Созданные ответы форума
-
Сообщения
-
Офигеть!!!! 125 зараженных объектов нашел…А это ведь с учетом того, что у меня антивирусник стоит… 😮
Вот результатыMalwarebytes’ Anti-Malware 1.34
Версия базы данных: 1842
Windows 5.1.2600 Service Pack 213.03.2008 10:22:49
mbam-log-2008-03-13 (10-22-49).txtТип проверки: Быстрая
Проверено объектов: 70837
Прошло времени: 4 minute(s), 20 second(s)Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 115
Заражено значений реестра: 0
Заражено параметров реестра: 2
Заражено папок: 0
Заражено файлов: 8Заражено процессов в памяти:
(Вредоносные программы не обнаружены)Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
HKEY_CLASSES_ROOTCLSID{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsEGHOST.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRAVmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRAVmonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsVSSTAT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsWEBSCANX.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsadam.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAppSvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsccSvcHst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFileDsty.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFTCleanerShell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsHijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsiparmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsisPwdSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskabaload.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKaScrScn.SCR (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKISLnchr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMFilter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRepair.COM (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKsLoader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVCenter.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvDetect.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVMonXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvReport.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVStub.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatchX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsloaddll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsMagicSet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPFWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQHSET.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRegClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsruniep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssafelive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsshcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSmartUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSREng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssymlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUIHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxAttachment.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxFwHlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxPol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUpLive.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsWoptiClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsQQKav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVScan.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsNPFMntor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUmxCfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsicesword.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsArSwp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsrstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsupiea.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUSBCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFYFireWall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.Заражено значений реестра:
(Вредоносные программы не обнаружены)Заражено параметров реестра:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Trojan.Agent) -> Data: c:windowssystem32userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit (Trojan.Agent) -> Data: system32userinit.exe -> Quarantined and deleted successfully.Заражено папок:
(Вредоносные программы не обнаружены)Заражено файлов:
C:WINDOWSsystem32wpv671234083698.cpx (Trojan.Dropper) -> Quarantined and deleted successfully.
C:WINDOWSsystem32shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wpv151230262430.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wpv661230262534.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wpv831234083759.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:Documents and SettingsлёхаLocal SettingsTempie3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32sexit.dat (Trojan.Agent) -> Quarantined and deleted successfully.И RSIT
Logfile of random’s system information tool 1.05 (written by random/random)
Run by лёха at 2008-03-13 10:25:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 18 GB (24%) free of 76 GB
Total RAM: 511 MB (36% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:19, on 13.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesPhotodexProShowProducerScsiAccess.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesWinampwinampa.exe
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesOperaOpera.exe
C:Documents and SettingsлёхаРабочий столRSIT.exe
C:Program Filestrend microлёха.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O1 — Hosts: 195.98.56.151 moodle
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 — HKLM..Run: [HP Software Update] «C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe»
O4 — HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
O4 — HKLM..Run: [HP Component Manager] «C:Program FilesHPhpcoretechhpcmpmgr.exe»
O4 — HKLM..Run: [AdVantage Setup] C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..RunOnce: [Malwarebytes’ Anti-Malware] C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe /install /silent
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Инструмент проверки носителя Picture Motion Browser.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O17 — HKLMSystemCCSServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
O17 — HKLMSystemCCSServicesTcpip..{C36A8DF0-4D3E-44BB-BA28-7C144CC8BD6F}: NameServer = 213.177.96.1 213.177.97.1
O17 — HKLMSystemCS2ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
O17 — HKLMSystemCS3ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ScsiAccess — Unknown owner — C:Program FilesPhotodexProShowProducerScsiAccess.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O24 — Desktop Component 0: (no name) — http://line.romanticcollection.ru/ba/15_14b_42543FC0_RdoCenxke_13.gif—
End of file — 7215 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-07-27 68096]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2004-12-20 33792]
«HP Software Update»=C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe [2004-02-18 49152]
«HPDJ Taskbar Utility»=C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe [2004-03-04 172032]
«HP Component Manager»=C:Program FilesHPhpcoretechhpcmpmgr.exe [2003-12-22 241664]
«AdVantage Setup»=C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp []
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-06-18 271360]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-08-29 61440]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-02-06 5600952][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Malwarebytes’ Anti-Malware»=C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [2009-02-11 399504][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]C:Documents and SettingsлёхаГлавное менюПрограммыАвтозагрузка
Инструмент проверки носителя Picture Motion Browser.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-10-29 143360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2004-08-17 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:gamesCounter Strike — Sourcehl2.exe»=»C:gamesCounter Strike — Sourcehl2.exe:*:Enabled:hl2»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2008-12-12 22:32:14 —-D—- C:Documents and SettingsлёхаApplication DataPowerHouse
2008-12-04 11:41:38 —-D—- C:Documents and SettingsлёхаApplication DataMedia Player Classic
2008-12-04 11:36:33 —-D—- C:Program FilesESET
2008-12-04 11:36:33 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2008-12-04 11:33:48 —-A—- C:WINDOWSsystem32yv12vfw.dll
2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidvfw.dll
2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidcore.dll
2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32divx.dll
2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll
2008-12-04 11:33:45 —-D—- C:Program FilesK-Lite Codec Pack
2008-12-04 11:31:51 —-D—- C:Documents and SettingsAll UsersApplication DataATI
2008-12-04 11:29:30 —-D—- C:Program FilesATI
2008-12-04 11:27:53 —-N—- C:WINDOWSsystem32ati2sgag.exe
2008-12-04 11:27:26 —-D—- C:Program FilesATI Technologies
2008-12-04 11:26:45 —-D—- C:ATI
2008-10-29 05:23:22 —-A—- C:WINDOWSsystem32ATIDEMGX.dll
2008-10-29 05:11:35 —-A—- C:WINDOWSsystem32atipdlxx.dll
2008-10-29 05:11:21 —-A—- C:WINDOWSsystem32Oemdspif.dll
2008-10-29 05:11:12 —-A—- C:WINDOWSsystem32Ati2mdxx.exe
2008-10-29 05:11:03 —-A—- C:WINDOWSsystem32ati2edxx.dll
2008-10-29 05:10:59 —-A—- C:WINDOWSsystem32atioglxx.dll
2008-10-29 05:10:45 —-A—- C:WINDOWSsystem32ati2evxx.dll
2008-10-29 05:09:10 —-A—- C:WINDOWSsystem32ati2evxx.exe
2008-10-29 05:07:44 —-A—- C:WINDOWSsystem32ATIDDC.DLL
2008-10-29 04:49:31 —-A—- C:WINDOWSsystem32atiiiexx.dll
2008-10-29 04:25:31 —-A—- C:WINDOWSsystem32amdpcom32.dll
2008-10-29 04:21:21 —-A—- C:WINDOWSsystem32atikvmag.dll
2008-10-29 04:19:50 —-A—- C:WINDOWSsystem32atiadlxx.dll
2008-10-29 04:19:40 —-A—- C:WINDOWSsystem32atitvo32.dll
2008-10-29 04:18:30 —-A—- C:WINDOWSsystem32atiok3x2.dll
2008-10-26 22:37:57 —-D—- C:Program FilesBiohazard 4
2008-10-21 20:51:43 —-A—- C:WINDOWSsystem32atibrtmon.exe
2008-10-19 22:07:30 —-A—- C:WINDOWSsystem32nmwcdcocls.dll
2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wups2.dll
2008-10-16 14:08:56 —-A—- C:WINDOWSsystem32wucltui.dll.mui
2008-10-16 14:08:12 —-A—- C:WINDOWSsystem32wuapi.dll.mui
2008-10-16 14:07:32 —-A—- C:WINDOWSsystem32wuaueng.dll.mui
2008-10-02 17:33:12 —-A—- C:WINDOWSModemLog_Nokia GSM Phone USB Modem.txt
2008-08-14 13:41:55 —-D—- C:Documents and SettingsлёхаApplication DataSony Corporation
2008-08-14 13:40:07 —-D—- C:Drivers
2008-08-14 13:40:07 —-A—- C:WINDOWSsystem32SONYHCY.DLL
2008-08-14 13:38:21 —-D—- C:Program FilesSony
2008-07-21 20:01:20 —-A—- C:WINDOWSWININIT.INI
2008-07-21 10:22:39 —-A—- C:WINDOWSsystem32ptpusb.dll
2008-07-21 10:22:37 —-A—- C:WINDOWSsystem32ptpusd.dll
2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesPCSuite
2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesNokia
2008-07-21 10:13:03 —-D—- C:Program FilesPC Connectivity Solution
2008-07-21 10:10:16 —-D—- C:Documents and SettingsAll UsersApplication DataInstallations
2008-06-29 16:34:16 —-D—- C:WINDOWSCSC
2008-05-08 10:52:22 —-A—- C:WINDOWSsystem32Vb5db.dll
2008-05-06 18:28:28 —-A—- C:WINDOWSntbtlog.txt
2008-05-06 15:09:44 —-A—- C:WINDOWSsystem32~GLH0062.TMP
2008-05-05 21:19:12 —-D—- C:WINDOWSMinidump
2008-03-13 10:12:06 —-D—- C:Documents and SettingsлёхаApplication DataMalwarebytes
2008-03-13 10:11:59 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-03-13 10:11:58 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2008-03-12 10:09:24 —-D—- C:_OTMoveIt
2008-03-05 16:30:18 —-N—- C:Program FilesDXSETUP.exe
2008-03-05 16:30:18 —-N—- C:Program Filesdsetup32.dll
2008-03-05 16:30:18 —-N—- C:Program FilesDSETUP.dll
2008-03-05 08:45:56 —-D—- C:Program FilesuTorrent
2008-03-05 08:45:49 —-D—- C:Documents and SettingsлёхаApplication DatauTorrent
2008-02-25 19:37:41 —-D—- C:Program FilesSemagic
2008-02-23 22:37:32 —-D—- C:divx
2008-02-21 14:41:35 —-D—- C:Documents and SettingsлёхаApplication DataZoundry
2008-02-20 23:29:49 —-D—- C:Program FilesPhoto Frames PRO
2008-02-18 15:18:36 —-A—- C:WINDOWSsystem32BASSMOD.dll
2008-02-18 14:31:35 —-A—- C:Program Filesinstall_flash_player.exe
2008-02-17 23:27:38 —-D—- C:Program FilesPhotodex Presenter
2008-02-17 23:27:38 —-D—- C:Documents and SettingsлёхаApplication DataNetscape
2008-02-17 23:27:14 —-D—- C:Program FilesPhotodex
2008-02-17 23:26:52 —-D—- C:Documents and SettingsлёхаApplication DataPhotodex
2008-02-17 22:15:21 —-D—- C:Documents and SettingsлёхаApplication DataMyScreensaver
2008-02-17 21:57:29 —-D—- C:Documents and SettingsлёхаApplication DataMy Gallery Player======List of files/folders modified in the last 1 months======
2009-01-08 19:49:04 —-D—- C:Program FilesArtMoney
2008-12-05 22:13:54 —-SHD—- C:Program FilesCommon FilesSystem
2008-12-04 11:29:15 —-RSD—- C:WINDOWSassembly
2008-12-04 11:29:03 —-D—- C:WINDOWSWinSxS
2008-12-04 11:28:12 —-HD—- C:Program FilesInstallShield Installation Information
2008-10-29 05:22:02 —-A—- C:WINDOWSsystem32ati2dvag.dll
2008-10-29 04:57:58 —-A—- C:WINDOWSsystem32ati3duag.dll
2008-10-29 04:41:13 —-A—- C:WINDOWSsystem32ativvaxx.dll
2008-10-29 04:12:51 —-A—- C:WINDOWSsystem32ati2cqag.dll
2008-10-26 22:28:48 —-D—- C:Program FilesCyberLink
2008-10-19 22:07:37 —-DC—- C:WINDOWSsystem32DRVSTORE
2008-10-19 22:07:26 —-D—- C:Program FilesNokia
2008-10-16 21:28:10 —-D—- C:WINDOWSsystem32DirectX
2008-10-16 21:24:39 —-D—- C:WINDOWSsystem32CatRoot
2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuweb.dll
2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuaueng.dll
2008-10-16 14:12:22 —-A—- C:WINDOWSsystem32wucltui.dll
2008-10-16 14:12:20 —-A—- C:WINDOWSsystem32wuapi.dll
2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wuauclt.exe
2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32cdm.dll
2008-10-16 14:08:58 —-A—- C:WINDOWSsystem32wups.dll
2008-10-05 00:04:50 —-A—- C:WINDOWSOEWABLog.txt
2008-08-14 13:37:21 —-D—- C:Program FilesCommon FilesInstallShield
2008-08-08 20:37:11 —-D—- C:Documents and Settings
2008-08-03 18:59:13 —-A—- C:WINDOWSsetuplog.txt
2008-08-03 17:35:35 —-D—- C:WINDOWSsystem32appmgmt
2008-07-21 10:17:04 —-D—- C:Documents and SettingsлёхаApplication DataNokia
2008-07-21 10:14:10 —-D—- C:Documents and SettingsAll UsersApplication DataDownloaded Installations
2008-07-21 10:13:13 —-D—- C:Program FilesDIFX
2008-07-12 18:29:00 —-A—- C:WINDOWSRtlRack.ini
2008-06-25 17:51:07 —-A—- C:WINDOWSDUMP6cc3.tmp
2008-06-25 17:43:53 —-A—- C:WINDOWSDUMP5d81.tmp
2008-05-25 02:06:26 —-D—- C:Program FilesWindows Media Player
2008-05-06 18:25:35 —-A—- C:WINDOWSDUMP5ff2.tmp
2008-04-24 18:37:23 —-SHD—- C:RECYCLER
2008-03-21 23:30:08 —-A—- C:WINDOWSsystem32qt-dx331.dll
2008-03-21 23:28:54 —-A—- C:WINDOWSsystem32dpl100.dll
2008-03-16 22:02:37 —-D—- C:Program FilesWinamp
2008-03-13 10:25:17 —-D—- C:Program Filestrend micro
2008-03-13 10:23:54 —-D—- C:WINDOWSTemp
2008-03-13 10:22:49 —-D—- C:WINDOWSsystem32
2008-03-13 10:12:06 —-D—- C:WINDOWSPrefetch
2008-03-13 10:12:03 —-D—- C:WINDOWSsystem32drivers
2008-03-13 10:11:58 —-RD—- C:Program Files
2008-03-13 02:33:09 —-A—- C:WINDOWSSchedLgU.Txt
2008-03-13 01:52:26 —-D—- C:Documents and SettingsлёхаApplication DataMra
2008-03-12 10:09:24 —-D—- C:WINDOWS
2008-03-11 03:38:45 —-A—- C:WINDOWSwinamp.ini
2008-03-08 21:17:54 —-A—- C:WINDOWSwin.ini
2008-03-08 21:13:41 —-D—- C:games
2008-03-07 19:36:39 —-D—- C:фильмы
2008-03-05 03:08:37 —-D—- C:музыка
2008-02-26 21:29:12 —-D—- C:Program FilesteXet
2008-02-26 02:52:54 —-D—- C:WINDOWSsystem32CatRoot2
2008-02-25 20:47:03 —-D—- C:Documents and SettingsлёхаApplication DataHelp
2008-02-25 14:34:49 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2008-02-19 16:35:17 —-D—- C:книги
2008-02-19 16:00:17 —-HD—- C:WINDOWSinf
2008-02-19 16:00:00 —-SHD—- C:WINDOWSInstaller
2008-02-18 17:33:45 —-D—- C:WINDOWSsystem32config
2008-02-17 23:27:38 —-D—- C:Documents and SettingsлёхаApplication DataMozilla======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-10-20 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-10-20 55936]
R2 SVKP;SVKP; ??C:WINDOWSsystem32SVKP.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-08-02 635281]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2004-08-03 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 SISNIC;SiS PCI Fast Ethernet адаптер, драйвер; C:WINDOWSsystem32DRIVERSsisnic.sys [2004-08-04 32768]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
S3 FXDRV;FXDRV; ??D:Fxdrv.sys []
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 NWCWorkstation;Клиент для сетей NetWare; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R2 ScsiAccess;ScsiAccess; C:Program FilesPhotodexProShowProducerScsiAccess.exe [2008-02-17 181312]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Спасибо Вам за такую оперативность 😛 Не знаю, чтобы без Вас делала 😀Вот что вышло
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{469C7F34-476F-43A4-A8EC-39FFB42D4EB9}\ not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{753A8E27-66CF-424B-9DF1-D821231E7E9F}\ not found.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\services deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\lsass driver not found.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\services not found.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\services not found.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\services not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt\ not found.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders\»SecurityProviders»|»msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll» /E : value set successfully!
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{951e681c-ca14-11dd-862e-00016cb29477}\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{da35d8a3-c881-11dd-862a-00016cb29477}\ not found.
========== FILES ==========
File/Folder E:cfdnvq.exe not found.
Folder C:WINDOWSdigeste.dll not found.
File/Folder C:WINDOWSsystem32crypts.dll not found.
File/Folder C:WINDOWSmsauc.exe not found.
File/Folder C:WINDOWSservices.exe not found.
File/Folder C:Documents and SettingsAll UsersApplication Datamzdlib.dll not found.
File/Folder C:Documents and SettingsAll UsersApplication Datajgnlib.dll not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~18D8E~1LOCALS~1TempieD0.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~18D8E~1LOCALS~1TempinC9.tmp scheduled to be deleted on reboot.
File delete failed. C:DOCUME~18D8E~1LOCALS~1Tempinit.exe scheduled to be deleted on reboot.
File delete failed. C:DOCUME~18D8E~1LOCALS~1Temp~DF450.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 03122008_101629
Files moved on Reboot…
C:DOCUME~18D8E~1LOCALS~1TempieD0.tmp moved successfully.
C:DOCUME~18D8E~1LOCALS~1TempinC9.tmp moved successfully.
C:DOCUME~18D8E~1LOCALS~1Tempinit.exe moved successfully.
C:DOCUME~18D8E~1LOCALS~1Temp~DF450.tmp moved successfully.
File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.И вот это
Logfile of random’s system information tool 1.05 (written by random/random)
Run by лёха at 2008-03-12 10:22:24
Microsoft Windows XP Professional Service Pack 2
System drive C: has 18 GB (24%) free of 76 GB
Total RAM: 511 MB (25% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:42, on 12.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesPhotodexProShowProducerScsiAccess.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSnotepad.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesWinampwinampa.exe
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesMail.RuAgentMAgent.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesOperaOpera.exe
C:Documents and SettingsлёхаРабочий столRSIT.exe
C:Program Filestrend microлёха.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:DOCUME~18D8E~1LOCALS~1Tempinit.exe
O1 — Hosts: 195.98.56.151 moodle
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 — HKLM..Run: [HP Software Update] «C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe»
O4 — HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
O4 — HKLM..Run: [HP Component Manager] «C:Program FilesHPhpcoretechhpcmpmgr.exe»
O4 — HKLM..Run: [AdVantage Setup] C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Инструмент проверки носителя Picture Motion Browser.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O17 — HKLMSystemCCSServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
O17 — HKLMSystemCCSServicesTcpip..{C36A8DF0-4D3E-44BB-BA28-7C144CC8BD6F}: NameServer = 213.177.96.1 213.177.97.1
O17 — HKLMSystemCS2ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
O17 — HKLMSystemCS3ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ScsiAccess — Unknown owner — C:Program FilesPhotodexProShowProducerScsiAccess.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O24 — Desktop Component 0: (no name) — http://line.romanticcollection.ru/ba/15_14b_42543FC0_RdoCenxke_13.gif—
End of file — 7253 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-07-27 68096]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2004-12-20 33792]
«HP Software Update»=C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe [2004-02-18 49152]
«HPDJ Taskbar Utility»=C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe [2004-03-04 172032]
«HP Component Manager»=C:Program FilesHPhpcoretechhpcmpmgr.exe [2003-12-22 241664]
«AdVantage Setup»=C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp []
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-06-18 271360]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-08-29 61440]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-02-06 5600952][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]C:Documents and SettingsлёхаГлавное менюПрограммыАвтозагрузка
Инструмент проверки носителя Picture Motion Browser.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-10-29 143360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2004-08-17 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:gamesCounter Strike — Sourcehl2.exe»=»C:gamesCounter Strike — Sourcehl2.exe:*:Enabled:hl2»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2008-12-12 22:32:14 —-D—- C:Documents and SettingsлёхаApplication DataPowerHouse
2008-12-04 11:41:38 —-D—- C:Documents and SettingsлёхаApplication DataMedia Player Classic
2008-12-04 11:36:33 —-D—- C:Program FilesESET
2008-12-04 11:36:33 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2008-12-04 11:33:48 —-A—- C:WINDOWSsystem32yv12vfw.dll
2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidvfw.dll
2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidcore.dll
2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32divx.dll
2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll
2008-12-04 11:33:45 —-D—- C:Program FilesK-Lite Codec Pack
2008-12-04 11:31:51 —-D—- C:Documents and SettingsAll UsersApplication DataATI
2008-12-04 11:29:30 —-D—- C:Program FilesATI
2008-12-04 11:27:53 —-N—- C:WINDOWSsystem32ati2sgag.exe
2008-12-04 11:27:26 —-D—- C:Program FilesATI Technologies
2008-12-04 11:26:45 —-D—- C:ATI
2008-10-29 05:23:22 —-A—- C:WINDOWSsystem32ATIDEMGX.dll
2008-10-29 05:11:35 —-A—- C:WINDOWSsystem32atipdlxx.dll
2008-10-29 05:11:21 —-A—- C:WINDOWSsystem32Oemdspif.dll
2008-10-29 05:11:12 —-A—- C:WINDOWSsystem32Ati2mdxx.exe
2008-10-29 05:11:03 —-A—- C:WINDOWSsystem32ati2edxx.dll
2008-10-29 05:10:59 —-A—- C:WINDOWSsystem32atioglxx.dll
2008-10-29 05:10:45 —-A—- C:WINDOWSsystem32ati2evxx.dll
2008-10-29 05:09:10 —-A—- C:WINDOWSsystem32ati2evxx.exe
2008-10-29 05:07:44 —-A—- C:WINDOWSsystem32ATIDDC.DLL
2008-10-29 04:49:31 —-A—- C:WINDOWSsystem32atiiiexx.dll
2008-10-29 04:25:31 —-A—- C:WINDOWSsystem32amdpcom32.dll
2008-10-29 04:21:21 —-A—- C:WINDOWSsystem32atikvmag.dll
2008-10-29 04:19:50 —-A—- C:WINDOWSsystem32atiadlxx.dll
2008-10-29 04:19:40 —-A—- C:WINDOWSsystem32atitvo32.dll
2008-10-29 04:18:30 —-A—- C:WINDOWSsystem32atiok3x2.dll
2008-10-26 22:37:57 —-D—- C:Program FilesBiohazard 4
2008-10-21 20:51:43 —-A—- C:WINDOWSsystem32atibrtmon.exe
2008-10-19 22:07:30 —-A—- C:WINDOWSsystem32nmwcdcocls.dll
2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wups2.dll
2008-10-16 14:08:56 —-A—- C:WINDOWSsystem32wucltui.dll.mui
2008-10-16 14:08:12 —-A—- C:WINDOWSsystem32wuapi.dll.mui
2008-10-16 14:07:32 —-A—- C:WINDOWSsystem32wuaueng.dll.mui
2008-10-02 17:33:12 —-A—- C:WINDOWSModemLog_Nokia GSM Phone USB Modem.txt
2008-08-14 13:41:55 —-D—- C:Documents and SettingsлёхаApplication DataSony Corporation
2008-08-14 13:40:07 —-D—- C:Drivers
2008-08-14 13:40:07 —-A—- C:WINDOWSsystem32SONYHCY.DLL
2008-08-14 13:38:21 —-D—- C:Program FilesSony
2008-07-21 20:01:20 —-A—- C:WINDOWSWININIT.INI
2008-07-21 10:22:39 —-A—- C:WINDOWSsystem32ptpusb.dll
2008-07-21 10:22:37 —-A—- C:WINDOWSsystem32ptpusd.dll
2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesPCSuite
2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesNokia
2008-07-21 10:13:03 —-D—- C:Program FilesPC Connectivity Solution
2008-07-21 10:10:16 —-D—- C:Documents and SettingsAll UsersApplication DataInstallations
2008-06-29 16:34:16 —-D—- C:WINDOWSCSC
2008-05-08 10:52:22 —-A—- C:WINDOWSsystem32Vb5db.dll
2008-05-06 18:28:28 —-A—- C:WINDOWSntbtlog.txt
2008-05-06 15:09:44 —-A—- C:WINDOWSsystem32~GLH0062.TMP
2008-05-05 21:19:12 —-D—- C:WINDOWSMinidump
2008-03-12 10:09:24 —-D—- C:_OTMoveIt
2008-03-05 16:30:18 —-N—- C:Program FilesDXSETUP.exe
2008-03-05 16:30:18 —-N—- C:Program Filesdsetup32.dll
2008-03-05 16:30:18 —-N—- C:Program FilesDSETUP.dll
2008-03-05 08:45:56 —-D—- C:Program FilesuTorrent
2008-03-05 08:45:49 —-D—- C:Documents and SettingsлёхаApplication DatauTorrent
2008-02-25 19:37:41 —-D—- C:Program FilesSemagic
2008-02-23 22:37:32 —-D—- C:divx
2008-02-21 14:41:35 —-D—- C:Documents and SettingsлёхаApplication DataZoundry
2008-02-20 23:29:49 —-D—- C:Program FilesPhoto Frames PRO
2008-02-18 15:18:36 —-A—- C:WINDOWSsystem32BASSMOD.dll
2008-02-18 14:31:35 —-A—- C:Program Filesinstall_flash_player.exe
2008-02-17 23:27:38 —-D—- C:Program FilesPhotodex Presenter
2008-02-17 23:27:38 —-D—- C:Documents and SettingsлёхаApplication DataNetscape
2008-02-17 23:27:14 —-D—- C:Program FilesPhotodex
2008-02-17 23:26:52 —-D—- C:Documents and SettingsлёхаApplication DataPhotodex
2008-02-17 22:15:21 —-D—- C:Documents and SettingsлёхаApplication DataMyScreensaver
2008-02-17 21:57:29 —-D—- C:Documents and SettingsлёхаApplication DataMy Gallery Player
2008-02-13 12:43:23 —-D—- C:Program FilesMicrosoft Visual Studio
2008-02-13 11:35:49 —-D—- C:Program FilesMSECache======List of files/folders modified in the last 1 months======
2009-01-08 19:49:04 —-D—- C:Program FilesArtMoney
2008-12-05 22:13:54 —-SHD—- C:Program FilesCommon FilesSystem
2008-12-04 11:29:15 —-RSD—- C:WINDOWSassembly
2008-12-04 11:29:03 —-D—- C:WINDOWSWinSxS
2008-12-04 11:28:12 —-HD—- C:Program FilesInstallShield Installation Information
2008-10-29 05:22:02 —-A—- C:WINDOWSsystem32ati2dvag.dll
2008-10-29 04:57:58 —-A—- C:WINDOWSsystem32ati3duag.dll
2008-10-29 04:41:13 —-A—- C:WINDOWSsystem32ativvaxx.dll
2008-10-29 04:12:51 —-A—- C:WINDOWSsystem32ati2cqag.dll
2008-10-26 22:28:48 —-D—- C:Program FilesCyberLink
2008-10-19 22:07:37 —-DC—- C:WINDOWSsystem32DRVSTORE
2008-10-19 22:07:26 —-D—- C:Program FilesNokia
2008-10-16 21:28:10 —-D—- C:WINDOWSsystem32DirectX
2008-10-16 21:24:39 —-D—- C:WINDOWSsystem32CatRoot
2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuweb.dll
2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuaueng.dll
2008-10-16 14:12:22 —-A—- C:WINDOWSsystem32wucltui.dll
2008-10-16 14:12:20 —-A—- C:WINDOWSsystem32wuapi.dll
2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wuauclt.exe
2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32cdm.dll
2008-10-16 14:08:58 —-A—- C:WINDOWSsystem32wups.dll
2008-10-05 00:04:50 —-A—- C:WINDOWSOEWABLog.txt
2008-08-14 13:37:21 —-D—- C:Program FilesCommon FilesInstallShield
2008-08-08 20:37:11 —-D—- C:Documents and Settings
2008-08-03 18:59:13 —-A—- C:WINDOWSsetuplog.txt
2008-08-03 17:35:35 —-D—- C:WINDOWSsystem32appmgmt
2008-07-21 10:17:04 —-D—- C:Documents and SettingsлёхаApplication DataNokia
2008-07-21 10:14:10 —-D—- C:Documents and SettingsAll UsersApplication DataDownloaded Installations
2008-07-21 10:13:13 —-D—- C:Program FilesDIFX
2008-07-12 18:29:00 —-A—- C:WINDOWSRtlRack.ini
2008-06-25 17:51:07 —-A—- C:WINDOWSDUMP6cc3.tmp
2008-06-25 17:43:53 —-A—- C:WINDOWSDUMP5d81.tmp
2008-05-25 02:06:26 —-D—- C:Program FilesWindows Media Player
2008-05-06 18:25:35 —-A—- C:WINDOWSDUMP5ff2.tmp
2008-04-24 18:37:23 —-SHD—- C:RECYCLER
2008-03-21 23:30:08 —-A—- C:WINDOWSsystem32qt-dx331.dll
2008-03-21 23:28:54 —-A—- C:WINDOWSsystem32dpl100.dll
2008-03-16 22:02:37 —-D—- C:Program FilesWinamp
2008-03-12 10:22:39 —-D—- C:Program Filestrend micro
2008-03-12 10:22:04 —-D—- C:WINDOWSTemp
2008-03-12 10:21:17 —-D—- C:WINDOWSPrefetch
2008-03-12 10:17:47 —-A—- C:WINDOWSSchedLgU.Txt
2008-03-12 10:09:24 —-D—- C:WINDOWSsystem32
2008-03-12 10:09:24 —-D—- C:WINDOWS
2008-03-11 03:38:45 —-A—- C:WINDOWSwinamp.ini
2008-03-11 01:48:23 —-D—- C:Documents and SettingsлёхаApplication DataMra
2008-03-08 21:17:54 —-A—- C:WINDOWSwin.ini
2008-03-08 21:13:41 —-D—- C:games
2008-03-07 19:36:39 —-D—- C:фильмы
2008-03-05 08:45:56 —-RD—- C:Program Files
2008-03-05 03:08:37 —-D—- C:музыка
2008-02-26 21:29:12 —-D—- C:Program FilesteXet
2008-02-26 02:52:54 —-D—- C:WINDOWSsystem32CatRoot2
2008-02-25 20:47:03 —-D—- C:Documents and SettingsлёхаApplication DataHelp
2008-02-25 14:34:49 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2008-02-19 16:35:17 —-D—- C:книги
2008-02-19 16:00:17 —-HD—- C:WINDOWSinf
2008-02-19 16:00:17 —-D—- C:WINDOWSsystem32drivers
2008-02-19 16:00:00 —-SHD—- C:WINDOWSInstaller
2008-02-18 17:33:45 —-D—- C:WINDOWSsystem32config
2008-02-17 23:27:38 —-D—- C:Documents and SettingsлёхаApplication DataMozilla
2008-02-13 20:23:01 —-D—- C:Program FilesMicrosoft Office
2008-02-13 13:02:52 —-SHD—- C:System Volume Information
2008-02-13 12:43:42 —-SD—- C:Documents and SettingsлёхаApplication DataMicrosoft
2008-02-13 12:43:26 —-SHD—- C:Program FilesCommon FilesMicrosoft Shared
2008-02-13 11:36:33 —-RSD—- C:WINDOWSFonts======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-10-20 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-10-20 55936]
R2 SVKP;SVKP; ??C:WINDOWSsystem32SVKP.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-08-02 635281]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2004-08-03 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 SISNIC;SiS PCI Fast Ethernet адаптер, драйвер; C:WINDOWSsystem32DRIVERSsisnic.sys [2004-08-04 32768]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
S3 FXDRV;FXDRV; ??D:Fxdrv.sys []
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 NWCWorkstation;Клиент для сетей NetWare; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R2 ScsiAccess;ScsiAccess; C:Program FilesPhotodexProShowProducerScsiAccess.exe [2008-02-17 181312]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Logfile of random’s system information tool 1.05 (written by random/random)
Run by лёха at 2008-03-09 18:16:41
Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (21%) free of 76 GB
Total RAM: 511 MB (24% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:49, on 09.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesPhotodexProShowProducerScsiAccess.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesWinampwinampa.exe
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesMail.RuAgentMAgent.exe
C:WINDOWSservices.exe
C:WINDOWSmsauc.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSservices.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSservices.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSservices.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSservices.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSservices.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSservices.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSservices.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSservices.exe
C:Program FilesOperaOpera.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32NOTEPAD.EXE
C:Documents and SettingsлёхаРабочий столRSIT.exe
C:Program Filestrend microлёха.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.apeha.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {83821C2B-32A8-4DD7-B6D4-44309A78E668} — C:Program FilesMail.RuAgentMradllnewmrasearch.dll
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:DOCUME~18D8E~1LOCALS~1Tempinit.exe
O1 — Hosts: 195.98.56.151 moodle
O2 — BHO: jgnlibP — {469C7F34-476F-43A4-A8EC-39FFB42D4EB9} — C:Documents and SettingsAll UsersApplication Datajgnlib.dll
O2 — BHO: mzdlibP — {753A8E27-66CF-424B-9DF1-D821231E7E9F} — C:Documents and SettingsAll UsersApplication Datamzdlib.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 — HKLM..Run: [HP Software Update] «C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe»
O4 — HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
O4 — HKLM..Run: [HP Component Manager] «C:Program FilesHPhpcoretechhpcmpmgr.exe»
O4 — HKLM..Run: [AdVantage Setup] C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [RemoteControl] «C:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [MAgent] C:Program FilesMail.RuAgentMAgent.exe -LM
O4 — HKLM..Run: [services] C:WINDOWSservices.exe
O4 — HKLM..Run: [lsass driver] C:WINDOWSmsauc.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [services]O4 — HKLM..PoliciesExplorerRun: [services]
O4 — HKCU..PoliciesExplorerRun: [services]
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Инструмент проверки носителя Picture Motion Browser.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Поиск@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/282
O8 — Extra context menu item: Словари@Mail.Ru — res://C:Program FilesMail.RuSputnikMailRuSputnik.dll/283
O9 — Extra button: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra ‘Tools’ menuitem: Mail.Ru Агент — {7558B7E5-7B26-4201-BEDB-00D5FF534523} — C:Program FilesMail.RuAgentmagent.exe
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O17 — HKLMSystemCCSServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
O17 — HKLMSystemCCSServicesTcpip..{C36A8DF0-4D3E-44BB-BA28-7C144CC8BD6F}: NameServer = 213.177.96.1 213.177.97.1
O17 — HKLMSystemCS2ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
O17 — HKLMSystemCS3ServicesTcpip..{2103A6E0-349F-4A7A-BC15-F9E63D871EF0}: NameServer = 213.177.96.1,213.177.97.1
O20 — Winlogon Notify: crypt — C:WINDOWSSYSTEM32crypts.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ScsiAccess — Unknown owner — C:Program FilesPhotodexProShowProducerScsiAccess.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
O24 — Desktop Component 0: (no name) — http://line.romanticcollection.ru/ba/15_14b_42543FC0_RdoCenxke_13.gif—
End of file — 8313 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{469C7F34-476F-43A4-A8EC-39FFB42D4EB9}]
Realtime Media Provider — C:Documents and SettingsAll UsersApplication Datajgnlib.dll [2008-02-11 314880][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{753A8E27-66CF-424B-9DF1-D821231E7E9F}]
LTAC Data Helper Object — C:Documents and SettingsAll UsersApplication Datamzdlib.dll [2008-02-07 322560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-02-06 676704][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-07-27 68096]
«WinampAgent»=C:Program FilesWinampwinampa.exe [2004-12-20 33792]
«HP Software Update»=C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe [2004-02-18 49152]
«HPDJ Taskbar Utility»=C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe [2004-03-04 172032]
«HP Component Manager»=C:Program FilesHPhpcoretechhpcmpmgr.exe [2003-12-22 241664]
«AdVantage Setup»=C:DOCUME~18D8E~1LOCALS~1TempDat15.tmp [2008-02-01 120832]
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-06-18 271360]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-08-29 61440]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
«MAgent»=C:Program FilesMail.RuAgentMAgent.exe [2008-02-06 5600952]
«services»=C:WINDOWSservices.exe [2008-02-11 43009]
«lsass driver»=C:WINDOWSmsauc.exe [2008-02-11 82945][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
«services»=
[][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«services»=
[][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
«services»=
[]C:Documents and SettingsлёхаГлавное менюПрограммыАвтозагрузка
Инструмент проверки носителя Picture Motion Browser.lnk — C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-10-29 143360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt]
C:WINDOWSsystem32crypts.dll [2008-02-07 32256][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2004-08-17 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:gamesCounter Strike — Sourcehl2.exe»=»C:gamesCounter Strike — Sourcehl2.exe:*:Enabled:hl2»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{951e681c-ca14-11dd-862e-00016cb29477}]
shellAutoRuncommand — E:cfdnvq.exe
shellexplorecommand — E:cfdnvq.exe
shellopencommand — E:cfdnvq.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{da35d8a3-c881-11dd-862a-00016cb29477}]
shellAutoRuncommand — E:cfdnvq.exe
shellexplorecommand — E:cfdnvq.exe
shellopencommand — E:cfdnvq.exe======List of files/folders created in the last 1 months======
2008-12-12 22:32:14 —-D—- C:Documents and SettingsлёхаApplication DataPowerHouse
2008-12-04 11:41:38 —-D—- C:Documents and SettingsлёхаApplication DataMedia Player Classic
2008-12-04 11:36:33 —-D—- C:Program FilesESET
2008-12-04 11:36:33 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2008-12-04 11:33:48 —-A—- C:WINDOWSsystem32yv12vfw.dll
2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidvfw.dll
2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32xvidcore.dll
2008-12-04 11:33:47 —-A—- C:WINDOWSsystem32divx.dll
2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2008-12-04 11:33:46 —-A—- C:WINDOWSsystem32ff_vfw.dll
2008-12-04 11:33:45 —-D—- C:Program FilesK-Lite Codec Pack
2008-12-04 11:31:51 —-D—- C:Documents and SettingsAll UsersApplication DataATI
2008-12-04 11:29:30 —-D—- C:Program FilesATI
2008-12-04 11:27:53 —-N—- C:WINDOWSsystem32ati2sgag.exe
2008-12-04 11:27:26 —-D—- C:Program FilesATI Technologies
2008-12-04 11:26:45 —-D—- C:ATI
2008-10-29 05:23:22 —-A—- C:WINDOWSsystem32ATIDEMGX.dll
2008-10-29 05:11:35 —-A—- C:WINDOWSsystem32atipdlxx.dll
2008-10-29 05:11:21 —-A—- C:WINDOWSsystem32Oemdspif.dll
2008-10-29 05:11:12 —-A—- C:WINDOWSsystem32Ati2mdxx.exe
2008-10-29 05:11:03 —-A—- C:WINDOWSsystem32ati2edxx.dll
2008-10-29 05:10:59 —-A—- C:WINDOWSsystem32atioglxx.dll
2008-10-29 05:10:45 —-A—- C:WINDOWSsystem32ati2evxx.dll
2008-10-29 05:09:10 —-A—- C:WINDOWSsystem32ati2evxx.exe
2008-10-29 05:07:44 —-A—- C:WINDOWSsystem32ATIDDC.DLL
2008-10-29 04:49:31 —-A—- C:WINDOWSsystem32atiiiexx.dll
2008-10-29 04:25:31 —-A—- C:WINDOWSsystem32amdpcom32.dll
2008-10-29 04:21:21 —-A—- C:WINDOWSsystem32atikvmag.dll
2008-10-29 04:19:50 —-A—- C:WINDOWSsystem32atiadlxx.dll
2008-10-29 04:19:40 —-A—- C:WINDOWSsystem32atitvo32.dll
2008-10-29 04:18:30 —-A—- C:WINDOWSsystem32atiok3x2.dll
2008-10-26 22:37:57 —-D—- C:Program FilesBiohazard 4
2008-10-21 20:51:43 —-A—- C:WINDOWSsystem32atibrtmon.exe
2008-10-19 22:07:30 —-A—- C:WINDOWSsystem32nmwcdcocls.dll
2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wups2.dll
2008-10-16 14:08:56 —-A—- C:WINDOWSsystem32wucltui.dll.mui
2008-10-16 14:08:12 —-A—- C:WINDOWSsystem32wuapi.dll.mui
2008-10-16 14:07:32 —-A—- C:WINDOWSsystem32wuaueng.dll.mui
2008-10-02 17:33:12 —-A—- C:WINDOWSModemLog_Nokia GSM Phone USB Modem.txt
2008-08-14 13:41:55 —-D—- C:Documents and SettingsлёхаApplication DataSony Corporation
2008-08-14 13:40:07 —-D—- C:Drivers
2008-08-14 13:40:07 —-A—- C:WINDOWSsystem32SONYHCY.DLL
2008-08-14 13:38:21 —-D—- C:Program FilesSony
2008-07-21 20:01:20 —-A—- C:WINDOWSWININIT.INI
2008-07-21 10:22:39 —-A—- C:WINDOWSsystem32ptpusb.dll
2008-07-21 10:22:37 —-A—- C:WINDOWSsystem32ptpusd.dll
2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesPCSuite
2008-07-21 10:14:21 —-D—- C:Program FilesCommon FilesNokia
2008-07-21 10:13:03 —-D—- C:Program FilesPC Connectivity Solution
2008-07-21 10:10:16 —-D—- C:Documents and SettingsAll UsersApplication DataInstallations
2008-06-29 16:34:16 —-D—- C:WINDOWSCSC
2008-05-08 10:52:22 —-A—- C:WINDOWSsystem32Vb5db.dll
2008-05-06 18:28:28 —-A—- C:WINDOWSntbtlog.txt
2008-05-06 15:09:44 —-A—- C:WINDOWSsystem32~GLH0062.TMP
2008-05-05 21:19:12 —-D—- C:WINDOWSMinidump
2008-03-05 16:30:18 —-N—- C:Program FilesDXSETUP.exe
2008-03-05 16:30:18 —-N—- C:Program Filesdsetup32.dll
2008-03-05 16:30:18 —-N—- C:Program FilesDSETUP.dll
2008-03-05 08:45:56 —-D—- C:Program FilesuTorrent
2008-03-05 08:45:49 —-D—- C:Documents and SettingsлёхаApplication DatauTorrent
2008-02-25 19:37:41 —-D—- C:Program FilesSemagic
2008-02-23 22:37:32 —-D—- C:divx
2008-02-21 14:41:35 —-D—- C:Documents and SettingsлёхаApplication DataZoundry
2008-02-20 23:29:49 —-D—- C:Program FilesPhoto Frames PRO
2008-02-18 15:18:36 —-A—- C:WINDOWSsystem32BASSMOD.dll
2008-02-18 14:31:35 —-A—- C:Program Filesinstall_flash_player.exe
2008-02-17 23:27:38 —-D—- C:Program FilesPhotodex Presenter
2008-02-17 23:27:38 —-D—- C:Documents and SettingsлёхаApplication DataNetscape
2008-02-17 23:27:14 —-D—- C:Program FilesPhotodex
2008-02-17 23:26:52 —-D—- C:Documents and SettingsлёхаApplication DataPhotodex
2008-02-17 22:15:21 —-D—- C:Documents and SettingsлёхаApplication DataMyScreensaver
2008-02-17 21:57:29 —-D—- C:Documents and SettingsлёхаApplication DataMy Gallery Player
2008-02-13 12:43:23 —-D—- C:Program FilesMicrosoft Visual Studio
2008-02-13 11:35:49 —-D—- C:Program FilesMSECache
2008-02-12 18:04:10 —-D—- C:Documents and SettingsлёхаApplication DataMozilla
2008-02-12 18:04:07 —-D—- C:Program FilesDeer Park Alpha 2
2008-02-11 21:15:09 —-D—- C:Program FilesteXet
2008-02-11 09:06:51 —-A—- C:Documents and SettingsAll UsersApplication Datajgnlib.dll
2008-02-11 09:02:37 —-A—- C:WINDOWSsystem32digeste.dll======List of files/folders modified in the last 1 months======
2009-01-08 19:49:04 —-D—- C:Program FilesArtMoney
2008-12-05 22:13:54 —-SHD—- C:Program FilesCommon FilesSystem
2008-12-04 11:29:15 —-RSD—- C:WINDOWSassembly
2008-12-04 11:29:03 —-D—- C:WINDOWSWinSxS
2008-12-04 11:28:12 —-HD—- C:Program FilesInstallShield Installation Information
2008-10-29 05:22:02 —-A—- C:WINDOWSsystem32ati2dvag.dll
2008-10-29 04:57:58 —-A—- C:WINDOWSsystem32ati3duag.dll
2008-10-29 04:41:13 —-A—- C:WINDOWSsystem32ativvaxx.dll
2008-10-29 04:12:51 —-A—- C:WINDOWSsystem32ati2cqag.dll
2008-10-26 22:28:48 —-D—- C:Program FilesCyberLink
2008-10-19 22:07:37 —-DC—- C:WINDOWSsystem32DRVSTORE
2008-10-19 22:07:26 —-D—- C:Program FilesNokia
2008-10-16 21:28:10 —-D—- C:WINDOWSsystem32DirectX
2008-10-16 21:24:39 —-D—- C:WINDOWSsystem32CatRoot
2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuweb.dll
2008-10-16 14:13:40 —-A—- C:WINDOWSsystem32wuaueng.dll
2008-10-16 14:12:22 —-A—- C:WINDOWSsystem32wucltui.dll
2008-10-16 14:12:20 —-A—- C:WINDOWSsystem32wuapi.dll
2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32wuauclt.exe
2008-10-16 14:09:44 —-A—- C:WINDOWSsystem32cdm.dll
2008-10-16 14:08:58 —-A—- C:WINDOWSsystem32wups.dll
2008-10-05 00:04:50 —-A—- C:WINDOWSOEWABLog.txt
2008-08-14 13:37:21 —-D—- C:Program FilesCommon FilesInstallShield
2008-08-08 20:37:11 —-D—- C:Documents and Settings
2008-08-03 18:59:13 —-A—- C:WINDOWSsetuplog.txt
2008-08-03 17:35:35 —-D—- C:WINDOWSsystem32appmgmt
2008-07-21 10:17:04 —-D—- C:Documents and SettingsлёхаApplication DataNokia
2008-07-21 10:14:10 —-D—- C:Documents and SettingsAll UsersApplication DataDownloaded Installations
2008-07-21 10:13:13 —-D—- C:Program FilesDIFX
2008-07-12 18:29:00 —-A—- C:WINDOWSRtlRack.ini
2008-06-25 17:51:07 —-A—- C:WINDOWSDUMP6cc3.tmp
2008-06-25 17:43:53 —-A—- C:WINDOWSDUMP5d81.tmp
2008-05-25 02:06:26 —-D—- C:Program FilesWindows Media Player
2008-05-06 18:25:35 —-A—- C:WINDOWSDUMP5ff2.tmp
2008-04-24 18:37:23 —-SHD—- C:RECYCLER
2008-03-21 23:30:08 —-A—- C:WINDOWSsystem32qt-dx331.dll
2008-03-21 23:28:54 —-A—- C:WINDOWSsystem32dpl100.dll
2008-03-16 22:02:37 —-D—- C:Program FilesWinamp
2008-03-09 18:16:47 —-D—- C:Program Filestrend micro
2008-03-09 18:16:24 —-D—- C:WINDOWSTemp
2008-03-09 18:13:50 —-D—- C:WINDOWSPrefetch
2008-03-09 17:39:59 —-D—- C:Documents and SettingsлёхаApplication DataMra
2008-03-09 15:04:05 —-A—- C:WINDOWSwinamp.ini
2008-03-09 13:40:04 —-D—- C:WINDOWS
2008-03-09 11:30:12 —-A—- C:WINDOWSSchedLgU.Txt
2008-03-08 21:17:54 —-A—- C:WINDOWSwin.ini
2008-03-08 21:13:41 —-D—- C:games
2008-03-08 21:13:17 —-D—- C:WINDOWSsystem32
2008-03-07 19:36:39 —-D—- C:фильмы
2008-03-05 08:45:56 —-RD—- C:Program Files
2008-03-05 03:08:37 —-D—- C:музыка
2008-02-26 02:52:54 —-D—- C:WINDOWSsystem32CatRoot2
2008-02-25 20:47:03 —-D—- C:Documents and SettingsлёхаApplication DataHelp
2008-02-25 14:34:49 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2008-02-19 16:35:17 —-D—- C:книги
2008-02-19 16:00:17 —-HD—- C:WINDOWSinf
2008-02-19 16:00:17 —-D—- C:WINDOWSsystem32drivers
2008-02-19 16:00:00 —-SHD—- C:WINDOWSInstaller
2008-02-18 17:33:45 —-D—- C:WINDOWSsystem32config
2008-02-13 20:23:01 —-D—- C:Program FilesMicrosoft Office
2008-02-13 13:02:52 —-SHD—- C:System Volume Information
2008-02-13 12:43:42 —-SD—- C:Documents and SettingsлёхаApplication DataMicrosoft
2008-02-13 12:43:26 —-SHD—- C:Program FilesCommon FilesMicrosoft Shared
2008-02-13 11:36:33 —-RSD—- C:WINDOWSFonts
2008-02-11 09:02:54 —-A—- C:WINDOWSmsauc.exe
2008-02-11 09:02:36 —-A—- C:WINDOWSservices.exe
2008-02-10 22:34:37 —-D—- C:Documents and SettingsлёхаApplication DataCyberLink======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-10-20 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-10-20 55936]
R2 SVKP;SVKP; ??C:WINDOWSsystem32SVKP.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-08-02 635281]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2004-08-03 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-10-20 5888]
R3 SISNIC;SiS PCI Fast Ethernet адаптер, драйвер; C:WINDOWSsystem32DRIVERSsisnic.sys [2004-08-04 32768]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
S3 FXDRV;FXDRV; ??D:Fxdrv.sys []
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 NWCWorkstation;Клиент для сетей NetWare; C:WINDOWSsystem32svchost.exe [2004-08-17 14336]
R2 ScsiAccess;ScsiAccess; C:Program FilesPhotodexProShowProducerScsiAccess.exe [2008-02-17 181312]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Ничего не понимаю…Первое сообщение, которое я только что послало не дошло по ходу…Ну ладно, напишу заново. 🙄
В первый раз мне программка выдала 2 блокнота, а в этот раз только один, может влиять, то что я через Opera зашла?
