Созданные ответы форума
-
Сообщения
-
Здравствуйте! Перезагрузку пришлось выполнить вручную
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CB2E7340-5B81-DC9E-8CD1-3264B2C1CE8E} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CB2E7340-5B81-DC9E-8CD1-3264B2C1CE8E} not found.
========== FILES ==========
File/Folder E:Documents and SettingsВладелецГлавное менюПрограммыАвтозагрузкаrncsys32.exe not found.
File/Folder E:SysFilesa9uGliS8_.dll not found.
========== COMMANDS ==========[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytesUser: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytesUser: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytesUser: Владелец
->Temp folder emptied: 476408452 bytes
->Temporary Internet Files folder emptied: 548881108 bytes
->FireFox cache emptied: 57650565 bytes%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%System32 .tmp files removed: 8741376 bytes
%systemroot%System32dllcache .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2869640 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1721179943 bytesTotal Files Cleaned = 2 685,00 mb
OTM by OldTimer — Version 3.1.6.0 log created on 01242010_152409
Files moved on Reboot…
Registry entries deleted on Reboot…
RSIT лог
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Владелец at 2010-01-24 15:33:33
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 54 GB (11%) free of 477 GB
Total RAM: 3070 MB (82% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:35, on 24.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: NormalRunning processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32spoolsv.exe
E:WINDOWSExplorer.exe
E:WINDOWSnotepad.exe
E:WINDOWSsystem32ctfmon.exe
E:WINDOWSsystem32RUNDLL32.EXE
E:WINDOWSRTHDCPL.EXE
E:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
E:Program FilesMail.RuAgentMAgent.exe
E:WINDOWSsystem32svchost.exe
E:Program Files2gisUpdateClientWin32UpdateClientUI.exe
E:WINDOWSPixArti-Look110Monitor.exe
E:Program FilesSkypePhoneSkype.exe
E:Program FilesAdobeReader 8.0Readerreader_sl.exe
E:Program FilesSkypePlugin ManagerskypePM.exe
E:Program Files2gisUpdateClientWin32UpdateClientService.exe
E:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
E:Program FilesBonjourmDNSResponder.exe
E:WINDOWSsystem32DWRCS.exe
E:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32nvsvc32.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32svchost.exe
E:Documents and SettingsВладелецРабочий столRSIT.exe
E:Program Filestrend microВладелец.exe
E:Program FilesMozilla Firefox 3.5.5 Pre Mod by SKAppFirefoxfirefox.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = mail.ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mail.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — E:Program FilesMail.RuAgentMradllnewmrasearch.dll
F2 — REG:system.ini: Shell=Explorer.exe rundll32.exe jyku.fjo hvttt
O2 — BHO: HP Print Enhancer — {0347C33E-8762-4905-BF09-768834316C61} — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — E:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — E:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 — BHO: HP Smart BHO Class — {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE E:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE E:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [GEST] m‘|ь
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [GrooveMonitor] «E:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [ISUSPM Startup] «E:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe» -startup
O4 — HKLM..Run: [ISUSScheduler] «E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [MAgent] E:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [Internet Connection Wizard Setup Tool] C:Program FilesInternet ExplorerConnection Wizardicwsetup.exe
O4 — HKLM..Run: [2gis update client UI] «E:Program Files2gisUpdateClientWin32UpdateClientUI.exe» -minimized
O4 — HKLM..Run: [PAC207_Monitor] E:WINDOWSPixArti-Look110Monitor.exe
O4 — HKLM..Run: [Monitor] E:WINDOWSPixArti-Look110Monitor.exe
O4 — HKLM..Run: [QuickTime Task] «E:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 — HKCU..Run: [CTFMON.EXE] E:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [RGSC] E:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent
O4 — HKCU..Run: [Skype] «E:Program FilesSkype\PhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [Deluxe Tree] E:Documents and SettingsВладелецМои документыФайлы Mail.Ru Агентаvladyulya@list.rudima_yun@mail.ruChristmas kaledos_0.exe
O4 — HKCU..Run: [uTorrent] «E:Documents and SettingsВладелецРабочий столuTorrent.exe»
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = E:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: Adobe Reader Speed Launch.lnk = E:Program FilesAdobeReader 8.0Readerreader_sl.exe
O4 — Global Startup: Adobe Reader Synchronizer.lnk = E:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O4 — Global Startup: StrongDC++ sqlite (Дом.ру Edition).lnk = E:StrongDC.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://E:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Google ВикиКомментарии… — res://E:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — E:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — E:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — E:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — E:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — E:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — E:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — E:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — E:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: Расширенный выбор HP — {DDE87865-83C5-48c4-8357-2F5B1AA84522} — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 — HKLMSystemCCSServicesTcpip..{4D5B402C-BBF0-44C1-889D-9DAF0F016C39}: NameServer = 91.144.180.3 91.144.182.3
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — E:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — E:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: 2GIS UpdateClientService — ДубльГИС — E:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 — Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — E:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
O23 — Service: ASP.NET State Service (aspnet_state) — Unknown owner — E:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 — Service: Фоновая интеллектуальная служба передачи (BITS) (BITS) — Unknown owner — E:WINDOWS
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — E:Program FilesBonjourmDNSResponder.exe
O23 — Service: DameWare Mini Remote Control (DWMRCS) — DameWare Development LLC — E:WINDOWSsystem32DWRCS.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — E:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — E:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — E:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — E:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — E:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — E:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — E:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — E:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — E:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — E:WINDOWSsystem32wbemwmiapsrv.exe
O23 — Service: Автоматическое обновление (wuauserv) — Unknown owner — E:WINDOWS—
End of file — 10442 bytes======Scheduled tasks folder======
E:WINDOWStasksAppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll [2007-11-06 322880][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — E:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — E:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-26 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll [2007-11-06 542016][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=E:WINDOWSsystem32NvCpl.dll [2008-03-24 13524992]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=E:WINDOWSsystem32NvMcTray.dll [2008-03-24 86016]
«GEST»=m‘|ь []
«RTHDCPL»=E:WINDOWSRTHDCPL.EXE [2008-02-13 16857600]
«GrooveMonitor»=E:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-26 31016]
«ISUSPM Startup»=E:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe [2005-08-11 249856]
«ISUSScheduler»=E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-08-11 81920]
«MAgent»=E:Program FilesMail.RuAgentMAgent.exe [2009-07-27 7975608]
«Internet Connection Wizard Setup Tool»=C:Program FilesInternet ExplorerConnection Wizardicwsetup.exe []
«2gis update client UI»=E:Program Files2gisUpdateClientWin32UpdateClientUI.exe [2008-09-17 4055040]
«PAC207_Monitor»=E:WINDOWSPixArti-Look110Monitor.exe [2007-12-10 323584]
«Monitor»=E:WINDOWSPixArti-Look110Monitor.exe [2007-12-10 323584]
«QuickTime Task»=E:Program FilesQuickTimeqttask.exe [2009-01-05 413696]
«KernelFaultCheck»=E:WINDOWSsystem32dumprep 0 -k []
«UserFaultCheck»=E:WINDOWSsystem32dumprep 0 -u [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=E:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«RGSC»=E:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent []
«Skype»=E:Program FilesSkype\PhoneSkype.exe [2008-11-07 21633320]
«Deluxe Tree»=E:Documents and SettingsВладелецМои документыФайлы Mail.Ru Агентаvladyulya@list.rudima_yun@mail.ruChristmas kaledos_0.exe [2009-12-27 560640]
«uTorrent»=E:Documents and SettingsВладелецРабочий столuTorrent.exe []E:Documents and SettingsAll UsersApplication DataMicrosoftShortcuts
Adobe Reader Speed Launch.lnk — E:Program FilesAdobeReader 8.0Readerreader_sl.exe
Adobe Reader Synchronizer.lnk — E:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
StrongDC++ sqlite (Дом.ру Edition).lnk — E:StrongDC.exeE:Documents and SettingsВладелецГлавное менюПрограммыАвтозагрузка
Вырезка экрана и программа запуска для OneNote 2007.lnk — E:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — E:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=E:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-26 2210608][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDrives»=0
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«E:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»E:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«E:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»E:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«E:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»E:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«E:Program FilesHPDigital Imagingbinhpqtra08.exe»=»E:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe»
«E:Program FilesHPDigital Imagingbinhpqste08.exe»=»E:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«E:Program FilesHPDigital Imagingbinhposid01.exe»=»E:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«E:Program FilesICQ6ICQ.exe»=»E:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe»=»E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe:*:Enabled:Kaspersky Anti-Virus»
«E:Program FilesBonjourmDNSResponder.exe»=»E:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«E:Program FilesuTorrentuTorrent.exe»=»E:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«E:Program FilesPeersPeers.exe»=»E:Program FilesPeersPeers.exe:*:Enabled:Peers»
«E:Program FilesSkypePhoneSkype.exe»=»E:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«E:Documents and SettingsВладелецРабочий столSharemanSetupShareman.exe»=»E:Documents and SettingsВладелецРабочий столSharemanSetupShareman.exe:*:Enabled:Shareman»
«E:Documents and SettingsВладелецРабочий столuTorrent.exe»=»E:Documents and SettingsВладелецРабочий столuTorrent.exe:*:Enabled:µTorrent»
«E:Program FilesSharemanShareman.exe»=»E:Program FilesSharemanShareman.exe:*:Enabled:Shareman»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2010-01-23 21:15:44 —-A—- E:WINDOWSsystem32ECLb6Cu.exe
2010-01-21 07:38:15 —-A—- E:WINDOWSsystem32gk3hUQb.exe
2010-01-19 19:17:48 —-A—- E:WINDOWSsystem32pFPLabf.exe
2010-01-17 22:02:47 —-A—- E:WINDOWSsystem32HfkGwJj.exe
2010-01-13 01:57:40 —-A—- E:WINDOWSsystem32KzUdwkf.exe
2010-01-12 16:48:02 —-A—- E:WINDOWSsystem32DSc1LrA.exe
2010-01-12 01:26:27 —-A—- E:WINDOWSsystem328XT6qFi.exe
2010-01-11 17:55:52 —-A—- E:WINDOWSsystem32ybEUNI0.exe
2010-01-11 01:35:20 —-A—- E:WINDOWSsystem32fnYrDRn.exe
2010-01-11 01:19:58 —-D—- E:WINDOWSMinidump
2010-01-10 16:27:41 —-A—- E:WINDOWSsystem32DXEdqDm.exe
2010-01-10 01:55:31 —-A—- E:WINDOWSsystem32xq8MGer.exe
2010-01-10 01:55:31 —-A—- E:Program FilesCommon Fileskeylog.txt
2010-01-10 01:37:47 —-A—- E:WINDOWSsystem32GVI1zUF.exe
2010-01-07 21:39:43 —-A—- E:WINDOWSUpdateClientUI.INI
2010-01-07 02:56:32 —-D—- E:_OTM
2010-01-06 01:57:16 —-D—- E:Program FilesCall of Duty 4 MP Client 1.7 OptiZone
2010-01-05 18:28:13 —-A—- E:WINDOWSsystem32XAudio2_5.dll
2010-01-05 18:28:13 —-A—- E:WINDOWSsystem32xactengine3_5.dll
2010-01-05 18:28:12 —-A—- E:WINDOWSsystem32d3dx11_42.dll
2010-01-05 18:28:12 —-A—- E:WINDOWSsystem32d3dx10_42.dll
2010-01-05 18:28:12 —-A—- E:WINDOWSsystem32d3dcsx_42.dll
2010-01-05 18:28:12 —-A—- E:WINDOWSsystem32D3DCompiler_42.dll
2010-01-05 18:28:11 —-A—- E:WINDOWSsystem32D3DX9_42.dll
2010-01-05 18:28:11 —-A—- E:WINDOWSsystem32D3DX9_41.dll
2010-01-05 18:28:11 —-A—- E:WINDOWSsystem32d3dx10_41.dll
2010-01-05 18:28:11 —-A—- E:WINDOWSsystem32D3DCompiler_41.dll
2010-01-05 18:28:10 —-A—- E:WINDOWSsystem32XAudio2_4.dll
2010-01-05 18:28:10 —-A—- E:WINDOWSsystem32XAPOFX1_3.dll
2010-01-05 18:28:10 —-A—- E:WINDOWSsystem32xactengine3_4.dll
2010-01-05 18:28:10 —-A—- E:WINDOWSsystem32X3DAudio1_6.dll
2010-01-05 18:28:10 —-A—- E:WINDOWSsystem32D3DX9_40.dll
2010-01-05 18:28:10 —-A—- E:WINDOWSsystem32d3dx10_40.dll
2010-01-05 18:28:10 —-A—- E:WINDOWSsystem32D3DCompiler_40.dll
2010-01-05 18:28:09 —-A—- E:WINDOWSsystem32XAudio2_3.dll
2010-01-05 18:28:09 —-A—- E:WINDOWSsystem32XAudio2_2.dll
2010-01-05 18:28:09 —-A—- E:WINDOWSsystem32XAPOFX1_2.dll
2010-01-05 18:28:09 —-A—- E:WINDOWSsystem32XAPOFX1_1.dll
2010-01-05 18:28:09 —-A—- E:WINDOWSsystem32xactengine3_3.dll
2010-01-05 18:28:09 —-A—- E:WINDOWSsystem32X3DAudio1_5.dll
2010-01-05 18:28:08 —-A—- E:WINDOWSsystem32xactengine3_2.dll
2010-01-05 18:28:08 —-A—- E:WINDOWSsystem32D3DX9_39.dll
2010-01-05 18:28:08 —-A—- E:WINDOWSsystem32d3dx10_39.dll
2010-01-05 18:28:08 —-A—- E:WINDOWSsystem32D3DCompiler_39.dll
2010-01-05 17:23:37 —-A—- E:WINDOWSsystem32winstanew.dll
2010-01-05 17:23:37 —-A—- E:WINDOWSsystem32user32new.dll
2010-01-05 17:23:37 —-A—- E:WINDOWSsystem32setupapinew.dll
2010-01-05 17:23:37 —-A—- E:WINDOWSsystem32secur32new.dll
2010-01-05 17:23:37 —-A—- E:WINDOWSsystem32rpcrt4new.dll
2010-01-05 17:23:37 —-A—- E:WINDOWSsystem32powrprofnew.dll
2010-01-05 17:23:37 —-A—- E:WINDOWSsystem32Nucleus.dll
2010-01-05 17:23:36 —-A—- E:WINDOWSsystem32ntdsapinew.dll
2010-01-05 17:23:36 —-A—- E:WINDOWSsystem32ntdllnew.dll
2010-01-05 17:23:36 —-A—- E:WINDOWSsystem32msvcrtnew.dll
2010-01-05 17:23:36 —-A—- E:WINDOWSsystem32M2000Twn.dll
2010-01-05 17:23:35 —-A—- E:WINDOWSsystem32kernel32new.dll
2010-01-05 17:23:35 —-A—- E:WINDOWSsystem32dxgi.dll
2010-01-05 17:23:35 —-A—- E:WINDOWSsystem32dwmapi.dll
2010-01-05 17:23:34 —-A—- E:WINDOWSsystem32d3dx10.dll
2010-01-05 17:23:34 —-A—- E:WINDOWSsystem32d3d10core.dll
2010-01-05 17:23:34 —-A—- E:WINDOWSsystem32d3d10.dll
2010-01-05 17:23:33 —-A—- E:WINDOWSsystem32crypt32new.dll
2010-01-05 17:23:33 —-A—- E:WINDOWSsystem32apphelpnew.dll
2010-01-05 17:23:33 —-A—- E:WINDOWSsystem32advapi32new.dll
2010-01-05 16:35:16 —-D—- E:Program FilesPrototype
2010-01-04 21:40:00 —-D—- E:Program Filestrend micro
2010-01-03 22:35:34 —-D—- E:SysFiles======List of files/folders modified in the last 1 months======
2010-01-24 15:32:48 —-D—- E:WINDOWSPrefetch
2010-01-24 15:31:36 —-D—- E:Documents and SettingsВладелецApplication DataSkype
2010-01-24 15:30:01 —-D—- E:WINDOWStemp
2010-01-24 15:28:55 —-AD—- E:Documents and SettingsAll UsersApplication DataTEMP
2010-01-24 15:25:24 —-D—- E:WINDOWSsystem32
2010-01-24 15:25:23 —-D—- E:WINDOWS
2010-01-24 15:23:49 —-D—- E:Documents and SettingsВладелецApplication DatauTorrent
2010-01-24 15:18:27 —-D—- E:Юля
2010-01-24 12:58:40 —-D—- E:Settings
2010-01-24 12:42:09 —-A—- E:WINDOWSSchedLgU.Txt
2010-01-24 10:47:53 —-D—- E:Documents and SettingsВладелецApplication DataskypePM
2010-01-11 02:39:19 —-D—- E:Documents and Settings
2010-01-11 01:30:00 —-D—- E:Program FilesABBYY FineReader 9.0
2010-01-11 01:29:59 —-SHD—- E:WINDOWSInstaller
2010-01-11 01:29:53 —-HD—- E:Config.Msi
2010-01-10 16:48:36 —-D—- E:WINDOWSsystem32CatRoot2
2010-01-10 01:55:31 —-D—- E:Program FilesCommon Files
2010-01-10 01:55:07 —-D—- E:Documents and SettingsВладелецApplication DataHPAppData
2010-01-09 22:27:04 —-D—- E:Program FilesuTorrent
2010-01-08 01:47:51 —-D—- E:музыка
2010-01-08 00:28:04 —-D—- E:Program FilesShareman
2010-01-06 18:28:49 —-D—- E:Documents and SettingsAll UsersApplication DataSkype
2010-01-06 02:03:36 —-D—- E:WINDOWSsystem32LogFiles
2010-01-06 01:57:16 —-RD—- E:Program Files
2010-01-05 18:31:50 —-HD—- E:WINDOWSinf
2010-01-05 18:30:54 —-D—- E:WINDOWSsystem32DirectX
2010-01-05 18:27:23 —-D—- E:Program FilesНовая папка
2010-01-05 16:54:02 —-D—- E:WINDOWSWinSxS
2009-12-28 19:00:58 —-A—- E:WINDOWSwin.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; E:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 StarOpen;StarOpen; E:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; E:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:WINDOWSsystem32driversRtkHDAud.sys [2008-02-14 4676096]
R3 nv;nv; E:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-03-24 6547872]
R3 PAC207;i-Look 110; E:WINDOWSsystem32DRIVERSPFC027.SYS [2008-02-13 618112]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; E:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-09-19 101504]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; E:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 концентратор; E:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbstor;Драйвер запоминающих устройств для USB; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; E:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption декодер; E:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]
S3 gdrv;gdrv; ??E:WINDOWSgdrv.sys []
S3 HidUsb;Драйвер класса HID Microsoft; E:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:WINDOWSsystem32DRIVERSHPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:WINDOWSsystem32DRIVERSHPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:WINDOWSsystem32DRIVERSHPZius12.sys [2007-10-30 21568]
S3 mouhid;Драйвер мыши HID; E:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; E:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; E:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; E:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; E:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); E:WINDOWSsystem32DRIVERSss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; E:WINDOWSsystem32DRIVERSss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; E:WINDOWSsystem32DRIVERSss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; E:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); E:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
S3 usbprint;Класс принтеров Microsoft USB; E:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 WSTCODEC;World Standard Teletext кодек; E:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 2GIS UpdateClientService;2GIS UpdateClientService; E:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; E:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2007-12-06 660768]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; E:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 DWMRCS;DameWare Mini Remote Control; E:WINDOWSsystem32DWRCS.exe [2007-08-02 223232]
R2 MDM;Machine Debug Manager; E:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; E:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; E:WINDOWSsystem32nvsvc32.exe [2008-03-24 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; E:WINDOWSSystem32svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; E:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-02-14 654848]
S3 IDriverT;InstallDriver Table Manager; E:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-03 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; E:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; E:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; E:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
EOF
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service usprserv stopped successfully.
Service usprserv deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}\ deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\amva deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifywinjrs32\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{08ca2d61-7013-11db-9ac5-806d6172696f}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{08ca2d63-7013-11db-9ac5-806d6172696f}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{29933bad-709f-11db-b788-00173164511c}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{475935d8-76df-11db-b79b-00173164511c}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{47966b8a-7539-11db-b793-00173164511c}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{52eabf6f-7227-11db-b78b-00173164511c}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{eee20d94-77bf-11db-b79d-00173164511c}\ deleted successfully.
========== FILES ==========
C:usdeiect.com moved successfully.
C:WINDOWSsystem32amvo.exe moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32winjrs32.dll
C:WINDOWSsystem32winjrs32.dll NOT unregistered.
C:WINDOWSsystem32winjrs32.dll moved successfully.
C:PROGRA~1MyCentriaInfoBar moved successfully.
C:PROGRA~1MyCentriaFirefox moved successfully.
C:PROGRA~1MyCentria moved successfully.
========== COMMANDS ==========
File delete failed. C:DOCUME~19335~1LOCALS~1Tempetilqs_KM1kNL2emSjKfn4JGgfg scheduled to be deleted on reboot.
File delete failed. C:DOCUME~19335~1LOCALS~1TempJETA6DA.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~19335~1LOCALS~1Temp~DF7454.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempPerflib_Perfdata_7ac.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:Documents and SettingsАдминистраторLocal SettingsApplication DataMozillaFirefoxProfiles7dk32gsk.defaulturlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 02062009_231124
Files moved on Reboot…
File C:DOCUME~19335~1LOCALS~1Tempetilqs_KM1kNL2emSjKfn4JGgfg not found!
File C:DOCUME~19335~1LOCALS~1TempJETA6DA.tmp not found!
C:DOCUME~19335~1LOCALS~1Temp~DF7454.tmp moved successfully.
File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.
C:WINDOWStempPerflib_Perfdata_7ac.dat moved successfully.
C:Documents and SettingsАдминистраторLocal SettingsApplication DataMozillaFirefoxProfiles7dk32gsk.defaulturlclassifier3.sqlite moved successfully.========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: :services
Unable to kill process: usprserv
Unable to kill process: :reg
Unable to kill process: [-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}]
Unable to kill process: [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
Unable to kill process: «amva»=-
Unable to kill process: [-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifywinjrs32]
Unable to kill process: [-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{08ca2d61-7013-11db-9ac5-806d6172696f}]
Unable to kill process: [-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{08ca2d63-7013-11db-9ac5-806d6172696f}]
Unable to kill process: [-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{29933bad-709f-11db-b788-00173164511c}]
Unable to kill process: [-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{475935d8-76df-11db-b79b-00173164511c}]
Unable to kill process: [-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{47966b8a-7539-11db-b793-00173164511c}]
Unable to kill process: [-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{52eabf6f-7227-11db-b78b-00173164511c}]
Unable to kill process: [-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{eee20d94-77bf-11db-b79d-00173164511c}]
Unable to kill process: :files
Unable to kill process: C:usdeiect.com
Unable to kill process: C:WINDOWSsystem32amvo.exe
Unable to kill process: C:WINDOWSsystem32winjrs32.dll
Unable to kill process: C:PROGRA~1MYCENT~1
Unable to kill process: :Commands
Unable to kill process: [emptytemp]
Unable to kill process: [start explorer]
Unable to kill process: [Reboot]OTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 02042009_234837
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-02-04 23:49:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (5%) free of 143 GB
Total RAM: 1023 MB (54% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49:18, on 04.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32RunDLL32.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesCommon FilesACD SystemsENDevDetect.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSteamSteam.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesCursorXPCursorXP.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesICQ6.5ICQ.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesPeersPeers.exe
C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
C:Program FilesStylerStyler.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32taskmgr.exe
C:Documents and SettingsАдминистраторРабочий столRSIT.exe
C:Program Filestrend microАдминистратор.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mail.ru
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: MyCentria Internet Mate v2.3 — {FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86} — C:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: ICQToolBar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:Program FilesICQ6ToolbarICQToolBar.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: StylerToolBar — {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} — C:Program FilesStylerTBStylerTB.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [Device Detector] DevDetect.exe -autorun
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Steam] «C:Program FilesSteamSteam.exe» -silent
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [STYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe -Hide
O4 — HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesAheadLibNMBgMonitor.exe»
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6.5ICQ.exe» silent
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Styler.lnk = ?
O4 — Global Startup: Peers.lnk = C:Program FilesPeersPeers.exe
O4 — Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) — http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 — DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) — http://vkontakte.ru/uploader/ImageUploader4.cab
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O20 — Winlogon Notify: winjrs32 — C:WINDOWSSYSTEM32winjrs32.dll
O23 — Service: 2GIS UpdateClientService — ДубльГИС — C:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: StyleXPService — Unknown owner — C:Program FilesTGTSoftStyleXPStyleXPService.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10425 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-12-14 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-02-02 676704][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2008-11-23 2427968][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-11-30 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-12-14 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-12-14 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFC57DB-1DE3-4303-B24D-CEE6DCDD3D86}]
MyCentria Internet Mate v2.3 — C:PROGRA~1MYCENT~1InfoBarMYCENT~1.DLL [2008-12-02 690688][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — &Google — c:program filesgooglegoogletoolbar1.dll [2008-11-23 2427968]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQToolBar — C:Program FilesICQ6ToolbarICQToolBar.dll [2008-06-12 958712]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-02-02 676704]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} — StylerToolBar — C:Program FilesStylerTBStylerTB.dll [2006-05-02 102400][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-10-24 90112]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-06-01 7618560]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMCTray.dll [2006-06-01 86016]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2009-02-02 5603000]
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648]
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«Device Detector»=DevDetect.exe -autorun []
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-12-14 136600][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«Steam»=C:Program FilesSteamSteam.exe [2006-11-09 1410296]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-11-30 68856]
«STYLEXP»=C:Program FilesTGTSoftStyleXPStyleXP.exe [2006-05-25 1372160]
«CursorXP»=C:Program FilesCursorXPCursorXP.exe [2005-01-19 128000]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2006-10-09 139264]
«ICQ»=C:Program FilesICQ6.5ICQ.exe [2008-11-30 172792]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Peers.lnk — C:Program FilesPeersPeers.exe
Ulead Photo Express 4.0 SE Calendar Checker .lnk — C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
Styler.lnk — C:Documents and SettingsАдминистраторApplication DataMicrosoftInstaller{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}_585b207a.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifywinjrs32]
C:WINDOWSsystem32winjrs32.dll [2008-12-05 39424][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:WINDOWSsystem32winver.exe»=»C:WINDOWSsystem32winver.exe:*:Enabled:winver»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{29933bad-709f-11db-b788-00173164511c}]
shellAutoRuncommand — E:usdeiect.com
shellexplorecommand — E:usdeiect.com
shellopencommand — E:usdeiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{475935d8-76df-11db-b79b-00173164511c}]
shellAutoRuncommand — E:usdeiect.com
shellexplorecommand — E:usdeiect.com
shellopencommand — E:usdeiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{47966b8a-7539-11db-b793-00173164511c}]
shellAutoRuncommand — E:usdeiect.com
shellexplorecommand — E:usdeiect.com
shellopencommand — E:usdeiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{52eabf6f-7227-11db-b78b-00173164511c}]
shellAutoRuncommand — G:usdeiect.com
shellexplorecommand — G:usdeiect.com
shellopencommand — G:usdeiect.com[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c6ee689a-f2e3-11dd-b8a1-00173164511c}]
shell1command — E:RUNAUT~1autorun.pif
shell2command — E:RUNAUT~1autorun.pif
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1autorun.pif[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{eee20d94-77bf-11db-b79d-00173164511c}]
shellAutoRuncommand — E:usdeiect.com
shellexplorecommand — E:usdeiect.com
shellopencommand — E:usdeiect.com======List of files/folders created in the last 1 months======
2009-02-04 23:41:55 —-D—- C:_OTMoveIt
2009-02-02 20:55:35 —-D—- C:Program Filestrend micro
2009-02-02 20:55:34 —-D—- C:rsit
2009-01-24 23:52:13 —-RSH—- C:usdeiect.com
2009-01-14 23:04:12 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-01-14 23:04:06 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-01-14 17:01:06 —-HDC—- C:WINDOWS$NtUninstallKB899587$
2009-01-14 17:01:02 —-HDC—- C:WINDOWS$NtUninstallKB927802$
2009-01-14 17:00:56 —-HDC—- C:WINDOWS$NtUninstallKB943460$
2009-01-14 17:00:51 —-HDC—- C:WINDOWS$NtUninstallKB885835$
2009-01-14 17:00:46 —-HDC—- C:WINDOWS$NtUninstallKB885836$
2009-01-14 17:00:41 —-HDC—- C:WINDOWS$NtUninstallKB937894$
2009-01-14 17:00:37 —-HDC—- C:WINDOWS$NtUninstallKB901017$
2009-01-14 17:00:33 —-HDC—- C:WINDOWS$NtUninstallKB899591$
2009-01-14 17:00:29 —-HDC—- C:WINDOWS$NtUninstallKB933729$
2009-01-14 17:00:26 —-HDC—- C:WINDOWS$NtUninstallKB924667$
2009-01-14 17:00:22 —-HDC—- C:WINDOWS$NtUninstallKB896423$
2009-01-14 17:00:18 —-HDC—- C:WINDOWS$NtUninstallKB925398_WMP64$
2009-01-14 17:00:07 —-HDC—- C:WINDOWS$NtUninstallKB910437$
2009-01-14 17:00:02 —-HDC—- C:WINDOWS$NtUninstallKB911564$
2009-01-14 16:59:45 —-HDC—- C:WINDOWS$NtUninstallKB925902$
2009-01-13 23:44:11 —-HDC—- C:WINDOWS$NtUninstallKB891781$
2009-01-13 23:44:07 —-HDC—- C:WINDOWS$NtUninstallKB926436$
2009-01-13 23:44:02 —-HDC—- C:WINDOWS$NtUninstallKB932168$
2009-01-13 23:43:58 —-HDC—- C:WINDOWS$NtUninstallKB922582$
2009-01-13 23:43:52 —-HDC—- C:WINDOWS$NtUninstallKB900725$
2009-01-13 23:43:48 —-HDC—- C:WINDOWS$NtUninstallKB920213$
2009-01-13 23:43:44 —-HDC—- C:WINDOWS$NtUninstallKB886185$
2009-01-13 23:43:37 —-HDC—- C:WINDOWS$NtUninstallKB950749$
2009-01-13 23:43:31 —-HDC—- C:WINDOWS$NtUninstallKB908531$
2009-01-13 23:43:26 —-HDC—- C:WINDOWS$NtUninstallKB913580$
2009-01-13 23:43:22 —-HDC—- C:WINDOWS$NtUninstallKB894391$
2009-01-13 23:43:15 —-HDC—- C:WINDOWS$NtUninstallKB914389$======List of files/folders modified in the last 1 months======
2009-02-04 23:49:04 —-D—- C:Program FilesSteam
2009-02-04 23:46:51 —-D—- C:WINDOWSTemp
2009-02-04 23:46:27 —-D—- C:WINDOWSPrefetch
2009-02-04 23:46:22 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-04 23:46:06 —-D—- C:Program FilesMozilla Firefox
2009-02-04 23:39:35 —-D—- C:WINDOWSsystem32
2009-02-04 23:38:40 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-02-02 23:19:22 —-A—- C:WINDOWSNeroDigital.ini
2009-02-02 20:55:35 —-RD—- C:Program Files
2009-02-01 14:59:13 —-SHD—- C:WINDOWSInstaller
2009-01-19 00:25:55 —-D—- C:WINDOWS
2009-01-18 23:15:15 —-HD—- C:WINDOWSinf
2009-01-15 15:46:48 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-01-14 23:04:14 —-D—- C:WINDOWSsystem32drivers
2009-01-14 23:04:12 —-HD—- C:WINDOWS$hf_mig$
2009-01-14 23:04:11 —-A—- C:WINDOWSimsins.BAK
2009-01-14 23:03:36 —-A—- C:WINDOWSsystem32MRT.INI
2009-01-14 17:00:26 —-D—- C:WINDOWSWinSxS
2009-01-14 17:00:03 —-D—- C:Program FilesWindows Media Player
2009-01-14 13:36:01 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-01-14 13:31:39 —-D—- C:WINDOWSmsagent
2009-01-10 07:35:28 —-A—- C:WINDOWSsystem32MRT.exe======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
R1 StyleXPHelper;StyleXPHelper; ??C:Program FilesTGTSoftStyleXPStyleXPHelper.exe []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-10-26 3786944]
R3 GT680x;BearPaw 2448TA Plus Usb Scanner; C:WINDOWSSystem32DriversGt680x.sys [2003-02-18 17504]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-10-20 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 npkcusb;npkcusb; ??C:Documents and SettingsАдминистраторМои документыЗагрузки PeersНовая папкаsystemnpkcusb.sys []
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-06-01 3925920]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2005-04-06 12928]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-04 17024]
R3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 dump_wmimmc;dump_wmimmc; ??C:Program Files4GAMELineageIIsystemGameGuarddump_wmimmc.sys []
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 npkcrypt;npkcrypt; ??C:Documents and SettingsАдминистраторМои документыЗагрузки PeersНовая папкаsystemnpkcrypt.sys []
S3 NPPTNT2;NPPTNT2; ??C:WINDOWSsystem32npptNT2.sys []
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2001-10-20 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-12-14 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-06-01 155715]
R2 StyleXPService;StyleXPService; C:Program FilesTGTSoftStyleXPStyleXPService.exe [2006-05-25 372736]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S2 2GIS UpdateClientService;2GIS UpdateClientService; C:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-12-08 654848]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-11-23 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2006-10-09 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:WINDOWSSystem32svchost.exe [2004-08-17 14336]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
EOF
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{70e664a4-a008-11dd-9513-001d7dcaaa9f}\ deleted successfully.
========== FILES ==========
File/Folder E:Documents and SettingsAll UsersApplication Datalzolib.dll not found.
========== COMMANDS ==========
File delete failed. E:DOCUME~17B5C~1LOCALS~1TempJET6B52.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. E:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. E:WINDOWStempcch~22f280b2ec75.htp scheduled to be deleted on reboot.
File delete failed. E:WINDOWStempcch~22f280bb80aa.htp scheduled to be deleted on reboot.
File delete failed. E:WINDOWStempcch~230247db34f7.htp scheduled to be deleted on reboot.
File delete failed. E:WINDOWStempcch~230247e45b4f.htp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.7.2 log created on 12202008_120347
Files moved on Reboot…
File E:DOCUME~17B5C~1LOCALS~1TempJET6B52.tmp not found!
File move failed. E:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.
File E:WINDOWStempcch~22f280b2ec75.htp not found!
File E:WINDOWStempcch~22f280bb80aa.htp not found!
File E:WINDOWStempcch~230247db34f7.htp not found!
File E:WINDOWStempcch~230247e45b4f.htp not found!Logfile of random’s system information tool 1.05 (written by random/random)
Run by Владелец at 2008-12-20 12:12:39
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 408 GB (86%) free of 477 GB
Total RAM: 3070 MB (79% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:41, on 20.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: NormalRunning processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32spoolsv.exe
E:WINDOWSExplorer.EXE
E:Program Files2gisUpdateClientWin32UpdateClientService.exe
E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
E:WINDOWSsystem32DWRCS.exe
E:WINDOWSsystem32svchost.exe
E:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32nvsvc32.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32DWRCST.exe
E:WINDOWSsystem32wuauclt.exe
E:WINDOWSsystem32RUNDLL32.EXE
E:WINDOWSRTHDCPL.EXE
E:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
E:Program FilesHPHP Software UpdateHPWuSchd2.exe
E:Program FilesMail.RuAgentMAgent.exe
E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSsystem32ctfmon.exe
E:Program FilesICQ6ICQ.exe
E:Program FilesPunto Switcherpunto.exe
E:Program FilesSteamSteam.exe
E:Program FilesAdobeReader 8.0Readerreader_sl.exe
E:Program FilesHPDigital Imagingbinhpqtra08.exe
E:Program FilesHPDigital ImagingbinhpqSTE08.exe
E:Program FilesHPDigital Imagingbinhpqbam08.exe
E:Program FilesHPDigital Imagingbinhpqgpc01.exe
E:Program FilesInternet ExplorerIEXPLORE.EXE
E:Program FilesHPDigital ImagingSmart Web Printinghpswp_clipbook.exe
E:Documents and SettingsВладелецРабочий столRSIT.exe
E:Program FilesTrend MicroHijackThisВладелец.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mail.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — E:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — E:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: HP Print Enhancer — {0347C33E-8762-4905-BF09-768834316C61} — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — E:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — E:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: HP Smart BHO Class — {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — E:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — E:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE E:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE E:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [GEST] m‘|ь
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [GrooveMonitor] «E:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [ISUSPM Startup] «E:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe» -startup
O4 — HKLM..Run: [ISUSScheduler] «E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [HP Software Update] E:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [hpqSRMon] E:Program FilesHPDigital ImagingbinhpqSRMon.exe
O4 — HKLM..Run: [MAgent] E:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [AVP] «E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe»
O4 — HKCU..Run: [CTFMON.EXE] E:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [ICQ] «E:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [Punto Switcher] E:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [Steam] «E:Program FilesSteamSteam.exe» -silent
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = E:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: Adobe Reader Speed Launch.lnk = E:Program FilesAdobeReader 8.0Readerreader_sl.exe
O4 — Global Startup: Adobe Reader Synchronizer.lnk = E:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O4 — Global Startup: HP Digital Imaging Monitor.lnk = E:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 — Global Startup: Peers.lnk = E:Program FilesPeersPeers.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://E:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Найти в интернете — res://E:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://E:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O8 — Extra context menu item: Найти с помощью Рамблера — res://E:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://E:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Cтатистика Веб-Антивируса — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — E:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — E:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — E:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — E:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — E:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — E:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — E:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: Расширенный выбор HP — {DDE87865-83C5-48c4-8357-2F5B1AA84522} — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — E:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O23 — Service: 2GIS UpdateClientService — ДубльГИС — E:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 — Service: Kaspersky Anti-Virus 6.0 (AVP) — Kaspersky Lab — E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
O23 — Service: DameWare Mini Remote Control (DWMRCS) — DameWare Development LLC — E:WINDOWSsystem32DWRCS.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — E:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — E:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — E:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — E:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — E:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — E:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — E:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — E:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9830 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll [2007-11-06 322880][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — E:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-26 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — E:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-12-12 667336][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll [2007-11-06 542016][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — E:Program FilesRambler AssistantramblertoolbarU1.dll [2008-12-17 804336]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — E:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-12-12 667336][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=E:WINDOWSsystem32NvCpl.dll [2008-03-24 13524992]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=E:WINDOWSsystem32NvMcTray.dll [2008-03-24 86016]
«GEST»=m‘|ь []
«RTHDCPL»=E:WINDOWSRTHDCPL.EXE [2008-02-13 16857600]
«GrooveMonitor»=E:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-26 31016]
«ISUSPM Startup»=E:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe [2005-08-11 249856]
«ISUSScheduler»=E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-08-11 81920]
«HP Software Update»=E:Program FilesHPHP Software UpdateHPWuSchd2.exe [2007-10-14 49152]
«hpqSRMon»=E:Program FilesHPDigital ImagingbinhpqSRMon.exe [2007-08-22 80896]
«MAgent»=E:Program FilesMail.RuAgentMAgent.exe [2008-12-12 4428472]
«AVP»=E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe [2007-03-09 200768][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=E:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«ICQ»=E:Program FilesICQ6ICQ.exe [2008-09-01 173304]
«Punto Switcher»=E:Program FilesPunto Switcherpunto.exe [2008-10-16 735016]
«Steam»=E:Program FilesSteamSteam.exe [2008-11-21 1410296]E:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — E:Program FilesAdobeReader 8.0Readerreader_sl.exe
Adobe Reader Synchronizer.lnk — E:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
HP Digital Imaging Monitor.lnk — E:Program FilesHPDigital Imagingbinhpqtra08.exe
Peers.lnk — E:Program FilesPeersPeers.exeE:Documents and SettingsВладелецГлавное менюПрограммыАвтозагрузка
Вырезка экрана и программа запуска для OneNote 2007.lnk — E:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
E:WINDOWSsystem32klogon.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — E:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=E:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-26 2210608][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDrives»=0
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«E:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»E:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«E:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»E:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«E:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»E:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«E:Program FilesHPDigital Imagingbinhpqtra08.exe»=»E:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe»
«E:Program FilesHPDigital Imagingbinhpqste08.exe»=»E:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«E:Program FilesHPDigital Imagingbinhposid01.exe»=»E:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«E:Program FilesPeersPeers.exe»=»E:Program FilesPeersPeers.exe:*:Enabled:Peers»
«E:Program FilesICQ6ICQ.exe»=»E:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe»=»E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe:*:Enabled:Kaspersky Anti-Virus»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2008-12-20 12:03:47 —-D—- E:_OTMoveIt
2008-12-20 12:01:58 —-RASHD—- E:autorun.inf
2008-12-18 07:37:33 —-D—- E:rsit
2008-12-17 02:29:21 —-SHD—- E:RECYCLER
2008-12-17 02:23:12 —-D—- E:ComboFix
2008-12-17 02:17:10 —-D—- E:WINDOWStemp
2008-12-17 02:15:48 —-D—- E:WINDOWSERDNT
2008-12-17 02:07:55 —-D—- E:Program FilesTrend Micro
2008-12-12 19:20:14 —-D—- E:Documents and SettingsAll UsersApplication DataAlawar Stargaze
2008-12-12 17:42:02 —-HDC—- E:WINDOWS$NtUninstallKB955839$
2008-12-12 17:40:53 —-HDC—- E:WINDOWS$NtUninstallKB952069_WM9$
2008-12-12 17:40:48 —-HDC—- E:WINDOWS$NtUninstallKB954600$
2008-12-12 17:40:42 —-HDC—- E:WINDOWS$NtUninstallKB956802$
2008-11-22 22:13:14 —-D—- E:Program FilesEA GAMES
2008-11-22 20:50:29 —-D—- E:Documents and SettingsВладелецApplication DataGrym
2008-11-22 20:05:45 —-D—- E:Program Files2gis
2008-11-22 20:05:45 —-D—- E:Documents and SettingsAll UsersApplication Data2GIS
2008-11-21 21:36:15 —-D—- E:Program FilesSteam======List of files/folders modified in the last 1 months======
2008-12-20 12:09:46 —-D—- E:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-12-20 12:09:05 —-D—- E:WINDOWSsystem32CatRoot2
2008-12-20 12:06:03 —-A—- E:WINDOWSSchedLgU.Txt
2008-12-20 12:01:56 —-D—- E:WINDOWSPrefetch
2008-12-19 22:13:17 —-AD—- E:Documents and SettingsAll UsersApplication DataTEMP
2008-12-18 08:24:17 —-D—- E:WINDOWS
2008-12-18 08:22:38 —-D—- E:WINDOWSsystem32
2008-12-18 07:47:58 —-HD—- E:WINDOWSinf
2008-12-18 07:47:53 —-RSHDC—- E:WINDOWSsystem32dllcache
2008-12-18 07:47:45 —-HD—- E:WINDOWS$hf_mig$
2008-12-18 07:41:04 —-D—- E:Documents and SettingsВладелецApplication DataHPAppData
2008-12-17 12:13:32 —-D—- E:Documents and SettingsAll UsersApplication DataAlawarWrapper
2008-12-17 10:51:44 —-SHD—- E:System Volume Information
2008-12-17 10:51:44 —-D—- E:WINDOWSsystem32Restore
2008-12-17 02:20:38 —-D—- E:WINDOWSsystem32drivers
2008-12-17 02:18:52 —-A—- E:WINDOWSsystem.ini
2008-12-17 02:16:52 —-D—- E:WINDOWSAppPatch
2008-12-17 02:16:52 —-D—- E:Program FilesCommon Files
2008-12-17 02:07:55 —-RD—- E:Program Files
2008-12-17 01:23:02 —-D—- E:Program FilesRambler Assistant
2008-12-15 18:12:58 —-D—- E:Program FilesPeers
2008-12-13 12:39:09 —-A—- E:WINDOWSsystem32mshtml.dll
2008-12-12 19:16:19 —-D—- E:Program FilesGames.Mail.Ru
2008-12-12 17:43:04 —-D—- E:Program FilesInternet Explorer
2008-12-12 17:42:04 —-A—- E:WINDOWSimsins.BAK
2008-12-10 05:24:37 —-A—- E:WINDOWSsystem32MRT.exe
2008-12-04 22:51:35 —-D—- E:WINDOWSHelp
2008-12-04 22:16:45 —-D—- E:WINDOWSsystem32wbem
2008-12-04 22:16:45 —-A—- E:WINDOWSsystem32PerfStringBackup.INI
2008-12-04 22:16:44 —-SD—- E:Documents and SettingsВладелецApplication DataMicrosoft
2008-11-22 22:29:38 —-HD—- E:Program FilesInstallShield Installation Information
2008-11-22 22:11:41 —-D—- E:Program FilesCommon FilesInstallShield
2008-11-22 20:50:16 —-SHD—- E:WINDOWSInstaller
2008-11-22 20:50:16 —-HD—- E:Config.Msi
2008-11-22 19:04:02 —-D—- E:Documents and SettingsВладелецApplication DataICQ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; E:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 klif;Klif; ??E:WINDOWSsystem32driversklif.sys []
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; E:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:WINDOWSsystem32driversRtkHDAud.sys [2008-02-14 4676096]
R3 nv;nv; E:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-03-24 6547872]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; E:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-01-03 105856]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; E:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 концентратор; E:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbstor;Драйвер запоминающих устройств для USB; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; E:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
S3 gdrv;gdrv; ??E:WINDOWSgdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:WINDOWSsystem32DRIVERSHPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:WINDOWSsystem32DRIVERSHPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:WINDOWSsystem32DRIVERSHPZius12.sys [2007-10-30 21568]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); E:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
S3 usbprint;Класс принтеров Microsoft USB; E:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; E:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; E:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 2GIS UpdateClientService;2GIS UpdateClientService; E:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 AVP;Kaspersky Anti-Virus 6.0; E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe [2007-03-09 200768]
R2 DWMRCS;DameWare Mini Remote Control; E:WINDOWSsystem32DWRCS.exe [2007-08-02 223232]
R2 hpqddsvc;Служба HP CUE DeviceDiscovery; E:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; E:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; E:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; E:WINDOWSsystem32nvsvc32.exe [2008-03-24 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; E:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; E:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; E:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; E:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; E:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; E:WINDOWSsystem32svchost.exe [2008-04-14 14336]
EOF
info.txt logfile of random’s system information tool 1.05 2008-12-18 07:37:37
======Uninstall list======
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:WINDOWSINFPCHealth.inf
32 Bit HP CIO Components Installer—>MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
ACDSee Pro 2—>MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Adobe Flash Player 10 ActiveX—>E:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 8 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A80000000000}
Ashampoo Burning Studio 7.10—>»E:Program FilesAshampooAshampoo Burning Studio 7unins000.exe»
Battlefield 1942: Secret Weapons of WWII—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{B73B4A99-4173-4747-BBEC-0F05E966F9D2}setup.exe» -l0x9
Battlefield 1942: The Road To Rome—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}setup.exe» -l0x9
Battlefield 1942—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}setup.exe» -l0x9
Classic Menu 1.51 for Office—>»E:Program FilesClassic Menu for Officeunins000.exe»
Condition Zero Deleted Scenes—>»E:PROGRA~1Steamsteam.exe» steam://uninstall/100
Condition Zero—>»E:PROGRA~1Steamsteam.exe» steam://uninstall/80
CorelDRAW Graphics Suite X3—>MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
Counter-Strike Steamworks Beta—>»E:PROGRA~1Steamsteam.exe» steam://uninstall/150
Counter-Strike(TM)—>MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike—>»E:PROGRA~1Steamsteam.exe» steam://uninstall/10
DameWare Mini Remote Control Client Agent Service—>MsiExec.exe /I{1DC6563E-181C-4A28-AE7C-6256C3268511}
Day of Defeat—>»E:PROGRA~1Steamsteam.exe» steam://uninstall/30
Deathmatch Classic—>»E:PROGRA~1Steamsteam.exe» steam://uninstall/40
FontNav—>MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
HijackThis 2.0.2—>»E:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)—>»E:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
HP Customer Participation Program 10.0—>E:Program FilesHPDigital ImagingExtCapUninstallhpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet D2500 Printer Driver Software 10.0 Rel .3—>E:Program FilesHPDigital Imaging{89998BCF-F415-468a-8282-CB042765A26F}setuphpzscr01.exe -datfile hphscr25.dat -onestop
HP Imaging Device Functions 10.0—>E:Program FilesHPDigital ImagingDeviceManagementhpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5—>E:Program FilesHPDigital ImagingPhotoSmartEssentialhpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing—>E:Program FilesHPDigital ImagingSmart Web Printinghpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0—>E:Program FilesHPDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat
HP Update—>MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
ICQ6—>»E:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
K-Lite Codec Pack 3.3.5 Full—>»E:Program FilesK-Lite Codec Packunins000.exe»
Mail.Ru Агент 5.2 (сборка 2415, для всех пользователей)—>E:Program FilesMail.RuAgentmagentsetup.exe -uninstalllm
Mail.Ru Спутник 2.0.1.31—>E:Program FilesMail.RuSputnikSputnikInstaller.exe -uninstall
Microsoft Compression Client Pack 1.0 for Windows XP—>»E:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Internationalized Domain Names Mitigation APIs—>»E:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»E:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»E:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»E:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers—>E:WINDOWSsystem32nvuninst.exe UninstallGUI
Opera 9.23—>MsiExec.exe /X{45A54FAD-AADB-4CD2-9E56-2507A15F013D}
Peers r420—>»E:Program FilesPeersunins000.exe»
PunkBuster for Battlefield 1942—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{127B684B-A002-44C8-99A7-6CF8F1E26873}setup.exe» -l0x9
Punto Switcher 3.0—>E:Program FilesPunto Switcheruninstall.exe
Rambler-Ассистент—>»E:Program FilesRambler Assistantuninstall.exe»
REALTEK GbE & FE Ethernet PCI-E NIC Driver—>E:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}SETUP.EXE -runfromtemp -l0x0019 -removeonly
Realtek High Definition Audio Driver—>RunDll32 E:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «E:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
Ricochet—>»E:PROGRA~1Steamsteam.exe» steam://uninstall/60
RU—>MsiExec.exe /I{01AE68B4-C785-4865-BC7E-78456372BB75}
Shop for HP Supplies—>E:Program FilesHPDigital ImagingHPSSupplyhpzscr01.exe -datfile hpqbud16.dat
Steam(TM)—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Update Manager—>MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA—>MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Windows Media Format 11 runtime—>»E:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»E:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»E:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows XP Service Pack 3—>»E:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Антивирус Касперского 6.0—>MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Антивирус Касперского 6.0—>MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Архиватор WinRAR—>E:Program FilesWinRARuninstall.exe
Веселая ферма 2—>E:Program FilesGames.Mail.RuВеселая ферма 2Uninstall.exe
Данные ДубльГИС г.Новосибирск 01.11.2008—>MsiExec.exe /X{6B557F2F-E01F-49F6-BBF1-D8D18ABB4E7E}
ДубльГИС 3.0.4.1—>MsiExec.exe /X{FA671504-B676-42B9-A5E5-30399BD8F676}
Исправление для Windows XP (KB952287)—>»E:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Исправление для проигрывателя Windows Media 11 — (KB939683)—>»E:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB938127)—>»E:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB938127-v2)—>»E:WINDOWSie7updatesKB938127-v2-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB953838)—>»E:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB956390)—>»E:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB958215)—>»E:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP — (KB941569)—>»E:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»E:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»E:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»E:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»E:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»E:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»E:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»E:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»E:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954211)—>»E:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954459)—>»E:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»E:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»E:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956390)—>»E:WINDOWS$NtUninstallKB956390$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»E:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»E:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»E:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956841)—>»E:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957095)—>»E:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»E:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»E:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»E:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB936782)—>»E:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»E:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows XP (KB951072-v2)—>»E:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Обновление для Windows XP (KB951978)—>»E:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»E:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Проигрыватель Windows Media 11—>»E:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Центр обновлений ДубльГИС—>MsiExec.exe /X{2FB165EB-69C0-416D-9B4E-E805ABC8CB1F}=====HijackThis Backups=====
O2 — BHO: lzolibP — {A2BC7E73-7606-4C03-B215-E6B1EAD0265E} — E:Documents and SettingsAll UsersApplication Datalzolib.dll
======Security center information======
AV: Антивирус Касперского
FW: Антивирус Касперского (disabled)System event log
Computer Name: RIS6085
Event Code: 14200
Message: Служба «WMPNetworkSvc» установлена.Record Number: 2241
Source Name: WMPNetworkSvc
Time Written: 20081110201017.000000+360
Event Type: информация
User:Computer Name: RIS6085
Event Code: 24581
Message: WPD Class Installer: Drivers for 0x00000000 device(s) were successfully uninstalled while migrating a Media Transfer Protocol (MTP) device.Record Number: 2240
Source Name: WPDClassInstaller
Time Written: 20081110200948.000000+360
Event Type: информация
User:Computer Name: RIS6085
Event Code: 24580
Message: WPD Class Installer: Drivers for 0x00000000 device(s) were successfully uninstalled while migrating a dual-mode mass storage class device to Media Transfer Protocol (MTP).Record Number: 2239
Source Name: WPDClassInstaller
Time Written: 20081110200948.000000+360
Event Type: информация
User:Computer Name: RIS6085
Event Code: 4377
Message: Установлено исправление Wudf01000 для Windows XP.Record Number: 2238
Source Name: Wudf01000
Time Written: 20081110200921.000000+360
Event Type: информация
User: RIS6085ВладелецComputer Name: RIS6085
Event Code: 7036
Message: Служба «Фоновая интеллектуальная служба передачи (BITS)» перешла в состояние Работает.Record Number: 2237
Source Name: Service Control Manager
Time Written: 20081110195456.000000+360
Event Type: информация
User:Application event log
Computer Name: RIS6085
Event Code: 1000
Message: Счетчики производительности для службы ContentFilter (ContentFilter) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20080817112432.000000+420
Event Type: информация
User:Computer Name: RIS6085
Event Code: 1000
Message: Счетчики производительности для службы ContentIndex (ContentIndex) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20080817112432.000000+420
Event Type: информация
User:Computer Name: RIS6085
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20080817112431.000000+420
Event Type: информация
User:Computer Name: RIS6085
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20080817112355.000000+420
Event Type: информация
User:Computer Name: RIS6085
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20080817112326.000000+420
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 23 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=1706
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Владелец at 2008-12-18 07:41:09
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 414 GB (87%) free of 477 GB
Total RAM: 3070 MB (85% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:10, on 18.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: NormalRunning processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32spoolsv.exe
E:WINDOWSExplorer.EXE
E:WINDOWSsystem32RUNDLL32.EXE
E:WINDOWSRTHDCPL.EXE
E:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
E:Program FilesHPHP Software UpdateHPWuSchd2.exe
E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
E:WINDOWSsystem32ctfmon.exe
E:Program FilesPunto Switcherpunto.exe
E:Program FilesHPDigital Imagingbinhpqtra08.exe
E:Program Files2gisUpdateClientWin32UpdateClientService.exe
E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
E:WINDOWSsystem32DWRCS.exe
E:WINDOWSsystem32svchost.exe
E:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32nvsvc32.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32DWRCST.exe
E:WINDOWSsystem32wuauclt.exe
E:WINDOWSsystem32svchost.exe
E:Program FilesHPDigital ImagingbinhpqSTE08.exe
E:Program FilesHPDigital Imagingbinhpqbam08.exe
E:Program FilesHPDigital Imagingbinhpqgpc01.exe
E:Documents and SettingsВладелецРабочий столRSIT.exe
E:Program FilesTrend MicroHijackThisВладелец.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mail.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — E:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — E:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: HP Print Enhancer — {0347C33E-8762-4905-BF09-768834316C61} — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — E:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — E:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: HP Smart BHO Class — {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — E:Program FilesRambler AssistantramblertoolbarU1.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — E:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE E:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE E:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [GEST] m‘|ь
O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 — HKLM..Run: [GrooveMonitor] «E:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [ISUSPM Startup] «E:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe» -startup
O4 — HKLM..Run: [ISUSScheduler] «E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [HP Software Update] E:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [hpqSRMon] E:Program FilesHPDigital ImagingbinhpqSRMon.exe
O4 — HKLM..Run: [MAgent] E:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [AVP] «E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe»
O4 — HKCU..Run: [CTFMON.EXE] E:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [ICQ] «E:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [Punto Switcher] E:Program FilesPunto Switcherpunto.exe
O4 — HKCU..Run: [Steam] «E:Program FilesSteamSteam.exe» -silent
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] E:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = E:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: Adobe Reader Speed Launch.lnk = E:Program FilesAdobeReader 8.0Readerreader_sl.exe
O4 — Global Startup: Adobe Reader Synchronizer.lnk = E:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O4 — Global Startup: HP Digital Imaging Monitor.lnk = E:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 — Global Startup: Peers.lnk = E:Program FilesPeersPeers.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://E:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Найти в интернете — res://E:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Найти в словарях — res://E:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O8 — Extra context menu item: Найти с помощью Рамблера — res://E:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://E:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O9 — Extra button: Cтатистика Веб-Антивируса — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — E:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — E:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — E:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — E:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — E:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — E:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — E:Program FilesICQLiteICQLite.exe (file missing)
O9 — Extra button: Расширенный выбор HP — {DDE87865-83C5-48c4-8357-2F5B1AA84522} — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — E:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — E:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — E:Program FilesMessengermsmsgs.exe
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — E:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O23 — Service: 2GIS UpdateClientService — ДубльГИС — E:Program Files2gisUpdateClientWin32UpdateClientService.exe
O23 — Service: Kaspersky Anti-Virus 6.0 (AVP) — Kaspersky Lab — E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
O23 — Service: DameWare Mini Remote Control (DWMRCS) — DameWare Development LLC — E:WINDOWSsystem32DWRCS.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — E:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — E:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — E:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — E:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — E:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — E:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — E:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — E:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — E:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9541 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll [2007-11-06 322880][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — E:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-26 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — E:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-12-12 667336][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class — E:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll [2007-11-06 542016][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — E:Program FilesRambler AssistantramblertoolbarU1.dll [2008-12-17 804336]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — E:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-12-12 667336][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=E:WINDOWSsystem32NvCpl.dll [2008-03-24 13524992]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=E:WINDOWSsystem32NvMcTray.dll [2008-03-24 86016]
«GEST»=m‘|ь []
«RTHDCPL»=E:WINDOWSRTHDCPL.EXE [2008-02-13 16857600]
«GrooveMonitor»=E:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-26 31016]
«ISUSPM Startup»=E:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe [2005-08-11 249856]
«ISUSScheduler»=E:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-08-11 81920]
«HP Software Update»=E:Program FilesHPHP Software UpdateHPWuSchd2.exe [2007-10-14 49152]
«hpqSRMon»=E:Program FilesHPDigital ImagingbinhpqSRMon.exe [2007-08-22 80896]
«MAgent»=E:Program FilesMail.RuAgentMAgent.exe [2008-12-12 4428472]
«AVP»=E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe [2007-03-09 200768][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=E:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«ICQ»=E:Program FilesICQ6ICQ.exe [2008-09-01 173304]
«Punto Switcher»=E:Program FilesPunto Switcherpunto.exe [2008-10-16 735016]
«Steam»=E:Program FilesSteamSteam.exe [2008-11-21 1410296]E:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Adobe Reader Speed Launch.lnk — E:Program FilesAdobeReader 8.0Readerreader_sl.exe
Adobe Reader Synchronizer.lnk — E:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
HP Digital Imaging Monitor.lnk — E:Program FilesHPDigital Imagingbinhpqtra08.exe
Peers.lnk — E:Program FilesPeersPeers.exeE:Documents and SettingsВладелецГлавное менюПрограммыАвтозагрузка
Вырезка экрана и программа запуска для OneNote 2007.lnk — E:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
E:WINDOWSsystem32klogon.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — E:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=E:PROGRA~1MICROS~2Office12GRA8E1~1.DLL [2006-10-26 2210608][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDrives»=0
«NoDriveAutoRun»=67108863[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDrives»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«E:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»E:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«E:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»E:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«E:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»E:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«E:Program FilesHPDigital Imagingbinhpqtra08.exe»=»E:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe»
«E:Program FilesHPDigital Imagingbinhpqste08.exe»=»E:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«E:Program FilesHPDigital Imagingbinhposid01.exe»=»E:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«E:Program FilesPeersPeers.exe»=»E:Program FilesPeersPeers.exe:*:Enabled:Peers»
«E:Program FilesICQ6ICQ.exe»=»E:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe»=»E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe:*:Enabled:Kaspersky Anti-Virus»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{70e664a4-a008-11dd-9513-001d7dcaaa9f}]
shellAutoRuncommand — u.bat
shellexplorecommand — u.bat
shellopencommand — u.bat======List of files/folders created in the last 1 months======
2008-12-18 07:37:33 —-D—- E:rsit
2008-12-17 02:29:21 —-SHD—- E:RECYCLER
2008-12-17 02:23:12 —-D—- E:ComboFix
2008-12-17 02:17:10 —-D—- E:WINDOWStemp
2008-12-17 02:15:48 —-D—- E:WINDOWSERDNT
2008-12-17 02:07:55 —-D—- E:Program FilesTrend Micro
2008-12-12 19:20:14 —-D—- E:Documents and SettingsAll UsersApplication DataAlawar Stargaze
2008-12-12 17:42:02 —-HDC—- E:WINDOWS$NtUninstallKB955839$
2008-12-12 17:40:53 —-HDC—- E:WINDOWS$NtUninstallKB952069_WM9$
2008-12-12 17:40:48 —-HDC—- E:WINDOWS$NtUninstallKB954600$
2008-12-12 17:40:42 —-HDC—- E:WINDOWS$NtUninstallKB956802$
2008-11-22 22:13:14 —-D—- E:Program FilesEA GAMES
2008-11-22 20:50:29 —-D—- E:Documents and SettingsВладелецApplication DataGrym
2008-11-22 20:05:45 —-D—- E:Program Files2gis
2008-11-22 20:05:45 —-D—- E:Documents and SettingsAll UsersApplication Data2GIS
2008-11-21 21:36:15 —-D—- E:Program FilesSteam======List of files/folders modified in the last 1 months======
2008-12-18 07:38:24 —-D—- E:WINDOWSPrefetch
2008-12-18 07:37:48 —-D—- E:Documents and SettingsВладелецApplication DataHPAppData
2008-12-18 07:33:51 —-D—- E:WINDOWSsystem32CatRoot2
2008-12-18 07:33:51 —-D—- E:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-12-18 07:31:22 —-A—- E:WINDOWSSchedLgU.Txt
2008-12-17 12:13:32 —-D—- E:Documents and SettingsAll UsersApplication DataAlawarWrapper
2008-12-17 10:51:44 —-SHD—- E:System Volume Information
2008-12-17 10:51:44 —-D—- E:WINDOWSsystem32Restore
2008-12-17 02:30:05 —-AD—- E:Documents and SettingsAll UsersApplication DataTEMP
2008-12-17 02:23:22 —-D—- E:WINDOWS
2008-12-17 02:23:16 —-D—- E:WINDOWSsystem32
2008-12-17 02:20:38 —-D—- E:WINDOWSsystem32drivers
2008-12-17 02:18:52 —-A—- E:WINDOWSsystem.ini
2008-12-17 02:16:52 —-D—- E:WINDOWSAppPatch
2008-12-17 02:16:52 —-D—- E:Program FilesCommon Files
2008-12-17 02:07:55 —-RD—- E:Program Files
2008-12-17 01:23:02 —-D—- E:Program FilesRambler Assistant
2008-12-15 18:12:58 —-D—- E:Program FilesPeers
2008-12-15 17:45:43 —-HD—- E:WINDOWSinf
2008-12-12 19:16:19 —-D—- E:Program FilesGames.Mail.Ru
2008-12-12 17:43:04 —-D—- E:Program FilesInternet Explorer
2008-12-12 17:41:58 —-A—- E:WINDOWSimsins.BAK
2008-12-12 17:41:55 —-RSHDC—- E:WINDOWSsystem32dllcache
2008-12-12 17:41:43 —-HD—- E:WINDOWS$hf_mig$
2008-12-10 05:24:37 —-A—- E:WINDOWSsystem32MRT.exe
2008-12-04 22:51:35 —-D—- E:WINDOWSHelp
2008-12-04 22:16:45 —-D—- E:WINDOWSsystem32wbem
2008-12-04 22:16:45 —-A—- E:WINDOWSsystem32PerfStringBackup.INI
2008-12-04 22:16:44 —-SD—- E:Documents and SettingsВладелецApplication DataMicrosoft
2008-11-22 22:29:38 —-HD—- E:Program FilesInstallShield Installation Information
2008-11-22 22:11:41 —-D—- E:Program FilesCommon FilesInstallShield
2008-11-22 20:50:16 —-SHD—- E:WINDOWSInstaller
2008-11-22 20:50:16 —-HD—- E:Config.Msi
2008-11-22 19:04:02 —-D—- E:Documents and SettingsВладелецApplication DataICQ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; E:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 klif;Klif; ??E:WINDOWSsystem32driversklif.sys []
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; E:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:WINDOWSsystem32driversRtkHDAud.sys [2008-02-14 4676096]
R3 nv;nv; E:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-03-24 6547872]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; E:WINDOWSsystem32DRIVERSRtenicxp.sys [2008-01-03 105856]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; E:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 концентратор; E:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbstor;Драйвер запоминающих устройств для USB; E:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; E:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
S3 gdrv;gdrv; ??E:WINDOWSgdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:WINDOWSsystem32DRIVERSHPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:WINDOWSsystem32DRIVERSHPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:WINDOWSsystem32DRIVERSHPZius12.sys [2007-10-30 21568]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); E:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
S3 usbprint;Класс принтеров Microsoft USB; E:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; E:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; E:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; E:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 2GIS UpdateClientService;2GIS UpdateClientService; E:Program Files2gisUpdateClientWin32UpdateClientService.exe [2008-09-17 1134592]
R2 AVP;Kaspersky Anti-Virus 6.0; E:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe [2007-03-09 200768]
R2 DWMRCS;DameWare Mini Remote Control; E:WINDOWSsystem32DWRCS.exe [2007-08-02 223232]
R2 hpqddsvc;Служба HP CUE DeviceDiscovery; E:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; E:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; E:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; E:WINDOWSsystem32nvsvc32.exe [2008-03-24 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; E:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; E:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; E:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; E:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; E:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; E:WINDOWSsystem32svchost.exe [2008-04-14 14336]
EOF
