Созданные ответы форума
-
Сообщения
-
Драсьте, драйверов этих нет. Я наверно винду снесу. Поставлю Windows 7, хоть и бетка, но стабильностью всех поражает. Спс за участие. 😉
Мой антивирь-фаерволл проснулся, сам нашел, без помощи.
Имя: BZub
Тип: TrojanОписание:
A malicious program that has a hidden harmful routine to exploit system vulnerabilities.Ключи реестра:
HKEY_LOCAL_MACHINEsoftwareMicrosoftwindowscurrentversionControl PanelloadИмя: BiFrost
Тип: BackdoorОписание:
Gives someone else access to your computer by bypassing the normal authentication procedures.Ключи реестра:
HKEY_USERSS-1-5-21-1202660629-1647877149-1801674531-500softwareWgetGMER 1.0.14.14536 — http://www.gmer.net
Rootkit scan 2009-01-09 21:44:16
Windows 5.1.2600 Service Pack 3—- System — GMER 1.0.14 —-
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB7742B4A]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xB7722C16]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB774514E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xB771ADA2]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xB772BD92]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB773A646]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB773B15E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xB77192FE]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB772B682]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xB7738CC6]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xB7729F26]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xB772DD4E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xB77357A2]
SSDT spox.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spox.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xB7737666]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB772AD86]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xB77210CF]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB772D154]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xB773D8B6]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB7719D5E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xB773CB36]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB7744342]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xB7723C8D]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB772EB82]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB772F65E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB7741D92]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB773469E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xB7731216]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB7747636]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB7747C1A]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xB7733B6A]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB77326CA]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB7733112]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB7745E36]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB77411B6]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xB7725BDE]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB77369C2]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xB77301BA]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB773FEE6]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB774080E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB774881A]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xB773E66E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB773F386]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB773823E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xB77435E6]INT 0x62 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x73 ? 89D5DBF8
INT 0x82 ? 89D5DBF8
INT 0x94 ? 89CB5F00
INT 0xB4 ? 89CB5F00Code SystemRootsystem32DRIVERSFStarForce.sys (FStarForce/SNEG) KeInsertQueueDpc
—- Kernel code sections — GMER 1.0.14 —-
.text ntkrnlpa.exe!KeInsertQueueDpc 804FB7B0 5 Bytes JMP BAC89D7D SystemRootsystem32DRIVERSFStarForce.sys (FStarForce/SNEG)
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [ E6, FE, 73, B7, 0E, 08, 74, … ]
? spox.sys Не удается найти указанный файл. !
.text USBPORT.SYS!DllUnload BA45A8AC 5 Bytes JMP 89CB54E0
.text avn5cck3.SYS B9D51386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, … ]
.text avn5cck3.SYS B9D513AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, … ]
.text avn5cck3.SYS B9D513C4 3 Bytes [ 00, 70, 02 ]
.text avn5cck3.SYS B9D513C9 1 Byte [ 2E ]
.text avn5cck3.SYS B9D513CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, … ]
.text …—- User code sections — GMER 1.0.14 —-
.text C:WINDOWSExplorer.EXE[1940] SHELL32.dll!SHFileOperationW 7CA708D0 5 Bytes JMP 10001102 C:Program FilesUnlockerUnlockerHook.dll
.text C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE[3496] kernel32.dll!LoadResource 7C80A045 5 Bytes JMP 54070428 C:Program FilesAgnitumOutpost Security Suite Propluginsanti-spamop_gui.dll (GUI resources for Antispam solution/Agnitum Ltd.)
.text C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE[3496] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 32605629 C:Program FilesCommon FilesMicrosoft Sharedoffice12mso.dll (2007 Microsoft Office component/Microsoft Corporation)—- Kernel IAT/EAT — GMER 1.0.14 —-
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT SystemRootSystem32Driversavn5cck3.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT SystemRootSystem32Driversavn5cck3.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT SystemRootsystem32DRIVERSndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSraspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSpsched.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootSystem32DriversNDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERStcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSarp1394.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSrspndr.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)—- Devices — GMER 1.0.14 —-
Device FileSystemNtfs Ntfs 89D5C1F8
Device DriverTcpip DeviceIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbohci DeviceUSBPDO-0 89CB6500
Device Driverdmio DeviceDmControlDmIoDaemon 89DCD1F8
Device Driverdmio DeviceDmControlDmConfig 89DCD1F8
Device Driverdmio DeviceDmControlDmPnP 89DCD1F8
Device Driverdmio DeviceDmControlDmInfo 89DCD1F8
Device Driverusbehci DeviceUSBPDO-1 89BE01F8
Device DriverNetBT DeviceNetBT_Tcpip_{5FD17DA5-64A1-48FA-866D-D2D1D8A70618} 89A28500
Device Driverusbuhci DeviceUSBPDO-2 89CB11F8
Device Driverusbehci DeviceUSBPDO-3 89BE01F8
Device Driverusbuhci DeviceUSBPDO-4 89CB11F8
Device DriverTcpip DeviceTcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverFtdisk DeviceHarddiskVolume1 89D5E1F8
Device DriverFtdisk DeviceHarddiskVolume2 89D5E1F8
Device DriverCdrom DeviceCdRom0 89CD01F8
Device DriverFtdisk DeviceHarddiskVolume3 89D5E1F8
Device DriverCdrom DeviceCdRom1 89CD01F8
Device DriverCdrom DeviceCdRom2 89CD01F8
Device Driverusbstor Device�0000081 890241F8
Device Driverusbstor Device�0000082 890241F8
Device Driverusbstor Device�0000083 890241F8
Device DriverNetBT DeviceNetBt_Wins_Export 89A28500
Device DriverPCI_PNP2920 Device�000004a spox.sys
Device Driverusbstor Device�0000084 890241F8
Device DriverNetBT DeviceNetbiosSmb 89A28500
Device DriverTcpip DeviceUdp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverBTHUSB Device�0000089 bthport.sys (Драйвер шины Bluetooth/Корпорация Майкрософт)
Device DriverBTHUSB Device�0000089 bthport.sys (Драйвер шины Bluetooth/Корпорация Майкрософт)
Device DriverTcpip DeviceRawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverNetBT DeviceNetBT_Tcpip_{32978208-8199-4E0C-88B2-043ED06A10CA} 89A28500
Device Driverusbohci DeviceUSBFDO-0 89CB6500
Device Driverusbehci DeviceUSBFDO-1 89BE01F8
Device FileSystemMRxSmb DeviceLanmanDatagramReceiver 86D3F1F8
Device DriverTcpip DeviceIPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbuhci DeviceUSBFDO-2 89CB11F8
Device Driversptd Device2594644170 spox.sys
Device FileSystemMRxSmb DeviceLanmanRedirector 86D3F1F8
Device Driverusbstor Device�000007c 890241F8
Device Driverusbuhci DeviceUSBFDO-3 89CB11F8
Device Driverusbehci DeviceUSBFDO-4 89BE01F8
Device DriverFtdisk DeviceFtControl 89D5E1F8
Device DriverBTHUSB Device�000008b bthport.sys (Драйвер шины Bluetooth/Корпорация Майкрософт)
Device DriverBTHUSB Device�000008b bthport.sys (Драйвер шины Bluetooth/Корпорация Майкрософт)
Device Driveravn5cck3 DeviceScsiavn5cck31Port3Path0Target0Lun0 89BC4500
Device Driveravn5cck3 DeviceScsiavn5cck31 89BC4500
Device FileSystemCdfs Cdfs 86CA01F8—- Registry — GMER 1.0.14 —-
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!�0454B�045�0424>494 �000�044�0404?4B�0454@4 �001�003�9�004 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�L�002�T�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�T�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�P�o�E�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 �?�0404@�0404;4;�0454;4L4=4K494 �?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�I�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �?4;�0404=484@4>�0424I484:�0404 �?�0404:�0454B4>�0424 1?2?3?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@#4A4B4@4>494A4B�0424>4 �B�l�u�e�t�o�o�t�h� �(�?4@4>4B4>4:4>4;4 �R�F�C�O�M�M� �T�D�I�) 1?
Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys�011676a5b53
Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys�011676a5b53@001783550cd3 0x72 0x52 0xC8 0xB7 …
Reg HKLMSYSTEMCurrentControlSetServicesLanmanServerShares@374@484=4B�0454@4 CSCFlags=0?MaxUses=4294967295?Path=HP LaserJet 1018,LocalsplOnly?Permissions=0?Remark=HP LaserJet 1018?Type=1?
Reg HKLMSYSTEMCurrentControlSetServicesLanmanServerShares@374@484=4B�0454@�042 CSCFlags=0?MaxUses=4294967295?Path=Brother MFC-215C USB Printer,LocalsplOnly?Permissions=0?Remark=Brother MFC-215C USB?Type=1?
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@h0 1
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0xE9 0x0B 0x58 0x4F …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001@khjeh 0x10 0xED 0x7A 0xE2 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf40
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf40@khjeh 0xDB 0xC5 0x80 0xE9 …
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!�0454B�045�0424>494 �000�044�0404?4B�0454@4 �001�003�9�004 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�L�002�T�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�T�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�P�o�E�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 �?�0404@�0404;4;�0454;4L4=4K494 �?4>4@4B4 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�I�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �?4;�0404=484@4>�0424I484:�0404 �?�0404:�0454B4>�0424 1?2?3?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@#4A4B4@4>494A4B�0424>4 �B�l�u�e�t�o�o�t�h� �(�?4@4>4B4>4:4>4;4 �R�F�C�O�M�M� �T�D�I�) 1?
Reg HKLMSYSTEMControlSet002ServicesBTHPORTParametersKeys�011676a5b53
Reg HKLMSYSTEMControlSet002ServicesBTHPORTParametersKeys�011676a5b53@001783550cd3 0x72 0x52 0xC8 0xB7 …
Reg HKLMSYSTEMControlSet002ServicesLanmanServerShares@374@484=4B�0454@4 CSCFlags=0?MaxUses=4294967295?Path=HP LaserJet 1018,LocalsplOnly?Permissions=0?Remark=HP LaserJet 1018?Type=1?
Reg HKLMSYSTEMControlSet002ServicesLanmanServerShares@374@484=4B�0454@�042 CSCFlags=0?MaxUses=4294967295?Path=Brother MFC-215C USB Printer,LocalsplOnly?Permissions=0?Remark=Brother MFC-215C USB?Type=1?
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0xE9 0x0B 0x58 0x4F …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001@khjeh 0x10 0xED 0x7A 0xE2 …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf40
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf40@khjeh 0xDB 0xC5 0x80 0xE9 …—- EOF — GMER 1.0.14 —-
Спасибо за ответ.
Появились симптомы после перезагрузки. За предыдущий сеанс работы устанавливал несколько игр на коммуникатор, и на сам комп. Ну и кейгены там разные запускал для них. Вот собсна почему на данный сайт попал. OSS уже 2-й день перелапачивает все и ничего не находит. Может присаветуете какой антивирь. А то я до этого пользовался NOD + Outpost firewall, но связка иногда глючила. OSS глючит меньше, но и находит что-либо реже.
Сделал все.GMER 1.0.14.14536 — http://www.gmer.net
Rootkit scan 2009-01-09 21:44:16
Windows 5.1.2600 Service Pack 3—- System — GMER 1.0.14 —-
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB7742B4A]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xB7722C16]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB774514E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xB771ADA2]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xB772BD92]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB773A646]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB773B15E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xB77192FE]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB772B682]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xB7738CC6]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xB7729F26]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xB772DD4E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xB77357A2]
SSDT spox.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spox.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xB7737666]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB772AD86]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xB77210CF]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB772D154]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xB773D8B6]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB7719D5E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xB773CB36]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB7744342]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xB7723C8D]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB772EB82]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB772F65E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB7741D92]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB773469E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xB7731216]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB7747636]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB7747C1A]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xB7733B6A]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB77326CA]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB7733112]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB7745E36]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB77411B6]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xB7725BDE]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB77369C2]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xB77301BA]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB773FEE6]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB774080E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB774881A]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xB773E66E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB773F386]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB773823E]
SSDT SystemRootsystem32DRIVERSSandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xB77435E6]INT 0x62 ? 89D5DBF8
INT 0x63 ? 89D5DBF8
INT 0x73 ? 89D5DBF8
INT 0x82 ? 89D5DBF8
INT 0x94 ? 89CB5F00
INT 0xB4 ? 89CB5F00Code SystemRootsystem32DRIVERSFStarForce.sys (FStarForce/SNEG) KeInsertQueueDpc
—- Kernel code sections — GMER 1.0.14 —-
.text ntkrnlpa.exe!KeInsertQueueDpc 804FB7B0 5 Bytes JMP BAC89D7D SystemRootsystem32DRIVERSFStarForce.sys (FStarForce/SNEG)
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [ E6, FE, 73, B7, 0E, 08, 74, … ]
? spox.sys Не удается найти указанный файл. !
.text USBPORT.SYS!DllUnload BA45A8AC 5 Bytes JMP 89CB54E0
.text avn5cck3.SYS B9D51386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, … ]
.text avn5cck3.SYS B9D513AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, … ]
.text avn5cck3.SYS B9D513C4 3 Bytes [ 00, 70, 02 ]
.text avn5cck3.SYS B9D513C9 1 Byte [ 2E ]
.text avn5cck3.SYS B9D513CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, … ]
.text …—- User code sections — GMER 1.0.14 —-
.text C:WINDOWSExplorer.EXE[1940] SHELL32.dll!SHFileOperationW 7CA708D0 5 Bytes JMP 10001102 C:Program FilesUnlockerUnlockerHook.dll
.text C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE[3496] kernel32.dll!LoadResource 7C80A045 5 Bytes JMP 54070428 C:Program FilesAgnitumOutpost Security Suite Propluginsanti-spamop_gui.dll (GUI resources for Antispam solution/Agnitum Ltd.)
.text C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE[3496] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 32605629 C:Program FilesCommon FilesMicrosoft Sharedoffice12mso.dll (2007 Microsoft Office component/Microsoft Corporation)—- Kernel IAT/EAT — GMER 1.0.14 —-
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT SystemRootSystem32Driversavn5cck3.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT SystemRootSystem32Driversavn5cck3.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT SystemRootSystem32Driversavn5cck3.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT SystemRootsystem32DRIVERSndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSraspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSpsched.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootSystem32DriversNDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERStcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSwanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSarp1394.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT SystemRootsystem32DRIVERSrspndr.sys[NDIS.SYS!NdisOpenAdapter] [B9D22226] SystemRootsystem32driversafwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)—- Devices — GMER 1.0.14 —-
Device FileSystemNtfs Ntfs 89D5C1F8
Device DriverTcpip DeviceIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbohci DeviceUSBPDO-0 89CB6500
Device Driverdmio DeviceDmControlDmIoDaemon 89DCD1F8
Device Driverdmio DeviceDmControlDmConfig 89DCD1F8
Device Driverdmio DeviceDmControlDmPnP 89DCD1F8
Device Driverdmio DeviceDmControlDmInfo 89DCD1F8
Device Driverusbehci DeviceUSBPDO-1 89BE01F8
Device DriverNetBT DeviceNetBT_Tcpip_{5FD17DA5-64A1-48FA-866D-D2D1D8A70618} 89A28500
Device Driverusbuhci DeviceUSBPDO-2 89CB11F8
Device Driverusbehci DeviceUSBPDO-3 89BE01F8
Device Driverusbuhci DeviceUSBPDO-4 89CB11F8
Device DriverTcpip DeviceTcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverFtdisk DeviceHarddiskVolume1 89D5E1F8
Device DriverFtdisk DeviceHarddiskVolume2 89D5E1F8
Device DriverCdrom DeviceCdRom0 89CD01F8
Device DriverFtdisk DeviceHarddiskVolume3 89D5E1F8
Device DriverCdrom DeviceCdRom1 89CD01F8
Device DriverCdrom DeviceCdRom2 89CD01F8
Device Driverusbstor Device�0000081 890241F8
Device Driverusbstor Device�0000082 890241F8
Device Driverusbstor Device�0000083 890241F8
Device DriverNetBT DeviceNetBt_Wins_Export 89A28500
Device DriverPCI_PNP2920 Device�000004a spox.sys
Device Driverusbstor Device�0000084 890241F8
Device DriverNetBT DeviceNetbiosSmb 89A28500
Device DriverTcpip DeviceUdp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverBTHUSB Device�0000089 bthport.sys (Драйвер шины Bluetooth/Корпорация Майкрософт)
Device DriverBTHUSB Device�0000089 bthport.sys (Драйвер шины Bluetooth/Корпорация Майкрософт)
Device DriverTcpip DeviceRawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device DriverNetBT DeviceNetBT_Tcpip_{32978208-8199-4E0C-88B2-043ED06A10CA} 89A28500
Device Driverusbohci DeviceUSBFDO-0 89CB6500
Device Driverusbehci DeviceUSBFDO-1 89BE01F8
Device FileSystemMRxSmb DeviceLanmanDatagramReceiver 86D3F1F8
Device DriverTcpip DeviceIPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device Driverusbuhci DeviceUSBFDO-2 89CB11F8
Device Driversptd Device2594644170 spox.sys
Device FileSystemMRxSmb DeviceLanmanRedirector 86D3F1F8
Device Driverusbstor Device�000007c 890241F8
Device Driverusbuhci DeviceUSBFDO-3 89CB11F8
Device Driverusbehci DeviceUSBFDO-4 89BE01F8
Device DriverFtdisk DeviceFtControl 89D5E1F8
Device DriverBTHUSB Device�000008b bthport.sys (Драйвер шины Bluetooth/Корпорация Майкрософт)
Device DriverBTHUSB Device�000008b bthport.sys (Драйвер шины Bluetooth/Корпорация Майкрософт)
Device Driveravn5cck3 DeviceScsiavn5cck31Port3Path0Target0Lun0 89BC4500
Device Driveravn5cck3 DeviceScsiavn5cck31 89BC4500
Device FileSystemCdfs Cdfs 86CA01F8—- Registry — GMER 1.0.14 —-
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!�0454B�045�0424>494 �000�044�0404?4B�0454@4 �001�003�9�004 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�L�002�T�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�T�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�P�o�E�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 �?�0404@�0404;4;�0454;4L4=4K494 �?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�I�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �?4;�0404=484@4>�0424I484:�0404 �?�0404:�0454B4>�0424 1?2?3?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@#4A4B4@4>494A4B�0424>4 �B�l�u�e�t�o�o�t�h� �(�?4@4>4B4>4:4>4;4 �R�F�C�O�M�M� �T�D�I�) 1?
Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys�011676a5b53
Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys�011676a5b53@001783550cd3 0x72 0x52 0xC8 0xB7 …
Reg HKLMSYSTEMCurrentControlSetServicesLanmanServerShares@374@484=4B�0454@4 CSCFlags=0?MaxUses=4294967295?Path=HP LaserJet 1018,LocalsplOnly?Permissions=0?Remark=HP LaserJet 1018?Type=1?
Reg HKLMSYSTEMCurrentControlSetServicesLanmanServerShares@374@484=4B�0454@�042 CSCFlags=0?MaxUses=4294967295?Path=Brother MFC-215C USB Printer,LocalsplOnly?Permissions=0?Remark=Brother MFC-215C USB?Type=1?
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@h0 1
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0xE9 0x0B 0x58 0x4F …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001@khjeh 0x10 0xED 0x7A 0xE2 …
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf40
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf40@khjeh 0xDB 0xC5 0x80 0xE9 …
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@!�0454B�045�0424>494 �000�044�0404?4B�0454@4 �001�003�9�004 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�L�002�T�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�T�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�P�o�E�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 �?�0404@�0404;4;�0454;4L4=4K494 �?4>4@4B4 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�I�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �?4;�0404=484@4>�0424I484:�0404 �?�0404:�0454B4>�0424 1?2?3?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@#4A4B4@4>494A4B�0424>4 �B�l�u�e�t�o�o�t�h� �(�?4@4>4B4>4:4>4;4 �R�F�C�O�M�M� �T�D�I�) 1?
Reg HKLMSYSTEMControlSet002ServicesBTHPORTParametersKeys�011676a5b53
Reg HKLMSYSTEMControlSet002ServicesBTHPORTParametersKeys�011676a5b53@001783550cd3 0x72 0x52 0xC8 0xB7 …
Reg HKLMSYSTEMControlSet002ServicesLanmanServerShares@374@484=4B�0454@4 CSCFlags=0?MaxUses=4294967295?Path=HP LaserJet 1018,LocalsplOnly?Permissions=0?Remark=HP LaserJet 1018?Type=1?
Reg HKLMSYSTEMControlSet002ServicesLanmanServerShares@374@484=4B�0454@�042 CSCFlags=0?MaxUses=4294967295?Path=Brother MFC-215C USB Printer,LocalsplOnly?Permissions=0?Remark=Brother MFC-215C USB?Type=1?
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0xE9 0x0B 0x58 0x4F …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools Lite
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001@a0 0x20 0x01 0x00 0x00 …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001@khjeh 0x10 0xED 0x7A 0xE2 …
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf40
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4�0000001�Jf40@khjeh 0xDB 0xC5 0x80 0xE9 …—- EOF — GMER 1.0.14 —-
ComboFix 09-01-08.01 — Администратор 2009-01-08 23:27:48.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2046.1510 [GMT 3:00]
Running from: E:ComboFix.exe
AV: Outpost Security Suite Pro *On-access scanning disabled* (Outdated)
FW: Outpost Security Suite Pro *disabled*
* Created a new restore point
* Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32VFP5RUS.DLL
.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.2009-01-08 22:38 . 2009-01-01 14:06 8,192 —a
c:windowssystem32driversFStarForce.sys
2009-01-08 22:24 . 2009-01-08 22:24d
c:documents and settingsАдминистраторApplication DataDAEMON Tools Pro
2009-01-08 22:24 . 2009-01-08 22:24d
c:documents and settingsАдминистраторApplication DataDAEMON Tools Pro
2009-01-08 22:24 . 2009-01-08 22:24d
c:documents and settingsАдминистраторApplication DataDAEMON Tools Pro
2009-01-08 22:23 . 2009-01-08 22:23d
c:documents and settingsAll UsersApplication DataDAEMON Tools Lite
2009-01-08 22:22 . 2009-01-08 22:24d
c:documents and settingsАдминистраторApplication DataDAEMON Tools Lite
2009-01-08 22:22 . 2009-01-08 22:24d
c:documents and settingsАдминистраторApplication DataDAEMON Tools Lite
2009-01-08 22:22 . 2009-01-08 22:24d
c:documents and settingsАдминистраторApplication DataDAEMON Tools Lite
2009-01-07 15:27 . 2009-01-07 15:27d
c:documents and settingsАдминистраторApplication DataMedia Player Classic
2009-01-07 15:27 . 2009-01-07 15:27d
c:documents and settingsАдминистраторApplication DataMedia Player Classic
2009-01-07 15:27 . 2009-01-07 15:27d
c:documents and settingsАдминистраторApplication DataMedia Player Classic
2009-01-07 13:04 . 2009-01-07 13:04d
C:My Downloads
2009-01-07 02:05 . 2009-01-07 02:05d
c:program filesCPU-Control
2009-01-07 02:05 . 2009-01-07 02:05d
c:documents and settingsАдминистраторApplication DataCPUControl
2009-01-07 02:05 . 2009-01-07 02:05d
c:documents and settingsАдминистраторApplication DataCPUControl
2009-01-07 02:05 . 2009-01-07 02:05d
c:documents and settingsАдминистраторApplication DataCPUControl
2009-01-07 00:07 . 2009-01-07 00:07d
c:windowsLogs
2009-01-07 00:05 . 2009-01-07 00:05d
c:windowssystem32xlive
2009-01-07 00:05 . 2009-01-07 00:05d
c:program filesMicrosoft Games for Windows — LIVE
2009-01-06 22:12 . 2009-01-06 22:13d
c:program filesRockstar Games
2009-01-05 15:25 . 2009-01-05 15:25d
C:Games
2009-01-04 23:39 . 2009-01-04 23:39d
c:documents and settingsАдминистраторApplication DataLeadertech
2009-01-04 23:39 . 2009-01-04 23:39d
c:documents and settingsАдминистраторApplication DataLeadertech
2009-01-04 23:39 . 2009-01-04 23:39d
c:documents and settingsАдминистраторApplication DataLeadertech
2009-01-04 19:35 . 2009-01-07 14:27d
c:windowssystem32LogFiles
2009-01-04 19:24 . 2009-01-04 19:24d
c:program filesEA Games
2009-01-03 17:03 . 2009-01-03 17:03 56 —ah
c:windowssystem32ezsidmv.dat
2009-01-03 17:02 . 2009-01-03 17:02d
c:program filesCommon FilesSkype
2008-12-28 19:31 . 2008-12-28 19:31d
c:documents and settingsАдминистраторApplication DataScanSoft
2008-12-28 19:31 . 2008-12-28 19:31d
c:documents and settingsАдминистраторApplication DataScanSoft
2008-12-28 19:31 . 2008-12-28 19:31d
c:documents and settingsАдминистраторApplication DataScanSoft
2008-12-27 01:32 . 2008-04-14 00:26 30,592 —a
c:windowssystem32driversrndismpx.sys
2008-12-27 01:32 . 2008-04-14 00:26 30,592 —a—c— c:windowssystem32dllcacherndismpx.sys
2008-12-27 01:32 . 2008-04-14 00:26 12,800 —a
c:windowssystem32driversusb8023x.sys
2008-12-27 01:32 . 2008-04-14 00:26 12,800 —a—c— c:windowssystem32dllcacheusb8023x.sys
2008-12-27 01:20 . 2008-12-27 01:20d—h
c:windowsPIF
2008-12-27 01:19 . 2008-12-27 01:19d
c:documents and settingsАдминистраторApplication DataWindows Search
2008-12-27 01:19 . 2008-12-27 01:19d
c:documents and settingsАдминистраторApplication DataWindows Search
2008-12-27 01:19 . 2008-12-27 01:19d
c:documents and settingsАдминистраторApplication DataWindows Search
2008-12-27 01:15 . 2008-12-27 01:15d
c:program filesWindows Desktop Search
2008-12-27 01:11 . 2008-12-27 01:11d
c:windowsASTULogTemp
2008-12-27 01:11 . 2008-12-27 01:11 65,739 —a
c:windowssystem32ASTULog.cab
2008-12-27 01:11 . 2008-12-27 01:11 1,049 —a
c:windowssystem32setup.inf
2008-12-27 01:11 . 2008-12-27 01:11 283 —a
c:windowssystem32setup.rpt
2008-12-27 00:42 . 2008-12-27 00:42 106,557 —a
c:windowssystem32btw_ci.dll
2008-12-26 20:24 . 2008-12-29 21:46 8 —a
c:windowssystem32nvModes.dat
2008-12-24 16:04 . 2008-12-24 16:04d
c:program filesWhale Communications
2008-12-24 00:50 . 2008-12-24 01:32d
c:documents and settingsАдминистраторApplication DataAuslogics
2008-12-24 00:50 . 2008-12-24 01:32d
c:documents and settingsАдминистраторApplication DataAuslogics
2008-12-24 00:50 . 2008-12-24 01:32d
c:documents and settingsАдминистраторApplication DataAuslogics
2008-12-24 00:48 . 2008-12-24 00:48d
c:program filesAuslogics
2008-12-21 21:44 . 2008-04-13 22:16 37,888 —a
c:windowssystem32driversbthmodem.sys
2008-12-21 21:44 . 2008-04-13 22:16 37,888 —a—c— c:windowssystem32dllcachebthmodem.sys
2008-12-21 18:10 . 2008-12-21 18:10d
c:program filesK-Lite Codec Pack
2008-12-21 18:04 . 2008-12-21 18:04d
c:documents and settingsAll UsersApplication DataFLEXnet
2008-12-21 14:46 . 2008-12-21 14:46d—h
c:windowssystem32GroupPolicy
2008-12-21 14:23 . 2008-12-21 14:23d
c:documents and settingsАдминистраторApplication DataViStart
2008-12-21 14:23 . 2008-12-21 14:23d
c:documents and settingsАдминистраторApplication DataViStart
2008-12-21 14:23 . 2008-12-21 14:23d
c:documents and settingsАдминистраторApplication DataViStart
2008-12-21 14:18 . 2008-12-21 14:18d
c:program filesVista Drive Icon
2008-12-21 14:17 . 2008-04-15 09:00 219,648 —a
c:windowssystem32uxtheme.backup
2008-12-21 14:16 . 2008-12-21 14:16d
c:windowsDownloaded Installations
2008-12-21 14:16 . 2008-12-21 14:16d
c:program filesSDF Lab
2008-12-21 14:15 . 2008-12-21 14:24d
c:program filesViStart
2008-12-21 14:10 . 2008-12-21 14:17d—h
c:windowsSDF Vista Shell Pack
2008-12-21 14:05 . 2007-07-17 21:28 6,410,240 -ra
c:windowssystemC6501.cpl
2008-12-21 14:05 . 2004-08-18 06:00 1,700,352 -ra
c:windowssystem32GdiPlus.dll
2008-12-21 14:05 . 2007-07-10 04:42 1,310,720 -ra
c:windowssystem32driversc6501.sys
2008-12-21 14:05 . 2001-11-23 22:08 712,704 -ra
c:windowssystemc6501a3d.dll
2008-12-21 14:05 . 2001-11-23 22:08 712,704 -ra
c:windowssystema3d.dll
2008-12-21 14:05 . 2007-06-28 04:02 274,432 -ra
c:windowssystem32C6501rm.exe
2008-12-21 14:05 . 2005-12-27 03:23 53,248 -ra
c:windowssystem32C6501rm.dll
2008-12-21 14:05 . 2006-06-28 00:54 32,768 -ra
c:windowssystem32c6501prop.dll
2008-12-21 14:05 . 2009-01-07 15:25 238 —a
c:windowssystemC6501.ini
2008-12-21 14:05 . 2008-12-21 14:05 162 —a
c:windowsC6501.ini.cfl
2008-12-21 14:04 . 2008-12-21 14:04d
c:program filesC-Media 6501 Sound
2008-12-21 14:04 . 2007-06-28 20:16 266,240 -r
c:windowsCmi6501Uninstall.exe
2008-12-21 14:04 . 2008-12-21 14:04 12,376 —a
c:windowsAscd_tmp.ini
2008-12-21 14:04 . 2007-06-29 04:55 4,571 -ra
c:windowsC6501.ini.cfg
2008-12-21 14:04 . 2007-08-09 04:18 326 -r
c:windowsc6501.ini
2008-12-21 12:54 . 2008-04-22 12:22 1,048,576 —a
c:windows0901.BIN
2008-12-21 12:53 . 2008-12-21 12:54 445,515 —a
c:windows0901.zip
2008-12-21 12:52 . 2008-12-21 12:52d
c:program filesASUS
2008-12-21 12:42 . 2008-12-21 12:42 32 —a
c:documents and settingsAll UsersApplication Dataezsid.dat
2008-12-21 12:41 . 2009-01-03 17:02d
c:program filesSkype
2008-12-21 12:41 . 2008-12-21 12:41d
c:documents and settingsAll UsersApplication DataSkype
2008-12-21 12:22 . 2008-12-21 12:25d
c:program filesPaint.NET
2008-12-21 12:17 . 2008-12-21 12:17d
c:windowssystem32XPSViewer
2008-12-21 12:17 . 2008-12-21 12:17d
c:program filesReference Assemblies
2008-12-21 12:17 . 2008-12-21 12:17d
c:program filesQIP Infium
2008-12-21 12:17 . 2008-12-21 12:17d
c:program filesMSBuild
2008-12-21 12:17 . 2007-09-27 10:48 23,856 —a
c:windowssystem32spupdsvc.exe
2008-12-21 12:17 . 2006-06-29 11:07 14,048
c:windowssystem32spmsg2.dll
2008-12-21 12:15 . 2009-01-07 15:27 116 —a
c:windowsNeroDigital.ini
2008-12-21 11:58 . 2009-01-05 15:33d
c:program filesuTorrent
2008-12-21 11:34 . 2008-12-21 11:34d
c:documents and settingsАдминистраторApplication DataYandex
2008-12-21 11:34 . 2008-12-21 11:34d
c:documents and settingsАдминистраторApplication DataYandex
2008-12-21 11:34 . 2008-12-21 11:34d
c:documents and settingsАдминистраторApplication DataYandex
2008-12-21 11:13 . 2008-12-21 11:13 431 —a
c:windowsBRWMARK.INI
2008-12-21 11:13 . 2008-12-21 11:13 184 —a
c:windowssystem32brsvc01a.bsi
2008-12-21 11:13 . 2008-12-21 11:13 30 —a
c:windowssystem32brss01a.ini
2008-12-21 11:13 . 2008-12-21 11:13 27 —a
c:windowsBRPP2KA.INI
2008-12-21 11:12 . 2008-12-21 11:12d
c:program filesBrother
2008-12-21 11:11 . 2008-12-21 11:11d
C:Brother
2008-12-21 11:11 . 2003-09-29 17:37 196,230
c:windowsCVRPAGE.BMP
2008-12-21 11:11 . 2005-04-08 13:48 163,840
c:windowssystem32NSSearch.dll
2008-12-21 11:11 . 2004-12-10 14:35 147,456
c:windowsbrunin03.dll
2008-12-21 11:11 . 2002-11-26 11:43 106,496
c:windowssystem32BrMuSNMP.dll
2008-12-21 11:09 . 2008-12-21 11:09d
c:program filesScanSoft
2008-12-21 11:09 . 2008-12-21 11:09d
c:program filesCommon FilesScanSoft Shared
2008-12-21 11:09 . 2008-12-21 11:09d
c:documents and settingsAll UsersApplication DataScanSoft
2008-12-21 11:09 . 2008-12-21 11:09d
c:documents and settingsAll UsersApplication DataInstallShield
2008-12-21 11:09 . 2003-09-24 08:36 27,019 —a
c:windowsmaxlink.ini
2008-12-21 11:07 . 2008-12-21 11:07d
c:documents and settingsAll UsersApplication DataBrother
2008-12-21 00:30 . 2009-01-08 23:59d
c:documents and settingsАдминистраторApplication DatauTorrent
2008-12-21 00:30 . 2009-01-08 23:59d
c:documents and settingsАдминистраторApplication DatauTorrent
2008-12-21 00:30 . 2009-01-08 23:59d
c:documents and settingsАдминистраторApplication DatauTorrent
2008-12-21 00:30 . 2009-01-08 21:26d
c:documents and settingsАдминистраторApplication DataskypePM
2008-12-21 00:30 . 2009-01-08 21:26d
c:documents and settingsАдминистраторApplication DataskypePM
2008-12-21 00:30 . 2009-01-08 21:26d
c:documents and settingsАдминистраторApplication DataskypePM
2008-12-21 00:30 . 2009-01-08 23:48d
c:documents and settingsАдминистраторApplication DataSkype
2008-12-21 00:30 . 2009-01-08 23:48d
c:documents and settingsАдминистраторApplication DataSkype
2008-12-21 00:30 . 2009-01-08 23:48d
c:documents and settingsАдминистраторApplication DataSkype
2008-12-21 00:30 . 2008-12-21 00:30d
c:documents and settingsАдминистраторApplication DataQIP
2008-12-21 00:30 . 2008-12-21 00:30d
c:documents and settingsАдминистраторApplication DataQIP.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 19:24
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools
2009-01-08 19:24
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools
2009-01-08 19:24
d
w c:documents and settingsАдминистраторApplication DataDAEMON Tools
2009-01-08 19:23
d
w c:program filesDAEMON Tools Lite
2009-01-06 19:13
d—h—w c:program filesInstallShield Installation Information
2008-12-27 10:39
d
w c:program filesMicrosoft ActiveSync
2008-12-26 10:09
d
w c:program filesAkelPad
2008-12-21 11:52 717,296 —-a-w c:windowssystem32driverssptd.sys
2008-12-21 11:17 219,648 —-a-w c:windowssystem32uxtheme.dll
2008-12-21 08:12
d
w c:program filesCommon FilesInstallShield
2008-12-20 21:27
d
w c:program filesAgnitum
2008-12-20 21:27
d
w c:documents and settingsAll UsersApplication DataAgnitum
2008-12-20 20:48
d
w c:documents and settingsAll UsersApplication DatanView_Profiles
2008-12-20 20:44
d
w c:program filesCommon FilesWise Installation Wizard
2008-12-20 20:44
d
w c:program filesAGEIA Technologies
2008-12-20 20:42
d
w c:program filesUnlocker
2008-12-20 20:32
d
w c:program filesAPC
2008-12-20 20:29
d
w c:program filesDIFX
2008-12-20 20:27
d—h—w c:program filesZenographics
2008-12-20 20:27
d
w c:program filesHewlett-Packard
2008-12-20 20:26
d
w c:program filesMedia Key
2008-12-20 20:26
d
w c:program filesA4Tech
2008-12-20 19:09
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2008-12-20 19:08
d
w c:program filesMicrosoft Works
2008-12-20 19:02
d
w c:program filesPunto Switcher
2008-12-20 19:02
d
w c:program filesKristanix
2008-12-20 19:02
d
w c:program filesFoxit Software
2008-12-20 18:59
d
w c:program filesCommon FilesAdobe
2008-12-20 18:52
d
w c:program filesCommon FilesMacrovision Shared
2008-12-20 18:51
d
w c:program filesLavalys
2008-12-20 18:51
d
w c:program filesFastStone Image Viewer
2008-12-20 18:51
d
w c:documents and settingsАдминистраторApplication DataDesktopicon
2008-12-20 18:51
d
w c:documents and settingsАдминистраторApplication DataDesktopicon
2008-12-20 18:51
d
w c:documents and settingsАдминистраторApplication DataDesktopicon
2008-12-20 18:50
d
w c:program filesLight Alloy
2008-12-20 18:50
d
w c:program filesCommon FilesAhead
2008-12-20 18:50
d
w c:program filesAhead
2008-12-20 18:49
d
w c:program filesWinamp
2008-12-20 18:41
d
w c:program filesmicrosoft frontpage
2008-12-20 18:40
d—a-w c:documents and settingsАдминистраторApplication DataMiniDm
2008-12-20 18:40
d—a-w c:documents and settingsАдминистраторApplication DataMiniDm
2008-12-20 18:40
d—a-w c:documents and settingsАдминистраторApplication DataMiniDm
2008-12-20 18:40
d—a-w c:documents and settingsАдминистраторApplication DataIEPro
2008-12-20 18:40
d—a-w c:documents and settingsАдминистраторApplication DataIEPro
2008-12-20 18:40
d—a-w c:documents and settingsАдминистраторApplication DataIEPro
2008-12-20 18:40
d
w c:program filesStartup Extractor
2008-12-20 18:40
d
w c:program filesIEPro
2008-12-20 18:40
d
w c:program filesDirectX Update
2008-12-20 18:36
d
w c:program filesWindows Media Connect 2
2008-11-26 09:42 565,760 —-a-w c:windowssystem32setup.exe
2008-11-26 09:38 1,571,840 —-a-w c:windowssystem32sfcfiles.dll
2008-11-26 09:31 99,840 —-a-w c:windowssystem32wmpshell.dll
2008-11-26 09:30 991,744 —-a-w c:windowssystem32drmv2clt.dll
2008-11-25 08:45 2,283,027 —-a-w c:windowssystem32x264vfw.dll
2008-11-24 14:32 57,344 —-a-w c:windowssystem32ff_vfw.dll
2008-11-14 18:07 43,544 —-a-w c:windowssystem32wups2.dll
2008-10-28 22:35 684,032 —-a-w c:windowssystem32divx.dll
2008-10-28 14:41 14,303,392 —-a-w c:windowssystem32xlive.dll
2008-10-28 14:41 13,643,936 —-a-w c:windowssystem32xlivefnt.dll
2008-10-27 08:04 70,992 —-a-w c:windowssystem32xapofx1_2.dll
2008-10-27 08:04 514,384 —-a-w c:windowssystem32xaudio2_3.dll
2008-10-27 08:04 235,856 —-a-w c:windowssystem32xactengine3_3.dll
2008-10-27 08:04 23,376 —-a-w c:windowssystem32x3daudio1_5.dll
2008-10-11 11:13 10,752 —-a-w c:windowssystem32rspndr.exe
2008-10-10 02:52 452,440 —-a-w c:windowssystem32d3dx10_40.dll
2008-10-10 02:52 4,379,984 —-a-w c:windowssystem32d3dx9_40.dll
2008-10-10 02:52 2,036,576 —-a-w c:windowssystem32d3dcompiler_40.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-15 15360]
«Punto Switcher»=»c:program filesPunto SwitcherPS.exe» [2008-05-30 722112]
«uTorrent»=»c:program filesuTorrentuTorrent.exe» [2008-10-10 270128]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320]
«Infium»=»c:program filesQIP Infiuminfium.exe» [2008-12-09 5062144]
«H/PC Connection Agent»=»c:progra~1MI3AA1~1wcescomm.exe» [2006-11-13 1289000]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-12-29 687560][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UnlockerAssistant»=»c:program filesUnlockerUnlockerAssistant.exe» [2008-05-02 15872]
«VMSnap3″=»c:windowsVMSnap3.EXE» [2006-08-30 49152]
«Domino»=»c:windowsDomino.EXE» [2006-06-28 49152]
«WheelMouse»=»c:program filesA4TechMouseAmoumain.exe» [2008-03-06 241664]
«MagicKey»=»c:progra~1MEDIAK~1MagicKey.exe» [2004-03-15 45056]
«OrderReminder»=»c:program filesHewlett-PackardOrderReminderOrderReminder.exe» [2006-01-30 98304]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-10-07 13574144]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-10-07 86016]
«OutpostMonitor»=»c:progra~1AgnitumOUTPOS~1op_mon.exe» [2008-07-15 1207128]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Security Suite Profeedback.exe» [2008-07-15 435544]
«SSBkgdUpdate»=»c:program filesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» [2003-09-29 155648]
«PaperPort PTD»=»c:program filesScanSoftPaperPortpptd40nt.exe» [2005-08-25 57393]
«IndexSearch»=»c:program filesScanSoftPaperPortIndexSearch.exe» [2005-08-25 40960]
«SetDefPrt»=»c:program filesBrotherBrmfl05aBrStDvPt.exe» [2005-01-26 49152]
«ControlCenter2.0″=»c:program filesBrotherControlCenter2brctrcen.exe» [2005-07-19 933888]
«DrvIcon»=»c:program filesVista Drive IconDrvIcon.exe» [2008-04-13 49152]
«nwiz»=»nwiz.exe» [2008-10-07 c:windowssystem32nwiz.exe]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-15 c:windowssystem32bthprops.cpl][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7_012″=»advpack.dll» [2008-11-26 c:windowssystem32advpack.dll]c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
LClock.lnk — c:program filesSDF LabLclockLClock.exe [2004-09-19 65536]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
APC UPS Status.lnk — c:program filesAPCAPC PowerChute Personal EditionDisplay.exe [2008-12-20 221247][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)
«NoStartMenuMorePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3fhg»= mp3fhg.acm
«msacm.divxa32″= divxa32.acm
«VIDC.X264″= x264vfw.dll
«VIDC.HFYU»= huffyuv.dll
«vidc.i263″= i263_32.drv[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableUnicastResponsesToMulticastBroadcast»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:windowssystem32driversnvcchflt.sys [2008-12-21 16640]
R1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2008-12-21 673920]
R3 afw;Agnitum firewall driver;c:windowssystem32driversafw.sys [2008-12-21 30864]
R3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2008-12-21 234640]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2008-12-21 33408]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:windowssystem32driversc6501.sys [2008-12-21 1310720]
R3 FStarForce;FStarForce;c:windowssystem32driversFStarForce.sys [2009-01-08 8192]
R3 VBEngNT;VBEngNT;c:windowssystem32driversVBEngNT.sys [2008-12-21 1072722]
R3 VBFilt;VBFilt;c:windowssystem32FiltVBFilt.dll [2008-12-21 158816]
R3 vmfilter303;vmfilter303;c:windowssystem32driversvmfilter303.sys [2008-12-20 428160]
R4 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2008-12-21 1570136]
S3 DMService;Whale Component Manager;c:windowsDOWNLO~1DMService.exe [2008-12-24 423576]
.
— — — — ORPHANS REMOVED — — — —HKLM-Run-C6501Sound — c6501.cpl
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} — {CD275D4E-791A-4993-9D4D-6A071EDD2709} — c:program filesIEProIEPro.dll
TCP: {32978208-8199-4E0C-88B2-043ED06A10CA} = 85.113.128.136,85.113.147.110
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilesu97vtsot.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage — hxxp://client.intercon.ru/client.aspx|http://vtorrents.ru/forums/index.php|http://torrents.ru/forums/index.php
FF — component: c:program filesMozilla Firefoxextensions{B13721C7-F507-4982-B2E5-502A71474FED}componentsNPComponent.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 23:44:18
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSAdministratorSoftwareMicrosoftActiveMoviedevenum{33D9A761-90C8-11D0-BD43-00A0C911CE86}3*NULL*4*NULL*D*NULL*S*NULL*P*NULL* *NULL*G*NULL*r*NULL*o*NULL*u*NULL*p*NULL* *NULL*T*NULL*r*NULL*u*NULL*e*NULL*S*NULL*p*NULL*e*NULL*e*NULL*c*NULL*h*NULL*»!]
«FriendlyName»=»DSP Group TrueSpeech™»
«CLSID»=»{6A08CF80-0E18-11CF-A24D-0020AFD79767}»
«FilterData»=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,
00,00,00,60,00,00,00,70,00,00,00,31,70,69,33,08,00,00,00,00,00,00,00,01,00,
00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,00,00,00,60,00,00,00,80,00,00,
00,61,75,64,73,00,00,10,00,80,00,00,aa,00,38,9b,71,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,22,00,00,00,00,00,10,00,80,00,00,aa,00,38,9b,71
«AcmId»=dword:00000022
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1164)
c:windowssystem32cscui.dll— — — — — — — > ‘explorer.exe'(2216)
c:program filesPunto Switcherpshook.dll
c:windowssystem32msi.dll
c:windowssystem32SETUPAPI.dll
c:windowssystem32NETSHELL.dll
c:program filesSDF LabLclockLC.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
SystemRootSystem32smss.exe [1068]
??c:windowssystem32csrss.exe [1132]
??c:windowssystem32winlogon.exe [1164]
c:windowssystem32services.exe [1220]
c:windowssystem32lsass.exe [1236]
c:windowssystem32svchost.exe [1416]
c:windowssystem32svchost.exe [1500]
c:windowsSystem32svchost.exe [1664]
c:windowssystem32svchost.exe [1808]
c:windowssystem32svchost.exe [2036]
c:windowssystem32brss01a.exe [316]
c:windowssystem32spoolsv.exe [324]
c:program filesAPCAPC PowerChute Personal Editionmainserv.exe [1040]
c:windowssystem32svchost.exe [1308]
c:windowssystem32nvsvc32.exe [1528]
c:windowssystem32svchost.exe [1688]
c:windowsSystem32alg.exe [1092]
c:windowssystem32CF29881.exe [1572]
c:windowsVMSnap3.EXE [1180]
c:windowsDomino.EXE [1932]
c:program filesHewlett-PackardOrderReminderOrderReminder.exe [2244]
c:windowssystem32RUNDLL32.EXE [3820]
c:program filesScanSoftPaperPortpptd40nt.exe [2172]
c:program filesBrotherControlCenter2brctrcen.exe [2500]
c:windowssystem32rundll32.exe [2588]
c:windowssystem32RunDll32.exe [3816]
c:program filesVista Drive IconDrvIcon.exe [3964]
c:windowssystem32ctfmon.exe [3972]
c:program filesPunto SwitcherPS.exe [4008]
c:program filesuTorrentuTorrent.exe [4072]
c:program filesSkypePhoneSkype.exe [1712]
c:program filesQIP Infiuminfium.exe [2548]
c:progra~1MI3AA1~1wcescomm.exe [2176]
c:program filesDAEMON Tools Litedaemon.exe [2644]
c:progra~1MI3AA1~1rapimgr.exe [2472]
c:program filesSkypePlugin ManagerskypePM.exe [3092]
c:program filesSDF LabLclockLClock.exe [520]
c:program filesAPCAPC PowerChute Personal Editionapcsystray.exe [3288]
c:windowssystem32taskmgr.exe [1100]
c:windowsexplorer.exe [2216]
c:combofixcatchme.cfexe [1376]
.
**************************************************************************
.
Completion time: 2009-01-09 0:06:28 — machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 21:06:05Pre-Run: 173 948 903 424 байт свободно
Post-Run: 173,659,123,712 байт свободно402
======List of files/folders created in the last 1 months======
2009-01-09 01:00:22 —-D—- C:rsit
2009-01-09 01:00:22 —-D—- C:Program Filestrend micro
2009-01-09 00:06:47 —-D—- C:WINDOWStemp
2009-01-09 00:06:41 —-A—- C:ComboFix.txt
2009-01-08 23:23:08 —-A—- C:WINDOWSNIRCMD.exe
2009-01-08 23:23:07 —-A—- C:WINDOWSzip.exe
2009-01-08 23:23:07 —-A—- C:WINDOWSSWREG.exe
2009-01-08 23:23:06 —-A—- C:WINDOWSgrep.exe
2009-01-08 23:23:05 —-A—- C:WINDOWSsed.exe
2009-01-08 23:23:05 —-A—- C:WINDOWSfdsv.exe
2009-01-08 23:23:04 —-A—- C:WINDOWSVFIND.exe
2009-01-08 23:23:03 —-A—- C:WINDOWSSWSC.exe
2009-01-08 23:23:02 —-A—- C:WINDOWSSWXCACLS.exe
2009-01-08 23:21:41 —-D—- C:WINDOWSERDNT
2009-01-08 23:21:41 —-D—- C:Qoobox
2009-01-08 22:24:58 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools Pro
2009-01-08 22:23:51 —-D—- C:Documents and SettingsAll UsersApplication DataDAEMON Tools Lite
2009-01-08 22:22:33 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools Lite
2009-01-07 15:27:41 —-D—- C:Documents and SettingsАдминистраторApplication DataMedia Player Classic
2009-01-07 13:04:29 —-D—- C:My Downloads
2009-01-07 02:05:12 —-D—- C:Documents and SettingsАдминистраторApplication DataCPUControl
2009-01-07 02:05:06 —-D—- C:Program FilesCPU-Control
2009-01-07 00:07:06 —-D—- C:WINDOWSLogs
2009-01-07 00:05:14 —-D—- C:WINDOWSsystem32xlive
2009-01-07 00:05:12 —-D—- C:Program FilesMicrosoft Games for Windows — LIVE
2009-01-06 22:12:42 —-D—- C:Program FilesRockstar Games
2009-01-05 15:25:11 —-D—- C:Games
2009-01-04 23:39:39 —-D—- C:Documents and SettingsАдминистраторApplication DataLeadertech
2009-01-04 19:35:22 —-D—- C:WINDOWSsystem32LogFiles
2009-01-04 19:24:26 —-D—- C:Program FilesEA Games
2009-01-03 17:02:51 —-D—- C:Program FilesCommon FilesSkype
2008-12-28 19:31:48 —-D—- C:Documents and SettingsАдминистраторApplication DataScanSoft
2008-12-27 12:36:04 —-D—- C:WINDOWSsystem32appmgmt
2008-12-27 01:20:09 —-HD—- C:WINDOWSPIF
2008-12-27 01:19:39 —-D—- C:Documents and SettingsАдминистраторApplication DataWindows Search
2008-12-27 01:15:23 —-D—- C:Program FilesWindows Desktop Search
2008-12-27 01:15:01 —-HDC—- C:WINDOWS$NtUninstallKB915800-v4$
2008-12-27 01:11:43 —-D—- C:WINDOWSASTULogTemp
2008-12-27 00:42:30 —-A—- C:WINDOWSsystem32btw_ci.dll
2008-12-26 23:54:12 —-A—- C:ASLog.txt
2008-12-24 16:04:30 —-D—- C:Program FilesWhale Communications
2008-12-24 01:13:07 —-D—- C:WINDOWSMinidump
2008-12-24 00:50:38 —-D—- C:Documents and SettingsАдминистраторApplication DataAuslogics
2008-12-24 00:48:52 —-D—- C:Program FilesAuslogics
2008-12-21 18:10:41 —-A—- C:WINDOWSsystem32rmoc3260.dll
2008-12-21 18:10:41 —-A—- C:WINDOWSsystem32pndx5032.dll
2008-12-21 18:10:41 —-A—- C:WINDOWSsystem32pndx5016.dll
2008-12-21 18:10:41 —-A—- C:WINDOWSsystem32pncrt.dll
2008-12-21 18:10:40 —-A—- C:WINDOWSsystem32unrar.dll
2008-12-21 18:10:39 —-A—- C:WINDOWSavisplitter.ini
2008-12-21 18:10:37 —-A—- C:WINDOWSsystem32yv12vfw.dll
2008-12-21 18:10:37 —-A—- C:WINDOWSsystem32x264vfw.dll
2008-12-21 18:10:37 —-A—- C:WINDOWSsystem32vp7vfw.dll
2008-12-21 18:10:37 —-A—- C:WINDOWSsystem32vp6vfw.dll
2008-12-21 18:10:37 —-A—- C:WINDOWSsystem32huffyuv.dll
2008-12-21 18:10:36 —-A—- C:WINDOWSsystem32xvidvfw.dll
2008-12-21 18:10:36 —-A—- C:WINDOWSsystem32xvidcore.dll
2008-12-21 18:10:36 —-A—- C:WINDOWSsystem32qt-dx331.dll
2008-12-21 18:10:36 —-A—- C:WINDOWSsystem32dpl100.dll
2008-12-21 18:10:35 —-A—- C:WINDOWSsystem32divx.dll
2008-12-21 18:10:34 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2008-12-21 18:10:34 —-A—- C:WINDOWSsystem32ff_vfw.dll
2008-12-21 18:10:32 —-D—- C:Program FilesK-Lite Codec Pack
2008-12-21 18:10:32 —-D—- C:Documents and SettingsАдминистраторApplication DataReal
2008-12-21 18:10:32 —-D—- C:Documents and SettingsAll UsersApplication DataReal
2008-12-21 18:04:48 —-D—- C:Documents and SettingsAll UsersApplication DataFLEXnet
2008-12-21 14:46:50 —-HD—- C:WINDOWSsystem32GroupPolicy
2008-12-21 14:23:27 —-D—- C:Documents and SettingsАдминистраторApplication DataViStart
2008-12-21 14:18:00 —-D—- C:Program FilesVista Drive Icon
2008-12-21 14:16:47 —-D—- C:Program FilesSDF Lab
2008-12-21 14:16:38 —-D—- C:WINDOWSDownloaded Installations
2008-12-21 14:15:01 —-D—- C:Program FilesViStart
2008-12-21 14:10:26 —-HD—- C:WINDOWSSDF Vista Shell Pack
2008-12-21 14:05:32 —-RA—- C:WINDOWSsystem32GdiPlus.dll
2008-12-21 14:05:32 —-RA—- C:WINDOWSsystem32C6501rm.exe
2008-12-21 14:05:32 —-RA—- C:WINDOWSsystem32C6501rm.dll
2008-12-21 14:05:32 —-RA—- C:WINDOWSsystem32c6501prop.dll
2008-12-21 14:05:32 —-A—- C:WINDOWSC6501.ini.cfl
2008-12-21 14:04:57 —-RA—- C:WINDOWSC6501.ini.cfg
2008-12-21 14:04:57 —-R—- C:WINDOWSCmi6501Uninstall.exe
2008-12-21 14:04:51 —-R—- C:WINDOWSc6501.ini
2008-12-21 14:04:49 —-D—- C:Program FilesC-Media 6501 Sound
2008-12-21 14:04:10 —-A—- C:WINDOWSAscd_tmp.ini
2008-12-21 12:52:41 —-D—- C:Program FilesASUS
2008-12-21 12:41:13 —-D—- C:Program FilesSkype
2008-12-21 12:41:05 —-D—- C:Documents and SettingsAll UsersApplication DataSkype
2008-12-21 12:25:44 —-D—- C:Documents and SettingsАдминистраторApplication DataMacromedia
2008-12-21 12:22:22 —-D—- C:Program FilesPaint.NET
2008-12-21 12:17:59 —-D—- C:Program FilesMSBuild
2008-12-21 12:17:56 —-D—- C:WINDOWSsystem32XPSViewer
2008-12-21 12:17:53 —-D—- C:WINDOWSsystem32en-us
2008-12-21 12:17:53 —-D—- C:Program FilesReference Assemblies
2008-12-21 12:17:31 —-N—- C:WINDOWSsystem32spmsg2.dll
2008-12-21 12:17:30 —-A—- C:WINDOWSsystem32spupdsvc.exe
2008-12-21 12:17:12 —-D—- C:Program FilesQIP Infium
2008-12-21 12:15:11 —-A—- C:WINDOWSNeroDigital.ini
2008-12-21 11:58:24 —-D—- C:Program FilesuTorrent
2008-12-21 11:38:16 —-A—- C:WINDOWSsystem32wshirda.dll
2008-12-21 11:38:16 —-A—- C:WINDOWSsystem32irmon.dll
2008-12-21 11:38:16 —-A—- C:WINDOWSsystem32irftp.exe
2008-12-21 11:34:31 —-D—- C:Documents and SettingsАдминистраторApplication DataYandex
2008-12-21 11:34:23 —-D—- C:Program FilesMozilla Firefox
2008-12-21 11:13:12 —-A—- C:WINDOWSsystem32brss01a.ini
2008-12-21 11:13:11 —-A—- C:WINDOWSBRWMARK.INI
2008-12-21 11:13:11 —-A—- C:WINDOWSBRPP2KA.INI
2008-12-21 11:12:11 —-A—- C:WINDOWSsystem32bsplmf01.exe
2008-12-21 11:12:11 —-A—- C:WINDOWSsystem32bsplmf01.dll
2008-12-21 11:12:11 —-A—- C:WINDOWSsystem32BrWia05a.dll
2008-12-21 11:12:11 —-A—- C:WINDOWSsystem32BrUSi05a.dll
2008-12-21 11:12:10 —-A—- C:WINDOWSsystem32brsvc01a.exe
2008-12-21 11:12:10 —-A—- C:WINDOWSsystem32brss01a.exe
2008-12-21 11:12:08 —-N—- C:WINDOWSsystem32brinsstr.dll
2008-12-21 11:12:03 —-N—- C:WINDOWSsystem32PDRVINST.DLL
2008-12-21 11:12:03 —-N—- C:WINDOWSsystem32BRWEBUP.EXE
2008-12-21 11:12:03 —-N—- C:WINDOWSsystem32BrWebIns.dll
2008-12-21 11:12:01 —-N—- C:WINDOWSsystem32BrWiaNCp.dll
2008-12-21 11:12:01 —-N—- C:WINDOWSsystem32Brnsplg.dll
2008-12-21 11:12:01 —-N—- C:WINDOWSsystem32BrNetSti.dll
2008-12-21 11:12:01 —-D—- C:Program FilesBrother
2008-12-21 11:11:54 —-D—- C:Brother
2008-12-21 11:11:53 —-N—- C:WINDOWSsystem32NSSearch.dll
2008-12-21 11:11:52 —-N—- C:WINDOWSsystem32BrMuSNMP.dll
2008-12-21 11:11:52 —-N—- C:WINDOWSbrunin03.dll
2008-12-21 11:09:42 —-A—- C:WINDOWSmaxlink.ini
2008-12-21 11:09:35 —-D—- C:Documents and SettingsAll UsersApplication DataInstallShield
2008-12-21 11:09:17 —-D—- C:Program FilesCommon FilesScanSoft Shared
2008-12-21 11:09:16 —-D—- C:Program FilesScanSoft
2008-12-21 11:09:16 —-D—- C:Documents and SettingsAll UsersApplication DataScanSoft
2008-12-21 11:07:24 —-D—- C:Documents and SettingsAll UsersApplication DataBrother
2008-12-21 02:35:53 —-A—- C:WINDOWSsystem32h323log.txt
2008-12-21 02:35:35 —-A—- C:WINDOWSsystem32hidserv.dll
2008-12-21 02:34:55 —-A—- C:WINDOWSsystem32usbui.dll
2008-12-21 02:34:09 —-A—- C:WINDOWSimsins.BAK
2008-12-21 02:34:07 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2008-12-21 02:34:06 —-SHD—- C:WINDOWSInstaller
2008-12-21 02:34:06 —-D—- C:Program FilesCommon FilesODBC
2008-12-21 02:34:06 —-A—- C:WINDOWSODBCINST.INI
2008-12-21 02:34:03 —-D—- C:Program FilesCommon FilesSpeechEngines
2008-12-21 02:34:03 —-AD—- C:Program FilesCommon FilesMicrosoft Shared
2008-12-21 02:34:03 —-AD—- C:Program FilesCommon Files
2008-12-21 02:34:03 —-AD—- C:Program Files
2008-12-21 02:34:01 —-RA—- C:WINDOWSsystem32kbdtuq.dll
2008-12-21 02:34:01 —-RA—- C:WINDOWSsystem32kbdtuf.dll
2008-12-21 02:34:01 —-RA—- C:WINDOWSsystem32kbdazel.dll
2008-12-21 02:33:59 —-RA—- C:WINDOWSsystem32kbdhept.dll
2008-12-21 02:33:59 —-RA—- C:WINDOWSsystem32kbdhela3.dll
2008-12-21 02:33:59 —-RA—- C:WINDOWSsystem32kbdhela2.dll
2008-12-21 02:33:59 —-RA—- C:WINDOWSsystem32kbdhe319.dll
2008-12-21 02:33:59 —-RA—- C:WINDOWSsystem32kbdhe220.dll
2008-12-21 02:33:59 —-RA—- C:WINDOWSsystem32kbdhe.dll
2008-12-21 02:33:59 —-RA—- C:WINDOWSsystem32kbdgkl.dll
2008-12-21 02:33:58 —-RA—- C:WINDOWSsystem32kbdlv1.dll
2008-12-21 02:33:58 —-RA—- C:WINDOWSsystem32kbdlv.dll
2008-12-21 02:33:58 —-RA—- C:WINDOWSsystem32kbdlt1.dll
2008-12-21 02:33:58 —-RA—- C:WINDOWSsystem32kbdlt.dll
2008-12-21 02:33:58 —-RA—- C:WINDOWSsystem32kbdest.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdycl.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdsl1.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdsl.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdro.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdpl1.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdpl.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdhu1.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdhu.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdcz2.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdcz1.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdcz.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32kbdcr.dll
2008-12-21 02:33:56 —-RA—- C:WINDOWSsystem32KBDAL.DLL
2008-12-21 02:33:53 —-A—- C:WINDOWSsystem32kbdycc.dll
2008-12-21 02:33:53 —-A—- C:WINDOWSsystem32kbduzb.dll
2008-12-21 02:33:53 —-A—- C:WINDOWSsystem32kbdur.dll
2008-12-21 02:33:53 —-A—- C:WINDOWSsystem32kbdtat.dll
2008-12-21 02:33:53 —-A—- C:WINDOWSsystem32kbdmon.dll
2008-12-21 02:33:53 —-A—- C:WINDOWSsystem32kbdkyr.dll
2008-12-21 02:33:53 —-A—- C:WINDOWSsystem32kbdkaz.dll
2008-12-21 02:33:53 —-A—- C:WINDOWSsystem32kbdbu.dll
2008-12-21 02:33:53 —-A—- C:WINDOWSsystem32kbdblr.dll
2008-12-21 02:33:53 —-A—- C:WINDOWSsystem32kbdaze.dll
2008-12-21 02:33:52 —-A—- C:WINDOWSsystem32irclass.dll
2008-12-21 02:33:51 —-A—- C:WINDOWSsystem32spxcoins.dll
2008-12-21 02:33:51 —-A—- C:WINDOWSsystem32EqnClass.Dll
2008-12-21 02:33:51 —-A—- C:WINDOWSsystem32dgsetup.dll
2008-12-21 02:33:51 —-A—- C:WINDOWSsystem32dgrpsetu.dll
2008-12-21 02:33:49 —-N—- C:WINDOWSsystem32CONFIG.TMP
2008-12-21 02:33:49 —-A—- C:WINDOWSTASKMAN.EXE
2008-12-21 02:33:48 —-A—- C:WINDOWSsystem32batt.dll
2008-12-21 02:33:48 —-A—- C:WINDOWSNOTEPAD.EXE
2008-12-21 02:33:47 —-A—- C:WINDOWSsystem32storprop.dll
2008-12-21 02:33:44 —-ASH—- C:Documents and SettingsAll UsersApplication Datadesktop.ini
2008-12-21 02:33:39 —-RA—- C:WINDOWSSET8.tmp
2008-12-21 02:33:37 —-RA—- C:WINDOWSSET4.tmp
2008-12-21 02:33:36 —-RA—- C:WINDOWSSET3.tmp
2008-12-21 02:33:31 —-D—- C:WINDOWSsystem32CatRoot2
2008-12-21 02:33:31 —-D—- C:WINDOWSsystem32CatRoot
2008-12-21 02:33:26 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2008-12-21 02:32:59 —-A—- C:WINDOWSsetuplog.txt
2008-12-21 02:32:56 —-A—- C:WINDOWSsystem32idecoi.dll
2008-12-21 02:32:47 —-SHD—- C:System Volume Information
2008-12-21 02:32:47 —-D—- C:Documents and Settings
2008-12-21 02:30:35 —-RSH—- C:boot.ini
2008-12-21 02:25:50 —-RSHDC—- C:WINDOWSsystem32dllcache
2008-12-21 02:25:50 —-RSD—- C:WINDOWSFonts
2008-12-21 02:25:50 —-RD—- C:WINDOWSWeb
2008-12-21 02:25:50 —-HD—- C:WINDOWSinf
2008-12-21 02:25:50 —-D—- C:WINDOWSWinSxS
2008-12-21 02:25:50 —-D—- C:WINDOWStwain_32
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32wins
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32wbem
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32usmt
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32spool
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32ShellExt
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32Setup
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32ru-ru
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32ru
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32ras
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32oobe
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32npp
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32mui
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32inetsrv
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32IME
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32icsxml
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32ias
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32export
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32drivers
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32dhcp
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32config
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem323com_dmi
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem323076
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem322052
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem321054
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem321049
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem321042
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem321041
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem321037
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem321033
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem321031
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem321028
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem321025
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem32
2008-12-21 02:25:50 —-D—- C:WINDOWSsystem
2008-12-21 02:25:50 —-D—- C:WINDOWSsecurity
2008-12-21 02:25:50 —-D—- C:WINDOWSResources
2008-12-21 02:25:50 —-D—- C:WINDOWSrepair
2008-12-21 02:25:50 —-D—- C:WINDOWSProvisioning
2008-12-21 02:25:50 —-D—- C:WINDOWSPeerNet
2008-12-21 02:25:50 —-D—- C:WINDOWSpchealth
2008-12-21 02:25:50 —-D—- C:WINDOWSNetwork Diagnostic
2008-12-21 02:25:50 —-D—- C:WINDOWSmui
2008-12-21 02:25:50 —-D—- C:WINDOWSmsapps
2008-12-21 02:25:50 —-D—- C:WINDOWSmsagent
2008-12-21 02:25:50 —-D—- C:WINDOWSMedia
2008-12-21 02:25:50 —-D—- C:WINDOWSL2Schemas
2008-12-21 02:25:50 —-D—- C:WINDOWSjava
2008-12-21 02:25:50 —-D—- C:WINDOWSime
2008-12-21 02:25:50 —-D—- C:WINDOWSHelp
2008-12-21 02:25:50 —-D—- C:WINDOWSehome
2008-12-21 02:25:50 —-D—- C:WINDOWSDriver Cache
2008-12-21 02:25:50 —-D—- C:WINDOWSDebug
2008-12-21 02:25:50 —-D—- C:WINDOWSCursors
2008-12-21 02:25:50 —-D—- C:WINDOWSConnection Wizard
2008-12-21 02:25:50 —-D—- C:WINDOWSConfig
2008-12-21 02:25:50 —-D—- C:WINDOWSAppPatch
2008-12-21 02:25:50 —-D—- C:WINDOWSaddins
2008-12-21 02:25:50 —-D—- C:WINDOWS
2008-12-21 00:30:55 —-D—- C:Documents and SettingsАдминистраторApplication DataQIP
2008-12-21 00:30:52 —-D—- C:Documents and SettingsАдминистраторApplication DataMozilla
2008-12-21 00:30:49 —-D—- C:Documents and SettingsАдминистраторApplication DatauTorrent
2008-12-21 00:30:49 —-D—- C:Documents and SettingsАдминистраторApplication DataskypePM
2008-12-21 00:30:47 —-D—- C:Documents and SettingsАдминистраторApplication DataSkype
2008-12-21 00:30:09 —-D—- C:Documents and SettingsАдминистраторApplication DataFirefox
2008-12-21 00:27:36 —-D—- C:WINDOWSsystem32Filt
2008-12-21 00:27:36 —-D—- C:Program FilesAgnitum
2008-12-21 00:27:28 —-D—- C:Documents and SettingsAll UsersApplication DataAgnitum
2008-12-21 00:27:05 —-D—- C:Documents and SettingsАдминистраторApplication DataWinRAR
2008-12-21 00:06:22 —-RA—- C:WINDOWSsystem32nvusmb.exe
2008-12-20 23:48:05 —-D—- C:Documents and SettingsAll UsersApplication DatanView_Profiles
2008-12-20 23:44:13 —-D—- C:WINDOWSsystem32AGEIA
2008-12-20 23:44:13 —-D—- C:Program FilesAGEIA Technologies
2008-12-20 23:44:08 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2008-12-20 23:43:57 —-D—- C:WINDOWSnview
2008-12-20 23:43:57 —-A—- C:WINDOWSsystem32nvudisp.exe
2008-12-20 23:32:38 —-D—- C:Program FilesAPC
2008-12-20 23:32:38 —-A—- C:WINDOWSsystem32qtintf.dll
2008-12-20 23:29:25 —-D—- C:WINDOWSsystem32ReinstallBackups
2008-12-20 23:29:25 —-D—- C:Program FilesDIFX
2008-12-20 23:29:24 —-DC—- C:WINDOWSsystem32DRVSTORE
2008-12-20 23:29:02 —-RA—- C:WINDOWSsystem32fdco_l2052.dll
2008-12-20 23:29:02 —-RA—- C:WINDOWSsystem32fdco_l1046.dll
2008-12-20 23:29:02 —-RA—- C:WINDOWSsystem32fdco_l1042.dll
2008-12-20 23:29:02 —-RA—- C:WINDOWSsystem32fdco_l1041.dll
2008-12-20 23:29:01 —-RA—- C:WINDOWSsystem32fdco1ins.dll
2008-12-20 23:29:01 —-RA—- C:WINDOWSsystem32fdco1.dll
2008-12-20 23:29:01 —-RA—- C:WINDOWSsystem32fdco_l1040.dll
2008-12-20 23:29:01 —-RA—- C:WINDOWSsystem32fdco_l1036.dll
2008-12-20 23:29:01 —-RA—- C:WINDOWSsystem32fdco_l1034.dll
2008-12-20 23:29:01 —-RA—- C:WINDOWSsystem32fdco_l1031.dll
2008-12-20 23:29:01 —-RA—- C:WINDOWSsystem32fdco_l1028.dll
2008-12-20 23:29:00 —-RA—- C:WINDOWSsystem32nvconrm.dll
2008-12-20 23:29:00 —-RA—- C:WINDOWSsystem32bdco1ins.dll
2008-12-20 23:29:00 —-RA—- C:WINDOWSsystem32bdco1.dll
2008-12-20 23:29:00 —-D—- C:WINDOWSNV19042028.TMP
2008-12-20 23:29:00 —-A—- C:WINDOWSsystem32nvunrm.exe
2008-12-20 23:28:21 —-A—- C:WINDOWSsystem32NVUNINST.EXE
2008-12-20 23:28:18 —-D—- C:Documents and SettingsАдминистраторApplication DataInstallShield
2008-12-20 23:27:23 —-RA—- C:WINDOWSapptune1018.exe
2008-12-20 23:27:21 —-RA—- C:WINDOWSsystem32ZTAG32.DLL
2008-12-20 23:27:21 —-RA—- C:WINDOWSsystem32ZSPOOL.DLL
2008-12-20 23:27:21 —-RA—- C:WINDOWSsystem32zlhp1018.dll
2008-12-20 23:27:21 —-RA—- C:WINDOWSsystem32IMF32.DLL
2008-12-20 23:27:20 —-RA—- C:WINDOWSsystem32zshp1018.exe
2008-12-20 23:27:20 —-RA—- C:WINDOWSsystem32zlm.dll
2008-12-20 23:27:20 —-RA—- C:WINDOWSsystem32vshp1018.dll
2008-12-20 23:27:20 —-D—- C:Program FilesHewlett-Packard
2008-12-20 23:27:19 —-HD—- C:Program FilesZenographics
2008-12-20 23:26:25 —-D—- C:Program FilesMedia Key
2008-12-20 23:26:03 —-D—- C:Program FilesA4Tech
2008-12-20 23:23:54 —-A—- C:WINDOWSsystem32vfwwdm32.dll
2008-12-20 23:23:53 —-A—- C:WINDOWSsystem32ksuser.dll
2008-12-20 23:23:46 —-RA—- C:WINDOWSVMSnap3.EXE
2008-12-20 23:23:46 —-RA—- C:WINDOWSVM303Cap.exe
2008-12-20 23:23:46 —-RA—- C:WINDOWSsystem32VM303STI.dll
2008-12-20 23:23:46 —-RA—- C:WINDOWSsystem32setupfilter.exe
2008-12-20 23:23:46 —-RA—- C:WINDOWSDomino.EXE
2008-12-20 23:23:46 —-R—- C:WINDOWSZoom.exe
2008-12-20 23:23:46 —-R—- C:WINDOWSVMPipe.dll
2008-12-20 23:23:45 —-RA—- C:WINDOWSamcap.exe
2008-12-20 23:23:45 —-A—- C:WINDOWSVMInstNT.exe
2008-12-20 23:23:45 —-A—- C:WINDOWSVM303UninstNT.exe
2008-12-20 23:23:43 —-D—- C:WINDOWSEffectResources
2008-12-20 23:23:34 —-HD—- C:Program FilesInstallShield Installation Information
2008-12-20 23:23:22 —-D—- C:Program FilesCommon FilesInstallShield
2008-12-20 22:20:32 —-D—- C:Documents and SettingsАдминистраторApplication DataFastStone
2008-12-20 22:10:41 —-A—- C:WINDOWSsystem32engine.dll
2008-12-20 22:10:08 —-D—- C:Program FilesMicrosoft ActiveSync
2008-12-20 22:08:17 —-D—- C:Program FilesMicrosoft Works
2008-12-20 22:07:50 —-D—- C:Program FilesMicrosoft Visual Studio
2008-12-20 22:07:50 —-D—- C:Program FilesCommon FilesDESIGNER
2008-12-20 22:04:40 —-D—- C:WINDOWSSHELLNEW
2008-12-20 22:04:14 —-D—- C:Program FilesMicrosoft Office
2008-12-20 22:04:13 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2008-12-20 22:02:27 —-D—- C:Program FilesFoxit Software
2008-12-20 22:02:25 —-D—- C:Program FilesPunto Switcher
2008-12-20 22:02:21 —-D—- C:Program FilesKristanix
2008-12-20 21:54:54 —-D—- C:Documents and SettingsАдминистраторApplication DataAdobe
2008-12-20 21:52:17 —-D—- C:Program FilesCommon FilesMacrovision Shared
2008-12-20 21:51:06 —-D—- C:Program FilesFastStone Image Viewer
2008-12-20 21:51:04 —-D—- C:Program FilesLavalys
2008-12-20 21:51:02 —-D—- C:Program FilesUnlocker
2008-12-20 21:51:02 —-D—- C:Documents and SettingsАдминистраторApplication DataDesktopicon
2008-12-20 21:51:01 —-D—- C:Program FilesDAEMON Tools Lite
2008-12-20 21:51:01 —-D—- C:Documents and SettingsАдминистраторApplication DataDAEMON Tools
2008-12-20 21:50:39 —-N—- C:WINDOWSsystem32TwnLib4.dll
2008-12-20 21:50:39 —-N—- C:WINDOWSsystem32ImagXRA7.dll
2008-12-20 21:50:39 —-N—- C:WINDOWSsystem32ImagXR7.dll
2008-12-20 21:50:39 —-N—- C:WINDOWSsystem32ImagXpr7.dll
2008-12-20 21:50:39 —-N—- C:WINDOWSsystem32ImagX7.dll
2008-12-20 21:50:39 —-D—- C:Program FilesCommon FilesAhead
2008-12-20 21:50:39 —-D—- C:Program FilesAhead
2008-12-20 21:50:39 —-A—- C:WINDOWSsystem32TwnLib20.dll
2008-12-20 21:50:39 —-A—- C:WINDOWSsystem32NeroCheck.exe
2008-12-20 21:49:48 —-SHD—- C:RECYCLER
2008-12-20 21:49:24 —-D—- C:Program FilesLight Alloy
2008-12-20 21:49:22 —-D—- C:WINDOWSwinamp
2008-12-20 21:49:15 —-N—- C:WINDOWSsystem32vxblock.dll
2008-12-20 21:49:15 —-N—- C:WINDOWSsystem32pxwave.dll
2008-12-20 21:49:15 —-N—- C:WINDOWSsystem32pxsfs.dll
2008-12-20 21:49:15 —-N—- C:WINDOWSsystem32pxmas.dll
2008-12-20 21:49:15 —-N—- C:WINDOWSsystem32pxinsa64.exe
2008-12-20 21:49:15 —-N—- C:WINDOWSsystem32pxhpinst.exe
2008-12-20 21:49:15 —-N—- C:WINDOWSsystem32pxdrv.dll
2008-12-20 21:49:15 —-N—- C:WINDOWSsystem32pxcpya64.exe
2008-12-20 21:49:15 —-N—- C:WINDOWSsystem32pxafs.dll
2008-12-20 21:49:15 —-N—- C:WINDOWSsystem32px.dll
2008-12-20 21:49:12 —-D—- C:Program FilesWinamp
2008-12-20 21:49:03 —-A—- C:WINDOWSWPI_Log.txt
2008-12-20 21:44:18 —-D—- C:Documents and SettingsАдминистраторApplication DataIdentities
2008-12-20 21:44:17 —-HD—- C:Program FilesUninstall Information
2008-12-20 21:44:04 —-SD—- C:Documents and SettingsАдминистраторApplication DataMicrosoft
2008-12-20 21:44:04 —-ASH—- C:Documents and SettingsАдминистраторApplication Datadesktop.ini
2008-12-20 21:44:04 —-AD—- C:Documents and SettingsАдминистраторApplication DataMiniDm
2008-12-20 21:44:04 —-AD—- C:Documents and SettingsАдминистраторApplication DataIEPro
2008-12-20 21:43:57 —-SD—- C:WINDOWSsystem32Microsoft
2008-12-20 21:43:57 —-D—- C:WINDOWSPrefetch
2008-12-20 21:43:56 —-A—- C:WINDOWSSchedLgU.Txt
2008-12-20 21:41:37 —-D—- C:WINDOWSsystem32xircom
2008-12-20 21:41:37 —-D—- C:Program Filesxerox
2008-12-20 21:41:37 —-D—- C:Program Filesmsn gaming zone
2008-12-20 21:41:37 —-D—- C:Program Filesmicrosoft frontpage
2008-12-20 21:40:53 —-D—- C:Program FilesStartup Extractor
2008-12-20 21:40:52 —-A—- C:WINDOWSsystem32hidcon.exe
2008-12-20 21:40:50 —-D—- C:Program FilesIEPro
2008-12-20 21:40:49 —-D—- C:Program FilesDirectX Update
2008-12-20 21:40:46 —-RSD—- C:WINDOWSassembly
2008-12-20 21:40:45 —-D—- C:WINDOWSMicrosoft.NET
2008-12-20 21:40:36 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2008-12-20 21:40:35 —-D—- C:Program FilesCommon FilesAdobe
2008-12-20 21:40:35 —-D—- C:Program FilesAdobe
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32zlib1.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32wrap_oal.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32wnaspi32.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32Vbrun300.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32vbrun200.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32vbrun100.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32Vb40032.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32Vb40016.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32ssleay32.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32OpenAL32.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32msvcrt10.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32msvcr71.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32msvcr70.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32msvcp71.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MSVCP70.DLL
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32msvci70.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MSSTKPRP.DLL
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32msstdfmt.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MFC71u.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MFC71KOR.DLL
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MFC71JPN.DLL
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MFC71ITA.DLL
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MFC71FRA.DLL
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MFC71ESP.DLL
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MFC71ENU.DLL
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MFC71DEU.DLL
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MFC71CHT.DLL
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MFC71CHS.DLL
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32MFC71.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32mfc70u.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32mfc70kor.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32mfc70jpn.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32mfc70ita.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32mfc70fra.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32mfc70esp.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32mfc70enu.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32mfc70deu.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32mfc70cht.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32mfc70chs.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32mfc70.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32libssl32.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32libeay32.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32atl71.dll
2008-12-20 21:40:14 —-A—- C:WINDOWSsystem32atl70.dll
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32VFPOLE50.DLL
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32vfp9t.dll
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32vfp9rrus.dll
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32VFP9RENU.DLL
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32vfp9r.dll
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32VFP9ENU.DLL
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32vfp8t.dll
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32vfp8rrus.dll
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32VFP8RENU.DLL
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32vfp8r.dll
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32vfp8enu.dll
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32vfp7t.dll
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32VFP7RENU.DLL
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32vfp7r.dll
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32VFP6T.DLL
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32VFP6RENU.DLL
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32VFP6R.DLL
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32VFP5ENU.DLL
2008-12-20 21:40:09 —-A—- C:WINDOWSsystem32VFP500.DLL
2008-12-20 21:39:50 —-A—- C:WINDOWScontrol.ini
2008-12-20 21:39:50 —-A—- C:AUTOEXEC.BAT
2008-12-20 21:39:45 —-A—- C:WINDOWSOEWABLog.txt
2008-12-20 21:39:42 —-A—- C:WINDOWSsystem32mapi32.dll
2008-12-20 21:39:01 —-RAH—- C:WINDOWSsystem32logonui.exe.manifest
2008-12-20 21:38:57 —-RAH—- C:WINDOWSsystem32cdplayer.exe.manifest
2008-12-20 21:38:53 —-HD—- C:Program FilesWindowsUpdate
2008-12-20 21:38:51 —-D—- C:Program FilesOnline Services
2008-12-20 21:38:40 —-D—- C:WINDOWSsystem32DirectX
2008-12-20 21:38:34 —-A—- C:WINDOWSsystem32atrace.dll
2008-12-20 21:38:32 —-A—- C:WINDOWSsystem32desktop.ini
2008-12-20 21:38:32 —-A—- C:WINDOWSdesktop.ini
2008-12-20 21:38:25 —-A—- C:WINDOWSsystem32nmevtmsg.dll
2008-12-20 21:38:24 —-A—- C:WINDOWSsystem32acctres.dll
2008-12-20 21:38:23 —-D—- C:Program FilesCommon FilesServices
2008-12-20 21:38:21 —-SD—- C:WINDOWSTasks
2008-12-20 21:38:21 —-A—- C:WINDOWSsystem32icfgnt5.dll
2008-12-20 21:38:19 —-D—- C:Program FilesCommon FilesMSSoap
2008-12-20 21:38:16 —-D—- C:WINDOWSsystem32Macromed
2008-12-20 21:38:16 —-D—- C:WINDOWSsrchasst
2008-12-20 21:38:13 —-A—- C:WINDOWSsystem32wuweb.dll
2008-12-20 21:38:13 —-A—- C:WINDOWSsystem32wups.dll
2008-12-20 21:38:13 —-A—- C:WINDOWSsystem32wucltui.dll
2008-12-20 21:38:13 —-A—- C:WINDOWSsystem32wuauserv.dll
2008-12-20 21:38:13 —-A—- C:WINDOWSsystem32wuaueng1.dll
2008-12-20 21:38:13 —-A—- C:WINDOWSsystem32wuaueng.dll
2008-12-20 21:38:13 —-A—- C:WINDOWSsystem32wuauclt1.exe
2008-12-20 21:38:13 —-A—- C:WINDOWSsystem32wuauclt.exe
2008-12-20 21:38:13 —-A—- C:WINDOWSsystem32wuapi.dll
2008-12-20 21:38:12 —-A—- C:WINDOWSsystem32qmgrprxy.dll
2008-12-20 21:38:12 —-A—- C:WINDOWSsystem32qmgr.dll
2008-12-20 21:38:12 —-A—- C:WINDOWSsystem32bitsprx4.dll
2008-12-20 21:38:12 —-A—- C:WINDOWSsystem32bitsprx3.dll
2008-12-20 21:38:12 —-A—- C:WINDOWSsystem32bitsprx2.dll
2008-12-20 21:38:09 —-D—- C:Program FilesMovie Maker
2008-12-20 21:37:54 —-A—- C:WINDOWSsystem32safrslv.dll
2008-12-20 21:37:54 —-A—- C:WINDOWSsystem32safrdm.dll
2008-12-20 21:37:53 —-A—- C:WINDOWSsystem32safrcdlg.dll
2008-12-20 21:37:53 —-A—- C:WINDOWSsystem32racpldlg.dll
2008-12-20 21:37:51 —-A—- C:WINDOWSsystem32fltMc.exe
2008-12-20 21:37:51 —-A—- C:WINDOWSsystem32fltlib.dll
2008-12-20 21:37:50 —-D—- C:WINDOWSsystem32Restore
2008-12-20 21:37:50 —-A—- C:WINDOWSsystem32srsvc.dll
2008-12-20 21:37:50 —-A—- C:WINDOWSsystem32srrstr.dll
2008-12-20 21:37:50 —-A—- C:WINDOWSsystem32srclient.dll
2008-12-20 21:37:49 —-A—- C:WINDOWSsystem32nmmkcert.dll
2008-12-20 21:37:49 —-A—- C:WINDOWSsystem32msconf.dll
2008-12-20 21:37:49 —-A—- C:WINDOWSsystem32mnmsrvc.exe
2008-12-20 21:37:49 —-A—- C:WINDOWSsystem32mnmdd.dll
2008-12-20 21:37:49 —-A—- C:WINDOWSsystem32isrdbg32.dll
2008-12-20 21:37:49 —-A—- C:WINDOWSsystem32ils.dll
2008-12-20 21:37:46 —-D—- C:Program FilesNetMeeting
2008-12-20 21:37:46 —-A—- C:WINDOWSsystem32msoert2.dll
2008-12-20 21:37:46 —-A—- C:WINDOWSsystem32msoeacct.dll
2008-12-20 21:37:45 —-A—- C:WINDOWSsystem32inetres.dll
2008-12-20 21:37:45 —-A—- C:WINDOWSsystem32inetcomm.dll
2008-12-20 21:37:44 —-D—- C:Program FilesOutlook Express
2008-12-20 21:37:44 —-A—- C:WINDOWSsystem32schedsvc.dll
2008-12-20 21:37:43 —-A—- C:WINDOWSsystem32mstinit.exe
2008-12-20 21:37:43 —-A—- C:WINDOWSsystem32mstask.dll
2008-12-20 21:37:43 —-A—- C:WINDOWSsystem32isign32.dll
2008-12-20 21:37:43 —-A—- C:WINDOWSsystem32inetcfg.dll
2008-12-20 21:37:43 —-A—- C:WINDOWSsystem32icwphbk.dll
2008-12-20 21:37:43 —-A—- C:WINDOWSsystem32icwdial.dll
2008-12-20 21:37:38 —-D—- C:Program FilesCommon FilesSystem
2008-12-20 21:37:13 —-D—- C:Program FilesComPlus Applications
2008-12-20 21:37:12 —-A—- C:WINDOWSvbaddin.ini
2008-12-20 21:37:12 —-A—- C:WINDOWSvb.ini
2008-12-20 21:37:10 —-D—- C:WINDOWSRegistration
2008-12-20 21:37:01 —-D—- C:Program FilesWinRAR
2008-12-20 21:36:59 —-SD—- C:WINDOWSDownloaded Program Files
2008-12-20 21:36:59 —-RD—- C:WINDOWSOffline Web Pages
2008-12-20 21:36:59 —-D—- C:WINDOWSwbem
2008-12-20 21:36:59 —-D—- C:Program FilesInternet Explorer
2008-12-20 21:36:59 —-A—- C:WINDOWSsystem32winfxdocobj.exe
2008-12-20 21:36:59 —-A—- C:WINDOWSsystem32msfeedssync.exe
2008-12-20 21:36:59 —-A—- C:WINDOWSsystem32msfeedsbs.dll
2008-12-20 21:36:59 —-A—- C:WINDOWSsystem32ieframe.dll.mui
2008-12-20 21:36:59 —-A—- C:WINDOWSsystem32advpack.dll.mui
2008-12-20 21:36:57 —-D—- C:Program FilesAkelPad
2008-12-20 21:36:56 —-D—- C:Program FilesWindows Media Player
2008-12-20 21:36:56 —-D—- C:Program FilesWindows Media Connect 2
2008-12-20 21:36:55 —-D—- C:WINDOWSsystem32PreInstall
2008-12-20 21:36:55 —-D—- C:WINDOWSSoftwareDistribution
2008-12-20 21:36:55 —-A—- C:WINDOWSsystem32muweb.dll
2008-12-20 21:36:55 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2008-12-20 21:36:55 —-A—- C:WINDOWSsystem32mucltui.dll
2008-12-20 21:36:55 —-A—- C:WINDOWSsystem32gpprefcl.dll
2008-12-20 21:36:54 —-A—- C:WINDOWSsystem32write.exe
2008-12-20 21:36:46 —-A—- C:WINDOWSsystem32winchat.exe
2008-12-20 21:36:46 —-A—- C:WINDOWSsystem32sndvol32.exe
2008-12-20 21:36:46 —-A—- C:WINDOWSsystem32hticons.dll
2008-12-20 21:36:46 —-A—- C:WINDOWSsystem32avwav.dll
2008-12-20 21:36:46 —-A—- C:WINDOWSsystem32avtapi.dll
2008-12-20 21:36:46 —-A—- C:WINDOWSsystem32avmeter.dll
2008-12-20 21:36:39 —-A—- C:WINDOWSsystem32getuname.dll
2008-12-20 21:36:39 —-A—- C:WINDOWSsystem32charmap.exe
2008-12-20 21:36:39 —-A—- C:WINDOWSsystem32calc.exe
2008-12-20 21:36:38 —-A—- C:WINDOWSsystem32winmine.exe
2008-12-20 21:36:38 —-A—- C:WINDOWSsystem32usrlogon.cmd
2008-12-20 21:36:38 —-A—- C:WINDOWSsystem32sol.exe
2008-12-20 21:36:38 —-A—- C:WINDOWSsystem32reset.exe
2008-12-20 21:36:38 —-A—- C:WINDOWSsystem32mshearts.exe
2008-12-20 21:36:38 —-A—- C:WINDOWSsystem32freecell.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32tsshutdn.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32tslabels.ini
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32tskill.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32tsdiscon.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32tscon.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32shadow.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32rwinsta.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32regini.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32rdpcfgex.dll
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32qwinsta.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32qappsrv.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32msg.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32logoff.exe
2008-12-20 21:36:37 —-A—- C:WINDOWSsystem32cdmodem.dll
2008-12-20 21:36:36 —-A—- C:WINDOWSsystem32msdtcprf.ini
2008-12-20 21:36:31 —-A—- C:WINDOWSsystem32wmimgmt.msc
2008-12-20 21:36:30 —-A—- C:WINDOWSsystem32sndrec32.exe
2008-12-20 21:36:30 —-A—- C:WINDOWSsystem32mplay32.exe
2008-12-20 21:36:30 —-A—- C:WINDOWSsystem32hypertrm.dll
2008-12-20 21:36:30 —-A—- C:WINDOWSsystem32accwiz.exe
2008-12-20 21:36:29 —-D—- C:Program FilesWindows NT
2008-12-20 21:36:29 —-A—- C:WINDOWSsystem32spider.exe
2008-12-20 21:36:29 —-A—- C:WINDOWSsystem32mspaint.exe
2008-12-20 21:36:29 —-A—- C:WINDOWSsystem32clipbrd.exe
2008-12-20 21:36:28 —-A—- C:WINDOWSsystem32tsgqec.dll
2008-12-20 21:36:28 —-A—- C:WINDOWSsystem32tscfgwmi.dll
2008-12-20 21:36:27 —-A—- C:WINDOWSsystem32rhttpaa.dll
2008-12-20 21:36:27 —-A—- C:WINDOWSsystem32remotepg.dll
2008-12-20 21:36:27 —-A—- C:WINDOWSsystem32mstscax.dll
2008-12-20 21:36:27 —-A—- C:WINDOWSsystem32mstsc.exe
2008-12-20 21:36:27 —-A—- C:WINDOWSsystem32aaclient.dll
2008-12-20 21:36:26 —-A—- C:WINDOWSsystem32termsrv.dll
2008-12-20 21:36:26 —-A—- C:WINDOWSsystem32sessmgr.exe
2008-12-20 21:36:26 —-A—- C:WINDOWSsystem32rdshost.exe
2008-12-20 21:36:26 —-A—- C:WINDOWSsystem32rdsaddin.exe
2008-12-20 21:36:26 —-A—- C:WINDOWSsystem32rdpwsx.dll
2008-12-20 21:36:26 —-A—- C:WINDOWSsystem32rdpsnd.dll
2008-12-20 21:36:26 —-A—- C:WINDOWSsystem32rdpclip.exe
2008-12-20 21:36:26 —-A—- C:WINDOWSsystem32rdchost.dll
2008-12-20 21:36:26 —-A—- C:WINDOWSsystem32qprocess.exe
2008-12-20 21:36:26 —-A—- C:WINDOWSsystem32icaapi.dll
2008-12-20 21:36:26 —-A—- C:WINDOWSsystem32cfgbkend.dll
2008-12-20 21:36:25 —-D—- C:WINDOWSsystem32MsDtc
2008-12-20 21:36:25 —-A—- C:WINDOWSsystem32xolehlp.dll
2008-12-20 21:36:25 —-A—- C:WINDOWSsystem32mtxoci.dll
2008-12-20 21:36:25 —-A—- C:WINDOWSsystem32msdtcuiu.dll
2008-12-20 21:36:25 —-A—- C:WINDOWSsystem32msdtctm.dll
2008-12-20 21:36:25 —-A—- C:WINDOWSsystem32msdtcprx.dll
2008-12-20 21:36:25 —-A—- C:WINDOWSsystem32msdtclog.dll
2008-12-20 21:36:25 —-A—- C:WINDOWSsystem32msdtc.exe
2008-12-20 21:36:24 —-A—- C:WINDOWSsystem32mtxlegih.dll
2008-12-20 21:36:24 —-A—- C:WINDOWSsystem32mtxex.dll
2008-12-20 21:36:24 —-A—- C:WINDOWSsystem32mtxdm.dll
2008-12-20 21:36:24 —-A—- C:WINDOWSsystem32dcomcnfg.exe
2008-12-20 21:36:23 —-D—- C:WINDOWSsystem32Com
2008-12-20 21:36:23 —-A—- C:WINDOWSsystem32stclient.dll
2008-12-20 21:36:23 —-A—- C:WINDOWSsystem32comrepl.dll
2008-12-20 21:36:23 —-A—- C:WINDOWSsystem32comaddin.dll
2008-12-20 21:36:23 —-A—- C:WINDOWSsystem32colbact.dll
2008-12-20 21:36:23 —-A—- C:WINDOWSsystem32clbcatex.dll
2008-12-20 21:36:23 —-A—- C:WINDOWSsystem32catsrvut.dll
2008-12-20 21:36:23 —-A—- C:WINDOWSsystem32catsrvps.dll
2008-12-20 21:36:22 —-A—- C:WINDOWSsystem32comuid.dll
2008-12-20 21:36:22 —-A—- C:WINDOWSsystem32comsvcs.dll
2008-12-20 21:36:22 —-A—- C:WINDOWSsystem32comsnap.dll
2008-12-20 21:36:22 —-A—- C:WINDOWSsystem32clbcatq.dll
2008-12-20 21:36:22 —-A—- C:WINDOWSsystem32catsrv.dll
2008-12-20 21:36:17 —-A—- C:WINDOWSsystem32servdeps.dll
2008-12-20 21:36:17 —-A—- C:WINDOWSsystem32mmfutil.dll
2008-12-20 21:36:17 —-A—- C:WINDOWSsystem32licwmi.dll
2008-12-20 21:36:17 —-A—- C:WINDOWSsystem32cmprops.dll======List of files/folders modified in the last 1 months======
2009-01-08 23:56:17 —-A—- C:WINDOWSsystem.ini
2008-12-26 13:41:16 —-A—- C:WINDOWSwin.ini
2008-12-21 14:17:03 —-A—- C:WINDOWSsystem32uxtheme.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 43520]
R1 Amfilter;A4Tech Mouse Filter Driver; C:WINDOWSsystem32DRIVERSAmfilter.sys [2007-01-24 8704]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-15 14720]
R1 SandBox;SandBox; C:WINDOWSsystem32DRIVERSSandBox.sys [2008-07-11 673920]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2008-10-11 62848]
R3 afw;Agnitum firewall driver; C:WINDOWSsystem32DRIVERSafw.sys [2008-06-30 30864]
R3 afwcore;afwcore; C:WINDOWSsystem32driversafwcore.sys [2008-06-30 234640]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:WINDOWSsystem32DRIVERSAmusbprt.sys [2007-12-25 14336]
R3 Arp1394;Протокол клиента 1394 ARP; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-11-26 60800]
R3 ASWFilt;ASWFilt; C:WINDOWSsystem32FiltASWFilt.dll [2008-07-11 33408]
R3 BthEnum;Драйвер блока запроса Bluetooth; C:WINDOWSsystem32DRIVERSBthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Драйвер для устройства связи по последовательному каналу Bluetooth; C:WINDOWSsystem32DRIVERSbthmodem.sys [2008-04-13 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2008-04-13 101120]
R3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2008-04-13 18944]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface; C:WINDOWSsystem32driversc6501.sys [2007-07-10 1310720]
R3 FStarForce;FStarForce; C:WINDOWSsystem32DRIVERSFStarForce.sys [2009-01-01 8192]
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-15 10368]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2004-08-13 5810]
R3 NIC1394;Сетевой драйвер 1394; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-11-26 61824]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-10-07 6133856]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-04-15 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-04-15 13056]
R3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2008-04-13 59136]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-15 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-15 17152]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-15 20608]
R3 VBEngNT;VBEngNT; C:WINDOWSsystem32DRIVERSVBEngNT.sys [2008-06-04 1072722]
R3 VBFilt;VBFilt; C:WINDOWSsystem32FiltVBFilt.dll [2008-07-11 158816]
R3 vmfilter303;vmfilter303; C:WINDOWSsystem32driversvmfilter303.sys [2006-04-25 428160]
R3 ZSMC303;A4 TECH PC Camera H; C:WINDOWSSystem32DriversusbVM303.sys [2006-12-01 392122]
S3 aon55tby;aon55tby; C:WINDOWSsystem32driversaon55tby.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:WINDOWSSystem32DriversBrScnUsb.sys [2004-10-15 15295]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2008-11-19 272512]
S3 btkrnl;Нумератор шины Bluetooth; C:WINDOWSsystem32driversbtkrnl.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 HidBatt;Драйвер батареи ИБП HID; C:WINDOWSsystem32DRIVERSHidBatt.sys [2008-04-14 20352]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-15 12160]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Адаптер USB RNDIS; C:WINDOWSsystem32DRIVERSusb8023x.sys [2008-04-14 12800]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2007-06-18 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 atapi;atapi; C:WINDOWSsystem32driversatapi.sys [2008-04-15 96512]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 APC UPS Service;APC UPS Service; C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe [2005-12-12 176193]
R2 Brother XP spl Service;BrSplService; C:WINDOWSsystem32brsvc01a.exe [2002-04-11 57344]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PunkBuster; C:Program FilesEA GamesNeed for Speed UndercoverPBPnkBstrA.exe [2008-10-23 63040]
S2 acssrv;Agnitum Client Security Service; C:PROGRA~1AgnitumOUTPOS~1acs.exe [2008-07-15 1570136]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-23 70144]
S3 DMService;Whale Component Manager; C:WINDOWSDOWNLO~1DMService.exe [2008-12-24 423576]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-12-20 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-15 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
EOF
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-01-09 01:00:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 165 GB (80%) free of 206 GB
Total RAM: 2046 MB (76% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:20, on 09.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32brsvc01a.exe
C:WINDOWSsystem32brss01a.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesEA GamesNeed for Speed UndercoverPBPnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32taskmgr.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:WINDOWSVMSnap3.EXE
C:WINDOWSDomino.EXE
C:Program FilesA4TechMouseAmoumain.exe
C:PROGRA~1MEDIAK~1MagicKey.exe
C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
C:PROGRA~1MEDIAK~1OSD.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:Program FilesBrotherControlCenter2brctrcen.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesVista Drive IconDrvIcon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesPunto SwitcherPS.exe
C:Program FilesuTorrentuTorrent.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesQIP Infiuminfium.exe
C:PROGRA~1MI3AA1~1wcescomm.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesSDF LabLclockLClock.exe
C:Program FilesAPCAPC PowerChute Personal Editionapcsystray.exe
E:RSIT.exe
C:WINDOWSsystem32wscntfy.exe
C:Program Filestrend microАдминистратор.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: IE7Pro — {00011268-E188-40DF-A514-835FCD78B1BF} — C:Program FilesIEProIEPro.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKLM..Run: [VMSnap3] C:WINDOWSVMSnap3.EXE
O4 — HKLM..Run: [Domino] C:WINDOWSDomino.EXE
O4 — HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [MagicKey] C:PROGRA~1MEDIAK~1MagicKey.exe
O4 — HKLM..Run: [OrderReminder] C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [OutpostMonitor] C:PROGRA~1AgnitumOUTPOS~1op_mon.exe /tray /noservice
O4 — HKLM..Run: [OutpostFeedBack] «C:Program FilesAgnitumOutpost Security Suite Profeedback.exe» /dump:os_startup
O4 — HKLM..Run: [SSBkgdUpdate] «C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» -Embedding -boot
O4 — HKLM..Run: [PaperPort PTD] C:Program FilesScanSoftPaperPortpptd40nt.exe
O4 — HKLM..Run: [IndexSearch] C:Program FilesScanSoftPaperPortIndexSearch.exe
O4 — HKLM..Run: [SetDefPrt] C:Program FilesBrotherBrmfl05aBrStDvPt.exe
O4 — HKLM..Run: [ControlCenter2.0] C:Program FilesBrotherControlCenter2brctrcen.exe /autorun
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 — HKLM..Run: [DrvIcon] C:Program FilesVista Drive IconDrvIcon.exe
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Punto Switcher] C:Program FilesPunto SwitcherPS.exe
O4 — HKCU..Run: [uTorrent] «C:Program FilesuTorrentuTorrent.exe»
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [Infium] «C:Program FilesQIP Infiuminfium.exe»
O4 — HKCU..Run: [H/PC Connection Agent] «C:PROGRA~1MI3AA1~1wcescomm.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘Default user’)
O4 — Startup: LClock.lnk = C:Program FilesSDF LabLclockLClock.exe
O4 — Global Startup: APC UPS Status.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 — Extra button: IE7Pro Grab and Drag — {000002a3-84fe-43f1-b958-f2c3ca804f1a} — C:Program FilesIEProIEPro.dll
O9 — Extra ‘Tools’ menuitem: IE7Pro Grab and Drag — {000002a3-84fe-43f1-b958-f2c3ca804f1a} — C:Program FilesIEProIEPro.dll
O9 — Extra button: IE7Pro Preferences — {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} — C:Program FilesIEProIEPro.dll
O9 — Extra ‘Tools’ menuitem: IE7Pro Preferences — {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} — C:Program FilesIEProIEPro.dll
O9 — Extra button: Create Mobile Favorite — {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: (no name) — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra ‘Tools’ menuitem: Добавить в избранное мобильного устройства… — {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} — C:PROGRA~1MI3AA1~1INetRepl.dll
O9 — Extra button: Быстрая настройка Outpost Security Suite Pro — {44627E97-789B-40d4-B5C2-58BD171129A1} — C:Program FilesAgnitumOutpost Security Suite Proie_bar.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 — DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) — https://my.sabmillerrus.ru/InternalSite/WhlCompMgr.cab
O17 — HKLMSystemCCSServicesTcpip..{32978208-8199-4E0C-88B2-043ED06A10CA}: NameServer = 85.113.128.136,85.113.147.110
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Agnitum Client Security Service (acssrv) — Agnitum Ltd. — C:PROGRA~1AgnitumOUTPOS~1acs.exe
O23 — Service: APC UPS Service — American Power Conversion Corporation — C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
O23 — Service: BrSplService (Brother XP spl Service) — brother Industries Ltd — C:WINDOWSsystem32brsvc01a.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PunkBuster (PnkBstrA) — Unknown owner — C:Program FilesEA GamesNeed for Speed UndercoverPBPnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 9128 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO — C:Program FilesIEProIEPro.dll [2008-09-23 756840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2008-05-02 15872]
«VMSnap3″=C:WINDOWSVMSnap3.EXE [2006-08-30 49152]
«Domino»=C:WINDOWSDomino.EXE [2006-06-28 49152]
«WheelMouse»=C:Program FilesA4TechMouseAmoumain.exe [2008-03-06 241664]
«MagicKey»=C:PROGRA~1MEDIAK~1MagicKey.exe [2004-03-15 45056]
«OrderReminder»=C:Program FilesHewlett-PackardOrderReminderOrderReminder.exe [2006-01-30 98304]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2008-10-07 13574144]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2008-10-07 86016]
«OutpostMonitor»=C:PROGRA~1AgnitumOUTPOS~1op_mon.exe [2008-07-15 1207128]
«OutpostFeedBack»=C:Program FilesAgnitumOutpost Security Suite Profeedback.exe [2008-07-15 435544]
«SSBkgdUpdate»=C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe [2003-09-29 155648]
«PaperPort PTD»=C:Program FilesScanSoftPaperPortpptd40nt.exe [2005-08-25 57393]
«IndexSearch»=C:Program FilesScanSoftPaperPortIndexSearch.exe [2005-08-25 40960]
«SetDefPrt»=C:Program FilesBrotherBrmfl05aBrStDvPt.exe [2005-01-26 49152]
«ControlCenter2.0″=C:Program FilesBrotherControlCenter2brctrcen.exe [2005-07-19 933888]
«BluetoothAuthenticationAgent»=C:WINDOWSsystem32bthprops.cpl [2008-04-15 110592]
«C6501Sound»=RunDll32 c6501.cpl []
«DrvIcon»=C:Program FilesVista Drive IconDrvIcon.exe [2008-04-13 49152][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-15 15360]
«Punto Switcher»=C:Program FilesPunto SwitcherPS.exe [2008-05-30 722112]
«uTorrent»=C:Program FilesuTorrentuTorrent.exe [2008-10-10 270128]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2008-11-07 21633320]
«Infium»=C:Program FilesQIP Infiuminfium.exe [2008-12-09 5062144]
«H/PC Connection Agent»=C:PROGRA~1MI3AA1~1wcescomm.exe [2006-11-13 1289000]
«DAEMON Tools Lite»=C:Program FilesDAEMON Tools Litedaemon.exe [2008-12-29 687560]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
APC UPS Status.lnk — C:Program FilesAPCAPC PowerChute Personal EditionDisplay.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
LClock.lnk — C:Program FilesSDF LabLclockLClock.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«ForceClassicControlPanel»=1
«NoInstrumentation»=1
«NoStartMenuMFUprogramsList»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»
«C:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe»=»C:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe:*:Enabled:Rockstar Games Social Club»
«C:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe»=»C:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«C:Program FilesRockstar GamesGrand Theft Auto IVGTAIV.exe»=»C:Program FilesRockstar GamesGrand Theft Auto IVGTAIV.exe:*:Enabled:Grand Theft Auto IV»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesMicrosoft ActiveSyncrapimgr.exe»=»C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager»
«C:Program FilesMicrosoft ActiveSyncwcescomm.exe»=»C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager»
«C:Program FilesMicrosoft ActiveSyncWCESMgr.exe»=»C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application»info.txt logfile of random’s system information tool 1.05 2009-01-09 01:01:23
======Uninstall list======
—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {744C859F-C225-48A9-A524-4DED432F36C7}
—>MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
—>MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
—>MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
2X-Office 7.80—>C:Program FilesA4TechMouseUninst32.exe
A4 TECH PC Camera H—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{362483B1-91EB-4CB4-B9BB-3B4B4C644404}setup.exe» -l0x9 -removeonly
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>C:Program FilesCommon FilesAdobeInstallers6c8e2cb4fd241c55406016127a6ab2eSetup.exe
Adobe Color Common Settings—>MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 9 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
Adobe Setup—>MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agnitum Outpost Security Suite Pro—>»C:Program FilesAgnitumOutpost Security Suite Prounins000.exe»
APC PowerChute Personal Edition—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5A0C892E-FD1C-4203-941E-0956AED20A6A}Setup.exe» -l0x19
ASUSUpdate—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{587178E7-B1DF-494E-9838-FA4DD36E873C}setup.exe» -l0x9
Auslogics BoostSpeed—>»C:Program FilesAuslogicsAuslogics BoostSpeedunins000.exe»
Brother MFL-Pro Suite—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}Setup.exe» -l0x19 Brunin03.dllBrunin03.dll
C-Media 6501 Sound—>C:WINDOWSCmi6501Uninstall.exe C:Program FilesC-Media 6501 Sound#C-Media 6501 Sound#C-Media 6501 Sound#
CPU-Control—>»C:Program FilesCPU-Controlunins000.exe»
DirectX Update for Xp/Vista—>»C:Program FilesDirectX Updateunins000.exe»
Everest Ultimate Edition 4.50.1330—>»C:Program FilesLavalysEVEREST Ultimate Editionunins000.exe»
FastStone Image Viewer 3.5—>»C:Program FilesFastStone Image Viewerunins000.exe»
Foxit Reader—>MsiExec.exe /I{376DA9DC-71B3-4AB7-A80C-8ED02A736172}
Grand Theft Auto IV—>»C:Program FilesInstallShield Installation Information{579BA58C-F33D-4970-9953-B94B43768AC3}setup.exe» -runfromtemp -l0x0019 -removeonly
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows XP (KB915800-v4)—>»C:WINDOWS$NtUninstallKB915800-v4$spuninstspuninst.exe»
HP OrderReminder—>»C:Program FilesHewlett-PackardOrderReminderuninstallhpuninstaller.exe» hp_LaserJet_1018
IEPro—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFIEPro_my.inf,Uninstall
K-Lite Mega Codec Pack 4.3.4—>»C:Program FilesK-Lite Codec Packunins000.exe»
LaserJet 1018—>C:Program FilesZenographics{914F890F-429A-4D54-86DD-F02E3352C794}setup.exe -u «HPLJInstaller.dll=Hplj1018.inf»
Light Alloy 4.3—>C:Program FilesLight Alloyuninst.exe
Media Key—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9D14BEA3-9115-42C2-870A-5CDC14309F68}Setup.exe» -l0x9
Microsoft .NET Framework 2.0 Language Pack — RUS—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0 Language Pack — RUSinstall.exe
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1—>MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5setup.exe
Microsoft .NET Framework 3.5—>MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft ActiveSync—>MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Standard 2007—>MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Стандартный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall STANDARD /dll OSETUP.DLL
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Need for Speed™ Undercover—>MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nero 6—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NVIDIA Drivers—>C:WINDOWSsystem32nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04—>MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Paint.NET v3.35—>MsiExec.exe /X{20AC583C-A6FB-410A-807D-25308225C201}
PaperPort—>MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Punto Switcher 2.96—>»C:Program FilesPunto Switcherunins000.exe»
QIP Infium 2.0.9020 RC3—>»C:Program FilesQIP Infiumunins000.exe»
Right Click Image Converter—>»C:Program FilesKristanixRight Click Image Converteruninstall.exe»
Rockstar Games Social Club—>»C:Program FilesInstallShield Installation Information{08B3869E-D282-424C-9AFC-870E04A4BA14}setup.exe» -runfromtemp -l0x0019 -removeonly
SDF Vista Shell Pack — Software Pack—>MsiExec.exe /I{9B330048-AD73-451E-8A04-23FD1E2B0A06}
SDF Vista Shell Pack—>C:WINDOWSSDF Vista Shell Packuninst.exe
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Unlocker 1.8.7—>C:Program FilesUnlockeruninst.exe
uTorrent—>MsiExec.exe /I{059AD5AC-15A8-459E-A43E-90F7E4F2C069}
Vista Drive Icon 1.4—>C:Program FilesVista Drive Iconuninst.exe
Whale Communications’ Client Components v3.7.1—>rundll32.exe C:WINDOWSDOWNLO~1WhlMgr.dll,UnInstall 3.1.0 63 0 1 3.7.1
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Пакет драйверов Windows — Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)—>C:PROGRA~1DIFX7B44739871F4D539FA473F57A832EA4B6A59EF06DPInst.exe /d /u C:WINDOWSsystem32DRVSTOREamdk8_5F4DE5B38BD0C6463F94F7534C8C84D5EACE412Damdk8.inf======Security center information======
AV: Outpost Security Suite Pro (disabled)
FW: Outpost Security Suite Pro (disabled)System event log
Computer Name: ATHLON
Event Code: 26
Message: Всплывающее окно приложения: FSViewer.exe — Файл поврежден : Файл или каталог 100_0516.JPG поврежден и не может быть прочитан. Запустите служебную программу CHKDSK.Record Number: 1368
Source Name: Application Popup
Time Written: 20081229073111.000000+180
Event Type: информация
User:Computer Name: ATHLON
Event Code: 26
Message: Всплывающее окно приложения: FSViewer.exe — Файл поврежден : Файл или каталог 100_0516.JPG поврежден и не может быть прочитан. Запустите служебную программу CHKDSK.Record Number: 1367
Source Name: Application Popup
Time Written: 20081229073111.000000+180
Event Type: информация
User:Computer Name: ATHLON
Event Code: 26
Message: Всплывающее окно приложения: FSViewer.exe — Файл поврежден : Файл или каталог 100_0516.JPG поврежден и не может быть прочитан. Запустите служебную программу CHKDSK.Record Number: 1366
Source Name: Application Popup
Time Written: 20081229073111.000000+180
Event Type: информация
User:Computer Name: ATHLON
Event Code: 26
Message: Всплывающее окно приложения: FSViewer.exe — Файл поврежден : Файл или каталог 100_0516.JPG поврежден и не может быть прочитан. Запустите служебную программу CHKDSK.Record Number: 1365
Source Name: Application Popup
Time Written: 20081229073111.000000+180
Event Type: информация
User:Computer Name: ATHLON
Event Code: 26
Message: Всплывающее окно приложения: FSViewer.exe — Файл поврежден : Файл или каталог 100_0516.JPG поврежден и не может быть прочитан. Запустите служебную программу CHKDSK.Record Number: 1364
Source Name: Application Popup
Time Written: 20081229073111.000000+180
Event Type: информация
User:Application event log
Computer Name: USER
Event Code: 1000
Message: Счетчики производительности для службы MSDTC (MSDTC) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 5
Source Name: LoadPerf
Time Written: 20081220213708.000000+180
Event Type: информация
User:Computer Name: USER
Event Code: 1000
Message: Счетчики производительности для службы TermService (Службы терминалов) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 4
Source Name: LoadPerf
Time Written: 20081220213704.000000+180
Event Type: информация
User:Computer Name: USER
Event Code: 1000
Message: Счетчики производительности для службы RemoteAccess (Маршрутизация и удаленный доступ) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 3
Source Name: LoadPerf
Time Written: 20081220213611.000000+180
Event Type: информация
User:Computer Name: USER
Event Code: 1000
Message: Счетчики производительности для службы PSched (PSched) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 2
Source Name: LoadPerf
Time Written: 20081220213601.000000+180
Event Type: информация
User:Computer Name: USER
Event Code: 1000
Message: Счетчики производительности для службы RSVP (QoS RSVP) загружены успешно.
Данные записи содержат новые значение индекса,
назначенного этой службе.Record Number: 1
Source Name: LoadPerf
Time Written: 20081220213600.000000+180
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=6b02
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«RGSCLauncher»=C:Program FilesRockstar GamesRockstar Games Social Club
«RGSC»=C:Program FilesRockstar GamesRockstar Games Social Club1_0_0_0
EOF
