Созданные ответы форума
-
Сообщения
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:50:06, on 18.07.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:windowsexplorer.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesA4TechMouseAmoumain.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
C:Program FilesVistaDriveIconVistaDrv.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSpybot — Search & DestroyTeaTimer.exe
C:Program FilesWindows Desktop SearchWindowsSearch.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Program FilesAviraAntiVir Desktopavguard.exe
C:WINDOWSsystem32ASTSRV.EXE
C:Program FilesAviraAntiVir Desktopavshadow.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32SearchIndexer.exe
C:WINDOWSsystem32taskmgr.exe
C:WINDOWSSystem32svchost.exe
C:Documents and SettingsHelenaLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsHelenaLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
C:Documents and SettingsHelenaLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Program Filestrend microHijackThisHiJackThis.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.smaxi.net
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.smaxi.net
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.smaxi.net
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.smaxi.net
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — — (no file)
R3 — URLSearchHook: BittorrentBar_RU Toolbar — {7b6de06c-7013-4a87-957e-d27d7b977d21} — C:Program FilesBittorrentBar_RUtbBitt.dll
F2 — REG:system.ini: Shell=C:windowsexplorer.exe
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Winamp Toolbar Loader — {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} — C:Program FilesWinamp Toolbarwinamptb.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll
O2 — BHO: Conduit Engine — {30F9B915-B755-4826-820B-08FBA6BD249D} — C:Program FilesConduitEngineConduitEngine.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:PROGRA~1SPYBOT~1SDHelper.dll
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 — BHO: BittorrentBar_RU Toolbar — {7b6de06c-7013-4a87-957e-d27d7b977d21} — C:Program FilesBittorrentBar_RUtbBitt.dll
O2 — BHO: DVDVideoSoftTB Toolbar — {872b5b88-9db5-4310-bdd0-ac189557e5f5} — C:Program FilesDVDVideoSoftTBtbDVD2.dll
O3 — Toolbar: DVDVideoSoftTB Toolbar — {872b5b88-9db5-4310-bdd0-ac189557e5f5} — C:Program FilesDVDVideoSoftTBtbDVD2.dll
O3 — Toolbar: Winamp Toolbar — {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — C:Program FilesWinamp Toolbarwinamptb.dll
O3 — Toolbar: BittorrentBar_RU Toolbar — {7b6de06c-7013-4a87-957e-d27d7b977d21} — C:Program FilesBittorrentBar_RUtbBitt.dll
O3 — Toolbar: Conduit Engine — {30F9B915-B755-4826-820B-08FBA6BD249D} — C:Program FilesConduitEngineConduitEngine.dll
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [USB Antivirus] C:Program FilesUSB Disk SecurityUSBGuard.exe
O4 — HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [avgnt] «C:Program FilesAviraAntiVir Desktopavgnt.exe» /min
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [Adobe ARM] «C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe»
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [OrderReminder] C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ7.0ICQ.exe» silent loginmode=4
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsHelenaLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKCU..Run: [AutoStartNPSAgent] C:Program FilesSamsungSamsung New PC StudioNPSAgent.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE8_02] rundll32 advpack.dll,LaunchINFSectionEx IE8int.inf,AfterUserStart,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [IE8_02] rundll32 advpack.dll,LaunchINFSectionEx IE8int.inf,AfterUserStart,,4,N (User ‘Default user’)
O4 — Startup: Вырезка экрана и программа запуска для OneNote 2007.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 — Global Startup: Windows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe
O8 — Extra context menu item: &Winamp Search — C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~1Office12EXCEL.EXE/3000
O8 — Extra context menu item: Free YouTube Download — C:Documents and SettingsHelenaApplication DataDVDVideoSoftIEHelpersyoutubedownload.htm
O8 — Extra context menu item: Free YouTube to Mp3 Converter — C:Documents and SettingsHelenaApplication DataDVDVideoSoftIEHelpersyoutubetomp3.htm
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~1Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~1Office12ONBttnIE.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~1Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search & Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:PROGRA~1SPYBOT~1SDHelper.dll
O9 — Extra button: Sothink SWF Catcher — {E19ADC6E-3909-43E4-9A89-B7B676377EE3} — C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O9 — Extra ‘Tools’ menuitem: Sothink SWF Catcher — {E19ADC6E-3909-43E4-9A89-B7B676377EE3} — C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O22 — SharedTaskScheduler: Предзагрузчик Browseui — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSsystem32browseui.dll
O22 — SharedTaskScheduler: Демон кэша категорий компонентов — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSsystem32browseui.dll
O23 — Service: Adobe LM Service — Adobe Systems — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Avira AntiVir Scheduler (AntiVirSchedulerService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopsched.exe
O23 — Service: Avira AntiVir Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopavguard.exe
O23 — Service: Nalpeiron Licensing Service (ASTSRV) — Nalpeiron Ltd. — C:WINDOWSsystem32ASTSRV.EXE
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: FsUsbExService — Teruten — C:WINDOWSsystem32FsUsbExService.Exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Nero BackItUp Scheduler 4.0 — Nero AG — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 11066 bytesБаннер удалось удалить, сканер Антивир обнаружил и отправил в карнтин 5 троянов.
Смущает отчет HiJackThis ( 04/ RUN и RUN ONCE ).
Буду признательна, если вы посмотрите.Добрый день, Валерий,
спасибо большое за помощь.
ComboFix при сканировании удалил два файла в системной папке.
Высылаю отчет.добрый вечер,
спасибо, так и сделаю.
И отдельное спасибо за Malware: установила, просканировала — и обнаружились еще четыре файла с Трояном, один — в папке system32.
Всех благ вам.Спасибо, слава Богу. Если не обращать внимания, что не работают наушники, микрофон, Insert, PrintScreen… Кажется, все (из того, чем пользуюсь). Но работает хорошо, особенно после того, как сменила DrWeb на ESET SmartSecurity. Теперь «летает», как птичка (нашлись вирусы, о которых я и не подозревала. Правда, куда-то делась программа OmniPage — насколько я помню, я ее не удаляла. Не важно, я спокойно обхожусь без нее).
Если я правильно поняла, Вы ничего страшного не увидели, так? Ну, и ладненько. Спасибо Вам огромное (Как-то спокойнее живется, когда знаешь, что Вы «на посту»). Удачи Вам.
Добрый вечер,
спасибо за реальную помощь.Прежде, чем выполнить ваши указания, решила просканировать, отключив брандмауэр. Получила два файла: ComboFix2 ComboFix-quarantined-files.
Потом сделала, как велели, и получила еще один — ComboFix3.
Второй раз брандмауэр не отключала — получила предупреждение (вышлю фото — PrintScreen не работает).
Высылаю все, что получилось.Добрый день,
просканировала диск с помощью ComboFix, высылаю отчет.
Кстати, WinPatrol предупредил о «прописке» новой программы — нужно ли теперь ее деинсталировать?На днях сменила антивирус — с DrWeb на ESETNOD32. DrWeb деинсталировала с помощью drweb/remover. Из папки Programme Files тоже удалила (Unlocker). И все равно при запуске Combofix она утверждает, что DrWeb не отключен. Пугает, что в такой ситуации сканирование может нанести вред компьютеру. Как быть?
Я просканировала реестр утилитой CCleaner — она удалила «мусор», кроме одной ссылки:
«Файл, на который указывает ссылка: C:32788R22FWJFWNirCmdC.cfxxe отсутствует. Это обычно происходит после удаления программ. «
Что это за файл? К какой программе он мог относиться? Какое-то странное расширение.Еще подскажите, как все-таки удалить два файла библиотеки Spybot — Unlocker не может их разблокировать.
GMER 1.0.15.15125 — http://www.gmer.net
Rootkit scan 2009-10-06 22:22:26
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:Temppxtdapob.sys—- System — GMER 1.0.15 —-
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwOpenSection [0xBA6CEF86]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSystemDebugControl [0xBA6CEEBC]—- User code sections — GMER 1.0.15 —-
.text C:WINDOWSsystem32SearchIndexer.exe[332] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:WINDOWSsystem32MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:WINDOWSExplorer.EXE[2732] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 00B31102 E:Program FilesUnlockerUnlockerHook.dll—- Devices — GMER 1.0.15 —-
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_CREATE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_CLOSE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_READ [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_WRITE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_QUERY_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SET_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_QUERY_EA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SET_EA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_FLUSH_BUFFERS [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_DIRECTORY_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_DEVICE_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SHUTDOWN [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_LOCK_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_CLEANUP [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_CREATE_MAILSLOT [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_QUERY_SECURITY [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SET_SECURITY [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_POWER [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SYSTEM_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_DEVICE_CHANGE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_QUERY_QUOTA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SET_QUOTA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_CREATE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_CREATE_NAMED_PIPE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_CLOSE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_READ [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_WRITE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_QUERY_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SET_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_QUERY_EA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SET_EA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_FLUSH_BUFFERS [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_DIRECTORY_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_DEVICE_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SHUTDOWN [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_LOCK_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_CLEANUP [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_CREATE_MAILSLOT [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_QUERY_SECURITY [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SET_SECURITY [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_POWER [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SYSTEM_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_DEVICE_CHANGE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_QUERY_QUOTA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice FileSystemNtfs Ntfs IRP_MJ_SET_QUOTA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_CREATE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_CREATE_NAMED_PIPE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_CLOSE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_READ [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_WRITE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_QUERY_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_SET_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_QUERY_EA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_SET_EA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_FLUSH_BUFFERS [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_QUERY_VOLUME_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_SET_VOLUME_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_DIRECTORY_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_FILE_SYSTEM_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_DEVICE_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_SHUTDOWN [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_LOCK_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_CLEANUP [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_CREATE_MAILSLOT [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_QUERY_SECURITY [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_SET_SECURITY [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_POWER [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_SYSTEM_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_DEVICE_CHANGE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_QUERY_QUOTA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceIp IRP_MJ_SET_QUOTA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_CREATE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_CREATE_NAMED_PIPE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_CLOSE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_READ [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_WRITE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_QUERY_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SET_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_QUERY_EA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SET_EA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_FLUSH_BUFFERS [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_QUERY_VOLUME_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SET_VOLUME_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_DIRECTORY_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_FILE_SYSTEM_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_DEVICE_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SHUTDOWN [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_LOCK_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_CLEANUP [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_CREATE_MAILSLOT [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_QUERY_SECURITY [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SET_SECURITY [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_POWER [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SYSTEM_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_DEVICE_CHANGE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_QUERY_QUOTA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SET_QUOTA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_CREATE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_CREATE_NAMED_PIPE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_CLOSE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_READ [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_WRITE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_QUERY_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SET_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_QUERY_EA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SET_EA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_FLUSH_BUFFERS [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_QUERY_VOLUME_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SET_VOLUME_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_DIRECTORY_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_FILE_SYSTEM_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_DEVICE_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SHUTDOWN [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_LOCK_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_CLEANUP [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_CREATE_MAILSLOT [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_QUERY_SECURITY [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SET_SECURITY [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_POWER [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SYSTEM_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_DEVICE_CHANGE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_QUERY_QUOTA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceTcp IRP_MJ_SET_QUOTA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_CREATE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_CREATE_NAMED_PIPE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_CLOSE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_READ [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_WRITE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_QUERY_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SET_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_QUERY_EA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SET_EA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_FLUSH_BUFFERS [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_QUERY_VOLUME_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SET_VOLUME_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_DIRECTORY_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_FILE_SYSTEM_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_DEVICE_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SHUTDOWN [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_LOCK_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_CLEANUP [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_CREATE_MAILSLOT [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_QUERY_SECURITY [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SET_SECURITY [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_POWER [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SYSTEM_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_DEVICE_CHANGE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_QUERY_QUOTA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SET_QUOTA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_CREATE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_CREATE_NAMED_PIPE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_CLOSE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_READ [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_WRITE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_QUERY_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SET_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_QUERY_EA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SET_EA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_FLUSH_BUFFERS [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_QUERY_VOLUME_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SET_VOLUME_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_DIRECTORY_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_FILE_SYSTEM_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_DEVICE_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SHUTDOWN [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_LOCK_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_CLEANUP [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_CREATE_MAILSLOT [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_QUERY_SECURITY [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SET_SECURITY [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_POWER [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SYSTEM_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_DEVICE_CHANGE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_QUERY_QUOTA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceUdp IRP_MJ_SET_QUOTA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_CREATE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_CREATE_NAMED_PIPE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_CLOSE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_READ [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_WRITE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_QUERY_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SET_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_QUERY_EA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SET_EA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_FLUSH_BUFFERS [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_QUERY_VOLUME_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SET_VOLUME_INFORMATION [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_DIRECTORY_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_FILE_SYSTEM_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_DEVICE_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SHUTDOWN [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_LOCK_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_CLEANUP [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_CREATE_MAILSLOT [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_QUERY_SECURITY [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SET_SECURITY [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_POWER [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SYSTEM_CONTROL [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_DEVICE_CHANGE [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_QUERY_QUOTA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SET_QUOTA [BA6C0552] dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_CREATE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_CREATE_NAMED_PIPE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_CLOSE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_READ [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_WRITE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_QUERY_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SET_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_QUERY_EA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SET_EA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_FLUSH_BUFFERS [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_QUERY_VOLUME_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SET_VOLUME_INFORMATION [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_DIRECTORY_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_FILE_SYSTEM_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_DEVICE_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SHUTDOWN [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_LOCK_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_CLEANUP [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_CREATE_MAILSLOT [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_QUERY_SECURITY [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SET_SECURITY [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_POWER [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SYSTEM_CONTROL [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_DEVICE_CHANGE [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_QUERY_QUOTA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)
AttachedDevice DriverTcpip DeviceRawIp IRP_MJ_SET_QUOTA [B6D78D80] spider.sys (SpIDer Guard File System Monitor/Doctor Web, Ltd.)—- EOF — GMER 1.0.15 —-
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Елена at 2009-07-13 17:04:29
Microsoft Windows XP Professional Service Pack 3
System drive C: has 74 GB (74%) free of 100 GB
Total RAM: 2046 MB (75% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:30, on 13.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAskBarDisbarbinAskService.exe
c:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
C:WINDOWSsystem32nvsvc32.exe
C:PROGRA~1DrWebspidernt.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32SearchIndexer.exe
C:WINDOWSExplorer.EXE
C:Program FilesDrWebSpIDerAgent.exe
C:Program FilesDrWebspiderml.exe
C:Program FilesDrWebspidergate.exe
C:PROGRA~1DrWebspiderui.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesWinampwinampa.exe
C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
E:Program FilesABBYY Lingvo 9.0 Multilingual DictionaryLvagent.exe
C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe
C:Program FilesScanSoftOmniPageSE2.0OpwareSE2.exe
E:Program FilesUnlockerUnlockerAssistant.exe
C:WINDOWSsystem32ctfmon.exe
C:Documents and SettingsЕленаLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:Program FilesWindows Desktop SearchWindowsSearch.exe
C:Documents and SettingsЕленаРабочий столRSIT.exe
C:Program FilesTrend MicroHijackThisЕлена.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.rambler.ru/ie8
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rambler.ru/ie8
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer предоставлен: Rambler
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Winamp Search Class — {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} — C:Program FilesWinamp Toolbarwinamptb.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: AskBar BHO — {201f27d4-3704-41d6-89c1-aa35e39143ed} — C:Program FilesAskBarDisbarbinaskBar.dll
O2 — BHO: Winamp Toolbar Loader — {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} — C:Program FilesWinamp Toolbarwinamptb.dll
O2 — BHO: IeCatch2 Class — {A5366673-E8CA-11D3-9CD9-0090271D075B} — C:PROGRA~1FlashGetjccatch.dll
O3 — Toolbar: Ask Toolbar — {3041d03e-fd4b-44e0-b742-2d9b88305f98} — C:Program FilesAskBarDisbarbinaskBar.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU5950.dll
O3 — Toolbar: Winamp Toolbar — {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — C:Program FilesWinamp Toolbarwinamptb.dll
O3 — Toolbar: Easy-WebPrint — {327C2873-E90D-4c37-AA9D-10AC9BABA46C} — C:Program FilesCanonEasy-WebPrintToolband.dll
O3 — Toolbar: FlashGet Bar — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — C:PROGRA~1FlashGetfgiebar.dll
O4 — HKLM..Run: [SpIDerAgent] «C:Program FilesDrWebSpIDerAgent.exe»
O4 — HKLM..Run: [SpIDerMail] «C:Program FilesDrWebspiderml.exe»
O4 — HKLM..Run: [SpIDerGate] «C:Program FilesDrWebspidergate.exe» -autorun
O4 — HKLM..Run: [SpIDerNT] C:PROGRA~1DrWebspiderui.exe /agent
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 — HKLM..Run: [WinampAgent] «C:Program FilesWinampwinampa.exe»
O4 — HKLM..Run: [update_smartcleaner] «E:Program FilesSmart CleanerUUpdate.exe»
O4 — HKLM..Run: [SmartCleaner] E:Program FilesSmart CleanerSmartCleaner.exe /SCHEDULED
O4 — HKLM..Run: [WinPatrol] C:Program FilesBillP StudiosWinPatrolwinpatrol.exe -expressboot
O4 — HKLM..Run: [Lingvo Launcher] «E:Program FilesABBYY Lingvo 9.0 Multilingual DictionaryLvagent.exe» /STARTUP
O4 — HKLM..Run: [FineReader7NewsReaderPro] C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe
O4 — HKLM..Run: [OpwareSE2] «C:Program FilesScanSoftOmniPageSE2.0OpwareSE2.exe»
O4 — HKLM..Run: [OPSE reminder] «C:Program FilesScanSoftOmniPageSE2.0EregEngEreg.exe» -r «C:Program FilesScanSoftOmniPageSE2.0EregEngereg.ini»
O4 — HKLM..Run: [UnlockerAssistant] «E:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsЕленаLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-21-1659004503-963894560-1801674531-1001..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe (User ‘Пользователь’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)
O4 — S-1-5-18 Startup: Start HASP-Emu.lnk = C:Program FilesSableWINNTstartnt.bat (User ‘SYSTEM’)
O4 — .DEFAULT Startup: Start HASP-Emu.lnk = C:Program FilesSableWINNTstartnt.bat (User ‘Default user’)
O4 — Startup: Start HASP-Emu.lnk = C:Program FilesSableWINNTstartnt.bat
O4 — Global Startup: Windows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe
O8 — Extra context menu item: &Winamp Search — C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Scan link by Dr.Web — http://www.drweb.com/online/drweb-online-en.html
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — C:PROGRA~1FlashGetflashget.exe
O9 — Extra ‘Tools’ menuitem: &FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — C:PROGRA~1FlashGetflashget.exe
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239361321687
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240583994578
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 — HKLMSystemCCSServicesTcpip..{D358EA3B-175F-4DFE-A801-4825A76E29D1}: NameServer = 192.168.1.1
O23 — Service: 4AEBF67C — Unknown owner — C:WINDOWSsystem324AEBF67C.exe (file missing)
O23 — Service: Adobe LM Service — Unknown owner — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: ASKService — Unknown owner — C:Program FilesAskBarDisbarbinAskService.exe
O23 — Service: ASKUpgrade — Unknown owner — C:Program FilesAskBarDisbarbinASKUpgrade.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — c:Program FilesBonjourmDNSResponder.exe
O23 — Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) — Doctor Web, Ltd. — C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SpIDer Guard for Windows (SPIDERNT) — Doctor Web, Ltd. — C:PROGRA~1DrWebspidernt.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10636 bytes======Scheduled tasks folder======
C:WINDOWStasksAd-Aware Update (Weekly).job
C:WINDOWStasksDr.Web Daily scan.job
C:WINDOWStasksDr.Web Update.job
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-1659004503-963894560-1801674531-1001Core.job
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-1659004503-963894560-1801674531-1001UA.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-23 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO — C:Program FilesAskBarDisbarbinaskBar.dll [2008-12-09 333192][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader — C:Program FilesWinamp Toolbarwinamptb.dll [2009-02-19 1262888][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A5366673-E8CA-11D3-9CD9-0090271D075B}]
IeCatch2 Class — C:PROGRA~1FlashGetjccatch.dll [2002-01-16 65536][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} — Ask Toolbar — C:Program FilesAskBarDisbarbinaskBar.dll [2008-12-09 333192]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU5950.dll [2008-12-09 845296]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} — Winamp Toolbar — C:Program FilesWinamp Toolbarwinamptb.dll [2009-02-19 1262888]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} — Easy-WebPrint — C:Program FilesCanonEasy-WebPrintToolband.dll [2004-08-26 405504]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} — FlashGet Bar — C:PROGRA~1FlashGetfgiebar.dll [2002-05-27 86016][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SpIDerAgent»=C:Program FilesDrWebSpIDerAgent.exe [2009-06-15 447728]
«SpIDerMail»=C:Program FilesDrWebspiderml.exe [2009-07-02 644336]
«SpIDerGate»=C:Program FilesDrWebspidergate.exe [2009-07-13 1471728]
«SpIDerNT»=C:PROGRA~1DrWebspiderui.exe [2009-04-29 251144]
«NvCplDaemon»=C:windowssystem32NvCpl.dll [2008-10-07 13574144]
«SoundMAXPnP»=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2009-01-31 868352]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2009-04-10 37888]
«update_smartcleaner»=E:Program FilesSmart CleanerUUpdate.exe [2008-11-26 28672]
«SmartCleaner»=E:Program FilesSmart CleanerSmartCleaner.exe [2009-07-06 786432]
«WinPatrol»=C:Program FilesBillP StudiosWinPatrolwinpatrol.exe [2009-04-20 337216]
«Lingvo Launcher»=E:Program FilesABBYY Lingvo 9.0 Multilingual DictionaryLvagent.exe [2003-10-21 118784]
«FineReader7NewsReaderPro»=C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe [2003-08-19 278528]
«OpwareSE2″=C:Program FilesScanSoftOmniPageSE2.0OpwareSE2.exe [2003-05-08 49152]
«OPSE reminder»=C:Program FilesScanSoftOmniPageSE2.0EregEngEreg.exe [2003-07-07 729088]
«UnlockerAssistant»=E:Program FilesUnlockerUnlockerAssistant.exe [2008-05-02 15872][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-15 15360]
«Google Update»=C:Documents and SettingsЕленаLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-04-18 133104][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-12 39792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
C:windowssystem32ctfmon.exe [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
C:Documents and SettingsПользовательLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-04-18 133104][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:windowssystem32NvCpl.dll [2008-10-07 13574144][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSsystem32NvMcTray.dll [2008-10-07 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2009-04-10 37888]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Windows Search.lnk — C:Program FilesWindows Desktop SearchWindowsSearch.exeC:Documents and SettingsЕленаГлавное менюПрограммыАвтозагрузка
Start HASP-Emu.lnk — C:Program FilesSableWINNTstartnt.bat[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2009-03-10 265096][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2009-01-31 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{56F9679E-7826-4C84-81F3-532071A8BCC5}»=C:Program FilesWindows Desktop SearchMSNLNamespaceMgr.dll [2009-05-24 304128][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=20
«NoSMHelp»=1[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«E:Program FilesWinDVD.exe»=»E:Program FilesWinDVD.exe:*:Enabled:WinDVD»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 3 months======
2009-07-13 17:04:29 —-D—- C:rsit
2009-07-06 23:05:05 —-D—- C:Documents and SettingsЕленаApplication DataDesktopicon
2009-06-16 20:59:03 —-D—- C:Documents and SettingsЕленаApplication DataAshampoo
2009-06-09 13:23:48 —-D—- C:Program FilesWise Disk Cleaner
2009-06-09 13:09:02 —-D—- C:Program FilesWise Registry Cleaner
2009-06-09 03:05:05 —-D—- C:Program FilesFlashGet
2009-06-08 22:41:36 —-D—- C:spbook
2009-06-03 21:11:38 —-D—- C:Documents and SettingsЕленаApplication DataArcSoft
2009-06-03 19:49:14 —-D—- C:Documents and SettingsЕленаApplication DataABBYY
2009-06-02 22:56:37 —-A—- C:WINDOWS_MSRSTRT.EXE
2009-06-02 13:22:58 —-D—- C:Program FilesLavasoft
2009-06-02 02:04:14 —-D—- C:Documents and SettingsЕленаApplication DataMozilla
2009-05-30 02:53:20 —-D—- C:WINDOWSMinidump
2009-05-30 02:41:30 —-A—- C:WINDOWSsystem32D6FC45CD.exe
2009-05-26 13:53:31 —-D—- C:Documents and SettingsAll UsersApplication DataSSScanWizard
2009-05-26 13:53:31 —-D—- C:Documents and SettingsAll UsersApplication DataSSScanAppDataDir
2009-05-26 13:53:30 —-A—- C:WINDOWSMAXLINK.INI
2009-05-26 13:53:16 —-D—- C:Program FilesCommon FilesScanSoft Shared
2009-05-26 13:52:07 —-D—- C:Program FilesArcSoft
2009-05-26 13:52:07 —-A—- C:WINDOWSPCDLIB32.DLL
2009-05-26 13:49:32 —-D—- C:WINDOWSStartHtmico
2009-05-26 13:49:23 —-HD—- C:WINDOWSsystem32CanonMP Uninstaller Information
2009-05-26 13:49:20 —-A—- C:WINDOWSsystem32cncisco.dll
2009-05-26 13:49:19 —-A—- C:WINDOWSsystem32CNCL150.DLL
2009-05-26 13:49:19 —-A—- C:WINDOWSsystem32CNCI150.DLL
2009-05-26 13:49:19 —-A—- C:WINDOWSsystem32CNCC150.DLL
2009-05-26 13:37:11 —-HD—- C:Documents and SettingsAll UsersApplication DataCanonBJ
2009-05-26 13:37:08 —-HD—- C:CanonMP
2009-05-26 13:37:04 —-A—- C:WINDOWSsystem32CNMVS7K.DLL
2009-05-26 13:37:04 —-A—- C:WINDOWSsystem32CNMLM7K.DLL
2009-05-23 17:18:08 —-D—- C:Documents and SettingsЕленаApplication DataWindows Search
2009-05-23 01:55:50 —-D—- C:Documents and SettingsЕленаApplication DataReal
2009-05-20 20:21:42 —-D—- C:Documents and SettingsЕленаApplication DataSahmon Games
2009-05-19 19:47:01 —-D—- C:Documents and SettingsЕленаApplication DataMedia Player Classic
2009-05-19 19:47:01 —-D—- C:Documents and SettingsЕленаApplication DataDivX
2009-05-15 19:15:52 —-A—- C:WINDOWSwinamp.ini
2009-05-15 19:12:31 —-A—- C:WINDOWSrmg.ini
2009-05-15 19:12:02 —-D—- C:Program FilesCommon FilesARS Company
2009-05-15 19:12:01 —-D—- C:Program FilesRMG Musical Player
2009-05-14 14:19:03 —-D—- C:Program FilesThe KMPlayer
2009-05-14 01:33:42 —-D—- C:Program FilesTrend Micro
2009-05-13 16:11:53 —-D—- C:Program FilesWinamp Toolbar
2009-05-13 16:11:53 —-D—- C:Documents and SettingsAll UsersApplication DataWinamp Toolbar
2009-05-12 21:24:09 —-D—- C:Program FilesMicrosoft Silverlight
2009-05-10 21:03:05 —-D—- C:Program FilesInCode Solutions
2009-05-08 23:34:51 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle
2009-05-08 11:34:15 —-D—- C:Documents and SettingsAll UsersApplication DataABBYY
2009-05-08 11:32:02 —-D—- C:Program FilesABBYY FineReader 7.0 Professional Edition
2009-05-05 23:10:47 —-D—- C:Program FilesLight Alloy
2009-05-05 15:40:46 —-D—- C:Program FilesBillP Studios
2009-05-04 20:34:00 —-D—- C:Program FilesRegSupreme Pro
2009-05-04 01:34:03 —-D—- C:Documents and SettingsAll UsersApplication DataLavasoft
2009-05-03 15:27:48 —-D—- C:Documents and SettingsЕленаApplication DataWinamp
2009-05-01 13:45:45 —-D—- C:Documents and SettingsЕленаApplication DataWinRAR
2009-04-29 00:18:59 —-D—- C:Documents and SettingsAll UsersApplication DataCyberLink
2009-04-29 00:18:55 —-D—- C:Program FilesCyberLink
2009-04-28 22:27:41 —-D—- C:Documents and SettingsЕленаApplication DataSync App Settings
2009-04-28 22:11:56 —-D—- C:Program FilesPowerQuest
2009-04-28 20:32:50 —-ASH—- C:WINDOWSsystem32aedfe7_d.dll
2009-04-28 20:30:03 —-D—- C:Paradox.BDE
2009-04-28 20:29:59 —-A—- C:Program FilesUNWISE.EXE
2009-04-28 20:29:54 —-D—- C:Program FilesBorland
2009-04-28 20:22:03 —-D—- C:Documents and SettingsAll UsersApplication DataSync App Settings
2009-04-28 20:21:05 —-D—- C:cfadata
2009-04-27 22:52:39 —-A—- C:WINDOWSsystem32rmoc3260.dll
2009-04-27 22:52:39 —-A—- C:WINDOWSsystem32pndx5032.dll
2009-04-27 22:52:39 —-A—- C:WINDOWSsystem32pndx5016.dll
2009-04-27 22:52:39 —-A—- C:WINDOWSsystem32pncrt.dll
2009-04-27 22:52:35 —-A—- C:WINDOWSsystem32yv12vfw.dll
2009-04-27 22:52:35 —-A—- C:WINDOWSsystem32lameACM.acm.bak
2009-04-27 22:52:34 —-A—- C:WINDOWSsystem32xvidvfw.dll
2009-04-27 22:52:34 —-A—- C:WINDOWSsystem32xvidcore.dll
2009-04-27 22:52:34 —-A—- C:WINDOWSsystem32qt-dx331.dll
2009-04-27 22:52:34 —-A—- C:WINDOWSsystem32dpl100.dll
2009-04-27 22:52:33 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2009-04-27 22:52:33 —-A—- C:WINDOWSsystem32divx.dll
2009-04-27 22:52:32 —-A—- C:WINDOWSsystem32ff_vfw.dll
2009-04-27 22:52:31 —-A—- C:WINDOWSsystem32pthreadGC2.dll
2009-04-27 22:52:29 —-D—- C:Program FilesK-Lite Codec Pack
2009-04-27 22:52:29 —-D—- C:Documents and SettingsAll UsersApplication DataReal
2009-04-27 22:47:35 —-D—- C:Program FilesDirac
2009-04-27 22:47:00 —-D—- C:Program FilesDivX
2009-04-27 22:46:01 —-N—- C:WINDOWSsystem32iyvu9_32.dll
2009-04-27 22:46:01 —-A—- C:WINDOWSsystem32iacenc.dll
2009-04-27 22:46:00 —-D—- C:Program FilesLigos
2009-04-27 22:46:00 —-A—- C:WINDOWSsystem32ir50_32.dll
2009-04-27 22:45:09 —-A—- C:WINDOWSIsUninst.exe
2009-04-27 22:44:32 —-D—- C:Program FilesOpenSource AVI Splitter
2009-04-27 22:44:13 —-D—- C:Program FilesReClock
2009-04-27 22:43:17 —-D—- C:Program FilesSyncView
2009-04-27 22:43:01 —-A—- C:WINDOWSGPInstall.exe
2009-04-27 18:14:47 —-D—- C:Documents and SettingsЕленаApplication DataWindows Desktop Search
2009-04-27 17:45:23 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-04-27 17:42:46 —-A—- C:WINDOWSAscd_tmp.ini
2009-04-27 14:15:37 —-N—- C:WINDOWSsystem32spmsg.dll
2009-04-27 13:58:31 —-D—- C:WINDOWSsystem32windowspowershell
2009-04-27 13:58:20 —-N—- C:WINDOWSsystem32spmsg2.dll
2009-04-27 13:56:57 —-D—- C:WINDOWSsystem32GroupPolicy
2009-04-27 13:56:57 —-D—- C:Program FilesWindows Desktop Search
2009-04-25 22:56:31 —-D—- C:Program FilesWebteh
2009-04-24 19:02:11 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-04-24 19:02:11 —-A—- C:WINDOWSsystem32mucltui.dll
2009-04-22 03:25:12 —-D—- C:WINDOWSie7updates
2009-04-21 22:26:31 —-A—- C:WINDOWSuuds_rus.ini
2009-04-21 13:08:42 —-RASH—- C:boot.ini
2009-04-21 12:55:41 —-D—- C:WINDOWSpss
2009-04-20 23:20:50 —-D—- C:Documents and SettingsAll UsersApplication DataPC Drivers HeadQuarters
2009-04-20 16:31:51 —-A—- C:WINDOWSUPGRADE.TXT
2009-04-20 16:31:47 —-D—- C:WINDOWSsetup.pss
2009-04-16 22:42:17 —-A—- C:WINDOWSsystem32MRT.exe
2009-04-16 20:29:46 —-D—- C:Documents and SettingsAll UsersApplication DataMacrovision
2009-04-16 20:29:44 —-D—- C:Program FilesCommon FilesAdobe Systems Shared
2009-04-16 20:25:22 —-HD—- C:Program FilesInstallShield Installation Information
2009-04-16 19:46:06 —-D—- C:Program FilesCommon FilesInterVideo======List of files/folders modified in the last 3 months======
2009-07-13 17:03:16 —-D—- C:WINDOWSTemp
2009-07-13 17:02:25 —-D—- C:Temp
2009-07-13 16:59:06 —-D—- C:Program FilesDrWeb
2009-07-13 16:59:02 —-D—- C:Program FilesMozilla Firefox
2009-07-13 16:41:06 —-D—- C:WINDOWSsystem32
2009-07-13 16:41:06 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-07-13 16:37:07 —-D—- C:WINDOWSsystem32CatRoot2
2009-07-13 16:35:36 —-A—- C:WINDOWSSchedLgU.Txt
2009-07-13 03:19:31 —-D—- C:WINDOWSPrefetch
2009-07-13 03:15:55 —-D—- C:WINDOWS
2009-07-09 16:16:46 —-SHD—- C:System Volume Information
2009-07-09 16:16:46 —-D—- C:WINDOWSsystem32Restore
2009-07-01 17:43:15 —-RSD—- C:WINDOWSassembly
2009-07-01 17:42:58 —-D—- C:WINDOWSMicrosoft.NET
2009-07-01 10:44:53 —-SHD—- C:WINDOWSInstaller
2009-07-01 09:57:31 —-SD—- C:WINDOWSTasks
2009-07-01 00:45:19 —-D—- C:Documents and SettingsЕленаApplication DataAdobe
2009-07-01 00:45:10 —-D—- C:Program FilesAdobe
2009-06-16 22:29:12 —-A—- C:WINDOWSNeroDigital.ini
2009-06-14 00:16:36 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-06-12 00:19:28 —-HD—- C:WINDOWSinf
2009-06-12 00:19:24 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-06-12 00:19:20 —-A—- C:WINDOWSimsins.BAK
2009-06-12 00:19:13 —-HD—- C:WINDOWS$hf_mig$
2009-06-12 00:17:02 —-D—- C:WINDOWSsystem32ru-ru
2009-06-12 00:17:01 —-D—- C:Program FilesInternet Explorer
2009-06-09 13:30:01 —-D—- C:Program FilesWinRAR
2009-06-09 13:23:48 —-RD—- C:Program Files
2009-06-09 13:23:23 —-D—- C:Downloads
2009-06-05 14:25:39 —-A—- C:WINDOWSwin.ini
2009-06-03 16:14:22 —-D—- C:BSClnt_3
2009-06-02 23:02:03 —-D—- C:WINDOWSsystem32drivers
2009-06-02 13:45:24 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-05-26 14:08:38 —-D—- C:WINDOWSMedia
2009-05-26 13:53:16 —-D—- C:Program FilesCommon Files
2009-05-26 13:49:23 —-D—- C:WINDOWStwain_32
2009-05-25 00:24:06 —-N—- C:WINDOWSsystem32mssph.dll
2009-05-24 15:46:49 —-SD—- C:Documents and SettingsЕленаApplication DataMicrosoft
2009-05-23 15:42:27 —-RSD—- C:WINDOWSFonts
2009-05-23 15:42:23 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-05-23 15:42:05 —-D—- C:Program FilesMicrosoft Works
2009-05-19 18:54:40 —-D—- C:Documents and Settings
2009-05-15 22:04:39 —-D—- C:Program Filesbc
2009-05-13 16:12:40 —-D—- C:Program FilesWinamp
2009-05-12 15:12:14 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-05-07 18:33:40 —-A—- C:WINDOWSsystem32localspl.dll
2009-05-04 02:13:14 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-05-04 01:52:59 —-D—- C:WINDOWSsystem32config
2009-05-04 01:34:00 —-D—- C:WINDOWSWinSxS
2009-04-29 07:47:44 —-A—- C:WINDOWSsystem32wininet.dll
2009-04-29 07:47:44 —-A—- C:WINDOWSsystem32webcheck.dll
2009-04-29 07:47:44 —-A—- C:WINDOWSsystem32urlmon.dll
2009-04-29 07:47:43 —-A—- C:WINDOWSsystem32url.dll
2009-04-29 07:47:43 —-A—- C:WINDOWSsystem32pngfilt.dll
2009-04-29 07:47:43 —-A—- C:WINDOWSsystem32occache.dll
2009-04-29 07:47:43 —-A—- C:WINDOWSsystem32mstime.dll
2009-04-29 07:47:43 —-A—- C:WINDOWSsystem32msrating.dll
2009-04-29 07:47:42 —-A—- C:WINDOWSsystem32mshtmled.dll
2009-04-29 07:47:42 —-A—- C:WINDOWSsystem32mshtml.dll
2009-04-29 07:47:41 —-A—- C:WINDOWSsystem32msfeedsbs.dll
2009-04-29 07:47:41 —-A—- C:WINDOWSsystem32msfeeds.dll
2009-04-29 07:47:40 —-A—- C:WINDOWSsystem32jsproxy.dll
2009-04-29 07:47:40 —-A—- C:WINDOWSsystem32iertutil.dll
2009-04-29 07:47:40 —-A—- C:WINDOWSsystem32iernonce.dll
2009-04-29 07:47:40 —-A—- C:WINDOWSsystem32ieframe.dll
2009-04-29 07:47:38 —-A—- C:WINDOWSsystem32ieencode.dll
2009-04-29 07:47:38 —-A—- C:WINDOWSsystem32iedkcs32.dll
2009-04-29 07:47:38 —-A—- C:WINDOWSsystem32ieapfltr.dll
2009-04-29 07:47:37 —-A—- C:WINDOWSsystem32ieaksie.dll
2009-04-29 07:47:37 —-A—- C:WINDOWSsystem32ieakeng.dll
2009-04-29 07:47:37 —-A—- C:WINDOWSsystem32icardie.dll
2009-04-29 07:47:37 —-A—- C:WINDOWSsystem32extmgr.dll
2009-04-29 07:47:37 —-A—- C:WINDOWSsystem32dxtrans.dll
2009-04-29 07:47:36 —-A—- C:WINDOWSsystem32dxtmsft.dll
2009-04-29 07:47:36 —-A—- C:WINDOWSsystem32advpack.dll
2009-04-28 16:38:27 —-D—- C:WINDOWSsystem32CatRoot
2009-04-28 16:36:56 —-D—- C:WINDOWSsystem
2009-04-28 16:36:34 —-D—- C:Program FilesAnalog Devices
2009-04-28 12:09:28 —-A—- C:WINDOWSsystem32ie4uinit.exe
2009-04-27 22:46:01 —-D—- C:WINDOWSHelp
2009-04-27 14:18:16 —-D—- C:Program FilesWindows Media Player
2009-04-27 14:05:44 —-D—- C:WINDOWSsecurity
2009-04-27 13:58:06 —-D—- C:WINDOWSsystem32XPSViewer
2009-04-27 13:57:30 —-D—- C:WINDOWSsystem32wbem
2009-04-25 08:26:23 —-A—- C:WINDOWSsystem32ieakui.dll
2009-04-24 17:40:02 —-SD—- C:WINDOWSDownloaded Program Files
2009-04-23 12:29:13 —-A—- C:WINDOWSsystem.ini
2009-04-16 22:44:41 —-D—- C:WINDOWSAppPatch
2009-04-16 21:17:58 —-D—- C:WINDOWSSoftwareDistribution
2009-04-16 20:21:26 —-D—- C:Program FilesCommon FilesInstallShield
2009-04-15 17:53:56 —-A—- C:WINDOWSsystem32rpcrt4.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 LADriver;LADriver; ??C:WINDOWSsystem32driversLADriver.sys []
R1 LDDriver;LDDriver; ??C:WINDOWSsystem32driversLDDriver.sys []
R1 LHDriver;LHDriver; ??C:WINDOWSsystem32driversLHDriver.sys []
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2002-09-16 4228]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2008-04-15 12032]
R2 SPIDER;SpIDer Guard File System Monitor; ??C:PROGRA~1DrWebspider.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2009-01-31 304640]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2009-01-31 94848]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2009-01-31 60800]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-15 144384]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2009-01-31 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2009-02-01 5810]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2009-01-31 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-10-07 6133856]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2009-01-31 54784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:WINDOWSsystem32driversnvhda32.sys [2008-03-22 38560]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2009-01-31 22016]
R3 nvsmu;nvsmu; C:WINDOWSsystem32DRIVERSnvsmu.sys [2009-01-31 14208]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2004-04-01 10368]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2009-01-31 392960]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-15 17152]
S3 HASPNT;HaspNT; ??C:WINDOWSsystem32driversHaspNT.sys []
S3 Hidebe;Hidebe; C:WINDOWSsystem32driverstdtcp.sys [2008-04-15 21896]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2009-01-31 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2009-01-31 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 Sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2008-04-15 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASKService;ASKService; C:Program FilesAskBarDisbarbinAskService.exe [2008-12-09 464264]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; c:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:Program FilesCommon FilesDoctor WebScanning Enginedwengine.exe [2009-01-21 886072]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe [2006-10-26 335872]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-10-07 163908]
R2 SPIDERNT;SpIDer Guard for Windows; C:PROGRA~1DrWebspidernt.exe [2009-04-29 251144]
R2 WSearch;Windows Search; C:WINDOWSsystem32SearchIndexer.exe [2008-05-26 439808]
S2 ASKUpgrade;ASKUpgrade; C:Program FilesAskBarDisbarbinASKUpgrade.exe [2008-12-09 234888]
S3 4AEBF67C;4AEBF67C; C:WINDOWSsystem324AEBF67C.exe []
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-04-16 68096]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-03-18 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-30 46104]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-30 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-30 132096]
EOF
info.txt logfile of random’s system information tool 1.06 2009-07-13 17:04:31
======Uninstall list======
—>MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
50 FREE MP3s +1 Free Audiobook!—>»C:Program FilesWinampeMusicUninst-eMusic-promotion.exe»
ABBYY FineReader 7.0 Professional Edition—>MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
ABBYY Lingvo 9.0 Multilingual Dictionary—>MsiExec.exe /I{AA90000A-C75E-487C-88FC-37AA1AACFB60}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)—>MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>C:Program FilesCommon FilesAdobeInstallers6c8e2cb4fd241c55406016127a6ab2eSetup.exe
Adobe Color Common Settings—>MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings—>MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings—>MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings—>MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:windowssystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallersd5fe1f44895aadff2baacf24fe1402Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{FD0399AC-A38B-4D4B-8164-D7B73AC24030}
Adobe Premiere Pro 1.5—>RunDll32 «C:Program FilesCommon FilesInstallShieldProfessionalRunTime701Intel32ctor.dll»,LaunchSetup «C:Program FilesInstallShield Installation Information{A14F7508-B784-40B8-B11A-E0E2EEB7229F}setup.exe» -l0x0009
Adobe Reader 8 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A81200000003}
Adobe Setup—>MsiExec.exe /I{30981FCD-4150-4AB4-BAC5-75C9E914347D}
Adobe Setup—>MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Amazon Adventure—>»E:Program FilesMyRealGames.comAmazon Adventureunins000.exe»
ArcSoft PhotoStudio 5.5—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{85309D89-7BE9-4094-BB17-24999C6118FC}SETUP.EXE» -l0x9
Ashampoo Photo Commander 6.30—>»C:Program FilesAshampooAshampoo Photo Commander 6unins000.exe»
Ask Toolbar—>»C:Program FilesAskBarDisunins000.exe»
BDE—>C:PROGRA~1UNWISE.EXE C:PROGRA~1INSTALL.LOG
BSPlayer—>»C:Program FilesWebtehBSplayerProuninstall.exe»
Business Functions—>»E:Program FilesBusiness Functionsunins000.exe»
Canon MP Navigator 2.0—>»C:Program FilesCanonMP Navigator 2.0Maint.exe» /UninstallRemove C:Program FilesCanonMP Navigator 2.0uninst.ini
Canon MP150—>»C:WINDOWSsystem32CanonMP Uninstaller Information{CA9A3609-3ECC-4574-8824-A8161A71A603}DelDrv.exe» /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x0019
Canon Utilities Easy-PhotoPrint—>C:Program FilesCanonEasy-PhotoPrintuninst.exe uninst.ini
Color Cubes—>»E:Program FilesMyRealGames.comColor Cubesunins000.exe»
Dirac DirectShow Filters 1.0.2—>C:Program FilesDiracuninst.exe
DivX Player—>C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
Dr.Web Security Space 5.0—>MsiExec.exe /I{E96B3169-86F4-415E-8E87-F0B6251167FB}
Easy-WebPrint—>C:WINDOWSIsUninst.exe -f»C:Program FilesCanonEasy-WebPrintUninst.isu»
FlashGet ads support—>RunDll32 C:WINDOWSsystem32cd_clint.dll,ServiceRunDll u_277
FlashGet(JetCar)—>C:PROGRA~1FlashGetUNWISE.EXE C:PROGRA~1FlashGetINSTALL.LOG
GoldWave v5.08—>»E:Звуковой Редактор GoldWaveunstall.exe» «GoldWave v5.08» «E:Звуковой Редактор GoldWaveunstall.log»
HijackThis 2.0.2—>»C:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
Indeo® Software—>C:WINDOWSIsUninst.exe -f»C:Program FilesLigosIndeoUninst.isu» -c»C:Program FilesLigosIndeoIndeo System Filesindounin.dll»
Internet Explorer—>MsiExec.exe /I{7F5BB856-1977-45AA-9AC4-7D91265A5F66}
i-Sound WMA MP3 Recorder—>E:Program Filesi-Sound Prouninstex.exe
Jigsaw Winner—>»E:Program FilesMyRealGames.comJigsaw Winnerunins000.exe»
KLADR—>»E:Program FilesPD_SPUKLADRuninstall.exe»
K-Lite Mega Codec Pack 4.7.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
LockDisk 3.0—>»E:Program FilesLockDiskunins000.exe»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack — RUS—>MsiExec.exe /I{736D8DEB-66C6-3655-9D59-DF6493A81F77}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack — RUS—>MsiExec.exe /I{6CF6A814-CE65-39FC-BBBC-6CB340A4028B}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 — rus—>MsiExec.exe /I{2744791F-4E7C-32F5-AB40-AEC6A6C86DBF}
Microsoft .NET Framework 3.5 SP1—>c:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (3.0.11)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK—>MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 6 Enterprise Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04—>MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
OmniPage SE 2.0—>MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpenSource AVI Splitter (remove only)—>»C:Program FilesOpenSource AVI Splitteruninstall.exe»
Partition Magic 8 Руссификатор—>C:PROGRA~1POWERQ~1PARTIT~1.0UNWISE.EXE C:PROGRA~1POWERQ~1PARTIT~1.0INSTALL.LOG
PDF Settings—>MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
PowerQuest PartitionMagic 8.0—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Rambler-Ассистент—>»C:Program FilesRambler Assistantuninstall.exe»
ReClock (remove only)—>»C:Program FilesReClockuninstall.exe»
RegSupreme Pro 1.2—>»C:Program FilesRegSupreme Prounins000.exe»
RemoveIT Pro v7 (Trial)—>C:PROGRA~1INCODE~1REMOVE~1UNWISE.EXE C:PROGRA~1INCODE~1REMOVE~1INSTALL.LOG
RMG Musical Player—>»C:Program FilesRMG Musical PlayerUninstall.exe»
Security Update for 2007 Microsoft Office System (KB969559)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Search 4 — KB963093—>»C:WINDOWS$NtUninstallKB963093$spuninstspuninst.exe»
Smart Cleaner—>»E:Program FilesSmart CleanerUninstall.exe» «E:Program FilesSmart Cleanerinstall.log»
SyncView Alignment Tool—>C:WINDOWSGPInstall.exe «/UNINST=C:Program FilesSyncViewUnInst.log» «/APPNAME=SyncView Alignment Tool»
Tester 2.13—>»C:Program FilesTesterunins000.exe»
The KMPlayer 2.9.4.1434—>C:Program FilesThe KMPlayerUninstall.exe
Total Commander 7.04 PowerPack—>»C:Program FilesTotal Commanderuninstall.exe»
Unlocker 1.8.7—>E:Program FilesUnlockeruninst.exe
Update for 2007 Microsoft Office System (KB967642)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
Update for Microsoft Office Outlook 2007 (KB969907)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Visual C++ 2008 x86 Runtime — (v9.0.30729)—>MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime — v9.0.30729.01—>C:WINDOWSsystem32msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=»»
VP6 Decoder—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D064F16E-88DA-4E8F-BBAE-0E2AA9A6AE61}Setup.exe» -l0x9
Winamp Toolbar—>»C:Program FilesWinamp Toolbaruninstall.exe»
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
WinPatrol 2009—>C:PROGRA~1BILLPS~1WINPAT~1Setup.exe /remove /q0
Wise Disk Cleaner 4.41—>»C:Program FilesWise Disk Cleanerunins000.exe»
Wise Registry Cleaner 4 Free 4.51—>»C:Program FilesWise Registry Cleanerunins000.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
ВС: Бухгалтерия Версия 2.1—>C:Program Filesbcsetup.exe u
Заработная плата Версия 8.53—>»E:Program FilesPevzp2009unins000.exe»
Налогоплательщик ЮЛ—>MsiExec.exe /I{FDE80639-A91C-41E4-865C-186CF6F1B5F4}
Обновление безопасности для Windows Internet Explorer 7 (KB938127-v2)—>»C:windowsie7updatesKB938127-v2-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB963027)—>»C:windowsie7updatesKB963027-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB969897)—>»C:WINDOWSie7updatesKB969897-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB969898)—>»C:WINDOWS$NtUninstallKB969898$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
ПД СПУ версия 2.5.6 от 04.02.2009—>»E:Program FilesPD_SPUunins000.exe»
Печать НД с PDF417 3.0.9 (пакет)—>MsiExec.exe /I{476219D4-168B-4634-9A38-A5286BB3AFB5}
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Языковой пакет Microsoft .NET Framework 3.5 SP1 — RUS—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack SP1 — russetup.exe======Security center information======
AV: Doctor Web Anti-Virus
======System event log======
Computer Name: USER
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Работает.Record Number: 8760
Source Name: Service Control Manager
Time Written: 20090609021253.000000+180
Event Type: информация
User:Computer Name: USER
Event Code: 7035
Message: Служба «Служба COM записи компакт-дисков IMAPI» успешно отправила управляющий элемент «запустить».Record Number: 8759
Source Name: Service Control Manager
Time Written: 20090609021253.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: USER
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Остановлена.Record Number: 8758
Source Name: Service Control Manager
Time Written: 20090609021130.000000+180
Event Type: информация
User:Computer Name: USER
Event Code: 7036
Message: Служба «Служба COM записи компакт-дисков IMAPI» перешла в состояние Работает.Record Number: 8757
Source Name: Service Control Manager
Time Written: 20090609021124.000000+180
Event Type: информация
User:Computer Name: USER
Event Code: 7035
Message: Служба «Служба COM записи компакт-дисков IMAPI» успешно отправила управляющий элемент «запустить».Record Number: 8756
Source Name: Service Control Manager
Time Written: 20090609021124.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM=====Application event log=====
Computer Name: USER
Event Code: 1903
Message:
Record Number: 7444
Source Name: HHCTRL
Time Written: 20090607163100.000000+180
Event Type: информация
User:Computer Name: USER
Event Code: 1000
Message: Счетчики производительности для службы WmiApRpl (WmiApRpl) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 7443
Source Name: LoadPerf
Time Written: 20090607161813.000000+180
Event Type: информация
User:Computer Name: USER
Event Code: 1001
Message: Счетчики производительности для службы WmiApRpl (WmiApRpl) успешно удалены.
Данные записи содержат новые значения разделов системного реестра Last Counter
и Last Help.Record Number: 7442
Source Name: LoadPerf
Time Written: 20090607161812.000000+180
Event Type: информация
User:Computer Name: USER
Event Code: 3044
Message: Работа индекса сбора данных возобновлена.Контекст: приложение «», каталог «SystemIndex»
Record Number: 7441
Source Name: Windows Search Service
Time Written: 20090607161417.000000+180
Event Type: информация
User:Computer Name: USER
Event Code: 1003
Message: Служба Windows Search запущена.Record Number: 7440
Source Name: Windows Search Service
Time Written: 20090607161417.000000+180
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:WINDOWSsystem32WindowsPowerShellv1.0;C:Program FilesDirac
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=6b02
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
