Созданные ответы форума
-
Сообщения
-
Спасибо.
Попытаюсь удалить лишнее. 🙂
Я очень рад, что мне не пришлось переустанавливать ОС, и переживать сопутствующий геморрой. Может быть, я могу что-то сделать для Вас, Helper? Например, денег прислать (небольших), или ссылки какие где-то разместить, ну, или каким-другим способом отблагодарить?
С наилучшими пожеланиями,
Еще раз: Огромное Спасибо Вам!
Результаты проверки на VirusTotal:
С:WINDOWSsystem32DRIVERSrimsptsk.sys — http://www.virustotal.com/ru/analisis/c189953dd7b3ab31167d8746e8f829d222fef3f8866317814414ef3e0d92b9e1-1279803291
C:WINDOWSsystem32DRIVERSssmdrv.sys — http://www.virustotal.com/ru/analisis/9af6286926807c6aef2ae97d58245bf9e23f9a62fab57916c6a5cb31a487a14d-1279803426
C:WINDOWSsystem32driversadfs.sys — http://www.virustotal.com/ru/analisis/fbee01f2ffdb6854f682b4be91673462a146927dd333d3c4de66e6b86d9ed8db-1279803509
C:WINDOWSsystem32DRIVERSxaudio.sys — http://www.virustotal.com/ru/analisis/3660379aadb6db56e54d9c680929cd3882cde4e6a8bb888fc892110d6b50c627-1279803631
C:WINDOWSsystem32driversxinstall.sys — http://www.virustotal.com/ru/analisis/f383bac8f09f74051bc94149491499e36b2e4755f49fa7f84b13e037d0ccd524-1279801733
C:WINDOWSsystem32DRIVERSsdbus.sys — http://www.virustotal.com/ru/analisis/b0588af967a7611f05bc8a8ad0c945dbb7bf995d7da5c28fd0d007e33bf1f502-1279801885
C:WINDOWSNIRCMD.exe — http://www.virustotal.com/ru/analisis/eccf9f7bb602e25cf9383be7856318c1fa679c0c4a354966b0ed723da17e8d24-1279802007 (Результат: 3/41 (7.32%))
C:WINDOWSzip.exe — http://www.virustotal.com/ru/analisis/2e28e6e768d5f0c821d45209e702d01be0a9fb632d7fd83620bcb71cc9ae00f9-1279802227 (Результат: 1/42 (2.39%))
C:WINDOWSSWXCACLS.exe — http://www.virustotal.com/ru/analisis/933756962d8a3530c50072e03af9e0eb0bede3c7af58feda3518240e851071ef-1279802362
C:WINDOWSSWSC.exe — http://www.virustotal.com/ru/analisis/c6ee03a9b48edf36833bb3d7d27d616a0df8929305f2c841e3e4cdc467bb3a92-1279802473 (Результат: 1/42 (2.39%))
C:WINDOWSSWREG.exe — http://www.virustotal.com/ru/analisis/1eed7a2498943b7303de1f085820edbabae4a414db6125862c1ba2db269ee3e3-1279802651 (Результат: 2/42 (4.77%))
C:WINDOWSsed.exe — http://www.virustotal.com/ru/analisis/95a2e2cacfb63d095de385a98f1d5d4a21f0e7e8de485cbaf5b872434d43fb73-1279802761 (Результат: 1/42 (2.39%))
C:WINDOWSPEV.exe — http://www.virustotal.com/ru/analisis/deaaab3b825ebadb6395e0be7671f96fd30ca8f76159b53c2d11da5c2ca7b7d0-1279802880 (Результат: 2/41 (4.88%))
C:WINDOWSMBR.exe — http://www.virustotal.com/ru/analisis/42855149b90c059b62ebc4027188361860fb6ffd9e4a2aa074c665181a2b9326-1279803027
C:WINDOWSgrep.exe — http://www.virustotal.com/ru/analisis/c2ef6fc419630d566154f8372e94859df8141d02805bc7bce39c726a1ffef7c1-1279803142
*************************************************************
Удалил ComboFix.
*************************************************************
Скачал OTM by Old Timer. Выключил файрволл и антивирус. Скопировал и вставил текст. Кликнул «MoveIt!».
Индикатор показывает что процесс завершен, но автоматической перезагрузки не происходит. Кликаю «Exit» — из программы выходит, но на рабочем столе нет никаких иконок и панель задач не появляется.
************************************************************
Логи RSIT:
Logfile of random’s system information tool 1.08 (written by random/random)
Run by User at 2010-07-22 17:37:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 124 GB (66%) free of 188 GB
Total RAM: 2046 MB (77% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:20, on 22.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:WINDOWSExplorer.EXE
C:Program FilesUSB Disk SecurityUSBGuard.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesRainlendar2Rainlendar2.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32wscntfy.exe
C:Documents and SettingsUserLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsUserLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsUserLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsUserLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:WINDOWSsystem32notepad.exe
C:WINDOWSsystem32svchost.exe
C:Documents and SettingsUserРабочий столTOOLSRSIT.exe
C:Program Filestrend microUser.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://www.apeha.ru
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [USB Antivirus] C:Program FilesUSB Disk SecurityUSBGuard.exe
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKCU..Run: [Rainlendar2] C:Program FilesRainlendar2Rainlendar2.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: Open using &Advanced JPEG Compressor — C:Program FilesAdvanced JPEG Compressorajcieex.htm
O8 — Extra context menu item: Sothink SWF Catcher — C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O8 — Extra context menu item: Добавить к существующему PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Добавить содержимое по ссылке в существующий файл PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 — Extra context menu item: Преобразовать содержимое по ссылке в PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Flash Decompiler SWF Capture tool — {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra ‘Tools’ menuitem: Flash Decompiler SWF Capture tool menu — {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Sothink SWF Catcher — {E19ADC6E-3909-43E4-9A89-B7B676377EE3} — C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O9 — Extra ‘Tools’ menuitem: Sothink SWF Catcher — {E19ADC6E-3909-43E4-9A89-B7B676377EE3} — C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: ePochta Extractor — {491A6C2B-1046-486b-8A8F-7D26BCB79A9B} — C:WINDOWSsystem32shdocvw.dll (HKCU)
O9 — Extra ‘Tools’ menuitem: ePochta Extractor — {491A6C2B-1046-486b-8A8F-7D26BCB79A9B} — C:WINDOWSsystem32shdocvw.dll (HKCU)
O16 — DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) — https://w3s.webmoney.ru/WMAcceptor.dll
O17 — HKLMSystemCCSServicesTcpip..{5FCEF9E2-7274-405D-B1C3-B221C27DA079}: NameServer = 94.25.96.43
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: C:WINDOWSsystem32cssdll32.dll
O22 — SharedTaskScheduler: Предзагрузчик Browseui — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSsystem32browseui.dll
O22 — SharedTaskScheduler: Демон кэша категорий компонентов — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSsystem32browseui.dll
O23 — Service: Avira AntiVir Scheduler (AntiVirSchedulerService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopsched.exe
O23 — Service: Avira AntiVir Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopavguard.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Acresso Software Inc. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:WINDOWSsystem32DRIVERSxaudio.exe—
End of file — 8325 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-583907252-706699826-1417001333-1003Core.job
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-583907252-706699826-1417001333-1003UA.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2008-06-11 61816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-04-25 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-04-25 73728][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«USB Antivirus»=C:Program FilesUSB Disk SecurityUSBGuard.exe [2009-12-14 819200]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2010-03-09 15872][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Rainlendar2″=C:Program FilesRainlendar2Rainlendar2.exe [2008-08-24 4067328]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownloadAccelerator]
C:Program FilesDAPDAP.EXE /STARTUP [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpeedBitVideoAccelerator]
C:Program FilesSpeedBit Video AcceleratorVideoAccelerator.exe [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLs»=»C:WINDOWSsystem32cssdll32.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-06-03 139264][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoResolveSearch»=1
«NoDriveAutoRun»=67108863
«NoDriveTypeAutoRun»=323
«NoDrives»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesDAPDAP.exe»=»C:Program FilesDAPDAP.exe:*:Enabled:Download Accelerator Plus (DAP)»
«C:Program FilesClientBankCore.exe»=»C:Program FilesClientBankCore.exe:*:Enabled:Клиент-Банк»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======File associations======
.js — edit —
======List of files/folders created in the last 1 months======
2010-07-22 17:09:43 —-D—- C:_OTM
2010-07-22 10:13:47 —-SHD—- C:RECYCLER
2010-07-22 09:42:12 —-A—- C:ComboFix.txt
2010-07-22 09:35:39 —-D—- C:WINDOWStemp
2010-07-21 20:42:23 —-D—- C:Documents and SettingsUserApplication DataYandex
2010-07-21 18:55:01 —-A—- C:WINDOWSsystem32driversutm4ody3.sys
2010-07-21 15:07:02 —-AD—- C:Kaspersky Rescue Disk 10.0
2010-07-21 14:26:36 —-A—- C:Boot.bak
2010-07-21 14:26:33 —-RASHD—- C:cmdcons
2010-07-21 14:20:57 —-D—- C:WINDOWSERDNT
2010-07-21 06:41:11 —-D—- C:Program FilesUnlocker
2010-07-21 05:22:48 —-D—- C:rsit
2010-07-21 05:22:48 —-D—- C:Program Filestrend micro
2010-07-20 18:26:50 —-D—- C:Documents and SettingsUserApplication Datadvdcss
2010-07-20 18:26:03 —-D—- C:Documents and SettingsUserApplication Datavlc
2010-07-20 10:48:17 —-D—- C:Documents and SettingsUserApplication DataToolbar4
2010-07-20 10:48:15 —-D—- C:Documents and SettingsAll UsersГлавное менюApplication DataSpeedBit
2010-07-19 15:21:17 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2010-07-19 15:21:11 —-A—- C:WINDOWSsystem32driversmbamswissarmy.sys
2010-07-19 15:21:10 —-D—- C:Documents and SettingsAll UsersГлавное менюApplication DataMalwarebytes
2010-07-19 15:21:08 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2010-07-19 15:21:08 —-A—- C:WINDOWSsystem32driversmbam.sys
2010-07-19 14:26:20 —-D—- C:WINDOWSCSC
2010-07-19 13:46:30 —-D—- C:WINDOWSpss
2010-07-17 10:11:41 —-A—- C:WINDOWSntbtlog.txt
2010-07-06 16:44:50 —-D—- C:Program FilesCommon FilesSkype======List of files/folders modified in the last 1 months======
2010-07-22 17:22:55 —-D—- C:WINDOWSsystem32CatRoot2
2010-07-22 17:14:01 —-SHD—- C:System Volume Information
2010-07-22 17:14:01 —-D—- C:WINDOWSsystem32Restore
2010-07-22 17:09:52 —-D—- C:WINDOWS
2010-07-22 17:07:58 —-D—- C:WINDOWSPrefetch
2010-07-22 15:43:37 —-A—- C:WINDOWSModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt
2010-07-22 12:22:02 —-D—- C:Documents and SettingsUserApplication DataFileZilla
2010-07-22 11:44:13 —-A—- C:WINDOWSSchedLgU.Txt
2010-07-22 11:43:17 —-D—- C:WINDOWSsystem32
2010-07-22 11:43:16 —-D—- C:WINDOWSsystem32drivers
2010-07-22 11:40:41 —-D—- C:Program Files
2010-07-22 11:40:24 —-AD—- C:Documents and SettingsAll UsersГлавное менюApplication DataTEMP
2010-07-22 11:39:30 —-SHD—- C:WINDOWSInstaller
2010-07-22 11:39:30 —-D—- C:Config.Msi
2010-07-22 09:37:20 —-A—- C:WINDOWSsystem.ini
2010-07-22 09:36:54 —-D—- C:WINDOWSsystem32driversetc
2010-07-22 09:33:54 —-D—- C:WINDOWSAppPatch
2010-07-22 09:33:51 —-D—- C:Program FilesCommon Files
2010-07-21 22:45:29 —-HD—- C:WINDOWSinf
2010-07-21 19:15:37 —-D—- C:WINDOWSsystem32wbem
2010-07-21 19:15:36 —-D—- C:WINDOWSsystem32usmt
2010-07-21 19:15:36 —-D—- C:WINDOWSsystem32URTTemp
2010-07-21 19:15:32 —-D—- C:WINDOWSsystem32oobe
2010-07-21 19:15:31 —-D—- C:WINDOWSsystem32npp
2010-07-21 19:15:26 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-07-21 19:15:08 —-D—- C:WINDOWSsystem32Com
2010-07-21 19:15:01 —-D—- C:WINDOWSNetwork Diagnostic
2010-07-21 19:15:01 —-D—- C:WINDOWSmsagent
2010-07-21 19:14:52 —-HDC—- C:WINDOWSie8
2010-07-21 19:14:51 —-HDC—- C:WINDOWSie7
2010-07-21 19:14:50 —-D—- C:WINDOWSFlash Menu Factory
2010-07-21 19:14:49 —-SD—- C:WINDOWSDownloaded Program Files
2010-07-21 19:14:48 —-D—- C:Temp
2010-07-21 19:14:40 —-D—- C:Program FilesWinRAR
2010-07-21 19:14:39 —-D—- C:Program FilesWindows NT
2010-07-21 19:14:39 —-D—- C:Program FilesWindows Media Player
2010-07-21 19:14:39 —-D—- C:Program FilesWinDjView
2010-07-21 19:14:38 —-D—- C:Program FilesWinCMD
2010-07-21 19:14:38 —-D—- C:Program FilesWinamp
2010-07-21 19:14:36 —-D—- C:Program FilesWebMoney Agent
2010-07-21 19:14:36 —-D—- C:Program FilesWebMoney
2010-07-21 19:14:34 —-D—- C:Program FilesWeb Page Maker
2010-07-21 19:14:34 —-D—- C:Program FilesVertus Fluid Mask 3
2010-07-21 19:14:33 —-D—- C:Program FilesUSB Disk Security
2010-07-21 19:14:32 —-D—- C:Program FilesUltraISO
2010-07-21 19:14:31 —-D—- C:Program FilesTogether Flash Decompiler
2010-07-21 19:14:30 —-D—- C:Program FilesSWiSH Max2
2010-07-21 19:14:29 —-D—- C:Program FilesSWFText
2010-07-21 19:14:22 —-D—- C:Program FilesSkypeMate
2010-07-21 19:14:18 —-D—- C:Program FilesRainlendar2
2010-07-21 19:14:18 —-D—- C:Program FilesQuickTime
2010-07-21 19:14:16 —-D—- C:Program FilesQIP Infium
2010-07-21 19:14:15 —-D—- C:Program FilesOutlook Express
2010-07-21 19:14:15 —-D—- C:Program FilesOpera
2010-07-21 19:14:14 —-D—- C:Program FilesNotepad++
2010-07-21 19:14:14 —-D—- C:Program FilesNetMeeting
2010-07-21 19:14:13 —-D—- C:Program FilesMWSnap
2010-07-21 19:14:11 —-D—- C:Program Filesmp3DirectCut
2010-07-21 19:14:11 —-D—- C:Program FilesMozilla Firefox
2010-07-21 19:14:11 —-D—- C:Program FilesMovie Maker
2010-07-21 19:14:10 —-D—- C:Program FilesMicrosoft Silverlight
2010-07-21 19:14:05 —-D—- C:Program FilesMessenger
2010-07-21 19:14:01 —-D—- C:Program FilesKoolMoves
2010-07-21 19:13:59 —-D—- C:Program FilesK-Lite Codec Pack
2010-07-21 19:13:55 —-D—- C:Program FilesIrfanView
2010-07-21 19:13:55 —-D—- C:Program FilesInternet Explorer
2010-07-21 19:13:52 —-D—- C:Program FilesGifCreator
2010-07-21 19:13:52 —-D—- C:Program FilesFlashyEffects
2010-07-21 19:13:51 —-D—- C:Program FilesFlasherShop
2010-07-21 19:13:51 —-D—- C:Program FilesFlash Slideshow Maker Professional
2010-07-21 19:13:49 —-D—- C:Program FilesFlash Menu Labs Pro Rus v2
2010-07-21 19:13:44 —-D—- C:Program FilesFlash Menu Factory
2010-07-21 19:13:43 —-D—- C:Program FilesFlash Banner Creator
2010-07-21 19:13:43 —-D—- C:Program FilesFileZilla FTP Client
2010-07-21 19:13:42 —-D—- C:Program FilesEye Corrector
2010-07-21 19:13:21 —-D—- C:Program FilesColor Schemer Studio
2010-07-21 19:13:21 —-D—- C:Program FilesClientBank
2010-07-21 19:13:20 —-D—- C:Program Fileschmbookcreator
2010-07-21 19:13:20 —-D—- C:Program FilesCCleaner
2010-07-21 19:13:01 —-D—- C:Program FilesAdvanced JPEG Compressor
2010-07-21 19:13:00 —-D—- C:Program FilesAdobe Media Player
2010-07-21 19:12:35 —-D—- C:Program FilesAAALOGO2009
2010-07-21 19:12:34 —-D—- C:Program FilesA4DeskPro
2010-07-21 19:12:33 —-D—- C:Program FilesA4Desk Flash Photo Gallery Builder
2010-07-21 19:12:32 —-D—- C:Program FilesA4Desk
2010-07-21 19:12:30 —-D—- C:Program Files7-Zip
2010-07-21 19:12:30 —-D—- C:Program Files123 Flash Menu
2010-07-21 19:01:33 —-RD—- C:Documents and SettingsUserApplication DataМои документы
2010-07-21 19:01:22 —-D—- C:Documents and SettingsUserApplication DataFlash Jigsaw Producer
2010-07-21 15:28:13 —-RSD—- C:WINDOWSFonts
2010-07-21 15:12:58 —-D—- C:WINDOWSsecurity
2010-07-21 14:48:14 —-SD—- C:WINDOWSTasks
2010-07-21 14:40:37 —-D—- C:WINDOWSsystem32config
2010-07-21 14:26:36 —-RASH—- C:boot.ini
2010-07-21 14:15:55 —-D—- C:Documents and SettingsUserApplication DataU3
2010-07-21 11:02:36 —-D—- C:WINDOWSPeerNet
2010-07-21 07:14:17 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2010-07-21 07:03:32 —-D—- C:WINDOWSDownloaded Installations
2010-07-21 05:33:10 —-D—- C:Program FilesUnity
2010-07-20 21:15:20 —-D—- C:WINDOWSSHELLNEW
2010-07-19 18:16:19 —-D—- C:Documents and SettingsUserApplication DataWebMoney
2010-07-19 14:42:32 —-A—- C:WINDOWSwin.ini
2010-07-19 14:36:00 —-D—- C:WINDOWSRegistration
2010-07-13 19:27:07 —-D—- C:Documents and SettingsUserApplication DataCorel
2010-07-13 19:26:31 —-D—- C:Documents and SettingsAll UsersГлавное менюApplication DataCorel
2010-07-10 13:23:16 —-D—- C:Program FilesFlashSpring Pro 3
2010-07-08 11:23:17 —-A—- C:WINDOWSNeroDigital.ini
2010-07-08 10:55:29 —-D—- C:Documents and SettingsUserApplication DataSkype
2010-07-08 09:24:21 —-D—- C:Documents and SettingsUserApplication DataskypePM======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:WINDOWSsystem32DRIVERSiaStor.sys [2008-09-08 317976]
R0 ohci1394;OHCI-совместимый IEEE 1394 хост-контроллер; C:WINDOWSsystem32DRIVERSohci1394.sys [2008-04-15 61696]
R0 pavboot;pavboot; C:WINDOWSsystem32driverspavboot.sys [2008-06-19 28544]
R0 PxHelp20;PxHelp20; C:WINDOWSSystem32DriversPxHelp20.sys [2007-03-08 43528]
R1 avgio;avgio; ??C:Program FilesAviraAntiVir Desktopavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2009-04-28 96104]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; ??C:Program FilesUltraISOdriversISODrive.sys []
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2009-06-10 28520]
R2 adfs;adfs; C:WINDOWSsystem32driversadfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:WINDOWSsystem32DRIVERSavgntflt.sys [2009-12-07 56816]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2007-05-16 12672]
R2 rimsptsk;rimsptsk; C:WINDOWSsystem32DRIVERSrimsptsk.sys [2007-01-23 42496]
R2 XAudio;XAudio; C:WINDOWSsystem32DRIVERSxaudio.sys [2007-05-16 8192]
R2 xinstall;xinstall; ??C:WINDOWSsystem32driversxinstall.sys []
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:WINDOWSsystem32DRIVERSathw.sys [2008-08-14 1318464]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-15 60800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-06-03 3100160]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:WINDOWSsystem32driversAtiHdmi.sys [2008-05-21 93696]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERSHSX_DPV.sys [2007-05-16 986624]
R3 HSXHWAZL;HSXHWAZL; C:WINDOWSsystem32DRIVERSHSXHWAZL.sys [2007-05-16 206848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2008-05-20 4800000]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-15 61824]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-15 79232]
R3 SNC;Sony Notebook управляющее устройство; C:WINDOWSsystem32DRIVERSSonyNC.sys [2001-08-18 20752]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-15 32128]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB-видеоустройство (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2008-04-14 121984]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSX_CNXT.sys [2007-05-16 659968]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2007-01-08 250624]
S2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2009-06-15 40448]
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys []
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys []
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys []
S3 btwhid;btwhid; C:WINDOWSsystem32DRIVERSbtwhid.sys []
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; ??F:Driver`s! Everest Ultimate Editionkerneld.wnt []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]
S3 sffdisk;Драйвер класса SFF Storage; C:WINDOWSsystem32DRIVERSsffdisk.sys [2008-04-15 11904]
S3 sffp_sd;Драйвер протокола SFF Storage для SDBus; C:WINDOWSsystem32DRIVERSsffp_sd.sys [2008-04-15 11008]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-14 60032]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 utm4ody3;AVZ Kernel Driver; ??C:WINDOWSsystem32Driversutm4ody3.sys []
S3 vaxscsi;vaxscsi; C:WINDOWSSystem32Driversvaxscsi.sys []
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]
S4 s24trans;Транспорт беспроводной сети; C:WINDOWSsystem32DRIVERSs24trans.sys []
S4 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2009-01-17 717296]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:Program FilesAviraAntiVir Desktopsched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:Program FilesAviraAntiVir Desktopavguard.exe [2009-08-05 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-06-03 552960]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-04-25 152984]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
S2 XAudioService;XAudioService; C:WINDOWSsystem32DRIVERSxaudio.exe [2007-05-16 386560]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2010-05-12 655624]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
info RSIT:
info.txt logfile of random’s system information tool 1.08 2010-07-22 17:37:21======Uninstall list======
—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
7-Zip 4.57—>»C:Program Files7-ZipUninstall.exe»
A4Desk Flash Photo Gallery Builder v2.15 (Studio Package)—>»C:Program FilesA4Desk Flash Photo Gallery Builderunins000.exe»
A4Desk v6.26 (Registered Version)—>»C:Program FilesA4Deskunins000.exe»
A4DeskPro v1.40—>»C:Program FilesA4DeskProunins000.exe»
AAA Logo 2009 Business Edition 3.0—>»C:Program FilesAAALOGO2009unins000.exe»
Acrobat.com—>msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com—>MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)—>MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR—>C:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4—>MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4—>MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4—>MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color — Photoshop Specific CS4—>MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4—>MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4—>MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4—>MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4—>MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Creative Suite 4 Design Premium—>C:Program FilesCommon FilesAdobeInstallers61891f6653695c87d1383e330e647bcSetup.exe —uninstall=1
Adobe Creative Suite 4 Design Premium—>MsiExec.exe /I{83744391-B5A4-40E3-8A7D-E8BF39CB00ED}
Adobe CSI CS4—>MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4—>MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4—>MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4—>MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4—>MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4—>MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4—>MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Fonts All—>MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4—>MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Importer—>MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Player—>msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player—>MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module—>MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4—>MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support—>MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4—>MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Reader 8 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A81200000003}
Adobe Search for Help—>MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension—>MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup—>MsiExec.exe /I{425AD62D-5B16-494C-8AAB-6B3D0CF2527A}
Adobe Shockwave Player 11—>C:WINDOWSsystem32adobeSHOCKW~1UNWISE.EXE
Adobe SVG Viewer 3.0—>C:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallWinstall.exe -u -f
Adobe Type Support CS4—>MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4—>MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4—>MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK—>MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB—>MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advanced JPEG Compressor 2009—>»C:Program FilesAdvanced JPEG Compressorunins000.exe»
AKVIS Coloriage—>MsiExec.exe /I{4833435D-7A4D-4D15-86F4-51C2D15549CF}
Aleo 3D Flash Slideshow Creator 1.4—>»C:Program FilesAleo Software3D Flash Slideshow Creatorunins000.exe»
Aleo Flash Intro Banner Maker 3.0—>»C:Program FilesAleo SoftwareFlash Intro and Banner Makerunins000.exe»
Alligator Flash Designer 8 (8.0.4) Trial—>C:PROGRA~1SeltecoALLIGA~2Setup.exe /remove
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal — Free Antivirus—>C:Program FilesAviraAntiVir Desktopsetup.exe /REMOVE
Canon CanoScan Toolbox 4.9—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}setup.exe» -l0x19 anything
Canon ScanGear Starter—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{18A5DFF2-8A95-49F3-873F-743CB5549F3D}SETUP.EXE» -l0x19 anything
CCleaner—>»C:Program FilesCCleaneruninst.exe»
Color Schemer Studio—>»C:Program FilesColor Schemer Studiounins000.exe»
Connect—>MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
EximiousSoft GIF Creator V5.57—>»C:Program FilesGifCreatorunins000.exe»
Eye Corrector—>C:Program FilesEye Correctoruninstall.exe
FileZilla Client 3.3.3—>C:Program FilesFileZilla FTP Clientuninstall.exe
Flash Menu Factory—>»C:WINDOWSFlash Menu Factoryuninstall.exe» «/U:C:Program FilesFlash Menu FactoryUninstalluninstall.xml»
Flash Menu Labs Pro Rus v2—>»C:Program FilesFlash Menu Labs Pro Rus v2unins000.exe»
Flash Optimizer 2—>»C:Program FilesEltima SoftwareFlash Optimizer 2unins000.exe»
Flash Slideshow Maker Pro 4.75—>C:Program FilesFlash Slideshow Maker Professionaluninst.exe
FlashyEffects 1.2.0—>»C:Program FilesFlashyEffectsunins000.exe»
Foxit Reader—>C:Program FilesFoxit SoftwareFoxit ReaderUninstall.exe
Haali Reader 2.0 (remove only)—>»C:Program FilesHaaliHaali Readeruninstall.exe»
HDAUDIO SoftV92 Data Fax Modem with SmartCP—>C:Program FilesCONEXANTCNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200HXFSETUP.EXE -U -ISnSZIRXz.inf
IrfanView (remove only)—>C:Program FilesIrfanViewiv_uninstall.exe
Java(TM) 6 Update 13—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Mega Codec Pack 3.7.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
KoolMoves 7.0—>»C:Program FilesKoolMovesunins000.exe»
kuler—>MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Mail.Ru Агент 5.6 (сборка 3278, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.6)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 6.0 Parser—>MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MWSnap 3—>»C:Program FilesMWSnapuninstall.exe»
Namo FreeMotion 2006—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A5B4CD3C-AD42-4F2E-989E-261D1E64AE58}setup.exe» -l0x9
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Notepad++—>C:Program FilesNotepad++uninstall.exe
Opera 9.64—>MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}
PDF Settings CS4—>MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw—>MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickTime—>MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rainlendar2 (remove only)—>»C:Program FilesRainlendar2uninst.exe»
Realtek High Definition Audio Driver—>RtlUpd.exe -r -m -nrg2709
Selteco Bannershop GIF Animator v5.0.7—>C:Program FilesSeltecoBannershop GIF Animatoruninstall.exe
Selteco Menu Maker 4.0.3—>C:Program FilesSeltecoMenu Makeruninstall.exe
Skype Toolbars—>MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
SkypeMate—>»C:Program FilesSkypeMateuninstall.exe»
Skype™ 4.2—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sothink Photo Album Maker—>»C:Program FilesSourceTecSothink Photo Album Makerunins000.exe»
Sothink SWF Decompiler—>»C:Program FilesSourceTecSothink SWF Decompilerunins000.exe»
Sothink SWF Easy Resource Add-on—>»C:Program FilesSourceTecSothink SWF Easyunins001.exe»
Sothink SWF Easy—>»C:Program FilesSourceTecSothink SWF Easyunins000.exe»
Sothink SWF Quicker—>»C:Program FilesSourceTecSothink SWF Quickerunins000.exe»
Suite Shared Configuration CS4—>MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SWFText 1.3—>»C:Program FilesSWFTextunins000.exe»
Swiff Player 1.5—>»C:Program FilesGlobFXSwiff Playerunins000.exe»
SWiSH Max2—>C:WINDOWSunvise32.exe
Ulead GIF Animator 5 TBYB—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{8AF3E926-ED59-11D4-A44B-0000E86D2305}Setup.exe»
UltraISO Premium V9.32—>»C:Program FilesUltraISOunins000.exe»
Unlocker 1.8.9—>C:Program FilesUnlockeruninst.exe
Update Manager—>MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
USB Disk Security—>»C:Program FilesUSB Disk Securityunins000.exe»
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vertus Fluid Mask 3 2.100.2-RC2—>»C:Program FilesVertus Fluid Mask 3Uninstall.exe»
Web Page Maker V3.0—>»C:Program FilesWeb Page Makerunins000.exe»
WebMoney Agent—>C:Program FilesWebMoney Agentuninst_wmagent.exe
WebMoney Keeper Classic 3.9.2.1—>»C:Program FilesWebMoneyUninstall.exe» «C:Program FilesWebMoneyinstall.log» -u
Winamp—>»C:Program FilesWinampUninstWA.exe»
WinDjView 1.0—>C:Program FilesWinDjViewuninstall.exe
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Wondershare Flash Gallery Factory 4.8.0.12—>»C:Program FilesWondershareFlash Gallery Factoryunins000.exe»
Wondershare Flash Gallery Factory 4.8.0.12—>»C:Program FilesWondershareFlash Gallery Factoryunins001.exe»
Xara3D6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{64C96428-3A75-4AAE-A538-C450EF68175F}setup.exe» -l0x9
Xerox Phaser 3117—>»C:WINDOWSXeroxP3117setup.exe» /L0019
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Клиент-Банк—>MsiExec.exe /I{43D655A6-B6BD-4B45-9724-2992C73EF57B}
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office—>MsiExec.exe /X{90120000-0020-0419-0000-0000000FF1CE}======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: USER-PC
Event Code: 7036
Message: Служба «Службы терминалов» перешла в состояние Работает.Record Number: 84971
Source Name: Service Control Manager
Time Written: 20100715134450.000000+240
Event Type: информация
User:Computer Name: USER-PC
Event Code: 7000
Message: Сбой при запуске службы «XAudioService» из-за ошибки
%1 не является приложением Win32.Record Number: 84970
Source Name: Service Control Manager
Time Written: 20100715134446.000000+240
Event Type: ошибка
User:Computer Name: USER-PC
Event Code: 7000
Message: Сбой при запуске службы «WinFax PRO» из-за ошибки
Системе не удается найти указанный путь.Record Number: 84969
Source Name: Service Control Manager
Time Written: 20100715134446.000000+240
Event Type: ошибка
User:Computer Name: USER-PC
Event Code: 7000
Message: Сбой при запуске службы «Cyberlink RichVideo Service(CRVS)» из-за ошибки
Системе не удается найти указанный путь.Record Number: 84968
Source Name: Service Control Manager
Time Written: 20100715134446.000000+240
Event Type: ошибка
User:Computer Name: USER-PC
Event Code: 6005
Message: Запущена служба журнала событий.Record Number: 84967
Source Name: EventLog
Time Written: 20100715134425.000000+240
Event Type: информация
User:=====Application event log=====
Computer Name: USER-PC
Event Code: 11724
Message: Product: Adobe SING CS4 — Установка завершена успешно.Record Number: 10029
Source Name: MsiInstaller
Time Written: 20100512130849.000000+240
Event Type: информация
User: USER-PCUserComputer Name: USER-PC
Event Code: 11724
Message: Product: Pixel Bender Toolkit — Установка завершена успешно.Record Number: 10028
Source Name: MsiInstaller
Time Written: 20100512130842.000000+240
Event Type: информация
User: USER-PCUserComputer Name: USER-PC
Event Code: 11724
Message: Product: Adobe Media Encoder CS4 — Установка завершена успешно.Record Number: 10027
Source Name: MsiInstaller
Time Written: 20100512130756.000000+240
Event Type: информация
User: USER-PCUserComputer Name: USER-PC
Event Code: 11724
Message: Продукт: Adobe Acrobat 9 Pro — Romanian, Ukrainian, Russian, Turkish — Removal completed successfully.Record Number: 10026
Source Name: MsiInstaller
Time Written: 20100512130510.000000+240
Event Type: информация
User: USER-PCUserComputer Name: USER-PC
Event Code: 11724
Message: Product: Adobe Media Encoder CS4 Importer — Установка завершена успешно.Record Number: 10025
Source Name: MsiInstaller
Time Written: 20100512125616.000000+240
Event Type: информация
User: USER-PCUser======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 23 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=1706
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=.;C:Program FilesQuickTimeQTSystemQTJava.zip
«QTJAVA»=C:Program FilesQuickTimeQTSystemQTJava.zip
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;;C:Program FilesQuickTimeQTSystem
EOF
log RSIT:
Logfile of random’s system information tool 1.08 (written by random/random)
Run by User at 2010-07-22 15:15:08
Microsoft Windows XP Professional Service Pack 3
System drive C: has 124 GB (66%) free of 188 GB
Total RAM: 2046 MB (69% free)Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:15:11, on 22.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:WINDOWSExplorer.EXE
C:Program FilesAviraAntiVir Desktopavguard.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:Program FilesUSB Disk SecurityUSBGuard.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesRainlendar2Rainlendar2.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Documents and SettingsUserLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsUserLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsUserРабочий столTOOLSRSIT.exe
C:Program FilesSkypeToolbarsSharedSkypeNames2.exe
C:Program Filestrend microUser.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/?clid=40316
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://www.apeha.ru
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 — HKLM..Run: [USB Antivirus] C:Program FilesUSB Disk SecurityUSBGuard.exe
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKCU..Run: [Rainlendar2] C:Program FilesRainlendar2Rainlendar2.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..RunOnce: [ClearTemp] del C:DOCUME~1UserLOCALS~1Tempyupdate.exe-{D8DF27E7-A42A-40BA-9F52-09BEEAD0CFD9}
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: Open using &Advanced JPEG Compressor — C:Program FilesAdvanced JPEG Compressorajcieex.htm
O8 — Extra context menu item: Sothink SWF Catcher — C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O8 — Extra context menu item: Добавить к существующему PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 — Extra context menu item: Добавить содержимое по ссылке в существующий файл PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 — Extra context menu item: Преобразовать содержимое по ссылке в PDF — res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Flash Decompiler SWF Capture tool — {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra ‘Tools’ menuitem: Flash Decompiler SWF Capture tool menu — {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} — C:WINDOWSsystem32shdocvw.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Sothink SWF Catcher — {E19ADC6E-3909-43E4-9A89-B7B676377EE3} — C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O9 — Extra ‘Tools’ menuitem: Sothink SWF Catcher — {E19ADC6E-3909-43E4-9A89-B7B676377EE3} — C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: ePochta Extractor — {491A6C2B-1046-486b-8A8F-7D26BCB79A9B} — C:WINDOWSsystem32shdocvw.dll (HKCU)
O9 — Extra ‘Tools’ menuitem: ePochta Extractor — {491A6C2B-1046-486b-8A8F-7D26BCB79A9B} — C:WINDOWSsystem32shdocvw.dll (HKCU)
O16 — DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) — https://w3s.webmoney.ru/WMAcceptor.dll
O17 — HKLMSystemCCSServicesTcpip..{5FCEF9E2-7274-405D-B1C3-B221C27DA079}: NameServer = 94.25.96.43
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: C:WINDOWSsystem32cssdll32.dll
O22 — SharedTaskScheduler: Предзагрузчик Browseui — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSsystem32browseui.dll
O22 — SharedTaskScheduler: Демон кэша категорий компонентов — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSsystem32browseui.dll
O23 — Service: Avira AntiVir Scheduler (AntiVirSchedulerService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopsched.exe
O23 — Service: Avira AntiVir Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopavguard.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Acresso Software Inc. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: StarWind AE Service (StarWindServiceAE) — Rocket Division Software — C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O23 — Service: XAudioService — Conexant Systems, Inc. — C:WINDOWSsystem32DRIVERSxaudio.exe—
End of file — 8368 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-583907252-706699826-1417001333-1003Core.job
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-583907252-706699826-1417001333-1003UA.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2008-06-11 61816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-04-25 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-04-25 73728][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«USB Antivirus»=C:Program FilesUSB Disk SecurityUSBGuard.exe [2009-12-14 819200]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2010-03-09 15872][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Rainlendar2″=C:Program FilesRainlendar2Rainlendar2.exe [2008-08-24 4067328]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-15 15360][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«ClearTemp»=del C:DOCUME~1UserLOCALS~1Tempyupdate.exe-{D8DF27E7-A42A-40BA-9F52-09BEEAD0CFD9} [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownloadAccelerator]
C:Program FilesDAPDAP.EXE /STARTUP [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpeedBitVideoAccelerator]
C:Program FilesSpeedBit Video AcceleratorVideoAccelerator.exe [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLs»=»C:WINDOWSsystem32cssdll32.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-06-03 139264][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoResolveSearch»=1
«NoDriveAutoRun»=67108863
«NoDriveTypeAutoRun»=323
«NoDrives»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesDAPDAP.exe»=»C:Program FilesDAPDAP.exe:*:Enabled:Download Accelerator Plus (DAP)»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======File associations======
.js — edit —
======List of files/folders created in the last 1 months======
2010-07-22 10:13:47 —-SHD—- C:RECYCLER
2010-07-22 09:42:12 —-A—- C:ComboFix.txt
2010-07-22 09:35:39 —-D—- C:WINDOWStemp
2010-07-22 09:30:38 —-A—- C:WINDOWSNIRCMD.exe
2010-07-22 09:12:53 —-A—- C:WINDOWSzip.exe
2010-07-22 09:12:53 —-A—- C:WINDOWSSWXCACLS.exe
2010-07-22 09:12:53 —-A—- C:WINDOWSSWSC.exe
2010-07-22 09:12:53 —-A—- C:WINDOWSSWREG.exe
2010-07-22 09:12:53 —-A—- C:WINDOWSsed.exe
2010-07-22 09:12:53 —-A—- C:WINDOWSPEV.exe
2010-07-22 09:12:53 —-A—- C:WINDOWSMBR.exe
2010-07-22 09:12:53 —-A—- C:WINDOWSgrep.exe
2010-07-22 09:10:29 —-D—- C:Qoobox
2010-07-21 20:42:23 —-D—- C:Documents and SettingsUserApplication DataYandex
2010-07-21 18:55:01 —-A—- C:WINDOWSsystem32driversutm4ody3.sys
2010-07-21 15:07:02 —-AD—- C:Kaspersky Rescue Disk 10.0
2010-07-21 14:26:36 —-A—- C:Boot.bak
2010-07-21 14:26:33 —-RASHD—- C:cmdcons
2010-07-21 14:20:57 —-D—- C:WINDOWSERDNT
2010-07-21 06:41:11 —-D—- C:Program FilesUnlocker
2010-07-21 05:22:48 —-D—- C:rsit
2010-07-21 05:22:48 —-D—- C:Program Filestrend micro
2010-07-20 18:26:50 —-D—- C:Documents and SettingsUserApplication Datadvdcss
2010-07-20 18:26:03 —-D—- C:Documents and SettingsUserApplication Datavlc
2010-07-20 10:48:17 —-D—- C:Documents and SettingsUserApplication DataToolbar4
2010-07-20 10:48:15 —-D—- C:Documents and SettingsAll UsersГлавное менюApplication DataSpeedBit
2010-07-19 15:21:17 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2010-07-19 15:21:11 —-A—- C:WINDOWSsystem32driversmbamswissarmy.sys
2010-07-19 15:21:10 —-D—- C:Documents and SettingsAll UsersГлавное менюApplication DataMalwarebytes
2010-07-19 15:21:08 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2010-07-19 15:21:08 —-A—- C:WINDOWSsystem32driversmbam.sys
2010-07-19 14:26:20 —-D—- C:WINDOWSCSC
2010-07-19 13:46:30 —-D—- C:WINDOWSpss
2010-07-17 10:11:41 —-A—- C:WINDOWSntbtlog.txt
2010-07-06 16:44:50 —-D—- C:Program FilesCommon FilesSkype======List of files/folders modified in the last 1 months======
2010-07-22 15:14:03 —-D—- C:WINDOWSPrefetch
2010-07-22 12:22:02 —-D—- C:Documents and SettingsUserApplication DataFileZilla
2010-07-22 11:45:27 —-D—- C:WINDOWSsystem32CatRoot2
2010-07-22 11:44:13 —-A—- C:WINDOWSSchedLgU.Txt
2010-07-22 11:43:17 —-D—- C:WINDOWSsystem32
2010-07-22 11:43:17 —-D—- C:WINDOWS
2010-07-22 11:43:16 —-D—- C:WINDOWSsystem32drivers
2010-07-22 11:40:41 —-D—- C:Program Files
2010-07-22 11:40:24 —-AD—- C:Documents and SettingsAll UsersГлавное менюApplication DataTEMP
2010-07-22 11:39:30 —-SHD—- C:WINDOWSInstaller
2010-07-22 11:39:30 —-D—- C:Config.Msi
2010-07-22 09:37:20 —-A—- C:WINDOWSsystem.ini
2010-07-22 09:36:54 —-D—- C:WINDOWSsystem32driversetc
2010-07-22 09:33:54 —-D—- C:WINDOWSAppPatch
2010-07-22 09:33:51 —-D—- C:Program FilesCommon Files
2010-07-21 22:45:29 —-HD—- C:WINDOWSinf
2010-07-21 19:15:37 —-D—- C:WINDOWSsystem32wbem
2010-07-21 19:15:36 —-D—- C:WINDOWSsystem32usmt
2010-07-21 19:15:36 —-D—- C:WINDOWSsystem32URTTemp
2010-07-21 19:15:33 —-D—- C:WINDOWSsystem32Restore
2010-07-21 19:15:32 —-D—- C:WINDOWSsystem32oobe
2010-07-21 19:15:31 —-D—- C:WINDOWSsystem32npp
2010-07-21 19:15:26 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-07-21 19:15:08 —-D—- C:WINDOWSsystem32Com
2010-07-21 19:15:01 —-D—- C:WINDOWSNetwork Diagnostic
2010-07-21 19:15:01 —-D—- C:WINDOWSmsagent
2010-07-21 19:14:52 —-HDC—- C:WINDOWSie8
2010-07-21 19:14:51 —-HDC—- C:WINDOWSie7
2010-07-21 19:14:50 —-D—- C:WINDOWSFlash Menu Factory
2010-07-21 19:14:49 —-SD—- C:WINDOWSDownloaded Program Files
2010-07-21 19:14:48 —-D—- C:Temp
2010-07-21 19:14:40 —-D—- C:Program FilesWinRAR
2010-07-21 19:14:39 —-D—- C:Program FilesWindows NT
2010-07-21 19:14:39 —-D—- C:Program FilesWindows Media Player
2010-07-21 19:14:39 —-D—- C:Program FilesWinDjView
2010-07-21 19:14:38 —-D—- C:Program FilesWinCMD
2010-07-21 19:14:38 —-D—- C:Program FilesWinamp
2010-07-21 19:14:36 —-D—- C:Program FilesWebMoney Agent
2010-07-21 19:14:36 —-D—- C:Program FilesWebMoney
2010-07-21 19:14:34 —-D—- C:Program FilesWeb Page Maker
2010-07-21 19:14:34 —-D—- C:Program FilesVertus Fluid Mask 3
2010-07-21 19:14:33 —-D—- C:Program FilesUSB Disk Security
2010-07-21 19:14:32 —-D—- C:Program FilesUltraISO
2010-07-21 19:14:31 —-D—- C:Program FilesTogether Flash Decompiler
2010-07-21 19:14:30 —-D—- C:Program FilesSWiSH Max2
2010-07-21 19:14:29 —-D—- C:Program FilesSWFText
2010-07-21 19:14:22 —-D—- C:Program FilesSkypeMate
2010-07-21 19:14:18 —-D—- C:Program FilesRainlendar2
2010-07-21 19:14:18 —-D—- C:Program FilesQuickTime
2010-07-21 19:14:16 —-D—- C:Program FilesQIP Infium
2010-07-21 19:14:15 —-D—- C:Program FilesOutlook Express
2010-07-21 19:14:15 —-D—- C:Program FilesOpera
2010-07-21 19:14:14 —-D—- C:Program FilesNotepad++
2010-07-21 19:14:14 —-D—- C:Program FilesNetMeeting
2010-07-21 19:14:13 —-D—- C:Program FilesMWSnap
2010-07-21 19:14:11 —-D—- C:Program Filesmp3DirectCut
2010-07-21 19:14:11 —-D—- C:Program FilesMozilla Firefox
2010-07-21 19:14:11 —-D—- C:Program FilesMovie Maker
2010-07-21 19:14:10 —-D—- C:Program FilesMicrosoft Silverlight
2010-07-21 19:14:05 —-D—- C:Program FilesMessenger
2010-07-21 19:14:01 —-D—- C:Program FilesKoolMoves
2010-07-21 19:13:59 —-D—- C:Program FilesK-Lite Codec Pack
2010-07-21 19:13:55 —-D—- C:Program FilesIrfanView
2010-07-21 19:13:55 —-D—- C:Program FilesInternet Explorer
2010-07-21 19:13:52 —-D—- C:Program FilesGifCreator
2010-07-21 19:13:52 —-D—- C:Program FilesFlashyEffects
2010-07-21 19:13:51 —-D—- C:Program FilesFlasherShop
2010-07-21 19:13:51 —-D—- C:Program FilesFlash Slideshow Maker Professional
2010-07-21 19:13:49 —-D—- C:Program FilesFlash Menu Labs Pro Rus v2
2010-07-21 19:13:44 —-D—- C:Program FilesFlash Menu Factory
2010-07-21 19:13:43 —-D—- C:Program FilesFlash Banner Creator
2010-07-21 19:13:43 —-D—- C:Program FilesFileZilla FTP Client
2010-07-21 19:13:42 —-D—- C:Program FilesEye Corrector
2010-07-21 19:13:21 —-D—- C:Program FilesColor Schemer Studio
2010-07-21 19:13:21 —-D—- C:Program FilesClientBank
2010-07-21 19:13:20 —-D—- C:Program Fileschmbookcreator
2010-07-21 19:13:20 —-D—- C:Program FilesCCleaner
2010-07-21 19:13:01 —-D—- C:Program FilesAdvanced JPEG Compressor
2010-07-21 19:13:00 —-D—- C:Program FilesAdobe Media Player
2010-07-21 19:12:35 —-D—- C:Program FilesAAALOGO2009
2010-07-21 19:12:34 —-D—- C:Program FilesA4DeskPro
2010-07-21 19:12:33 —-D—- C:Program FilesA4Desk Flash Photo Gallery Builder
2010-07-21 19:12:32 —-D—- C:Program FilesA4Desk
2010-07-21 19:12:30 —-D—- C:Program Files7-Zip
2010-07-21 19:12:30 —-D—- C:Program Files123 Flash Menu
2010-07-21 19:01:33 —-RD—- C:Documents and SettingsUserApplication DataМои документы
2010-07-21 19:01:22 —-D—- C:Documents and SettingsUserApplication DataFlash Jigsaw Producer
2010-07-21 17:06:56 —-SHD—- C:System Volume Information
2010-07-21 15:28:13 —-RSD—- C:WINDOWSFonts
2010-07-21 15:12:58 —-D—- C:WINDOWSsecurity
2010-07-21 14:48:14 —-SD—- C:WINDOWSTasks
2010-07-21 14:40:37 —-D—- C:WINDOWSsystem32config
2010-07-21 14:26:36 —-RASH—- C:boot.ini
2010-07-21 14:15:55 —-D—- C:Documents and SettingsUserApplication DataU3
2010-07-21 11:02:36 —-D—- C:WINDOWSPeerNet
2010-07-21 07:14:17 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2010-07-21 07:03:32 —-D—- C:WINDOWSDownloaded Installations
2010-07-21 05:33:10 —-D—- C:Program FilesUnity
2010-07-20 21:15:20 —-D—- C:WINDOWSSHELLNEW
2010-07-20 09:00:50 —-A—- C:WINDOWSModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt
2010-07-19 18:16:19 —-D—- C:Documents and SettingsUserApplication DataWebMoney
2010-07-19 14:42:32 —-A—- C:WINDOWSwin.ini
2010-07-19 14:36:00 —-D—- C:WINDOWSRegistration
2010-07-13 19:27:07 —-D—- C:Documents and SettingsUserApplication DataCorel
2010-07-13 19:26:31 —-D—- C:Documents and SettingsAll UsersГлавное менюApplication DataCorel
2010-07-10 13:23:16 —-D—- C:Program FilesFlashSpring Pro 3
2010-07-08 11:23:17 —-A—- C:WINDOWSNeroDigital.ini
2010-07-08 10:55:29 —-D—- C:Documents and SettingsUserApplication DataSkype
2010-07-08 09:24:21 —-D—- C:Documents and SettingsUserApplication DataskypePM======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:WINDOWSsystem32DRIVERSiaStor.sys [2008-09-08 317976]
R0 ohci1394;OHCI-совместимый IEEE 1394 хост-контроллер; C:WINDOWSsystem32DRIVERSohci1394.sys [2008-04-15 61696]
R0 pavboot;pavboot; C:WINDOWSsystem32driverspavboot.sys [2008-06-19 28544]
R0 PxHelp20;PxHelp20; C:WINDOWSSystem32DriversPxHelp20.sys [2007-03-08 43528]
R1 avgio;avgio; ??C:Program FilesAviraAntiVir Desktopavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2009-04-28 96104]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-15 40704]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; ??C:Program FilesUltraISOdriversISODrive.sys []
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2009-06-10 28520]
R2 adfs;adfs; C:WINDOWSsystem32driversadfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:WINDOWSsystem32DRIVERSavgntflt.sys [2009-12-07 56816]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2007-05-16 12672]
R2 rimsptsk;rimsptsk; C:WINDOWSsystem32DRIVERSrimsptsk.sys [2007-01-23 42496]
R2 XAudio;XAudio; C:WINDOWSsystem32DRIVERSxaudio.sys [2007-05-16 8192]
R2 xinstall;xinstall; ??C:WINDOWSsystem32driversxinstall.sys []
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:WINDOWSsystem32DRIVERSathw.sys [2008-08-14 1318464]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-15 60800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-06-03 3100160]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:WINDOWSsystem32driversAtiHdmi.sys [2008-05-21 93696]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERSHSX_DPV.sys [2007-05-16 986624]
R3 HSXHWAZL;HSXHWAZL; C:WINDOWSsystem32DRIVERSHSXHWAZL.sys [2007-05-16 206848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2008-05-20 4800000]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-15 61824]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-15 79232]
R3 SNC;Sony Notebook управляющее устройство; C:WINDOWSsystem32DRIVERSSonyNC.sys [2001-08-18 20752]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-15 32128]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB-видеоустройство (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2008-04-14 121984]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSX_CNXT.sys [2007-05-16 659968]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2007-01-08 250624]
S2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2009-06-15 40448]
S3 btaudio;Аудиоустройство Bluetooth; C:WINDOWSsystem32driversbtaudio.sys []
S3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys []
S3 BTWDNDIS;Сервер доступа к локальной сети Bluetooth; C:WINDOWSsystem32DRIVERSbtwdndis.sys []
S3 btwhid;btwhid; C:WINDOWSsystem32DRIVERSbtwhid.sys []
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; ??F:Driver`s! Everest Ultimate Editionkerneld.wnt []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]
S3 sffdisk;Драйвер класса SFF Storage; C:WINDOWSsystem32DRIVERSsffdisk.sys [2008-04-15 11904]
S3 sffp_sd;Драйвер протокола SFF Storage для SDBus; C:WINDOWSsystem32DRIVERSsffp_sd.sys [2008-04-15 11008]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-14 60032]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
S3 utm4ody3;AVZ Kernel Driver; ??C:WINDOWSsystem32Driversutm4ody3.sys []
S3 vaxscsi;vaxscsi; C:WINDOWSSystem32Driversvaxscsi.sys []
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]
S4 s24trans;Транспорт беспроводной сети; C:WINDOWSsystem32DRIVERSs24trans.sys []
S4 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2009-01-17 717296]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:Program FilesAviraAntiVir Desktopsched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:Program FilesAviraAntiVir Desktopavguard.exe [2009-08-05 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-06-03 552960]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-04-25 152984]
R2 StarWindServiceAE;StarWind AE Service; C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe [2007-05-28 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
S2 XAudioService;XAudioService; C:WINDOWSsystem32DRIVERSxaudio.exe [2007-05-16 386560]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2010-05-12 655624]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
info RSIT:info.txt logfile of random’s system information tool 1.08 2010-07-22 15:15:12
======Uninstall list======
—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
7-Zip 4.57—>»C:Program Files7-ZipUninstall.exe»
A4Desk Flash Photo Gallery Builder v2.15 (Studio Package)—>»C:Program FilesA4Desk Flash Photo Gallery Builderunins000.exe»
A4Desk v6.26 (Registered Version)—>»C:Program FilesA4Deskunins000.exe»
A4DeskPro v1.40—>»C:Program FilesA4DeskProunins000.exe»
AAA Logo 2009 Business Edition 3.0—>»C:Program FilesAAALOGO2009unins000.exe»
Acrobat.com—>msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com—>MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)—>MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR—>C:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4—>MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4—>MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4—>MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color — Photoshop Specific CS4—>MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4—>MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4—>MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4—>MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4—>MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Creative Suite 4 Design Premium—>C:Program FilesCommon FilesAdobeInstallers61891f6653695c87d1383e330e647bcSetup.exe —uninstall=1
Adobe Creative Suite 4 Design Premium—>MsiExec.exe /I{83744391-B5A4-40E3-8A7D-E8BF39CB00ED}
Adobe CSI CS4—>MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4—>MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4—>MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4—>MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4—>MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4—>MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4—>MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Fonts All—>MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4—>MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Importer—>MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Player—>msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player—>MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module—>MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4—>MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support—>MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4—>MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Reader 8 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A81200000003}
Adobe Search for Help—>MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension—>MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup—>MsiExec.exe /I{425AD62D-5B16-494C-8AAB-6B3D0CF2527A}
Adobe Shockwave Player 11—>C:WINDOWSsystem32adobeSHOCKW~1UNWISE.EXE
Adobe SVG Viewer 3.0—>C:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallWinstall.exe -u -f
Adobe Type Support CS4—>MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4—>MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4—>MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK—>MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB—>MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advanced JPEG Compressor 2009—>»C:Program FilesAdvanced JPEG Compressorunins000.exe»
AKVIS Coloriage—>MsiExec.exe /I{4833435D-7A4D-4D15-86F4-51C2D15549CF}
Aleo 3D Flash Slideshow Creator 1.4—>»C:Program FilesAleo Software3D Flash Slideshow Creatorunins000.exe»
Aleo Flash Intro Banner Maker 3.0—>»C:Program FilesAleo SoftwareFlash Intro and Banner Makerunins000.exe»
Alligator Flash Designer 8 (8.0.4) Trial—>C:PROGRA~1SeltecoALLIGA~2Setup.exe /remove
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal — Free Antivirus—>C:Program FilesAviraAntiVir Desktopsetup.exe /REMOVE
Canon CanoScan Toolbox 4.9—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}setup.exe» -l0x19 anything
Canon ScanGear Starter—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{18A5DFF2-8A95-49F3-873F-743CB5549F3D}SETUP.EXE» -l0x19 anything
CCleaner—>»C:Program FilesCCleaneruninst.exe»
Color Schemer Studio—>»C:Program FilesColor Schemer Studiounins000.exe»
Connect—>MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
EximiousSoft GIF Creator V5.57—>»C:Program FilesGifCreatorunins000.exe»
Eye Corrector—>C:Program FilesEye Correctoruninstall.exe
FileZilla Client 3.3.3—>C:Program FilesFileZilla FTP Clientuninstall.exe
Flash Menu Factory—>»C:WINDOWSFlash Menu Factoryuninstall.exe» «/U:C:Program FilesFlash Menu FactoryUninstalluninstall.xml»
Flash Menu Labs Pro Rus v2—>»C:Program FilesFlash Menu Labs Pro Rus v2unins000.exe»
Flash Optimizer 2—>»C:Program FilesEltima SoftwareFlash Optimizer 2unins000.exe»
Flash Slideshow Maker Pro 4.75—>C:Program FilesFlash Slideshow Maker Professionaluninst.exe
FlashyEffects 1.2.0—>»C:Program FilesFlashyEffectsunins000.exe»
Foxit Reader—>C:Program FilesFoxit SoftwareFoxit ReaderUninstall.exe
Haali Reader 2.0 (remove only)—>»C:Program FilesHaaliHaali Readeruninstall.exe»
HDAUDIO SoftV92 Data Fax Modem with SmartCP—>C:Program FilesCONEXANTCNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200HXFSETUP.EXE -U -ISnSZIRXz.inf
IrfanView (remove only)—>C:Program FilesIrfanViewiv_uninstall.exe
Java(TM) 6 Update 13—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Mega Codec Pack 3.7.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
KoolMoves 7.0—>»C:Program FilesKoolMovesunins000.exe»
kuler—>MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Mail.Ru Агент 5.6 (сборка 3278, для всех пользователей)—>C:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.6)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 6.0 Parser—>MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MWSnap 3—>»C:Program FilesMWSnapuninstall.exe»
Namo FreeMotion 2006—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A5B4CD3C-AD42-4F2E-989E-261D1E64AE58}setup.exe» -l0x9
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Notepad++—>C:Program FilesNotepad++uninstall.exe
Opera 9.64—>MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}
PDF Settings CS4—>MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw—>MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickTime—>MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rainlendar2 (remove only)—>»C:Program FilesRainlendar2uninst.exe»
Realtek High Definition Audio Driver—>RtlUpd.exe -r -m -nrg2709
Selteco Bannershop GIF Animator v5.0.7—>C:Program FilesSeltecoBannershop GIF Animatoruninstall.exe
Selteco Menu Maker 4.0.3—>C:Program FilesSeltecoMenu Makeruninstall.exe
Skype Toolbars—>MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
SkypeMate—>»C:Program FilesSkypeMateuninstall.exe»
Skype™ 4.2—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sothink Photo Album Maker—>»C:Program FilesSourceTecSothink Photo Album Makerunins000.exe»
Sothink SWF Decompiler—>»C:Program FilesSourceTecSothink SWF Decompilerunins000.exe»
Sothink SWF Easy Resource Add-on—>»C:Program FilesSourceTecSothink SWF Easyunins001.exe»
Sothink SWF Easy—>»C:Program FilesSourceTecSothink SWF Easyunins000.exe»
Sothink SWF Quicker—>»C:Program FilesSourceTecSothink SWF Quickerunins000.exe»
Suite Shared Configuration CS4—>MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SWFText 1.3—>»C:Program FilesSWFTextunins000.exe»
Swiff Player 1.5—>»C:Program FilesGlobFXSwiff Playerunins000.exe»
SWiSH Max2—>C:WINDOWSunvise32.exe
Ulead GIF Animator 5 TBYB—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{8AF3E926-ED59-11D4-A44B-0000E86D2305}Setup.exe»
UltraISO Premium V9.32—>»C:Program FilesUltraISOunins000.exe»
Unlocker 1.8.9—>C:Program FilesUnlockeruninst.exe
Update Manager—>MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
USB Disk Security—>»C:Program FilesUSB Disk Securityunins000.exe»
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vertus Fluid Mask 3 2.100.2-RC2—>»C:Program FilesVertus Fluid Mask 3Uninstall.exe»
Web Page Maker V3.0—>»C:Program FilesWeb Page Makerunins000.exe»
WebMoney Agent—>C:Program FilesWebMoney Agentuninst_wmagent.exe
WebMoney Keeper Classic 3.9.2.1—>»C:Program FilesWebMoneyUninstall.exe» «C:Program FilesWebMoneyinstall.log» -u
Winamp—>»C:Program FilesWinampUninstWA.exe»
WinDjView 1.0—>C:Program FilesWinDjViewuninstall.exe
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Wondershare Flash Gallery Factory 4.8.0.12—>»C:Program FilesWondershareFlash Gallery Factoryunins000.exe»
Wondershare Flash Gallery Factory 4.8.0.12—>»C:Program FilesWondershareFlash Gallery Factoryunins001.exe»
Xara3D6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{64C96428-3A75-4AAE-A538-C450EF68175F}setup.exe» -l0x9
Xerox Phaser 3117—>»C:WINDOWSXeroxP3117setup.exe» /L0019
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Клиент-Банк—>MsiExec.exe /I{43D655A6-B6BD-4B45-9724-2992C73EF57B}
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office—>MsiExec.exe /X{90120000-0020-0419-0000-0000000FF1CE}======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: USER-PC
Event Code: 7036
Message: Служба «Адаптер производительности WMI» перешла в состояние Работает.Record Number: 84893
Source Name: Service Control Manager
Time Written: 20100715095712.000000+240
Event Type: информация
User:Computer Name: USER-PC
Event Code: 7035
Message: Служба «Адаптер производительности WMI» успешно отправила управляющий элемент «запустить».Record Number: 84892
Source Name: Service Control Manager
Time Written: 20100715095712.000000+240
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: USER-PC
Event Code: 7036
Message: Служба «Служба обнаружения SSDP» перешла в состояние Работает.Record Number: 84891
Source Name: Service Control Manager
Time Written: 20100715095712.000000+240
Event Type: информация
User:Computer Name: USER-PC
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Работает.Record Number: 84890
Source Name: Service Control Manager
Time Written: 20100715095711.000000+240
Event Type: информация
User:Computer Name: USER-PC
Event Code: 7036
Message: Служба «avast! Web Scanner» перешла в состояние Работает.Record Number: 84889
Source Name: Service Control Manager
Time Written: 20100715095711.000000+240
Event Type: информация
User:=====Application event log=====
Computer Name: USER-PC
Event Code: 11724
Message: Product: Adobe Version Cue CS4 Server — Установка завершена успешно.Record Number: 10023
Source Name: MsiInstaller
Time Written: 20100512125557.000000+240
Event Type: информация
User: USER-PCUserComputer Name: USER-PC
Event Code: 11724
Message: Product: Adobe Dreamweaver CS4 — Установка завершена успешно.Record Number: 10022
Source Name: MsiInstaller
Time Written: 20100512125246.000000+240
Event Type: информация
User: USER-PCUserComputer Name: USER-PC
Event Code: 11724
Message: Product: Adobe Fireworks CS4 — Установка завершена успешно.Record Number: 10021
Source Name: MsiInstaller
Time Written: 20100512124708.000000+240
Event Type: информация
User: USER-PCUserComputer Name: USER-PC
Event Code: 11724
Message: Product: Adobe Illustrator CS4 — Установка завершена успешно.Record Number: 10020
Source Name: MsiInstaller
Time Written: 20100512124417.000000+240
Event Type: информация
User: USER-PCUserComputer Name: USER-PC
Event Code: 11724
Message: Product: Adobe Photoshop CS4 — Установка завершена успешно.Record Number: 10019
Source Name: MsiInstaller
Time Written: 20100512124145.000000+240
Event Type: информация
User: USER-PCUser======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 23 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=1706
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=.;C:Program FilesQuickTimeQTSystemQTJava.zip
«QTJAVA»=C:Program FilesQuickTimeQTSystemQTJava.zip
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;;C:Program FilesQuickTimeQTSystem
EOF
Похоже, что всё нормально. И Malwarebytes’ Anti-Malware ничего не находит (правда, при быстром сканировании).
😀Спасибо за Ваше терпение, Helper!
Результаты проверки на VirusTotal:
c:windowssystem32grcauth2.dll — http://www.virustotal.com/ru/analisis/6ca3365fc4bcf5ee0c7fdf6c1db1a46bc06fa5f8f8230a77b492a263aa73b7f6-1279790654
c:windowssystem32grcauth1.dll — http://www.virustotal.com/ru/analisis/6ca3365fc4bcf5ee0c7fdf6c1db1a46bc06fa5f8f8230a77b492a263aa73b7f6-1279790809
c:windowssystem32clauth2.dll — http://www.virustotal.com/ru/analisis/57066615364ed80a0eb64c496e26d56c3b65259b4636e86ede10afbcfbe0f076-1279791007
c:windowssystem32clauth1.dll — http://www.virustotal.com/ru/analisis/57066615364ed80a0eb64c496e26d56c3b65259b4636e86ede10afbcfbe0f076-1279791103
c:program filesoperaprogrampluginsdapop.dll — не найден (т.е. в указанном месте этого файла я не нашел)
c:windowssystem32beafc1_z.dll — не найден
c:windowssystem32siuily.exe — не найден
c:windowssystem32yfzkcss.dll — http://www.virustotal.com/ru/analisis/ff384938049767437c002b5e0a22c5ffe926d529ab4ed9332b5a1e0de23cb743-1279791822
c:progra~1speedb~2sblsp.dll — не найден
c:windowssystem32driverspavboot.sys — http://www.virustotal.com/ru/analisis/65b059bd5f783cd05e2d5df818d15b93bd5e8ff72eeb436dffa5de197283d8a8-1279792057Так надо было сделать?
*********************************
SpeedBit Video Accelerator устанавливал сам. Сейчас, на всякий случай, удалил.Извиняюсь, за то, что не понял Ваш совет.
Вот результаты проверки на VirusTotal:
Файл 1.txt получен 2010.07.22 07:54:22 (UTC)
Текущий статус: закончено
Результат: 0/42 (0%)Файл 2.txt получен 2010.07.22 07:55:45 (UTC)
Текущий статус: закончено
Результат: 0/42 (0%)Файл 3.txt получен 2010.07.22 07:57:46 (UTC)
Текущий статус: закончено
Результат: 0/42 (0%)Файл 4.txt получен 2010.07.22 07:59:56 (UTC)
Текущий статус: закончено
Результат: 0/42 (0%)Файл 5.txt получен 2010.07.22 08:02:51 (UTC)
Текущий статус: закончено
Результат: 0/42 (0%)Файл 6.txt получен 2010.07.22 08:05:12 (UTC)
Текущий статус: закончено
Результат: 0/42 (0%)Файл 7.txt получен 2010.07.22 08:06:19 (UTC)
Текущий статус: закончено
Результат: 0/42 (0%)Файл 8.txt получен 2010.07.22 08:07:59 (UTC)
Текущий статус: закончено
Результат: 0/42 (0%)Файл 9.txt получен 2010.07.22 08:09:25 (UTC)
Текущий статус: закончено
Результат: 0/42 (0%)Файл 10.txt получен 2010.07.22 08:10:54 (UTC)
Текущий статус: закончено
Результат: 0/42 (0%)
***********************************************************************
DAP удалил. Устанавливал сам с какого-то нормального сайта (кажется c chip.eu)
Avast удалил. Оставил один антивир — Avira((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-07-20 06:48 2447360 —-a-w- c:program filesSpeedBit Video DownloaderToolbartbcore3.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{7778AA60-698A-41D9-9BF0-7AB41045AA7F}»= «c:program filesYandexYandexBarIEbarsbarieesetyndbar.dll» [2010-05-25 8322888][HKEY_CLASSES_ROOTclsid{7778aa60-698a-41d9-9bf0-7ab41045aa7f}]
[HKEY_CLASSES_ROOTYandexEset.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{7775BF84-AB6A-44DE-8E7B-C32934180E03}]
[HKEY_CLASSES_ROOTYandexEset.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{7778AA60-698A-41D9-9BF0-7AB41045AA7F}»= «c:program filesYandexYandexBarIEbarsbarieesetyndbar.dll» [2010-05-25 8322888][HKEY_CLASSES_ROOTclsid{7778aa60-698a-41d9-9bf0-7ab41045aa7f}]
[HKEY_CLASSES_ROOTYandexEset.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{7775BF84-AB6A-44DE-8E7B-C32934180E03}]
[HKEY_CLASSES_ROOTYandexEset.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Rainlendar2″=»c:program filesRainlendar2Rainlendar2.exe» [2008-08-24 4067328]
«DownloadAccelerator»=»c:program filesDAPDAP.EXE» [2010-07-20 2819584]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«USB Antivirus»=»c:program filesUSB Disk SecurityUSBGuard.exe» [2009-12-14 819200]
«avast5″=»c:progra~1ALWILS~1Avast5avastUI.exe» [2010-06-28 2837864]
«UnlockerAssistant»=»c:program filesUnlockerUnlockerAssistant.exe» [2010-03-09 15872][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:windowssystem32cssdll32.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownloadAccelerator]
2010-07-20 06:48 2819584 —-a-w- c:program filesDAPDAP.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpeedBitVideoAccelerator]
2010-07-20 06:53 1607272 —-a-w- c:program filesSpeedBit Video AcceleratorVideoAccelerator.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\DAP\DAP.exe»=R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [22.01.2009 18:19 28544]
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [28.01.2009 9:16 165456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesAviraAntiVir Desktopsched.exe [01.04.2009 16:58 108289]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [28.01.2009 9:16 17744]
R2 VideoAcceleratorService;VideoAcceleratorService;c:progra~1SPEEDB~2VideoAcceleratorService.exe -start -scm —> c:progra~1SPEEDB~2VideoAcceleratorService.exe -start -scm [?]
R2 xinstall;xinstall;c:windowssystem32driversxinstall.sys [04.06.2009 11:45 6143]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;??f:driver`s! Everest Ultimate Editionkerneld.wnt —> f:driver`s! Everest Ultimate Editionkerneld.wnt [?]
S3 utm4ody3;AVZ Kernel Driver;c:windowssystem32driversutm4ody3.sys [21.07.2010 18:55 7168]
S3 vaxscsi;vaxscsi;c:windowssystem32Driversvaxscsi.sys —> c:windowssystem32Driversvaxscsi.sys [?]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [17.01.2009 22:37 717296]
.
Contents of the ‘Scheduled Tasks’ folder2010-07-21 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-583907252-706699826-1417001333-1003Core.job
— c:documents and settingsUserLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-05-12 10:25]2010-07-22 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-583907252-706699826-1417001333-1003UA.job
— c:documents and settingsUserLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-05-12 10:25]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
mStart Page = hxxp://www.apeha.ru
IE: &Clean Traces — c:program filesDAPPrivacy Packagedapcleanerie.htm
IE: &Download with &DAP — c:program filesDAPdapextie.htm
IE: Download &all with DAP — c:program filesDAPdapextie2.htm
IE: Open using &Advanced JPEG Compressor — c:program filesAdvanced JPEG Compressorajcieex.htm
IE: Sothink SWF Catcher — c:program filesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
IE: Добавить к существующему PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
IE: Добавить содержимое по ссылке в существующий файл PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Преобразовать содержимое по ссылке в PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
LSP: c:progra~1SPEEDB~2sblsp.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesmat087jb.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — http://www.yandex.ru
FF — prefs.js: keyword.URL — hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF — component: c:program filesDAPDAPFireFoxcomponentsDAPFireFox.dll
FF — component: c:program filesMozilla Firefoxextensions{AB2CE124-6272-4b12-94A9-7303C7397BD1}componentsSkypeFfComponent.dll
FF — component: c:program filesSpeedBit Video DownloaderSPFireFoxcomponentsEngine.dll
FF — plugin: c:documents and settingsUserLocal SettingsApplication DataGoogleUpdate1.2.183.29npGoogleOneClick8.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesOperaprogrampluginsnppl3260.dll
FF — plugin: c:program filesOperaprogrampluginsnppl3260.dll
FF — plugin: c:program filesOperaprogrampluginsnprpjplug.dll
FF — plugin: c:program filesOperaprogrampluginsnprpjplug.dll—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 09:37
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(920)
c:windowssystem32Ati2evxx.dll
c:program filesCommon FilesAdobeAdobe Drive CS4AdobeDriveCS4_NP.dll— — — — — — — > ‘explorer.exe'(3956)
c:windowssystem32ieframe.dll
c:program filesCommon FilesAdobeAdobe Drive CS4AdobeDriveCS4_NP.dll
c:windowssystem32webcheck.dll
.
Other Running Processes
.
c:windowssystem32Ati2evxx.exe
c:windowssystem32Ati2evxx.exe
c:program filesAlwil SoftwareAvast5AvastSvc.exe
c:program filesAviraAntiVir Desktopavguard.exe
c:program filesJavajre6binjqs.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:windowssystem32wdfmgr.exe
c:progra~1SPEEDB~2VideoAcceleratorService.exe
c:progra~1SPEEDB~2VideoAcceleratorEngine.exe
c:windowssystem32wbemwmiapsrv.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-22 09:42:11 — machine was rebooted
ComboFix-quarantined-files.txt 2010-07-22 05:42
ComboFix2.txt 2010-07-21 10:49Pre-Run: 129 457 455 104 байт свободно
Post-Run: 129 435 770 880 байт свободно— — End Of File — — D63376618BBEA378ED6BC109DA9AF4F7
****************************************************************************************************************************************************
Результат проверки на http://www.virustotal.com/ru:Файл analIs.txt получен 2010.07.22 04:30:21 (UTC)
Текущий статус: закончено
Результат: 0/42 (0.00%)(файл analIs.txt содержит упомянутые вами файлы
c:windowssystem32grcauth2.dll
c:windowssystem32grcauth1.dll
c:windowssystem32clauth2.dll
c:windowssystem32clauth1.dll
c:program filesoperaprogrampluginsdapop.dll
c:windowssystem32beafc1_z.dll
c:windowssystem32siuily.exe
c:windowssystem32yfzkcss.dll
c:windowssystem32cssdll32.dll
c:progra~1speedb~2sblsp.dll)
*************************************************************************************************************
Я удалил файл C:Documents and SettingsUserГлавное менюПрограммыАвтозагрузкаwwwznv32.exe посредством Unlocker. 😳
************************************************************************************************************
WebMoney устанавливал сам.Здравствуйте.
Вот новый лог ComboFix:ComboFix 10-07-21.01 — User 22.07.2010 9:31.2.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.1506 [GMT 4:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столCFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FILE ::
«c:documents and settingsNetworkServiceApplication Dataswqatk.dat»
«c:documents and settingsUserГлавное менюПрограммыАвтозагрузкаwwwznv32.exe»
«c:documents and settingsUserApplication Datafspro3_0.tmp»
«c:documents and settingsUserApplication Datafspro3_1.tmp»
«c:documents and settingsUserApplication Datafspro3_2.tmp»
«c:windowssystem3233cce451.exe»
«c:windowssystem32adaqph.exe»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersГлавное менюApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersГлавное менюApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:documents and settingsNetworkServiceApplication Dataswqatk.dat
c:documents and settingsUserApplication Datafspro3_0.tmp
c:documents and settingsUserApplication Datafspro3_1.tmp
c:documents and settingsUserApplication Datafspro3_2.tmp
c:program filesCommon FilesWM
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.2010-07-21 02:46 . 2010-07-21 02:46
d
w- c:documents and settingsАдминистраторApplication DataMalwarebytes
2010-07-21 02:41 . 2010-07-21 15:14
d
w- c:program filesUnlocker
2010-07-21 01:22 . 2010-07-21 15:14
d
w- c:program filestrend micro
2010-07-21 01:22 . 2010-07-21 01:23
d
w- C:rsit
2010-07-20 14:26 . 2010-07-20 14:29
d
w- c:documents and settingsUserApplication Datadvdcss
2010-07-20 14:26 . 2010-07-20 14:28
d
w- c:documents and settingsUserApplication Datavlc
2010-07-20 06:53 . 2010-07-21 15:14
d
w- c:program filesSpeedBit Video Accelerator
2010-07-20 06:48 . 2010-07-21 15:13
d
w- c:program filesDAP
2010-07-20 06:48 . 2010-07-20 06:48
d
w- c:documents and settingsUserApplication DataToolbar4
2010-07-20 06:48 . 2010-07-20 06:48
d
w- c:documents and settingsAll UsersГлавное менюApplication DataSpeedBit
2010-07-20 06:48 . 2010-07-20 06:48
d
w- c:program filesSearchPredict
2010-07-20 06:48 . 2010-07-21 15:14
d
w- c:program filesSpeedBit Video Downloader
2010-07-19 11:21 . 2010-07-19 11:21
d
w- c:documents and settingsUserApplication DataMalwarebytes
2010-07-19 11:21 . 2010-04-29 11:39 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-07-19 11:21 . 2010-07-19 11:21
d
w- c:documents and settingsAll UsersГлавное менюApplication DataMalwarebytes
2010-07-19 11:21 . 2010-07-21 15:14
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-07-19 11:21 . 2010-04-29 11:39 20952 —-a-w- c:windowssystem32driversmbam.sys
2010-07-19 10:36 . 2010-07-19 10:36
d
w- c:windowssystem32wbemRepository
2010-07-19 10:27 . 2010-07-19 10:27
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataMozilla
2010-07-17 07:04 . 2010-07-17 07:05
d
w- c:documents and settingsUserDoctorWeb
2010-07-17 06:12 . 2010-07-17 06:12
d-sh—w- c:documents and settingsАдминистраторIETldCache
2010-07-15 17:03 . 2010-07-15 17:03
d-sh—w- c:documents and settingsLocalServicePrivacIE
2010-07-15 17:02 . 2010-07-15 17:02
d-sh—w- c:windowssystem32configsystemprofileIETldCache
2010-07-06 12:44 . 2010-07-06 12:44
d
w- c:program filesCommon FilesSkype
2010-07-01 21:40 . 2010-06-28 20:57 38848 —-a-w- c:windowsavastSS.scr.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 05:37 . 2008-09-09 17:36
d—a-w- c:documents and settingsAll UsersГлавное менюApplication DataTEMP
2010-07-21 16:42 . 2010-07-21 16:42
d
w- c:documents and settingsUserApplication DataYandex
2010-07-21 16:42 . 2010-07-21 16:42
d
w- c:documents and settingsAll UsersГлавное менюApplication DataYandex
2010-07-21 16:42 . 2010-07-21 16:42
d
w- c:program filesYandex
2010-07-21 15:13 . 2009-09-10 18:19
d
w- c:program filesK-Lite Codec Pack
2010-07-21 15:12 . 2009-08-17 12:25
d
w- c:program filesAAALOGO2009
2010-07-21 15:12 . 2008-09-09 17:24
d
w- c:program filesA4DeskPro
2010-07-21 15:12 . 2009-05-01 10:31
d
w- c:program filesA4Desk Flash Photo Gallery Builder
2010-07-21 15:12 . 2008-09-09 12:53
d
w- c:program filesA4Desk
2010-07-21 15:12 . 2009-05-16 09:37
d
w- c:program files7-Zip
2010-07-21 15:12 . 2008-12-12 08:04
d
w- c:program files123 Flash Menu
2010-07-21 15:01 . 2009-05-17 18:08
d
r- c:documents and settingsUserApplication DataМои документы
2010-07-21 15:01 . 2008-09-22 13:27
d
w- c:documents and settingsUserApplication DataFlash Jigsaw Producer
2010-07-21 14:55 . 2010-07-21 14:55 7168 —-a-w- c:windowssystem32driversutm4ody3.sys
2010-07-21 10:15 . 2008-09-14 10:33
d
w- c:documents and settingsUserApplication DataU3
2010-07-21 03:14 . 2008-04-15 12:00 66016 —-a-w- c:windowssystem32perfc019.dat
2010-07-21 03:14 . 2008-04-15 12:00 424776 —-a-w- c:windowssystem32perfh019.dat
2010-07-21 01:33 . 2009-01-10 06:11
d
w- c:program filesUnity
2010-07-20 16:13 . 2008-11-25 18:45
d
w- c:documents and settingsUserApplication DataFileZilla
2010-07-20 07:00 . 2010-07-20 07:00 95744 —-a-w- c:documents and settingsAll UsersГлавное менюApplication DataSpeedBitDAPSDCondition.dll
2010-07-20 06:51 . 2010-07-20 06:51 3509272 —-a-w- c:documents and settingsAll UsersГлавное менюApplication DataSpeedBitDAPOffersVA31_DapSo.exe
2010-07-19 14:16 . 2009-06-25 09:52
d
w- c:documents and settingsUserApplication DataWebMoney
2010-07-15 17:02 . 2010-07-15 17:02 16 —-a-w- c:windowssystem32configsystemprofileApplication Dataswqatk.dat
2010-07-13 17:13 . 2008-09-08 13:10 97784 —-a-w- c:documents and settingsUserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-07-13 15:27 . 2009-06-25 19:12
d
w- c:documents and settingsUserApplication DataCorel
2010-07-13 15:26 . 2009-09-02 10:41
d
w- c:documents and settingsAll UsersГлавное менюApplication DataCorel
2010-07-13 15:22 . 2009-09-02 10:44 2516 —sha-w- c:documents and settingsAll UsersГлавное менюApplication DataKGyGaAvL.sys
2010-07-13 15:22 . 2009-09-02 10:44 2516 —sha-w- c:documents and settingsAll UsersГлавное менюApplication DataKGyGaAvL.sys
2010-07-10 09:23 . 2010-06-20 21:10
d
w- c:program filesFlashSpring Pro 3
2010-07-08 06:55 . 2008-11-05 10:57
d
w- c:documents and settingsUserApplication DataSkype
2010-07-08 05:24 . 2008-11-05 11:02
d
w- c:documents and settingsUserApplication DataskypePM
2010-06-28 20:57 . 2009-01-28 05:16 165032 —-a-w- c:windowssystem32aswBoot.exe
2010-06-28 20:37 . 2009-01-28 05:16 46672 —-a-w- c:windowssystem32driversaswTdi.sys
2010-06-28 20:37 . 2009-01-28 05:16 165456 —-a-w- c:windowssystem32driversaswSP.sys
2010-06-28 20:33 . 2009-01-28 05:16 23376 —-a-w- c:windowssystem32driversaswRdr.sys
2010-06-28 20:32 . 2009-01-28 05:16 100176 —-a-w- c:windowssystem32driversaswmon2.sys
2010-06-28 20:32 . 2009-01-28 05:16 94544 —-a-w- c:windowssystem32driversaswmon.sys
2010-06-28 20:32 . 2009-01-28 05:16 17744 —-a-w- c:windowssystem32driversaswFsBlk.sys
2010-06-28 20:32 . 2009-01-28 05:16 28880 —-a-w- c:windowssystem32driversaavmker4.sys
2010-06-14 09:32 . 2008-09-09 06:50
d—h—w- c:program filesInstallShield Installation Information
2010-06-14 08:52 . 2009-02-28 09:48
d
w- c:program filesWork With Registry
2010-06-01 07:00 . 2010-06-01 07:00
d
w- c:documents and settingsUserApplication DataAKVIS LLC
2010-05-12 11:59 . 2008-04-15 12:00 1024 —-a-w- c:windowssystem32yfzkcss.dll
2010-05-12 11:59 . 2008-04-15 12:00 1024 —-a-w- c:windowssystem32grcauth2.dll
2010-05-12 11:59 . 2008-04-15 12:00 1024 —-a-w- c:windowssystem32grcauth1.dll
2010-05-12 11:59 . 2008-04-15 12:00 1024 —-a-w- c:windowssystem32clauth2.dll
2010-05-12 11:59 . 2008-04-15 12:00 1024 —-a-w- c:windowssystem32clauth1.dll
2010-07-20 06:48 . 2010-07-20 06:51 251392 —-a-w- c:program filesoperaprogrampluginsdapop.dll
2009-03-29 11:44 . 2009-03-29 11:44 23 —sha-w- c:windowssystem32beafc1_z.dll
2009-08-30 17:24 . 2009-06-25 19:12 2828 —sha-w- c:windowssystem32KGyGaAvL.sys
.(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.— c:progra~1speedb~2sblsp.dll —
Company: Speedbit Ltd.
File Description: sblsp
File Version: 3,1,3,6
Product Name: sblsp
Copyright: Copyright © 1999-2010 SpeedBit Ltd.
Original Filename: sblsp.dll
File size: 251488
Created time: 2010-07-20 06:53
Modified time: 2010-07-20 06:53
MD5: 049A7A98465E750A3FC44B1EB02554E5
SHA1: 6A5C9374334ADBB9BE0445EC2A3C533F5655514D— c:program filesoperaprogrampluginsdapop.dll —
Company: SpeedBit Ltd.
File Description: Download Accelerator Plus (DAP) Opera/NS6 plugin
File Version: 9, 2, 0, 1
Product Name: Download Accelerator Plus (DAP) Opera/NS6 plugin
Copyright: Copyright (C) 1999 — 2010 SpeedBit Ltd.
Original Filename: DAPOP.DLL
File size: 251392
Created time: 2010-07-20 06:51
Modified time: 2010-07-20 06:48
MD5: EF3031790CDC4B11C0B0C31150DE68D7
SHA1: 21DF4395DC744FC509A7FC9D96FBDFA55F2F877F— c:windowssystem32beafc1_z.dll —
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 23
Created time: 2009-03-29 11:44
Modified time: 2009-03-29 11:44
MD5: 893D5DF87DC6438965605CAEAF5F203A
SHA1: 27C31C84FED62001CD9116BACAB363185A0AA2CB— c:windowssystem32clauth1.dll —
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 1024
Created time: 2008-04-15 12:00
Modified time: 2010-05-12 11:59
MD5: 9FC21D135BD057460571C865FAD1ADC0
SHA1: 9A88D5D7A616942705E40269DD5B3B2E062C037D— c:windowssystem32clauth2.dll —
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 1024
Created time: 2008-04-15 12:00
Modified time: 2010-05-12 11:59
MD5: 9FC21D135BD057460571C865FAD1ADC0
SHA1: 9A88D5D7A616942705E40269DD5B3B2E062C037D— c:windowssystem32cssdll32.dll —
Company: COMODO
File Description: COMODO SafeSurf
File Version: 1, 0, 0, 7
Product Name: COMODO SafeSurf
Copyright: Copyright 2007-2008 COMODO. All rights reserved
Original Filename: cssdll.dll
File size: 253688
Created time: 2009-03-11 15:23
Modified time: 2009-03-11 15:23
MD5: A20A975AD5C804EA4A9B043CE50237C8
SHA1: 02A8238FA69BEBDD7A218A226B972F4E8A12AA11— c:windowssystem32grcauth1.dll —
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 1024
Created time: 2008-04-15 12:00
Modified time: 2010-05-12 11:59
MD5: 29FF2E0507F3982A26D6D9BDD00CCE7B
SHA1: 7AF6DC03B50E7B48B500E8576278E5D1280F88FC— c:windowssystem32grcauth2.dll —
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 1024
Created time: 2008-04-15 12:00
Modified time: 2010-05-12 11:59
MD5: 29FF2E0507F3982A26D6D9BDD00CCE7B
SHA1: 7AF6DC03B50E7B48B500E8576278E5D1280F88FC— c:windowssystem32yfzkcss.dll —
Company:
File Description:
File Version:
Product Name:
Copyright:
Original Filename:
File size: 1024
Created time: 2008-04-15 12:00
Modified time: 2010-05-12 11:59
MD5: 3C0A5622AD068C561167B4742A039327
SHA1: 9E39206F000BB1AF710002D10DA6944905747357—- Directory of c:progra~1speedb~2 —-
2010-07-20 06:53 . 2010-07-20 06:53 484 —-a-w- c:progra~1speedb~2instlsp.log
2010-07-20 06:53 . 2010-07-20 06:53 10176 —-a-w- c:progra~1speedb~2INSTALL.LOG
2010-07-20 06:53 . 2010-07-20 06:53 75 —-a-w- c:progra~1speedb~2resblank.html
2010-07-20 06:53 . 2010-07-20 06:53 610 —-a-w- c:progra~1speedb~2cancel.gif
2010-07-20 06:53 . 2010-07-20 06:53 34445 —-a-w- c:progra~1speedb~2comtest.gif
2010-07-20 06:53 . 2010-07-20 06:53 15288 —-a-w- c:progra~1speedb~2progbar.gif
2010-07-20 06:53 . 2010-07-20 06:53 329 —-a-w- c:progra~1speedb~2ok.gif
2010-07-20 06:53 . 2010-07-20 06:53 17542 —-a-w- c:progra~1speedb~2tray_icon.ico
2010-07-20 06:53 . 2010-07-20 06:53 259688 —-a-w- c:progra~1speedb~2VACommTest.exe
2010-07-20 06:53 . 2010-07-20 06:53 288360 —-a-w- c:progra~1speedb~2CommPipe.dll
2010-07-20 06:53 . 2010-07-20 06:53 198240 —-a-w- c:progra~1speedb~2ConfigDB.dll
2010-07-20 06:53 . 2010-07-20 06:53 251488 —-a-w- c:progra~1speedb~2sblsp.dll
2010-07-20 06:53 . 2010-07-20 06:53 172095 —-a-w- c:progra~1speedb~2Instlsp.exe
2010-07-20 06:53 . 2010-07-20 06:53 94200 —-a-w- c:progra~1speedb~2unelevate.exe
2010-07-20 06:53 . 2010-07-20 06:53 860160 —-a-w- c:progra~1speedb~2VARes.dll
2010-07-20 06:53 . 2010-07-20 06:53 173600 —-a-w- c:progra~1speedb~2Monitor.dll
2010-07-20 06:53 . 2010-07-20 06:53 1906280 —-a-w- c:progra~1speedb~2Accelerator.dll
2010-07-20 06:53 . 2010-07-20 06:53 300656 —-a-w- c:progra~1speedb~2VideoAcceleratorService.exe
2010-07-20 06:53 . 2010-07-20 06:53 1607272 —-a-w- c:progra~1speedb~2VideoAccelerator.exe
2010-07-20 06:53 . 2010-07-20 06:53 140920 —-a-w- c:progra~1speedb~2VideoAcceleratorEngine.exe
2010-07-20 06:53 . 2010-07-20 06:53 210536 —-a-w- c:progra~1speedb~2Collector.dll
2010-07-20 06:53 . 2010-03-21 09:54 170008 —-a-w- c:progra~1speedb~2VARemove.exe
2010-07-20 06:53 . 2010-07-20 06:53 9488 —-a-w- c:progra~1speedb~2sporder.dll
2010-07-20 06:53 . 2010-03-21 09:54 94208 —-a-w- c:progra~1speedb~2cabex.dll
2010-07-20 06:53 . 2002-07-26 13:02 153088 —-a-w- c:progra~1speedb~2UNWISE.EXE—- Directory of c:program filesWebMoney —-
2010-06-21 12:15 . 2010-06-21 12:15 4785640 —-a-w- c:program filesWebMoneyWMClient.dll
2010-06-10 13:52 . 2010-06-10 13:52 1150 —-a-w- c:program filesWebMoneyresourcesiconspursesdisabledym.ico
2010-06-10 09:27 . 2010-06-10 09:27 1150 —-a-w- c:program filesWebMoneyresourcesiconspursesym.ico
2010-04-30 10:15 . 2010-04-30 10:15 206935 —-a-w- c:program filesWebMoneyinterface.zip
2010-04-27 09:20 . 2010-04-27 09:20 247304 —-a-w- c:program filesWebMoneygausenum.dll
2010-04-17 06:13 . 2010-04-17 06:33 6104 —-a-w- c:program filesWebMoney$$$.tmp
2010-04-06 11:33 . 2010-04-06 11:33 1508840 —-a-w- c:program filesWebMoneyWebMoney.exe
2010-03-11 14:54 . 2010-03-11 14:54 1461 —-a-w- c:program filesWebMoneyCertificatescert.wmtransfer.com_WebMoney Transfer Root Authority.cer
2010-02-24 12:34 . 2010-02-24 12:34 1644680 —-a-w- c:program filesWebMoneymiscwmadvisor.exe
2010-01-31 07:11 . 2010-01-31 07:11 0 —-a-w- c:program filesWebMoney726450698494.groups
2010-01-18 11:17 . 2010-01-18 11:17 18938 —-a-w- c:program filesWebMoneyresourcesiconsservicesexchanger.ico
2009-12-28 17:01 . 2009-12-28 17:01 5430 —-a-w- c:program filesWebMoneyresourcesiconsmessagesout.sms.ico
2009-10-26 08:10 . 2009-10-26 08:10 3451 —-a-w- c:program filesWebMoneywebmoney.exe.manifest
2009-10-26 08:10 . 2009-10-26 08:10 3450 —-a-w- c:program filesWebMoneykeeperid.exe.manifest
2009-10-22 13:47 . 2009-10-22 13:47 79384 —-a-w- c:program filesWebMoneyWMDispatcher.exe
2009-10-22 08:47 . 2009-10-22 08:47 3454 —-a-w- c:program filesWebMoneywmdispatcher.exe.manifest
2009-10-19 11:47 . 2009-10-19 11:47 575184 —-a-w- c:program filesWebMoneymiscwmagent_inst.exe
2009-09-22 10:59 . 2009-09-22 10:59 1150 —-a-w- c:program filesWebMoneyresourcesiconstabsdisabledinbox.ico
2009-09-17 16:37 . 2009-09-17 16:37 9662 —-a-w- c:program filesWebMoneyresourcesiconssigninsms.enum.ico
2009-09-09 08:28 . 2009-09-09 08:28 9662 —-a-w- c:program filesWebMoneyresourcesiconssignupsignup.ico
2009-08-21 13:52 . 2009-08-21 13:52 5430 —-a-w- c:program filesWebMoneyresourcesiconssignindelete.ico
2009-08-21 13:52 . 2009-08-21 13:52 5430 —-a-w- c:program filesWebMoneyresourcesiconssigninsave.ico
2009-08-21 13:52 . 2009-08-21 13:52 5430 —-a-w- c:program filesWebMoneyresourcesiconssigninlogin.ico
2009-08-16 16:02 . 2009-08-16 16:02 11294 —-a-w- c:program filesWebMoneyresourcesiconsdialogspassword.ico
2009-08-15 10:55 . 2009-08-15 10:55 13514 —-a-w- c:program filesWebMoneyresourcesiconsservicessecurity.ico
2009-08-10 13:01 . 2009-08-10 13:01 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionscommoncollapse.ico
2009-08-10 13:00 . 2009-08-10 13:00 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionscommonexpand.ico
2009-08-06 11:06 . 2009-08-06 11:06 13514 —-a-w- c:program filesWebMoneyresourcesiconsservicesfiles.ico
2009-07-03 17:12 . 2009-07-03 17:12 9662 —-a-w- c:program filesWebMoneyresourcesiconssigninfingerprint.ico
2009-07-03 17:11 . 2009-07-03 17:11 9662 —-a-w- c:program filesWebMoneyresourcesiconssigninenum.ico
2009-06-26 13:30 . 2009-06-26 13:30 9662 —-a-w- c:program filesWebMoneyresourcesiconssignintoken.ico
2009-06-25 09:23 . 2010-06-23 15:07 1586 —-a-w- c:program filesWebMoneyinstall.sss
2009-06-25 09:22 . 2010-06-23 15:07 31894 —-a-w- c:program filesWebMoneyINSTALL.LOG
2009-06-25 09:22 . 2010-06-23 15:06 874483 —-a-w- c:program filesWebMoneyUninstall.exe
2009-06-25 09:22 . 2010-06-21 12:36 40054 —-a-w- c:program filesWebMoneyAgreementsagreements.html
2009-06-02 15:21 . 2009-06-02 15:21 9662 —-a-w- c:program filesWebMoneyresourcesiconssigninkeys.ico
2009-04-13 14:57 . 2009-04-13 14:57 1150 —-a-w- c:program filesWebMoneyresourcesiconsstatusbarlock.ico
2009-01-16 16:24 . 2009-01-16 16:24 943568 —-a-w- c:program filesWebMoneyEnum.dll
2008-06-26 13:35 . 2008-06-26 13:35 984528 —-a-w- c:program filesWebMoneyDefaultKSP.dll
2008-01-31 13:50 . 2008-01-31 13:50 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_09.ico
2008-01-31 13:50 . 2008-01-31 13:50 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_10.ico
2008-01-31 13:50 . 2008-01-31 13:50 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_11.ico
2008-01-31 13:50 . 2008-01-31 13:50 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_12.ico
2008-01-31 13:50 . 2008-01-31 13:50 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_13.ico
2008-01-31 13:50 . 2008-01-31 13:50 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_14.ico
2008-01-31 13:50 . 2008-01-31 13:50 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_01.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_02.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_03.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_04.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstraywmagentwmagent_00.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstraywmagentwmagent_01.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstraywmagentwmagent_02.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstraywmagentwmagent_03.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstraywmagentwmagent_04.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstraywmagentwmagent_05.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_05.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_06.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_07.ico
2008-01-31 13:49 . 2008-01-31 13:49 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonline-nologinevent_online_08.ico
2008-01-17 09:48 . 2008-01-17 09:48 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.debt.partial.ico
2008-01-17 09:48 . 2008-01-17 09:48 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.debt.return.ico
2008-01-17 09:48 . 2008-01-17 09:48 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.debt.partial.ico
2008-01-17 09:48 . 2008-01-17 09:48 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.debt.return.ico
2008-01-16 09:33 . 2008-01-16 09:33 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.debt.done.ico
2008-01-16 09:33 . 2008-01-16 09:33 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.debt.none.ico
2008-01-16 09:33 . 2008-01-16 09:33 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.debt.done.ico
2008-01-16 09:33 . 2008-01-16 09:33 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.debt.none.ico
2008-01-10 13:52 . 2008-01-10 13:52 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.by.debt.ico
2008-01-10 13:52 . 2008-01-10 13:52 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.by.debt.ico
2007-12-21 09:21 . 2007-12-21 09:21 5430 —-a-w- c:program filesWebMoneyresourcesiconsinvoiceshistory.ico
2007-12-21 09:21 . 2007-12-21 09:21 5430 —-a-w- c:program filesWebMoneyresourcesiconsinvoiceshistory.in.ico
2007-12-21 09:21 . 2007-12-21 09:21 5430 —-a-w- c:program filesWebMoneyresourcesiconsinvoiceshistory.out.ico
2007-12-20 13:22 . 2007-12-20 13:22 5430 —-a-w- c:program filesWebMoneyresourcesiconsinvoicesdue.ico
2007-12-20 13:22 . 2007-12-20 13:22 5430 —-a-w- c:program filesWebMoneyresourcesiconsinvoicespayed.ico
2007-12-20 13:22 . 2007-12-20 13:22 5430 —-a-w- c:program filesWebMoneyresourcesiconsinvoicesrejected.ico
2007-12-20 08:58 . 2007-12-20 08:58 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.time.done.ico
2007-12-20 08:58 . 2007-12-20 08:58 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.time.done.ico
2007-12-19 14:08 . 2007-12-19 14:08 5430 —-a-w- c:program filesWebMoneyresourcesiconsmessagesin.ico
2007-12-19 14:08 . 2007-12-19 14:08 5430 —-a-w- c:program filesWebMoneyresourcesiconsmessagesout.ico
2007-12-19 13:03 . 2007-12-19 13:03 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.by.invoice.ico
2007-12-19 12:15 . 2007-12-19 12:15 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.by.invoice.ico
2007-12-19 12:15 . 2007-12-19 12:15 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.code.back.ico
2007-12-19 12:15 . 2007-12-19 12:15 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.ico
2007-12-19 12:15 . 2007-12-19 12:15 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.time.back.ico
2007-12-19 12:15 . 2007-12-19 12:15 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.time.wait.ico
2007-12-19 12:15 . 2007-12-19 12:15 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.code.back.ico
2007-12-19 12:15 . 2007-12-19 12:15 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.ico
2007-12-19 12:15 . 2007-12-19 12:15 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.time.back.ico
2007-12-19 12:15 . 2007-12-19 12:15 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.time.wait.ico
2007-12-17 14:24 . 2007-12-17 14:24 5430 —-a-w- c:program filesWebMoneyresourcesiconsmessageshistory.ico
2007-12-17 14:24 . 2007-12-17 14:24 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionshistory.ico
2007-12-17 14:24 . 2007-12-17 14:24 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.code.done.ico
2007-12-17 14:24 . 2007-12-17 14:24 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsin.code.wait.ico
2007-12-17 14:24 . 2007-12-17 14:24 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.code.done.ico
2007-12-17 14:24 . 2007-12-17 14:24 5430 —-a-w- c:program filesWebMoneyresourcesiconstransactionsout.code.wait.ico
2007-12-10 16:36 . 2007-12-10 16:36 30653 —-a-w- c:program filesWebMoneyresourcesiconspursesimgpurses.zip
2007-12-10 16:21 . 2007-12-10 16:21 32868 —-a-w- c:program filesWebMoneyresourcesiconspassportimgpassports.zip
2007-12-10 11:12 . 2007-12-10 11:12 5430 —-a-w- c:program filesWebMoneyresourcesiconsactionschathistory.ico
2007-12-10 11:12 . 2007-12-10 11:12 5430 —-a-w- c:program filesWebMoneyresourcesiconsactionschatsettings.ico
2007-12-10 11:12 . 2007-12-10 11:12 5430 —-a-w- c:program filesWebMoneyresourcesiconsactionscommonsendinvoice.ico
2007-12-10 11:12 . 2007-12-10 11:12 5430 —-a-w- c:program filesWebMoneyresourcesiconsactionscommonsendwm.ico
2007-12-10 11:12 . 2007-12-10 11:12 5430 —-a-w- c:program filesWebMoneyresourcesiconsactionscontactsfind.ico
2007-12-10 11:12 . 2007-12-10 11:12 5430 —-a-w- c:program filesWebMoneyresourcesiconsactionscontactsviewprops.ico
2007-12-10 11:12 . 2007-12-10 11:12 5430 —-a-w- c:program filesWebMoneyresourcesiconsactionsinfowiki.ico
2007-12-10 11:12 . 2007-12-10 11:12 5430 —-a-w- c:program filesWebMoneyresourcesiconsactionspursescreate.ico
2007-12-10 11:12 . 2007-12-10 11:12 5430 —-a-w- c:program filesWebMoneyresourcesiconsactionspursestopup.ico
2007-12-10 11:12 . 2007-12-10 11:12 5430 —-a-w- c:program filesWebMoneyresourcesiconstabscontacts.ico
2007-12-10 11:12 . 2007-12-10 11:12 5430 —-a-w- c:program filesWebMoneyresourcesiconstabspurses.ico
2007-12-06 09:58 . 2007-12-06 09:58 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdeveloper.ico
2007-12-05 14:44 . 2007-12-05 14:44 5430 —-a-w- c:program filesWebMoneyresourcesiconspursesdisabledwmc.ico
2007-12-05 14:28 . 2007-12-05 14:28 5430 —-a-w- c:program filesWebMoneyresourcesiconspursesdisabledwmd.ico
2007-12-05 13:21 . 2007-12-05 13:21 5430 —-a-w- c:program filesWebMoneyresourcesiconspurseswmc.ico
2007-12-05 13:21 . 2007-12-05 13:21 5430 —-a-w- c:program filesWebMoneyresourcesiconspurseswmd.ico
2007-12-05 10:20 . 2007-12-05 10:20 5430 —-a-w- c:program filesWebMoneyresourcesiconspursesdisabledatm.ico
2007-12-05 10:20 . 2007-12-05 10:20 5430 —-a-w- c:program filesWebMoneyresourcesiconspursesdisabledwmb.ico
2007-12-05 10:20 . 2007-12-05 10:20 5430 —-a-w- c:program filesWebMoneyresourcesiconspursesdisabledwme.ico
2007-12-05 10:20 . 2007-12-05 10:20 5430 —-a-w- c:program filesWebMoneyresourcesiconspursesdisabledwmg.ico
2007-12-05 10:20 . 2007-12-05 10:20 5430 —-a-w- c:program filesWebMoneyresourcesiconspursesdisabledwmr.ico
2007-12-05 10:20 . 2007-12-05 10:20 5430 —-a-w- c:program filesWebMoneyresourcesiconspursesdisabledwmu.ico
2007-12-05 10:20 . 2007-12-05 10:20 5430 —-a-w- c:program filesWebMoneyresourcesiconspursesdisabledwmy.ico
2007-12-05 10:20 . 2007-12-05 10:20 5430 —-a-w- c:program filesWebMoneyresourcesiconspursesdisabledwmz.ico
2007-12-04 16:03 . 2007-12-04 16:03 5430 —-a-w- c:program filesWebMoneyresourcesiconspursesatm.ico
2007-12-03 15:46 . 2007-12-03 15:46 5430 —-a-w- c:program filesWebMoneyresourcesiconspurseswmg.ico
2007-12-03 14:10 . 2007-12-03 14:10 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionschatmultisend.ico
2007-12-03 11:04 . 2007-12-03 11:04 1150 —-a-w- c:program filesWebMoneyresourcesiconstabsinfo.ico
2007-12-03 10:52 . 2007-12-03 10:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstreeexpand.ico
2007-12-03 10:52 . 2007-12-03 10:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstreecollapse.ico
2007-12-03 10:51 . 2007-12-03 10:51 1150 —-a-w- c:program filesWebMoneyresourcesiconsstatusbarrefresh.ico
2007-12-03 10:51 . 2007-12-03 10:51 1150 —-a-w- c:program filesWebMoneyresourcesiconsstatusbarlock_warn.ico
2007-12-03 10:51 . 2007-12-03 10:51 1150 —-a-w- c:program filesWebMoneyresourcesiconsstatusbarlock_ok.ico
2007-12-03 10:50 . 2007-12-03 10:50 1150 —-a-w- c:program filesWebMoneyresourcesiconsstatusbarlock_err.ico
2007-12-03 10:49 . 2007-12-03 10:49 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionschatquote.ico
2007-12-03 10:49 . 2007-12-03 10:49 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionschatfind.ico
2007-12-03 10:48 . 2007-12-03 10:48 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionscommoncopywmid.ico
2007-12-03 10:48 . 2007-12-03 10:48 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionsinfohelp.ico
2007-12-03 10:47 . 2007-12-03 10:47 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionsinfotutorial.ico
2007-12-03 10:47 . 2007-12-03 10:47 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionsinfofaq.ico
2007-12-03 10:47 . 2007-12-03 10:47 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionsinfohome.ico
2007-12-03 10:45 . 2007-12-03 10:45 1150 —-a-w- c:program filesWebMoneyresourcesiconstabsinbox.ico
2007-12-03 10:44 . 2007-12-03 10:44 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionscommonmenu.ico
2007-12-03 10:36 . 2007-12-03 10:36 894 —-a-w- c:program filesWebMoneyresourcesiconsnull.ico
2007-11-30 14:00 . 2007-11-30 14:00 5430 —-a-w- c:program filesWebMoneyresourcesiconspurseswmb.ico
2007-11-30 14:00 . 2007-11-30 14:00 5430 —-a-w- c:program filesWebMoneyresourcesiconspurseswme.ico
2007-11-30 14:00 . 2007-11-30 14:00 5430 —-a-w- c:program filesWebMoneyresourcesiconspurseswmr.ico
2007-11-30 14:00 . 2007-11-30 14:00 5430 —-a-w- c:program filesWebMoneyresourcesiconspurseswmu.ico
2007-11-30 14:00 . 2007-11-30 14:00 5430 —-a-w- c:program filesWebMoneyresourcesiconspurseswmy.ico
2007-11-30 14:00 . 2007-11-30 14:00 5430 —-a-w- c:program filesWebMoneyresourcesiconspurseswmz.ico
2007-11-28 09:39 . 2007-11-28 09:39 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportalias.ico
2007-11-28 09:39 . 2007-11-28 09:39 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportcapitaller.ico
2007-11-28 09:39 . 2007-11-28 09:39 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportformal.ico
2007-11-28 09:39 . 2007-11-28 09:39 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportguarantor.ico
2007-11-28 09:39 . 2007-11-28 09:39 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportinitial.ico
2007-11-28 09:39 . 2007-11-28 09:39 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportmerchant.ico
2007-11-28 09:39 . 2007-11-28 09:39 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportoperator.ico
2007-11-28 09:39 . 2007-11-28 09:39 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportpersonal.ico
2007-11-28 09:39 . 2007-11-28 09:39 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportregistrar.ico
2007-11-28 09:39 . 2007-11-28 09:39 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportservice.ico
2007-11-20 08:07 . 2007-11-20 08:07 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdisabledformal.ico
2007-11-20 08:02 . 2007-11-20 08:02 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdisabledservice.ico
2007-11-20 08:01 . 2007-11-20 08:01 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdisabledregistrar.ico
2007-11-20 07:51 . 2007-11-20 07:51 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdisableddeveloper.ico
2007-11-20 07:48 . 2007-11-20 07:48 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdisabledalias.ico
2007-11-20 07:44 . 2007-11-20 07:44 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdisabledmerchant.ico
2007-11-20 07:36 . 2007-11-20 07:36 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdisabledpersonal.ico
2007-11-20 07:33 . 2007-11-20 07:33 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdisabledoperator.ico
2007-11-20 07:24 . 2007-11-20 07:24 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdisabledinitial.ico
2007-11-20 07:17 . 2007-11-20 07:17 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdisabledcapitaller.ico
2007-11-20 07:16 . 2007-11-20 07:16 5430 —-a-w- c:program filesWebMoneyresourcesiconspassportdisabledguarantor.ico
2007-10-23 14:34 . 2007-10-23 14:34 140808 —-a-w- c:program filesWebMoneybexth.dll
2007-10-22 07:38 . 2007-10-22 07:38 1150 —-a-w- c:program filesWebMoneyresourcesiconsstatusbardisabledlock.ico
2007-10-22 07:29 . 2007-10-22 07:29 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionscommondisabledsendwm.ico
2007-10-22 07:29 . 2007-10-22 07:29 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionspursesdisabledtopup.ico
2007-10-22 06:36 . 2007-10-22 06:36 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionspursesdisabledcreate.ico
2007-10-22 06:20 . 2007-10-22 06:20 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionscommondelall.ico
2007-10-22 06:18 . 2007-10-22 06:18 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionscommondisableddelall.ico
2007-10-19 12:20 . 2007-10-19 12:20 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionscommondisableddel.ico
2007-10-19 12:18 . 2007-10-19 12:18 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionscommondisabledsendinvoice.ico
2007-10-19 12:12 . 2007-10-19 12:12 1150 —-a-w- c:program filesWebMoneyresourcesiconsactionscommondel.ico
2007-08-06 08:27 . 2007-08-06 08:27 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrestorerestore_01.ico
2007-08-06 08:27 . 2007-08-06 08:27 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrestorerestore_02.ico
2007-08-06 08:27 . 2007-08-06 08:27 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrestorerestore_03.ico
2007-08-06 08:27 . 2007-08-06 08:27 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrestorerestore_04.ico
2007-08-06 08:27 . 2007-08-06 08:27 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrestorerestore_05.ico
2007-08-06 08:27 . 2007-08-06 08:27 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrestorerestore_06.ico
2007-08-06 08:27 . 2007-08-06 08:27 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrestorerestore_07.ico
2007-08-06 08:27 . 2007-08-06 08:27 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrestorerestore_08.ico
2007-08-06 08:27 . 2007-08-06 08:27 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrestorerestore_09.ico
2007-08-06 08:27 . 2007-08-06 08:27 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrestorerestore_10.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_01.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_02.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_03.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_04.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_05.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_06.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_07.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_08.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_09.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_10.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_11.ico
2007-08-02 07:48 . 2007-08-02 07:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstraysignupevent_signup_12.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_01.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_02.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_03.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_04.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_05.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_06.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_07.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_08.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_09.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_10.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_11.ico
2007-07-31 13:25 . 2007-07-31 13:25 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayofflineevent_offline_12.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_01.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_02.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_03.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_04.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_05.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_06.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_07.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_08.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_09.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_10.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_11.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_12.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_13.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_14.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_15.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_16.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_17.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_18.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_19.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_20.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_21.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_22.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_23.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_24.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_25.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_26.ico
2007-07-31 13:09 . 2007-07-31 13:09 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayrejectedevent_rejected_invoice_27.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_01.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_02.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_03.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_04.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_05.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_06.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_07.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_08.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_09.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_10.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_11.ico
2007-07-31 10:13 . 2007-07-31 10:13 1150 —-a-w- c:program filesWebMoneyresourcesiconstraypaymentevent_payment_12.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_01.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_02.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_03.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_04.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_05.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_06.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_07.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_08.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_09.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_10.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_11.ico
2007-07-31 07:52 . 2007-07-31 07:52 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayinvoiceevent_invoice_12.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_01.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_02.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_03.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_04.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_05.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_06.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_07.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_08.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_09.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_10.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_11.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_12.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_13.ico
2007-07-26 09:55 . 2007-07-26 09:55 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayonlineevent_online_14.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_00.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_01.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_02.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_03.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_04.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_05.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_06.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_07.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_08.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_09.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_10.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_11.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_12.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_13.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_14.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_15.ico
2007-07-25 10:26 . 2007-07-25 10:26 1150 —-a-w- c:program filesWebMoneyresourcesiconstraymessageEVENT_MESSAGE_16.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_00.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_01.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_02.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_03.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_04.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_05.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_06.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_07.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_08.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_09.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_10.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_11.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_12.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_13.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_14.ico
2007-07-25 09:48 . 2007-07-25 09:48 1150 —-a-w- c:program filesWebMoneyresourcesiconstrayloginevent_login_15.ico
2007-07-20 11:53 . 2007-07-20 11:53 145 —-a-w- c:program filesWebMoneyregwmd.bat
2007-04-16 13:27 . 2007-04-16 13:27 360518 —-a-w- c:program filesWebMoneyresourcesiconsapplogo.ico
2007-02-07 10:56 . 2007-02-07 10:56 1645320 —-a-w- c:program filesWebMoneygdiplus.dll
2006-09-20 09:36 . 2006-09-20 09:36 7590 —-a-w- c:program filesWebMoneySoundsmessage.wav
2006-02-09 15:31 . 2006-02-09 15:31 941 —-a-w- c:program filesWebMoneyCertificatesDekart_Authority.cer
2005-10-27 14:33 . 2005-10-27 14:33 292616 —-a-w- c:program filesWebMoneyKeeperID.exe
2005-06-23 13:24 . 2005-06-23 13:24 1053 —-a-w- c:program filesWebMoneyCertificatesprev.cert.wmtransfer.com_WebMoney Transfer Root Authority.cer
2004-10-07 14:10 . 2004-10-07 14:10 94346 —-a-w- c:program filesWebMoneySoundspayment.wav
2003-08-05 08:15 . 2003-08-05 08:15 9202 —-a-w- c:program filesWebMoneyAgreementshistory.html
2003-04-22 14:22 . 2003-04-22 14:22 8673 —-a-w- c:program filesWebMoneyAgreementsreadme.html
2002-06-05 13:46 . 2002-06-05 13:46 15722 —-a-w- c:program filesWebMoneySoundsnotify.wav
2000-04-20 17:48 . 2000-04-20 17:48 28672 —-a-w- c:program filesWebMoneyCertificatesInstallCert.exeБлагодарю за скорый ответ.
Лог ComboFix:
ComboFix 10-07-20.03 — User 21.07.2010 14:27:55.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.1564 [GMT 4:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesCommon Fileskeylog.txt
c:program filesCommon FilesWM
c:program filesMail.RuAgentMradllnewmrasearch.dll
c:program filesSpeedBit Video DownloaderToolbartbhelper.dll
c:windowsa3kebook.ini
c:windowsakebook.ini
c:windowsANS2000.INI
c:windowssystem32prsgrc.dll
c:windowssystem32SHELLLNK.TLB
c:windowssystem32ssprs.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_MSUPDATE
Legacy_SFC((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.2010-07-21 11:07 . 2010-07-21 13:51
d—a-w- C:Kaspersky Rescue Disk 10.0
2010-07-21 10:41 . 2010-07-21 10:41
d
w- c:program filesCommon Fileswm
2010-07-21 02:46 . 2010-07-21 02:46
d
w- c:documents and settingsАдминистраторApplication DataMalwarebytes
2010-07-21 02:41 . 2010-07-21 02:43
d
w- c:program filesUnlocker
2010-07-21 01:22 . 2010-07-21 02:00
d
w- c:program filestrend micro
2010-07-21 01:22 . 2010-07-21 01:23
d
w- C:rsit
2010-07-20 15:46 . 2010-07-20 15:46 103424 —-a-w- c:windowssystem32adaqph.exe
2010-07-20 15:46 . 2010-07-20 15:46 41472 —-a-w- c:windowssystem3233cce451.exe
2010-07-20 14:26 . 2010-07-20 14:29
d
w- c:documents and settingsUserApplication Datadvdcss
2010-07-20 14:26 . 2010-07-20 14:28
d
w- c:documents and settingsUserApplication Datavlc
2010-07-20 06:53 . 2010-07-20 06:53
d
w- c:program filesSpeedBit Video Accelerator
2010-07-20 06:48 . 2010-07-20 06:51
d
w- c:program filesDAP
2010-07-20 06:48 . 2010-07-20 06:48
d
w- c:documents and settingsUserApplication DataToolbar4
2010-07-20 06:48 . 2010-07-20 06:48
d
w- c:documents and settingsAll UsersГлавное менюApplication DataSpeedBit
2010-07-20 06:48 . 2010-07-20 06:48
d
w- c:program filesSearchPredict
2010-07-20 06:48 . 2010-07-20 06:48
d
w- c:program filesSpeedBit Video Downloader
2010-07-19 11:21 . 2010-07-19 11:21
d
w- c:documents and settingsUserApplication DataMalwarebytes
2010-07-19 11:21 . 2010-04-29 11:39 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-07-19 11:21 . 2010-07-19 11:21
d
w- c:documents and settingsAll UsersГлавное менюApplication DataMalwarebytes
2010-07-19 11:21 . 2010-07-19 11:21
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-07-19 11:21 . 2010-04-29 11:39 20952 —-a-w- c:windowssystem32driversmbam.sys
2010-07-19 10:36 . 2010-07-19 10:36
d
w- c:windowssystem32wbemRepository
2010-07-19 10:27 . 2010-07-19 10:27
d
w- c:documents and settingsАдминистраторLocal SettingsApplication DataMozilla
2010-07-17 07:04 . 2010-07-17 07:05
d
w- c:documents and settingsUserDoctorWeb
2010-07-17 06:12 . 2010-07-17 06:12
d-sh—w- c:documents and settingsАдминистраторIETldCache
2010-07-16 19:47 . 2010-07-16 19:47 102912 —-a-w- c:windowssystem32siuily.exe
2010-07-15 17:03 . 2010-07-15 17:03
d-sh—w- c:documents and settingsLocalServicePrivacIE
2010-07-15 17:02 . 2010-07-15 17:02
d-sh—w- c:windowssystem32configsystemprofileIETldCache
2010-07-06 12:44 . 2010-07-06 12:44
d
w- c:program filesCommon FilesSkype
2010-07-01 21:40 . 2010-06-28 20:57 38848 —-a-w- c:windowsavastSS.scr.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 10:42 . 2008-09-09 17:36
d—a-w- c:documents and settingsAll UsersГлавное менюApplication DataTEMP
2010-07-21 10:15 . 2008-09-14 10:33
d
w- c:documents and settingsUserApplication DataU3
2010-07-21 03:14 . 2008-04-15 12:00 66016 —-a-w- c:windowssystem32perfc019.dat
2010-07-21 03:14 . 2008-04-15 12:00 424776 —-a-w- c:windowssystem32perfh019.dat
2010-07-21 01:33 . 2009-01-10 06:11
d
w- c:program filesUnity
2010-07-20 16:13 . 2008-11-25 18:45
d
w- c:documents and settingsUserApplication DataFileZilla
2010-07-20 15:46 . 2010-07-20 15:46 12 —-a-w- c:documents and settingsNetworkServiceApplication Dataswqatk.dat
2010-07-20 07:00 . 2010-07-20 07:00 95744 —-a-w- c:documents and settingsAll UsersГлавное менюApplication DataSpeedBitDAPSDCondition.dll
2010-07-20 06:51 . 2010-07-20 06:51 3509272 —-a-w- c:documents and settingsAll UsersГлавное менюApplication DataSpeedBitDAPOffersVA31_DapSo.exe
2010-07-19 14:16 . 2009-06-25 09:52
d
w- c:documents and settingsUserApplication DataWebMoney
2010-07-17 17:18 . 2009-07-20 13:18
d
w- c:program filesOpera
2010-07-15 17:02 . 2010-07-15 17:02 16 —-a-w- c:windowssystem32configsystemprofileApplication Dataswqatk.dat
2010-07-15 11:43 . 2008-09-09 17:28
d
w- c:program fileschmbookcreator
2010-07-13 17:13 . 2008-09-08 13:10 97784 —-a-w- c:documents and settingsUserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-07-13 15:27 . 2009-06-25 19:12
d
w- c:documents and settingsUserApplication DataCorel
2010-07-13 15:26 . 2009-09-02 10:41
d
w- c:documents and settingsAll UsersГлавное менюApplication DataCorel
2010-07-13 15:22 . 2009-09-02 10:44 2516 —sha-w- c:documents and settingsAll UsersГлавное менюApplication DataKGyGaAvL.sys
2010-07-13 15:22 . 2009-09-02 10:44 2516 —sha-w- c:documents and settingsAll UsersГлавное менюApplication DataKGyGaAvL.sys
2010-07-13 09:24 . 2008-12-12 08:04
d
w- c:program files123 Flash Menu
2010-07-10 09:23 . 2010-06-20 21:10
d
w- c:program filesFlashSpring Pro 3
2010-07-08 12:40 . 2009-12-24 05:16
d
w- c:program filesFileZilla FTP Client
2010-07-08 06:55 . 2008-11-05 10:57
d
w- c:documents and settingsUserApplication DataSkype
2010-07-08 05:24 . 2008-11-05 11:02
d
w- c:documents and settingsUserApplication DataskypePM
2010-07-03 12:27 . 2008-12-11 14:54
d
w- c:program filesFlash Menu Factory
2010-06-28 20:57 . 2009-01-28 05:16 165032 —-a-w- c:windowssystem32aswBoot.exe
2010-06-28 20:37 . 2009-01-28 05:16 46672 —-a-w- c:windowssystem32driversaswTdi.sys
2010-06-28 20:37 . 2009-01-28 05:16 165456 —-a-w- c:windowssystem32driversaswSP.sys
2010-06-28 20:33 . 2009-01-28 05:16 23376 —-a-w- c:windowssystem32driversaswRdr.sys
2010-06-28 20:32 . 2009-01-28 05:16 100176 —-a-w- c:windowssystem32driversaswmon2.sys
2010-06-28 20:32 . 2009-01-28 05:16 94544 —-a-w- c:windowssystem32driversaswmon.sys
2010-06-28 20:32 . 2009-01-28 05:16 17744 —-a-w- c:windowssystem32driversaswFsBlk.sys
2010-06-28 20:32 . 2009-01-28 05:16 28880 —-a-w- c:windowssystem32driversaavmker4.sys
2010-06-24 03:16 . 2010-06-21 21:00 74 —-a-w- c:documents and settingsUserApplication Datafspro3_2.tmp
2010-06-24 03:16 . 2010-06-20 21:12 74 —-a-w- c:documents and settingsUserApplication Datafspro3_0.tmp
2010-06-23 15:07 . 2009-06-25 09:22
d
w- c:program filesWebMoney
2010-06-20 22:24 . 2010-06-20 21:12 76722 —-a-w- c:documents and settingsUserApplication Datafspro3_1.tmp
2010-06-14 09:32 . 2008-09-09 06:50
d—h—w- c:program filesInstallShield Installation Information
2010-06-14 08:52 . 2009-02-28 09:48
d
w- c:program filesWork With Registry
2010-06-14 08:39 . 2010-06-14 08:39
d
w- c:program filesCCleaner
2010-06-01 07:00 . 2010-06-01 07:00
d
w- c:documents and settingsUserApplication DataAKVIS LLC
2010-05-12 11:59 . 2008-04-15 12:00 1024 —-a-w- c:windowssystem32yfzkcss.dll
2010-05-12 11:59 . 2008-04-15 12:00 1024 —-a-w- c:windowssystem32grcauth2.dll
2010-05-12 11:59 . 2008-04-15 12:00 1024 —-a-w- c:windowssystem32grcauth1.dll
2010-05-12 11:59 . 2008-04-15 12:00 1024 —-a-w- c:windowssystem32clauth2.dll
2010-05-12 11:59 . 2008-04-15 12:00 1024 —-a-w- c:windowssystem32clauth1.dll
2010-07-20 06:48 . 2010-07-20 06:51 251392 —-a-w- c:program filesoperaprogrampluginsdapop.dll
2009-03-29 11:44 . 2009-03-29 11:44 23 —sha-w- c:windowssystem32beafc1_z.dll
2009-08-30 17:24 . 2009-06-25 19:12 2828 —sha-w- c:windowssystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-07-20 06:48 2447360 —-a-w- c:program filesSpeedBit Video DownloaderToolbartbcore3.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
[HKEY_LOCAL_MACHINE~Browser Helper Objects{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Rainlendar2″=»c:program filesRainlendar2Rainlendar2.exe» [2008-08-24 4067328]
«DownloadAccelerator»=»c:program filesDAPDAP.EXE» [2010-07-20 2819584]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«USB Antivirus»=»c:program filesUSB Disk SecurityUSBGuard.exe» [2009-12-14 819200]
«avast5″=»c:progra~1ALWILS~1Avast5avastUI.exe» [2010-06-28 2837864]
«UnlockerAssistant»=»c:program filesUnlockerUnlockerAssistant.exe» [2010-03-09 15872][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«Userinit»=»c:windowssystem32userinit.exe,userinit.exe,c:windowssystem3233cce451.exe,c:windowssystem32adaqph.exe,»[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:windowssystem32cssdll32.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownloadAccelerator]
2010-07-20 06:48 2819584 —-a-w- c:program filesDAPDAP.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpeedBitVideoAccelerator]
2010-07-20 06:53 1607272 —-a-w- c:program filesSpeedBit Video AcceleratorVideoAccelerator.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\DAP\DAP.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«30720:TCP»= 30720:TCPR0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [22.01.2009 18:19 28544]
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [28.01.2009 9:16 165456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesAviraAntiVir Desktopsched.exe [01.04.2009 16:58 108289]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [28.01.2009 9:16 17744]
R2 VideoAcceleratorService;VideoAcceleratorService;c:progra~1SPEEDB~2VideoAcceleratorService.exe -start -scm —> c:progra~1SPEEDB~2VideoAcceleratorService.exe -start -scm [?]
R2 xinstall;xinstall;c:windowssystem32driversxinstall.sys [04.06.2009 11:45 6143]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;??f:driver`s! Everest Ultimate Editionkerneld.wnt —> f:driver`s! Everest Ultimate Editionkerneld.wnt [?]
S3 vaxscsi;vaxscsi;c:windowssystem32Driversvaxscsi.sys —> c:windowssystem32Driversvaxscsi.sys [?]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [17.01.2009 22:37 717296]
.
Contents of the ‘Scheduled Tasks’ folder2010-07-21 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-583907252-706699826-1417001333-1003Core.job
— c:documents and settingsUserLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-05-12 10:25]2010-07-21 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-583907252-706699826-1417001333-1003UA.job
— c:documents and settingsUserLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-05-12 10:25]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
mStart Page = hxxp://www.apeha.ru
IE: &Clean Traces — c:program filesDAPPrivacy Packagedapcleanerie.htm
IE: &Download with &DAP — c:program filesDAPdapextie.htm
IE: Download &all with DAP — c:program filesDAPdapextie2.htm
IE: Open using &Advanced JPEG Compressor — c:program filesAdvanced JPEG Compressorajcieex.htm
IE: Sothink SWF Catcher — c:program filesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
IE: Добавить к существующему PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
IE: Добавить содержимое по ссылке в существующий файл PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Преобразовать содержимое по ссылке в PDF — c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
LSP: c:progra~1SPEEDB~2sblsp.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesmat087jb.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — http://www.yandex.ru
FF — prefs.js: keyword.URL — hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF — component: c:program filesDAPDAPFireFoxcomponentsDAPFireFox.dll
FF — component: c:program filesMozilla Firefoxextensions{AB2CE124-6272-4b12-94A9-7303C7397BD1}componentsSkypeFfComponent.dll
FF — component: c:program filesSpeedBit Video DownloaderSPFireFoxcomponentsEngine.dll
FF — plugin: c:documents and settingsUserLocal SettingsApplication DataGoogleUpdate1.2.183.29npGoogleOneClick8.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF — plugin: c:program filesOperaprogrampluginsnppl3260.dll
FF — plugin: c:program filesOperaprogrampluginsnppl3260.dll
FF — plugin: c:program filesOperaprogrampluginsnprpjplug.dll
FF — plugin: c:program filesOperaprogrampluginsnprpjplug.dll—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.
— — — — ORPHANS REMOVED — — — —ShellExecuteHooks-{A213B520-C6C2-11d0-AF9D-008029E1027E} — (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 14:42
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(916)
c:windowssystem32Ati2evxx.dll
c:program filesCommon FilesAdobeAdobe Drive CS4AdobeDriveCS4_NP.dll— — — — — — — > ‘explorer.exe'(3172)
c:program filesMozilla Firefoxnspr4.dll
c:program filesMozilla Firefoxplds4.dll
c:program filesMozilla Firefoxplc4.dll
c:program filesMozilla Firefoxsqlite3.dll
c:program filesMozilla Firefoxnssutil3.dll
c:program filesMozilla Firefoxsoftokn3.dll
c:program filesMozilla Firefoxnss3.dll
c:program filesMozilla Firefoxsmime3.dll
c:windowssystem32webcheck.dll
c:windowssystem32IEFRAME.dll
c:program filesCommon FilesAdobeAdobe Drive CS4AdobeDriveCS4_NP.dll
.
Other Running Processes
.
c:windowssystem32Ati2evxx.exe
c:windowssystem32Ati2evxx.exe
c:program filesAlwil SoftwareAvast5AvastSvc.exe
c:program filesAviraAntiVir Desktopavguard.exe
c:program filesJavajre6binjqs.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:windowssystem32wdfmgr.exe
c:progra~1SPEEDB~2VideoAcceleratorService.exe
c:progra~1SPEEDB~2VideoAcceleratorEngine.exe
c:windowssystem32wbemwmiapsrv.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-21 14:49:02 — machine was rebooted
ComboFix-quarantined-files.txt 2010-07-21 10:48Pre-Run: 127 658 299 392 байт свободно
Post-Run: 127 894 884 352 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(2)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect— — End Of File — — 543656231D6FA3BAB0FC1C74F2E905D1
