Созданные ответы форума
-
Сообщения
-
info.txt logfile of random’s system information tool 1.06 2011-03-13 22:15:27
======Uninstall list======
—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {744C859F-C225-48A9-A524-4DED432F36C7}
—>MsiExec /X{F9835182-794B-4F24-902A-E2CA9D43380F}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 9.0 Professional Edition—>MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
ACDSee 9 Photo Manager—>MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashFlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashFlashUtil10n_Plugin.exe -maintain plugin
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player—>C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.2—>MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks Runtime—>C:WINDOWSIsUninst.exe -f»C:Program FilesWexTechAnswerWorksUninst.isu»
ARMA 2 Operation Arrowhead Uninstall—>E:GamesARMA 2Bohemia InteractiveArmA 2 Operation ArrowheadUnInstall_OA.exe
Ask Toolbar—>MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ATI Catalyst Registration—>MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
Audacity 1.3.12 (Unicode)—>»C:Program FilesAudacity 1.3 Beta (Unicode)unins000.exe»
AudioConverter—>»C:Program FilesTotalAudioConverterunins000.exe»
AusLogics Disk Defrag—>»C:Program FilesAusLogics Disk Defragunins000.exe»
Autodesk DWF Viewer—>C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove
Avira AntiVir Personal — Free Antivirus—>C:Program FilesAviraAntiVir Desktopsetup.exe /REMOVE
Background changer 2.0.8.0—>»C:Program FilesBackground changerunins000.exe»
BattlEye for OA Uninstall—>E:GamesARMA 2Bohemia InteractiveArmA 2 Operation ArrowheadExpansionBattlEyeUnInstallBE.exe
BattlEye Uninstall—>E:GamesARMA 2Bohemia InteractiveArmA 2 Operation ArrowheadExpansionBattlEyeUnInstallBE.exe
Bionic Commando Rearmed—>»C:Program FilesInstallShield Installation Information{DB219559-1F78-4343-9A6E-C2E987AD47A3}setup.exe» -runfromtemp -l0x0009 -removeonly
Call of Duty — Black Ops—>»C:Documents and SettingsAdminApplication DataCall of Duty — Black OpsUninstallunins000.exe»
Call of Duty(R) 4 — Modern Warfare(TM) 1.6 Patch—>C:Program FilesInstallShield Installation Information{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}setup.exe -runfromtemp -l0x0409
Canon Camera Access Library—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonCALUninst.ini»
Canon MovieEdit Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramMVWUninst.ini»
Canon Utilities CameraWindow DC 8—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDC8Uninst.ini»
Canon Utilities CameraWindow—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowLauncherUninst.ini»
Canon Utilities Movie Uploader for YouTube—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonCameraWindowMovie Uploader for YouTubeUninst.ini»
Canon Utilities MyCamera—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonCameraWindowMyCameraUninst.ini»
Canon Utilities PhotoStitch—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonPhotoStitchUninst.ini»
Canon Utilities ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramUninst.ini»
Canon ZoomBrowser EX Memory Card Utility—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EX MCUUninst.ini»
CASHFLOW—>E:GamesCashflow1uninstall.exe
Catalyst Control Center — Branding—>MsiExec.exe /I{6AB57823-3580-4CE0-9CF0-072E2A39460C}
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
Ccleaner 2.03.532—>»C:Program FilesCcleanerunins000.exe»
CDDRV_Installer—>MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
ClickMeR 1.1.1—>D:СережаprogramClickMeRunins000.exe
Counter-Strike 1.6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime90Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}Setup.exe» -l0x19
Counter-Strike Steamworks Beta—>»C:Program FilesSteamsteam.exe» steam://uninstall/150
Counter-Strike(TM)—>MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike—>»C:Program FilesSteamsteam.exe» steam://uninstall/10
CPU-Control—>»C:Program FilesCPU-Controlunins000.exe»
Crawler Toolbar with Web Security Guard—>C:PROGRA~1CrawlerToolbarCToolbar.exe uninst
DB Master 11 Beta 5—>»C:Program FilesFifa MasterDB Master 11unins000.exe»
‘Dead Space™ 2’—>»E:GamesDead space 2Dead Space 2unins000.exe»
Dead Space™—>MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
DiRT2—>»C:Program FilesInstallShield Installation Information{52D1D62C-FEAB-4580-849E-1DB624BADBBD}setup.exe» -runfromtemp -l0x0009 -removeonly
Disc2Phone—>MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
Dual-Core Optimizer—>MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
EAX Unified—>C:WINDOWSIsUninst.exe -f»C:Program FilesCreativeEAX UnifiedUninst.isu»
erLT—>MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
Etymonix SoftReel—>C:WINDOWSISUNINST.EXE -f»C:Program FilesEtymonixSoftReelUninst.isu» -c»C:Program FilesEtymonixSoftReeliscustom.dll»
F1 2010—>»E:GamesF1F1 2010Uninstallunins000.exe»
Far Cry 2—>»C:Program FilesInstallShield Installation Information{F2835483-37F2-4123-B4FE-0E77D58447F2}setup.exe» -runfromtemp -l0x0009 -removeonly
FAR file manager—>C:Program FilesFarUninstall.exe
FIFA 11—>MsiExec.exe /X{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}
FIFA 2008—>»E:GamesFIFA 2008unins000.exe»
Foxit Reader 2.2 — DJ Mogarych’s pack—>»C:Program FilesFoxit Readerunins000.exe»
Game Prelauncher, версия 3.1.2—>»C:Program FilesGame Prelauncherunins000.exe»
GameShadow—>MsiExec.exe /I{F7C1C17E-70E3-475F-BD52-EA554391F15D}
Google Chrome—>»C:Program FilesGoogleChromeApplication9.0.597.107Installersetup.exe» —uninstall —system-level
Google Earth—>MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_AC0049E063DE2AEA.exe» /uninstall
Google Toolbar for Internet Explorer—>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto IV v1.0.3.1—>»E:GamesGrand Theft Auto IVunins000.exe»
Grand Theft Auto IV—>MsiExec.exe /I{5454083B-1308-4485-BF17-111000088401}
Grand Theft Auto IV—>MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8301}
GribUser FB2 to Any 1.0 (remove only)—>»C:Program FilesGribUserFB2 to Anyuninstall.exe»
Guitar Pro 4.0—>C:PROGRA~1GUITAR~1UNWISE.EXE C:PROGRA~1GUITAR~1INSTALL.LOG
Hamachi 1.0.3.0—>C:Program FilesHamachiuninstall.exe
HijackThis 2.0.2—>»C:програмHijackThis.exe» /uninstall
Hitman Blood Money—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}setup.exe» -l0x9 -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
ICE Book Reader Professional v8.9.2 Russian—>»C:Program FilesICE Book Reader Professional Russianunins000.exe»
ICQ Toolbar—>C:Program FilesICQ6ToolbarICQUnToolbar.exe
ICQ7.2—>»C:Program FilesInstallShield Installation Information{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}ICQ7.exe» -runfromtemp -l0x0009 -removeonly
iLook 310—>»C:Program FilesInstallShield Installation Information{7EF900F4-61A8-4D95-8A65-488D3BECA206}setup.exe» -runfromtemp -l0x0019 -removeonly
iSnooker—>E:GamesснукерiSnookerUninstall.exe
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
‘Jets N Guns GOLD’—>»C:Program FilesNightWolf GamesJets N Guns GOLDNightWolf Gamesunins000.exe»
KhalInstallWrapper—>MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 5.8.3 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
LClock—>C:Program FilesLClockUninstall.exe
Light Alloy 4.3—>C:Program FilesLight Alloyuninst.exe
Ligos Indeo XP v.5.2 codec—>RunDLL32.exe advpack.dll,LaunchINFSection indeoxp.inf, UnInstall
Logitech SetPoint—>»C:Program FilesInstallShield Installation Information{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}setup.exe» -runfromtemp -l0x0019 -removeonly
Magicka—>»E:GamesMagickaMagickaunins000.exe»
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Mathcad 11 Enterprise Edition—>MsiExec.exe /I{DE4386F2-ECDE-493E-B8BE-9861A9A7D069}
Microsoft .NET Framework 1.1 Security Update (KB2416447)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM2416447M2416447Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{34AB2437-1B34-3E2D-9DE8-3E2D35335B3F}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{CFF15B94-E062-3701-869A-4CDF4590461E}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack — rus—>MsiExec.exe /I{95E44F11-19F0-39EA-A894-792E054AA1CF}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync—>MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
Microsoft Games for Windows — LIVE—>MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-0016-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-0018-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001A-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001B-0419-0000-0000000FF1CE} /uninstall {DCB382C1-7F1B-42B2-9D47-EDC4262E832F}
Microsoft Office 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-006E-0419-0000-0000000FF1CE} /uninstall {37317C49-30C4-412C-B0B9-D95090F330D8}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {57A92C5E-E76A-49CC-9EC2-A7B6CE1255EA}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)—>msiexec /package {90120000-001F-0422-0000-0000000FF1CE} /uninstall {6F177D09-F21D-4F50-9436-353972D1D232}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Standard 2007—>MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Стандартный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall STANDARD /dll OSETUP.DLL
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729—>MsiExec.exe /X{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
Microsoft XNA Framework Redistributable 3.1—>MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
mIRC—>C:Program FilesmIRCuninstall.exe _?=C:Program FilesmIRC
Movavi Video Converter 9—>MsiExec.exe /I{4D92FD47-5138-48D2-B68B-9D0CCFA21CD7}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)—>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)—>MsiExec.exe /I{8FCE7820-08DF-4663-AF5B-B190EF387C4B}
MyDsc2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{83D96ED0-98AA-4515-8DDC-816F3EFDD104}Setup.exe» -l0x9
Need For Speed Underground 2—>»C:GamesNeed For Speed Underground 2unins000.exe»
Need For Speed Underground—>E:GamesNEEDFO~1UNWISE.EXE E:GamesNEEDFO~1INSTALL.LOG
Nero 6—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Nexon Game Manager—>»C:Documents and SettingsAll UsersApplication DataNexonUSNGMNGM.exe» -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local
Nokia Connectivity Cable Driver—>MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
NVIDIA Drivers—>C:WINDOWSsystem32nvunrm.exe UninstallGUI
NVIDIA PhysX—>MsiExec.exe /X{F9835182-794B-4F24-902A-E2CA9D43380F}
Online Armor 4.0—>»C:Program FilesTall EmuOnline Armorunins000.exe»
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
Opera 11.01—>MsiExec.exe /X{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}
Paint.NET v3.20—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFPaintDN.inf,Uninstall
PC Connectivity Solution—>MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PunkBuster Services—>C:WINDOWSsystem32pbsvc.exe -u
QIP.Online—>C:Program FilesQIP.OnlineUninstall.exe
RadioClicker LITE—>»C:Program FilesRadioClicker LITEunins000.exe»
RadioClicker PRO—>»C:Program FilesRadioClicker PROunins000.exe»
Rapture3D 2.4.4 Game—>»C:Program FilesBRSunins000.exe»
RayV TV—>C:Program FilesRayVRayVuninstall.exe
Realtek HDMI Audio Driver for ATI—>RtaUpd.exe -k -m -nrg2709
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
Right Click Image Converter—>»C:Program FilesKristanixRight Click Image Converteruninstall.exe»
Security Update for 2007 Microsoft Office System (KB2288621)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=»»
Security Update for Microsoft Office Excel 2007 (KB2345035)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office system 2007 (972581)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Sina Web TV—>C:PROGRA~1sinaSINAWE~1302~1.9BEUNWISE.EXE C:PROGRA~1sinaSINAWE~1302~1.9BEInstall.LOG
Skype™ 4.1—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SMSDV v.1.6.b (22 сен 2007г.)—>»C:Program FilesSMSDVunins000.exe»
SnagIt 8—>MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sony Ericsson PC Suite—>C:WINDOWSInstaller{D6BF6477-8369-489F-8DE6-3731F4B88560}setup.exe /uninstall
SopCast 1.1.2—>C:Program FilesSopCastuninst.exe
Steam(TM)—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
‘Tanks Evolution’—>»C:Program FilesNightWolf GamesTanks EvolutionReflexiveArcadeNightWolf Gamesunins000.exe»
TeamSpeak 3 Client—>»C:Program FilesTeamSpeak 3 Clientuninstall.exe»
Test Drive Unlimited—>C:Program FilesInstallShield Installation Information{8B43248F-5FAA-40CE-978E-95D3C5F12355}setup.exe
The Lord of the Rings FREE Trial —>MsiExec.exe /X{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}
TV Player Classic 5.1—>»C:Program FilesTVPlayerClassicunins000.exe»
TVUPlayer 2.4.0.1—>C:Program FilesTVUPlayeruninst.exe
UltraISO Premium (only 32bit) V8.6.5.2160 Rus—>»C:Program FilesUltraISOunins000.exe»
Undelete Plus 2.94—>»C:Program FilesTouchStoneSoftwareUndeletePlusunins000.exe»
Uninstall 1.0.0.1—>»C:Program FilesCommon FilesDVDVideoSoftunins000.exe»
Uninstall Tool—>»C:Program FilesUninstall Toolunins000.exe»
Universal Extractor 1.6.1—>»C:Program FilesUniversal Extractorunins000.exe»
Unlocker 1.8.9—>C:Program FilesUnlockeruninst.exe
Update for 2007 Microsoft Office System (KB967642)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
Update for Microsoft Office Outlook 2007 (KB2412171)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
Update for Outlook 2007 Junk Email Filter (KB2508979)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {D2137BBA-250B-4548-BC1C-19E5009893D7}
Veetle TV 0.9.17—>C:Program FilesVeetleUninstallVeetleTV.exe
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Player Firefox Plugin—>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
WinHex—>C:Program FilesWinHexWinHex.exe uninst
Xfire (remove only)—>»C:Program FilesXfireuninst.exe»
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
АвтоСправочник—>C:WINDOWSuninst.exe -f»C:Program FilesAutoDealerFreewareDeIsL1.isu» -c»C:Program FilesAutoDealerFreeware_ISREG32.DLL»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Боковая панель Windows—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFSidebar.inf,DefaultUnInstall
Исправление для Windows XP (KB2158563)—>»C:WINDOWS$NtUninstallKB2158563$spuninstspuninst.exe»
Исправление для Windows XP (KB2443685)—>»C:WINDOWS$NtUninstallKB2443685$spuninstspuninst.exe»
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Исправление для Windows XP (KB961118)—>»C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe»
Казаки — Снова Война—>C:WINDOWSuna2setup.exe
Конвертер AMR-WAV-AMR—>C:Program FilesКонвертер AMR-WAV-AMRuninstall.exe
Обновление безопасности для Windows Internet Explorer 7 (KB2183461)—>»C:WINDOWSie7updatesKB2183461-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB2360131)—>»C:WINDOWSie7updatesKB2360131-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB2416400)—>»C:WINDOWSie7updatesKB2416400-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB2482017)—>»C:WINDOWSie7updatesKB2482017-IE7spuninstspuninst.exe»
Обновление безопасности для Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2079403)—>»C:WINDOWS$NtUninstallKB2079403$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2115168)—>»C:WINDOWS$NtUninstallKB2115168$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2121546)—>»C:WINDOWS$NtUninstallKB2121546$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2160329)—>»C:WINDOWS$NtUninstallKB2160329$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2229593)—>»C:WINDOWS$NtUninstallKB2229593$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2259922)—>»C:WINDOWS$NtUninstallKB2259922$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2279986)—>»C:WINDOWS$NtUninstallKB2279986$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2286198)—>»C:WINDOWS$NtUninstallKB2286198$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2296011)—>»C:WINDOWS$NtUninstallKB2296011$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2296199)—>»C:WINDOWS$NtUninstallKB2296199$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2347290)—>»C:WINDOWS$NtUninstallKB2347290$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2360937)—>»C:WINDOWS$NtUninstallKB2360937$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2387149)—>»C:WINDOWS$NtUninstallKB2387149$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2393802)—>»C:WINDOWS$NtUninstallKB2393802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2419632)—>»C:WINDOWS$NtUninstallKB2419632$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2423089)—>»C:WINDOWS$NtUninstallKB2423089$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2436673)—>»C:WINDOWS$NtUninstallKB2436673$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2440591)—>»C:WINDOWS$NtUninstallKB2440591$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2443105)—>»C:WINDOWS$NtUninstallKB2443105$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2476687)—>»C:WINDOWS$NtUninstallKB2476687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2478960)—>»C:WINDOWS$NtUninstallKB2478960$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2478971)—>»C:WINDOWS$NtUninstallKB2478971$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2479628)—>»C:WINDOWS$NtUninstallKB2479628$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2479943)—>»C:WINDOWS$NtUninstallKB2479943$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2481109)—>»C:WINDOWS$NtUninstallKB2481109$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2483185)—>»C:WINDOWS$NtUninstallKB2483185$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB2485376)—>»C:WINDOWS$NtUninstallKB2485376$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956744)—>»C:WINDOWS$NtUninstallKB956744$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956844)—>»C:WINDOWS$NtUninstallKB956844$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958869)—>»C:WINDOWS$NtUninstallKB958869$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB969059)—>»C:WINDOWS$NtUninstallKB969059$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB970430)—>»C:WINDOWS$NtUninstallKB970430$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB971961)—>»C:WINDOWS$NtUninstallKB971961$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB972270)—>»C:WINDOWS$NtUninstallKB972270$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB973904)—>»C:WINDOWS$NtUninstallKB973904$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB974112)—>»C:WINDOWS$NtUninstallKB974112$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB974318)—>»C:WINDOWS$NtUninstallKB974318$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB974392)—>»C:WINDOWS$NtUninstallKB974392$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB974571)—>»C:WINDOWS$NtUninstallKB974571$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB975025)—>»C:WINDOWS$NtUninstallKB975025$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB975467)—>»C:WINDOWS$NtUninstallKB975467$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB975560)—>»C:WINDOWS$NtUninstallKB975560$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB975562)—>»C:WINDOWS$NtUninstallKB975562$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB975713)—>»C:WINDOWS$NtUninstallKB975713$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB977816)—>»C:WINDOWS$NtUninstallKB977816$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB977914)—>»C:WINDOWS$NtUninstallKB977914$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB978037)—>»C:WINDOWS$NtUninstallKB978037$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB978338)—>»C:WINDOWS$NtUninstallKB978338$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB978542)—>»C:WINDOWS$NtUninstallKB978542$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB978601)—>»C:WINDOWS$NtUninstallKB978601$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB978706)—>»C:WINDOWS$NtUninstallKB978706$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB979309)—>»C:WINDOWS$NtUninstallKB979309$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB979482)—>»C:WINDOWS$NtUninstallKB979482$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB979687)—>»C:WINDOWS$NtUninstallKB979687$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB980195)—>»C:WINDOWS$NtUninstallKB980195$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB980218)—>»C:WINDOWS$NtUninstallKB980218$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB980232)—>»C:WINDOWS$NtUninstallKB980232$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB980436)—>»C:WINDOWS$NtUninstallKB980436$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB981322)—>»C:WINDOWS$NtUninstallKB981322$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB981349)—>»C:WINDOWS$NtUninstallKB981349$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB981852)—>»C:WINDOWS$NtUninstallKB981852$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB981957)—>»C:WINDOWS$NtUninstallKB981957$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB981997)—>»C:WINDOWS$NtUninstallKB981997$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB982132)—>»C:WINDOWS$NtUninstallKB982132$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB982214)—>»C:WINDOWS$NtUninstallKB982214$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB982665)—>»C:WINDOWS$NtUninstallKB982665$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB982802)—>»C:WINDOWS$NtUninstallKB982802$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB2378111)—>»C:WINDOWS$NtUninstallKB2378111_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB954155)—>»C:WINDOWS$NtUninstallKB954155_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB975558)—>»C:WINDOWS$NtUninstallKB975558_WM8$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media — (KB978695)—>»C:WINDOWS$NtUninstallKB978695_WM9$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows XP (KB2141007)—>»C:WINDOWS$NtUninstallKB2141007$spuninstspuninst.exe»
Обновление для Windows XP (KB2345886)—>»C:WINDOWS$NtUninstallKB2345886$spuninstspuninst.exe»
Обновление для Windows XP (KB2467659)—>»C:WINDOWS$NtUninstallKB2467659$spuninstspuninst.exe»
Обновление для Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Обновление для Windows XP (KB955759)—>»C:WINDOWS$NtUninstallKB955759$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Обновление для Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
Обновление для Windows XP (KB968389)—>»C:WINDOWS$NtUninstallKB968389$spuninstspuninst.exe»
Обновление для Windows XP (KB971029)—>»C:WINDOWS$NtUninstallKB971029$spuninstspuninst.exe»
Обновление для Windows XP (KB971737)—>»C:WINDOWS$NtUninstallKB971737$spuninstspuninst.exe»
Обновление для Windows XP (KB973687)—>»C:WINDOWS$NtUninstallKB973687$spuninstspuninst.exe»
Обновление для Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
Пакет драйверов Windows — Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)—>C:PROGRA~1DIFX7B44739871F4D539FA473F57A832EA4B6A59EF06DPInst.exe /d /u C:WINDOWSsystem32DRVSTOREamdk8_5F4DE5B38BD0C6463F94F7534C8C84D5EACE412Damdk8.inf
Пакет драйверов Windows — Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4pccswpddriver.inf
Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_F12A08B6F776984A95553486F64C541356F86E38pccs_bluetooth.inf
Преферанс—>»C:Program FilesBukaPreferenceuninstall.exe»
Снукер v1.2—>»C:Program Filesabsolutist.ruСнукерunins000.exe»
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»
Тропико 3—>»E:GamesTropico 3unins000.exe»
Удалить Winamp—>»C:Program FilesWinampunins000.exe»
Языковой пакет Microsoft .NET Framework 3.5 — RUS—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack — russetup.exe=====HijackThis Backups=====
O20 — Winlogon Notify: m64dll — m64dll.dll (file missing) [2010-02-23]
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: AntiVir Desktop
FW: Online Armor Firewall
FW: AGAVA Firewall (disabled)======System event log======
Computer Name: MICROSOF-561F28
Event Code: 7023
Message: Служба «Сервер» завершена из-за ошибки
Не найден указанный модуль.Record Number: 62449
Source Name: Service Control Manager
Time Written: 20110211134254.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 8017
Message: Сбой при запуске обозревателя сети, так как зависимая служба ‘LanmanServer’ имеет недопустимое состояние 3.
Состояние Значение
1 Служба остановлена2 Ожидание запуска
3 Ожидание остановки
4 Выполнение
5 Ожидание возобновления
6 Ожидание приостановки
7 Приостановка
Record Number: 62448
Source Name: BROWSER
Time Written: 20110211134245.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 7026
Message: Сбой при загрузке драйвера(ов) перезагрузки или запуска системы:
aecRecord Number: 62421
Source Name: Service Control Manager
Time Written: 20110211132528.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 7001
Message: Служба «Обозреватель компьютеров» является зависимой от службы «Сервер», которую не удалось запустить из-за ошибки
Не найден указанный модуль.Record Number: 62420
Source Name: Service Control Manager
Time Written: 20110211132515.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 7023
Message: Служба «Сервер» завершена из-за ошибки
Не найден указанный модуль.Record Number: 62419
Source Name: Service Control Manager
Time Written: 20110211132515.000000+120
Event Type: error
User:=====Application event log=====
Computer Name: MICROSOF-561F28
Event Code: 4113
Message: AntiVir has detected ‘TR/Crypt.TPM.Gen’
in the file
C:Documents and SettingsAdminLocal Settingstempcww122.tmpRecord Number: 77
Source Name: Avira AntiVir
Time Written: 20101122144444.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-561F28
Event Code: 4113
Message: AntiVir has detected ‘TR/Crypt.TPM.Gen’
in the file
C:Documents and SettingsAdminLocal Settingstempcww122.tmpRecord Number: 76
Source Name: Avira AntiVir
Time Written: 20101122144443.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-561F28
Event Code: 4113
Message: AntiVir has detected ‘TR/Horse.BZO’
in the file
E:GamesGrand Theft Auto IVGSC.dllRecord Number: 27
Source Name: Avira AntiVir
Time Written: 20101121205446.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-561F28
Event Code: 4113
Message: AntiVir has detected ‘TR/Horse.BZO’
in the file
E:GamesGrand Theft Auto IVGSC.dllRecord Number: 14
Source Name: Avira AntiVir
Time Written: 20101121143428.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-561F28
Event Code: 4113
Message: AntiVir has detected ‘TR/Horse.BZO’
in the file
E:GamesGrand Theft Auto IVGSC.dllRecord Number: 13
Source Name: Avira AntiVir
Time Written: 20101121142751.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEM======Environment variables======
«cdrom»=F:
«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«NUMBER_OF_PROCESSORS»=2
«OS»=Windows_NT
«Path»=C:Program FilesNVIDIA CorporationPhysXCommon;%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC;C:Program FilesCommon FilesAutodesk Shared;;C:PROGRA~1COMMON~1AUTODE~1;C:Program FilesCommon FilesTeleca Shared;C:Program FilesUniversal Extractor;C:Program FilesUniversal Extractorbin
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
«PROCESSOR_LEVEL»=15
«PROCESSOR_REVISION»=6b02
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«windir»=%SystemRoot%
EOF
Здравствуйте , сразу скажу прога очень хороша , спасала множество раз от переустановки винды . Проблем с ней никогда не возникало , ни раз удалял строки из реестра и все было нормально.Вообще ничего плохого о ней не слышал.Но я не эксперт в этих делах так что решайте сами . 😉
Всем доброго времени суток . Столкнулся с такой проблемой : множество всяких непонятных процессов , грузящщих систему , а какие з них зловредные бывает трудно определить.Не подскажите есть ли бесплатные надежные программы оценивающие опасность запущенных процессов?И еще один вопрос : семь идентичных процессов svchost.exe ето нормально? 😯
Интернет по прежнему тупит:( , а svchost.exe у меня уже 8 😯
log ATM:
All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named dwshd was found to stop!
No service named dwshd was found to delete!
Error: No service named hy1ioghkrs was found to stop!
No service named hy1ioghkrs was found to delete!
Error: No service named nnyoamnq6vuxoq3e was found to stop!
No service named nnyoamnq6vuxoq3e was found to delete!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\Проверка обновления deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\Обновление deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\mekook not found.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\coohezup not found.
========== FILES ==========
File/Folder C:WINDOWSsystem32posoub.exe not found.
File/Folder C:WINDOWSsystem32lawogydus.exe not found.
C:WINDOWSsystem32CheckUpdates.exe moved successfully.
C:WINDOWSsystem32lp.exe moved successfully.
C:WINDOWSsystem32CheckUp.exe moved successfully.
File/Folder C:WINDOWSSystem32driversdwshd.sys not found.
File/Folder C:WINDOWSsystem32koussijutto.exe not found.
File/Folder C:Documents and SettingsLocalServiceApplication DataMicrosoftfitoomooh.exe not found.
========== COMMANDS ==========[EMPTYTEMP]
User: Admin
->Temp folder emptied: 580064 bytes
->Temporary Internet Files folder emptied: 14512843 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2450 bytesUser: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytesUser: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytesUser: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 311296 bytes
%systemroot%System32 .tmp files removed: 1598848 bytes
%systemroot%System32dllcache .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46414 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 32835 bytes
RecycleBin emptied: 0 bytesTotal Files Cleaned = 16,00 mb
OTM by OldTimer — Version 3.1.12.2 log created on 06092010_191438
Files moved on Reboot…
File C:Documents and SettingsAdminLocal SettingsTempPerflib_Perfdata_338.dat not found!Registry entries deleted on Reboot…
Log 2:
info.txt logfile of random’s system information tool 1.06 2010-06-08 14:03:38
======Uninstall list======
—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {744C859F-C225-48A9-A524-4DED432F36C7}
—>MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 9.0 Professional Edition—>MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
ACDSee 9 Photo Manager—>MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Ad-Aware SE Personal—>C:PROGRA~1LavasoftAD-AWA~1UNWISE.EXE C:PROGRA~1LavasoftAD-AWA~1INSTALL.LOG
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player—>C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.2—>MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks Runtime—>C:WINDOWSIsUninst.exe -f»C:Program FilesWexTechAnswerWorksUninst.isu»
Assassin’s Creed II—>»C:Documents and SettingsAdminApplication DataAssassin’s Creed IIUninstallunins000.exe»
Assassin’s Creed II—>C:Documents and SettingsAdminApplication DataAssassin’s Creed IIUninstallunins000.exe
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AusLogics Disk Defrag—>»C:Program FilesAusLogics Disk Defragunins000.exe»
Autodesk DWF Viewer—>C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove
Background changer 2.0.8.0—>»C:Program FilesBackground changerunins000.exe»
Call of Duty(R) 4 — Modern Warfare(TM) 1.6 Patch—>C:Program FilesInstallShield Installation Information{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 — Modern Warfare(TM)—>C:Program FilesInstallShield Installation Information{E48469CC-635E-4FD5-A122-1497C286D217}setup.exe -runfromtemp -l0x0409
Canon Camera Access Library—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonCALUninst.ini»
Canon MovieEdit Task for ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramMVWUninst.ini»
Canon Utilities CameraWindow DC 8—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowDC8Uninst.ini»
Canon Utilities CameraWindow—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonCameraWindowCameraWindowLauncherUninst.ini»
Canon Utilities Movie Uploader for YouTube—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonCameraWindowMovie Uploader for YouTubeUninst.ini»
Canon Utilities MyCamera—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonCameraWindowMyCameraUninst.ini»
Canon Utilities PhotoStitch—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonPhotoStitchUninst.ini»
Canon Utilities ZoomBrowser EX—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EXProgramUninst.ini»
Canon ZoomBrowser EX Memory Card Utility—>»C:Program FilesCommon FilesCanonUIW1.7.0.0Uninst.exe» «C:Program FilesCanonZoomBrowser EX MCUUninst.ini»
CASHFLOW—>E:GamesCashflow1uninstall.exe
Catalyst Control Center — Branding—>MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA}
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
Ccleaner 2.03.532—>»C:Program FilesCcleanerunins000.exe»
CDDRV_Installer—>MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Command and Conquer: Red Alert 3—>»E:GamesRedRed Alert 3Uninstallunins000.exe»
Counter-Strike 1.6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime90Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}Setup.exe» -l0x19
Counter-Strike Steamworks Beta—>»C:Program FilesSteamsteam.exe» steam://uninstall/150
Counter-Strike(TM)—>MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike—>»C:Program FilesSteamsteam.exe» steam://uninstall/10
Crawler Toolbar with Web Security Guard—>C:PROGRA~1CrawlerToolbarCToolbar.exe uninst
Dead Space™—>MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
DiRT2—>»C:Program FilesInstallShield Installation Information{52D1D62C-FEAB-4580-849E-1DB624BADBBD}setup.exe» -runfromtemp -l0x0009 -removeonly
Disc2Phone—>MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
Dual-Core Optimizer—>MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
EA SPORTS online 2008—>C:Program FilesEA SPORTSEA SPORTS onlineEASOUNInstaller.exe
EAX Unified—>C:WINDOWSIsUninst.exe -f»C:Program FilesCreativeEAX UnifiedUninst.isu»
erLT—>MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
Etymonix SoftReel—>C:WINDOWSISUNINST.EXE -f»C:Program FilesEtymonixSoftReelUninst.isu» -c»C:Program FilesEtymonixSoftReeliscustom.dll»
Far Cry 2—>»C:Program FilesInstallShield Installation Information{F2835483-37F2-4123-B4FE-0E77D58447F2}setup.exe» -runfromtemp -l0x0009 -removeonly
FAR file manager—>C:Program FilesFarUninstall.exe
FIFA 2008—>»E:GamesFIFA 2008unins000.exe»
Foxit Reader 2.2 — DJ Mogarych’s pack—>»C:Program FilesFoxit Readerunins000.exe»
Grand Theft Auto IV v1.0.3.1—>»E:GamesGrand Theft Auto IVunins000.exe»
Guitar Pro 4.0—>C:PROGRA~1GUITAR~1UNWISE.EXE C:PROGRA~1GUITAR~1INSTALL.LOG
Hamachi 1.0.3.0—>C:Program FilesHamachiuninstall.exe
HijackThis 2.0.2—>»C:програмHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
ICE Book Reader Professional v8.9.2 Russian—>»C:Program FilesICE Book Reader Professional Russianunins000.exe»
ICQ Toolbar—>C:Program FilesICQ6ToolbarICQUnToolbar.exe
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
iLook 310—>»C:Program FilesInstallShield Installation Information{7EF900F4-61A8-4D95-8A65-488D3BECA206}setup.exe» -runfromtemp -l0x0019 -removeonly
iSnooker—>E:GamesснукерiSnookerUninstall.exe
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KhalInstallWrapper—>MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 5.8.3 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
LClock—>C:Program FilesLClockUninstall.exe
Light Alloy 4.3—>C:Program FilesLight Alloyuninst.exe
Ligos Indeo XP v.5.2 codec—>RunDLL32.exe advpack.dll,LaunchINFSection indeoxp.inf, UnInstall
Logitech SetPoint—>»C:Program FilesInstallShield Installation Information{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}setup.exe» -runfromtemp -l0x0019 -removeonly
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Mass Effect 2—>C:Program FilesCommon FilesBioWareUninstall Mass Effect 2.exe
Mathcad 11 Enterprise Edition—>MsiExec.exe /I{DE4386F2-ECDE-493E-B8BE-9861A9A7D069}
MATLAB 6.5—>C:MATLAB6p5uninstalluninstall.exe C:MATLAB6p5
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{34AB2437-1B34-3E2D-9DE8-3E2D35335B3F}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{CFF15B94-E062-3701-869A-4CDF4590461E}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack — rus—>MsiExec.exe /I{95E44F11-19F0-39EA-A894-792E054AA1CF}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows — LIVE—>MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Standard 2007—>MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Стандартный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall STANDARD /dll OSETUP.DLL
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
mIRC—>C:Program FilesmIRCuninstall.exe _?=C:Program FilesmIRC
Movavi Video Converter 9—>MsiExec.exe /I{4D92FD47-5138-48D2-B68B-9D0CCFA21CD7}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)—>MsiExec.exe /I{8FCE7820-08DF-4663-AF5B-B190EF387C4B}
MyDsc2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{83D96ED0-98AA-4515-8DDC-816F3EFDD104}Setup.exe» -l0x9
Need For Speed Underground 2—>»C:GamesNeed For Speed Underground 2unins000.exe»
Need For Speed Underground—>E:GamesNEEDFO~1UNWISE.EXE E:GamesNEEDFO~1INSTALL.LOG
Nero 6—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver—>MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
NVIDIA Drivers—>C:WINDOWSsystem32nvunrm.exe UninstallGUI
NVIDIA PhysX—>MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OpenAL—>»C:Program FilesOpenALoalinst.exe» /U
Paint.NET v3.20—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFPaintDN.inf,Uninstall
PC Connectivity Solution—>MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PunkBuster Services—>C:WINDOWSsystem32pbsvc.exe -u
QIP.Online—>C:Program FilesQIP.OnlineUninstall.exe
QuickTime—>C:WINDOWSunvise32qt.exe C:WINDOWSsystem32QuickTimeUninstall.log
RadioClicker LITE—>»C:Program FilesRadioClicker LITEunins000.exe»
RadioClicker PRO—>»C:Program FilesRadioClicker PROunins000.exe»
Rapture3D 2.3.22 Game—>»C:Program FilesBRSunins000.exe»
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}setup.exe» -l0x19 -removeonly
Right Click Image Converter—>»C:Program FilesKristanixRight Click Image Converteruninstall.exe»
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB958437)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Office 2007 (KB936514)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Outlook 2007 (KB946983)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sina Web TV—>C:PROGRA~1sinaSINAWE~1302~1.9BEUNWISE.EXE C:PROGRA~1sinaSINAWE~1302~1.9BEInstall.LOG
Skype™ 4.1—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SMSDV v.1.6.b (22 сен 2007г.)—>»C:Program FilesSMSDVunins000.exe»
SnagIt 8—>MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sony Ericsson PC Suite—>C:WINDOWSInstaller{D6BF6477-8369-489F-8DE6-3731F4B88560}setup.exe /uninstall
SopCast 1.1.2—>C:Program FilesSopCastuninst.exe
Steam(TM)—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2—>»C:Program FilesTeamspeak2_RC2unins000.exe»
TeamSpeak 3 Client—>»D:СережаprogramTS 3uninstall.exe»
Test Drive Unlimited—>C:Program FilesInstallShield Installation Information{8B43248F-5FAA-40CE-978E-95D3C5F12355}setup.exe
TV Player Classic 5.1—>»C:Program FilesTVPlayerClassicunins000.exe»
TVUPlayer 2.4.0.1—>C:Program FilesTVUPlayeruninst.exe
UltraISO Premium (only 32bit) V8.6.5.2160 Rus—>»C:Program FilesUltraISOunins000.exe»
Undelete Plus 2.94—>»C:Program FilesTouchStoneSoftwareUndeletePlusunins000.exe»
Uninstall Tool—>»C:Program FilesUninstall Toolunins000.exe»
Unlocker 1.8.9—>C:Program FilesUnlockeruninst.exe
Update for Office 2007 (KB934391)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Player Firefox Plugin—>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Xfire (remove only)—>»C:Program FilesXfireuninst.exe»
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
‘Zuma Deluxe’—>»E:GamesINSTALLZuma DeluxeReflexiveArcadeNightWolf Gamesunins000.exe»
АвтоСправочник—>C:WINDOWSuninst.exe -f»C:Program FilesAutoDealerFreewareDeIsL1.isu» -c»C:Program FilesAutoDealerFreeware_ISREG32.DLL»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Боковая панель Windows—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFSidebar.inf,DefaultUnInstall
Заработало! 5в1—>»E:GamesЗаработалоЗаработало! 5в1unins000.exe»
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Казаки — Снова Война—>C:WINDOWSuna2setup.exe
Обновление безопасности для Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Пакет драйверов Windows — Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)—>C:PROGRA~1DIFX7B44739871F4D539FA473F57A832EA4B6A59EF06DPInst.exe /d /u C:WINDOWSsystem32DRVSTOREamdk8_5F4DE5B38BD0C6463F94F7534C8C84D5EACE412Damdk8.inf
Пакет драйверов Windows — Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4pccswpddriver.inf
Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_F12A08B6F776984A95553486F64C541356F86E38pccs_bluetooth.inf
Преферанс—>»C:Program FilesBukaPreferenceuninstall.exe»
Снукер v1.2—>»C:Program Filesabsolutist.ruСнукерunins000.exe»
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»
Удалить Winamp—>»C:Program FilesWinampunins000.exe»
Языковой пакет Microsoft .NET Framework 3.5 — RUS—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack — russetup.exe=====HijackThis Backups=====
O20 — Winlogon Notify: m64dll — m64dll.dll (file missing) [2010-02-23]
======Security center information======
AV: ESET NOD32 Antivirus 4.0 (outdated)
FW: AGAVA Firewall (disabled)======System event log======
Computer Name: MICROSOF-561F28
Event Code: 17
Message: NTP-клиент поставщика времени: произошла ошибка при поиске в DNS
настроенного вручную узла ‘time.windows.com,0x1’. NTP-клиент вновь повторит поиск в DNS
через 15 мин.
Ошибка: Сделана попытка выполнить операцию на сокете для недоступного хоста. (0x80072751)Record Number: 39987
Source Name: W32Time
Time Written: 20100517193733.000000+180
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 29
Message: The NTP-клиент поставщика времени настроен на получение времени из одного
или нескольких источников, однако ни один из этих источников недоступен.
Попытки подключения к источнику не будут выполняться в течение 14 мин.
NTP-клиент не имеет источника правильного времени.Record Number: 39971
Source Name: W32Time
Time Written: 20100517173123.000000+180
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 17
Message: NTP-клиент поставщика времени: произошла ошибка при поиске в DNS
настроенного вручную узла ‘time.windows.com,0x1’. NTP-клиент вновь повторит поиск в DNS
через 15 мин.
Ошибка: Сделана попытка выполнить операцию на сокете для недоступного хоста. (0x80072751)Record Number: 39970
Source Name: W32Time
Time Written: 20100517173123.000000+180
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 29
Message: The NTP-клиент поставщика времени настроен на получение времени из одного
или нескольких источников, однако ни один из этих источников недоступен.
Попытки подключения к источнику не будут выполняться в течение 14 мин.
NTP-клиент не имеет источника правильного времени.Record Number: 39946
Source Name: W32Time
Time Written: 20100517125348.000000+180
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 17
Message: NTP-клиент поставщика времени: произошла ошибка при поиске в DNS
настроенного вручную узла ‘time.windows.com,0x1’. NTP-клиент вновь повторит поиск в DNS
через 15 мин.
Ошибка: Сделана попытка выполнить операцию на сокете для недоступного хоста. (0x80072751)Record Number: 39945
Source Name: W32Time
Time Written: 20100517125348.000000+180
Event Type: error
User:=====Application event log=====
Computer Name: MICROSOF-561F28
Event Code: 1517
Message: Реестр пользователя MICROSOF-561F28Admin был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.
Record Number: 5825
Source Name: Userenv
Time Written: 20091118142733.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-561F28
Event Code: 1524
Message: Windows не удалось выгрузить файл классов из реестра — он используется другими приложениями или службами. Файл будет выгружен когда он не будет использоваться.Record Number: 5824
Source Name: Userenv
Time Written: 20091118142720.000000+120
Event Type: warning
User: MICROSOF-561F28AdminComputer Name: MICROSOF-561F28
Event Code: 1517
Message: Реестр пользователя MICROSOF-561F28Admin был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.
Record Number: 5800
Source Name: Userenv
Time Written: 20091116230159.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-561F28
Event Code: 1517
Message: Реестр пользователя MICROSOF-561F28Admin был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.
Record Number: 5776
Source Name: Userenv
Time Written: 20091114125530.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-561F28
Event Code: 1517
Message: Реестр пользователя MICROSOF-561F28Admin был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.
Record Number: 5763
Source Name: Userenv
Time Written: 20091114012321.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC;C:MATLAB6P5BINWIN32;C:Program FilesCommon FilesAutodesk Shared;;C:PROGRA~1COMMON~1AUTODE~1;C:Program FilesCommon FilesTeleca Shared
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=6b02
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«cdrom»=F:
EOF
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2010-06-08 14:03:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (14%) free of 50 GB
Total RAM: 2047 MB (73% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:37, on 08.06.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:WINDOWSExplorer.EXE
C:WINDOWSPixArtPAC7302Monitor.exe
C:WINDOWSsystem32CheckUpdates.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:MATLAB6p5webserverbinwin32matlabserver.exe
C:WINDOWSsystem32bipoodouba.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Documents and SettingsLocalServiceApplication DataMicrosoftquouryh.exe
C:Program FilesOperaOpera.exe
C:WINDOWSsystem32CheckUpInst.exe
D:СережаprogramRSIT.exe
C:Program Filestrend microHijackThisAdmin.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [PAC7302_Monitor] C:WINDOWSPixArtPAC7302Monitor.exe
O4 — HKLM..Run: [UnlockerAssistant] «c:program filesunlockerunlockerassistant .exe»
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesExtra Video Converter Proqttask.exe» -atboottime
O4 — HKLM..Run: [Проверка обновления] C:WINDOWSsystem32CheckUp.exe
O4 — HKLM..Run: [Обновление] C:WINDOWSsystem32CheckUpdates.exe
O4 — HKLM..Run: [mekook] C:WINDOWSsystem32bipoodouba.exe
O4 — HKLM..Run: [coohezup] C:WINDOWSsystem32lawogydus.exe
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [coohezup] C:Documents and SettingsLocalServiceApplication DataMicrosoftlawogydus.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232392041796
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232392023953
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} — file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O17 — HKLMSystemCCSServicesTcpip..{DB1A5B64-2A47-45DB-8229-94171839A0A8}: NameServer = 195.248.191.67,195.248.191.72
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — C:PROGRA~1CrawlerToolbarctbr.dll
O23 — Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Canon Inc. — C:Program FilesCanonCALCALMAIN.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Creative ALchemy AL1 Licensing Service (hy1ioghkrs) — Unknown owner — C:WINDOWSsystem32koussijutto.exe (file missing)
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Logitech Bluetooth Service (LBTServ) — Logitech, Inc. — C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe
O23 — Service: MATLAB Server (matlabserver) — Unknown owner — C:MATLAB6p5webserverbinwin32matlabserver.exe
O23 — Service: IMAPI CD-Burning COM Service (nnyoamnq6vuxoq3e) — Four-F — C:Documents and SettingsLocalServiceApplication DataMicrosoftfitoomooh.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Telnet (TlntSvr) — Корпорация Майкрософт — C:WINDOWSsystem32tlntsvr.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7709 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Kernel and Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2009-06-17 55824]
«PAC7302_Monitor»=C:WINDOWSPixArtPAC7302Monitor.exe [2006-11-03 319488]
«UnlockerAssistant»=c:program filesunlockerunlockerassistant .exe []
«QuickTime Task»=C:Program FilesExtra Video Converter Proqttask.exe [2010-07-01 77824]
«Проверка обновления»=C:WINDOWSsystem32CheckUp.exe [2010-06-04 847360]
«Обновление»=C:WINDOWSsystem32CheckUpdates.exe [2010-06-08 846336]
«mekook»=C:WINDOWSsystem32bipoodouba.exe []
«coohezup»=C:WINDOWSsystem32lawogydus.exe [2010-06-04 333824][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
C:WINDOWSALCMTR.EXE [2008-06-08 69632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUSGamerOSD]
C:Program FilesASUSGamerOSDGamerOSD.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKillCopy]
C:WINDOWSsystem32killcopy.exe [2008-06-08 1185792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
C:Program FilesLClockLClock.exe [2008-06-08 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]
C:Program FilesAheadNero BackItUpNBJ.exe [2008-06-08 2048000][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2008-06-08 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
RTHDCPL.EXE [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSidebar]
C:Program FilesWindows Sidebarsidebar.exe [2007-02-26 1254912][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
C:WINDOWSSkyTel.EXE [2008-06-08 2879488][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
C:Program FilesUnlockerUnlockerAssistant.exe []C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Logitech SetPoint.lnk — C:Program FilesLogitechSetPointSetPoint.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2009-12-11 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyLBTWlgn]
c:program filescommon fileslogishrdbluetoothLBTWlgn.dll [2009-07-20 72208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:WINDOWSsystem32dpnsvr.exe»=»C:WINDOWSsystem32dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«E:GamesCounterhl.exe»=»E:GamesCounterhl.exe:*:Enabled:Half-Life Launcher»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«E:GamesTDUexeTestDriveUnlimited.exe»=»E:GamesTDUexeTestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited»
«E:GamesCALLiw3mp.exe»=»E:GamesCALLiw3mp.exe:*:Enabled:Call of Duty(R) 4 — Modern Warfare(TM)»
«E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe»=»E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe:*:Disabled:nfsuclient_alkar»
«E:GamesNeed For Speed Undergroundspeed.exe»=»E:GamesNeed For Speed Undergroundspeed.exe:*:Enabled:speed»
«E:IcqICQ6.5ICQ.exe»=»E:IcqICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesSopCastSopCast.exe»=»C:Program FilesSopCastSopCast.exe:*:Enabled:SopCast Main Application»
«E:GamesCounterhltv.exe»=»E:GamesCounterhltv.exe:*:Enabled:HLTV Launcher»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe»=»C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe:*:Enabled:SopCast Adver»
«E:GamesDIRT 2dirt2_game.exe»=»E:GamesDIRT 2dirt2_game.exe:*:Enabled:DiRT2»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«E:GamesMass Effect 2BinariesMassEffect2.exe»=»E:GamesMass Effect 2BinariesMassEffect2.exe:*:Enabled:Mass Effect 2 Игра»
«E:GamesMass Effect 2MassEffect2Launcher.exe»=»E:GamesMass Effect 2MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Запуск»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesSteamSteamAppsmmadesstcounter-strikehl.exe»=»C:Program FilesSteamSteamAppsmmadesstcounter-strikehl.exe:*:Enabled:Counter-Strike»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======File associations======
.scr — open —
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2010-07-01 16:40:37 —-A—- C:WINDOWSunvise32qt.exe
2010-07-01 16:39:54 —-D—- C:WINDOWSsystem32QuickTime
2010-06-30 18:59:01 —-A—- C:WINDOWSsystem32ptpusb.dll
2010-06-30 18:59:00 —-A—- C:WINDOWSsystem32ptpusd.dll
2010-06-26 18:02:32 —-D—- C:Documents and SettingsAdminApplication DataZoomBrowser EX
2010-06-26 17:54:10 —-D—- C:Documents and SettingsAll UsersApplication DataZoomBrowser
2010-06-26 17:53:45 —-D—- C:Program FilesCanon
2010-06-26 17:52:47 —-D—- C:Program FilesCommon FilesCanon
2010-06-08 14:03:31 —-D—- C:rsit
2010-06-08 13:50:14 —-A—- C:WINDOWSsystem32CheckUpInst.exe
2010-06-08 13:47:07 —-A—- C:WINDOWSsystem32fitoomooh.exe
2010-06-08 13:22:42 —-A—- C:WINDOWSntbtlog.txt
2010-06-08 12:34:36 —-SHD—- C:RECYCLER
2010-06-07 23:44:50 —-D—- C:WINDOWStemp
2010-06-07 23:44:49 —-A—- C:ComboFix.txt
2010-06-07 23:34:49 —-D—- C:Qoobox
2010-06-06 22:40:01 —-D—- C:Documents and SettingsAdminApplication DataCANON INC
2010-06-04 15:47:00 —-A—- C:WINDOWSsystem32posoub.exe
2010-06-04 14:15:55 —-A—- C:WINDOWSsystem32lawogydus.exe
2010-06-04 13:15:11 —-A—- C:WINDOWSsystem32CheckUpdates.exe
2010-06-04 13:12:57 —-A—- C:WINDOWSsystem32lp.exe
2010-06-04 13:12:57 —-A—- C:WINDOWSsystem32CheckUp.exe
2010-05-19 12:56:32 —-D—- C:WINDOWSA7E07C2B2220441587E3784D5814BC93.TMP
2010-05-19 12:55:22 —-RA—- C:WINDOWSsystem32tmp4F.tmp
2010-05-19 12:55:22 —-RA—- C:WINDOWSsystem32tmp4E.tmp
2010-05-19 12:54:20 —-A—- C:WINDOWSsystem32xmlinst.exe
2010-05-19 12:54:19 —-A—- C:WINDOWSsystem32vp6install.exe
2010-05-19 12:54:14 —-A—- C:WINDOWSsystem32Vb5db.dll
2010-05-19 12:54:13 —-A—- C:WINDOWSsystem32msxml4a.dll
2010-05-19 12:54:13 —-A—- C:WINDOWSsystem32msvcr80.dll
2010-05-19 12:54:13 —-A—- C:WINDOWSsystem32msvcr71d.dll
2010-05-19 12:54:13 —-A—- C:WINDOWSsystem32msvcr70d.dll
2010-05-19 12:54:12 —-A—- C:WINDOWSsystem32msvcp80.dll
2010-05-19 12:54:12 —-A—- C:WINDOWSsystem32msvcp71d.dll
2010-05-19 12:54:12 —-A—- C:WINDOWSsystem32msvcp70d.dll
2010-05-19 12:54:12 —-A—- C:WINDOWSsystem32Msvcp60d.dll
2010-05-19 12:54:12 —-A—- C:WINDOWSsystem32msvcm80.dll
2010-05-19 12:54:12 —-A—- C:WINDOWSsystem32msvci70d.dll
2010-05-19 12:54:11 —-A—- C:WINDOWSsystem32mfcm80u.dll
2010-05-19 12:54:11 —-A—- C:WINDOWSsystem32mfcm80.dll
2010-05-19 12:54:11 —-A—- C:WINDOWSsystem32mfc80u.dll
2010-05-19 12:54:11 —-A—- C:WINDOWSsystem32mfc80.dll
2010-05-19 12:54:09 —-A—- C:WINDOWSsystem32Cc3250mt.dll
2010-05-19 12:54:09 —-A—- C:WINDOWSsystem32Borlndmm.dll
2010-05-19 12:54:08 —-A—- C:WINDOWSsystem32xmltok.dll
2010-05-19 12:54:08 —-A—- C:WINDOWSsystem32xmlparse.dll
2010-05-17 21:20:27 —-D—- C:WINDOWSEFC1B35CFFF241D8A70ACE6037F8040B.TMP
2010-05-17 18:16:07 —-D—- C:Documents and SettingsAdminApplication DataThe Creative Assembly
2010-05-15 14:20:16 —-D—- C:Documents and SettingsAdminApplication DataRed Alert 3
2010-05-11 20:25:12 —-D—- C:Program FilesTeamspeak2_RC2======List of files/folders modified in the last 1 months======
2010-07-04 16:29:44 —-D—- C:Movavi files
2010-07-03 22:38:33 —-D—- C:WINDOWSSoftwareDistribution
2010-07-02 23:42:46 —-D—- C:Program FilesHfs
2010-07-02 21:33:45 —-D—- C:Program FilesMovavi Video Converter 9
2010-07-01 16:40:40 —-D—- C:Program FilesExtra Video Converter Pro
2010-07-01 08:10:02 —-D—- C:WINDOWSSxsCaPendDel
2010-06-27 23:25:01 —-D—- C:WINDOWSaddins
2010-06-26 17:53:45 —-D—- C:Program Files
2010-06-08 13:50:14 —-D—- C:WINDOWSsystem32
2010-06-08 13:48:06 —-SHD—- C:System Volume Information
2010-06-08 13:47:31 —-D—- C:WINDOWS
2010-06-08 13:47:11 —-D—- C:WINDOWSsystem32CatRoot2
2010-06-08 13:21:41 —-A—- C:WINDOWSSchedLgU.Txt
2010-06-08 13:20:59 —-D—- C:WINDOWSsystem32Restore
2010-06-08 12:57:13 —-D—- C:WINDOWSsystem32NtmsData
2010-06-08 12:30:30 —-D—- C:Program FilesSteam
2010-06-07 23:46:18 —-A—- C:WINDOWSmatlab.ini
2010-06-07 23:43:39 —-A—- C:WINDOWSsystem.ini
2010-06-07 23:42:12 —-D—- C:WINDOWSsystem32drivers
2010-06-07 23:42:12 —-D—- C:WINDOWSAppPatch
2010-06-07 23:42:10 —-D—- C:Program FilesCommon Files
2010-06-07 22:33:45 —-D—- C:Documents and SettingsAdminApplication DataSkype
2010-06-07 21:32:55 —-D—- C:Documents and SettingsAdminApplication DataskypePM
2010-06-07 17:57:44 —-A—- C:WINDOWSNeroDigital.ini
2010-06-04 20:37:16 —-SHD—- C:WINDOWSInstaller
2010-06-04 20:32:36 —-D—- C:Program FilesCommon FilesTeleca Shared
2010-06-04 20:30:06 —-D—- C:WINDOWSWinSxS
2010-06-04 20:30:06 —-D—- C:Documents and SettingsAdminApplication DataTeleca
2010-06-04 20:30:03 —-D—- C:WINDOWSDownloaded Installations
2010-06-04 20:28:37 —-HD—- C:WINDOWSinf
2010-06-04 20:28:17 —-DC—- C:WINDOWSsystem32DRVSTORE
2010-06-01 19:17:37 —-D—- C:Program FilesABBYY FineReader 9.0
2010-05-31 15:43:48 —-D—- C:WINDOWSMinidump
2010-05-31 11:26:52 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2010-05-31 08:54:16 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-05-31 08:54:11 —-A—- C:WINDOWSsystem32svchost.exe
2010-05-19 13:11:23 —-RSD—- C:WINDOWSassembly
2010-05-19 13:11:00 —-D—- C:WINDOWSsystem32DirectX
2010-05-19 12:56:25 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2010-05-10 17:25:51 —-D—- C:WINDOWSERDNT
2010-05-09 23:31:25 —-D—- C:Documents and SettingsAdminApplication DatamIRC
2010-05-09 23:31:04 —-D—- C:Program FilesmIRC======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 43520]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-02-06 93336]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-10-07 80576]
R1 uzg4njgz;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzg4njgz.sys []
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-02-06 113448]
R2 LBeepKE;LBeepKE; C:WINDOWSSystem32DriversLBeepKE.sys [2009-06-17 10384]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 AmdLLD;AMD Low Level Device Driver; C:WINDOWSsystem32DRIVERSAmdLLD.sys [2006-11-01 33280]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2009-12-12 4525056]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversAtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-01-03 4412928]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:WINDOWSsystem32DRIVERSLHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLMouFilt.Sys [2009-06-17 37392]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2007-06-28 20480]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2008-04-07 10368]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 acm8fwok;acm8fwok; C:WINDOWSsystem32driversacm8fwok.sys []
S3 aftggald;aftggald; C:WINDOWSsystem32driversaftggald.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:WINDOWSsystem32driversasusgsb.sys [2007-07-12 12416]
S3 catchme;catchme; ??C:DOCUME~1AdminLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2009-09-28 25280]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:WINDOWSSystem32DriversLUsbFilt.Sys [2009-06-17 28560]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 PAC7302;iLook 310; C:WINDOWSsystem32DRIVERSPAC7302.SYS [2007-10-29 458112]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:WINDOWSsystem32DRIVERSs816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:WINDOWSsystem32DRIVERSs816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:WINDOWSsystem32DRIVERSs816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DaulCamera; C:WINDOWSSystem32DriversCapt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 Video3D;ASUS Video3D Service; C:WINDOWSSystem32DriversVideo3D32.sys []
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2007-06-18 38528]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2008-10-27 759072]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2009-12-11 602112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe [2009-09-08 96334]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2009-08-16 222968]
R2 matlabserver;MATLAB Server; C:MATLAB6p5webserverbinwin32matlabserver.exe [2002-06-18 503808]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-07-01 75064]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2010-05-31 14336]
S2 hy1ioghkrs;Creative ALchemy AL1 Licensing Service; C:WINDOWSsystem32koussijutto.exe []
S2 nnyoamnq6vuxoq3e;IMAPI CD-Burning COM Service; C:Documents and SettingsLocalServiceApplication DataMicrosoftfitoomooh.exe [2010-06-04 333824]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-06-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2008-06-08 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe [2009-07-20 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-06-08 441344]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2008-06-08 145408]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2008-06-08 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
Лог Combofix:
ComboFix 10-04-19.05 — Admin 21.04.2010 23:06:50.17.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.380.1049.18.2047.1582 [GMT 3:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столCFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AGAVA Firewall *disabled* {A1B3B6D5-4E09-45D3-BC0D-5A1AC0DE29AC}
* Resident AV is activeFILE ::
«c:windowssystem32zouloovenou.exe»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32zouloovenou.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_BJXQBTBQ
Legacy_BZAAU5CZEU6EY0I
Legacy_XYVHSWKY
Service_bjxqbtbq
Service_bzaau5czeu6ey0i
Service_xyvhswky((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.2010-04-20 05:22 . 2010-04-20 05:22 921632 —-a-w- C:PA7302.DAT
2010-04-14 08:03 . 2010-04-14 08:03
d-sh—w- c:documents and settingsAll UsersApplication DataSecuROM
2010-04-14 07:49 . 2010-04-14 08:00
d
w- c:program filesCommon FilesBioWare
2010-04-14 07:29 . 2010-04-14 15:33
d
w- c:program filesDAEMON Tools Lite
2010-04-14 06:19 . 2008-04-14 16:10 15360 -c—a-w- c:windowssystem32dllcachectfmon.exe
2010-04-14 06:19 . 2008-04-14 16:10 15360 —-a-w- c:windowssystem32ctfmon.exe
2010-04-13 17:36 . 2010-04-13 17:36 300544 —-a-w- c:windowssystem32fidepil.exe
2010-04-13 12:25 . 2010-04-16 13:57
d
w- C:Photo
2010-04-11 18:31 . 2010-04-11 18:30 300544 —-a-w- c:windowssystem32gooquumywou.exe
2010-04-11 18:30 . 2010-04-11 18:30 129024 —sh—r- c:documents and settingsAdminApplication Datawyzlo.exe
2010-04-10 17:27 . 2010-04-10 17:27
d
w- c:documents and settingsAdminApplication Datateamspeak2
2010-04-06 11:57 . 2010-04-06 11:57
d
w- c:documents and settingsAdminApplication DataAssassin’s Creed II
2010-04-06 11:57 . 2010-04-06 11:39 1193739 —-a-w- c:documents and settingsAdminApplication DataAssassin’s Creed IIUninstallunins000.exe
2010-04-02 17:12 . 2010-04-16 22:51
d
w- C:Movavi files
2010-04-02 14:19 . 2010-04-02 14:20
d
w- c:program filesMovavi Video Converter 9
2010-03-31 17:11 . 2010-03-31 17:11 5918776 —-a-w- c:documents and settingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malwarembam-setup.exe
2010-03-28 11:05 . 2009-05-29 21:37 205824 —-a-w- c:windowssystem32xvidvfw.dll
2010-03-28 11:05 . 2009-05-29 21:31 881664 —-a-w- c:windowssystem32xvidcore.dll
2010-03-28 11:05 . 2010-03-14 18:00 85504 —-a-w- c:windowssystem32ff_vfw.dll
2010-03-28 11:04 . 2010-03-28 11:05
d
w- c:program filesK-Lite Codec Pack
2010-03-28 10:13 . 2010-03-28 10:13 64000 -c—a-w- c:windowssystem32dllcachewmplayer.exe
2010-03-27 18:22 . 2010-03-27 18:22
d
w- c:program filesuTorrent
2010-03-27 18:21 . 2010-04-19 11:19
d
w- c:documents and settingsAdminApplication DatauTorrent
2010-03-25 17:50 . 2010-04-01 16:56
d
w- c:documents and settingsAdminApplication DatamIRC
2010-03-25 17:50 . 2010-04-01 16:54
d
w- c:program filesmIRC.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 13:18 . 2009-10-04 16:09
d
w- c:program filesABBYY FineReader 9.0
2010-04-20 13:42 . 2008-01-11 17:50 215160 —-a-w- c:windowssystem32PnkBstrB.exe
2010-04-20 13:41 . 2008-01-11 17:50 138544 —-a-w- c:windowssystem32driversPnkBstrK.sys
2010-04-19 18:01 . 2009-09-25 13:13
d
w- c:documents and settingsAdminApplication DataICQ
2010-04-18 17:02 . 2009-12-26 10:02
d
w- c:documents and settingsAdminApplication DataSkype
2010-04-18 17:02 . 2009-11-12 22:27
d
w- c:documents and settingsAdminApplication DataskypePM
2010-04-15 16:04 . 2007-12-26 14:40
d
w- c:program filesOpera
2010-04-14 22:23 . 2007-12-26 14:40
d
w- c:program filesHfs
2010-04-14 15:33 . 2007-12-26 14:40
d
w- c:program filesUnlocker
2010-04-14 07:29 . 2007-12-26 14:34 691696 —-a-w- c:windowssystem32driverssptd.sys
2010-04-12 16:50 . 2010-01-27 20:35
d
w- c:program filesSteam
2010-04-06 12:00 . 2008-03-22 08:48
d
w- c:documents and settingsAdminApplication DataUbisoft
2010-04-06 12:00 . 2008-01-23 12:47
d
w- c:documents and settingsAll UsersApplication DataUbisoft
2010-04-02 14:37 . 2010-03-13 14:01
d
w- c:program filesXilisoft
2010-03-31 17:12 . 2010-02-25 16:32
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-03-29 21:46 . 2010-02-25 16:32 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-03-29 21:45 . 2010-02-25 16:32 20824 —-a-w- c:windowssystem32driversmbam.sys
2010-03-28 09:50 . 2004-08-18 12:00 84934 —-a-w- c:windowssystem32perfc019.dat
2010-03-28 09:50 . 2004-08-18 12:00 487386 —-a-w- c:windowssystem32perfh019.dat
2010-03-27 18:44 . 2007-12-26 14:41
d
w- c:program filesDownload Master
2010-03-20 06:38 . 2010-03-20 06:38 0 —ha-w- c:windowssystem32driversMsft_Kernel_LUsbFilt_01005.Wdf
2010-03-18 15:54 . 2010-02-23 14:53
d
w- c:program filesSpybot — Search & Destroy
2010-03-18 15:53 . 2010-02-23 14:53
d
w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2010-03-13 14:02 . 2010-03-13 14:02
d
w- c:documents and settingsAdminApplication DataXilisoft Corporation
2010-03-13 00:15 . 2010-03-13 00:08
d
w- c:program filesExtra Video Converter Pro
2010-03-12 23:40 . 2010-03-12 23:40
d
w- c:documents and settingsAdminApplication DataMOVAVI
2010-03-07 13:28 . 2009-01-25 16:30
d
w- c:program filesNokia
2010-03-05 16:08 . 2008-12-06 07:28 1316168 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-03-04 20:02 . 2010-02-25 19:16
d
w- c:program filesCommon FilesScanner
2010-03-04 08:01 . 2010-03-04 08:01
d
w- c:documents and settingsNetworkServiceApplication DataYahoo!
2010-02-27 11:32 . 2010-02-27 11:32
d
w- c:documents and settingsAdminApplication DataLogitech
2010-02-27 11:32 . 2010-02-26 16:48
d
w- c:program filesCommon FilesLogishrd
2010-02-27 11:32 . 2010-02-25 19:13
d
w- c:documents and settingsAll UsersApplication DataLogiShrd
2010-02-27 11:31 . 2010-02-27 11:31 0 —ha-w- c:windowssystem32driversMsft_Kernel_LMouFilt_01005.Wdf
2010-02-27 11:31 . 2010-02-27 11:31 0 —ha-w- c:windowssystem32driversMsft_Kernel_LHidFilt_01005.Wdf
2010-02-27 11:31 . 2010-02-27 11:31 0 —ha-w- c:windowssystem32driversMsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-27 11:30 . 2007-12-26 14:39
d—h—w- c:program filesInstallShield Installation Information
2010-02-27 11:30 . 2010-02-27 11:30
d
w- c:program filesLogitech
2010-02-26 16:45 . 2010-02-25 19:14
d
w- c:program filesCommon FilesLogitech
2010-02-25 19:17 . 2010-02-25 19:17
d
w- c:documents and settingsAdminApplication DataYahoo!
2010-02-25 19:14 . 2010-02-25 19:14
d
w- c:documents and settingsAll UsersApplication DataLogitech
2010-02-25 17:31 . 2008-04-07 07:33
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-02-25 16:32 . 2010-02-25 16:32
d
w- c:documents and settingsAdminApplication DataMalwarebytes
2010-02-25 16:32 . 2010-02-25 16:32
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-02-23 12:03 . 2009-11-26 13:35
d
w- c:program filestrend micro
2010-02-21 21:07 . 2010-02-21 21:07 11264 —-a-w- c:windowssystem32driversuzg4njgz.sys
2010-02-21 20:51 . 2007-12-26 14:40
d
w- c:program filesCcleaner
2010-02-21 16:56 . 2009-12-11 21:54
d
w- c:program filesBRS
2010-02-21 16:55 . 2007-12-26 14:40
d
w- c:program filesSMSDV
2010-02-21 16:47 . 2009-05-17 10:50
d
w- c:program filesQIP.Online
2010-02-21 16:23 . 2009-06-13 19:22
d
w- c:documents and settingsAdminApplication DataUniblue
2010-02-21 15:19 . 2007-12-26 14:29
d
w- c:program filesVistaDriveIcon
2010-02-10 17:13 . 2007-12-26 14:41 165376 —-a-w- c:windowssystem32unrar.dll
2010-02-08 14:31 . 2010-02-08 14:31 10134 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{71CFE572-6C01-96C4-F90E-36C147C98123}ARPPRODUCTICON.exe
2010-02-08 14:26 . 2008-01-08 17:49 1324 —-a-w- c:windowssystem32d3d9caps.dat
2010-01-27 20:35 . 2010-01-27 20:35 15872 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{048298C9-A4D3-490B-9FF9-AB023A9238F3}Icon048298C9.exe
.
c:program filesAdobePhotoshop Album Starter Edition3.2Appsapdproxy .exe
c:program filesAMDDual-Core Optimizeramd_dc_opt .exe
c:program filesATI TechnologiesATI.ACECore-Staticclistart .exe
c:program filesDAEMON Tools Litedtlite .exe
c:program filesESETESET NOD32 Antivirusegui .exe
c:program filesSony EricssonMobile2Application Launcherapplication launcher .exe
c:program filesSpybot - Search & Destroyteatimer .exe
c:program filesUnlockerunlockerassistant .exe
c:program filesUnlockerunlockerassistant .exe
c:program filesUnlockerunlockerassistant .exe
c:program filesVistaDriveIconvistadrv .exe
c:program filesVolumeControlvolume .exe
c:windowsPixArtPac7302monitor .exe
Sigcheck
[7] 2008-04-14 . 4379CA978CB35BB2458156B2B6CB35DF . 1571840 . . [5.1.2600.5512] . . c:windowsERDNTcachesfcfiles.dll
[7] 2008-04-14 . 4379CA978CB35BB2458156B2B6CB35DF . 1571840 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386sfcfiles.dll
[-] 2007-12-26 . 867C8A991BF369B3FAFC3B64ADC6FC5C . 1548288 . . [5.1.2600.2180] . . c:windows$NtServicePackUninstall$sfcfiles.dll
[-] 2004-01-23 . E8728E3C12F7870BC74224201A830F70 . 1145856 . . [5.1.2600.1106] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Kernel and Hardware Abstraction Layer»=»KHALMNPR.EXE» [2009-06-17 55824]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2007-06-13 528384]
«PAC7302_Monitor»=»c:windowsPixArtPAC7302Monitor.exe» [2006-11-03 319488]
«UnlockerAssistant»=»c:program filesunlockerunlockerassistant .exe» [N/A][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [N/A]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-10-16 124928]
«IE7_012″=»advpack.dll» [2008-10-16 124928]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Logitech SetPoint.lnk — c:program filesLogitechSetPointSetPoint.exe [2010-2-27 813584][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLBTWlgn]
2009-07-20 10:28 72208 —-a-w- c:program filesCommon FilesLogishrdBluetoothLBTWLgn.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
2008-06-08 11:22 69632 —-a-r- c:windowsAlcmtr.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUSGamerOSD]
c:program filesASUSGamerOSDGamerOSD.exe [N/A][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKillCopy]
2008-06-08 11:22 1185792 —-a-w- c:windowssystem32killcopy.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
2008-06-08 11:21 86016 —-a-w- c:program filesLClockLClock.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]
2008-06-08 11:18 2048000 —-a-w- c:program filesAheadNero BackItUpNBJ.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2008-06-08 11:29 155648 —-a-w- c:windowssystem32nerocheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
RTHDCPL.EXE [N/A][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSidebar]
2007-02-26 20:50 1254912 —-a-w- c:program filesWindows Sidebarsidebar.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
2008-06-08 11:22 2879488 —-a-r- c:windowsSkyTel.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe [N/A][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
c:program filesUnlockerUnlockerAssistant.exe [N/A][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\WINDOWS\system32\dpnsvr.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«e:\Games\Counter\hl.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«e:\Games\TDU\exe\TestDriveUnlimited.exe»=
«e:\Games\CALL\iw3mp.exe»=
«e:\Games\Need For Speed Underground\nfsuclient_alkar.exe»=
«e:\Games\Need For Speed Underground\speed.exe»=
«e:\Icq\ICQ6.5\ICQ.exe»=
«c:\Program Files\SopCast\SopCast.exe»=
«e:\Games\Counter\hltv.exe»=
«c:\Program Files\Opera\Opera.exe»=
«c:\Documents and Settings\Admin\Application Data\SopCast\adv\SopAdver.exe»=
«e:\Games\DIRT 2\dirt2_game.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«e:\Games\Mass Effect 2\Binaries\MassEffect2.exe»=
«e:\Games\Mass Effect 2\MassEffect2Launcher.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«9923:TCP»= 9923:TCP:bsbno
«3389:TCP»= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
«8103:TCP»= 8103:TCPR0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [13.10.2005 16:46 35328]
R0 sptd;sptd;c:windowssystem32driverssptd.sys [26.12.2007 17:34 691696]
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [06.02.2009 15:23 106208]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [06.02.2009 15:24 93336]
R1 uzg4njgz;AVZ-RK Kernel Driver;c:windowssystem32driversuzg4njgz.sys [22.02.2010 0:07 11264]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:program filesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [27.10.2008 21:03 759072]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [06.02.2009 15:23 727720]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [22.07.2009 22:16 222968]
R2 LBeepKE;LBeepKE;c:windowssystem32driversLBeepKE.sys [27.02.2010 14:32 10384]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:windowssystem32driverss816bus.sys [21.09.2009 21:22 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:windowssystem32driverss816mdfl.sys [21.09.2009 21:25 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:windowssystem32driverss816mdm.sys [21.09.2009 21:25 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:windowssystem32driverss816mgmt.sys [21.09.2009 21:35 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:windowssystem32driverss816nd5.sys [21.09.2009 21:36 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:windowssystem32driverss816obex.sys [21.09.2009 21:35 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:windowssystem32driverss816unic.sys [21.09.2009 21:35 97704][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsWindows Sidebar]
c:windowssystem32hidec [N/A][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}]
2004-08-04 02:07 11776 —-a-w- c:program filesWindows Sidebarregsvr32.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}]
2004-08-04 02:07 11776 —-a-w- c:program filesWindows Sidebarregsvr32.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}]
c:program filesWindows SidebarVAIO.vshellext.dll [N/A]
.
.
Supplementary Scan
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
TCP: {DB1A5B64-2A47-45DB-8229-94171839A0A8} = 195.248.191.67,195.248.191.72
Handler: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — c:progra~1CrawlerToolbarctbr.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 23:13
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync03.sys sfsync02.sys atapi.sys spbv.sys >>UNKNOWN [0x8A97B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xba0fcf28
DriverACPI -> ACPI.sys @ 0xb9e74cb8
Driveratapi -> sfsync03.sys @ 0xba0c995c
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
DeviceHarddisk0DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9cffbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d0ca21
SendHandler -> NDIS.sys @ 0xb9cea87b
user & kernel MBR OK**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(744)
c:windowssystem32Ati2evxx.dll
c:program filescommon fileslogishrdbluetoothLBTWlgn.dll
c:program filescommon fileslogishrdbluetoothLBTServ.dll— — — — — — — > ‘explorer.exe'(4052)
c:program filesLogitechSetPointGameHook.dll
c:program filesLogitechSetPointlgscroll.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowssystem32Ati2evxx.exe
c:windowssystem32Ati2evxx.exe
c:program filesBonjourmDNSResponder.exe
c:matlab6p5webserverbinwin32matlabserver.exe
c:windowssystem32PnkBstrA.exe
c:windowssystem32PnkBstrB.exe
c:matlab6p5binwin32matlab.exe
c:windowssystem32wscntfy.exe
c:program filesCommon FilesLogishrdKHAL2KHALMNPR.EXE
c:program filesCommon FilesTeleca SharedGeneric.exe
c:program filesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
.
**************************************************************************
.
Completion time: 2010-04-21 23:16:16 — machine was rebooted
ComboFix-quarantined-files.txt 2010-04-21 20:16
ComboFix2.txt 2010-04-20 13:06Pre-Run: 11 059 466 240 байт свободно
Post-Run: 11 027 714 048 байт свободно— — End Of File — — BC0377FDC95F254313CD120DF93218C1
Combofix отработал нормально. Но интернет тормозит как и раньше 😥
вот лог:ComboFix 10-04-19.05 — Admin 20.04.2010 15:54:25.16.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.380.1049.18.2047.749 [GMT 3:00]
Running from: c:documents and settingsAdminРабочий столComboFix.exe
Command switches used :: c:documents and settingsAdminРабочий столWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AGAVA Firewall *disabled* {A1B3B6D5-4E09-45D3-BC0D-5A1AC0DE29AC}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesThe Bat!
c:program filesThe Bat!bat.reg
c:program filesThe Bat!Imagesdefault.msl
c:program filesThe Bat!ImagesDefault42.gif
c:program filesThe Bat!ImagesDefaultangel.gif
c:program filesThe Bat!ImagesDefaultangry.gif
c:program filesThe Bat!ImagesDefaultbag.gif
c:program filesThe Bat!ImagesDefaultbeer.gif
c:program filesThe Bat!ImagesDefaultblink.gif
c:program filesThe Bat!ImagesDefaultcat.gif
c:program filesThe Bat!ImagesDefaultcheerful.gif
c:program filesThe Bat!ImagesDefaultcoffee.gif
c:program filesThe Bat!ImagesDefaultcool.gif
c:program filesThe Bat!ImagesDefaultcrazy.gif
c:program filesThe Bat!ImagesDefaultcry.gif
c:program filesThe Bat!ImagesDefaultcwy.gif
c:program filesThe Bat!ImagesDefaultdevil.gif
c:program filesThe Bat!ImagesDefaultdog.gif
c:program filesThe Bat!ImagesDefaultgetlost.gif
c:program filesThe Bat!ImagesDefaultgetlost2.gif
c:program filesThe Bat!ImagesDefaultgift.gif
c:program filesThe Bat!ImagesDefaultgpig.gif
c:program filesThe Bat!ImagesDefaultgrin.gif
c:program filesThe Bat!ImagesDefaultgun.gif
c:program filesThe Bat!ImagesDefaulth2g2.gif
c:program filesThe Bat!ImagesDefaulthappy.gif
c:program filesThe Bat!ImagesDefaultheadshot.gif
c:program filesThe Bat!ImagesDefaulthmm.gif
c:program filesThe Bat!ImagesDefaulthrhr.gif
c:program filesThe Bat!ImagesDefaultkissing.gif
c:program filesThe Bat!ImagesDefaultknifed.gif
c:program filesThe Bat!ImagesDefaultlaughing.gif
c:program filesThe Bat!ImagesDefaultlove.gif
c:program filesThe Bat!ImagesDefaultlunch.gif
c:program filesThe Bat!ImagesDefaultmovie.gif
c:program filesThe Bat!ImagesDefaultmusic.gif
c:program filesThe Bat!ImagesDefaultno.gif
c:program filesThe Bat!ImagesDefaultomg.gif
c:program filesThe Bat!ImagesDefaultoops.gif
c:program filesThe Bat!ImagesDefaultphone.gif
c:program filesThe Bat!ImagesDefaultpoo.gif
c:program filesThe Bat!ImagesDefaultpouty.gif
c:program filesThe Bat!ImagesDefaultsad.gif
c:program filesThe Bat!ImagesDefaultshocked.gif
c:program filesThe Bat!ImagesDefaultshower.gif
c:program filesThe Bat!ImagesDefaultsick.gif
c:program filesThe Bat!ImagesDefaultsideways.gif
c:program filesThe Bat!ImagesDefaultsmile.gif
c:program filesThe Bat!ImagesDefaultstfu.gif
c:program filesThe Bat!ImagesDefaultteeth.gif
c:program filesThe Bat!ImagesDefaulttungue.gif
c:program filesThe Bat!ImagesDefaultufo.gif
c:program filesThe Bat!ImagesDefaultvomit.gif
c:program filesThe Bat!ImagesDefaultw00t.gif
c:program filesThe Bat!ImagesDefaultweird.gif
c:program filesThe Bat!ImagesDefaultwhistle.gif
c:program filesThe Bat!ImagesDefaultwink.gif
c:program filesThe Bat!ImagesDefaultwtf.gif
c:program filesThe Bat!ImagesDefaultyes.gif
c:program filesThe Bat!ImagesDefaultzzz.gif
c:program filesThe Bat!savesetReadme.txt
c:program filesThe Bat!savesetRestoreSettings.bat
c:program filesThe Bat!savesetSaveSettings.bat
c:program filesThe Bat!SSCE5132.dll
c:program filesThe Bat!TBMapi.dll
c:program filesThe Bat!thebat.exe
c:program filesThe Bat!thebat.lng
c:recyclerS-1-5-21-4609987952-4164266956-809101808-7473
c:recyclerS-1-5-21-4609987952-4164266956-809101808-7473Desktop.ini
c:recyclerS-1-5-21-4609987952-4164266956-809101808-7473nissan.exe
c:recyclerS-1-5-21-9704198743-6202567347-392985598-3423.
((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.2010-04-20 05:22 . 2010-04-20 05:22 921632 —-a-w- C:PA7302.DAT
2010-04-14 08:03 . 2010-04-14 08:03
d-sh—w- c:documents and settingsAll UsersApplication DataSecuROM
2010-04-14 07:49 . 2010-04-14 08:00
d
w- c:program filesCommon FilesBioWare
2010-04-14 07:29 . 2010-04-14 15:33
d
w- c:program filesDAEMON Tools Lite
2010-04-14 06:19 . 2008-04-14 16:10 15360 -c—a-w- c:windowssystem32dllcachectfmon.exe
2010-04-14 06:19 . 2008-04-14 16:10 15360 —-a-w- c:windowssystem32ctfmon.exe
2010-04-13 17:36 . 2010-04-13 17:36 300544 —-a-w- c:windowssystem32fidepil.exe
2010-04-13 12:25 . 2010-04-16 13:57
d
w- C:Photo
2010-04-11 18:31 . 2010-04-11 18:30 300544 —-a-w- c:windowssystem32gooquumywou.exe
2010-04-11 18:30 . 2010-04-11 18:30 300544 —-a-w- c:windowssystem32zouloovenou.exe
2010-04-11 18:30 . 2010-04-11 18:30 129024 —sh—r- c:documents and settingsAdminApplication Datawyzlo.exe
2010-04-10 17:27 . 2010-04-10 17:27
d
w- c:documents and settingsAdminApplication Datateamspeak2
2010-04-06 11:57 . 2010-04-06 11:57
d
w- c:documents and settingsAdminApplication DataAssassin’s Creed II
2010-04-06 11:57 . 2010-04-06 11:39 1193739 —-a-w- c:documents and settingsAdminApplication DataAssassin’s Creed IIUninstallunins000.exe
2010-04-02 17:12 . 2010-04-16 22:51
d
w- C:Movavi files
2010-04-02 14:19 . 2010-04-02 14:20
d
w- c:program filesMovavi Video Converter 9
2010-03-31 17:11 . 2010-03-31 17:11 5918776 —-a-w- c:documents and settingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malwarembam-setup.exe
2010-03-28 11:05 . 2009-05-29 21:37 205824 —-a-w- c:windowssystem32xvidvfw.dll
2010-03-28 11:05 . 2009-05-29 21:31 881664 —-a-w- c:windowssystem32xvidcore.dll
2010-03-28 11:05 . 2010-03-14 18:00 85504 —-a-w- c:windowssystem32ff_vfw.dll
2010-03-28 11:04 . 2010-03-28 11:05
d
w- c:program filesK-Lite Codec Pack
2010-03-28 10:13 . 2010-03-28 10:13 64000 -c—a-w- c:windowssystem32dllcachewmplayer.exe
2010-03-27 18:22 . 2010-03-27 18:22
d
w- c:program filesuTorrent
2010-03-27 18:21 . 2010-04-19 11:19
d
w- c:documents and settingsAdminApplication DatauTorrent
2010-03-25 17:50 . 2010-04-01 16:56
d
w- c:documents and settingsAdminApplication DatamIRC
2010-03-25 17:50 . 2010-04-01 16:54
d
w- c:program filesmIRC.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 12:44 . 2008-01-11 17:50 215160 —-a-w- c:windowssystem32PnkBstrB.exe
2010-04-20 12:40 . 2008-01-11 17:50 138808 —-a-w- c:windowssystem32driversPnkBstrK.sys
2010-04-20 05:05 . 2009-10-04 16:09
d
w- c:program filesABBYY FineReader 9.0
2010-04-19 18:01 . 2009-09-25 13:13
d
w- c:documents and settingsAdminApplication DataICQ
2010-04-18 17:02 . 2009-12-26 10:02
d
w- c:documents and settingsAdminApplication DataSkype
2010-04-18 17:02 . 2009-11-12 22:27
d
w- c:documents and settingsAdminApplication DataskypePM
2010-04-15 16:04 . 2007-12-26 14:40
d
w- c:program filesOpera
2010-04-14 22:23 . 2007-12-26 14:40
d
w- c:program filesHfs
2010-04-14 15:33 . 2007-12-26 14:40
d
w- c:program filesUnlocker
2010-04-14 07:29 . 2007-12-26 14:34 691696 —-a-w- c:windowssystem32driverssptd.sys
2010-04-12 16:50 . 2010-01-27 20:35
d
w- c:program filesSteam
2010-04-06 12:00 . 2008-03-22 08:48
d
w- c:documents and settingsAdminApplication DataUbisoft
2010-04-06 12:00 . 2008-01-23 12:47
d
w- c:documents and settingsAll UsersApplication DataUbisoft
2010-04-02 14:37 . 2010-03-13 14:01
d
w- c:program filesXilisoft
2010-03-31 17:12 . 2010-02-25 16:32
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-03-29 21:46 . 2010-02-25 16:32 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-03-29 21:45 . 2010-02-25 16:32 20824 —-a-w- c:windowssystem32driversmbam.sys
2010-03-28 09:50 . 2004-08-18 12:00 84934 —-a-w- c:windowssystem32perfc019.dat
2010-03-28 09:50 . 2004-08-18 12:00 487386 —-a-w- c:windowssystem32perfh019.dat
2010-03-27 18:44 . 2007-12-26 14:41
d
w- c:program filesDownload Master
2010-03-20 06:38 . 2010-03-20 06:38 0 —ha-w- c:windowssystem32driversMsft_Kernel_LUsbFilt_01005.Wdf
2010-03-18 15:54 . 2010-02-23 14:53
d
w- c:program filesSpybot — Search & Destroy
2010-03-18 15:53 . 2010-02-23 14:53
d
w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2010-03-13 14:02 . 2010-03-13 14:02
d
w- c:documents and settingsAdminApplication DataXilisoft Corporation
2010-03-13 00:15 . 2010-03-13 00:08
d
w- c:program filesExtra Video Converter Pro
2010-03-12 23:40 . 2010-03-12 23:40
d
w- c:documents and settingsAdminApplication DataMOVAVI
2010-03-07 13:28 . 2009-01-25 16:30
d
w- c:program filesNokia
2010-03-05 16:08 . 2008-12-06 07:28 1316168 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-03-04 20:02 . 2010-02-25 19:16
d
w- c:program filesCommon FilesScanner
2010-03-04 08:01 . 2010-03-04 08:01
d
w- c:documents and settingsNetworkServiceApplication DataYahoo!
2010-02-27 11:32 . 2010-02-27 11:32
d
w- c:documents and settingsAdminApplication DataLogitech
2010-02-27 11:32 . 2010-02-26 16:48
d
w- c:program filesCommon FilesLogishrd
2010-02-27 11:32 . 2010-02-25 19:13
d
w- c:documents and settingsAll UsersApplication DataLogiShrd
2010-02-27 11:31 . 2010-02-27 11:31 0 —ha-w- c:windowssystem32driversMsft_Kernel_LMouFilt_01005.Wdf
2010-02-27 11:31 . 2010-02-27 11:31 0 —ha-w- c:windowssystem32driversMsft_Kernel_LHidFilt_01005.Wdf
2010-02-27 11:31 . 2010-02-27 11:31 0 —ha-w- c:windowssystem32driversMsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-27 11:30 . 2007-12-26 14:39
d—h—w- c:program filesInstallShield Installation Information
2010-02-27 11:30 . 2010-02-27 11:30
d
w- c:program filesLogitech
2010-02-26 16:45 . 2010-02-25 19:14
d
w- c:program filesCommon FilesLogitech
2010-02-25 19:17 . 2010-02-25 19:17
d
w- c:documents and settingsAdminApplication DataYahoo!
2010-02-25 19:14 . 2010-02-25 19:14
d
w- c:documents and settingsAll UsersApplication DataLogitech
2010-02-25 17:31 . 2008-04-07 07:33
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-02-25 16:32 . 2010-02-25 16:32
d
w- c:documents and settingsAdminApplication DataMalwarebytes
2010-02-25 16:32 . 2010-02-25 16:32
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-02-23 12:03 . 2009-11-26 13:35
d
w- c:program filestrend micro
2010-02-21 21:07 . 2010-02-21 21:07 11264 —-a-w- c:windowssystem32driversuzg4njgz.sys
2010-02-21 20:51 . 2007-12-26 14:40
d
w- c:program filesCcleaner
2010-02-21 16:56 . 2009-12-11 21:54
d
w- c:program filesBRS
2010-02-21 16:55 . 2007-12-26 14:40
d
w- c:program filesSMSDV
2010-02-21 16:47 . 2009-05-17 10:50
d
w- c:program filesQIP.Online
2010-02-21 16:23 . 2009-06-13 19:22
d
w- c:documents and settingsAdminApplication DataUniblue
2010-02-21 15:19 . 2007-12-26 14:29
d
w- c:program filesVistaDriveIcon
2010-02-10 17:13 . 2007-12-26 14:41 165376 —-a-w- c:windowssystem32unrar.dll
2010-02-08 14:31 . 2010-02-08 14:31 10134 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{71CFE572-6C01-96C4-F90E-36C147C98123}ARPPRODUCTICON.exe
2010-02-08 14:26 . 2008-01-08 17:49 1324 —-a-w- c:windowssystem32d3d9caps.dat
2010-01-27 20:35 . 2010-01-27 20:35 15872 —-a-r- c:documents and settingsAdminApplication DataMicrosoftInstaller{048298C9-A4D3-490B-9FF9-AB023A9238F3}Icon048298C9.exe
.
c:program filesAdobePhotoshop Album Starter Edition3.2Appsapdproxy .exe
c:program filesAMDDual-Core Optimizeramd_dc_opt .exe
c:program filesATI TechnologiesATI.ACECore-Staticclistart .exe
c:program filesDAEMON Tools Litedtlite .exe
c:program filesESETESET NOD32 Antivirusegui .exe
c:program filesSony EricssonMobile2Application Launcherapplication launcher .exe
c:program filesSpybot - Search & Destroyteatimer .exe
c:program filesUnlockerunlockerassistant .exe
c:program filesUnlockerunlockerassistant .exe
c:program filesUnlockerunlockerassistant .exe
c:program filesVistaDriveIconvistadrv .exe
c:program filesVolumeControlvolume .exe
c:windowsPixArtPac7302monitor .exe
Sigcheck
[7] 2008-04-14 . 4379CA978CB35BB2458156B2B6CB35DF . 1571840 . . [5.1.2600.5512] . . c:windowsERDNTcachesfcfiles.dll
[7] 2008-04-14 . 4379CA978CB35BB2458156B2B6CB35DF . 1571840 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386sfcfiles.dll
[-] 2007-12-26 . 867C8A991BF369B3FAFC3B64ADC6FC5C . 1548288 . . [5.1.2600.2180] . . c:windows$NtServicePackUninstall$sfcfiles.dll
[-] 2004-01-23 . E8728E3C12F7870BC74224201A830F70 . 1145856 . . [5.1.2600.1106] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Kernel and Hardware Abstraction Layer»=»KHALMNPR.EXE» [2009-06-17 55824]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2007-06-13 528384]
«PAC7302_Monitor»=»c:windowsPixArtPAC7302Monitor.exe» [2006-11-03 319488]
«UnlockerAssistant»=»c:program filesunlockerunlockerassistant .exe» [N/A]
«gimmou»=»c:windowssystem32zouloovenou.exe» [2010-04-11 300544][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [N/A]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«ZZZZ2_FirstLogonSetting»=»advpack.dll» [2008-10-16 124928]
«IE7_012″=»advpack.dll» [2008-10-16 124928]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Logitech SetPoint.lnk — c:program filesLogitechSetPointSetPoint.exe [2010-2-27 813584][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoThumbnailCache»= 1 (0x1)
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLBTWlgn]
2009-07-20 10:28 72208 —-a-w- c:program filesCommon FilesLogishrdBluetoothLBTWLgn.dll[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
2008-06-08 11:22 69632 —-a-r- c:windowsAlcmtr.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUSGamerOSD]
c:program filesASUSGamerOSDGamerOSD.exe [N/A][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKillCopy]
2008-06-08 11:22 1185792 —-a-w- c:windowssystem32killcopy.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
2008-06-08 11:21 86016 —-a-w- c:program filesLClockLClock.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]
2008-06-08 11:18 2048000 —-a-w- c:program filesAheadNero BackItUpNBJ.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2008-06-08 11:29 155648 —-a-w- c:windowssystem32nerocheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
RTHDCPL.EXE [N/A][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSidebar]
2007-02-26 20:50 1254912 —-a-w- c:program filesWindows Sidebarsidebar.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
2008-06-08 11:22 2879488 —-a-r- c:windowsSkyTel.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe [N/A][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
c:program filesUnlockerUnlockerAssistant.exe [N/A][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\WINDOWS\system32\dpnsvr.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«e:\Games\Counter\hl.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«e:\Games\TDU\exe\TestDriveUnlimited.exe»=
«e:\Games\CALL\iw3mp.exe»=
«e:\Games\Need For Speed Underground\nfsuclient_alkar.exe»=
«e:\Games\Need For Speed Underground\speed.exe»=
«e:\Icq\ICQ6.5\ICQ.exe»=
«c:\Program Files\SopCast\SopCast.exe»=
«e:\Games\Counter\hltv.exe»=
«c:\Program Files\Opera\Opera.exe»=
«c:\Documents and Settings\Admin\Application Data\SopCast\adv\SopAdver.exe»=
«e:\Games\DIRT 2\dirt2_game.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«e:\Games\Mass Effect 2\Binaries\MassEffect2.exe»=
«e:\Games\Mass Effect 2\MassEffect2Launcher.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«9923:TCP»= 9923:TCP:bsbno
«3389:TCP»= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
«8103:TCP»= 8103:TCPR0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [13.10.2005 16:46 35328]
R0 sptd;sptd;c:windowssystem32driverssptd.sys [26.12.2007 17:34 691696]
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [06.02.2009 15:23 106208]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [06.02.2009 15:24 93336]
R1 uzg4njgz;AVZ-RK Kernel Driver;c:windowssystem32driversuzg4njgz.sys [22.02.2010 0:07 11264]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:program filesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [27.10.2008 21:03 759072]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [06.02.2009 15:23 727720]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe [22.07.2009 22:16 222968]
R2 LBeepKE;LBeepKE;c:windowssystem32driversLBeepKE.sys [27.02.2010 14:32 10384]
S0 bjxqbtbq;bjxqbtbq; [x]
S2 bzaau5czeu6ey0i;Creative ALchemy AL1 Licensing Service;c:windowssystem32gooquumywou.exe [11.04.2010 21:31 300544]
S2 xyvhswky;??c:d;??c:docume~1AdminLOCALS~1Tempuoermiwdah.sys —> c:docume~1AdminLOCALS~1Tempuoermiwdah.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:windowssystem32driverss816bus.sys [21.09.2009 21:22 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:windowssystem32driverss816mdfl.sys [21.09.2009 21:25 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:windowssystem32driverss816mdm.sys [21.09.2009 21:25 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:windowssystem32driverss816mgmt.sys [21.09.2009 21:35 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:windowssystem32driverss816nd5.sys [21.09.2009 21:36 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:windowssystem32driverss816obex.sys [21.09.2009 21:35 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:windowssystem32driverss816unic.sys [21.09.2009 21:35 97704]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
lbnepzt
rbkkg
cmrlxjx
wnkjp
nclqm
fojouzz[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsWindows Sidebar]
c:windowssystem32hidec [N/A][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}]
2004-08-04 02:07 11776 —-a-w- c:program filesWindows Sidebarregsvr32.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}]
2004-08-04 02:07 11776 —-a-w- c:program filesWindows Sidebarregsvr32.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}]
c:program filesWindows SidebarVAIO.vshellext.dll [N/A]
.
Contents of the ‘Scheduled Tasks’ folder
.
.
Supplementary Scan
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Crawler Search — tbr:iemenu
IE: Передать на удаленную закачку DM
TCP: {DB1A5B64-2A47-45DB-8229-94171839A0A8} = 195.248.191.67,195.248.191.72
Handler: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — c:progra~1CrawlerToolbarctbr.dll
.
— — — — ORPHANS REMOVED — — — —AddRemove-Uniblue RegistryBooster 2009 — c:documents and settingsAll UsersApplication Data{92E7A367-8E12-4830-AA70-29C32E331A81}Uniblue RegistryBooster.exe
AddRemove-Octoshape add-in for Adobe Flash Player — c:documents and settingsAdminApplication DataMacromediaFlash Playerwww.macromedia.combinoctoshapeoctoshape.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 16:01
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync03.sys sfsync02.sys atapi.sys sppe.sys >>UNKNOWN [0x8A97B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xba0fcf28
DriverACPI -> ACPI.sys @ 0xb9e74cb8
Driveratapi -> sfsync03.sys @ 0xba0c995c
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
DeviceHarddisk0DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9cffbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d0ca21
SendHandler -> NDIS.sys @ 0xb9cea87b
user & kernel MBR OK**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(744)
c:windowssystem32Ati2evxx.dll
c:program filescommon fileslogishrdbluetoothLBTWlgn.dll
c:program filescommon fileslogishrdbluetoothLBTServ.dll— — — — — — — > ‘explorer.exe'(1380)
c:program filesLogitechSetPointGameHook.dll
c:program filesLogitechSetPointlgscroll.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
c:windowssystem32Ati2evxx.exe
c:windowssystem32Ati2evxx.exe
c:program filesBonjourmDNSResponder.exe
c:matlab6p5webserverbinwin32matlabserver.exe
c:windowssystem32PnkBstrA.exe
c:windowssystem32PnkBstrB.exe
c:matlab6p5binwin32matlab.exe
c:windowssystem32wscntfy.exe
c:program filesCommon FilesLogishrdKHAL2KHALMNPR.EXE
c:program filesCommon FilesTeleca SharedGeneric.exe
c:program filesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
.
**************************************************************************
.
Completion time: 2010-04-20 16:06:02 — machine was rebooted
ComboFix-quarantined-files.txt 2010-04-20 13:06Pre-Run: 11 276 361 728 байт свободно
Post-Run: 11 267 145 728 байт свободно— — End Of File — — E22FF209A6CD925ABC9BF4FA2E61A5C0
Combofix лог так и не выдал , в папке нашел какойто лог может быть ето он 🙂 :
Не могу теперь удалить combofix (ввожу combofix /uninstall ,пробел есть, а он вместо того чтобы удалится опять начинает сканировать ,помогите пжлст.ComboFix 10-04-04.01 — Admin 05.04.2010 22:33:23.14.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.380.1049.18.2047.1591 [GMT 3:00]
Running from: C:Documents and SettingsAdminРабочий столComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AGAVA Firewall *disabled* {A1B3B6D5-4E09-45D3-BC0D-5A1AC0DE29AC}
* Resident AV is active.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:Documents and SettingsAdminApplication DataDesktopicon
C:Documents and SettingsAdminApplication DataDesktopiconeBay.ico
C:Documents and SettingsAdminApplication DataDesktopiconuninst.exe
C:Documents and SettingsAdminApplication DataExplorer
C:Documents and SettingsAdmincsrss.exe
C:RECYCLERS-1-5-21-0094691939-8747821345-372999968-6957
C:RECYCLERS-1-5-21-0181210444-0289049536-138161219-0100
C:RECYCLERS-1-5-21-0431507959-6049151638-175340841-7835
C:RECYCLERS-1-5-21-0536516902-7817247357-927925632-4236
C:RECYCLERS-1-5-21-1168313202-8767768907-048483096-4535
C:RECYCLERS-1-5-21-2111787090-1135161616-535513088-3858
C:RECYCLERS-1-5-21-2342176132-3520140324-907214254-8794
C:RECYCLERS-1-5-21-2723347985-1915102520-777698034-5186
C:RECYCLERS-1-5-21-2757758628-7636074437-221190171-5723
C:RECYCLERS-1-5-21-2874224379-5934001318-459853139-3573
C:RECYCLERS-1-5-21-3397353936-7116516059-291644880-4270
C:RECYCLERS-1-5-21-3525299663-7848271836-304509829-5082
C:RECYCLERS-1-5-21-3658745005-5788646226-900565423-0448
C:RECYCLERS-1-5-21-4363730627-9387529146-569160962-3665
C:RECYCLERS-1-5-21-4373289289-3816719031-759975916-6152
C:RECYCLERS-1-5-21-4391658717-3146378906-347249971-7316
C:RECYCLERS-1-5-21-4504874160-4274729863-842082223-5295
C:RECYCLERS-1-5-21-4540039115-2912770315-716972603-0243
C:RECYCLERS-1-5-21-4545703790-4030865150-977827860-1921
C:RECYCLERS-1-5-21-4727550254-1898238879-757923428-3947
C:RECYCLERS-1-5-21-4872774725-8803790129-683203883-8977
C:RECYCLERS-1-5-21-5076960309-9035103403-159210508-6524
C:RECYCLERS-1-5-21-5288101888-9812765520-981193957-9341
C:RECYCLERS-1-5-21-5342757279-3736985892-442831691-7044
C:RECYCLERS-1-5-21-5401839228-0106042561-483859903-5733
C:RECYCLERS-1-5-21-5497553402-1992889818-254540069-0912
C:RECYCLERS-1-5-21-5777858691-6014957592-634826306-9499
C:RECYCLERS-1-5-21-6183978528-8589769976-886915412-3896
C:RECYCLERS-1-5-21-6500229640-1803704720-964222308-3865
C:RECYCLERS-1-5-21-6863313016-9848697065-029568578-4499
C:RECYCLERS-1-5-21-6884401195-2620637023-232546888-6352
C:RECYCLERS-1-5-21-6892733774-1428573187-407211502-0958
C:RECYCLERS-1-5-21-6948112150-7686413694-740988304-5037
C:RECYCLERS-1-5-21-7140198618-1284250165-791272233-8961
C:RECYCLERS-1-5-21-7240464418-3994626645-716977779-8838
C:RECYCLERS-1-5-21-7361219733-1339016942-759298073-4821
C:RECYCLERS-1-5-21-7592380494-0715438022-150680606-1088
C:RECYCLERS-1-5-21-7722328269-6032602228-666901676-4320
C:RECYCLERS-1-5-21-7723603332-8271281783-676051182-9840
C:RECYCLERS-1-5-21-8258633602-5346751795-703091826-7825
C:RECYCLERS-1-5-21-8285880863-3157417948-845859634-2897
C:RECYCLERS-1-5-21-8362063633-3379671124-995911105-6237
C:RECYCLERS-1-5-21-8480083681-2406795414-781669650-8870
C:RECYCLERS-1-5-21-8530786491-8284460612-213611137-3452
C:RECYCLERS-1-5-21-8580031520-7761131036-696903263-1821
C:RECYCLERS-1-5-21-8841771695-4718650127-337608242-9843
C:RECYCLERS-1-5-21-9012750622-3431121099-739001745-5651
C:RECYCLERS-1-5-21-9153791027-6314341820-354556824-6915
C:RECYCLERS-1-5-21-9212812621-5491623137-857199160-6140
C:RECYCLERS-1-5-21-9292514071-9701879563-701199557-5182
C:RECYCLERS-1-5-21-9430480848-5290969579-581973582-9805
C:RECYCLERS-1-5-21-9476794668-5262471655-878370992-2413
C:RECYCLERS-1-5-21-9737437517-4995692692-772527929-6217
C:RECYCLERS-1-5-21-9904175467-7776575143-918237212-8556
C:RECYCLERS-1-5-21-9980110164-9154121466-257839618-7721
C:WINDOWS.010644224195659246.exe
C:WINDOWS.37946001245807925.exe
C:WINDOWS.48529741206196675.exe
C:WINDOWS.5231878745015865.exe
C:WINDOWS.5765963550706679.exe
C:WINDOWS.6454514883229033 .exe
C:WINDOWSdel.bat
C:WINDOWSsystem32Пузыри.scr
C:WINDOWSsystem320setup.exe
C:WINDOWSsystem3210setup.exe
C:WINDOWSsystem32crt.dat
C:WINDOWSsystem32ctfmon .exe
C:WINDOWSsystem32mswmpdat.tlb
C:WINDOWSsystem32ssField Lines.scr
C:WINDOWSsystem32ssRibbons.scr
C:WINDOWSsystem32SYSINTERNALS_BLUESCREEN.SCR
C:WINDOWSsystem32winview.ocx
C:WINDOWSsystem32wmcache.nld.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_SFC
Service_sfc((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))
.Лог RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2010-04-04 18:20:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (4%) free of 50 GB
Total RAM: 2047 MB (73% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:54, on 04.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:MATLAB6p5webserverbinwin32matlabserver.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSExplorer.EXE
C:WINDOWSPixArtPAC7302Monitor.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesOperaOpera.exe
D:СережаprogramRSIT.exe
C:Program Filestrend microHijackThisAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {855F3B16-6D32-4fe6-8A56-BBB695989046} — (no file)
O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [PAC7302_Monitor] C:WINDOWSPixArtPAC7302Monitor.exe
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Crawler Search — tbr:iemenu
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232392041796
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232392023953
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} — file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O17 — HKLMSystemCCSServicesTcpip..{DB1A5B64-2A47-45DB-8229-94171839A0A8}: NameServer = 195.248.191.67,195.248.191.72
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — C:PROGRA~1CrawlerToolbarctbr.dll
O23 — Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Logitech Bluetooth Service (LBTServ) — Logitech, Inc. — C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe
O23 — Service: MATLAB Server (matlabserver) — Unknown owner — C:MATLAB6p5webserverbinwin32matlabserver.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7135 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Kernel and Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2009-06-17 55824]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2007-06-13 528384]
«PAC7302_Monitor»=C:WINDOWSPixArtPAC7302Monitor.exe [2006-11-03 319488]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2010-03-09 15872][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
C:WINDOWSALCMTR.EXE [2008-06-08 69632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUSGamerOSD]
C:Program FilesASUSGamerOSDGamerOSD.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKillCopy]
C:WINDOWSsystem32killcopy.exe [2008-06-08 1185792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
C:Program FilesLClockLClock.exe [2008-06-08 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]
C:Program FilesAheadNero BackItUpNBJ.exe [2008-06-08 2048000][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2008-06-08 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
RTHDCPL.EXE [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSidebar]
C:Program FilesWindows Sidebarsidebar.exe [2007-02-26 1254912][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
C:WINDOWSSkyTel.EXE [2008-06-08 2879488][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
C:Program FilesUnlockerUnlockerAssistant.exe [2010-03-09 15872]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Logitech SetPoint.lnk — C:Program FilesLogitechSetPointSetPoint.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2009-12-11 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyLBTWlgn]
c:program filescommon fileslogishrdbluetoothLBTWlgn.dll [2009-07-20 72208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:WINDOWSsystem32dpnsvr.exe»=»C:WINDOWSsystem32dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«E:GamesCounterhl.exe»=»E:GamesCounterhl.exe:*:Enabled:Half-Life Launcher»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«E:GamesFar Cry 2binFarCry2.exe»=»E:GamesFar Cry 2binFarCry2.exe:*:Enabled:Far Cry 2»
«E:GamesFar Cry 2binFC2Launcher.exe»=»E:GamesFar Cry 2binFC2Launcher.exe:*:Enabled:Far Cry 2 Updater»
«E:GamesFar Cry 2binFC2Editor.exe»=»E:GamesFar Cry 2binFC2Editor.exe:*:Enabled:Editor»
«E:GamesTDUexeTestDriveUnlimited.exe»=»E:GamesTDUexeTestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited»
«E:GamesCALLiw3mp.exe»=»E:GamesCALLiw3mp.exe:*:Enabled:Call of Duty(R) 4 — Modern Warfare(TM)»
«E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe»=»E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe:*:Disabled:nfsuclient_alkar»
«E:GamesNeed For Speed Undergroundspeed.exe»=»E:GamesNeed For Speed Undergroundspeed.exe:*:Enabled:speed»
«E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe»=»E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe:*:Disabled:pandora»
«E:IcqICQ6.5ICQ.exe»=»E:IcqICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesSopCastSopCast.exe»=»C:Program FilesSopCastSopCast.exe:*:Enabled:SopCast Main Application»
«E:GamesCounterhltv.exe»=»E:GamesCounterhltv.exe:*:Enabled:HLTV Launcher»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe»=»C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe:*:Enabled:SopCast Adver»
«E:GamesProEvoSocpes2010.exe»=»E:GamesProEvoSocpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«C:Documents and SettingsAdminРабочий столpes2010.exe»=»C:Documents and SettingsAdminРабочий столpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«E:GamesFallout 3Fallout3.exe»=»E:GamesFallout 3Fallout3.exe:*:Enabled:Fallout 3»
«E:GamesDIRT 2dirt2_game.exe»=»E:GamesDIRT 2dirt2_game.exe:*:Enabled:DiRT2»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======File associations======
.scr — open —
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2010-04-02 20:12:47 —-D—- C:Movavi files
2010-04-02 17:19:17 —-D—- C:Program FilesMovavi Video Converter 9
2010-03-28 14:05:05 —-A—- C:WINDOWSsystem32xvidvfw.dll
2010-03-28 14:05:05 —-A—- C:WINDOWSsystem32xvidcore.dll
2010-03-28 14:05:00 —-A—- C:WINDOWSsystem32ff_vfw.dll
2010-03-28 14:04:58 —-D—- C:Program FilesK-Lite Codec Pack
2010-03-27 21:22:08 —-D—- C:Program FilesuTorrent
2010-03-27 21:21:39 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2010-03-25 20:50:26 —-D—- C:Documents and SettingsAdminApplication DatamIRC
2010-03-25 20:50:25 —-D—- C:Program FilesmIRC
2010-03-18 18:58:01 —-A—- C:WINDOWSsystem32cmd.exe
2010-03-13 17:02:10 —-D—- C:Documents and SettingsAdminApplication DataXilisoft Corporation
2010-03-13 17:01:25 —-D—- C:Program FilesXilisoft
2010-03-13 03:08:43 —-D—- C:Program FilesExtra Video Converter Pro
2010-03-13 02:55:25 —-A—- C:WINDOWSsystem32SkinCrafter.dll
2010-03-13 02:55:24 —-A—- C:WINDOWSsystem32viscomwave.dll
2010-03-13 02:55:24 —-A—- C:WINDOWSsystem32viscomqtde.dll
2010-03-13 02:40:15 —-D—- C:Documents and SettingsAdminApplication DataMOVAVI======List of files/folders modified in the last 1 months======
2010-04-04 18:17:52 —-D—- C:WINDOWStemp
2010-04-04 18:17:00 —-D—- C:WINDOWS
2010-04-04 18:13:37 —-SD—- C:WINDOWSTasks
2010-04-04 17:29:59 —-A—- C:WINDOWSNeroDigital.ini
2010-04-04 15:55:20 —-D—- C:Documents and SettingsAdminApplication DataSkype
2010-04-04 13:00:00 —-N—- C:WINDOWSSchedLgU.Txt
2010-04-04 12:43:21 —-D—- C:Program FilesSteam
2010-04-04 12:43:09 —-D—- C:WINDOWSsystem32CatRoot2
2010-04-04 10:39:20 —-D—- C:Documents and SettingsAdminApplication DataskypePM
2010-04-02 17:19:32 —-SHD—- C:WINDOWSInstaller
2010-04-02 17:19:17 —-D—- C:Program Files
2010-04-02 16:50:36 —-D—- C:WINDOWSsystem32
2010-04-01 20:29:36 —-D—- C:Program FilesABBYY FineReader 9.0
2010-03-31 20:12:04 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2010-03-31 20:11:13 —-D—- C:WINDOWSsystem32drivers
2010-03-31 20:05:10 —-HD—- C:WINDOWSinf
2010-03-30 16:59:40 —-D—- C:Program FilesHfs
2010-03-28 22:28:06 —-SHD—- C:RECYCLER
2010-03-28 13:58:36 —-D—- C:Program FilesUnlocker
2010-03-28 13:14:01 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-03-28 12:53:32 —-D—- C:Documents and SettingsAdminApplication DataICQ
2010-03-28 12:50:31 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2010-03-27 21:44:26 —-D—- C:Program FilesDownload Master
2010-03-25 19:31:57 —-D—- C:WINDOWSMinidump
2010-03-24 00:27:02 —-D—- C:Program FilesOpera
2010-03-20 10:48:35 —-A—- C:WINDOWSwin.ini
2010-03-18 18:54:17 —-D—- C:Program FilesSpybot — Search & Destroy
2010-03-18 18:53:24 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2010-03-14 18:53:12 —-D—- C:WINDOWSl2schemas
2010-03-14 18:53:03 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2010-03-14 18:35:03 —-D—- C:Program FilesInternet Explorer
2010-03-07 16:28:31 —-D—- C:Program FilesNokia
2010-03-06 13:46:27 —-D—- C:WINDOWSSxsCaPendDel
2010-03-06 13:45:46 —-D—- C:WINDOWSWinSxS
2010-03-06 13:44:28 —-D—- C:WINDOWSsystem32DirectX
2010-03-05 18:45:29 —-HDC—- C:WINDOWS$NtUninstallKB952287$======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 43520]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-02-06 93336]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-10-07 80576]
R1 uzg4njgz;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzg4njgz.sys []
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-02-06 113448]
R2 LBeepKE;LBeepKE; C:WINDOWSSystem32DriversLBeepKE.sys [2009-06-17 10384]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 AmdLLD;AMD Low Level Device Driver; C:WINDOWSsystem32DRIVERSAmdLLD.sys [2006-11-01 33280]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2009-12-12 4525056]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversAtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-01-03 4412928]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:WINDOWSsystem32DRIVERSLHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLMouFilt.Sys [2009-06-17 37392]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2007-06-28 20480]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2008-04-07 10368]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 a4ctiqa4;a4ctiqa4; C:WINDOWSsystem32driversa4ctiqa4.sys []
S3 a99ka52i;a99ka52i; C:WINDOWSsystem32driversa99ka52i.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:WINDOWSsystem32driversasusgsb.sys [2007-07-12 12416]
S3 catchme;catchme; ??C:DOCUME~1AdminLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2009-09-28 25280]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:WINDOWSSystem32DriversLUsbFilt.Sys [2009-06-17 28560]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 PAC7302;iLook 310; C:WINDOWSsystem32DRIVERSPAC7302.SYS [2007-10-29 458112]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:WINDOWSsystem32DRIVERSs816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:WINDOWSsystem32DRIVERSs816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:WINDOWSsystem32DRIVERSs816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DaulCamera; C:WINDOWSSystem32DriversCapt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
S3 Video3D;ASUS Video3D Service; C:WINDOWSSystem32DriversVideo3D32.sys []
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2007-06-18 38528]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sfc;sfc; C:WINDOWSsystem32driverssfc.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2008-04-14 73472]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2008-10-27 759072]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2009-12-11 602112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2009-08-16 222968]
R2 matlabserver;MATLAB Server; C:MATLAB6p5webserverbinwin32matlabserver.exe [2002-06-18 503808]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-07-01 75064]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-06-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2008-06-08 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe [2009-07-20 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-06-08 441344]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2008-06-08 145408]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2008-06-08 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
Вот лог OTM:
All processes killed
========== SERVICES/DRIVERS ==========
No service named dwshd was found to stop!
No service named dwshd was found to delete!
No service named sfc was found to stop!
No service named sfc was found to delete!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaec.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys2e49644d deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys3115e3fc deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys462d66b deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys6d2e64e4 deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaec.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys2e49644d deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys3115e3fc deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys462d66b deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys6d2e64e4 deleted successfully.
========== FILES ==========
C:WINDOWStasksAt1.job moved successfully.
C:WINDOWStasksAt10.job moved successfully.
C:WINDOWStasksAt11.job moved successfully.
C:WINDOWStasksAt12.job moved successfully.
C:WINDOWStasksAt13.job moved successfully.
C:WINDOWStasksAt14.job moved successfully.
C:WINDOWStasksAt15.job moved successfully.
C:WINDOWStasksAt16.job moved successfully.
C:WINDOWStasksAt17.job moved successfully.
C:WINDOWStasksAt18.job moved successfully.
C:WINDOWStasksAt19.job moved successfully.
C:WINDOWStasksAt2.job moved successfully.
C:WINDOWStasksAt20.job moved successfully.
C:WINDOWStasksAt21.job moved successfully.
C:WINDOWStasksAt22.job moved successfully.
C:WINDOWStasksAt23.job moved successfully.
C:WINDOWStasksAt24.job moved successfully.
C:WINDOWStasksAt3.job moved successfully.
C:WINDOWStasksAt4.job moved successfully.
C:WINDOWStasksAt5.job moved successfully.
C:WINDOWStasksAt6.job moved successfully.
C:WINDOWStasksAt7.job moved successfully.
C:WINDOWStasksAt8.job moved successfully.
C:WINDOWStasksAt9.job moved successfully.
========== COMMANDS ==========[EMPTYTEMP]
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 87473 bytes
->Java cache emptied: 0 bytesUser: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytesUser: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytesUser: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34424759 bytes%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytesTotal Files Cleaned = 32,98 mb
OTM by OldTimer — Version 3.1.2.0 log created on 04042010_181337
Files moved on Reboot…
Registry entries deleted on Reboot…
Вот лог RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2010-04-02 16:30:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (4%) free of 50 GB
Total RAM: 2047 MB (69% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:22, on 02.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:MATLAB6p5webserverbinwin32matlabserver.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSPixArtPAC7302Monitor.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesOperaOpera.exe
D:СережаprogramRSIT.exe
C:Program Filestrend microHijackThisAdmin.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.qip.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: (no name) — {855F3B16-6D32-4fe6-8A56-BBB695989046} — (no file)
O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
O4 — HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 — HKLM..Run: [Sony Ericsson PC Suite] «C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [PAC7302_Monitor] C:WINDOWSPixArtPAC7302Monitor.exe
O4 — HKLM..Run: [UnlockerAssistant] «C:Program FilesUnlockerUnlockerAssistant.exe»
O4 — HKUSS-1-5-18..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O4 — Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Crawler Search — tbr:iemenu
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232392041796
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232392023953
O16 — DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} — file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O17 — HKLMSystemCCSServicesTcpip..{DB1A5B64-2A47-45DB-8229-94171839A0A8}: NameServer = 195.248.191.67,195.248.191.72
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: tbr — {4D25FB7A-8902-4291-960E-9ADA051CFBBF} — C:PROGRA~1CrawlerToolbarctbr.dll
O23 — Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) — ABBYY (BIT Software) — C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: ICQ Service — Unknown owner — C:Program FilesICQ6ToolbarICQ Service.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: Logitech Bluetooth Service (LBTServ) — Logitech, Inc. — C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe
O23 — Service: MATLAB Server (matlabserver) — Unknown owner — C:MATLAB6p5webserverbinwin32matlabserver.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7102 bytes======Scheduled tasks folder======
C:WINDOWStasksAt1.job
C:WINDOWStasksAt10.job
C:WINDOWStasksAt11.job
C:WINDOWStasksAt12.job
C:WINDOWStasksAt13.job
C:WINDOWStasksAt14.job
C:WINDOWStasksAt15.job
C:WINDOWStasksAt16.job
C:WINDOWStasksAt17.job
C:WINDOWStasksAt18.job
C:WINDOWStasksAt19.job
C:WINDOWStasksAt2.job
C:WINDOWStasksAt20.job
C:WINDOWStasksAt21.job
C:WINDOWStasksAt22.job
C:WINDOWStasksAt23.job
C:WINDOWStasksAt24.job
C:WINDOWStasksAt3.job
C:WINDOWStasksAt4.job
C:WINDOWStasksAt5.job
C:WINDOWStasksAt6.job
C:WINDOWStasksAt7.job
C:WINDOWStasksAt8.job
C:WINDOWStasksAt9.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Kernel and Hardware Abstraction Layer»=C:WINDOWSKHALMNPR.EXE [2009-06-17 55824]
«Sony Ericsson PC Suite»=C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe [2007-06-13 528384]
«PAC7302_Monitor»=C:WINDOWSPixArtPAC7302Monitor.exe [2006-11-03 319488]
«UnlockerAssistant»=C:Program FilesUnlockerUnlockerAssistant.exe [2010-03-09 15872][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
C:WINDOWSALCMTR.EXE [2008-06-08 69632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregASUSGamerOSD]
C:Program FilesASUSGamerOSDGamerOSD.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKillCopy]
C:WINDOWSsystem32killcopy.exe [2008-06-08 1185792][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
C:Program FilesLClockLClock.exe [2008-06-08 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]
C:Program FilesAheadNero BackItUpNBJ.exe [2008-06-08 2048000][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2008-06-08 155648][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
RTHDCPL.EXE [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSidebar]
C:Program FilesWindows Sidebarsidebar.exe [2007-02-26 1254912][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
C:WINDOWSSkyTel.EXE [2008-06-08 2879488][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
C:Program FilesUnlockerUnlockerAssistant.exe [2010-03-09 15872]C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Logitech SetPoint.lnk — C:Program FilesLogitechSetPointSetPoint.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2009-12-11 155648][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyLBTWlgn]
c:program filescommon fileslogishrdbluetoothLBTWlgn.dll [2009-07-20 72208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaec.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys2e49644d]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys3115e3fc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys462d66b]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldwshd.sys6d2e64e4]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaec.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys2e49644d]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys3115e3fc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys462d66b]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkdwshd.sys6d2e64e4]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdfLoadGroup]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesuTorrentutorrent.exe»=»C:Program FilesuTorrentutorrent.exe:*:Enabled:µTorrent»
«C:WINDOWSsystem32dpnsvr.exe»=»C:WINDOWSsystem32dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«E:GamesCounterhl.exe»=»E:GamesCounterhl.exe:*:Enabled:Half-Life Launcher»
«C:WINDOWSsystem32PnkBstrA.exe»=»C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA»
«C:WINDOWSsystem32PnkBstrB.exe»=»C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB»
«E:GamesFar Cry 2binFarCry2.exe»=»E:GamesFar Cry 2binFarCry2.exe:*:Enabled:Far Cry 2»
«E:GamesFar Cry 2binFC2Launcher.exe»=»E:GamesFar Cry 2binFC2Launcher.exe:*:Enabled:Far Cry 2 Updater»
«E:GamesFar Cry 2binFC2Editor.exe»=»E:GamesFar Cry 2binFC2Editor.exe:*:Enabled:Editor»
«E:GamesTDUexeTestDriveUnlimited.exe»=»E:GamesTDUexeTestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited»
«E:GamesCALLiw3mp.exe»=»E:GamesCALLiw3mp.exe:*:Enabled:Call of Duty(R) 4 — Modern Warfare(TM)»
«E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe»=»E:GamesNeed For Speed Undergroundnfsuclient_alkar.exe:*:Disabled:nfsuclient_alkar»
«E:GamesNeed For Speed Undergroundspeed.exe»=»E:GamesNeed For Speed Undergroundspeed.exe:*:Enabled:speed»
«E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe»=»E:GamesSplinter Cell 2 Pandora Tomorrowpandora.exe:*:Disabled:pandora»
«E:IcqICQ6.5ICQ.exe»=»E:IcqICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesSopCastSopCast.exe»=»C:Program FilesSopCastSopCast.exe:*:Enabled:SopCast Main Application»
«E:GamesCounterhltv.exe»=»E:GamesCounterhltv.exe:*:Enabled:HLTV Launcher»
«C:Program FilesOperaOpera.exe»=»C:Program FilesOperaOpera.exe:*:Enabled:Opera Internet Browser»
«C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe»=»C:Documents and SettingsAdminApplication DataSopCastadvSopAdver.exe:*:Enabled:SopCast Adver»
«E:GamesProEvoSocpes2010.exe»=»E:GamesProEvoSocpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«C:Documents and SettingsAdminРабочий столpes2010.exe»=»C:Documents and SettingsAdminРабочий столpes2010.exe:*:Enabled:Pro Evolution Soccer 2010»
«E:GamesFallout 3Fallout3.exe»=»E:GamesFallout 3Fallout3.exe:*:Enabled:Fallout 3»
«E:GamesDIRT 2dirt2_game.exe»=»E:GamesDIRT 2dirt2_game.exe:*:Enabled:DiRT2»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======File associations======
.scr — open —
.scr — install —
.scr — config —======List of files/folders created in the last 1 months======
2010-03-31 19:43:17 —-A—- C:WINDOWScFosSpeed_Setup_Log.txt
2010-03-28 14:05:05 —-A—- C:WINDOWSsystem32xvidvfw.dll
2010-03-28 14:05:05 —-A—- C:WINDOWSsystem32xvidcore.dll
2010-03-28 14:05:00 —-A—- C:WINDOWSsystem32ff_vfw.dll
2010-03-28 14:04:58 —-D—- C:Program FilesK-Lite Codec Pack
2010-03-27 21:22:08 —-D—- C:Program FilesuTorrent
2010-03-27 21:21:39 —-D—- C:Documents and SettingsAdminApplication DatauTorrent
2010-03-25 20:50:26 —-D—- C:Documents and SettingsAdminApplication DatamIRC
2010-03-25 20:50:25 —-D—- C:Program FilesmIRC
2010-03-18 18:58:01 —-A—- C:WINDOWSsystem32cmd.exe
2010-03-13 17:02:10 —-D—- C:Documents and SettingsAdminApplication DataXilisoft Corporation
2010-03-13 17:01:25 —-D—- C:Program FilesXilisoft
2010-03-13 03:08:43 —-D—- C:Program FilesExtra Video Converter Pro
2010-03-13 02:55:25 —-A—- C:WINDOWSsystem32SkinCrafter.dll
2010-03-13 02:55:24 —-A—- C:WINDOWSsystem32viscomwave.dll
2010-03-13 02:55:24 —-A—- C:WINDOWSsystem32viscomqtde.dll
2010-03-13 02:40:15 —-D—- C:Documents and SettingsAdminApplication DataMOVAVI======List of files/folders modified in the last 1 months======
2010-04-02 16:24:38 —-A—- C:WINDOWSNeroDigital.ini
2010-04-02 13:36:52 —-D—- C:WINDOWStemp
2010-04-02 00:23:32 —-A—- C:WINDOWSSchedLgU.Txt
2010-04-01 20:29:36 —-D—- C:Program FilesABBYY FineReader 9.0
2010-04-01 17:16:32 —-D—- C:Program FilesSteam
2010-04-01 16:59:15 —-D—- C:WINDOWSsystem32CatRoot2
2010-03-31 23:54:10 —-D—- C:WINDOWS
2010-03-31 20:12:04 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2010-03-31 20:11:13 —-D—- C:WINDOWSsystem32drivers
2010-03-31 20:05:19 —-D—- C:Program Files
2010-03-31 20:05:10 —-HD—- C:WINDOWSinf
2010-03-31 20:05:00 —-D—- C:WINDOWSsystem32
2010-03-30 16:59:40 —-D—- C:Program FilesHfs
2010-03-28 22:28:06 —-SHD—- C:RECYCLER
2010-03-28 13:58:36 —-D—- C:Program FilesUnlocker
2010-03-28 13:14:01 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-03-28 12:53:32 —-D—- C:Documents and SettingsAdminApplication DataICQ
2010-03-28 12:50:31 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2010-03-27 21:44:26 —-D—- C:Program FilesDownload Master
2010-03-26 18:11:18 —-D—- C:Documents and SettingsAdminApplication DataSkype
2010-03-26 18:09:47 —-D—- C:Documents and SettingsAdminApplication DataskypePM
2010-03-25 19:31:57 —-D—- C:WINDOWSMinidump
2010-03-24 00:27:02 —-D—- C:Program FilesOpera
2010-03-20 10:48:35 —-A—- C:WINDOWSwin.ini
2010-03-18 18:54:17 —-D—- C:Program FilesSpybot — Search & Destroy
2010-03-18 18:53:24 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
2010-03-14 18:53:12 —-D—- C:WINDOWSl2schemas
2010-03-14 18:53:03 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2010-03-14 18:35:03 —-D—- C:Program FilesInternet Explorer
2010-03-13 02:51:06 —-SHD—- C:WINDOWSInstaller
2010-03-07 16:28:31 —-D—- C:Program FilesNokia
2010-03-06 13:46:27 —-D—- C:WINDOWSSxsCaPendDel
2010-03-06 13:45:46 —-D—- C:WINDOWSWinSxS
2010-03-06 13:44:28 —-D—- C:WINDOWSsystem32DirectX
2010-03-05 18:47:22 —-SD—- C:WINDOWSTasks
2010-03-05 18:45:29 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2010-03-04 23:02:44 —-D—- C:Program FilesCommon FilesScanner
2010-03-04 10:19:44 —-D—- C:Program FilesAdobe
2010-03-03 16:01:22 —-D—- C:WINDOWSrepair======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 43520]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 EIO;EIO; ??C:WINDOWSsystem32driversEIO.sys []
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-02-06 93336]
R1 kbdhid;Драйвер клавиатуры HID; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:WINDOWSSystem32driversprodrv06.sys [2004-10-07 80576]
R1 uzg4njgz;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzg4njgz.sys []
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-02-06 113448]
R2 LBeepKE;LBeepKE; C:WINDOWSSystem32DriversLBeepKE.sys [2009-06-17 10384]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2006-12-04 62336]
R3 AmdLLD;AMD Low Level Device Driver; C:WINDOWSsystem32DRIVERSAmdLLD.sys [2006-11-01 33280]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2009-12-12 4525056]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversAtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-01-03 4412928]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:WINDOWSsystem32DRIVERSLHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLMouFilt.Sys [2009-06-17 37392]
R3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2007-06-28 20480]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2008-04-07 10368]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
S3 a8lng88l;a8lng88l; C:WINDOWSsystem32driversa8lng88l.sys []
S3 ad04hdi9;ad04hdi9; C:WINDOWSsystem32driversad04hdi9.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:WINDOWSsystem32driversasusgsb.sys [2007-07-12 12416]
S3 catchme;catchme; ??C:DOCUME~1AdminLOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption декодер; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; ??F:INSTALLGMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2009-09-28 25280]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:WINDOWSSystem32DriversLUsbFilt.Sys [2009-06-17 28560]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 PAC7302;iLook 310; C:WINDOWSsystem32DRIVERSPAC7302.SYS [2007-10-29 458112]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:WINDOWSsystem32DRIVERSs816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSs816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSs816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSs816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:WINDOWSsystem32DRIVERSs816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSs816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:WINDOWSsystem32DRIVERSs816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DaulCamera; C:WINDOWSSystem32DriversCapt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbaudio;Аудио драйвер USB (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
S3 Video3D;ASUS Video3D Service; C:WINDOWSSystem32DriversVideo3D32.sys []
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2007-06-18 38528]
S3 WSTCODEC;World Standard Teletext кодек; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2007-06-18 82944]
S4 dwshd;dwshd; C:WINDOWSSystem32driversdwshd.sys []
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sfc;sfc; C:WINDOWSsystem32driverssfc.sys []
S4 sr;Драйвер фильтра восстановления системы; C:WINDOWSsystem32DRIVERSsr.sys [2008-04-14 73472]
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-18 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:Program FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [2008-10-27 759072]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2009-12-11 602112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe [2009-08-16 222968]
R2 matlabserver;MATLAB Server; C:MATLAB6p5webserverbinwin32matlabserver.exe [2002-06-18 503808]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2009-07-01 75064]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S3 aspnet_state;Служба состояний ASP.NET; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-06-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2008-06-08 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe [2009-07-20 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-06-08 441344]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2008-06-08 145408]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2008-06-08 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
EOF
log . info:
info.txt logfile of random’s system information tool 1.06 2010-02-22 13:40:14
======Uninstall list======
—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {744C859F-C225-48A9-A524-4DED432F36C7}
—>MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 9.0 Professional Edition—>MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
ACDSee 9 Photo Manager—>MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Ad-Aware SE Personal—>C:PROGRA~1LavasoftAD-AWA~1UNWISE.EXE C:PROGRA~1LavasoftAD-AWA~1INSTALL.LOG
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Setup—>MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player—>C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.2—>MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks Runtime—>C:WINDOWSIsUninst.exe -f»C:Program FilesWexTechAnswerWorksUninst.isu»
Assassins Creed—>»E:GamesAssassins Creedunins000.exe»
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AusLogics Disk Defrag—>»C:Program FilesAusLogics Disk Defragunins000.exe»
Autodesk DWF Viewer—>C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove
Background changer 2.0.8.0—>»C:Program FilesBackground changerunins000.exe»
Call of Duty — Modern Warfare 2—>»E:GamesCall of Duty — Modern Warfare 2unins000.exe»
Call of Duty(R) 4 — Modern Warfare(TM) 1.6 Patch—>C:Program FilesInstallShield Installation Information{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 — Modern Warfare(TM)—>C:Program FilesInstallShield Installation Information{E48469CC-635E-4FD5-A122-1497C286D217}setup.exe -runfromtemp -l0x0409
Catalyst Control Center — Branding—>MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA}
CCleaner (remove only)—>»C:Program FilesCCleaneruninst.exe»
Ccleaner 2.03.532—>»C:Program FilesCcleanerunins000.exe»
Counter-Strike 1.6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime90Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{13B792AA-C078-43A4-8A3A-8B12D629940D}Setup.exe» -l0x19
Counter-Strike Steamworks Beta—>»C:Program FilesSteamsteam.exe» steam://uninstall/150
Counter-Strike(TM)—>MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike—>»C:Program FilesSteamsteam.exe» steam://uninstall/10
Crawler Toolbar with Web Security Guard—>C:PROGRA~1CrawlerToolbarCToolbar.exe uninst
Daemon Tools LIte—>»C:Program FilesDaemon Tools LiteUninst.exe»
Dead Space™—>MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
DiRT2—>»C:Program FilesInstallShield Installation Information{52D1D62C-FEAB-4580-849E-1DB624BADBBD}setup.exe» -runfromtemp -l0x0009 -removeonly
Disc2Phone—>MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
Download Master version 5.6.1.1185—>»C:Program FilesDownload Masterunins000.exe»
Dual-Core Optimizer—>MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
EA SPORTS online 2008—>C:Program FilesEA SPORTSEA SPORTS onlineEASOUNInstaller.exe
EAX Unified—>C:WINDOWSIsUninst.exe -f»C:Program FilesCreativeEAX UnifiedUninst.isu»
eBay Icon—>C:Documents and SettingsAdminApplication DataDesktopiconuninst.exe
Etymonix SoftReel—>C:WINDOWSISUNINST.EXE -f»C:Program FilesEtymonixSoftReelUninst.isu» -c»C:Program FilesEtymonixSoftReeliscustom.dll»
Far Cry 2—>»C:Program FilesInstallShield Installation Information{F2835483-37F2-4123-B4FE-0E77D58447F2}setup.exe» -runfromtemp -l0x0009 -removeonly
FAR file manager—>C:Program FilesFarUninstall.exe
FIFA 2008—>»E:GamesFIFA 2008unins000.exe»
Foxit Reader 2.2 — DJ Mogarych’s pack—>»C:Program FilesFoxit Readerunins000.exe»
Grand Theft Auto IV v1.0.3.1—>»E:GamesGrand Theft Auto IVunins000.exe»
Guitar Pro 4.0—>C:PROGRA~1GUITAR~1UNWISE.EXE C:PROGRA~1GUITAR~1INSTALL.LOG
Hamachi 1.0.3.0—>C:Program FilesHamachiuninstall.exe
HijackThis 2.0.2—>»C:програмHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
ICE Book Reader Professional v8.9.2 Russian—>»C:Program FilesICE Book Reader Professional Russianunins000.exe»
ICQ Toolbar—>C:Program FilesICQ6ToolbarICQUnToolbar.exe
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
iLook 310—>»C:Program FilesInstallShield Installation Information{7EF900F4-61A8-4D95-8A65-488D3BECA206}setup.exe» -runfromtemp -l0x0019 -removeonly
iSnooker—>E:GamesснукерiSnookerUninstall.exe
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.4.0 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
LClock—>C:Program FilesLClockUninstall.exe
Light Alloy 4.3—>C:Program FilesLight Alloyuninst.exe
Ligos Indeo XP v.5.2 codec—>RunDLL32.exe advpack.dll,LaunchINFSection indeoxp.inf, UnInstall
Mathcad 11 Enterprise Edition—>MsiExec.exe /I{DE4386F2-ECDE-493E-B8BE-9861A9A7D069}
MATLAB 6.5—>C:MATLAB6p5uninstalluninstall.exe C:MATLAB6p5
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{34AB2437-1B34-3E2D-9DE8-3E2D35335B3F}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{CFF15B94-E062-3701-869A-4CDF4590461E}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack — rus—>MsiExec.exe /I{95E44F11-19F0-39EA-A894-792E054AA1CF}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows — LIVE—>MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Standard 2007—>MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Стандартный 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall STANDARD /dll OSETUP.DLL
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows Media Video 9 VCM—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFwmv9vcm.inf, Uninstall
Movavi Видео Конвертер 9—>MsiExec.exe /I{A6B4FD51-7721-4E66-8EB0-0A904E22B14C}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)—>MsiExec.exe /I{8FCE7820-08DF-4663-AF5B-B190EF387C4B}
MyDsc2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{83D96ED0-98AA-4515-8DDC-816F3EFDD104}Setup.exe» -l0x9
Need For Speed Underground 2—>»C:GamesNeed For Speed Underground 2unins000.exe»
Need For Speed Underground—>E:GamesNEEDFO~1UNWISE.EXE E:GamesNEEDFO~1INSTALL.LOG
Nero 6—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver—>MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
NVIDIA Drivers—>C:WINDOWSsystem32nvunrm.exe UninstallGUI
NVIDIA PhysX—>MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OpenAL—>»C:Program FilesOpenALOpenALwEAX.exe» /U
Paint.NET v3.20—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFPaintDN.inf,Uninstall
PC Connectivity Solution—>MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PunkBuster Services—>C:WINDOWSsystem32pbsvc.exe -u
QIP.Online—>C:Program FilesQIP.OnlineUninstall.exe
RadioClicker LITE—>»C:Program FilesRadioClicker LITEunins000.exe»
RadioClicker PRO—>»C:Program FilesRadioClicker PROunins000.exe»
Rapture3D 2.3.22 Game—>»C:Program FilesBRSunins000.exe»
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}setup.exe» -l0x19 -removeonly
Right Click Image Converter—>»C:Program FilesKristanixRight Click Image Converteruninstall.exe»
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB958437)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Office 2007 (KB936514)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Outlook 2007 (KB946983)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sina Web TV—>C:PROGRA~1sinaSINAWE~1302~1.9BEUNWISE.EXE C:PROGRA~1sinaSINAWE~1302~1.9BEInstall.LOG
Skype™ 4.1—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SMSDV v.1.6.b (22 сен 2007г.)—>»C:Program FilesSMSDVunins000.exe»
SnagIt 8—>MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sony Ericsson Device Data—>MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers—>MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite—>C:WINDOWSInstaller{D6BF6477-8369-489F-8DE6-3731F4B88560}setup.exe /uninstall
Sony Ericsson PC Suite—>MsiExec.exe /I{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}
SopCast 1.1.2—>C:Program FilesSopCastuninst.exe
Steam(TM)—>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Test Drive Unlimited—>C:Program FilesInstallShield Installation Information{8B43248F-5FAA-40CE-978E-95D3C5F12355}setup.exe
TV Player Classic 5.1—>»C:Program FilesTVPlayerClassicunins000.exe»
TVUPlayer 2.4.0.1—>C:Program FilesTVUPlayeruninst.exe
UltraISO Premium (only 32bit) V8.6.5.2160 Rus—>»C:Program FilesUltraISOunins000.exe»
Undelete Plus 2.94—>»C:Program FilesTouchStoneSoftwareUndeletePlusunins000.exe»
Uniblue RegistryBooster 2009—>»C:Documents and SettingsAll UsersApplication Data{92E7A367-8E12-4830-AA70-29C32E331A81}Uniblue RegistryBooster.exe» REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009—>C:Documents and SettingsAll UsersApplication Data{92E7A367-8E12-4830-AA70-29C32E331A81}Uniblue RegistryBooster.exe
Uninstall Tool—>»C:Program FilesUninstall Toolunins000.exe»
Unlocker 1.8.8—>C:Program FilesUnlockeruninst.exe
Update for Office 2007 (KB934391)—>msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Player Firefox Plugin—>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Xfire (remove only)—>»C:Program FilesXfireuninst.exe»
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
XviD MPEG-4 Video Codec—>C:WINDOWSsystem32rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:WINDOWSINFxvid.inf
АвтоСправочник—>C:WINDOWSuninst.exe -f»C:Program FilesAutoDealerFreewareDeIsL1.isu» -c»C:Program FilesAutoDealerFreeware_ISREG32.DLL»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Боковая панель Windows—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFSidebar.inf,DefaultUnInstall
Исправление для Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Казаки — Снова Война—>C:WINDOWSuna2setup.exe
Обновление безопасности для Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 11 — (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Обновление для Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Обновление для Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Пакет драйверов Windows — Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)—>C:PROGRA~1DIFX7B44739871F4D539FA473F57A832EA4B6A59EF06DPInst.exe /d /u C:WINDOWSsystem32DRVSTOREamdk8_5F4DE5B38BD0C6463F94F7534C8C84D5EACE412Damdk8.inf
Пакет драйверов Windows — Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4pccswpddriver.inf
Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293Bpccs_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (02/15/2007 3.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccs_bluet_F12A08B6F776984A95553486F64C541356F86E38pccs_bluetooth.inf
Преферанс—>»C:Program FilesBukaPreferenceuninstall.exe»
Снукер v1.2—>»C:Program Filesabsolutist.ruСнукерunins000.exe»
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»
Удалить Winamp—>»C:Program FilesWinampunins000.exe»
Языковой пакет Microsoft .NET Framework 3.5 — RUS—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack — russetup.exe=====HijackThis Backups=====
R3 — URLSearchHook: (no name) — — (no file) [2009-11-28]
O20 — AppInit_DLLs: C:WINDOWSsystem32zsfwz.dll [2009-11-28]Hosts File Missing
======Security center information======AV: ESET NOD32 Antivirus 4.0 (outdated)
FW: AGAVA Firewall (disabled)======System event log======
Computer Name: MICROSOF-561F28
Event Code: 104
Message: Ошибка в процессе инициализации восстановления системы.Record Number: 31163
Source Name: SRService
Time Written: 20100129191350.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 4226
Message: Достигнут предел безопасности для TCP/IP, налагаемый на количество попыток одновременных TCP-подключений.Record Number: 31157
Source Name: Tcpip
Time Written: 20100129174721.000000+120
Event Type: warning
User:Computer Name: MICROSOF-561F28
Event Code: 7023
Message: Служба «Служба восстановления системы» завершена из-за ошибки
Не удается найти указанный файл.Record Number: 31124
Source Name: Service Control Manager
Time Written: 20100129094825.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 104
Message: Ошибка в процессе инициализации восстановления системы.Record Number: 31121
Source Name: SRService
Time Written: 20100129094756.000000+120
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 4226
Message: Достигнут предел безопасности для TCP/IP, налагаемый на количество попыток одновременных TCP-подключений.Record Number: 31116
Source Name: Tcpip
Time Written: 20100128223002.000000+120
Event Type: warning
User:=====Application event log=====
Computer Name: MICROSOF-561F28
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.Record Number: 5164
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090920183349.000000+180
Event Type: warning
User:Computer Name: MICROSOF-561F28
Event Code: 1020
Message: Обновление до метабазы IIS было прервано, так как на этом компьютере IIS либо не установлен, либо отключен. Чтобы настроить ASP.NET для выполнения в IIS, установите или включите IIS и повторно зарегистрируйте ASP.NET командой aspnet_regiis.exe /i.Record Number: 5147
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090920183232.000000+180
Event Type: warning
User:Computer Name: MICROSOF-561F28
Event Code: 1517
Message: Реестр пользователя MICROSOF-561F28Admin был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.
Record Number: 5081
Source Name: Userenv
Time Written: 20090918151058.000000+180
Event Type: warning
User: NT AUTHORITYSYSTEMComputer Name: MICROSOF-561F28
Event Code: 0
Message:
Record Number: 5077
Source Name: matlabserver
Time Written: 20090917225631.000000+180
Event Type: error
User:Computer Name: MICROSOF-561F28
Event Code: 1013
Message: Product: Wolfenstein — This installation cannot be run by directly launching the MSI package. You must run setup.exe.Record Number: 4934
Source Name: MsiInstaller
Time Written: 20090820124350.000000+180
Event Type: error
User: MICROSOF-561F28Admin======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC;C:MATLAB6P5BINWIN32;C:Program FilesCommon FilesAutodesk Shared;;C:PROGRA~1COMMON~1AUTODE~1;C:Program FilesCommon FilesTeleca Shared
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=6b02
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«cdrom»=F:
EOF
