Созданные ответы форума
-
Сообщения
-
Всё сделал как вы написали, только получилось это с десятого раза.
Компьютер работает как прежде (плохо).Выключить не получается-перезагружается и т.п.All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named sfc was found to stop!
No service named sfc was found to delete!
Error: No service named PolicyAgentDnscache was found to stop!
No service named PolicyAgentDnscache was found to delete!
========== FILES ==========
File/Folder C:WINDOWSsystem32sdra64.exe not found.
File/Folder C:WINDOWSsystem32driverssfc.sys not found.
========== COMMANDS ==========[EMPTYTEMP]
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytesUser: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 144395 bytesUser: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7460663 bytesUser: User
->Temp folder emptied: 548189659 bytes
->Temporary Internet Files folder emptied: 44474324 bytes
->Java cache emptied: 19582445 bytes
->FireFox cache emptied: 95808958 bytes
->Opera cache emptied: 0 bytesUser: Администратор
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2133863 bytes
%systemroot%System32 .tmp files removed: 5709 bytes
Windows Temp folder emptied: 122118605 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 513426 bytes
RecycleBin emptied: 265196094 bytesTotal Files Cleaned = 1054,52 mb
OTM by OldTimer — Version 3.1.2.2 log created on 12102009_172829
Files moved on Reboot…
Registry entries deleted on Reboot…
RSIT лог:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-12-10 17:36:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 64 GB (56%) free of 114 GB
Total RAM: 511 MB (7% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:07, on 10.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSnotepad.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesD-Toolsdaemon.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesCommon FilesUlead SystemsAutoDetectorMonitor.exe
C:Program FilesUlead SystemsUlead Photo Express 6CalCheck.exe
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesVIARAIDraid_tool.exe
C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
C:Program FilesFirebirdbinibguard.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesACD SystemsImageFoxImageFox.exe
C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesFirebirdbinibserver.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesOperaopera.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsUserРабочий столRSIT.exe
C:Program Filestrend microUser.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.rambler.ru/ie8
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rambler.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
F2 — REG:system.ini: UserInit=C:WINDOWSSYSTEM32Userinit.exe,C:WINDOWSsystem32sdra64.exe,
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: TMAgent IE Adapter — {35A6E2B1-27A9-47D2-913C-559E1EF1D034} — C:Program FilesCommon FilesTarget Marketing AgencyTMAgenttmagent.dll
O2 — BHO: Спутник@Mail.Ru — {8984B388-A5BB-4DF7-B274-77B879E179DB} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: XTRANS — {DBBABB93-DDBC-48CA-B6BE-7F85E50D8FC7} — C:Program FilesX-Translator GOLDPRMTETPrmtETru.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU5950.dll
O3 — Toolbar: Спутник@Mail.Ru — {09900DE8-1DCA-443F-9243-26FF581438AF} — C:Program FilesMail.RuSputnikMailRuSputnik.dll
O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [DAEMON Tools-1033] «C:Program FilesD-Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [Ulead AutoDetector] C:Program FilesCommon FilesUlead SystemsAutoDetectorMonitor.exe
O4 — HKLM..Run: [Ulead Calendar Checker] C:Program FilesUlead SystemsUlead Photo Express 6CalCheck.exe
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6ICQ.exe» silent
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [Nokia.PCSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: VIA RAID TOOL.lnk = C:Program FilesVIARAIDraid_tool.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 — Global Startup: MultiLex Universal Hotkeys.lnk = C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
O4 — Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: ImageFox.lnk = ?
O4 — Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Google ВикиКомментарии… — res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU5950.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU5950.dll/search.htm
O8 — Extra context menu item: Настройки перевода — C:Program FilesX-Translator GOLDPRMTEToptions.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU5950.dll/dic.htm
O8 — Extra context menu item: Перевод страницы — C:Program FilesX-Translator GOLDPRMTETtranslat.htm
O9 — Extra button: Веб-Антивирус — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 6.0scieplugin.dll
O9 — Extra button: (no name) — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer — {5067A26B-1337-4436-8AFE-EE169C2DA79F} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) — file://C:Program FilesAutoCAD 2002AcDcToday.ocx
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) — file://C:Program FilesAutoCAD 2002InstBanr.ocx
O16 — DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) — file://C:Program FilesAutoCAD 2002InstFred.ocx
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 — DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) — file://C:Program FilesAutoCAD 2002AcPreview.ocx
O17 — HKLMSystemCCSServicesTcpip..{315A4568-AB50-4B16-8587-9023F3150455}: NameServer = 85.255.113.134 85.255.112.140
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Kaspersky Internet Security 6.0 (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Firebird Guardian Service (InterBaseGuardian) — Unknown owner — C:Program.exe (file missing)
O23 — Service: Firebird Server (InterBaseServer) — Unknown owner — C:Program.exe (file missing)
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Службы IPSEC PolicyAgentDnscache (PolicyAgentDnscache) — Unknown owner — C:WINDOWSTEMPrdlF.tmp.exe (file missing)
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: PC Tools Auxiliary Service (sdAuxService) — PC Tools — C:Program FilesSpyware DoctorpctsAuxs.exe
O23 — Service: PC Tools Security Service (sdCoreService) — PC Tools — C:Program FilesSpyware DoctorpctsSvc.exe
O23 — Service: IB_Backup (Service1) — Unknown owner — C:StroySoftUtilsIB_Backup.exe (file missing)
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 12730 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogle Software Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2009-02-27 61816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-07-15 1586472][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{35A6E2B1-27A9-47D2-913C-559E1EF1D034}]
TMAgent IE Adapter — C:Program FilesCommon FilesTarget Marketing AgencyTMAgenttmagent.dll [2009-06-26 1149952][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-09-09 677216][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2009-12-04 263280][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll [2009-12-04 764912][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-06-06 41368][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-06-06 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{DBBABB93-DDBC-48CA-B6BE-7F85E50D8FC7} — XTRANS — C:Program FilesX-Translator GOLDPRMTETPrmtETru.dll [2002-07-15 212992]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU5950.dll [2008-12-09 845296]{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2009-09-09 677216]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2009-12-04 263280][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2004-09-30 4603904]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2004-09-30 86016]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2004-11-30 344064]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-12-22 77824]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«DAEMON Tools-1033″=C:Program FilesD-Toolsdaemon.exe [2004-08-22 81920]
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-06-06 148888]
«Ulead AutoDetector»=C:Program FilesCommon FilesUlead SystemsAutoDetectorMonitor.exe [2005-07-28 94208]
«Ulead Calendar Checker»=C:Program FilesUlead SystemsUlead Photo Express 6CalCheck.exe [2005-08-22 69632]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-02-27 35696][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2009-07-16 25604904]
«ICQ»=C:Program FilesICQ6ICQ.exe silent []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
VIA RAID TOOL.lnk — C:Program FilesVIARAIDraid_tool.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
MultiLex Universal Hotkeys.lnk — C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
Adobe Gamma Loader.exe.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
ImageFox.lnk — C:WINDOWSInstaller{99ADC6C1-45D9-4D5C-B1CD-EB0F15FB529B}IMAGEFOX_STRTUP_SHRTCUT.exe
Ulead Photo Express 4.0 SE Calendar Checker .lnk — C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2004-12-01 94208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2006-03-24 28778][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesMalwarebytes’ Anti-Malwarembam.exe»=»C:Program FilesMalwarebytes’ Anti-Malwarembam.exe:*:Enabled:Malwarebytes’ Anti-Malware»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======File associations======
.ini — open — C:WINDOWSSYSTEM32NOTEPAD.EXE %1
.scr — open — C:WINDOWSNOTEPAD.EXE «%1»
.scr — install —
.scr — config —
.txt — open — C:WINDOWSSYSTEM32NOTEPAD.EXE %1======List of files/folders created in the last 1 months======
2009-12-10 17:28:29 —-D—- C:_OTM
2009-12-10 17:22:36 —-SHD—- C:FOUND.032
2009-12-10 17:09:50 —-SHD—- C:FOUND.031
2009-12-10 16:56:40 —-SHD—- C:FOUND.030
2009-12-10 16:22:46 —-SHD—- C:FOUND.029
2009-12-10 16:01:30 —-SHD—- C:FOUND.028
2009-12-10 13:07:42 —-SHD—- C:FOUND.027
2009-12-09 15:23:50 —-SHD—- C:FOUND.026
2009-12-09 15:13:58 —-SHD—- C:FOUND.025
2009-12-09 15:08:10 —-SHD—- C:FOUND.024
2009-12-09 11:03:44 —-SHD—- C:FOUND.023
2009-12-09 10:56:12 —-SHD—- C:FOUND.022
2009-12-08 16:46:52 —-SHD—- C:FOUND.021
2009-12-08 00:07:12 —-SHD—- C:FOUND.020
2009-12-07 21:17:04 —-SHD—- C:FOUND.019
2009-12-07 16:53:32 —-SHD—- C:FOUND.018
2009-12-07 16:47:18 —-SHD—- C:FOUND.017
2009-12-07 14:48:48 —-SHD—- C:FOUND.016
2009-12-07 00:50:28 —-SHD—- C:FOUND.015
2009-12-07 00:26:08 —-D—- C:rsit
2009-12-06 14:35:10 —-SHD—- C:FOUND.014
2009-12-03 23:01:48 —-SHD—- C:FOUND.013
2009-12-03 22:21:30 —-SHD—- C:FOUND.012
2009-12-02 20:36:10 —-SHD—- C:FOUND.011
2009-12-02 20:26:50 —-SHD—- C:FOUND.010
2009-12-01 23:59:52 —-SHD—- C:FOUND.009======List of files/folders modified in the last 1 months======
2009-12-10 17:25:18 —-A—- C:WINDOWSSchedLgU.Txt
2009-12-09 13:14:36 —-A—- C:WINDOWSulead32.ini
2009-12-01 17:34:42 —-A—- C:WINDOWSNeroDigital.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 klif;Klif; ??C:WINDOWSsystem32driversklif.sys []
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2003-08-18 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2003-08-18 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2004-12-01 928256]
R3 GT680x;GrandTechICNameNT; C:WINDOWSSystem32Driversgt680x.sys [2003-02-21 17504]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver; C:WINDOWSsystem32DRIVERSusb8023.sys [2008-04-13 12800]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 vusbbus;Virtual Usb Bus Enumerator; C:WINDOWSsystem32DRIVERSvusbbus.sys [2006-08-19 52224]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:WINDOWSsystem32DRIVERSyukonwxp.sys [2003-12-23 174464]
S1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys [2008-04-14 41984]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 IKFileSec;File Security Driver; C:WINDOWSsystem32driversikfilesec.sys [2008-06-02 42376]
S3 IKSysFlt;System Filter Driver; C:WINDOWSsystem32driversiksysflt.sys [2008-06-02 66952]
S3 IKSysSec;System Security Driver; C:WINDOWSsystem32driversiksyssec.sys [2008-06-10 81288]
S3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-09-30 2743840]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:WINDOWSsystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:WINDOWSsystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S4 sfc;sfc; C:WINDOWSsystem32driverssfc.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2004-12-01 425984]
R2 InterBaseGuardian;Firebird Guardian Service; C:Program FilesFirebirdbinibguard -s []
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-06-06 152984]
R3 InterBaseServer;Firebird Server; C:Program FilesFirebirdbinibserver -s []
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2004-11-30 516096]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-03 183280]
S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2004-09-30 127043]
S2 PolicyAgentDnscache;Службы IPSEC PolicyAgentDnscache; C:WINDOWSTEMPrdlF.tmp.exe srv []
S2 Service1;IB_Backup; C:StroySoftUtilsIB_Backup.exe []
S3 AVP;Kaspersky Internet Security 6.0; C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe [2006-03-24 139367]
S3 sdAuxService;PC Tools Auxiliary Service; C:Program FilesSpyware DoctorpctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:Program FilesSpyware DoctorpctsSvc.exe [2008-08-07 1073544]
EOF
ComboFix 09-05-25.01 — User 25.05.2009 22:27.2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.511.218 [GMT 4:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столCFScript.txt
AV: Kaspersky Internet Security 6.0 *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security 6.0 *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FILE ::
c:windowssystem32Driversati1fkxx.sys
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
—- Previous Run
.
c:windowssystem32Driversati1fkxx.sys.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ATI1FKXX
Service_ati1fkxx((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.2009-05-19 17:27 . 2009-05-19 17:27
d—h—w c:windowsPIF
2009-05-19 17:10 . 2009-05-19 17:10
d
w C:_OTMoveIt
2009-05-16 16:40 . 2009-05-16 16:40
d
w c:program filestrend micro
2009-05-16 16:40 . 2009-05-16 16:40
d
w C:rsit
2009-05-16 15:06 . 2009-05-16 15:06
d
w c:documents and settingsUserApplication DataMalwarebytes
2009-05-16 15:05 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-05-16 15:05 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-05-16 15:05 . 2009-05-16 15:05
d
w c:documents and settingsAll UsersApplication DataMalwarebytes
2009-05-16 15:05 . 2009-05-16 15:05
d
w c:program filesMalwarebytes’ Anti-Malware
2009-05-02 13:38 . 2009-05-02 13:38 1878984 —-a-w c:documents and settingsUserApplication DataMacromediaFlash Playerwww.macromedia.combinfpupdateplfpupdatepl.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 18:15 . 2007-04-16 18:45 611353376 —sha-w c:windowssystem32driversfidbox.dat
2009-05-25 18:15 . 2007-04-16 18:45 588416 —sha-w c:windowssystem32driversfidbox2.idx
2009-05-25 18:15 . 2007-04-16 18:45 176160 —sha-w c:windowssystem32driversfidbox2.dat
2009-05-25 18:15 . 2007-04-16 18:45 15919664 —sha-w c:windowssystem32driversfidbox.idx
2009-05-19 16:52 . 2009-05-05 16:13 87489 —-a-w c:documents and settingsUserApplication Datafieryads.dat
2009-04-04 10:17 . 2009-04-04 10:17
d
w c:documents and settingsUserApplication DataMedia Player Classic
2009-04-04 09:54 . 2009-04-04 09:54
d
w c:program filesK-Lite Codec Pack
2009-03-02 18:10 . 2009-04-04 09:54 67584 —-a-w c:windowssystem32ff_vfw.dll
2009-02-26 20:47 . 2009-04-04 09:54 2255360 —-a-w c:windowssystem32x264vfw.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«ICQ»=»c:program filesICQ6ICQ.exe» [2008-09-01 173304][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2004-09-30 4603904]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2004-09-30 86016]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2004-11-30 344064]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«DAEMON Tools-1033″=»c:program filesD-Toolsdaemon.exe» [2004-08-22 81920]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-03-23 227328]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-09-30 921600]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2004-12-22 77824][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-03-27 1744896]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
VIA RAID TOOL.lnk — c:program filesVIARAIDraid_tool.exe [2005-10-9 581632]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOfficeOSA9.EXE [1999-2-17 65588]
MultiLex Universal Hotkeys.lnk — c:program filesMediaLinguaMultiLex 4.0HKML_SRV.exe [2006-3-7 118784]
Ulead Photo Express 4.0 SE Calendar Checker .lnk — c:program filesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe [2005-10-11 69632]
Adobe Gamma Loader.exe.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-1-13 113664]
ImageFox.lnk — c:windowsInstaller{99ADC6C1-45D9-4D5C-B1CD-EB0F15FB529B}IMAGEFOX_STRTUP_SHRTCUT.exe [2007-1-13 3310][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=»»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«8208:TCP»= 8208:TCP:laorvR3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [18.08.2003 12800]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [21.02.2009 20:28 356920]— Other Services/Drivers In Memory —
*Deregistered* — mchInjDrv
.
Contents of the ‘Scheduled Tasks’ folder2009-05-25 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-02-21 09:02]
.
— — — — ORPHANS REMOVED — — — —SafeBoot-procexp90.Sys
.
Supplementary Scan
.
uStart Page = hxxp://www.google.ru/ig?hl=ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU0.dll/zakladki.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Настройки перевода — c:program filesX-Translator GOLDPRMTEToptions.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: Перевод страницы — c:program filesX-Translator GOLDPRMTETtranslat.htm
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfiles2xinqeaq.default
FF — prefs.js: browser.search.defaulturl — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF — prefs.js: browser.search.selectedEngine — Web Search
FF — prefs.js: browser.startup.homepage — hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13
FF — prefs.js: keyword.URL — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=2&q=
FF — plugin: c:program filesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava11.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava12.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava131_06.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava32.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPOJI600.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 22:29
Windows 5.1.2600 Service Pack 3 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(940)
c:windowssystem32Ati2evxx.dll
c:windowssystem32klogon.dll— — — — — — — > ‘explorer.exe'(1612)
c:program filesACD SystemsImageFoxIFOXDLL.dll
.
Completion time: 2009-05-25 22:31
ComboFix-quarantined-files.txt 2009-05-25 18:31
ComboFix2.txt 2009-05-22 18:06Pre-Run: 71 034 077 184 байт свободно
Post-Run: 71 016 087 552 байт свободно145 — E O F — 2008-11-23 09:45
Combofix выдал лог файл:
ComboFix 09-05-21.08 — User 22.05.2009 21:57.1 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.511.221 [GMT 4:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
Command switches used :: c:documents and settingsUserРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: Kaspersky Internet Security 6.0 *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security 6.0 *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsUserLocal SettingsTemporary Internet Files005B0CEE_9E44_4874_BB3A_AA90BF414B9B.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files01166880_8BC0_4d39_A5B3_2B79D15BD947.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files1F48DC7F-5AAB-4068-94FB-28260DD487DD.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files224C20AC-2B10-4f47-A087-071DF48FA255.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesA9C3BB22_B095_4bb9_A4FD_1CB3643AF9A0.jpg
c:documents and settingsUserLocal SettingsTemporary Internet FilesADED7C5B-E485-4485-8089-5F2E2DE42E91.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesB12B218E_7A00_457d_BC82_2757D4C18CC1.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesC82F82E3_1710_4965_ACF4_176308ED93A5.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesD0FE389E_400B_440b_9071_2587A57961E3.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesD376F538-6C5D-41ae-B596-C030BE6366B7.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesDE6B7F39_B028_48ef_8D77_5471C7278A14.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesE293A409_F14F_4c04_962F_4FE36C7CDD9F.jpg
c:documents and settingsUserLocal SettingsTemporary Internet FilesE99CE768_8677_4652_B475_BA6BE092A64A.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.38
c:documents and settingsUserLocal SettingsTemporary Internet FilesF3FCCA3A_1396_4121_84BC_C7AA4524D721.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesFE560CBF_28CF_4906_A438_C86C6CA84F93.gif
c:windows10725not-z-v5rusa09.exe
c:windows10753zr9j87.dll
c:windows10814s59zbot6c9.cpl
c:windows1092downloa5er51z.ocx
c:windows10957troj5eez.ocx
c:windows11195r28z1.dll
c:windows11221wo5z9e2.ocx
c:windows1139bzckdoo51939.ocx
c:windows11z05ack9oor698.ocx
c:windows11z459orm6985.bin
c:windows11z86hackt5olac9.exe
c:windows1335spamzot1895.dll
c:windows136z2v5rus5b59.bin
c:windows1371zviru921c5.dll
c:windows144adow5zoade9515.bin
c:windows1455zspy595.bin
c:windows149z85irus53.dll
c:windows15173worm4zc9.ocx
c:windows15288not-a9virus6z3.ocx
c:windows16175hackt9oz64b.ocx
c:windows16303zor5b9.exe
c:windows1654s9arse226z.cpl
c:windows16652spzmbot549.bin
c:windows16657zpambo95f5.dll
c:windows16z0s592a6.ocx
c:windows16z45ac9door191.cpl
c:windows170c5pyzare989.cpl
c:windows17529spa9zot4a6.ocx
c:windows1790down9oaderz615.cpl
c:windows17938ha5ktzol19f.cpl
c:windows17954not-a5virus2z6.bin
c:windows18075tro539z.ocx
c:windows18150vir958ez.bin
c:windows18351noz-a-vi9us456.exe
c:windows18495wormz5c.ocx
c:windows18830tz9j3c5.cpl
c:windows1905pyware1z54.bin
c:windows19579z9rusf1.bin
c:windows1959rzj65.bin
c:windows19975viruszf9.cpl
c:windows19z83ha9ktool550.exe
c:windows1caesze59585.bin
c:windows1z185spambo59ef.bin
c:windows1z39sparse2569.cpl
c:windows206z55roj597.exe
c:windows2094zt9oj25.ocx
c:windows20bzspa5se2930.dll
c:windows210569ac5tozl3fb.cpl
c:windows21194w9zm645.cpl
c:windows21196worm5f5z.bin
c:windows214565iruz29e.exe
c:windows21619worz21e5.ocx
c:windows22215spamboz7569.ocx
c:windows22304noz5a-viruse9.ocx
c:windows223z5vir9530f.dll
c:windows22519hacktoolz58.ocx
c:windows229csp5warz1980.cpl
c:windows22c55hrea913046z.ocx
c:windows22d95hreaz20422.bin
c:windows23458t5zj903.cpl
c:windows2391zvi5us25d.bin
c:windows23c9ba59zoor1006.dll
c:windows24131not-a-virzs9b5.dll
c:windows2499sp5rse2789z.bin
c:windows25227vzrus199.ocx
c:windows254z5ha9ktool16e.ocx
c:windows25599hzcktool359.bin
c:windows2585vi9us43bz.cpl
c:windows25862spa95ot498z.cpl
c:windows259859ormz9b.exe
c:windows259z1s9y2b5.ocx
c:windows2627baczd9or4305.bin
c:windows26440no5za-v9rus434.cpl
c:windows269z5wormb9.dll
c:windows26bdstea55z09.dll
c:windows2743n9t-a-zirus16f5.dll
c:windows27455viruz69a.dll
c:windows2748vz9592.bin
c:windows27552szam9ot2ea.dll
c:windows27657ha5ktooz699.ocx
c:windows27735hacz9ool33f.ocx
c:windows27859wo9m6zd.bin
c:windows2789ztroj915.cpl
c:windows28069vi9uszcc5.ocx
c:windows285925roz59a.dll
c:windows2899stezl5262.cpl
c:windows29059trzj5c1.cpl
c:windows29158woz94bc5.exe
c:windows29195troj5zc.dll
c:windows29288viruz757.ocx
c:windows29453vi9us4za.dll
c:windows29568trojzff5.bin
c:windows295z5s5y7e39.cpl
c:windows295z9troj255.cpl
c:windows29957hackzool9f.dll
c:windows29z57spyca5.exe
c:windows2b84do9nl5ader245z.ocx
c:windows2bc4vir5z09.bin
c:windows2e5iz3291.cpl
c:windows2ec5dowzloader2901.dll
c:windows2ezfbackdoor9359.exe
c:windows2fc9add5zre1799.exe
c:windows2z059spy97e.bin
c:windows2z2espyware5393.cpl
c:windows2z559n9t-a-virus6e8.bin
c:windows2z745worm938.cpl
c:windows2z9689ot-5-virus4f6.exe
c:windows2zd49ackd5or3217.bin
c:windows305z0no9-a-vi5us2e8.cpl
c:windows30935hacktool9z.ocx
c:windows30a4zh9ef3570.bin
c:windows31151not-a-viruz5f99.bin
c:windows3136t5reat27z349.bin
c:windows315z9spy45.bin
c:windows3182szambot97d5.bin
c:windows3188zacktoo95e6.cpl
c:windows318975zambotcf.cpl
c:windows31e3stzal955.ocx
c:windows32477nzt-a-59rus7e4.ocx
c:windows32938t5ojez.exe
c:windows33a05zi9f2415.bin
c:windows35069spamz9t33.bin
c:windows3550szarse2955.ocx
c:windows3560d9wnzoa5er2587.dll
c:windows35bbsteaz9397.bin
c:windows35c8sp9rse4z5.exe
c:windows35ecspars9413z.cpl
c:windows36459parse272z.exe
c:windows3664d5znloa9er1048.ocx
c:windows3715t9zeat482.cpl
c:windows394zthreat256739.cpl
c:windows3971spyw95ez32.cpl
c:windows3a66t95eatz1969.dll
c:windows3c9aspa5se2770z.ocx
c:windows3d435ownzoader1193.ocx
c:windows3d94dowzlo5der2343.cpl
c:windows3d9zvir2354.bin
c:windows3db9hreat51z50.dll
c:windows3fe9addzare1085.bin
c:windows3z07not9a-viru5732.bin
c:windows3z169hre5t59.cpl
c:windows3z40wor5966.ocx
c:windows3z85t9ief565.dll
c:windows3z9troj530.cpl
c:windows435thi5f8z9.exe
c:windows4364spa5zot192.cpl
c:windows43b9vzr1057.bin
c:windows4465backdoorz90.bin
c:windows4558thief9527z.bin
c:windows45599azktool596.bin
c:windows4598h5zktoo9164.ocx
c:windows45d0dzwnloader35259.cpl
c:windows47zevir1596.cpl
c:windows4850not-a-v9ruszb.cpl
c:windows48a9bazkdo5r32299.cpl
c:windows49575hrzat25393.ocx
c:windows4976spzrse17255.exe
c:windows4ae7z59ware2924.bin
c:windows4b5thrz9t10730.ocx
c:windows4ba5spz9se1911.bin
c:windows4z05addware9268.dll
c:windows502zs5amb9t6b8.cpl
c:windows5066zorm975.ocx
c:windows50849azkdoor1697.ocx
c:windows5090ziru5374.bin
c:windows50z9back9oor856.ocx
c:windows515cst59l2z89.bin
c:windows51ffsparze4749.ocx
c:windows52225vi9zs4cd.ocx
c:windows524czir5914.dll
c:windows535esze5l1974.ocx
c:windows5454steaz5429.dll
c:windows5462down9oadez2556.dll
c:windows546zs5y291.ocx
c:windows5497threzt3863.bin
c:windows54a9bzckdoor1145.dll
c:windows555f9ownlzader1571.bin
c:windows55bespzrse22799.cpl
c:windows55dbspywar92z67.ocx
c:windows5696h9ck5ooz5e8.ocx
c:windows56a4downloaderz592.ocx
c:windows577ztea53291.dll
c:windows58939virusz4f.exe
c:windows5910spywaze3207.bin
c:windows593z7virus4da.exe
c:windows5944st9alz951.dll
c:windows594zsteal563.dll
c:windows5959thiez1552.dll
c:windows5970z5reat4977.exe
c:windows5971thizf2270.cpl
c:windows5980ha9ktool15z.bin
c:windows59aaddware2759z.bin
c:windows59e0addwa5e9z9.ocx
c:windows59z9spywar51970.bin
c:windows5ac65hr9at1z18.cpl
c:windows5az4t9ief2293.bin
c:windows5b39doznloa5er2575.ocx
c:windows5c1zdownloa9er5923.bin
c:windows5c29d5wnloader26z1.bin
c:windows5c4fzir23159.bin
c:windows5c55s9arse293z.ocx
c:windows5c9fdo9nloader1329z.ocx
c:windows5d66zte9l584.cpl
c:windows5d80baczdoo91257.exe
c:windows5d95downl9ader435z.ocx
c:windows5e29thr5atz5191.exe
c:windows5f249pyware1z15.bin
c:windows5f75sp9rze1841.exe
c:windows5faspar9e751z.dll
c:windows5z1429py332.cpl
c:windows5z29worm65c9.dll
c:windows5z83s5arse997.bin
c:windows607hacz59ol15.dll
c:windows6099thz5at29001.exe
c:windows619a9ownloade5z869.dll
c:windows6595s5eaz1656.cpl
c:windows675zviru5a9.exe
c:windows6903szywa5e2732.bin
c:windows6978zpambo5610.bin
c:windows6a39addwa5ez975.ocx
c:windows6c17sp5warz2769.ocx
c:windows6c7a59yware2799z.bin
c:windows6dc4tzie51392.dll
c:windows6e879ddwarz765.bin
c:windows6eze9ir1035.bin
c:windows6f6fs5yware1983z.exe
c:windows7115thze519669.cpl
c:windows71dba5kdoo9842z.cpl
c:windows7290t5ief1589z.dll
c:windows733tzreat39554.dll
c:windows740a9p5wzre2485.ocx
c:windows74z5down5oa9er3267.dll
c:windows751backdoor3z97.ocx
c:windows761zb5ckdo9r1292.dll
c:windows77909hreat20045z.ocx
c:windows779zaddwar925245.cpl
c:windows787f9ackdooz25955.ocx
c:windows79369py1z15.cpl
c:windows7956wzrm720.exe
c:windows799dspy9a5e112z.bin
c:windows79e69hiefz59.dll
c:windows7a08zh5ea917157.dll
c:windows7a99a5d9are1z47.bin
c:windows7af9baczdoor590.exe
c:windows7b7f5ddwarz1399.ocx
c:windows7e235zckdoor23109.ocx
c:windows7e5zack9oor575.dll
c:windows88zbac5doo92355.bin
c:windows8z50n9t-a-virus537.ocx
c:windows92939wzr5f.cpl
c:windows92caaddw5re75z.ocx
c:windows92zebackdoo5262.cpl
c:windows93399spamzot5a4.dll
c:windows93z65ackdoor3066.ocx
c:windows96225irus28z.ocx
c:windows9705not-a-virus2z.cpl
c:windows9738viruz15d.cpl
c:windows973zstea52174.cpl
c:windows97845ackzool9ab.cpl
c:windows98775not-azvi5us680.dll
c:windows98z18virus6fd5.cpl
c:windows99300zpy79e5.exe
c:windows99329not5azvirus612.bin
c:windows9952spz95ot571.ocx
c:windows9994addware2265z.exe
c:windows9b9thie565z.ocx
c:windows9z59hacktool743.ocx
c:windowsb8dsz5war9474.exe
c:windowsb98szarse55939.bin
c:windowsc5b5ownloadez9843.bin
c:windowsc609pa5sez793.ocx
c:windowsec55hreat11966z.dll
c:windowssystem3210373nzt-a-v9rus1ec5.bin
c:windowssystem321054thiez9593.cpl
c:windowssystem32105fszars929535.exe
c:windowssystem3211111not-a-vi5us59z.cpl
c:windowssystem321173zha9kto5l66a.cpl
c:windowssystem3211b5p9waze1806.cpl
c:windowssystem32125z49orm1.exe
c:windowssystem3212809noz9a-virus15c.cpl
c:windowssystem3212878spambo9z56.bin
c:windowssystem32128959acktzol1d2.bin
c:windowssystem321388no5-a-v9ruz6c6.ocx
c:windowssystem3213927hackt5ol7z9.dll
c:windowssystem3214582spz4739.dll
c:windowssystem3214591spa5boz49d.cpl
c:windowssystem3214596zpambot6d.exe
c:windowssystem3214949hack9zol5f.exe
c:windowssystem3214999sz55699.exe
c:windowssystem3214f0threzt93115.ocx
c:windowssystem3214z74not-5-virus792.ocx
c:windowssystem3214zabackdoor905.dll
c:windowssystem32150cst9al5036z.ocx
c:windowssystem321544vzr590.cpl
c:windowssystem32155z5ir9354.exe
c:windowssystem3215794nzt5a9virus3e.exe
c:windowssystem3216245vir9s475z.bin
c:windowssystem3216z58s9ambot755.cpl
c:windowssystem3217535hackto9l4fz.cpl
c:windowssystem321759threat25454z.bin
c:windowssystem3218z09not-a-v5ru952c.exe
c:windowssystem3219039spam5oz4de9.bin
c:windowssystem3219295zief599.ocx
c:windowssystem3219395irus11z.exe
c:windowssystem32194415orm25cz.cpl
c:windowssystem321980z95rm17c.exe
c:windowssystem32198195zoj46f.dll
c:windowssystem3219959spa9bzt98.ocx
c:windowssystem3219z2sp5rse1616.cpl
c:windowssystem321ad7vz52469.exe
c:windowssystem321af79pars5z702.ocx
c:windowssystem321b50zac9door2156.dll
c:windowssystem321dz29parse5954.dll
c:windowssystem321e5cdzwnloader9972.cpl
c:windowssystem321e9e5ir998z.exe
c:windowssystem321f73thz5at256289.ocx
c:windowssystem321f76sz5ware859.cpl
c:windowssystem321z09ir2053.bin
c:windowssystem321z5athreat15946.bin
c:windowssystem321zae5ddw9re687.bin
c:windowssystem3220149szambota35.ocx
c:windowssystem3220634no9-a-v5rus293z.bin
c:windowssystem3220851tro9516z.exe
c:windowssystem32215z5h5cktool7a9.ocx
c:windowssystem3221z5th9eat9983.ocx
c:windowssystem3221z8spambo95375.bin
c:windowssystem322283wor9z0e5.dll
c:windowssystem3222z599pambot502.bin
c:windowssystem322409zsp9355.ocx
c:windowssystem3224189virzs735.cpl
c:windowssystem3224528spzmbot19f.ocx
c:windowssystem3224z89not-a-virus1f05.ocx
c:windowssystem3224z9steal5079.ocx
c:windowssystem322511spzwa5e2990.cpl
c:windowssystem3225160zot-a5virus966.cpl
c:windowssystem3225255zackto9l3ad.exe
c:windowssystem32253z5t9oj570.exe
c:windowssystem3225525spam5zt29f.cpl
c:windowssystem3225599wzrm4a6.exe
c:windowssystem322577z5or94fc.cpl
c:windowssystem32257z8vi5us396.bin
c:windowssystem3225821woz59e5.cpl
c:windowssystem32258bad9w5re236z.cpl
c:windowssystem322594stzal2439.dll
c:windowssystem322594zhackto5l29f.cpl
c:windowssystem3225955spy1bz.ocx
c:windowssystem3225edtzr9at15966.exe
c:windowssystem3225z85s9y402.bin
c:windowssystem3226021spam5ot69az.cpl
c:windowssystem3226391zpambot57d.dll
c:windowssystem3226981hazktool5d5.ocx
c:windowssystem3227579zro5775.dll
c:windowssystem3227742v5ru9z7.exe
c:windowssystem3227ca5parz9667.ocx
c:windowssystem32284339orm1z25.cpl
c:windowssystem3228529t5oj3z.exe
c:windowssystem322865backdo9r231z.ocx
c:windowssystem3228794not-a-v5ruz34a.dll
c:windowssystem32288955zt-a-9irus8c.bin
c:windowssystem32290265acztool75a.bin
c:windowssystem3229253spamboz429.bin
c:windowssystem322953bazkdoor1116.exe
c:windowssystem3229575worz39e.dll
c:windowssystem32295athrezt31607.dll
c:windowssystem32295ethief89z.cpl
c:windowssystem322961zt59j48e.bin
c:windowssystem32297z7hac5to9l3f.bin
c:windowssystem3229915pyware357z.exe
c:windowssystem3229975ir2z05.bin
c:windowssystem322bd5addza9e2557.dll
c:windowssystem322f69thzeat28151.ocx
c:windowssystem322z679not-a-viru51bb9.exe
c:windowssystem322z685acktoolf9.bin
c:windowssystem322z795tr9j28e.bin
c:windowssystem323008sp5mbo951z.exe
c:windowssystem32304835zt-a9virus4f6.exe
c:windowssystem323056zworm12e9.ocx
c:windowssystem32305z4spy599.ocx
c:windowssystem3230zethr59t23684.exe
c:windowssystem3231298vizus652.bin
c:windowssystem323249ad5waze10299.ocx
c:windowssystem3232z35ackdoor1979.ocx
c:windowssystem32333zdownlo9der5558.cpl
c:windowssystem32334dspa5se91z.cpl
c:windowssystem323511zown9oader1572.ocx
c:windowssystem32355b9parse297z.exe
c:windowssystem32359at5rezt9776.exe
c:windowssystem32359fbackzoor3089.ocx
c:windowssystem323613sp9rs5685z.ocx
c:windowssystem3236z5ot-a-9irus160.cpl
c:windowssystem3237ab9ddw5rez182.bin
c:windowssystem3239264worm58z.bin
c:windowssystem323970tr5jz0.ocx
c:windowssystem323b5bvzr2999.bin
c:windowssystem323c8zdownload9r5810.bin
c:windowssystem323cz5spyware31609.cpl
c:windowssystem323e2viz5991.cpl
c:windowssystem323e4tz9ea5996.cpl
c:windowssystem323e5astzal2094.dll
c:windowssystem323z7avir5696.cpl
c:windowssystem323z91downloader3195.dll
c:windowssystem32415zvir927.bin
c:windowssystem324191spazbo933d5.ocx
c:windowssystem324217spywa5e217z9.cpl
c:windowssystem324328t5reat27z09.ocx
c:windowssystem324349thzef556.ocx
c:windowssystem324352doznloader2079.dll
c:windowssystem324389spyware5z12.exe
c:windowssystem3243z6st9al1615.cpl
c:windowssystem324439t5ief35z.ocx
c:windowssystem324467not-a-v95us58z.exe
c:windowssystem3244eevzr25829.cpl
c:windowssystem3245z9vir245.exe
c:windowssystem324615th9efz539.exe
c:windowssystem324621z5ief1739.dll
c:windowssystem32473add5a9e1205z.ocx
c:windowssystem324794spambzt6d95.dll
c:windowssystem324b2e5parsz389.bin
c:windowssystem324c49downz5ad9r531.cpl
c:windowssystem324c75addwaze1096.dll
c:windowssystem324e5ebackdozr5968.ocx
c:windowssystem324z3eaddw95e1105.dll
c:windowssystem325057zhreat92545.bin
c:windowssystem325112spywar915z1.cpl
c:windowssystem32515zspyware20759.dll
c:windowssystem325169addwzre1320.bin
c:windowssystem32519fbackd9oz2549.exe
c:windowssystem3252063zot-a-virus4f9.ocx
c:windowssystem325241hac5tool98ez.cpl
c:windowssystem3253zc9ownloade51758.ocx
c:windowssystem3253zf5d9ware1843.dll
c:windowssystem32540d5py9are1122z.ocx
c:windowssystem325488viruz2479.bin
c:windowssystem325492th5ez718.exe
c:windowssystem3254za95dware1239.cpl
c:windowssystem325566dowzloader5699.dll
c:windowssystem32584z9hief1155.exe
c:windowssystem32589zsteal9959.bin
c:windowssystem3258zst9al5276.ocx
c:windowssystem32593zt95eat12568.ocx
c:windowssystem3259759zdwar51964.cpl
c:windowssystem32599addwzre3165.dll
c:windowssystem3259cbvirz15.ocx
c:windowssystem3259d7zhief1554.cpl
c:windowssystem3259e9sp9waze58.cpl
c:windowssystem325aa5downloader1z94.cpl
c:windowssystem325bz5spars92047.bin
c:windowssystem325c0fth5zat31439.bin
c:windowssystem325c85stzal1979.cpl
c:windowssystem325cb5spa5se9z45.exe
c:windowssystem325cc4do9nlozd5r901.dll
c:windowssystem325d05sparsez169.dll
c:windowssystem325d55th9ef20z1.cpl
c:windowssystem325e93backdozr918.ocx
c:windowssystem325ezbackdo9r477.cpl
c:windowssystem325f70vi923z35.exe
c:windowssystem325z837n9t-a-virus55c.bin
c:windowssystem325za1s5ea92184.bin
c:windowssystem3260caaddwaze905.ocx
c:windowssystem326199spazs52794.cpl
c:windowssystem32619b5oznloader161.dll
c:windowssystem3262b6zo59loader3121.ocx
c:windowssystem326515zackd9or795.exe
c:windowssystem32656z9ir1538.dll
c:windowssystem326589spzware2247.dll
c:windowssystem326659wor921z.cpl
c:windowssystem3266be9pazse1955.ocx
c:windowssystem326701vizus9d5.cpl
c:windowssystem326806zte5l9288.ocx
c:windowssystem326887a5dwa9z1098.dll
c:windowssystem326914dowz9oader3050.exe
c:windowssystem3269ba5zware951.cpl
c:windowssystem326cfeba9kdoor222z5.exe
c:windowssystem326db1spyw9re145z.dll
c:windowssystem326z3ft9ief215.cpl
c:windowssystem326z59th59at15773.exe
c:windowssystem32703b9zy5are2045.cpl
c:windowssystem32705eadd5are9z95.dll
c:windowssystem3272b7s5a9se92z.exe
c:windowssystem3272f15ac9doorz224.cpl
c:windowssystem327345baczdoor9366.ocx
c:windowssystem327435thzef9535.cpl
c:windowssystem32752cvzr5359.bin
c:windowssystem32752spyz759.exe
c:windowssystem327623addwarz2159.dll
c:windowssystem327794spyzar92185.exe
c:windowssystem327963spyware5185z.ocx
c:windowssystem327993baczd5or51.bin
c:windowssystem327995worm7z2.bin
c:windowssystem327a52thze5t2397.ocx
c:windowssystem327b95steaz995.dll
c:windowssystem327f0cthreat2z925.bin
c:windowssystem327fces9arsz32145.ocx
c:windowssystem327zb9pywar51647.bin
c:windowssystem328189zir5s39c.cpl
c:windowssystem32839zteal405.exe
c:windowssystem32853s9yz55.ocx
c:windowssystem328541not-a-viruz9b2.dll
c:windowssystem3285595ot-z-virus9c8.exe
c:windowssystem328559ha5ktozl693.ocx
c:windowssystem328663not5a-vzrus5869.dll
c:windowssystem3289305irus9dz.ocx
c:windowssystem329097spa9zot485.cpl
c:windowssystem32912eaddwaze5135.cpl
c:windowssystem32917845rojzf9.exe
c:windowssystem329253threat2175z.dll
c:windowssystem329254zteal984.ocx
c:windowssystem329297szea53156.bin
c:windowssystem329354zs5y7a1.ocx
c:windowssystem329534wor9z4.bin
c:windowssystem329552zirus570.dll
c:windowssystem3295743spz4ab.bin
c:windowssystem3295bthrzat14991.exe
c:windowssystem3295e0szarse936.exe
c:windowssystem3295z17wor5105.dll
c:windowssystem3297863zirus725.dll
c:windowssystem329793spambotzf55.cpl
c:windowssystem329999zhacktoo57be.ocx
c:windowssystem329a9thief3z125.cpl
c:windowssystem329c7dsza5se2159.cpl
c:windowssystem329dz0sparse563.dll
c:windowssystem329z11spa5bot9bb.cpl
c:windowssystem329za9addwa5e2604.bin
c:windowssystem32a0zba95door779.cpl
c:windowsSystem32bfytrqya.dll
c:windowssystem32cc35hreatz7099.ocx
c:windowssystem32cc459dwarz2309.dll
c:windowssystem32d59spyw9rz2866.cpl
c:windowssystem32f5addwar910z8.exe
c:windowssystem32fa2vz91645.bin
c:windowssystem32nbwepapf.dll
c:windowssystem32TDSSosvd.dat
c:windowssystem32z24edow5loader1952.cpl
c:windowssystem32z266s5ar9e3006.exe
c:windowssystem32z2750vi5us179.ocx
c:windowssystem32z2907worm359.cpl
c:windowssystem32z3572w9rm106.exe
c:windowssystem32z3954virus4e1.dll
c:windowssystem32z41509orm195.bin
c:windowssystem32z50downl9a5er1949.ocx
c:windowssystem32z5299h5ef2092.cpl
c:windowssystem32z5335w9rm6ca.ocx
c:windowssystem32z5488hac9too5323.exe
c:windowssystem32z575steal4299.bin
c:windowssystem32z59fthreat15154.ocx
c:windowssystem32z5a1downlo9der572.ocx
c:windowssystem32z659spy586.dll
c:windowssystem32z65thie92515.exe
c:windowssystem32z6659spy72.ocx
c:windowssystem32z8599ot-a-vi5us674.exe
c:windowssystem32z85ad9wnloader1194.bin
c:windowssystem32z9666spa5bot4f8.exe
c:windowssystem32zc6bthief29495.bin
c:windowssystem32zd3v9r5256.cpl
c:windowssystem32zebf5py9are2764.dll
c:windowswiaserviv.log
c:windowsz02spywar59110.cpl
c:windowsz06t5r9at28200.exe
c:windowsz0adb5ckdoor319.dll
c:windowsz2260tr9j5a85.cpl
c:windowsz22905ot-a9virus12a.bin
c:windowsz3cspy9a5e1787.exe
c:windowsz572addware27519.cpl
c:windowsz6509spa95ot768.ocx
c:windowsz7648tr9j15e.cpl
c:windowsz7852no9-a-viru52ba.dll
c:windowsz93ct5ief928.bin
c:windowsz95755ro92a5.exe
c:windowsz9595s9567e.cpl
c:windowsza2ad5wnloader1972.bin
c:windowszd549hief218.cplInfected copy of c:windowssystem32sfcfiles.dll was found and disinfected
Restored copy from — c:windows$NtServicePackUninstall$sfcfiles.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_POWERMANAGER
Legacy_SFC
Legacy_TCPSR
Legacy_TDSSSERV.SYS
Legacy_WS2_32SIK
Service_tcpsr
Service_Wofgeybhkoc((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.2009-05-19 17:27 . 2009-05-19 17:27
d—h—w c:windowsPIF
2009-05-19 17:10 . 2009-05-19 17:10
d
w C:_OTMoveIt
2009-05-16 16:40 . 2009-05-16 16:40
d
w c:program filestrend micro
2009-05-16 16:40 . 2009-05-16 16:40
d
w C:rsit
2009-05-16 15:06 . 2009-05-16 15:06
d
w c:documents and settingsUserApplication DataMalwarebytes
2009-05-16 15:05 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-05-16 15:05 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-05-16 15:05 . 2009-05-16 15:05
d
w c:documents and settingsAll UsersApplication DataMalwarebytes
2009-05-16 15:05 . 2009-05-16 15:05
d
w c:program filesMalwarebytes’ Anti-Malware
2009-05-02 13:38 . 2009-05-02 13:38 1878984 —-a-w c:documents and settingsUserApplication DataMacromediaFlash Playerwww.macromedia.combinfpupdateplfpupdatepl.exe.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 18:02 . 2007-04-16 18:45 611353376 —sha-w c:windowssystem32driversfidbox.dat
2009-05-22 18:02 . 2007-04-16 18:45 588416 —sha-w c:windowssystem32driversfidbox2.idx
2009-05-22 18:02 . 2007-04-16 18:45 176160 —sha-w c:windowssystem32driversfidbox2.dat
2009-05-22 18:02 . 2007-04-16 18:45 15919664 —sha-w c:windowssystem32driversfidbox.idx
2009-05-19 16:52 . 2009-05-05 16:13 87489 —-a-w c:documents and settingsUserApplication Datafieryads.dat
2009-04-04 10:17 . 2009-04-04 10:17
d
w c:documents and settingsUserApplication DataMedia Player Classic
2009-04-04 09:54 . 2009-04-04 09:54
d
w c:program filesK-Lite Codec Pack
2009-03-22 10:24 . 2009-01-13 18:31 32768 —-a-w c:windowssystem32driversati1fkxx.sys
2009-03-02 18:10 . 2009-04-04 09:54 67584 —-a-w c:windowssystem32ff_vfw.dll
2009-02-26 20:47 . 2009-04-04 09:54 2255360 —-a-w c:windowssystem32x264vfw.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2008-04-14 1695232]
«ICQ»=»c:program filesICQ6ICQ.exe» [2008-09-01 173304][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2004-09-30 4603904]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2004-09-30 86016]
«ATIPTA»=»c:program filesATI TechnologiesATI Control Panelatiptaxx.exe» [2004-11-30 344064]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«DAEMON Tools-1033″=»c:program filesD-Toolsdaemon.exe» [2004-08-22 81920]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-03-23 227328]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-09-30 921600]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2004-12-22 77824][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-03-27 1744896]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
VIA RAID TOOL.lnk — c:program filesVIARAIDraid_tool.exe [2005-10-9 581632]
Microsoft Office.lnk — c:program filesMicrosoft OfficeOfficeOSA9.EXE [1999-2-17 65588]
MultiLex Universal Hotkeys.lnk — c:program filesMediaLinguaMultiLex 4.0HKML_SRV.exe [2006-3-7 118784]
Ulead Photo Express 4.0 SE Calendar Checker .lnk — c:program filesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe [2005-10-11 69632]
Adobe Gamma Loader.exe.lnk — c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-1-13 113664]
ImageFox.lnk — c:windowsInstaller{99ADC6C1-45D9-4D5C-B1CD-EB0F15FB529B}IMAGEFOX_STRTUP_SHRTCUT.exe [2007-1-13 3310][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1fkxx.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQ6\ICQ.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«8208:TCP»= 8208:TCP:laorvR0 ati1fkxx;ati1fkxx;c:windowssystem32Driversati1fkxx.sys —> c:windowssystem32Driversati1fkxx.sys [?]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver;c:windowssystem32driversusb8023.sys [18.08.2003 12800]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [21.02.2009 20:28 356920]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
kyuci
EZvziy
.
Contents of the ‘Scheduled Tasks’ folder2009-05-22 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-02-21 09:02]
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-AdobeUpdater — c:program filesCommon FilesAdobeUpdater5AdobeUpdater.exe
HKCU-Run-wsctf.exe — wsctf.exe.
Supplementary Scan
.
uStart Page = hxxp://www.google.ru/ig?hl=ru
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Добавить в Rambler-Закладки — c:program filesRambler AssistantramblertoolbarU0.dll/zakladki.htm
IE: Найти с помощью Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/search.htm
IE: Настройки перевода — c:program filesX-Translator GOLDPRMTEToptions.htm
IE: Перевести с помощью словарей Рамблера — c:program filesRambler AssistantramblertoolbarU0.dll/dic.htm
IE: Перевод страницы — c:program filesX-Translator GOLDPRMTETtranslat.htm
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfiles2xinqeaq.default
FF — prefs.js: browser.search.defaulturl — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF — prefs.js: browser.search.selectedEngine — Web Search
FF — prefs.js: browser.startup.homepage — hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13
FF — prefs.js: keyword.URL — hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=2&q=
FF — plugin: c:program filesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava11.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava12.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava131_06.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPJava32.dll
FF — plugin: c:program filesJavaSoftJRE1.3.1_06binNPOJI600.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF — plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 22:04
Windows 5.1.2600 Service Pack 3 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(948)
c:windowssystem32Ati2evxx.dll
c:windowssystem32klogon.dll— — — — — — — > ‘explorer.exe'(2396)
c:program filesACD SystemsImageFoxIFOXDLL.dll
.
Other Running Processes
.
c:windowsSYSTEM32ATI2EVXX.EXE
c:windowsSYSTEM32ATI2EVXX.EXE
c:program filesFIREBIRDBINIBGUARD.EXE
c:program filesACD SYSTEMSIMAGEFOXIMAGEFOX.EXE
c:program filesFirebirdbinibserver.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-05-22 22:06 — machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 18:06Pre-Run: 70 960 807 936 байт свободно
Post-Run: 71 242 088 448 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect768 — E O F — 2008-11-23 09:45
Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-05-21 19:04:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 68 GB (59%) free of 114 GB
Total RAM: 511 MB (39% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:59, on 16.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesFirebirdbinibguard.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesSpyware DoctorpctsTray.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesD-Toolsdaemon.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesICQ6ICQ.exe
C:WINDOWSsystem32setup2.exe
C:Program FilesVIARAIDraid_tool.exe
C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
C:Program FilesACD SystemsImageFoxImageFox.exe
C:Program FilesFirebirdbinibserver.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:WINDOWSSystem32alg.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSYSTEM32NOTEPAD.EXE
C:Documents and SettingsUserРабочий столRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microUser.exe
C:Program FilesX-Translator GOLDXTRAPrmtX.exe
C:Program FilesX-Translator GOLDPromtsvr.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ru/ig?hl=ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Доступ к платному контенту FieryAds v2.0.0 — {6D125299-C2A9-4DBC-BEC3-6F7124E39A41} — C:DOCUME~1UserAPPLIC~1FieryAdsFieryAds.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll
O3 — Toolbar: XTRANS — {DBBABB93-DDBC-48CA-B6BE-7F85E50D8FC7} — C:Program FilesX-Translator GOLDPRMTETPrmtETru.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [DAEMON Tools-1033] «C:Program FilesD-Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [ISTray] «C:Program FilesSpyware DoctorpctsTray.exe»
O4 — HKLM..Run: [WiniBlueSoft] C:Program FilesWiniBlueSoft SoftwareWiniBlueSoftWiniBlueSoft.exe -min
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [wsctf.exe] wsctf.exe
O4 — HKCU..Run: [AdobeUpdater] «C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe»
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [setup2.exe] C:WINDOWSsystem32setup2.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: VIA RAID TOOL.lnk = C:Program FilesVIARAIDraid_tool.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 — Global Startup: MultiLex Universal Hotkeys.lnk = C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
O4 — Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
O4 — Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: ImageFox.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Настройки перевода — C:Program FilesX-Translator GOLDPRMTEToptions.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O8 — Extra context menu item: Перевод страницы — C:Program FilesX-Translator GOLDPRMTETtranslat.htm
O9 — Extra button: Веб-Антивирус — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 6.0scieplugin.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) — file://C:Program FilesAutoCAD 2002AcDcToday.ocx
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) — file://C:Program FilesAutoCAD 2002InstBanr.ocx
O16 — DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) — file://C:Program FilesAutoCAD 2002InstFred.ocx
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 — DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) — file://C:Program FilesAutoCAD 2002AcPreview.ocx
O17 — HKLMSystemCCSServicesTcpip..{315A4568-AB50-4B16-8587-9023F3150455}: NameServer = 85.255.113.134 85.255.112.140
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1.0adialhk.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Kaspersky Internet Security 6.0 (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Firebird Guardian Service (InterBaseGuardian) — Unknown owner — C:Program.exe (file missing)
O23 — Service: Firebird Server (InterBaseServer) — Unknown owner — C:Program.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: PC Tools Auxiliary Service (sdAuxService) — PC Tools — C:Program FilesSpyware DoctorpctsAuxs.exe
O23 — Service: PC Tools Security Service (sdCoreService) — PC Tools — C:Program FilesSpyware DoctorpctsSvc.exe
O23 — Service: IB_Backup (Service1) — Unknown owner — C:StroySoftUtilsIB_Backup.exe (file missing)
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10115 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogle Software Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll [2009-04-03 668656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{DBBABB93-DDBC-48CA-B6BE-7F85E50D8FC7} — XTRANS — C:Program FilesX-Translator GOLDPRMTETPrmtETru.dll [2002-07-15 212992]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-27 849392][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2004-09-30 4603904]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2004-09-30 86016]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2004-11-30 344064]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-12-22 77824]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«DAEMON Tools-1033″=C:Program FilesD-Toolsdaemon.exe [2004-08-22 81920]
«»= []
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328]
«ISTray»=C:Program FilesSpyware DoctorpctsTray.exe [2008-07-16 1166216][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232]
«wsctf.exe»=wsctf.exe []
«AdobeUpdater»=C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe []
«ICQ»=C:Program FilesICQ6ICQ.exe [2008-09-01 173304]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
VIA RAID TOOL.lnk — C:Program FilesVIARAIDraid_tool.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
MultiLex Universal Hotkeys.lnk — C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
Ulead Photo Express 4.0 SE Calendar Checker .lnk — C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
Adobe Gamma Loader.exe.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
ImageFox.lnk — C:WINDOWSInstaller{99ADC6C1-45D9-4D5C-B1CD-EB0F15FB529B}IMAGEFOX_STRTUP_SHRTCUT.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1.0adialhk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2004-12-01 94208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2006-03-24 28778][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifynbwepapf]
C:WINDOWSsystem32nbwepapf.dll [2009-05-19 16896][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1fkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1fkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableCMD»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Documents and SettingsUserLocal SettingsTempRar$EX01.250utorrent175.exe»=»C:Documents and SettingsUserLocal SettingsTempRar$EX01.250utorrent175.exe:*:Enabled:µTorrent»
«C:Documents and SettingsUserLocal SettingsTempRar$EX00.828utorrent175.exe»=»C:Documents and SettingsUserLocal SettingsTempRar$EX00.828utorrent175.exe:*:Enabled:µTorrent»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======File associations======
.ini — open — C:WINDOWSSYSTEM32NOTEPAD.EXE %1
.scr — open — C:WINDOWSNOTEPAD.EXE «%1»
.scr — install —
.scr — config —
.txt — open — C:WINDOWSSYSTEM32NOTEPAD.EXE %1======List of files/folders created in the last 1 months======
2009-05-19 21:47:18 —-A—- C:WINDOWSsystem32nbwepapf.dll
2009-05-19 21:27:08 —-HD—- C:WINDOWSPIF
2009-05-19 21:10:37 —-D—- C:_OTMoveIt
2009-05-19 20:09:11 —-RASHD—- C:autorun.inf
2009-05-16 20:40:35 —-D—- C:Program Filestrend micro
2009-05-16 20:40:24 —-D—- C:rsit
2009-05-16 19:06:07 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2009-05-16 19:05:54 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-05-16 19:05:51 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-05-13 13:22:09 —-A—- C:WINDOWSsystem32setup_XP.ini======List of files/folders modified in the last 1 months======
2009-05-21 18:03:38 —-A—- C:WINDOWSNeroDigital.ini
2009-05-21 14:05:16 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-19 20:46:46 —-A—- C:WINDOWSPrmtX.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 IKSysFlt;System Filter Driver; C:WINDOWSsystem32driversiksysflt.sys [2008-06-02 66952]
R1 IKSysSec;System Security Driver; C:WINDOWSsystem32driversiksyssec.sys [2008-06-10 81288]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 klif;Klif; ??C:WINDOWSsystem32driversklif.sys []
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2003-08-18 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2003-08-18 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2004-12-01 928256]
R3 GT680x;GrandTechICNameNT; C:WINDOWSSystem32Driversgt680x.sys [2003-02-21 17504]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver; C:WINDOWSsystem32DRIVERSusb8023.sys [2008-04-13 12800]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 vusbbus;Virtual Usb Bus Enumerator; C:WINDOWSsystem32DRIVERSvusbbus.sys [2006-08-19 52224]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:WINDOWSsystem32DRIVERSyukonwxp.sys [2003-12-23 174464]
S1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys [2008-04-14 41984]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-09-30 2743840]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:WINDOWSsystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:WINDOWSsystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2004-12-01 425984]
R2 InterBaseGuardian;Firebird Guardian Service; C:Program FilesFirebirdbinibguard -s []
R2 sdAuxService;PC Tools Auxiliary Service; C:Program FilesSpyware DoctorpctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:Program FilesSpyware DoctorpctsSvc.exe [2008-08-07 1073544]
R3 InterBaseServer;Firebird Server; C:Program FilesFirebirdbinibserver -s []
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2004-11-30 516096]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-03 183280]
S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2004-09-30 127043]
S2 Service1;IB_Backup; C:StroySoftUtilsIB_Backup.exe []
S3 AVP;Kaspersky Internet Security 6.0; C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe [2006-03-24 139367]
EOF
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
ServiceDriver dwshd not found.
ServiceDriver dwshd not found.
ServiceDriver sfc not found.
ServiceDriver sfc not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D125299-C2A9-4DBC-BEC3-6F7124E39A41}\ not found.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\WiniBlueSoft not found.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\setup2.exe not found.
Unable to delete registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1fkxx.sys\ .
Unable to delete registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1fkxx.sys\ .
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{32e4a2ba-158e-11dc-b730-000fead6e02d}\ not found.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{603a4152-6f48-11dc-b791-000fead6e02d}\ not found.
========== FILES ==========
File/Folder F:Recycledctfmon.exe not found.
File/Folder F:EXPLORER.EXE not found.
File/Folder C:WINDOWSsystem32setup2.exe not found.
File/Folder C:Program FilesWiniBlueSoft Software not found.
File/Folder C:WINDOWSsystem3255ad9pyware883z.dll not found.
File/Folder C:WINDOWS5597vir33z.dll not found.
File/Folder C:WINDOWSsystem32310adownlza9e51353.exe not found.
File/Folder C:WINDOWS6e5backzoor51739.exe not found.
File/Folder C:WINDOWS293zs9y503.dll not found.
File/Folder C:WINDOWS7cd5down5oaze92691.dll not found.
File/Folder C:WINDOWSsystem32699zthr5at27751.dll not found.
File/Folder C:WINDOWSsystem32z9576worm6a.exe not found.
File/Folder C:WINDOWSsystem321763595zus6f2.exe not found.
File/Folder C:WINDOWS13383hackt5olz89.dll not found.
File/Folder C:WINDOWSsystem3229970trzj55f.exe not found.
File/Folder C:WINDOWS6536backdoo9257z.dll not found.
File/Folder C:WINDOWSsystem3243bzddwa5e1994.dll not found.
File/Folder C:WINDOWSsystem326z1baddwar52993.dll not found.
File/Folder C:WINDOWS459faddw9r51492z.dll not found.
File/Folder C:WINDOWSsystem325f29s9y5arez118.exe not found.
File/Folder C:WINDOWS1292zir521.exe not found.
File/Folder C:WINDOWSsystem3223z99wo5m49e.dll not found.
File/Folder C:WINDOWSsystem3210985not9a-virus5z5.exe not found.
File/Folder C:WINDOWSsystem325665spazse10749.exe not found.
File/Folder C:WINDOWS3z1athr9a517127.dll not found.
File/Folder C:WINDOWSsystem324f0daddwar559z.exe not found.
File/Folder C:WINDOWS1dff95arse1227z.dll not found.
File/Folder C:WINDOWSz953worm57a5.exe not found.
File/Folder C:WINDOWSsystem324a7z5ackdoor11819.exe not found.
File/Folder C:WINDOWSsystem32104spaz5e5009.dll not found.
File/Folder C:WINDOWS15d0v5z9193.exe not found.
File/Folder C:WINDOWS1e6bvzr295.exe not found.
File/Folder C:WINDOWS18405zt-a9virus72d.dll not found.
File/Folder C:WINDOWS23701sz51fd9.dll not found.
File/Folder C:WINDOWSsystem325f97v9rz6735.exe not found.
File/Folder C:WINDOWS5935wozm559.dll not found.
File/Folder C:WINDOWS14eathre9t7457z.dll not found.
File/Folder C:WINDOWSz3974sp5235.exe not found.
File/Folder C:WINDOWS5e5downloade9162z.exe not found.
File/Folder C:WINDOWSsystem3212dbzparse9255.exe not found.
File/Folder C:WINDOWS67ftz9e5t2775.dll not found.
File/Folder C:WINDOWS17936hzc5tool61.dll not found.
File/Folder C:WINDOWS2a95a9dwzre2838.dll not found.
File/Folder C:WINDOWSz982spambot9db5.dll not found.
File/Folder C:WINDOWS235z5worm9bb.dll not found.
File/Folder C:WINDOWS96643viruz565.dll not found.
File/Folder C:WINDOWSsystem321c89t9ie5859z.dll not found.
File/Folder C:WINDOWSsystem322097trzj4635.exe not found.
File/Folder C:WINDOWSsystem326629th9ef4z95.exe not found.
File/Folder C:WINDOWSsystem3223378viru5zf69.exe not found.
File/Folder C:WINDOWS24989sp59fz.dll not found.
File/Folder C:WINDOWSsystem321b2fd5wnloaz9r459.dll not found.
File/Folder C:WINDOWSsystem3236ebdow9loadez16395.exe not found.
File/Folder C:WINDOWSsystem32902zthreat32350.exe not found.
File/Folder C:WINDOWS9253spzrse2952.dll not found.
File/Folder C:WINDOWS2z339hack95ol572.exe not found.
File/Folder C:WINDOWS13454not-a-vi9uz3c5.dll not found.
File/Folder C:WINDOWSsystem322z521hack95ol7ac.exe not found.
File/Folder C:WINDOWSsystem324a3zthr5at114779.dll not found.
File/Folder C:WINDOWS486eback5o9z199.dll not found.
File/Folder C:WINDOWSsystem32179zbackdoor2531.exe not found.
File/Folder C:WINDOWSsystem3215z07tr9j65f.dll not found.
File/Folder C:WINDOWSsystem3236249ow5loadzr2308.exe not found.
File/Folder C:WINDOWSsystem32z2304s9y7a25.exe not found.
File/Folder C:WINDOWS41485hie92520z.exe not found.
File/Folder C:WINDOWSd4thre9t1z4665.exe not found.
File/Folder C:WINDOWS2500t9ief2z505.dll not found.
File/Folder C:WINDOWSsystem3297194zorm7b5.dll not found.
File/Folder C:WINDOWS9942not-a-vzr5s193.exe not found.
File/Folder C:WINDOWSsystem326971thr5zt288.exe not found.
File/Folder C:WINDOWS5f8ste9lz857.exe not found.
LoadLibrary failed for C:WINDOWS296595t-a-virus498z.dll
C:WINDOWS296595t-a-virus498z.dll NOT unregistered.
C:WINDOWS296595t-a-virus498z.dll moved successfully.
LoadLibrary failed for C:WINDOWS7125spyw9re2z585.dll
C:WINDOWS7125spyw9re2z585.dll NOT unregistered.
C:WINDOWS7125spyw9re2z585.dll moved successfully.
LoadLibrary failed for C:WINDOWS6418zhi592347.dll
C:WINDOWS6418zhi592347.dll NOT unregistered.
C:WINDOWS6418zhi592347.dll moved successfully.
C:WINDOWSsystem329z075n5t-a-virus6.exe moved successfully.
LoadLibrary failed for C:WINDOWS29750spy15z9.dll
C:WINDOWS29750spy15z9.dll NOT unregistered.
C:WINDOWS29750spy15z9.dll moved successfully.
LoadLibrary failed for C:WINDOWS5e1baddware949z.dll
C:WINDOWS5e1baddware949z.dll NOT unregistered.
C:WINDOWS5e1baddware949z.dll moved successfully.
C:WINDOWSsystem32658dthizf9127.exe moved successfully.
LoadLibrary failed for C:WINDOWS55923not-9-vzrus2c4.dll
C:WINDOWS55923not-9-vzrus2c4.dll NOT unregistered.
C:WINDOWS55923not-9-vzrus2c4.dll moved successfully.
C:WINDOWSsystem325823addzare5279.exe moved successfully.
LoadLibrary failed for C:WINDOWS282bthrz5915900.dll
C:WINDOWS282bthrz5915900.dll NOT unregistered.
C:WINDOWS282bthrz5915900.dll moved successfully.
LoadLibrary failed for C:WINDOWS15550spyze9.dll
C:WINDOWS15550spyze9.dll NOT unregistered.
C:WINDOWS15550spyze9.dll moved successfully.
C:WINDOWSsystem3223893z5t-a9virus298.exe moved successfully.
C:WINDOWS34zead9wa5e263.exe moved successfully.
C:WINDOWS2925dzwnl9ader976.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem32ef19teal1656z.dll
C:WINDOWSsystem32ef19teal1656z.dll NOT unregistered.
C:WINDOWSsystem32ef19teal1656z.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3224298spamb595zd.dll
C:WINDOWSsystem3224298spamb595zd.dll NOT unregistered.
C:WINDOWSsystem3224298spamb595zd.dll moved successfully.
LoadLibrary failed for C:WINDOWS10540not-a-viru53b9z.dll
C:WINDOWS10540not-a-viru53b9z.dll NOT unregistered.
C:WINDOWS10540not-a-viru53b9z.dll moved successfully.
C:WINDOWSsystem3215585vir9sz56.exe moved successfully.
C:WINDOWS14582not-a-9iru56z5.exe moved successfully.
C:WINDOWS59cfszywa5e1603.exe moved successfully.
LoadLibrary failed for C:WINDOWS4551spa9se289z.dll
C:WINDOWS4551spa9se289z.dll NOT unregistered.
C:WINDOWS4551spa9se289z.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem325e66doznloader9429.dll
C:WINDOWSsystem325e66doznloader9429.dll NOT unregistered.
C:WINDOWSsystem325e66doznloader9429.dll moved successfully.
LoadLibrary failed for C:WINDOWS3e5fbazkdoor5999.dll
C:WINDOWS3e5fbazkdoor5999.dll NOT unregistered.
C:WINDOWS3e5fbazkdoor5999.dll moved successfully.
LoadLibrary failed for C:WINDOWS25e9vi9z96.dll
C:WINDOWS25e9vi9z96.dll NOT unregistered.
C:WINDOWS25e9vi9z96.dll moved successfully.
C:WINDOWS2248th9eaz25526.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem32944notza-95rus6a6.dll
C:WINDOWSsystem32944notza-95rus6a6.dll NOT unregistered.
C:WINDOWSsystem32944notza-95rus6a6.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3259932viruz9f.dll
C:WINDOWSsystem3259932viruz9f.dll NOT unregistered.
C:WINDOWSsystem3259932viruz9f.dll moved successfully.
LoadLibrary failed for C:WINDOWS7573thi9f18z8.dll
C:WINDOWS7573thi9f18z8.dll NOT unregistered.
C:WINDOWS7573thi9f18z8.dll moved successfully.
LoadLibrary failed for C:WINDOWS5487zpy969.dll
C:WINDOWS5487zpy969.dll NOT unregistered.
C:WINDOWS5487zpy969.dll moved successfully.
LoadLibrary failed for C:WINDOWS3744ba9kd5or1651z.dll
C:WINDOWS3744ba9kd5or1651z.dll NOT unregistered.
C:WINDOWS3744ba9kd5or1651z.dll moved successfully.
LoadLibrary failed for C:WINDOWS20987vir5s3zc9.dll
C:WINDOWS20987vir5s3zc9.dll NOT unregistered.
C:WINDOWS20987vir5s3zc9.dll moved successfully.
C:WINDOWS16511hac95ooz467.exe moved successfully.
C:WINDOWSsystem325638zi5939.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem325105dozn9o5der1646.dll
C:WINDOWSsystem325105dozn9o5der1646.dll NOT unregistered.
C:WINDOWSsystem325105dozn9o5der1646.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3299975rzj3c9.dll
C:WINDOWSsystem3299975rzj3c9.dll NOT unregistered.
C:WINDOWSsystem3299975rzj3c9.dll moved successfully.
C:WINDOWSsystem32291espar952354z.exe moved successfully.
LoadLibrary failed for C:WINDOWS92543hacktozl54.dll
C:WINDOWS92543hacktozl54.dll NOT unregistered.
C:WINDOWS92543hacktozl54.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3292759tro524z.dll
C:WINDOWSsystem3292759tro524z.dll NOT unregistered.
C:WINDOWSsystem3292759tro524z.dll moved successfully.
LoadLibrary failed for C:WINDOWS51b89zief854.dll
C:WINDOWS51b89zief854.dll NOT unregistered.
C:WINDOWS51b89zief854.dll moved successfully.
C:WINDOWSsystem3225712z5rm1d69.exe moved successfully.
C:WINDOWSsystem324765s9ywaze1869.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem321d95wnloader952z.dll
C:WINDOWSsystem321d95wnloader952z.dll NOT unregistered.
C:WINDOWSsystem321d95wnloader952z.dll moved successfully.
C:WINDOWS14290zp511.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem321911vir9s459z.dll
C:WINDOWSsystem321911vir9s459z.dll NOT unregistered.
C:WINDOWSsystem321911vir9s459z.dll moved successfully.
C:WINDOWS5z4faddware9462.exe moved successfully.
C:WINDOWSz7025hac5tool289.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem323016backd9or55z.dll
C:WINDOWSsystem323016backd9or55z.dll NOT unregistered.
C:WINDOWSsystem323016backd9or55z.dll moved successfully.
C:WINDOWSsystem322fd5oz9loader3194.exe moved successfully.
C:WINDOWS789ztr5j2b0.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem325992vi5z457.dll
C:WINDOWSsystem325992vi5z457.dll NOT unregistered.
C:WINDOWSsystem325992vi5z457.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3214693zot-9-virus685.dll
C:WINDOWSsystem3214693zot-9-virus685.dll NOT unregistered.
C:WINDOWSsystem3214693zot-9-virus685.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem329697adz5are448.dll
C:WINDOWSsystem329697adz5are448.dll NOT unregistered.
C:WINDOWSsystem329697adz5are448.dll moved successfully.
C:WINDOWS29a1threat1645z.exe moved successfully.
LoadLibrary failed for C:WINDOWSz9e9backdoor7155.dll
C:WINDOWSz9e9backdoor7155.dll NOT unregistered.
C:WINDOWSz9e9backdoor7155.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem32373viruz591.dll
C:WINDOWSsystem32373viruz591.dll NOT unregistered.
C:WINDOWSsystem32373viruz591.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3249f6azdware2595.dll
C:WINDOWSsystem3249f6azdware2595.dll NOT unregistered.
C:WINDOWSsystem3249f6azdware2595.dll moved successfully.
C:WINDOWSsystem32985ba5zware726.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem325895t5ief938z.dll
C:WINDOWSsystem325895t5ief938z.dll NOT unregistered.
C:WINDOWSsystem325895t5ief938z.dll moved successfully.
LoadLibrary failed for C:WINDOWS908035acktozl20c.dll
C:WINDOWS908035acktozl20c.dll NOT unregistered.
C:WINDOWS908035acktozl20c.dll moved successfully.
LoadLibrary failed for C:WINDOWS68f9do5nlzader423.dll
C:WINDOWS68f9do5nlzader423.dll NOT unregistered.
C:WINDOWS68f9do5nlzader423.dll moved successfully.
C:WINDOWSsystem32c9caddzar59015.exe moved successfully.
File/Folder C:WINDOWSsystem32setup2.exe not found.
C:WINDOWSsystem321259ztr5j9a1.exe moved successfully.
LoadLibrary failed for C:WINDOWSsystem321z549ir11125.dll
C:WINDOWSsystem321z549ir11125.dll NOT unregistered.
C:WINDOWSsystem321z549ir11125.dll moved successfully.
C:WINDOWSsystem32z56sp9rse2521.exe moved successfully.
LoadLibrary failed for C:WINDOWS30z895orm5149.dll
C:WINDOWS30z895orm5149.dll NOT unregistered.
C:WINDOWS30z895orm5149.dll moved successfully.
C:Documents and SettingsUserApplication DataFieryAds moved successfully.
LoadLibrary failed for C:WINDOWS2258addwzre9252.dll
C:WINDOWS2258addwzre9252.dll NOT unregistered.
C:WINDOWS2258addwzre9252.dll moved successfully.
C:WINDOWS153wz9m325.exe moved successfully.
LoadLibrary failed for C:WINDOWS583bsparz51809.dll
C:WINDOWS583bsparz51809.dll NOT unregistered.
C:WINDOWS583bsparz51809.dll moved successfully.
LoadLibrary failed for C:WINDOWSsystem3218861notza-vi9us695.dll
C:WINDOWSsystem3218861notza-vi9us695.dll NOT unregistered.
C:WINDOWSsystem3218861notza-vi9us695.dll moved successfully.
File/Folder C:WINDOWSSystem32driversdwshd.sys not found.
File/Folder C:WINDOWSsystem32driverssfc.sys not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~1UserLOCALS~1TempHistoryHistory.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempCookiesindex.dat scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5LYYMORH1mail[2].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5LYYMORH1viewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5G0CJBZETmail[2].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE516C0HPEBmail[1].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5HZ9ZZE0Sbind[1].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5RORI9C9Kviewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
File delete failed. C:DOCUME~1UserLOCALS~1TempJET399F.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsUserLocal SettingsTemporary Internet FilesAntiPhishingB3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsUserLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStemp~DF359E.tmp scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempcgj5.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 05192009_215536
Files moved on Reboot…
File C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5LYYMORH1mail[2].htm not found!
C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5LYYMORH1viewtopic[1].htm moved successfully.
File C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5G0CJBZETmail[2].htm not found!
File C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE516C0HPEBmail[1].htm not found!
File C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5HZ9ZZE0Sbind[1].htm not found!
C:DOCUME~1UserLOCALS~1TempTemporary Internet FilesContent.IE5RORI9C9Kviewtopic[1].htm moved successfully.
File C:DOCUME~1UserLOCALS~1TempJET399F.tmp not found!
C:Documents and SettingsUserLocal SettingsTemporary Internet FilesAntiPhishingB3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
C:WINDOWStemp~DF359E.tmp moved successfully.
C:WINDOWStempcgj5.tmp moved successfully.Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-05-16 21:07:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 64 GB (56%) free of 114 GB
Total RAM: 511 MB (36% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:59, on 16.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesFirebirdbinibguard.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesSpyware DoctorpctsTray.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesD-Toolsdaemon.exe
C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesICQ6ICQ.exe
C:WINDOWSsystem32setup2.exe
C:Program FilesVIARAIDraid_tool.exe
C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
C:Program FilesACD SystemsImageFoxImageFox.exe
C:Program FilesFirebirdbinibserver.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:WINDOWSSystem32alg.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSYSTEM32NOTEPAD.EXE
C:Documents and SettingsUserРабочий столRSIT.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program Filestrend microUser.exe
C:Program FilesX-Translator GOLDXTRAPrmtX.exe
C:Program FilesX-Translator GOLDPromtsvr.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ru/ig?hl=ru
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: Доступ к платному контенту FieryAds v2.0.0 — {6D125299-C2A9-4DBC-BEC3-6F7124E39A41} — C:DOCUME~1UserAPPLIC~1FieryAdsFieryAds.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll
O3 — Toolbar: XTRANS — {DBBABB93-DDBC-48CA-B6BE-7F85E50D8FC7} — C:Program FilesX-Translator GOLDPRMTETPrmtETru.dll
O3 — Toolbar: Rambler-Ассистент — {468CD8A9-7C25-45FA-969E-3D925C689DC4} — C:Program FilesRambler AssistantramblertoolbarU0.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [DAEMON Tools-1033] «C:Program FilesD-Toolsdaemon.exe» -lang 1033
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [ISTray] «C:Program FilesSpyware DoctorpctsTray.exe»
O4 — HKLM..Run: [WiniBlueSoft] C:Program FilesWiniBlueSoft SoftwareWiniBlueSoftWiniBlueSoft.exe -min
O4 — HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [wsctf.exe] wsctf.exe
O4 — HKCU..Run: [AdobeUpdater] «C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe»
O4 — HKCU..Run: [ICQ] «C:Program FilesICQ6ICQ.exe» silent
O4 — HKCU..Run: [setup2.exe] C:WINDOWSsystem32setup2.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: VIA RAID TOOL.lnk = C:Program FilesVIARAIDraid_tool.exe
O4 — Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 — Global Startup: MultiLex Universal Hotkeys.lnk = C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
O4 — Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
O4 — Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: ImageFox.lnk = ?
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Rambler-Закладки — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/zakladki.htm
O8 — Extra context menu item: Найти с помощью Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/search.htm
O8 — Extra context menu item: Настройки перевода — C:Program FilesX-Translator GOLDPRMTEToptions.htm
O8 — Extra context menu item: Перевести с помощью словарей Рамблера — res://C:Program FilesRambler AssistantramblertoolbarU0.dll/dic.htm
O8 — Extra context menu item: Перевод страницы — C:Program FilesX-Translator GOLDPRMTETtranslat.htm
O9 — Extra button: Веб-Антивирус — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 6.0scieplugin.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) — file://C:Program FilesAutoCAD 2002AcDcToday.ocx
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) — file://C:Program FilesAutoCAD 2002InstBanr.ocx
O16 — DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) — file://C:Program FilesAutoCAD 2002InstFred.ocx
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 — DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) — file://C:Program FilesAutoCAD 2002AcPreview.ocx
O17 — HKLMSystemCCSServicesTcpip..{315A4568-AB50-4B16-8587-9023F3150455}: NameServer = 85.255.113.134 85.255.112.140
O20 — AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1.0adialhk.dll
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Kaspersky Internet Security 6.0 (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Firebird Guardian Service (InterBaseGuardian) — Unknown owner — C:Program.exe (file missing)
O23 — Service: Firebird Server (InterBaseServer) — Unknown owner — C:Program.exe (file missing)
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: PC Tools Auxiliary Service (sdAuxService) — PC Tools — C:Program FilesSpyware DoctorpctsAuxs.exe
O23 — Service: PC Tools Security Service (sdCoreService) — PC Tools — C:Program FilesSpyware DoctorpctsSvc.exe
O23 — Service: IB_Backup (Service1) — Unknown owner — C:StroySoftUtilsIB_Backup.exe (file missing)
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 10115 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogle Software Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D125299-C2A9-4DBC-BEC3-6F7124E39A41}]
Доступ к платному контенту FieryAds v2.0.0 — C:DOCUME~1UserAPPLIC~1FieryAdsFieryAds.dll [2009-05-05 669184][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll [2009-04-03 668656][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{DBBABB93-DDBC-48CA-B6BE-7F85E50D8FC7} — XTRANS — C:Program FilesX-Translator GOLDPRMTETPrmtETru.dll [2002-07-15 212992]
{468CD8A9-7C25-45FA-969E-3D925C689DC4} — Rambler-Ассистент — C:Program FilesRambler AssistantramblertoolbarU0.dll [2008-12-27 849392][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2004-09-30 4603904]
«nwiz»=nwiz.exe /install []
«NvMediaCenter»=C:WINDOWSsystem32NvMcTray.dll [2004-09-30 86016]
«ATIPTA»=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2004-11-30 344064]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2004-12-22 77824]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«DAEMON Tools-1033″=C:Program FilesD-Toolsdaemon.exe [2004-08-22 81920]
«»= []
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2007-03-23 227328]
«ISTray»=C:Program FilesSpyware DoctorpctsTray.exe [2008-07-16 1166216]
«WiniBlueSoft»=C:Program FilesWiniBlueSoft SoftwareWiniBlueSoftWiniBlueSoft.exe -min [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232]
«wsctf.exe»=wsctf.exe []
«AdobeUpdater»=C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe []
«ICQ»=C:Program FilesICQ6ICQ.exe [2008-09-01 173304]
«setup2.exe»=C:WINDOWSsystem32setup2.exe [2009-05-12 1097216]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
VIA RAID TOOL.lnk — C:Program FilesVIARAIDraid_tool.exe
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
MultiLex Universal Hotkeys.lnk — C:Program FilesMediaLinguaMultiLex 4.0HKML_SRV.exe
Ulead Photo Express 4.0 SE Calendar Checker .lnk — C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
Adobe Gamma Loader.exe.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
ImageFox.lnk — C:WINDOWSInstaller{99ADC6C1-45D9-4D5C-B1CD-EB0F15FB529B}IMAGEFOX_STRTUP_SHRTCUT.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»C:PROGRA~1KASPER~1KASPER~1.0adialhk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2004-12-01 94208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2006-03-24 28778][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
«SecurityProviders»=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1fkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1fkxx.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DisableCMD»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoFolderOptions»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Documents and SettingsUserLocal SettingsTempRar$EX01.250utorrent175.exe»=»C:Documents and SettingsUserLocal SettingsTempRar$EX01.250utorrent175.exe:*:Enabled:µTorrent»
«C:Documents and SettingsUserLocal SettingsTempRar$EX00.828utorrent175.exe»=»C:Documents and SettingsUserLocal SettingsTempRar$EX00.828utorrent175.exe:*:Enabled:µTorrent»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{32e4a2ba-158e-11dc-b730-000fead6e02d}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledctfmon.exe
shellOpen(&0)command — F:Recycledctfmon.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{603a4152-6f48-11dc-b791-000fead6e02d}]
shellAutoRuncommand — F:EXPLORER.EXE
shellexplorecommand — F:EXPLORER.EXE
shellopencommand — F:EXPLORER.EXE======File associations======
.ini — open — C:WINDOWSSYSTEM32NOTEPAD.EXE %1
.scr — open — C:WINDOWSNOTEPAD.EXE «%1»
.scr — install —
.scr — config —
.txt — open — C:WINDOWSSYSTEM32NOTEPAD.EXE %1======List of files/folders created in the last 1 months======
2009-12-26 14:43:08 —-A—- C:WINDOWSsystem3255ad9pyware883z.dll
2009-12-24 18:16:42 —-A—- C:WINDOWS5597vir33z.dll
2009-12-20 07:44:29 —-A—- C:WINDOWSsystem32310adownlza9e51353.exe
2009-12-12 20:44:13 —-A—- C:WINDOWS6e5backzoor51739.exe
2009-12-11 13:30:49 —-A—- C:WINDOWS293zs9y503.dll
2009-12-05 09:12:00 —-A—- C:WINDOWS7cd5down5oaze92691.dll
2009-12-04 06:32:26 —-A—- C:WINDOWSsystem32699zthr5at27751.dll
2009-12-03 07:32:08 —-A—- C:WINDOWSsystem32z9576worm6a.exe
2009-12-01 04:35:05 —-A—- C:WINDOWSsystem321763595zus6f2.exe
2009-11-28 02:35:00 —-A—- C:WINDOWS13383hackt5olz89.dll
2009-11-26 00:48:39 —-A—- C:WINDOWSsystem3229970trzj55f.exe
2009-11-21 00:46:54 —-A—- C:WINDOWS6536backdoo9257z.dll
2009-11-19 21:16:25 —-A—- C:WINDOWSsystem3243bzddwa5e1994.dll
2009-11-15 14:57:33 —-A—- C:WINDOWSsystem326z1baddwar52993.dll
2009-11-15 11:53:19 —-A—- C:WINDOWS459faddw9r51492z.dll
2009-11-13 14:22:00 —-A—- C:WINDOWSsystem325f29s9y5arez118.exe
2009-11-06 01:21:19 —-A—- C:WINDOWS1292zir521.exe
2009-11-04 18:51:51 —-A—- C:WINDOWSsystem3223z99wo5m49e.dll
2009-11-04 05:58:04 —-A—- C:WINDOWSsystem3210985not9a-virus5z5.exe
2009-11-03 16:15:10 —-A—- C:WINDOWSsystem325665spazse10749.exe
2009-11-03 09:33:05 —-A—- C:WINDOWS3z1athr9a517127.dll
2009-11-03 03:06:42 —-A—- C:WINDOWSsystem324f0daddwar559z.exe
2009-10-26 01:09:55 —-A—- C:WINDOWS1dff95arse1227z.dll
2009-10-25 17:16:24 —-A—- C:WINDOWSz953worm57a5.exe
2009-10-25 13:11:32 —-A—- C:WINDOWSsystem324a7z5ackdoor11819.exe
2009-10-24 17:07:40 —-A—- C:WINDOWSsystem32104spaz5e5009.dll
2009-10-23 11:21:54 —-A—- C:WINDOWS15d0v5z9193.exe
2009-10-20 18:51:37 —-A—- C:WINDOWS1e6bvzr295.exe
2009-10-15 05:14:19 —-A—- C:WINDOWS18405zt-a9virus72d.dll
2009-10-12 00:24:36 —-A—- C:WINDOWS23701sz51fd9.dll
2009-10-11 05:06:52 —-A—- C:WINDOWSsystem325f97v9rz6735.exe
2009-10-10 12:21:20 —-A—- C:WINDOWS5935wozm559.dll
2009-10-03 09:52:26 —-A—- C:WINDOWS14eathre9t7457z.dll
2009-10-02 09:36:27 —-A—- C:WINDOWSz3974sp5235.exe
2009-10-01 21:27:33 —-A—- C:WINDOWS5e5downloade9162z.exe
2009-09-28 22:18:03 —-A—- C:WINDOWSsystem3212dbzparse9255.exe
2009-09-20 06:36:11 —-A—- C:WINDOWS67ftz9e5t2775.dll
2009-09-07 18:53:05 —-A—- C:WINDOWS17936hzc5tool61.dll
2009-09-06 11:26:17 —-A—- C:WINDOWS2a95a9dwzre2838.dll
2009-09-02 13:06:47 —-A—- C:WINDOWSz982spambot9db5.dll
2009-09-02 12:45:55 —-A—- C:WINDOWS235z5worm9bb.dll
2009-08-22 09:42:27 —-A—- C:WINDOWS96643viruz565.dll
2009-08-16 02:03:01 —-A—- C:WINDOWSsystem321c89t9ie5859z.dll
2009-08-14 14:19:17 —-A—- C:WINDOWSsystem322097trzj4635.exe
2009-08-14 12:33:08 —-A—- C:WINDOWSsystem326629th9ef4z95.exe
2009-08-06 07:14:15 —-A—- C:WINDOWSsystem3223378viru5zf69.exe
2009-08-03 23:44:31 —-A—- C:WINDOWS24989sp59fz.dll
2009-07-24 09:18:16 —-A—- C:WINDOWSsystem321b2fd5wnloaz9r459.dll
2009-07-23 18:10:21 —-A—- C:WINDOWSsystem3236ebdow9loadez16395.exe
2009-07-22 16:47:39 —-A—- C:WINDOWSsystem32902zthreat32350.exe
2009-07-19 06:12:33 —-A—- C:WINDOWS9253spzrse2952.dll
2009-07-18 21:49:10 —-A—- C:WINDOWS2z339hack95ol572.exe
2009-07-18 00:18:08 —-A—- C:WINDOWS13454not-a-vi9uz3c5.dll
2009-07-13 17:47:31 —-A—- C:WINDOWSsystem322z521hack95ol7ac.exe
2009-07-12 01:26:31 —-A—- C:WINDOWSsystem324a3zthr5at114779.dll
2009-07-06 21:30:03 —-A—- C:WINDOWS486eback5o9z199.dll
2009-07-05 23:42:31 —-A—- C:WINDOWSsystem32179zbackdoor2531.exe
2009-06-27 05:19:20 —-A—- C:WINDOWSsystem3215z07tr9j65f.dll
2009-06-25 21:29:48 —-A—- C:WINDOWSsystem3236249ow5loadzr2308.exe
2009-06-24 15:45:35 —-A—- C:WINDOWSsystem32z2304s9y7a25.exe
2009-06-22 04:23:37 —-A—- C:WINDOWS41485hie92520z.exe
2009-06-21 04:08:00 —-A—- C:WINDOWSd4thre9t1z4665.exe
2009-06-10 01:52:54 —-A—- C:WINDOWS2500t9ief2z505.dll
2009-06-02 16:31:05 —-A—- C:WINDOWSsystem3297194zorm7b5.dll
2009-05-28 04:15:09 —-A—- C:WINDOWS9942not-a-vzr5s193.exe
2009-05-25 21:26:17 —-A—- C:WINDOWSsystem326971thr5zt288.exe
2009-05-22 01:00:38 —-A—- C:WINDOWS5f8ste9lz857.exe
2009-05-17 20:32:59 —-A—- C:WINDOWS296595t-a-virus498z.dll
2009-05-16 20:40:35 —-D—- C:Program Filestrend micro
2009-05-16 20:40:24 —-D—- C:rsit
2009-05-16 19:06:07 —-D—- C:Documents and SettingsUserApplication DataMalwarebytes
2009-05-16 19:05:54 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-05-16 19:05:51 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-05-15 22:02:38 —-A—- C:WINDOWS7125spyw9re2z585.dll
2009-05-14 18:21:28 —-A—- C:WINDOWS6418zhi592347.dll
2009-05-14 17:08:33 —-A—- C:WINDOWSsystem329z075n5t-a-virus6.exe
2009-05-14 11:00:54 —-A—- C:WINDOWS29750spy15z9.dll
2009-05-13 13:22:09 —-A—- C:WINDOWSsystem32setup_XP.ini
2009-05-13 00:29:52 —-A—- C:WINDOWS5e1baddware949z.dll
2009-05-12 13:42:58 —-A—- C:WINDOWSsystem32658dthizf9127.exe
2009-05-12 13:42:58 —-A—- C:WINDOWS55923not-9-vzrus2c4.dll
2009-05-12 13:42:57 —-A—- C:WINDOWSsystem325823addzare5279.exe
2009-05-12 13:42:57 —-A—- C:WINDOWS282bthrz5915900.dll
2009-05-12 13:42:57 —-A—- C:WINDOWS15550spyze9.dll
2009-05-12 13:42:56 —-A—- C:WINDOWSsystem3223893z5t-a9virus298.exe
2009-05-12 13:42:56 —-A—- C:WINDOWS34zead9wa5e263.exe
2009-05-12 13:42:56 —-A—- C:WINDOWS2925dzwnl9ader976.exe
2009-05-12 13:42:54 —-A—- C:WINDOWSsystem32ef19teal1656z.dll
2009-05-12 13:42:54 —-A—- C:WINDOWSsystem3224298spamb595zd.dll
2009-05-12 13:42:51 —-A—- C:WINDOWS10540not-a-viru53b9z.dll
2009-05-12 13:42:48 —-A—- C:WINDOWSsystem3215585vir9sz56.exe
2009-05-12 13:42:47 —-A—- C:WINDOWS14582not-a-9iru56z5.exe
2009-05-12 13:42:45 —-A—- C:WINDOWS59cfszywa5e1603.exe
2009-05-12 13:42:37 —-A—- C:WINDOWS4551spa9se289z.dll
2009-05-12 13:42:36 —-A—- C:WINDOWSsystem325e66doznloader9429.dll
2009-05-12 13:42:34 —-A—- C:WINDOWS3e5fbazkdoor5999.dll
2009-05-12 13:42:34 —-A—- C:WINDOWS25e9vi9z96.dll
2009-05-12 13:42:34 —-A—- C:WINDOWS2248th9eaz25526.exe
2009-05-12 13:42:33 —-A—- C:WINDOWSsystem32944notza-95rus6a6.dll
2009-05-12 13:42:30 —-A—- C:WINDOWSsystem3259932viruz9f.dll
2009-05-12 13:42:30 —-A—- C:WINDOWS7573thi9f18z8.dll
2009-05-12 13:42:29 —-A—- C:WINDOWS5487zpy969.dll
2009-05-12 13:42:29 —-A—- C:WINDOWS3744ba9kd5or1651z.dll
2009-05-12 13:42:29 —-A—- C:WINDOWS20987vir5s3zc9.dll
2009-05-12 13:42:28 —-A—- C:WINDOWS16511hac95ooz467.exe
2009-05-12 13:42:25 —-A—- C:WINDOWSsystem325638zi5939.exe
2009-05-12 13:42:24 —-A—- C:WINDOWSsystem325105dozn9o5der1646.dll
2009-05-12 13:42:23 —-A—- C:WINDOWSsystem3299975rzj3c9.dll
2009-05-12 13:42:23 —-A—- C:WINDOWSsystem32291espar952354z.exe
2009-05-12 13:42:23 —-A—- C:WINDOWS92543hacktozl54.dll
2009-05-12 13:42:21 —-A—- C:WINDOWSsystem3292759tro524z.dll
2009-05-12 13:42:19 —-A—- C:WINDOWS51b89zief854.dll
2009-05-12 13:42:12 —-A—- C:WINDOWSsystem3225712z5rm1d69.exe
2009-05-12 13:42:11 —-A—- C:WINDOWSsystem324765s9ywaze1869.exe
2009-05-12 13:42:11 —-A—- C:WINDOWSsystem321d95wnloader952z.dll
2009-05-12 13:42:11 —-A—- C:WINDOWS14290zp511.exe
2009-05-12 13:42:10 —-A—- C:WINDOWSsystem321911vir9s459z.dll
2009-05-12 13:42:09 —-A—- C:WINDOWS5z4faddware9462.exe
2009-05-12 13:42:08 —-A—- C:WINDOWSz7025hac5tool289.exe
2009-05-12 13:42:08 —-A—- C:WINDOWSsystem323016backd9or55z.dll
2009-05-12 13:42:08 —-A—- C:WINDOWSsystem322fd5oz9loader3194.exe
2009-05-12 13:42:08 —-A—- C:WINDOWS789ztr5j2b0.exe
2009-05-12 13:42:05 —-A—- C:WINDOWSsystem325992vi5z457.dll
2009-05-12 13:42:04 —-A—- C:WINDOWSsystem3214693zot-9-virus685.dll
2009-05-12 13:41:59 —-A—- C:WINDOWSsystem329697adz5are448.dll
2009-05-12 13:41:59 —-A—- C:WINDOWS29a1threat1645z.exe
2009-05-12 13:41:55 —-A—- C:WINDOWSz9e9backdoor7155.dll
2009-05-12 13:41:54 —-A—- C:WINDOWSsystem32373viruz591.dll
2009-05-12 13:41:53 —-A—- C:WINDOWSsystem3249f6azdware2595.dll
2009-05-12 13:41:52 —-A—- C:WINDOWSsystem32985ba5zware726.exe
2009-05-12 13:41:49 —-A—- C:WINDOWSsystem325895t5ief938z.dll
2009-05-12 13:41:45 —-A—- C:WINDOWS908035acktozl20c.dll
2009-05-12 13:41:44 —-A—- C:WINDOWS68f9do5nlzader423.dll
2009-05-12 13:41:43 —-A—- C:WINDOWSsystem32c9caddzar59015.exe
2009-05-12 13:41:42 —-A—- C:WINDOWSsystem32setup2.exe
2009-05-08 07:21:31 —-A—- C:WINDOWSsystem321259ztr5j9a1.exe
2009-05-08 05:03:06 —-A—- C:WINDOWSsystem321z549ir11125.dll
2009-05-07 22:00:46 —-A—- C:WINDOWSsystem32z56sp9rse2521.exe
2009-05-06 00:36:56 —-A—- C:WINDOWS30z895orm5149.dll
2009-05-05 20:13:49 —-D—- C:Documents and SettingsUserApplication DataFieryAds
2009-05-01 04:56:37 —-A—- C:WINDOWS2258addwzre9252.dll
2009-04-25 16:35:38 —-A—- C:WINDOWS153wz9m325.exe
2009-04-22 17:52:53 —-A—- C:WINDOWS583bsparz51809.dll
2009-04-17 14:18:56 —-A—- C:WINDOWSsystem3218861notza-vi9us695.dll======List of files/folders modified in the last 1 months======
2009-05-16 19:40:18 —-A—- C:WINDOWSSchedLgU.Txt
2009-05-16 17:52:56 —-A—- C:WINDOWSPrmtX.INI
2009-05-14 15:05:22 —-A—- C:WINDOWSNeroDigital.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 IKSysFlt;System Filter Driver; C:WINDOWSsystem32driversiksysflt.sys [2008-06-02 66952]
R1 IKSysSec;System Security Driver; C:WINDOWSsystem32driversiksyssec.sys [2008-06-10 81288]
R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 40704]
R1 klif;Klif; ??C:WINDOWSsystem32driversklif.sys []
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2003-07-29 40448]
R2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-совместимый транспортный протокол; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2003-08-18 63232]
R2 NwlnkSpx;Протокол NWLink SPX/SPXII; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2003-08-18 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2004-12-01 928256]
R3 GT680x;GrandTechICNameNT; C:WINDOWSSystem32Driversgt680x.sys [2003-02-21 17504]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver; C:WINDOWSsystem32DRIVERSusb8023.sys [2008-04-13 12800]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 vusbbus;Virtual Usb Bus Enumerator; C:WINDOWSsystem32DRIVERSvusbbus.sys [2006-08-19 52224]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:WINDOWSsystem32DRIVERSyukonwxp.sys [2003-12-23 174464]
S1 AmdK7;Драйвер AMD K7 процессора; C:WINDOWSsystem32DRIVERSamdk7.sys [2008-04-14 41984]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-09-30 2743840]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:WINDOWSsystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:WINDOWSsystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 sfc;sfc; C:WINDOWSsystem32driverssfc.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2004-12-01 425984]
R2 InterBaseGuardian;Firebird Guardian Service; C:Program FilesFirebirdbinibguard -s []
R2 sdAuxService;PC Tools Auxiliary Service; C:Program FilesSpyware DoctorpctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:Program FilesSpyware DoctorpctsSvc.exe [2008-08-07 1073544]
R3 InterBaseServer;Firebird Server; C:Program FilesFirebirdbinibserver -s []
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2004-11-30 516096]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-03 183280]
S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2004-09-30 127043]
S2 Service1;IB_Backup; C:StroySoftUtilsIB_Backup.exe []
S3 AVP;Kaspersky Internet Security 6.0; C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe [2006-03-24 139367]
EOF
Скачал сканер RSIT и отправляю то,что получилось!
info.txt logfile of random’s system information tool 1.06 2009-05-16 20:41:09
======Uninstall list======
—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 4.0 Sprint—>C:WINDOWSbitdeins.exe C:PROGRA~1ABBYYF~1.0SPbitdeins.ini
ACDSee 4.0.1 Power Pack Suite—>MsiExec.exe /I{99ADC6C1-45D9-4D5C-B1CD-EB0F15FB529B}
Adobe Acrobat 5.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.isu» -c»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.dll»
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Photoshop 6.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesAdobePhotoshop 6.0Uninst.isu» -c»C:Program FilesAdobePhotoshop 6.0Uninst.dll»
AnswerWorks Runtime—>C:WINDOWSIsUninst.exe -f»C:Program FilesWexTechAnswerWorksUninst.isu»
ATI — Утилита деинсталляции—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Control Panel—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe»
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2002—>MsiExec.exe /I{5783F2D7-0101-0409-0000-0060B0CE6BBA}
BearPaw 1200CU Plus v1.2—>C:PROGRA~1ULEADS~1ULEADP~1.0SEBEARPA~1DRIVERUNINST.EXE
CorelDRAW Graphics Suite 12—>MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Crush’Em 2.0—>C:WINDOWSCrush’Em 2.0UNWISE.EXE C:WINDOWSCrush’Em 2.0install.log
DAEMON Tools—>MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DriverCD—>C:WINDOWSIsUninst.exe -f»C:Program FilesGIGABYTEDriverCDUninst.isu»
Firebird 1.0.0.796—>»C:Program FilesFirebirdunins000.exe»
Fraps—>»C:Frapsuninstall.exe»
Hardlock Device Driver—>C:WINDOWSsystem32UNWISE.EXE C:WINDOWSsystem32HLDRV.LOG
Hardlock Device Drivers—>C:WINDOWSsystem32UNWISE.EXE C:WINDOWSsystem32HLDRV.LOG
HASP Device Driver—>C:WINDOWSsystem32UNWISE.EXE C:WINDOWSsystem32hdd32.log
ICQ6—>C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe -runfromtemp -l0x0009 -removeonly
Java 2 Runtime Environment Standard Edition v1.3.1_06—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D2BFDD8E-D276-11D6-88AF-0050DA21757E}Setup.exe» -uninst
Kaspersky Internet Security 6.0—>MsiExec.exe /I{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}
K-Lite Mega Codec Pack 4.7.5—>»C:Program FilesK-Lite Codec Packunins000.exe»
MadOnion.com/3DMark2001 SE—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{91B323B5-A79C-4D23-BD6D-046C565F9BCF}Setup.exe» -l0x9 uninstall -uninst
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Marvell Miniport Driver—>MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office XP (профессиональный выпуск)—>MsiExec.exe /I{91110419-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (3.0.10)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MP3 Player Mate VII—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{60857B29-7A73-4B0E-8D89-6FE482043A8B}Setup.exe» -l0x9
MultiLex 4.0 (English-Russian)—>C:PROGRA~1MEDIAL~1MULTIL~1.0UnInstal.exe
Need For Speed Hot Pursuit 2—>C:PROGRA~1NEEDFO~1UNWISE.EXE C:PROGRA~1NEEDFO~1INSTALL.LOG
Need For Speed Underground 2—>»C:Program FilesEA GamesNeed For Speed Underground 2unins000.exe»
Nero Suite—>C:Program FilesCommon FilesNeroUninstallSetupx.exe /uninstall ExtraUninstallID=»»
Nokia Connectivity Cable Driver—>MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}Nokia_PC_Suite_683_rel_14_1_EA.exe /LANG=»1049″
Nokia PC Suite—>MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
NVIDIA Drivers—>C:WINDOWSsystem32nvudisp.exe UninstallGUI
PC Connectivity Solution—>MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
Puzzl’Em 1.0 Beta2—>C:WINDOWSPuzzl’Em1.0Beta2UNWISE.EXE C:WINDOWSPuzzl’Em1.0Beta2install.log
Rambler-Ассистент—>»C:Program FilesRambler Assistantuninstall.exe»
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
SAMSUNG CDMA Modem Driver Set—>C:WINDOWSsystem32Samsung_USB_Drivers3SSCDUninstall.exe
Samsung ML-1520 Series—>C:WINDOWSSamsungML-1520SETUP.EXE
SAMSUNG Mobile Composite Device Software—>C:WINDOWSsystem32Samsung_USB_Drivers6SSBCUninstall.exe
Samsung Mobile phone USB driver Software—>C:WINDOWSsystem32Samsung_USB_Drivers5SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software—>C:WINDOWSsystem32Samsung_USB_Drivers1SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software—>C:WINDOWSsystem32Samsung_USB_Drivers2SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}setup.exe» -l0x19 -removeonly
Samsung PC Studio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{C4A4722E-79F9-417C-BD72-8D359A090C97}setup.exe» -l0x19 -removeonly
SmartPhotoRefresh—>C:Program FilesUlead SystemsUlead Photo Express 4.0 SEBearPaw 1200CU PlusUNWISE.EXE C:Program FilesUlead SystemsUlead Photo Express 4.0 SEBearPaw 1200CU Plusinstall.log
Sound’Em—>C:Program FilesUlead SystemsUlead Photo Express 4.0 SEBearPaw 1200CU PlusUNWISE.EXE C:Program FilesUlead SystemsUlead Photo Express 4.0 SEBearPaw 1200CU Plusinstall.log
Spyware Doctor 6.0—>C:Program FilesSpyware Doctorunins000.exe /LOG
Stamina 2.5—>»C:Program FilesStaminauninstall.exe»
TOCA — Race Driver—>C:PROGRA~1CODEMA~1RACEDR~1UNWISE.EXE C:PROGRA~1CODEMA~1RACEDR~1INSTALL.LOG
Ulead DVD PictureShow 2 SE Basic—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime700Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A9212616-FCA2-4173-BD99-5C741EB3A068}Setup.exe» -l0x9
Ulead Photo Express 4.0 SE—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}Setup.exe» -l0x9
VIA Диспетчер устройств платформы—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Volo View Express—>C:WINDOWSuninst.exe -f»C:Program FilesVolo View ExpressDeIsL1.isu»
Windows Driver Package — Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33Epccswpddriver.inf
Windows Driver Package — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Бесплатный контент FieryAds—>C:Documents and SettingsUserApplication DataFieryAdsFieryAdsUninstall.exe
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB938127)—>»C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB944533)—>»C:WINDOWSie7updatesKB944533-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB953838)—>»C:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP — (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923789)—>C:WINDOWSsystem32MacroMedFlashgenuinst.exe C:WINDOWSsystem32MacroMedFlashKB923789.inf
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
Обновление для Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Пакет драйверов Windows — Nokia Modem (11/03/2006 6.82.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567nokbtmdm.inf
Программа обновлений Google—>»C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe» -uninstall
Расширенный выпуск Microsoft Office 2000—>MsiExec.exe /I{00000419-78E1-11D2-B60F-006097C998E7}
СтройОфис—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FC983B4E-D9CB-46DE-B44C-B912776000F3}setup.exe»======Security center information======
AV: Kaspersky Internet Security 6.0 (outdated)
FW: Kaspersky Internet Security 6.0======System event log======
Computer Name: TWEAKLAB-C7C570
Event Code: 7036
Message: Служба «Диспетчер подключений удаленного доступа» перешла в состояние Работает.Record Number: 39394
Source Name: Service Control Manager
Time Written: 20090308201652.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 7035
Message: Служба «ServiceLayer» успешно отправила управляющий элемент «запустить».Record Number: 39393
Source Name: Service Control Manager
Time Written: 20090308201649.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: TWEAKLAB-C7C570
Event Code: 7036
Message: Служба «Служба сетевого расположения (NLA)» перешла в состояние Работает.Record Number: 39392
Source Name: Service Control Manager
Time Written: 20090308201647.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 7035
Message: Служба «Служба обнаружения SSDP» успешно отправила управляющий элемент «запустить».Record Number: 39391
Source Name: Service Control Manager
Time Written: 20090308201647.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEMComputer Name: TWEAKLAB-C7C570
Event Code: 7035
Message: Служба «Служба сетевого расположения (NLA)» успешно отправила управляющий элемент «запустить».Record Number: 39390
Source Name: Service Control Manager
Time Written: 20090308201646.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM=====Application event log=====
Computer Name: TWEAKLAB-C7C570
Event Code: 105
Message: The service was started.Record Number: 5
Source Name: ATI Smart
Time Written: 20090113174541.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 0
Message:
Record Number: 4
Source Name: ServiceLayer
Time Written: 20090113114754.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.Record Number: 3
Source Name: SecurityCenter
Time Written: 20090113114745.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 251
Message:
Record Number: 2
Source Name: Firebird Guardian
Time Written: 20090113114741.000000+180
Event Type: информация
User:Computer Name: TWEAKLAB-C7C570
Event Code: 105
Message: The service was started.Record Number: 1
Source Name: ATI Smart
Time Written: 20090113114719.000000+180
Event Type: информация
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI Control Panel;C:Program FilesCommon FilesAutodesk Shared;C:Program FilesCommon FilesUlead SystemsMPEG;C:Program FilesSamsungSamsung PC Studio 3
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 4 Stepping 1, GenuineIntel
«PROCESSOR_REVISION»=0401
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
