[klolik]

А это лог от РСИТ

Logfile of random’s system information tool 1.06 (written by random/random)
Run by illya at 2010-02-18 11:51:19
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (16%) free of 16 GB
Total RAM: 767 MB (59% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-08-08 691656]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-11-14 1115400]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2005-11-11 7311360]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2005-11-11 86016]
«SoundMAXPnP»=C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe [2003-05-29 860160]
«SunJavaUpdateSched»=C:Program FilesJavajre1.6.0_07binjusched.exe [2008-06-10 218512]
«FineReader7NewsReaderPro»=C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe [2003-09-12 278528]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-09-15 81000]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2006-01-13 15360]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-11-14 538376]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
AutoCAD Startup Accelerator.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart16.exe

C:Documents and SettingsillyaStart MenuProgramsStartup
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
PowerReg SchedulerV2.exe
setup_9.0.0.722_20.01.2010_19-55.lnk — C:Documents and SettingsillyaDesktopVirus Removal Toolsetup_9.0.0.722_20.01.2010_19-55startup.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2006-01-13 239616]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5»
«C:WINDOWStwain_32L12U16U2SrvMod.exe»=»C:WINDOWStwain_32L12U16U2SrvMod.exe:*:Enabled:ipsec»
«C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe»=»C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe:*:Enabled:ipsec»
«C:Program FilesAdobeAdobe Photoshop CS2Photoshop.exe»=»C:Program FilesAdobeAdobe Photoshop CS2Photoshop.exe:*:Enabled:Adobe Photoshop CS2»
«I:autoply.exe»=»I:autoply.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32nwiz.exe»=»C:WINDOWSsystem32nwiz.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32netsh.exe»=»C:WINDOWSsystem32netsh.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32AT.exe»=»C:WINDOWSsystem32AT.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32logon.scr»=»C:WINDOWSsystem32logon.scr:*:Enabled:ipsec»
«C:WINDOWSsystem32RUNDLL32.EXE»=»C:WINDOWSsystem32rundll32.exe:*:Enabled:ipsec»
«C:Program FilesDAEMON Tools Litedaemon.exe»=»C:Program FilesDAEMON Tools Litedaemon.exe:*:Enabled:ipsec»
«C:WINDOWSExplorer.exe»=»C:WINDOWSExplorer.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe»=»C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe:*:Enabled:ipsec»
«C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorPCARmDrv.exe»=»C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorPCARmDrv.exe:*:Enabled:ipsec»
«C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe»=»C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe:*:Enabled:ipsec»
«C:Program FilesJavajre1.6.0_07binjusched.exe»=»C:Program FilesJavajre1.6.0_07binjusched.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe»=»C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe:*:Enabled:ipsec»
«C:Program FilesWindows Media Playerwmplayer.exe»=»C:Program FilesWindows Media Playerwmplayer.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32mshta.exe»=»C:WINDOWSsystem32mshta.exe:*:Enabled:ipsec»
«H:yncuwr.exe»=»H:yncuwr.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesYandexYupdateyupdate.exe»=»C:Program FilesCommon FilesYandexYupdateyupdate.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32dumprep.exe»=»C:WINDOWSsystem32dumprep.exe:*:Enabled:ipsec»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5»

======File associations======

.scr — open — «c:WINDOWSsystem32notepad.exe» «%1»
.scr — install —
.scr — config —

======List of files/folders created in the last 1 months======

2010-02-18 11:51:19 —-D—- C:Program Filestrend micro
2010-02-18 11:48:08 —-D—- C:_OTM
2010-02-18 11:41:30 —-RASHD—- C:autorun.inf
2010-02-17 14:15:57 —-D—- C:rsit
2010-02-17 14:07:46 —-HD—- C:WINDOWSPIF
2010-02-11 15:20:38 —-D—- C:WINDOWSCSC
2010-01-30 19:24:03 —-D—- C:Коктебель12.01.10
2010-01-30 19:20:20 —-D—- C:Документи

======List of files/folders modified in the last 1 months======

2010-02-18 11:51:19 —-RD—- C:Program Files
2010-02-18 11:49:40 —-D—- C:WINDOWSTemp
2010-02-18 11:48:25 —-A—- C:WINDOWSSchedLgU.Txt
2010-02-18 11:48:12 —-D—- C:WINDOWS
2010-02-18 11:48:09 —-HD—- C:WINDOWSsystem325C935C
2010-02-18 08:57:09 —-D—- C:xxxx
2010-02-17 18:51:56 —-D—- C:WINDOWSsystem32drivers
2010-02-17 18:50:46 —-SD—- C:WINDOWSTasks
2010-02-17 18:47:25 —-SHD—- C:System Volume Information
2010-02-17 18:39:45 —-A—- C:WINDOWSntbtlog.txt
2010-02-17 14:10:46 —-HD—- C:WINDOWSinf
2010-02-17 14:07:50 —-D—- C:WINDOWSsystem32CatRoot2
2010-02-17 12:59:21 —-D—- C:WINDOWSsystem32config
2010-02-17 12:51:56 —-D—- C:WINDOWSMinidump
2010-02-11 19:01:30 —-D—- C:WINDOWSsystem32
2010-01-30 19:30:13 —-HD—- C:Program FilesInstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 42991041;42991041; C:WINDOWSsystem32DRIVERS42991041.sys [2009-09-25 128016]
R1 42991042;42991042 Boot Guard Driver; C:WINDOWSsystem32DRIVERS42991042.sys [2009-10-22 37392]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-09-15 27408]
R1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-09-15 52368]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-01-13 36096]
R1 setup_9.0.0.722_20.01.2010_19-55drv;setup_9.0.0.722_20.01.2010_19-55drv; C:WINDOWSsystem32DRIVERS4299104.sys [2009-10-09 315408]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2008-11-27 20747]
R2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-09-15 94160]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:WINDOWSSYSTEM32DRIVERSWibuKey.sys [2007-05-09 72704]
R3 aeaudio;aeaudio; C:WINDOWSsystem32driversaeaudio.sys [2003-03-13 100224]
R3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-09-15 23152]
R3 FStarForce;FStarForce; C:WINDOWSsystem32DRIVERSFStarForce.sys [2009-04-08 8704]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2005-11-11 3532928]
R3 smwdm;smwdm; C:WINDOWSsystem32driverssmwdm.sys [2003-06-02 578304]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2006-01-06 27008]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2006-01-06 57856]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2006-01-06 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-01-06 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2005-09-19 241280]
S3 abp470n5;abp470n5; C:WINDOWSsystem32driversabp470n5.sys []
S3 azxe56mq;azxe56mq; C:WINDOWSsystem32driversazxe56mq.sys []
S3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2006-01-13 9600]
S3 MidiSyn;MidiSyn; C:WINDOWSsystem32driversMidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2006-01-13 12160]
S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:WINDOWSsystem32DRIVERSrt73.sys [2005-11-24 245248]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2006-01-06 15104]
S3 utqzndi4;AVZ Kernel Driver; ??C:WINDOWSsystem32Driversutqzndi4.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;System Restore Filter Driver; C:WINDOWSsystem32DRIVERSsr.sys [2006-01-13 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2006-01-13 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-09-15 138680]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2005-11-11 131139]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:Program FilesAnalog DevicesSoundMAXSMAgent.exe [2002-09-20 45056]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-09-15 352920]
S2 WUSB54GCSVC;WUSB54GCSVC; C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorWLService.exe [2005-07-04 53307]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-12-05 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2009-09-14 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2006-01-13 38912]

---

EOF

---

[klolik]

Это содержымое лога после введения кода

All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{16a310dd-ce94-11dd-a882-001c10642930} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{16a310dd-ce94-11dd-a882-001c10642930} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{36297db5-d488-11dd-a88a-001c10642930} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{36297db5-d488-11dd-a88a-001c10642930} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a79801fd-4dc7-11de-a94a-00112f910a3b} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{a79801fd-4dc7-11de-a94a-00112f910a3b} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ab08a035-e35e-11de-aa51-00112f910a3b} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{ab08a035-e35e-11de-aa51-00112f910a3b} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b6aa8488-c85d-11dd-a87b-00112f910a3b} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{b6aa8488-c85d-11dd-a87b-00112f910a3b} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b96ff040-f94a-11dd-a8d5-00112f910a3b} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{b96ff040-f94a-11dd-a8d5-00112f910a3b} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dd88e6b6-059b-11de-a8ea-00112f910a3b} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{dd88e6b6-059b-11de-a8ea-00112f910a3b} not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fa37e390-c0a0-11dd-a86b-001c10642930} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{fa37e390-c0a0-11dd-a86b-001c10642930} not found.
========== FILES ==========
File/Folder C:WINDOWStasksAt1.job not found.
File/Folder C:WINDOWStasksAt2.job not found.
C:Documents and SettingsAll UsersStart MenuProgramsStartupSrvMod.lnk moved successfully.
C:Documents and SettingsillyaStart MenuProgramsStartup654A3E.lnk moved successfully.
C:WINDOWSsystem325C935C654A3E.EXE moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: illya
->Temp folder emptied: 15544620 bytes
->Temporary Internet Files folder emptied: 4576236 bytes
->Java cache emptied: 46111 bytes
->FireFox cache emptied: 55110203 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%System32 .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1368107 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75,00 mb

OTM by OldTimer — Version 3.1.8.0 log created on 02182010_114808

Files moved on Reboot…
C:WINDOWStempPerflib_Perfdata_530.dat moved successfully.

Registry entries deleted on Reboot…

[klolik]

ЛОГ

Logfile of random’s system information tool 1.06 (written by random/random)
Run by illya at 2010-02-17 14:19:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 869 MB (5%) free of 16 GB
Total RAM: 767 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:17, on 17.02.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesReg OrganizerRegOrganizer.exe
C:Program FilesAlwil SoftwareAvast4ashSimpl.exe
C:WINDOWSsystem325C935C654A3E.EXE
H:аааRSIT.exe
H:аааHiJackThisillya.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://xtreme.ws/
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Service Pack 3 Internet Explorer
R3 — URLSearchHook: (no name) — — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_07binssv.dll
O3 — Toolbar: DAEMON Tools Toolbar — {32099AAC-C132-4136-9E9A-4E364A424E17} — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre1.6.0_07binjusched.exe»
O4 — HKLM..Run: [FineReader7NewsReaderPro] C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [Yupdate!] «C:Program FilesCommon FilesYandexYupdateyupdate.exe»
O4 — HKUSS-1-5-20..Run: [msnsc] C:WINDOWSsystem32msnsc.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [msnsc] C:WINDOWSsystem32msnsc.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [msnsc] C:WINDOWSsystem32msnsc.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [nlsf] cmd.exe /C move /Y «%SystemRoot%System32syssetub.dll» «%SystemRoot%System32syssetup.dll» (User ‘Default user’)
O4 — Startup: 654A3E.lnk = C:WINDOWSsystem325C935C654A3E.EXE
O4 — Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Startup: PowerReg SchedulerV2.exe
O4 — Startup: setup_9.0.0.722_20.01.2010_19-55.lnk = C:Documents and SettingsillyaDesktopVirus Removal Toolsetup_9.0.0.722_20.01.2010_19-55startup.exe
O4 — Global Startup: AutoCAD Startup Accelerator.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
O4 — Global Startup: SrvMod.lnk = C:WINDOWStwain_32L12U16U2SrvMod.exe
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_07binssv.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O17 — HKLMSystemCCSServicesTcpip..{0A913EF2-4E9D-42DA-8A5D-57A775FEB59A}: NameServer = 82.144.192.130,82.144.192.131
O17 — HKLMSystemCS1ServicesTcpip..{0A913EF2-4E9D-42DA-8A5D-57A775FEB59A}: NameServer = 82.144.192.130,82.144.192.131
O17 — HKLMSystemCS2ServicesTcpip..{0A913EF2-4E9D-42DA-8A5D-57A775FEB59A}: NameServer = 82.144.192.130,82.144.192.131
O17 — HKLMSystemCS3ServicesTcpip..{0A913EF2-4E9D-42DA-8A5D-57A775FEB59A}: NameServer = 82.144.192.130,82.144.192.131
O18 — Protocol: solores — {8FA1F4E9-444B-48BF-98CD-B8ECA88E6BA5} — C:PROGRA~1TRENAG~1Solo9SoloRes.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: avast! iAVS4 Control Service (aswUpdSv) — ALWIL Software — C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 — Service: Autodesk Licensing Service — Autodesk — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 — Service: avast! Antivirus — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 — Service: avast! Mail Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 — Service: avast! Web Scanner — ALWIL Software — C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) — Analog Devices, Inc. — C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 — Service: WUSB54GCSVC — GEMTEKS — C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorWLService.exe

—
End of file — 5884 bytes

======Scheduled tasks folder======

C:WINDOWStasksAt1.job
C:WINDOWStasksAt2.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} — DAEMON Tools Toolbar — C:Program FilesDAEMON Tools ToolbarDTToolbar.dll [2008-08-08 691656]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2007-11-14 1115400]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2005-11-11 7311360]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2005-11-11 86016]
«SoundMAXPnP»=C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe [2003-05-29 860160]
«SunJavaUpdateSched»=C:Program FilesJavajre1.6.0_07binjusched.exe [2008-06-10 218512]
«FineReader7NewsReaderPro»=C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe [2003-09-12 278528]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«avast!»=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-09-15 81000]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2006-01-13 15360]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-08-08 490952]
«Yupdate!»=C:Program FilesCommon FilesYandexYupdateyupdate.exe [2007-11-14 538376]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
AutoCAD Startup Accelerator.lnk — C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
SrvMod.lnk — C:WINDOWStwain_32L12U16U2SrvMod.exe

C:Documents and SettingsillyaStart MenuProgramsStartup
654A3E.lnk — C:WINDOWSsystem325C935C654A3E.EXE
Adobe Gamma.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
PowerReg SchedulerV2.exe
setup_9.0.0.722_20.01.2010_19-55.lnk — C:Documents and SettingsillyaDesktopVirus Removal Toolsetup_9.0.0.722_20.01.2010_19-55startup.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2006-01-13 239616]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«EnableLUA»=0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«Nofolderoptions»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«Nofolderoptions»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5»
«C:WINDOWStwain_32L12U16U2SrvMod.exe»=»C:WINDOWStwain_32L12U16U2SrvMod.exe:*:Enabled:ipsec»
«C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe»=»C:Program FilesGraphisoftArchiCAD 11ArchiCAD.exe:*:Enabled:ipsec»
«C:Program FilesAdobeAdobe Photoshop CS2Photoshop.exe»=»C:Program FilesAdobeAdobe Photoshop CS2Photoshop.exe:*:Enabled:Adobe Photoshop CS2»
«I:autoply.exe»=»I:autoply.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32nwiz.exe»=»C:WINDOWSsystem32nwiz.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32netsh.exe»=»C:WINDOWSsystem32netsh.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32AT.exe»=»C:WINDOWSsystem32AT.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32userinit.exe»=»C:WINDOWSsystem32userinit.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32logon.scr»=»C:WINDOWSsystem32logon.scr:*:Enabled:ipsec»
«C:WINDOWSsystem32RUNDLL32.EXE»=»C:WINDOWSsystem32rundll32.exe:*:Enabled:ipsec»
«C:Program FilesDAEMON Tools Litedaemon.exe»=»C:Program FilesDAEMON Tools Litedaemon.exe:*:Enabled:ipsec»
«C:WINDOWSExplorer.exe»=»C:WINDOWSExplorer.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe»=»C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe:*:Enabled:ipsec»
«C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorPCARmDrv.exe»=»C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorPCARmDrv.exe:*:Enabled:ipsec»
«C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe»=»C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe:*:Enabled:ipsec»
«C:Program FilesJavajre1.6.0_07binjusched.exe»=»C:Program FilesJavajre1.6.0_07binjusched.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe»=»C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe:*:Enabled:ipsec»
«C:Program FilesWindows Media Playerwmplayer.exe»=»C:Program FilesWindows Media Playerwmplayer.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32ctfmon.exe»=»C:WINDOWSsystem32ctfmon.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32mshta.exe»=»C:WINDOWSsystem32mshta.exe:*:Enabled:ipsec»
«H:yncuwr.exe»=»H:yncuwr.exe:*:Enabled:ipsec»
«C:Program FilesCommon FilesYandexYupdateyupdate.exe»=»C:Program FilesCommon FilesYandexYupdateyupdate.exe:*:Enabled:ipsec»
«C:WINDOWSsystem32dumprep.exe»=»C:WINDOWSsystem32dumprep.exe:*:Enabled:ipsec»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMSN Messengermsnmsgr.exe»=»C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{16a310dd-ce94-11dd-a882-001c10642930}]
shellAutoRuncommand — H:rezjch.exe
shellexplorecommand — H:rezjch.exe
shellopencommand — H:rezjch.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{36297db5-d488-11dd-a88a-001c10642930}]
shellAuToPlaycommand — H:
shellAutoRuncommand — H:qnypl.pif
shellExplOrecommand — H:
shellOpEncommand — H:

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a79801fd-4dc7-11de-a94a-00112f910a3b}]
shellAutoPlaycommand — H:
shellAutoRuncommand — H:autoply.exe OPEN
shellexplorecommand — H:
shellopencommand — H:autoply.exe OPEN

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ab08a035-e35e-11de-aa51-00112f910a3b}]
shellAutoRuncommand — H:curice/elena.exe
shellexplorecommand — H:curice/elena.exe
shellopencommand — H:curice/elena.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b6aa8488-c85d-11dd-a87b-00112f910a3b}]
shellAutoRuncommand — H:LaunchU3.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b96ff040-f94a-11dd-a8d5-00112f910a3b}]
shellAutoRuncommand — H:dtprnv.exe
shellexplorecommand — H:dtprnv.exe
shellopencommand — H:dtprnv.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dd88e6b6-059b-11de-a8ea-00112f910a3b}]
shellAutoRuncommand — K:curice/elena.exe
shellexplorecommand — K:curice/elena.exe
shellopencommand — K:curice/elena.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fa37e390-c0a0-11dd-a86b-001c10642930}]
shellAutoRuncommand — I:curice/elena.exe
shellexplorecommand — I:curice/elena.exe
shellopencommand — I:curice/elena.exe

======File associations======

.scr — open — «c:WINDOWSsystem32notepad.exe» «%1»
.scr — install —
.scr — config —

======List of files/folders created in the last 1 months======

2010-02-17 14:15:57 —-D—- C:rsit
2010-02-17 14:10:33 —-D—- C:WINDOWSLastGood
2010-02-17 14:07:46 —-HD—- C:WINDOWSPIF
2010-02-11 15:20:38 —-D—- C:WINDOWSCSC
2010-01-30 19:24:03 —-D—- C:Коктебель12.01.10
2010-01-30 19:20:20 —-D—- C:Документи

======List of files/folders modified in the last 1 months======

2010-02-17 14:12:01 —-D—- C:WINDOWSsystem32drivers
2010-02-17 14:12:01 —-A—- C:WINDOWSntbtlog.txt
2010-02-17 14:10:46 —-HD—- C:WINDOWSinf
2010-02-17 14:10:33 —-D—- C:WINDOWS
2010-02-17 14:08:01 —-HD—- C:WINDOWSsystem325C935C
2010-02-17 14:07:50 —-D—- C:WINDOWSsystem32CatRoot2
2010-02-17 12:59:21 —-D—- C:WINDOWSsystem32config
2010-02-17 12:51:56 —-D—- C:WINDOWSTemp
2010-02-17 12:51:56 —-D—- C:WINDOWSMinidump
2010-02-12 00:21:38 —-A—- C:WINDOWSSchedLgU.Txt
2010-02-11 19:01:30 —-D—- C:WINDOWSsystem32
2010-02-11 09:46:35 —-RD—- C:Program Files
2010-01-30 19:30:13 —-HD—- C:Program FilesInstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 FStarForce;FStarForce; C:WINDOWSsystem32DRIVERSFStarForce.sys [2009-04-08 8704]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2006-01-06 27008]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2006-01-06 57856]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2006-01-06 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-01-06 20480]
S1 42991041;42991041; C:WINDOWSsystem32DRIVERS42991041.sys [2009-09-25 128016]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:WINDOWSsystem32driversAavmker4.sys [2009-09-15 27408]
S1 aswSP;avast! Self Protection; C:WINDOWSsystem32driversaswSP.sys [2009-09-15 114768]
S1 aswTdi;avast! Network Shield Support; C:WINDOWSsystem32driversaswTdi.sys [2009-09-15 52368]
S1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2006-01-13 36096]
S1 setup_9.0.0.722_20.01.2010_19-55drv;setup_9.0.0.722_20.01.2010_19-55drv; C:WINDOWSsystem32DRIVERS4299104.sys [2009-10-09 315408]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2008-11-27 20747]
S2 aswFsBlk;aswFsBlk; C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2009-09-15 20560]
S2 aswMon2;avast! Standard Shield Support; C:WINDOWSsystem32driversaswMon2.sys [2009-09-15 94160]
S2 WIBUKEY;WIBU-KEY Kernel Driver; C:WINDOWSSYSTEM32DRIVERSWibuKey.sys [2007-05-09 72704]
S3 abp470n5;abp470n5; C:WINDOWSsystem32driversabp470n5.sys []
S3 aeaudio;aeaudio; C:WINDOWSsystem32driversaeaudio.sys [2003-03-13 100224]
S3 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr.sys [2009-09-15 23152]
S3 awl3v0pn;awl3v0pn; C:WINDOWSsystem32driversawl3v0pn.sys []
S3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2006-01-13 9600]
S3 MidiSyn;MidiSyn; C:WINDOWSsystem32driversMidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2006-01-13 12160]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2005-11-11 3532928]
S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:WINDOWSsystem32DRIVERSrt73.sys [2005-11-24 245248]
S3 smwdm;smwdm; C:WINDOWSsystem32driverssmwdm.sys [2003-06-02 578304]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2006-01-06 15104]
S3 utqzndi4;AVZ Kernel Driver; ??C:WINDOWSsystem32Driversutqzndi4.sys []
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:WINDOWSsystem32DRIVERSyk51x86.sys [2005-09-19 241280]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;System Restore Filter Driver; C:WINDOWSsystem32DRIVERSsr.sys [2006-01-13 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2006-01-13 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-09-15 18752]
S2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-09-15 138680]
S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2005-11-11 131139]
S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:Program FilesAnalog DevicesSoundMAXSMAgent.exe [2002-09-20 45056]
S2 WUSB54GCSVC;WUSB54GCSVC; C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorWLService.exe [2005-07-04 53307]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2008-12-05 72704]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2009-09-14 77944]
S3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-09-15 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-09-15 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2006-01-13 38912]

---

EOF

---

[klolik]

ИНФО

info.txt logfile of random’s system information tool 1.06 2010-02-17 14:16:02

======Uninstall list======

—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 7.0 Professional Edition—>MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Bridge 1.0—>MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer—>MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Help Center 1.0—>MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 Russian—>C:Program FilesAdobeAdobe Photoshop CS2Uninst.exe /pid:{D78CB7CC-1960-4B45-A098-05A9212BC360} /asd
Adobe Photoshop CS2—>msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.5—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Stock Photos 1.0—>MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
ArchiCAD 11 INT—>C:Program FilesGraphisoftArchiCAD 11Uninstall.ACuninstaller.exe
ArchiCAD 12 INT—>C:Program FilesGraphisoftArchiCAD 12Uninstall.ACuninstaller.exe
ArchiGlazing for ArchiCAD 12 INT—>C:Program FilesGraphisoftArchiCAD 12Uninstall.AGuninstaller.exe
Artlantis Studio 2.1—>C:Program FilesArtlantis Studio 2uninst.exe
AutoCAD 2006 — English—>MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer—>C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove
avast! Antivirus—>C:Program FilesAlwil SoftwareAvast4aswRunDll.exe «C:Program FilesAlwil SoftwareAvast4Setupsetiface.dll»,RunSetup
Compact Wireless-G USB Adapter—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F855C3AE-992D-4B84-A09D-07103CDCDAC2}setup.exe» -l0x9
DAEMON Tools Toolbar—>C:Program FilesDAEMON Tools Toolbaruninst.exe
fitW (fine tuning of Windows) 4.4.5.5100—>C:Program FilesfitW (fine tuning of Windows)uninst.exe
GOM Player—>»C:Program FilesGRETECHGomPlayerUninstall.exe»
Google Earth—>MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Heroes of Might and Magic V—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{CB9A636A-AF2D-4B03-AE8B-8FE99AC197E8}setup.exe» -l0x19
HijackThis 2.0.2—>»H:аааHiJackThisHijackThis.exe» /uninstall
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 5.3.4 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
KMP-Player 2.9.3.1430—>»C:Program FilesThe KMPlayerunins000.exe»
Mathcad 14 Help—>MsiExec.exe /I{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}
Mathcad 14 Resource Center—>MsiExec.exe /I{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}
Mathcad 14—>MsiExec.exe /I{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}
Mathcad 2001 Professional—>MsiExec.exe /X{31A38B62-9168-4052-920A-F1405F43FEA8}
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Office Professional Edition 2003—>MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (1.5)—>C:WINDOWSUninstallFirefox.exe /ua «1.5 (en-US)»
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
QuickTime Alternative 1.67—>»C:Program FilesQuickTime Alternativeunins000.exe»
Reg Organizer 5.0 Beta 1—>»C:Program FilesReg Organizerunins000.exe»
Registrar Registry Manager 6.50—>»C:Program FilesRegistrar Registry Managerunins000.exe»
SE A3 USB 1200 Pro v1.0—>C:PROGRA~1SCANEX~1DriverUNINST.EXE
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}Setup.exe»
WIBU-KEY Setup (WIBU-KEY Remove)—>C:Program FilesWIBUKEYSetupSetup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Герои Меча и Магии 3.5: Во имя Богов—>C:WINDOWSIsUn0419.exe -fe:geroiUninst.isu
Карта Москвы MosMap v. 3.1 Lite —>C:WINDOWSsystem32UNWISE.EXE C:WINDOWSsystem32mosmap.wsi
Соло на Клавиатуре 9.0—>C:Program FilesTrenagiorSolo9Uninstall.exe
Яндекс.Бар для Internet Explorer 3.1.1—>»C:Program FilesYandexYandexBarIEunins000.exe»

======Security center information======

AV: avast! antivirus 4.8.1356 [VPS 090924-0] (outdated)

======System event log======

Computer Name: ILLYA
Event Code: 7
Message: The device, DeviceCdRom0, has a bad block.

Record Number: 14769
Source Name: Cdrom
Time Written: 20100107132023.000000+000
Event Type: error
User:

Computer Name: ILLYA
Event Code: 7
Message: The device, DeviceCdRom0, has a bad block.

Record Number: 14768
Source Name: Cdrom
Time Written: 20100107132017.000000+000
Event Type: error
User:

Computer Name: ILLYA
Event Code: 7
Message: The device, DeviceCdRom0, has a bad block.

Record Number: 14767
Source Name: Cdrom
Time Written: 20100107132011.000000+000
Event Type: error
User:

Computer Name: ILLYA
Event Code: 7
Message: The device, DeviceCdRom0, has a bad block.

Record Number: 14766
Source Name: Cdrom
Time Written: 20100107132004.000000+000
Event Type: error
User:

Computer Name: ILLYA
Event Code: 7
Message: The device, DeviceCdRom0, has a bad block.

Record Number: 14765
Source Name: Cdrom
Time Written: 20100107131957.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: ILLYA
Event Code: 1000
Message: Faulting application h3wog.exe, version 3.2.0.0, faulting module mp3dec.asi, version 3.0.0.0, fault address 0x000076f1.

Record Number: 904
Source Name: Application Error
Time Written: 20091116203615.000000+000
Event Type: error
User:

Computer Name: ILLYA
Event Code: 1000
Message: Faulting application h3wog.exe, version 3.2.0.0, faulting module mp3dec.asi, version 3.0.0.0, fault address 0x000076f1.

Record Number: 903
Source Name: Application Error
Time Written: 20091116191501.000000+000
Event Type: error
User:

Computer Name: ILLYA
Event Code: 1517
Message: Windows saved user ILLYAillya registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 901
Source Name: Userenv
Time Written: 20091116172455.000000+000
Event Type: warning
User: NT AUTHORITYSYSTEM

Computer Name: ILLYA
Event Code: 1517
Message: Windows saved user ILLYAillya registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 899
Source Name: Userenv
Time Written: 20091115224805.000000+000
Event Type: warning
User: NT AUTHORITYSYSTEM

Computer Name: ILLYA
Event Code: 1517
Message: Windows saved user ILLYAillya registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 895
Source Name: Userenv
Time Written: 20091115191317.000000+000
Event Type: warning
User: NT AUTHORITYSYSTEM

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesCommon FilesAdobeAGL;C:Program FilesCommon FilesAutodesk Shared
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 2 Stepping 9, GenuineIntel
«PROCESSOR_REVISION»=0209
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«SAFEBOOT_OPTION»=MINIMAL

---

EOF

---

[Автор]

Сообщения