»
Обновление безопасности для Windows XP — (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923789)—>C:WINDOWSsystem32MacroMedFlashgenuinst.exe C:WINDOWSsystem32MacroMedFlashKB923789.inf
Обновление безопасности для Windows XP (KB938464-v2)—>»C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961373)—>»C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB963027)—>»C:WINDOWS$NtUninstallKB963027$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB969898)—>»C:WINDOWS$NtUninstallKB969898$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление для Windows Internet Explorer 8 (KB969497)—>»C:WINDOWSie8updatesKB969497-IE8spuninstspuninst.exe»
Обновление для Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Обновление для Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090614-0]
======System event log======
Computer Name: 02D7623668974E8
Event Code: 18
Message: Все готово к установке: следующие обновления загружены и готовы к установке. Установка обновлений будет выполнена по расписанию 17 мая 2009 г. в 3:00:
— Обновление для системы безопасности Windows XP (KB923561)
— Накопительное обновление для системы безопасности браузера Internet Explorer 6 для ОС Windows XP (KB963027)
— Обновление системы безопасности для проигрывателя Flash (KB923789)
— Обновление для системы безопасности Windows XP (KB956802)
— Обновление системы безопасности для Windows XP (KB955069)
— Обновление системы безопасности для ОС Windows XP (KB958644)
— Обновление для системы безопасности Windows XP (KB954600)
— Обновление для системы безопасности Windows XP (KB960803)
— Обновление системы безопасности для ОС Windows XP (KB951748)
— Обновление для системы безопасности Windows XP (KB958690)
— Обновление системы безопасности Outlook Express для ОС Windows XP (KB951066)
— Обновление системы безопасности для ActiveX Killbits для ОС Windows XP (KB950760)
— Обновление для Windows XP (KB967715)
— Обновление для ОС Windows XP (KB952287)
— Обновление для системы безопасности Windows XP (KB958687)
— Накопительный пакет обновлеRecord Number: 212
Source Name: Windows Update Agent
Time Written: 20090516181403.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 18
Message: Все готово к установке: следующие обновления загружены и готовы к установке. Установка обновлений будет выполнена по расписанию 17 мая 2009 г. в 3:00:
— Обновление для системы безопасности Windows XP (KB923561)
— Накопительное обновление для системы безопасности браузера Internet Explorer 6 для ОС Windows XP (KB963027)
— Обновление системы безопасности для проигрывателя Flash (KB923789)
— Обновление для системы безопасности Windows XP (KB956802)
— Обновление системы безопасности для Windows XP (KB955069)
— Обновление системы безопасности для ОС Windows XP (KB958644)
— Обновление для системы безопасности Windows XP (KB954600)
— Обновление для системы безопасности Windows XP (KB960803)
— Обновление системы безопасности для ОС Windows XP (KB951748)
— Обновление для системы безопасности Windows XP (KB958690)
— Обновление системы безопасности Outlook Express для ОС Windows XP (KB951066)
— Обновление системы безопасности для ActiveX Killbits для ОС Windows XP (KB950760)
— Обновление для Windows XP (KB967715)
— Обновление для ОС Windows XP (KB952287)
— Обновление для системы безопасности Windows XP (KB958687)
— Накопительный пакет обновлеRecord Number: 211
Source Name: Windows Update Agent
Time Written: 20090516181403.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 18
Message: Все готово к установке: следующие обновления загружены и готовы к установке. Установка обновлений будет выполнена по расписанию 17 мая 2009 г. в 3:00:
— Обновление для системы безопасности Windows XP (KB923561)
— Накопительное обновление для системы безопасности браузера Internet Explorer 6 для ОС Windows XP (KB963027)
— Обновление системы безопасности для проигрывателя Flash (KB923789)
— Обновление для системы безопасности Windows XP (KB956802)
— Обновление системы безопасности для Windows XP (KB955069)
— Обновление системы безопасности для ОС Windows XP (KB958644)
— Обновление для системы безопасности Windows XP (KB954600)
— Обновление для системы безопасности Windows XP (KB960803)
— Обновление системы безопасности для ОС Windows XP (KB951748)
— Обновление для системы безопасности Windows XP (KB958690)
— Обновление системы безопасности Outlook Express для ОС Windows XP (KB951066)
— Обновление системы безопасности для ActiveX Killbits для ОС Windows XP (KB950760)
— Обновление для Windows XP (KB967715)
— Обновление для ОС Windows XP (KB952287)
— Обновление для системы безопасности Windows XP (KB958687)
— Накопительный пакет обновлеRecord Number: 210
Source Name: Windows Update Agent
Time Written: 20090516181403.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 18
Message: Все готово к установке: следующие обновления загружены и готовы к установке. Установка обновлений будет выполнена по расписанию 17 мая 2009 г. в 3:00:
— Обновление для системы безопасности Windows XP (KB923561)
— Накопительное обновление для системы безопасности браузера Internet Explorer 6 для ОС Windows XP (KB963027)
— Обновление системы безопасности для проигрывателя Flash (KB923789)
— Обновление для системы безопасности Windows XP (KB956802)
— Обновление системы безопасности для Windows XP (KB955069)
— Обновление системы безопасности для ОС Windows XP (KB958644)
— Обновление для системы безопасности Windows XP (KB954600)
— Обновление для системы безопасности Windows XP (KB960803)
— Обновление системы безопасности для ОС Windows XP (KB951748)
— Обновление для системы безопасности Windows XP (KB958690)
— Обновление системы безопасности Outlook Express для ОС Windows XP (KB951066)
— Обновление системы безопасности для ActiveX Killbits для ОС Windows XP (KB950760)
— Обновление для Windows XP (KB967715)
— Обновление для ОС Windows XP (KB952287)
— Обновление для системы безопасности Windows XP (KB958687)
— Накопительный пакет обновлеRecord Number: 209
Source Name: Windows Update Agent
Time Written: 20090516181403.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 18
Message: Все готово к установке: следующие обновления загружены и готовы к установке. Установка обновлений будет выполнена по расписанию 17 мая 2009 г. в 3:00:
— Обновление для системы безопасности Windows XP (KB923561)
— Накопительное обновление для системы безопасности браузера Internet Explorer 6 для ОС Windows XP (KB963027)
— Обновление системы безопасности для проигрывателя Flash (KB923789)
— Обновление для системы безопасности Windows XP (KB956802)
— Обновление системы безопасности для Windows XP (KB955069)
— Обновление системы безопасности для ОС Windows XP (KB958644)
— Обновление для системы безопасности Windows XP (KB954600)
— Обновление для системы безопасности Windows XP (KB960803)
— Обновление системы безопасности для ОС Windows XP (KB951748)
— Обновление для системы безопасности Windows XP (KB958690)
— Обновление системы безопасности Outlook Express для ОС Windows XP (KB951066)
— Обновление системы безопасности для ActiveX Killbits для ОС Windows XP (KB950760)
— Обновление для Windows XP (KB967715)
— Обновление для ОС Windows XP (KB952287)
— Обновление для системы безопасности Windows XP (KB958687)
— Накопительный пакет обновлеRecord Number: 208
Source Name: Windows Update Agent
Time Written: 20090516181403.000000+240
Event Type: информация
User:=====Application event log=====
Computer Name: 02D7623668974E8
Event Code: 1000
Message: Счетчики производительности для службы ContentIndex (ContentIndex) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20090516161815.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20090516161814.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20090516161724.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20090516161659.000000+240
Event Type: информация
User:Computer Name: 02D7623668974E8
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20090516161658.000000+240
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 13, GenuineIntel
«PROCESSOR_REVISION»=0f0d
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
RSIT log:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Таня at 2009-06-15 11:09:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 56 GB (80%) free of 70 GB
Total RAM: 2047 MB (76% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:39, on 15.06.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSRTHDCPL.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesWinampwinampa.exe
C:WINDOWSsystem32ctfmon.exe
C:Игры от NevoSoftNevoDRMrun.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32NOTEPAD.EXE
C:Documents and SettingsТаняРабочий столRSIT.exe
C:Program Filestrend microТаня.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: QIPBHO Class — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsТаняApplication DataMicrosoftInternet Explorerqipsearchbar.dll
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: QIPBHO — {95289393-33EA-4F8D-B952-483415B9C955} — C:Documents and SettingsТаняApplication DataMicrosoftInternet Explorerqipsearchbar.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [SkyTel] SkyTel.EXE
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [NevoDRM] «C:Игры от NevoSoftNevoDRMNevoDRM.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: FIFA 09 — регистрация.lnk = C:Program FilesEA SportsFIFA 09SupportEAregister.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242481240468
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242481331250
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7695 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class — C:Documents and SettingsТаняApplication DataMicrosoftInternet Explorerqipsearchbar.dll [2009-02-12 119808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-05-31 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-05-31 73728][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-05-31 148888]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2007-10-16 16855552]
«SkyTel»=C:WINDOWSSkyTel.EXE [2007-10-11 1826816]
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2009-03-09 37888]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«NevoDRM»=C:Игры от NevoSoftNevoDRMNevoDRM.exe [2008-12-11 41984][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]C:Documents and SettingsТаняГлавное менюПрограммыАвтозагрузка
FIFA 09 — регистрация.lnk — C:Program FilesEA SportsFIFA 09SupportEAregister.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-06-03 139264][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«E:InstallMicroUtkonosUtkonos.exe»=»E:InstallMicroUtkonosUtkonos.exe:*:Enabled:Домашний терминал заказа»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-06-15 11:09:32 —-D—- C:rsit
2009-06-12 22:35:17 —-D—- C:Documents and SettingsAll UsersApplication DataGogii
2009-06-10 21:30:33 —-HDC—- C:WINDOWS$NtUninstallKB961501$
2009-06-10 21:30:30 —-HDC—- C:WINDOWS$NtUninstallKB969898$
2009-06-10 21:29:39 —-HDC—- C:WINDOWS$NtUninstallKB970238$
2009-06-10 21:29:33 —-HDC—- C:WINDOWS$NtUninstallKB968537$
2009-06-08 18:59:33 —-D—- C:Documents and SettingsТаняApplication DataCoyotes Tale
2009-06-08 16:37:42 —-D—- C:Documents and SettingsAll UsersApplication DataQuickClick
2009-06-08 16:37:42 —-D—- C:Documents and SettingsAll UsersApplication DataProduct
2009-06-04 14:37:16 —-D—- C:WINDOWSMinidump
2009-06-02 00:15:20 —-D—- C:Documents and SettingsТаняApplication DataArtogon
2009-05-31 19:09:56 —-D—- C:Documents and SettingsAll UsersApplication DataAdventureChronicles1
2009-05-31 19:09:30 —-D—- C:Игры от NevoSoft
2009-05-31 15:32:21 —-A—- C:WINDOWSsystem32deploytk.dll
2009-05-31 15:23:11 —-D—- C:WINDOWSSun
2009-05-31 15:23:11 —-D—- C:Documents and SettingsТаняApplication DataSun
2009-05-19 17:33:49 —-D—- C:Documents and SettingsТаняApplication DataMacromedia
2009-05-19 17:33:49 —-D—- C:Documents and SettingsТаняApplication DataAdobe
2009-05-19 17:11:00 —-SHD—- C:RECYCLER
2009-05-18 15:29:38 —-D—- C:WINDOWSERDNT
2009-05-17 00:46:17 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2009-05-17 00:11:56 —-RHD—- C:Documents and SettingsТаняApplication DataSecuROM
2009-05-17 00:11:55 —-A—- C:WINDOWSsystem32CmdLineExt.dll
2009-05-16 23:07:02 —-D—- C:Documents and SettingsТаняApplication DataLeadertech
2009-05-16 22:48:36 —-D—- C:Program FilesEA Sports
2009-05-16 22:48:35 —-A—- C:WINDOWSsystem32D3DX9_37.dll
2009-05-16 22:48:34 —-A—- C:WINDOWSsystem32d3dx9_35.dll
2009-05-16 22:48:33 —-A—- C:WINDOWSsystem32d3dx9_34.dll
2009-05-16 22:48:32 —-A—- C:WINDOWSsystem32xinput1_3.dll
2009-05-16 22:48:30 —-A—- C:WINDOWSsystem32d3dx9_33.dll
2009-05-16 22:48:30 —-A—- C:WINDOWSsystem32d3dx9_32.dll
2009-05-16 22:48:30 —-A—- C:WINDOWSsystem32d3dx9_31.dll
2009-05-16 22:48:25 —-A—- C:WINDOWSsystem32d3dx9_30.dll
2009-05-16 22:48:25 —-A—- C:WINDOWSsystem32d3dx9_29.dll
2009-05-16 22:48:25 —-A—- C:WINDOWSsystem32d3dx9_28.dll
2009-05-16 22:48:24 —-A—- C:WINDOWSsystem32xinput9_1_0.dll
2009-05-16 22:48:24 —-A—- C:WINDOWSsystem32d3dx9_27.dll
2009-05-16 22:48:24 —-A—- C:WINDOWSsystem32d3dx9_26.dll
2009-05-16 22:48:23 —-A—- C:WINDOWSsystem32d3dx9_25.dll
2009-05-16 22:48:23 —-A—- C:WINDOWSsystem32d3dx9_24.dll
2009-05-16 21:59:05 —-D—- C:Program Filestrend micro
2009-05-16 21:09:49 —-D—- C:Documents and SettingsТаняApplication DataQIP.Online
2009-05-16 20:30:18 —-D—- C:Documents and SettingsТаняApplication DataFastStone
2009-05-16 20:30:14 —-D—- C:Program FilesFastStone Image Viewer
2009-05-16 20:27:42 —-D—- C:Downloads
2009-05-16 20:27:26 —-D—- C:Documents and SettingsТаняApplication DataDownload Master
2009-05-16 20:26:39 —-D—- C:Program FilesDownload Master
2009-05-16 20:16:42 —-A—- C:WINDOWSsystem32h323log.txt
2009-05-16 20:13:50 —-A—- C:WINDOWSsystem32usbui.dll
2009-05-16 20:13:45 —-D—- C:Documents and SettingsТаняApplication DataArtweaver
2009-05-16 20:13:11 —-A—- C:WINDOWSimsins.BAK
2009-05-16 20:13:09 —-SHD—- C:WINDOWSInstaller
2009-05-16 20:13:09 —-D—- C:Program FilesCommon FilesODBC
2009-05-16 20:13:09 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-05-16 20:13:09 —-A—- C:WINDOWSODBCINST.INI
2009-05-16 20:13:06 —-RD—- C:Program Files
2009-05-16 20:13:06 —-D—- C:Program FilesCommon FilesSpeechEngines
2009-05-16 20:13:06 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-05-16 20:13:06 —-D—- C:Program FilesCommon Files
2009-05-16 20:13:03 —-RA—- C:WINDOWSsystem32kbdtuq.dll
2009-05-16 20:13:03 —-RA—- C:WINDOWSsystem32kbdtuf.dll
2009-05-16 20:13:03 —-RA—- C:WINDOWSsystem32kbdazel.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdhept.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdhela3.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdhela2.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdhe319.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdhe220.dll
2009-05-16 20:13:02 —-RA—- C:WINDOWSsystem32kbdgkl.dll
2009-05-16 20:13:01 —-RA—- C:WINDOWSsystem32kbdhe.dll
2009-05-16 20:13:00 —-RA—- C:WINDOWSsystem32kbdlv1.dll
2009-05-16 20:13:00 —-RA—- C:WINDOWSsystem32kbdlv.dll
2009-05-16 20:13:00 —-RA—- C:WINDOWSsystem32kbdlt1.dll
2009-05-16 20:13:00 —-RA—- C:WINDOWSsystem32kbdlt.dll
2009-05-16 20:13:00 —-RA—- C:WINDOWSsystem32kbdest.dll
2009-05-16 20:12:59 —-RA—- C:WINDOWSsystem32kbdsl1.dll
2009-05-16 20:12:59 —-RA—- C:WINDOWSsystem32kbdsl.dll
2009-05-16 20:12:59 —-RA—- C:WINDOWSsystem32kbdro.dll
2009-05-16 20:12:59 —-RA—- C:WINDOWSsystem32kbdpl1.dll
2009-05-16 20:12:59 —-RA—- C:WINDOWSsystem32kbdpl.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdycl.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdhu1.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdhu.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdcz2.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdcz1.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdcz.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32kbdcr.dll
2009-05-16 20:12:58 —-RA—- C:WINDOWSsystem32KBDAL.DLL
2009-05-16 20:12:56 —-A—- C:WINDOWSsystem32kbdmon.dll
2009-05-16 20:12:56 —-A—- C:WINDOWSsystem32kbdkyr.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdycc.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbduzb.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdur.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdtat.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdkaz.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdbu.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdblr.dll
2009-05-16 20:12:55 —-A—- C:WINDOWSsystem32kbdaze.dll
2009-05-16 20:12:54 —-A—- C:WINDOWSsystem32spxcoins.dll
2009-05-16 20:12:54 —-A—- C:WINDOWSsystem32irclass.dll
2009-05-16 20:12:54 —-A—- C:WINDOWSsystem32EqnClass.Dll
2009-05-16 20:12:54 —-A—- C:WINDOWSsystem32dgsetup.dll
2009-05-16 20:12:54 —-A—- C:WINDOWSsystem32dgrpsetu.dll
2009-05-16 20:12:52 —-N—- C:WINDOWSsystem32CONFIG.TMP
2009-05-16 20:12:52 —-A—- C:WINDOWSTASKMAN.EXE
2009-05-16 20:12:51 —-A—- C:WINDOWSsystem32batt.dll
2009-05-16 20:12:49 —-A—- C:WINDOWSnotepad.exe
2009-05-16 20:12:48 —-A—- C:WINDOWSsystem32storprop.dll
2009-05-16 20:12:41 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET3D.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET3C.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET3B.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET3A.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET39.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET38.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET37.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET36.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET35.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET34.tmp
2009-05-16 20:11:30 —-RA—- C:WINDOWSSET33.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET32.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET31.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET30.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2F.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2E.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2D.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2C.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2B.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET2A.tmp
2009-05-16 20:11:29 —-RA—- C:WINDOWSSET29.tmp
2009-05-16 20:11:28 —-RA—- C:WINDOWSSET28.tmp
2009-05-16 20:11:28 —-RA—- C:WINDOWSSET27.tmp
2009-05-16 20:11:28 —-RA—- C:WINDOWSSET26.tmp
2009-05-16 20:11:28 —-RA—- C:WINDOWSSET25.tmp
2009-05-16 20:11:27 —-RA—- C:WINDOWSSET24.tmp
2009-05-16 20:11:26 —-RA—- C:WINDOWSSET23.tmp
2009-05-16 20:11:25 —-RA—- C:WINDOWSSET22.tmp
2009-05-16 20:11:25 —-RA—- C:WINDOWSSET21.tmp
2009-05-16 20:10:54 —-RA—- C:WINDOWSSET8.tmp
2009-05-16 20:10:52 —-RA—- C:WINDOWSSET4.tmp
2009-05-16 20:10:51 —-RA—- C:WINDOWSSET3.tmp
2009-05-16 20:10:47 —-D—- C:WINDOWSsystem32CatRoot2
2009-05-16 20:10:47 —-D—- C:WINDOWSsystem32CatRoot
2009-05-16 20:10:42 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-05-16 20:10:23 —-A—- C:WINDOWSsetuplog.txt
2009-05-16 20:10:21 —-D—- C:Documents and Settings
2009-05-16 20:10:20 —-SHD—- C:System Volume Information
2009-05-16 20:09:21 —-SH—- C:boot.ini
2009-05-16 20:04:30 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-05-16 20:04:30 —-RSD—- C:WINDOWSFonts
2009-05-16 20:04:30 —-RD—- C:WINDOWSWeb
2009-05-16 20:04:30 —-HD—- C:WINDOWSinf
2009-05-16 20:04:30 —-D—- C:WINDOWSWinSxS
2009-05-16 20:04:30 —-D—- C:WINDOWStwain_32
2009-05-16 20:04:30 —-D—- C:WINDOWSTemp
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32wins
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32wbem
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32usmt
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32spool
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32ShellExt
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32Setup
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32ras
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32oobe
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32npp
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32mui
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32inetsrv
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32IME
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32icsxml
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32ias
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32export
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32drivers
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32dhcp
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32config
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem323com_dmi
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem323076
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem322052
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321054
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321049
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321042
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321041
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321037
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321033
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321031
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321028
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem321025
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem32
2009-05-16 20:04:30 —-D—- C:WINDOWSsystem
2009-05-16 20:04:30 —-D—- C:WINDOWSsecurity
2009-05-16 20:04:30 —-D—- C:WINDOWSResources
2009-05-16 20:04:30 —-D—- C:WINDOWSrepair
2009-05-16 20:04:30 —-D—- C:WINDOWSProvisioning
2009-05-16 20:04:30 —-D—- C:WINDOWSPeerNet
2009-05-16 20:04:30 —-D—- C:WINDOWSpchealth
2009-05-16 20:04:30 —-D—- C:WINDOWSmui
2009-05-16 20:04:30 —-D—- C:WINDOWSmsapps
2009-05-16 20:04:30 —-D—- C:WINDOWSmsagent
2009-05-16 20:04:30 —-D—- C:WINDOWSMedia
2009-05-16 20:04:30 —-D—- C:WINDOWSjava
2009-05-16 20:04:30 —-D—- C:WINDOWSime
2009-05-16 20:04:30 —-D—- C:WINDOWSHelp
2009-05-16 20:04:30 —-D—- C:WINDOWSDriver Cache
2009-05-16 20:04:30 —-D—- C:WINDOWSDebug
2009-05-16 20:04:30 —-D—- C:WINDOWSCursors
2009-05-16 20:04:30 —-D—- C:WINDOWSConnection Wizard
2009-05-16 20:04:30 —-D—- C:WINDOWSConfig
2009-05-16 20:04:30 —-D—- C:WINDOWSAppPatch
2009-05-16 20:04:30 —-D—- C:WINDOWSaddins
2009-05-16 20:04:30 —-D—- C:WINDOWS
2009-05-16 19:50:38 —-A—- C:WINDOWSsystem32rmoc3260.dll
2009-05-16 19:50:38 —-A—- C:WINDOWSsystem32pndx5032.dll
2009-05-16 19:50:38 —-A—- C:WINDOWSsystem32pndx5016.dll
2009-05-16 19:50:38 —-A—- C:WINDOWSsystem32pncrt.dll
2009-05-16 19:50:37 —-A—- C:WINDOWSsystem32unrar.dll
2009-05-16 19:50:34 —-A—- C:WINDOWSsystem32yv12vfw.dll
2009-05-16 19:50:34 —-A—- C:WINDOWSsystem32xvidvfw.dll
2009-05-16 19:50:34 —-A—- C:WINDOWSsystem32xvidcore.dll
2009-05-16 19:50:33 —-A—- C:WINDOWSsystem32qt-dx331.dll
2009-05-16 19:50:33 —-A—- C:WINDOWSsystem32dpl100.dll
2009-05-16 19:50:32 —-A—- C:WINDOWSsystem32divx.dll
2009-05-16 19:50:31 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2009-05-16 19:50:31 —-A—- C:WINDOWSsystem32ff_vfw.dll
2009-05-16 19:50:29 —-A—- C:WINDOWSsystem32pthreadGC2.dll
2009-05-16 19:50:28 —-D—- C:Program FilesK-Lite Codec Pack
2009-05-16 19:50:28 —-D—- C:Documents and SettingsТаняApplication DataReal
2009-05-16 19:50:28 —-D—- C:Documents and SettingsAll UsersApplication DataReal
2009-05-16 19:49:23 —-D—- C:Program Filescodek
2009-05-16 19:41:15 —-D—- C:Program Files7-Zip
2009-05-16 19:36:16 —-D—- C:WINDOWSRegisteredPackages
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32vxblock.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxwave.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxsfs.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxmas.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxinsa64.exe
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxhpinst.exe
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxdrv.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxcpya64.exe
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32pxafs.dll
2009-05-16 19:35:36 —-N—- C:WINDOWSsystem32px.dll
2009-05-16 19:35:33 —-D—- C:Program FilesWinamp
2009-05-16 19:35:33 —-D—- C:Documents and SettingsТаняApplication DataWinamp
2009-05-16 19:33:36 —-D—- C:Documents and SettingsТаняApplication DataQIP
2009-05-16 19:33:16 —-D—- C:Program FilesQIP Infium
2009-05-16 19:32:17 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-05-16 19:32:10 —-D—- C:Program FilesAdobe
2009-05-16 19:24:02 —-A—- C:WINDOWSsystem32NeroCheck.exe
2009-05-16 19:23:43 —-D—- C:Program FilesCommon FilesNero
2009-05-16 19:23:06 —-N—- C:WINDOWSUNNeroVision.exe
2009-05-16 19:23:05 —-N—- C:WINDOWSsystem32msxml3a.dll
2009-05-16 19:22:36 —-N—- C:WINDOWSsystem32TwnLib4.dll
2009-05-16 19:22:36 —-D—- C:Documents and SettingsAll UsersApplication DataAhead
2009-05-16 19:22:35 —-N—- C:WINDOWSsystem32ImagXRA7.dll
2009-05-16 19:22:35 —-N—- C:WINDOWSsystem32ImagXR7.dll
2009-05-16 19:22:35 —-N—- C:WINDOWSsystem32ImagXpr7.dll
2009-05-16 19:22:35 —-N—- C:WINDOWSsystem32ImagX7.dll
2009-05-16 19:22:34 —-N—- C:WINDOWSsystem32picn20.dll
2009-05-16 19:22:34 —-A—- C:WINDOWSsystem32TwnLib20.dll
2009-05-16 19:22:28 —-D—- C:Program FilesCommon FilesAhead
2009-05-16 19:22:26 —-D—- C:Program FilesAhead
2009-05-16 19:18:43 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-05-16 19:18:43 —-A—- C:WINDOWSsystem32mucltui.dll
2009-05-16 19:15:35 —-D—- C:Program FilesMicrosoft Works
2009-05-16 19:15:24 —-D—- C:Program FilesMicrosoft Visual Studio
2009-05-16 19:15:24 —-D—- C:Program FilesCommon FilesDESIGNER
2009-05-16 19:15:10 —-D—- C:Program FilesMicrosoft.NET
2009-05-16 19:13:53 —-D—- C:WINDOWSSHELLNEW
2009-05-16 19:13:40 —-D—- C:Program FilesMicrosoft Office
2009-05-16 19:13:40 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-05-16 19:13:22 —-RHD—- C:MSOCache
2009-05-16 19:08:34 —-A—- C:Program FilesUninstall Spy Blocker.dll
2009-05-16 19:00:39 —-AD—- C:Program FilesZoneAlarmSB
2009-05-16 18:59:45 —-D—- C:Documents and SettingsAll UsersApplication DataMailFrontier
2009-05-16 18:59:36 —-A—- C:WINDOWSsystem32SpOrder.dll
2009-05-16 18:59:18 —-D—- C:WINDOWSsystem32ZoneLabs
2009-05-16 18:58:02 —-D—- C:WINDOWSInternet Logs
2009-05-16 18:54:06 —-D—- C:WINDOWSie8updates
2009-05-16 18:53:58 —-D—- C:WINDOWSWBEM
2009-05-16 18:53:13 —-HDC—- C:WINDOWSie8
2009-05-16 18:52:48 —-A—- C:WINDOWSsystem32MRT.exe
2009-05-16 18:52:09 —-HDC—- C:WINDOWS$NtUninstallKB963027$
2009-05-16 18:52:05 —-HDC—- C:WINDOWS$NtUninstallKB959426$
2009-05-16 18:52:02 —-HDC—- C:WINDOWS$NtUninstallKB960803$
2009-05-16 18:51:57 —-HDC—- C:WINDOWS$NtUninstallKB952004$
2009-05-16 18:51:48 —-HDC—- C:WINDOWS$NtUninstallKB956572$
2009-05-16 18:51:44 —-HDC—- C:WINDOWS$NtUninstallKB961373$
2009-05-16 18:51:40 —-HDC—- C:WINDOWS$NtUninstallKB923561$
2009-05-16 18:51:35 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-05-16 18:51:32 —-HDC—- C:WINDOWS$NtUninstallKB958690$
2009-05-16 18:51:30 —-HDC—- C:WINDOWS$NtUninstallKB938464-v2$
2009-05-16 18:51:26 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-05-16 18:51:23 —-HDC—- C:WINDOWS$NtUninstallKB960715$
2009-05-16 18:51:20 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-05-16 18:51:17 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-05-16 18:51:13 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-05-16 18:51:10 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2009-05-16 18:51:07 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-05-16 18:51:03 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-05-16 18:51:00 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-05-16 18:50:56 —-HDC—- C:WINDOWS$NtUninstallKB954459$
2009-05-16 18:50:53 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-05-16 18:50:49 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-05-16 18:50:46 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2009-05-16 18:50:43 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-05-16 18:50:40 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-05-16 18:50:37 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-05-16 18:50:33 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2009-05-16 18:50:29 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-05-16 18:50:24 —-HDC—- C:WINDOWS$NtUninstallKB951978$
2009-05-16 18:50:21 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-05-16 18:50:18 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-05-16 18:50:12 —-HDC—- C:WINDOWS$NtUninstallKB950760$
2009-05-16 18:33:10 —-A—- C:WINDOWSsystem32MSVCR71.dll
2009-05-16 18:33:10 —-A—- C:WINDOWSsystem32MSVCP71.dll
2009-05-16 18:33:10 —-A—- C:WINDOWSsystem32MFC71.dll
2009-05-16 18:33:10 —-A—- C:WINDOWSsystem32aswBoot.exe
2009-05-16 18:33:06 —-D—- C:Program FilesAlwil Software
2009-05-16 18:06:47 —-D—- C:WINDOWSPrefetch
2009-05-16 18:03:41 —-D—- C:WINDOWSsystem32ru-ru
2009-05-16 18:03:41 —-D—- C:WINDOWSsystem32ru
2009-05-16 18:03:41 —-D—- C:WINDOWSsystem32bits
2009-05-16 18:03:41 —-D—- C:WINDOWSl2schemas
2009-05-16 18:02:56 —-D—- C:WINDOWSServicePackFiles
2009-05-16 18:01:48 —-D—- C:WINDOWSnetwork diagnostic
2009-05-16 17:59:55 —-HDC—- C:WINDOWS$NtServicePackUninstall$
2009-05-16 17:59:55 —-D—- C:WINDOWSEHome
2009-05-16 17:51:05 —-A—- C:WINDOWSsystem32wpa.bak
2009-05-16 17:47:09 —-D—- C:Documents and SettingsAll UsersApplication DataWindows Genuine Advantage
2009-05-16 17:44:32 —-D—- C:WINDOWSsystem32PreInstall
2009-05-16 17:44:31 —-HDC—- C:WINDOWS$NtUninstallKB898461$
2009-05-16 17:41:16 —-D—- C:WINDOWSsystem32SoftwareDistribution
2009-05-16 17:41:16 —-A—- C:WINDOWSsystem32wups2.dll
2009-05-16 17:41:16 —-A—- C:WINDOWSsystem32wucltui.dll.mui
2009-05-16 17:41:16 —-A—- C:WINDOWSsystem32wuaueng.dll.mui
2009-05-16 17:41:16 —-A—- C:WINDOWSsystem32wuapi.dll.mui
2009-05-16 17:26:08 —-D—- C:WINDOWSsystem32Lang
2009-05-16 17:24:41 —-A—- C:WINDOWSsystem32ChCfg.exe
2009-05-16 17:24:28 —-D—- C:WINDOWSsystem32RTCOM
2009-05-16 17:24:16 —-A—- C:WINDOWSSoundMan.exe
2009-05-16 17:24:16 —-A—- C:WINDOWSSkyTel.exe
2009-05-16 17:24:16 —-A—- C:WINDOWSRtlUpd.exe
2009-05-16 17:24:16 —-A—- C:WINDOWSRTLCPL.exe
2009-05-16 17:24:12 —-A—- C:WINDOWSRTHDCPL.exe
2009-05-16 17:24:12 —-A—- C:WINDOWSMicCal.exe
2009-05-16 17:24:11 —-A—- C:WINDOWSalcwzrd.exe
2009-05-16 17:24:11 —-A—- C:WINDOWSAlcmtr.exe
2009-05-16 17:24:06 —-A—- C:WINDOWSRtlExUpd.dll
2009-05-16 17:24:06 —-A—- C:WINDOWSHideWin.exe
2009-05-16 17:24:01 —-D—- C:Program FilesCommon FilesInstallShield
2009-05-16 17:22:58 —-HD—- C:Program FilesInstallShield Installation Information
2009-05-16 17:22:58 —-D—- C:WINDOWSOPTIONS
2009-05-16 17:22:58 —-D—- C:Program FilesRealtek
2009-05-16 17:22:51 —-D—- C:Documents and SettingsТаняApplication DataInstallShield
2009-05-16 17:22:10 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-05-16 17:22:08 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-05-16 17:22:08 —-D—- C:Program FilesIntel
2009-05-16 17:22:08 —-A—- C:WINDOWSsystem32CSVer.dll
2009-05-16 17:22:01 —-D—- C:Intel
2009-05-16 16:52:49 —-D—- C:Program FilesCommon FilesMotorola
2009-05-16 16:42:06 —-D—- C:Program FilesCommon FilesAdobe
2009-05-16 16:37:34 —-RA—- C:WINDOWSsystem32atiiiexx.dll
2009-05-16 16:37:33 —-RA—- C:WINDOWSsystem32ATIDEMGX.dll
2009-05-16 16:31:11 —-A—- C:WINDOWSsystem32ksuser.dll
2009-05-16 16:31:00 —-A—- C:WINDOWSsystem32wmpns.dll
2009-05-16 16:30:59 —-D—- C:Documents and SettingsТаняApplication DataIdentities
2009-05-16 16:30:57 —-HD—- C:Program FilesUninstall Information
2009-05-16 16:29:36 —-RSD—- C:WINDOWSassembly
2009-05-16 16:29:36 —-D—- C:WINDOWSsystem32URTTemp
2009-05-16 16:29:36 —-D—- C:WINDOWSMicrosoft.NET
2009-05-16 16:29:28 —-SD—- C:Documents and SettingsТаняApplication DataMicrosoft
2009-05-16 16:29:28 —-ASH—- C:Documents and SettingsТаняApplication Datadesktop.ini
2009-05-16 16:28:42 —-D—- C:WINDOWSSoftwareDistribution
2009-05-16 16:28:39 —-SD—- C:WINDOWSsystem32Microsoft
2009-05-16 16:28:39 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-16 16:25:31 —-D—- C:WINDOWSsystem32xircom
2009-05-16 16:25:31 —-D—- C:Program Filesxerox
2009-05-16 16:25:31 —-D—- C:Program Filesmicrosoft frontpage
2009-05-16 16:24:49 —-A—- C:WINDOWSsystem32javaws.exe
2009-05-16 16:24:49 —-A—- C:WINDOWSsystem32javaw.exe
2009-05-16 16:24:49 —-A—- C:WINDOWSsystem32java.exe
2009-05-16 16:24:28 —-D—- C:Program FilesJava
2009-05-16 16:24:27 —-D—- C:Program FilesCommon FilesJava
2009-05-16 16:24:17 —-D—- C:WINDOWSfsc
2009-05-16 16:24:15 —-D—- C:AddOn
2009-05-16 16:24:14 —-A—- C:WINDOWSsystem32OEMINFO.INI
2009-05-16 16:21:30 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-05-16 16:21:14 —-N—- C:WINDOWSsystem32spmsg.dll
2009-05-16 16:21:13 —-HD—- C:WINDOWS$hf_mig$
2009-05-16 16:21:02 —-A—- C:WINDOWScontrol.ini
2009-05-16 16:21:02 —-A—- C:AUTOEXEC.BAT
2009-05-16 16:20:54 —-A—- C:WINDOWSOEWABLog.txt
2009-05-16 16:20:50 —-A—- C:WINDOWSsystem32mapi32.dll
2009-05-16 16:20:16 —-RD—- C:WINDOWSOffline Web Pages
2009-05-16 16:20:15 —-SD—- C:WINDOWSDownloaded Program Files
2009-05-16 16:20:15 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2009-05-16 16:20:11 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2009-05-16 16:20:08 —-HD—- C:Program FilesWindowsUpdate
2009-05-16 16:20:05 —-D—- C:Program FilesOnline Services
2009-05-16 16:19:52 —-D—- C:WINDOWSsystem32DirectX
2009-05-16 16:19:35 —-A—- C:WINDOWSsystem32atrace.dll
2009-05-16 16:19:33 —-A—- C:WINDOWSsystem32desktop.ini
2009-05-16 16:19:33 —-A—- C:WINDOWSdesktop.ini
2009-05-16 16:19:27 —-A—- C:WINDOWSsystem32nmevtmsg.dll
2009-05-16 16:19:26 —-A—- C:WINDOWSsystem32acctres.dll
2009-05-16 16:19:25 —-D—- C:Program FilesCommon FilesServices
2009-05-16 16:19:23 —-SD—- C:WINDOWSTasks
2009-05-16 16:19:23 —-A—- C:WINDOWSsystem32icfgnt5.dll
2009-05-16 16:19:22 —-D—- C:Program FilesCommon FilesMSSoap
2009-05-16 16:19:19 —-D—- C:WINDOWSsystem32Macromed
2009-05-16 16:19:19 —-D—- C:WINDOWSsrchasst
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuweb.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wups.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wucltui.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuauserv.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuaueng1.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuaueng.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuauclt1.exe
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuauclt.exe
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32wuapi.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32bitsprx3.dll
2009-05-16 16:19:16 —-A—- C:WINDOWSsystem32bitsprx2.dll
2009-05-16 16:19:15 —-A—- C:WINDOWSsystem32qmgrprxy.dll
2009-05-16 16:19:15 —-A—- C:WINDOWSsystem32qmgr.dll
2009-05-16 16:19:12 —-D—- C:Program FilesMovie Maker
2009-05-16 16:19:09 —-A—- C:WINDOWSsystem32safrslv.dll
2009-05-16 16:19:09 —-A—- C:WINDOWSsystem32safrdm.dll
2009-05-16 16:19:09 —-A—- C:WINDOWSsystem32safrcdlg.dll
2009-05-16 16:19:09 —-A—- C:WINDOWSsystem32racpldlg.dll
2009-05-16 16:19:06 —-D—- C:WINDOWSsystem32Restore
2009-05-16 16:19:06 —-A—- C:WINDOWSsystem32srsvc.dll
2009-05-16 16:19:06 —-A—- C:WINDOWSsystem32srrstr.dll
2009-05-16 16:19:06 —-A—- C:WINDOWSsystem32srclient.dll
2009-05-16 16:19:06 —-A—- C:WINDOWSsystem32fltmc.exe
2009-05-16 16:19:06 —-A—- C:WINDOWSsystem32fltlib.dll
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32nmmkcert.dll
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32msconf.dll
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32mnmsrvc.exe
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32mnmdd.dll
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32isrdbg32.dll
2009-05-16 16:19:05 —-A—- C:WINDOWSsystem32ils.dll
2009-05-16 16:19:03 —-D—- C:Program FilesNetMeeting
2009-05-16 16:19:03 —-A—- C:WINDOWSsystem32msoert2.dll
2009-05-16 16:19:02 —-A—- C:WINDOWSsystem32msoeacct.dll
2009-05-16 16:19:02 —-A—- C:WINDOWSsystem32inetres.dll
2009-05-16 16:19:02 —-A—- C:WINDOWSsystem32inetcomm.dll
2009-05-16 16:19:00 —-D—- C:Program FilesOutlook Express
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32schedsvc.dll
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32mstinit.exe
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32mstask.dll
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32isign32.dll
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32icwphbk.dll
2009-05-16 16:19:00 —-A—- C:WINDOWSsystem32icwdial.dll
2009-05-16 16:18:59 —-A—- C:WINDOWSsystem32inetcfg.dll
2009-05-16 16:18:55 —-D—- C:Program FilesCommon FilesSystem
2009-05-16 16:18:51 —-D—- C:Program FilesInternet Explorer
2009-05-16 16:18:41 —-D—- C:Program FilesComPlus Applications
2009-05-16 16:18:40 —-A—- C:WINDOWSvbaddin.ini
2009-05-16 16:18:40 —-A—- C:WINDOWSvb.ini
2009-05-16 16:18:35 —-D—- C:WINDOWSRegistration
2009-05-16 16:18:14 —-D—- C:Program FilesWindows Media Player
2009-05-16 16:18:09 —-D—- C:Program FilesMessenger
2009-05-16 16:18:06 —-D—- C:Program FilesMSN Gaming Zone
2009-05-16 16:18:06 —-A—- C:WINDOWSsystem32write.exe
2009-05-16 16:17:59 —-A—- C:WINDOWSsystem32sndvol32.exe
2009-05-16 16:17:58 —-A—- C:WINDOWSsystem32winchat.exe
2009-05-16 16:17:58 —-A—- C:WINDOWSsystem32hticons.dll
2009-05-16 16:17:58 —-A—- C:WINDOWSsystem32avwav.dll
2009-05-16 16:17:58 —-A—- C:WINDOWSsystem32avtapi.dll
2009-05-16 16:17:58 —-A—- C:WINDOWSsystem32avmeter.dll
2009-05-16 16:17:52 —-A—- C:WINDOWSsystem32getuname.dll
2009-05-16 16:17:51 —-A—- C:WINDOWSsystem32winmine.exe
2009-05-16 16:17:51 —-A—- C:WINDOWSsystem32sol.exe
2009-05-16 16:17:51 —-A—- C:WINDOWSsystem32mshearts.exe
2009-05-16 16:17:51 —-A—- C:WINDOWSsystem32charmap.exe
2009-05-16 16:17:51 —-A—- C:WINDOWSsystem32calc.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32usrlogon.cmd
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32tsshutdn.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32tslabels.ini
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32tskill.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32tsdiscon.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32tscon.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32shadow.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32rwinsta.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32reset.exe
2009-05-16 16:17:50 —-A—- C:WINDOWSsystem32freecell.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32regini.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32rdpcfgex.dll
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32qwinsta.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32qappsrv.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32msg.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32msdtcprf.ini
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32logoff.exe
2009-05-16 16:17:49 —-A—- C:WINDOWSsystem32cdmodem.dll
2009-05-16 16:17:48 —-RA—- C:WINDOWSsystem32comrepl.dll
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32stclient.dll
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32mtxlegih.dll
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32mtxex.dll
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32mtxdm.dll
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32dcomcnfg.exe
2009-05-16 16:17:48 —-A—- C:WINDOWSsystem32comaddin.dll
2009-05-16 16:17:47 —-A—- C:WINDOWSsystem32comsnap.dll
2009-05-16 16:17:44 —-A—- C:WINDOWSsystem32wmimgmt.msc
2009-05-16 16:17:43 —-A—- C:WINDOWSsystem32accwiz.exe
2009-05-16 16:17:42 —-D—- C:Program FilesWindows NT
2009-05-16 16:17:42 —-A—- C:WINDOWSsystem32sndrec32.exe
2009-05-16 16:17:42 —-A—- C:WINDOWSsystem32mspaint.exe
2009-05-16 16:17:42 —-A—- C:WINDOWSsystem32mplay32.exe
2009-05-16 16:17:42 —-A—- C:WINDOWSsystem32hypertrm.dll
2009-05-16 16:17:42 —-A—- C:WINDOWSsystem32clipbrd.exe
2009-05-16 16:17:41 —-A—- C:WINDOWSsystem32tscfgwmi.dll
2009-05-16 16:17:41 —-A—- C:WINDOWSsystem32spider.exe
2009-05-16 16:17:41 —-A—- C:WINDOWSsystem32mstscax.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32tscupgrd.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32termsrv.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32sessmgr.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32remotepg.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdshost.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdsaddin.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdpwsx.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdpsnd.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdpclip.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32rdchost.dll
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32qprocess.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32mstsc.exe
2009-05-16 16:17:40 —-A—- C:WINDOWSsystem32icaapi.dll
2009-05-16 16:17:39 —-RA—- C:WINDOWSsystem32mtxoci.dll
2009-05-16 16:17:39 —-RA—- C:WINDOWSsystem32msdtcuiu.dll
2009-05-16 16:17:39 —-RA—- C:WINDOWSsystem32msdtcprx.dll
2009-05-16 16:17:39 —-D—- C:WINDOWSsystem32MsDtc
2009-05-16 16:17:39 —-A—- C:WINDOWSsystem32cfgbkend.dll
2009-05-16 16:17:38 —-RA—- C:WINDOWSsystem32xolehlp.dll
2009-05-16 16:17:38 —-RA—- C:WINDOWSsystem32msdtctm.dll
2009-05-16 16:17:38 —-A—- C:WINDOWSsystem32msdtclog.dll
2009-05-16 16:17:38 —-A—- C:WINDOWSsystem32msdtc.exe
2009-05-16 16:17:37 —-RA—- C:WINDOWSsystem32colbact.dll
2009-05-16 16:17:37 —-RA—- C:WINDOWSsystem32clbcatex.dll
2009-05-16 16:17:37 —-RA—- C:WINDOWSsystem32catsrvut.dll
2009-05-16 16:17:37 —-RA—- C:WINDOWSsystem32catsrv.dll
2009-05-16 16:17:37 —-D—- C:WINDOWSsystem32Com
2009-05-16 16:17:37 —-A—- C:WINDOWSsystem32catsrvps.dll
2009-05-16 16:17:36 —-RA—- C:WINDOWSsystem32comuid.dll
2009-05-16 16:17:36 —-RA—- C:WINDOWSsystem32comsvcs.dll
2009-05-16 16:17:36 —-RA—- C:WINDOWSsystem32clbcatq.dll
2009-05-16 16:17:32 —-A—- C:WINDOWSsystem32servdeps.dll
2009-05-16 16:17:32 —-A—- C:WINDOWSsystem32mmfutil.dll
2009-05-16 16:17:32 —-A—- C:WINDOWSsystem32licwmi.dll
2009-05-16 16:17:31 —-A—- C:WINDOWSsystem32cmprops.dll======List of files/folders modified in the last 1 months======
2009-06-01 18:52:16 —-A—- C:WINDOWSsystem.ini
2009-05-16 19:14:02 —-A—- C:WINDOWSwin.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 BIOS;BIOS; ??C:WINDOWSsystem32driversBIOS.sys []
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-06-03 3100160]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:WINDOWSsystem32driversAtiHdmi.sys [2007-11-14 84992]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-10-16 4615168]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-01-03 105856]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; ??C:DOCUME~17645~1LOCALS~1Tempcatchme.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-06-03 552960]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-05-31 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
EOF
Здравствуйте, Валерий!
Все работает хорошо! Спасибо большое за внимание, участие и помощь! 😀Добрый день!
ComboFix 09-05-24.07 — Administrator 25.05.2009 19:07.2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.255.84 [GMT 4:00]
Running from: c:documents and settingsAdministratorDesktopComboFix.exe
Command switches used :: c:documents and settingsAdministratorDesktopCFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090524-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_GTERMDDO
Service_gtermddo((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.2009-05-18 18:50 . 2009-05-18 18:50
d-sh—w c:windowssystem32configsystemprofileIETldCache
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32scripting
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowsl2schemas
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32en
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32bits
2009-05-18 18:32 . 2009-05-18 18:32
d
w c:windowsServicePackFiles
2009-05-17 15:31 . 2009-02-05 20:06 51376 —-a-w c:windowssystem32driversaswTdi.sys
2009-05-17 15:31 . 2009-02-05 20:06 23152 —-a-w c:windowssystem32driversaswRdr.sys
2009-05-17 15:31 . 2009-02-05 20:05 26944 —-a-w c:windowssystem32driversaavmker4.sys
2009-05-17 15:31 . 2009-02-05 20:04 97480 —-a-w c:windowssystem32AvastSS.scr
2009-05-17 15:31 . 2009-02-05 20:07 114768 —-a-w c:windowssystem32driversaswSP.sys
2009-05-17 15:31 . 2009-02-05 20:07 20560 —-a-w c:windowssystem32driversaswFsBlk.sys
2009-05-17 15:31 . 2009-02-05 20:08 93296 —-a-w c:windowssystem32driversaswmon.sys
2009-05-17 15:31 . 2009-02-05 20:08 94032 —-a-w c:windowssystem32driversaswmon2.sys
2009-05-17 15:31 . 2009-02-05 20:11 1256296 —-a-w c:windowssystem32aswBoot.exe
2009-05-17 15:31 . 2009-05-17 15:31
d
w c:program filesAlwil Software
2009-05-17 12:18 . 2009-05-17 12:18
d-sh—w c:documents and settingsAdministratorPrivacIE
2009-05-17 12:13 . 2009-05-17 12:13
d-sh—w c:documents and settingsAdministratorIETldCache
2009-05-17 12:11 . 2009-05-17 12:11
d
w c:windowsie8updates
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:program filesYandex
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:documents and settingsAdministratorLocal SettingsApplication DataYandex
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:documents and settingsAdministratorApplication DataYandex
2009-05-17 12:10 . 2009-05-17 12:10
d—h—w c:windowsmsdownld.tmp
2009-05-17 12:07 . 2009-05-17 12:07
d—h—w c:windowsie8
2009-05-17 12:05 . 2009-04-25 05:30 102400
w c:windowssystem32dllcacheiecompat.dll
2009-05-17 11:57 . 2009-05-17 11:57 18611464 —-a-w c:program filesIE8-Setup-Full-EN-32bit.exe
2009-05-15 09:54 . 2009-05-15 16:52 32 —sha-w c:windowssystem32driversfidbox.dat
2009-05-09 11:26 . 2009-05-09 11:26
d-sh—w C:FOUND.007
2009-05-08 04:03 . 2009-05-08 04:03
d
w c:program filestrend micro.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 05:35 . 2007-10-21 12:54 34096 —-a-w c:documents and settingsAdministratorLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-18 18:49 . 2006-04-30 13:13 96384 —-a-w c:windowssystem32driverssptd2653.sys
2009-05-18 18:40 . 2005-10-23 17:48 166455 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-05-15 16:52 . 2009-05-15 09:54 32 —sha-w c:windowssystem32driversfidbox.idx
2009-04-20 16:00 . 2009-04-20 16:00
d
w c:program filesCommon FilesINCA Shared
2009-03-08 00:34 . 2004-08-03 16:56 914944 —-a-w c:windowssystem32wininet.dll
2009-03-08 00:34 . 2004-08-03 16:56 43008 —-a-w c:windowssystem32licmgr10.dll
2009-03-08 00:33 . 2004-08-03 16:56 18944 —-a-w c:windowssystem32corpol.dll
2009-03-08 00:33 . 2004-08-03 16:56 420352 —-a-w c:windowssystem32vbscript.dll
2009-03-08 00:32 . 2004-08-03 16:56 72704 —-a-w c:windowssystem32admparse.dll
2009-03-08 00:32 . 2004-08-03 16:56 71680 —-a-w c:windowssystem32iesetup.dll
2009-03-08 00:31 . 2004-08-03 16:56 34816 —-a-w c:windowssystem32imgutil.dll
2009-03-08 00:31 . 2004-08-03 16:56 48128 —-a-w c:windowssystem32mshtmler.dll
2009-03-08 00:31 . 2004-08-03 16:56 45568 —-a-w c:windowssystem32mshta.exe
2009-03-08 00:22 . 2001-08-23 08:00 156160 —-a-w c:windowssystem32msls31.dll
2009-03-06 14:22 . 2004-08-03 16:56 284160 —-a-w c:windowssystem32pdh.dll
2008-11-27 12:09 . 2008-11-24 05:01 299704 —-a-w c:program filesMoneyTracker_1.0.exe
2008-04-07 09:05 . 2008-04-07 09:05 331235 —-a-w c:program filescreditcalc20.zip
2007-09-09 17:40 . 2007-09-09 17:40 18466224 —-a-w c:program filesMagicTeaRus_4.exe
2007-09-09 17:38 . 2007-09-09 17:38 8968104 —-a-w c:program filesSnowyIslandsRus_4.exe
2007-09-08 15:59 . 2007-09-08 15:59 15288336 —-a-w c:program filesPeggleSetup-eni.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«TuneUp MemOptimizer»=»c:program filesTuneUp Utilities 2008MemOptimizer.exe» [2007-12-24 198912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-10-22 7700480]
«MBM 5″=»c:program filesMotherboard Monitor 5MBM5.EXE» [2004-06-12 594944]
«a-winpoet-service»=»c:program filesWinPoET Broadband Connectionwinpppoverethernet.exe» [2003-05-29 299008]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-10-22 86016]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2005-11-22 344064]
«RivaTunerStartupDaemon»=»c:program filesRivaTuner v2.05RivaTuner.exe» [2007-09-27 2633728]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2006-11-10 90112]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-01-12 136600]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-10-22 1622016]
«Logitech Utility»=»Logi_MwX.Exe» — c:windowsLOGI_MWX.EXE [2003-12-17 19968][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«MaxRecentDocs»= 2 (0x2)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 15:46 63352]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [17.05.2009 19:31 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [17.05.2009 19:31 20560]
R2 BT848;bt848 tweaked WDM Video Capture;c:windowssystem32driversBT848.sys [31.12.2001 15:21 85231]
R2 BTTUNER;bt848 tweaked WDM TvTuner;c:windowssystem32driversbttuner.sys [31.12.2001 15:21 9187]
R2 BTXBAR;bt848 tweaked TV WDM Crossbar;c:windowssystem32driversbtxbar.sys [31.12.2001 15:21 8193]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:windowssystem32driversWrKPoET2000.sys [04.01.2006 21:19 53334]
R3 ParadigmVScanner;MUSTEK 1200 USB PLUS Still Image Device Service;c:windowssystem32driversUsbScan.sys [29.10.2005 15:27 15104]
R3 WrKPoET2000;WrKPoET2000;c:program filesWinPoET Broadband ConnectionWrKPoET2000.sys [04.01.2006 21:19 53334]
R3 WRSWanDD;iVasion PoET Adapter;c:windowssystem32driversWrKPoETNic2000.sys [04.01.2006 21:19 65604]
S1 prodrv03;Star Force copy protection driver v3;??c:windowssystem32driversprodrv03.sys —> c:windowssystem32driversprodrv03.sys [?]
S2 enampdat;SpeedStream DSL AMP Protocol Driver for Windows 2000;c:windowssystem32DRIVERSenampdat.sys —> c:windowssystem32DRIVERSenampdat.sys [?]
S3 EfntRfc1483;Efficient Networks RFC 1483 Intermediate Driver;c:windowssystem32DRIVERSefnt1483.sys —> c:windowssystem32DRIVERSefnt1483.sys [?]
S3 EfntRfc1483MP;Efficient Networks RFC 1483 Virtual Miniport;c:windowssystem32DRIVERSefnt1483.sys —> c:windowssystem32DRIVERSefnt1483.sys [?]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:windowssystem32driversusbbc2.sys [23.10.2005 23:21 8960]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-05-22 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2008OneClick.exe [2007-12-21 05:13]
.
— — — — ORPHANS REMOVED — — — —SafeBoot-procexp90.Sys
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=44290
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Webalta — Добавить в Анти-Баннер — c:program filesWebaltaextentionsWebalta_antiban.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 19:14
Windows 5.1.2600 Service Pack 3 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(472)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘explorer.exe'(2804)
c:windowssystem32ieframe.dll
c:windowssystem32OneX.DLL
c:windowssystem32eappprxy.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowsSYSTEM32ATI2EVXX.EXE
c:program filesALWIL SOFTWAREAVAST4ASWUPDSV.EXE
c:windowsSYSTEM32ATI2EVXX.EXE
c:program filesALWIL SOFTWAREAVAST4ASHSERV.EXE
c:program filesJavajre6binjqs.exe
c:windowssystem32HPZipm12.exe
c:program filesWinPoET Broadband ConnectionWrOS.EXE
c:windowssystem32WgaTray.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-25 19:24 — machine was rebooted
ComboFix2.txt 2009-05-22 11:29
ComboFix-quarantined-files.txt 2009-05-25 15:24Pre-Run: 11 787 911 168 bytes free
Post-Run: 11 689 181 184 bytes freeCurrent=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
181 — E O F — 2009-05-19 06:57Здравствуйте, Валерий! 🙂
Вот лог:
ComboFix 09-05-21.03 — Administrator 22.05.2009 15:23.1 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.255.70 [GMT 4:00]
Running from: c:documents and settingsAdministratorDesktopComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090521-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
C:install.exe
C:SETUP.BAT
C:setup.exe
C:start.bat
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.2009-05-18 18:50 . 2009-05-18 18:50
d-sh—w c:windowssystem32configsystemprofileIETldCache
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32scripting
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowsl2schemas
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32en
2009-05-18 18:36 . 2009-05-18 18:36
d
w c:windowssystem32bits
2009-05-18 18:32 . 2009-05-18 18:32
d
w c:windowsServicePackFiles
2009-05-18 12:13 . 2009-05-18 12:13
d
w C:_OTMoveIt
2009-05-17 15:31 . 2009-02-05 20:06 51376 —-a-w c:windowssystem32driversaswTdi.sys
2009-05-17 15:31 . 2009-02-05 20:06 23152 —-a-w c:windowssystem32driversaswRdr.sys
2009-05-17 15:31 . 2009-02-05 20:05 26944 —-a-w c:windowssystem32driversaavmker4.sys
2009-05-17 15:31 . 2009-02-05 20:04 97480 —-a-w c:windowssystem32AvastSS.scr
2009-05-17 15:31 . 2009-02-05 20:07 114768 —-a-w c:windowssystem32driversaswSP.sys
2009-05-17 15:31 . 2009-02-05 20:07 20560 —-a-w c:windowssystem32driversaswFsBlk.sys
2009-05-17 15:31 . 2009-02-05 20:08 93296 —-a-w c:windowssystem32driversaswmon.sys
2009-05-17 15:31 . 2009-02-05 20:08 94032 —-a-w c:windowssystem32driversaswmon2.sys
2009-05-17 15:31 . 2009-02-05 20:11 1256296 —-a-w c:windowssystem32aswBoot.exe
2009-05-17 15:31 . 2009-05-17 15:31
d
w c:program filesAlwil Software
2009-05-17 12:18 . 2009-05-17 12:18
d-sh—w c:documents and settingsAdministratorPrivacIE
2009-05-17 12:13 . 2009-05-17 12:13
d-sh—w c:documents and settingsAdministratorIETldCache
2009-05-17 12:11 . 2009-05-17 12:11
d
w c:windowsie8updates
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:program filesYandex
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:documents and settingsAdministratorLocal SettingsApplication DataYandex
2009-05-17 12:10 . 2009-05-17 12:10
d
w c:documents and settingsAdministratorApplication DataYandex
2009-05-17 12:10 . 2009-05-17 12:10
d—h—w c:windowsmsdownld.tmp
2009-05-17 12:07 . 2009-05-17 12:07
d—h—w c:windowsie8
2009-05-17 12:05 . 2009-04-25 05:30 102400
w c:windowssystem32dllcacheiecompat.dll
2009-05-17 11:57 . 2009-05-17 11:57 18611464 —-a-w c:program filesIE8-Setup-Full-EN-32bit.exe
2009-05-15 09:54 . 2009-05-15 16:52 32 —sha-w c:windowssystem32driversfidbox.dat
2009-05-09 11:26 . 2009-05-09 11:26
d-sh—w C:FOUND.007
2009-05-08 04:03 . 2009-05-08 04:03
d
w c:program filestrend micro
2009-05-08 04:03 . 2009-05-08 04:03
d
w C:rsit.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 05:35 . 2007-10-21 12:54 34096 —-a-w c:documents and settingsAdministratorLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-18 18:49 . 2006-04-30 13:13 96384 —-a-w c:windowssystem32driverssptd2653.sys
2009-05-18 18:40 . 2005-10-23 17:48 166455 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-05-15 16:52 . 2009-05-15 09:54 32 —sha-w c:windowssystem32driversfidbox.idx
2009-04-20 16:00 . 2009-04-20 16:00
d
w c:program filesCommon FilesINCA Shared
2009-03-08 00:34 . 2004-08-03 16:56 914944 —-a-w c:windowssystem32wininet.dll
2009-03-08 00:34 . 2004-08-03 16:56 43008 —-a-w c:windowssystem32licmgr10.dll
2009-03-08 00:33 . 2004-08-03 16:56 18944 —-a-w c:windowssystem32corpol.dll
2009-03-08 00:33 . 2004-08-03 16:56 420352 —-a-w c:windowssystem32vbscript.dll
2009-03-08 00:32 . 2004-08-03 16:56 72704 —-a-w c:windowssystem32admparse.dll
2009-03-08 00:32 . 2004-08-03 16:56 71680 —-a-w c:windowssystem32iesetup.dll
2009-03-08 00:31 . 2004-08-03 16:56 34816 —-a-w c:windowssystem32imgutil.dll
2009-03-08 00:31 . 2004-08-03 16:56 48128 —-a-w c:windowssystem32mshtmler.dll
2009-03-08 00:31 . 2004-08-03 16:56 45568 —-a-w c:windowssystem32mshta.exe
2009-03-08 00:22 . 2001-08-23 08:00 156160 —-a-w c:windowssystem32msls31.dll
2009-03-06 14:22 . 2004-08-03 16:56 284160 —-a-w c:windowssystem32pdh.dll
2008-11-27 12:09 . 2008-11-24 05:01 299704 —-a-w c:program filesMoneyTracker_1.0.exe
2008-04-07 09:05 . 2008-04-07 09:05 331235 —-a-w c:program filescreditcalc20.zip
2007-09-09 17:40 . 2007-09-09 17:40 18466224 —-a-w c:program filesMagicTeaRus_4.exe
2007-09-09 17:38 . 2007-09-09 17:38 8968104 —-a-w c:program filesSnowyIslandsRus_4.exe
2007-09-08 15:59 . 2007-09-08 15:59 15288336 —-a-w c:program filesPeggleSetup-eni.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«TuneUp MemOptimizer»=»c:program filesTuneUp Utilities 2008MemOptimizer.exe» [2007-12-24 198912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-10-22 7700480]
«MBM 5″=»c:program filesMotherboard Monitor 5MBM5.EXE» [2004-06-12 594944]
«a-winpoet-service»=»c:program filesWinPoET Broadband Connectionwinpppoverethernet.exe» [2003-05-29 299008]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-10-22 86016]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2005-11-22 344064]
«RivaTunerStartupDaemon»=»c:program filesRivaTuner v2.05RivaTuner.exe» [2007-09-27 2633728]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2006-11-10 90112]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-01-12 136600]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2006-10-22 1622016]
«Logitech Utility»=»Logi_MwX.Exe» — c:windowsLOGI_MWX.EXE [2003-12-17 19968][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«MaxRecentDocs»= 2 (0x2)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 15:46 63352]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [17.05.2009 19:31 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [17.05.2009 19:31 20560]
R2 BT848;bt848 tweaked WDM Video Capture;c:windowssystem32driversBT848.sys [31.12.2001 15:21 85231]
R2 BTTUNER;bt848 tweaked WDM TvTuner;c:windowssystem32driversbttuner.sys [31.12.2001 15:21 9187]
R2 BTXBAR;bt848 tweaked TV WDM Crossbar;c:windowssystem32driversbtxbar.sys [31.12.2001 15:21 8193]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:windowssystem32driversWrKPoET2000.sys [04.01.2006 21:19 53334]
R3 ParadigmVScanner;MUSTEK 1200 USB PLUS Still Image Device Service;c:windowssystem32driversUsbScan.sys [29.10.2005 15:27 15104]
R3 WrKPoET2000;WrKPoET2000;c:program filesWinPoET Broadband ConnectionWrKPoET2000.sys [04.01.2006 21:19 53334]
R3 WRSWanDD;iVasion PoET Adapter;c:windowssystem32driversWrKPoETNic2000.sys [04.01.2006 21:19 65604]
S1 prodrv03;Star Force copy protection driver v3;??c:windowssystem32driversprodrv03.sys —> c:windowssystem32driversprodrv03.sys [?]
S2 enampdat;SpeedStream DSL AMP Protocol Driver for Windows 2000;c:windowssystem32DRIVERSenampdat.sys —> c:windowssystem32DRIVERSenampdat.sys [?]
S3 EfntRfc1483;Efficient Networks RFC 1483 Intermediate Driver;c:windowssystem32DRIVERSefnt1483.sys —> c:windowssystem32DRIVERSefnt1483.sys [?]
S3 EfntRfc1483MP;Efficient Networks RFC 1483 Virtual Miniport;c:windowssystem32DRIVERSefnt1483.sys —> c:windowssystem32DRIVERSefnt1483.sys [?]
S3 gtermddo;gtermddo;??c:docume~1userLOCALS~1Tempgtermddo.sys —> c:docume~1userLOCALS~1Tempgtermddo.sys [?]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:windowssystem32driversusbbc2.sys [23.10.2005 23:21 8960]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
UxTuneUp
.
Contents of the ‘Scheduled Tasks’ folder2009-05-15 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2008OneClick.exe [2007-12-21 05:13]
.
— — — — ORPHANS REMOVED — — — —HKLM-Run-NevoDRM — c:игры от nevosoftNevoDRMNevoDRM.exe
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=44290
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Webalta — Добавить в Анти-Баннер — c:program filesWebaltaextentionsWebalta_antiban.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 15:27
Windows 5.1.2600 Service Pack 3 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(524)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2009-05-22 15:29
ComboFix-quarantined-files.txt 2009-05-22 11:29Pre-Run: 9 066 446 848 bytes free
Post-Run: 10 591 715 328 bytes freeCurrent=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
161 — E O F — 2009-05-19 06:57Добрый день, Валерий!
Комп работает хорошо! Никаких проблем не наблюдается! Большое-прибольшое СПАСИБО!!! 😀OTMoveIt лог:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========ServiceDriver usprserv deleted successfully.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTempHistoryHistory.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTempCookiesindex.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTempTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempPerflib_Perfdata_52c.dat scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempPerflib_Perfdata_110.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 05182009_161331
Files moved on Reboot…
C:WINDOWStempPerflib_Perfdata_52c.dat moved successfully.
File C:WINDOWStempPerflib_Perfdata_110.dat not found!Здравствуйте! 🙂
Проблемы такие:
1. Комп о-о-очень сильно тормозит. После включения надо ждать минут 5-10, что бы начать работать. Зависает. Любые опрерации (включить вин-амп, зайти в интернет, включить или обновить антивирус) делаются очень медленно. Оперативки не много-256, но раньше таких проблем не было.
2. Проверяла одноразовой программой Касперского, нашлось 11 эд-варе рекламных. На следующий день Аваст нашел 21 вирус. Половина эд-варе рекламные, половина трояны. Такое впечатление, что они не удаляются до конца и потом размножаются. 😀 🙄свежий RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Administrator at 2009-05-18 16:26:22
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (36%) free of 24 GB
Total RAM: 255 MB (35% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:54, on 18.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSLogi_MwX.Exe
C:Program FilesMotherboard Monitor 5MBM5.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe
C:Program FilesWinPoET Broadband ConnectionWrOS.EXE
C:Program FilesJavajre6binjusched.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTuneUp Utilities 2008MemOptimizer.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Documents and SettingsAdministratorDesktopRSIT.exe
C:WINDOWSsystem32WgaTray.exe
C:WINDOWSsystem32wuauclt.exe
C:Program Filestrend microAdministrator.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru/?clid=44290
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=44290
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer provided by Yandex
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: (no name) — {53707962-6F74-2D53-2644-206D7942484F} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — (no file)
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 — HKLM..Run: [MBM 5] «C:Program FilesMotherboard Monitor 5MBM5.EXE»
O4 — HKLM..Run: [a-winpoet-service] «C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe»
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ATIPTA] «C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe»
O4 — HKLM..Run: [RivaTunerStartupDaemon] «C:Program FilesRivaTuner v2.05RivaTuner.exe» /S
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [NevoDRM] «C:Игры от NevoSoftNevoDRMNevoDRM.exe»
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [TuneUp MemOptimizer] «C:Program FilesTuneUp Utilities 2008MemOptimizer.exe» autostart
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Webalta — Добавить в Анти-Баннер — C:Program FilesWebaltaextentionsWebalta_antiban.htm
O9 — Extra button: (no name) — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — (no file)
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187443552770
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) — http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231750358_6c1c95acfc17396c43e03c6aff63745f&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem01.exe
O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software GmbH — C:WINDOWSSystem32TuneUpDefragService.exe
O23 — Service: WinPPPoverEthernet — iVasion, a Routerware Company — C:Program FilesWinPoET Broadband ConnectionWrOS.EXE—
End of file — 7917 bytes======Scheduled tasks folder======
C:WINDOWStasks1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-04-16 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
C:Program FilesSpybot — Search & DestroySDHelper.dll [2005-04-27 853672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-01-12 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-01-12 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-01-12 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — []
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-03-24 3698464][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-10-22 7700480]
«nwiz»=nwiz.exe /install []
«Logitech Utility»=C:WINDOWSLogi_MwX.Exe [2003-12-17 19968]
«MBM 5″=C:Program FilesMotherboard Monitor 5MBM5.EXE [2004-06-12 594944]
«a-winpoet-service»=C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe [2003-05-29 299008]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-10-22 86016]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-11-22 344064]
«RivaTunerStartupDaemon»=C:Program FilesRivaTuner v2.05RivaTuner.exe [2007-09-27 2633728]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2006-11-10 90112]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-01-12 136600]
«NevoDRM»=C:Игры от NevoSoftNevoDRMNevoDRM.exe []
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-02-06 81000][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«TuneUp MemOptimizer»=C:Program FilesTuneUp Utilities 2008MemOptimizer.exe [2007-12-24 198912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-09-29 122880][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-04-10 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«MaxRecentDocs»=2
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesTotal Commander XPTOTALCMD.EXE»=»C:Program FilesTotal Commander XPTOTALCMD.EXE:*:Enabled:TOTALCMD»
«C:Program FilesEA SPORTSFIFA 06fifa06.exe»=»C:Program FilesEA SPORTSFIFA 06fifa06.exe:*:Enabled:fifa06»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesDownload MasterDMASTER.EXE»=»C:Program FilesDownload MasterDMASTER.EXE:*:Enabled:Download Master»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-05-18 16:13:31 —-D—- C:_OTMoveIt
2009-05-17 19:31:17 —-A—- C:WINDOWSsystem32aswBoot.exe
2009-05-17 19:31:08 —-D—- C:Program FilesAlwil Software
2009-05-17 16:11:00 —-D—- C:WINDOWSie8updates
2009-05-17 16:10:05 —-D—- C:Program FilesYandex
2009-05-17 16:10:05 —-D—- C:Documents and SettingsAdministratorApplication DataYandex
2009-05-17 16:10:01 —-HD—- C:WINDOWSmsdownld.tmp
2009-05-17 16:07:51 —-HD—- C:WINDOWSie8
2009-05-17 15:57:28 —-A—- C:Program FilesIE8-Setup-Full-EN-32bit.exe
2009-05-15 09:49:46 —-RASHD—- C:autorun.inf
2009-05-09 15:26:42 —-SHD—- C:FOUND.007
2009-05-08 08:03:40 —-D—- C:Program Filestrend micro
2009-05-08 08:03:37 —-D—- C:rsit
2009-04-20 21:36:06 —-HD—- C:WINDOWS$NtUninstallKB959426$
2009-04-20 21:35:57 —-HD—- C:WINDOWS$NtUninstallKB961373$
2009-04-20 21:31:37 —-HD—- C:WINDOWS$NtUninstallKB956572$
2009-04-20 21:31:13 —-HD—- C:WINDOWS$NtUninstallKB952004$
2009-04-20 21:31:03 —-HD—- C:WINDOWS$NtUninstallKB960803$
2009-04-20 21:30:33 —-HD—- C:WINDOWS$NtUninstallKB923561$
2009-04-20 20:00:14 —-D—- C:Program FilesCommon FilesINCA Shared======List of files/folders modified in the last 1 months======
2009-05-18 16:22:46 —-A—- C:WINDOWSWinPoET_Runtime.txt
2009-05-18 16:20:22 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-18 16:20:20 —-A—- C:WINDOWSwin.ini
2009-05-17 16:09:58 —-A—- C:WINDOWSimsins.BAK
2009-05-07 11:16:30 —-A—- C:WINDOWSsystem32MRT.exe
2009-04-21 22:08:14 —-A—- C:WINDOWSsystem32PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-02-06 26944]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-02-06 51376]
R1 mbmiodrvr;mbmiodrvr; ??C:WINDOWSsystem32mbmiodrvr.sys []
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-02-06 94032]
R2 Atmuni;ATM Call Manager; C:WINDOWSsystem32DRIVERSatmuni.sys [2001-08-23 352256]
R2 BT848;bt848 tweaked WDM Video Capture; C:WINDOWSsystem32driversBT848.sys [2002-07-16 85231]
R2 BTTUNER;bt848 tweaked WDM TvTuner; C:WINDOWSsystem32driversBTTUNER.sys [2001-10-08 9187]
R2 BTXBAR;bt848 tweaked TV WDM Crossbar; C:WINDOWSsystem32driversBTXBAR.sys [2001-10-08 8193]
R2 Rawwan;RAW WAN Driver; C:WINDOWSsystem32DRIVERSrawwan.sys [2001-08-23 34432]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver; C:WINDOWSsystem32DRIVERSWrKPoET2000.sys [2003-05-22 53334]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-02-06 23152]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-09-29 2456064]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2005-08-08 43008]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 ParadigmVScanner;MUSTEK 1200 USB PLUS Still Image Device Service; C:WINDOWSsystem32driversusbscan.sys [2004-08-03 15104]
R3 RivaTuner32;RivaTuner32; ??C:Program FilesRivaTuner v2.05RivaTuner32.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VIAudio;VIA AC’97 Audio Controller (WDM); C:WINDOWSsystem32driversviaudios.sys [2003-02-26 370048]
R3 WrKPoET2000;WrKPoET2000; ??C:Program FilesWinPoET Broadband ConnectionWrKPoET2000.sys []
R3 WRSWanDD;iVasion PoET Adapter; C:WINDOWSsystem32DRIVERSWrKPoETNic2000.sys [2002-10-28 65604]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S1 prodrv03;Star Force copy protection driver v3; ??C:WINDOWSsystem32driversprodrv03.sys []
S2 enampdat;SpeedStream DSL AMP Protocol Driver for Windows 2000; C:WINDOWSsystem32DRIVERSenampdat.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 CnxTrUsb;Conexant USB Network Interface Device Driver; C:WINDOWSsystem32DRIVERSCnxTrUsb.sys [2004-05-26 54720]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys [2007-04-15 223128]
S3 EfntRfc1483;Efficient Networks RFC 1483 Intermediate Driver; C:WINDOWSsystem32DRIVERSefnt1483.sys []
S3 EfntRfc1483MP;Efficient Networks RFC 1483 Virtual Miniport; C:WINDOWSsystem32DRIVERSefnt1483.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 gtermddo;gtermddo; ??C:DOCUME~1userLOCALS~1Tempgtermddo.sys []
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:WINDOWSsystem32DRIVERSL8042pr2.Sys [2003-12-17 51729]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:WINDOWSsystem32DRIVERSLMouFlt2.Sys [2003-12-17 70801]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:WINDOWSsystem32DRIVERSNMnt.sys [2004-08-03 40320]
S3 NTSIM;NTSIM; ??C:WINDOWSsystem32ntsim.sys []
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-10-22 3994624]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver; C:WINDOWSSystem32Driversusbbc2.sys [2003-05-07 8960]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; ??C:WINDOWSsystem32DRIVERSTVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:WINDOWSsystem32DRIVERSxusb21.sys [2007-08-28 55808]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-02-06 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-09-29 483328]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-02-06 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-01-12 152984]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-03 69632]
R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2004-08-03 14336]
R2 WinPPPoverEthernet;WinPPPoverEthernet; C:Program FilesWinPoET Broadband ConnectionWrOS.EXE [2003-05-22 94255]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-02-06 254040]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-09-28 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-10-22 159810]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:WINDOWSsystem32sfrem01.exe [2006-07-05 358008]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-02-06 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2008-10-08 306432]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-03 14336]
EOF
Добрый день, Валерий! 🙂
ComboFix 09-05-17.04 — Таня 18.05.2009 15:44.2 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.2047.1620 [GMT 4:00]
Running from: c:documents and settingsТаняРабочий столComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090517-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.2009-05-16 20:45 . 2009-05-16 20:45
d-sh—w c:documents and settingsDefault UserIETldCache
2009-05-16 20:11 . 2009-05-16 20:11
d—h—r c:documents and settingsТаняApplication DataSecuROM
2009-05-16 20:11 . 2009-05-16 20:11 107888 —-a-w c:windowssystem32CmdLineExt.dll
2009-05-16 19:07 . 2009-05-16 19:07
d
w c:documents and settingsТаняApplication DataLeadertech
2009-05-16 18:16 . 2009-05-16 18:16
d
w c:documents and settingsТаняLocal SettingsApplication DataНовый Импульс Центр
2009-05-16 17:59 . 2009-05-16 17:59
d
w c:program filestrend micro
2009-05-16 17:59 . 2009-05-16 17:59
d
w C:rsit
2009-05-16 17:09 . 2009-05-16 17:13
d
w c:documents and settingsТаняApplication DataQIP.Online.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 19:13 . 2009-05-16 15:35
d
w c:program filesWinamp
2009-05-16 18:48 . 2009-05-16 18:48
d
w c:program filesEA Sports
2009-05-16 18:16 . 2009-05-16 14:11 24352 —-a-w c:documents and settingsТаняLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-16 17:13 . 2009-05-16 15:33
d
w c:program filesQIP Infium
2009-05-16 16:30 . 2009-05-16 16:30
d
w c:program filesFastStone Image Viewer
2009-05-16 16:26 . 2009-05-16 16:26
d
w c:program filesDownload Master
2009-05-16 16:13 . 2009-05-16 16:13 9388 —-a-w c:windowssystem32driversiaStor.PNF
2009-05-16 16:13 . 2009-05-16 16:13 7280 —-a-w c:windowssystem32driversviamraid.PNF
2009-05-16 16:13 . 2009-05-16 16:13 6984 —-a-w c:windowssystem32driversSiSRaid.PNF
2009-05-16 16:13 . 2009-05-16 16:13 63240 —-a-w c:windowssystem32driversSi3112r.PNF
2009-05-16 16:13 . 2009-05-16 16:13 20152 —-a-w c:windowssystem32driversINFCACHE.1
2009-05-16 16:13 . 2009-05-16 16:13 12432 —-a-w c:windowssystem32driversadpu320.PNF
2009-05-16 16:13 . 2009-05-16 16:13 12204 —-a-w c:windowssystem32driversnvraid.PNF
2009-05-16 16:13 . 2009-05-16 16:13 10828 —-a-w c:windowssystem32driversiaAHCI.PNF
2009-05-16 15:51 . 2009-05-16 15:50
d
w c:program filesK-Lite Codec Pack
2009-05-16 15:49 . 2009-05-16 15:49
d
w c:program filescodek
2009-05-16 15:41 . 2009-05-16 15:41
d
w c:program files7-Zip
2009-05-16 15:32 . 2009-05-16 12:42
d
w c:program filesCommon FilesAdobe
2009-05-16 15:24 . 2009-05-16 15:22
d
w c:program filesAhead
2009-05-16 15:23 . 2009-05-16 15:23
d
w c:program filesCommon FilesNero
2009-05-16 15:22 . 2009-05-16 15:22
d
w c:program filesCommon FilesAhead
2009-05-16 15:15 . 2009-05-16 15:15
d
w c:program filesMicrosoft Works
2009-05-16 15:15 . 2009-05-16 15:15
d
w c:program filesMicrosoft.NET
2009-05-16 15:00 . 2009-05-16 14:59 4212 —h—w c:windowssystem32zllictbl.dat
2009-05-16 15:00 . 2009-05-16 15:08 262144 —-a-w c:program filesUninstall Spy Blocker.dll
2009-05-16 15:00 . 2009-05-16 15:00
d—a-w c:program filesZoneAlarmSB
2009-05-16 15:00 . 2004-08-18 12:00 64962 —-a-w c:windowssystem32perfc019.dat
2009-05-16 15:00 . 2004-08-18 12:00 421458 —-a-w c:windowssystem32perfh019.dat
2009-05-16 14:33 . 2009-05-16 14:33
d
w c:program filesAlwil Software
2009-05-16 13:24 . 2009-05-16 13:22
d—h—w c:program filesInstallShield Installation Information
2009-05-16 13:24 . 2009-05-16 13:22
d
w c:program filesRealtek
2009-05-16 13:24 . 2009-05-16 13:24 315392 —-a-w c:windowsHideWin.exe
2009-05-16 13:24 . 2009-05-16 13:24
d
w c:program filesCommon FilesInstallShield
2009-05-16 13:22 . 2009-05-16 13:22
d
w c:program filesIntel
2009-05-16 12:52 . 2009-05-16 12:52
d
w c:program filesCommon FilesMotorola
2009-05-16 12:37 . 2009-05-16 12:37 0 —-a-w c:windowsativpsrm.bin
2009-05-16 12:30 . 2009-05-16 12:30 127 —-a-w c:documents and settingsТаняLocal SettingsApplication Datafusioncache.dat
2009-05-16 12:25 . 2009-05-16 12:25
d
w c:program filesmicrosoft frontpage
2009-05-16 12:24 . 2009-05-16 12:24
d
w c:program filesJava
2009-05-16 12:24 . 2009-05-16 12:24
d
w c:program filesCommon FilesJava
2009-05-16 12:18 . 2009-05-16 12:18 22564 —-a-w c:windowssystem32emptyregdb.dat
2009-03-08 00:34 . 2004-08-18 12:00 914944 —-a-w c:windowssystem32wininet.dll
2009-03-08 00:34 . 2004-08-18 12:00 43008 —-a-w c:windowssystem32licmgr10.dll
2009-03-08 00:33 . 2004-08-18 12:00 18944 —-a-w c:windowssystem32corpol.dll
2009-03-08 00:33 . 2004-08-18 12:00 420352 —-a-w c:windowssystem32vbscript.dll
2009-03-08 00:32 . 2004-08-18 12:00 72704 —-a-w c:windowssystem32admparse.dll
2009-03-08 00:32 . 2004-08-18 12:00 71680 —-a-w c:windowssystem32iesetup.dll
2009-03-08 00:31 . 2004-08-18 12:00 34816 —-a-w c:windowssystem32imgutil.dll
2009-03-08 00:31 . 2004-08-18 12:00 48128 —-a-w c:windowssystem32mshtmler.dll
2009-03-08 00:31 . 2004-08-18 12:00 45568 —-a-w c:windowssystem32mshta.exe
2009-03-08 00:22 . 2004-08-18 12:00 156160 —-a-w c:windowssystem32msls31.dll
2009-03-06 14:23 . 2004-08-18 12:00 284672 —-a-w c:windowssystem32pdh.dll
2009-03-02 18:10 . 2009-05-16 15:50 67584 —-a-w c:windowssystem32ff_vfw.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{95289393-33EA-4F8D-B952-483415B9C955}»= «c:documents and settingsТаняApplication DataMicrosoftInternet Explorerqipsearchbar.dll» [2009-02-12 119808][HKEY_CLASSES_ROOTclsid{95289393-33ea-4f8d-b952-483415b9c955}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO.1]
[HKEY_CLASSES_ROOTTypeLib{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO][HKEY_LOCAL_MACHINE~Browser Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
2009-02-12 07:40 119808 —-a-w c:documents and settingsТаняApplication DataMicrosoftInternet Explorerqipsearchbar.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«Download Master»=»c:program filesDownload Masterdmaster.exe» [2008-09-17 3294720][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SunJavaUpdateSched»=»c:program filesJavajre1.5.0_06binjusched.exe» [2005-11-10 36975]
«motoregcheck»=»c:program filesCommon FilesMotorolaBroadbandSB5101RegCheck.exe» [2004-09-29 1439426]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2009-02-27 35696]
«WinampAgent»=»c:program filesWinampwinampa.exe» [2009-03-09 37888]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.exe [2007-10-16 16855552]
«SkyTel»=»SkyTel.EXE» — c:windowsSkyTel.exe [2007-10-11 1826816][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settings’ пѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
FIFA 09 — ॣЁбва жЁп.lnk — c:program filesEA SportsFIFA 09SupportEAregister.exe [2008-8-13 4369408][HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«e:\InstallMicro\Utkonos\Utkonos.exe»=R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [16.05.2009 21:25 114768]
R1 BIOS;BIOS;c:windowssystem32driversBIOS.sys [16.05.2009 17:21 13696]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [16.05.2009 21:25 20560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:windowssystem32driversAtiHdmi.sys [16.05.2009 16:31 84992][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 15:45
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(676)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘explorer.exe'(3576)
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
.
Completion time: 2009-05-18 15:45
ComboFix-quarantined-files.txt 2009-05-18 11:45
ComboFix2.txt 2009-05-18 11:32Pre-Run: 59 491 971 072 байт свободно
Post-Run: 59 482 157 056 байт свободно148 — E O F — 2009-05-16 20:46
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Administrator at 2009-05-16 22:56:25
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (7%) free of 24 GB
Total RAM: 255 MB (44% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:38, on 16.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWinPoET Broadband ConnectionWrOS.EXE
C:Program FilesCanonCALCALMAIN.exe
C:WINDOWSLogi_MwX.Exe
C:Program FilesMotherboard Monitor 5MBM5.EXE
C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:Игры от NevoSoftNevoDRMrun.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32WgaTray.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdministratorDesktopRSIT.exe
C:Program Filestrend microAdministrator.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fifasoccer.ru/
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: (no name) — {53707962-6F74-2D53-2644-206D7942484F} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — (no file)
O3 — Toolbar: &Webalta toolbar — {D4C56A33-3488-495B-8033-9BF834E276D8} — C:PROGRA~1WebaltaWEBALT~1.DLL
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 — HKLM..Run: [MBM 5] «C:Program FilesMotherboard Monitor 5MBM5.EXE»
O4 — HKLM..Run: [a-winpoet-service] «C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe»
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ATIPTA] «C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe»
O4 — HKLM..Run: [RivaTunerStartupDaemon] «C:Program FilesRivaTuner v2.05RivaTuner.exe» /S
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [NevoDRM] «C:Игры от NevoSoftNevoDRMNevoDRM.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [TuneUp MemOptimizer] «C:Program FilesTuneUp Utilities 2008MemOptimizer.exe» autostart
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Webalta — Добавить в Анти-Баннер — C:Program FilesWebaltaextentionsWebalta_antiban.htm
O9 — Extra button: (no name) — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — (no file)
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187443552770
O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) — http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231750358_6c1c95acfc17396c43e03c6aff63745f&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 — Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) — Protection Technology (StarForce) — C:WINDOWSsystem32sfrem01.exe
O23 — Service: TuneUp Drive Defrag Service (TuneUp.Defrag) — TuneUp Software GmbH — C:WINDOWSSystem32TuneUpDefragService.exe
O23 — Service: Webalta Controller (WebaltaController) — Unknown owner — C:Program FilesWebaltaWebaltaUpdaterService.exe
O23 — Service: WinPPPoverEthernet — iVasion, a Routerware Company — C:Program FilesWinPoET Broadband ConnectionWrOS.EXE—
End of file — 7405 bytes======Scheduled tasks folder======
C:WINDOWStasks1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-04-16 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
C:Program FilesSpybot — Search & DestroySDHelper.dll [2005-04-27 853672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-01-12 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-01-12 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-01-12 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} — []
{D4C56A33-3488-495B-8033-9BF834E276D8} — &Webalta toolbar — C:PROGRA~1WebaltaWEBALT~1.DLL [2009-02-06 1690626][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-10-22 7700480]
«nwiz»=nwiz.exe /install []
«Logitech Utility»=C:WINDOWSLogi_MwX.Exe [2003-12-17 19968]
«MBM 5″=C:Program FilesMotherboard Monitor 5MBM5.EXE [2004-06-12 594944]
«a-winpoet-service»=C:Program FilesWinPoET Broadband Connectionwinpppoverethernet.exe [2003-05-29 299008]
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2006-10-22 86016]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2005-11-22 344064]
«RivaTunerStartupDaemon»=C:Program FilesRivaTuner v2.05RivaTuner.exe [2007-09-27 2633728]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2006-11-10 90112]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-01-12 136600]
«NevoDRM»=C:Игры от NevoSoftNevoDRMNevoDRM.exe [2008-12-11 41984][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-03 15360]
«TuneUp MemOptimizer»=C:Program FilesTuneUp Utilities 2008MemOptimizer.exe [2007-12-24 198912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-09-29 122880][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-04-10 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«MaxRecentDocs»=2
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesTotal Commander XPTOTALCMD.EXE»=»C:Program FilesTotal Commander XPTOTALCMD.EXE:*:Enabled:TOTALCMD»
«C:Program FilesEA SPORTSFIFA 06fifa06.exe»=»C:Program FilesEA SPORTSFIFA 06fifa06.exe:*:Enabled:fifa06»
«C:Program FilesICQLiteICQLite.exe»=»C:Program FilesICQLiteICQLite.exe:*:Enabled:ICQ Lite»
«C:Program FilesDownload MasterDMASTER.EXE»=»C:Program FilesDownload MasterDMASTER.EXE:*:Enabled:Download Master»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-05-15 09:49:46 —-RASHD—- C:autorun.inf
2009-05-09 15:26:42 —-SHD—- C:FOUND.007
2009-05-08 08:03:40 —-D—- C:Program Filestrend micro
2009-05-08 08:03:37 —-D—- C:rsit
2009-04-20 21:36:06 —-HD—- C:WINDOWS$NtUninstallKB959426$
2009-04-20 21:35:57 —-HD—- C:WINDOWS$NtUninstallKB961373$
2009-04-20 21:31:37 —-HD—- C:WINDOWS$NtUninstallKB956572$
2009-04-20 21:31:13 —-HD—- C:WINDOWS$NtUninstallKB952004$
2009-04-20 21:31:03 —-HD—- C:WINDOWS$NtUninstallKB960803$
2009-04-20 21:30:33 —-HD—- C:WINDOWS$NtUninstallKB923561$
2009-04-20 20:00:14 —-D—- C:Program FilesCommon FilesINCA Shared
2009-04-20 19:08:29 —-D—- C:Program FilesNikita======List of files/folders modified in the last 1 months======
2009-05-16 20:15:20 —-A—- C:WINDOWSWinPoET_Runtime.txt
2009-05-16 10:45:58 —-A—- C:WINDOWSwin.ini
2009-05-16 10:45:58 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-07 11:16:30 —-A—- C:WINDOWSsystem32MRT.exe
2009-04-21 22:08:14 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-04-20 21:36:02 —-A—- C:WINDOWSimsins.BAK======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 mbmiodrvr;mbmiodrvr; ??C:WINDOWSsystem32mbmiodrvr.sys []
R2 Atmuni;ATM Call Manager; C:WINDOWSsystem32DRIVERSatmuni.sys [2001-08-23 352256]
R2 bDriver;bDriver; C:WINDOWSSystem32driversbDriver.sys [2005-10-24 8105]
R2 BT848;bt848 tweaked WDM Video Capture; C:WINDOWSsystem32driversBT848.sys [2002-07-16 85231]
R2 BTTUNER;bt848 tweaked WDM TvTuner; C:WINDOWSsystem32driversBTTUNER.sys [2001-10-08 9187]
R2 BTXBAR;bt848 tweaked TV WDM Crossbar; C:WINDOWSsystem32driversBTXBAR.sys [2001-10-08 8193]
R2 Rawwan;RAW WAN Driver; C:WINDOWSsystem32DRIVERSrawwan.sys [2001-08-23 34432]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver; C:WINDOWSsystem32DRIVERSWrKPoET2000.sys [2003-05-22 53334]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-09-29 2456064]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSsystem32DRIVERSfetnd5bv.sys [2005-08-08 43008]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 ParadigmVScanner;MUSTEK 1200 USB PLUS Still Image Device Service; C:WINDOWSsystem32driversusbscan.sys [2004-08-03 15104]
R3 RivaTuner32;RivaTuner32; ??C:Program FilesRivaTuner v2.05RivaTuner32.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VIAudio;VIA AC’97 Audio Controller (WDM); C:WINDOWSsystem32driversviaudios.sys [2003-02-26 370048]
R3 WrKPoET2000;WrKPoET2000; ??C:Program FilesWinPoET Broadband ConnectionWrKPoET2000.sys []
R3 WRSWanDD;iVasion PoET Adapter; C:WINDOWSsystem32DRIVERSWrKPoETNic2000.sys [2002-10-28 65604]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S1 prodrv03;Star Force copy protection driver v3; ??C:WINDOWSsystem32driversprodrv03.sys []
S2 enampdat;SpeedStream DSL AMP Protocol Driver for Windows 2000; C:WINDOWSsystem32DRIVERSenampdat.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 CnxTrUsb;Conexant USB Network Interface Device Driver; C:WINDOWSsystem32DRIVERSCnxTrUsb.sys [2004-05-26 54720]
S3 dtscsi;dtscsi; C:WINDOWSSystem32Driversdtscsi.sys [2007-04-15 223128]
S3 EfntRfc1483;Efficient Networks RFC 1483 Intermediate Driver; C:WINDOWSsystem32DRIVERSefnt1483.sys []
S3 EfntRfc1483MP;Efficient Networks RFC 1483 Virtual Miniport; C:WINDOWSsystem32DRIVERSefnt1483.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 gtermddo;gtermddo; ??C:DOCUME~1userLOCALS~1Tempgtermddo.sys []
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:WINDOWSsystem32DRIVERSL8042pr2.Sys [2003-12-17 51729]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:WINDOWSsystem32DRIVERSLMouFlt2.Sys [2003-12-17 70801]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:WINDOWSsystem32DRIVERSNMnt.sys [2004-08-03 40320]
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-05-29 13312]
S3 NTSIM;NTSIM; ??C:WINDOWSsystem32ntsim.sys []
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-10-22 3994624]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver; C:WINDOWSSystem32Driversusbbc2.sys [2003-05-07 8960]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; ??C:WINDOWSsystem32DRIVERSTVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:WINDOWSsystem32DRIVERSxusb21.sys [2007-08-28 55808]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-09-29 483328]
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2007-01-31 96370]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-01-12 152984]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-03 69632]
R2 UxTuneUp;TuneUp Theme Extension; C:WINDOWSSystem32svchost.exe [2004-08-03 14336]
R2 WinPPPoverEthernet;WinPPPoverEthernet; C:Program FilesWinPoET Broadband ConnectionWrOS.EXE [2003-05-22 94255]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2007-09-28 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-10-22 159810]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:WINDOWSsystem32sfrem01.exe [2006-07-05 358008]
S2 WebaltaController;Webalta Controller; C:Program FilesWebaltaWebaltaUpdaterService.exe [2009-02-06 97794]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe [2006-06-05 174080]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:WINDOWSSystem32TuneUpDefragService.exe [2008-10-08 306432]
S3 usprserv;User Privilege Service; C:WINDOWSSystem32svchost.exe [2004-08-03 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-03 14336]
EOF
