Созданные ответы форума
-
Сообщения
-
Проблемы с трафиком заметил в январе, заменил KIS 7 на KIS 2009, ничено не изменилось, в начале февраля установил НОД 32, то же самое.
Посылал вчера появляющиеся зараженные файлы в службу поддержки AVIRA? вот ответ:
Dear Sir or Madam,Thank you for your email to Avira’s virus lab.
Tracking number: INC00264753.We received the following archive files:
File ID Filename Size (Byte) Result
25264491 326.15 KB OKA listing of files contained inside archives alongside their results can be found below:
File ID Filename Size (Byte) Result
25264492 idzzwl.exe 328.78 KB MALWARE
4039214 khs 0 Byte KNOWN CLEANPlease find a detailed report concerning each individual sample below:
Filename Result
idzzwl.exe MALWAREThe file ‘idzzwl.exe’ has been determined to be ‘MALWARE’. Our analysts named the threat TR/Onlinegames.A3. The term «TR/» denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.01.01.57.
Filename Result
khs KNOWN CLEANThe file ‘khs’ has been determined to be ‘KNOWN CLEAN’. In particular this means that we could not find any malicious content. Please note that the file is part of ‘Microworld Technologies mailscan administrator 4.0.1.0’.
Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=cm0yGrcEZZgJ3HBQM2xGhMIftxvNWzXh&incidentid=264753An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=cm0yGrcEZZgJ3HBQM2xGhMIftxvNWzXhWe recommend to use our upload form for further submissions. In case the result is known it will be shown in realtime to you. Furthermore files which are considered to be false positive suspictions can only be submitted using this method. http://analysis.avira.com/samples/index.php?lang=en
Please note: The detection of Spy/Adware is not available in the product «AntiVir PersonalEdition Classic». Please address specific questions to support@avira.com
Kind regards
Avira Virus Lab
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.comCEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
а вот GMER log:
GMER 1.0.14.14536 — http://www.gmer.net
Rootkit scan 2009-02-18 21:33:06
Windows 5.1.2600 Service Pack 2—- System — GMER 1.0.14 —-
SSDT sptd.sys ZwCreateKey [0xF73F10D0]
SSDT F7CCD1BC ZwCreateThread
SSDT sptd.sys ZwEnumerateKey [0xF73F6FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF73F7340]
SSDT sptd.sys ZwOpenKey [0xF73F10B0]
SSDT F7CCD1A8 ZwOpenProcess
SSDT F7CCD1AD ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF73F7418]
SSDT ??C:WINDOWSTEMPASFWHide ZwQuerySystemInformation [0xF703E486]
SSDT sptd.sys ZwQueryValueKey [0xF73F7298]
SSDT sptd.sys ZwSetValueKey [0xF73F74AA]
SSDT ??C:WINDOWSTEMPASFWHide ZwTerminateProcess [0xF703E6DA]
SSDT F7CCD1B2 ZwWriteVirtualMemory—- Kernel code sections — GMER 1.0.14 —-
.text ntkrnlpa.exe!ZwCallbackReturn + 25FA 8050161A 2 Bytes [ 3F, F7 ]
? C:WINDOWSsystem32driverssptd.sys Процесс не может получить доступ к файлу, так как этот файл занят другим процессом.
.text USBPORT.SYS!DllUnload F6E3C80C 5 Bytes JMP 867D21C8—- Kernel IAT/EAT — GMER 1.0.14 —-
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73F1AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73F1C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73F1B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73F2748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73F261E] sptd.sys—- Devices — GMER 1.0.14 —-
Device FileSystemFastfat FatCdrom 867D11E8
Device DriverNetBT DeviceNetBT_Tcpip_{2BFE5683-E690-40B1-97F6-168E9B7E452B} 86495618
Device DriverNetBT DeviceNetBT_Tcpip_{1618FC0E-C5C6-42DD-B18D-87F3A770FB9C} 86495618
Device Driverusbuhci DeviceUSBPDO-0 8623B1E8
Device Driverusbuhci DeviceUSBPDO-1 8623B1E8
Device Driverdmio DeviceDmControlDmIoDaemon 867661E8
Device Driverdmio DeviceDmControlDmConfig 867661E8
Device Driverdmio DeviceDmControlDmPnP 867661E8
Device Driverdmio DeviceDmControlDmInfo 867661E8
Device Driverusbehci DeviceUSBPDO-2 861803D0
Device Driverusbuhci DeviceUSBPDO-3 8623B1E8
Device Driverusbuhci DeviceUSBPDO-4 8623B1E8
Device Driverusbuhci DeviceUSBPDO-5 8623B1E8
Device Driverusbstor Device�0000070 863FE1E8
Device Driverusbuhci DeviceUSBPDO-6 8623B1E8
Device DriverFtdisk DeviceHarddiskVolume1 867D41E8AttachedDevice DriverFtdisk DeviceHarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
Device Driverusbehci DeviceUSBPDO-7 861803D0
Device Driverusbstor Device�0000071 863FE1E8
Device DriverFtdisk DeviceHarddiskVolume2 867D41E8AttachedDevice DriverFtdisk DeviceHarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
Device Driverusbstor Device�0000072 863FE1E8
Device DriverCdrom DeviceCdRom0 861771E8
Device DriverFtdisk DeviceHarddiskVolume3 867D41E8AttachedDevice DriverFtdisk DeviceHarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
Device Driverusbstor Device�0000073 863FE1E8
Device Driveratapi DeviceIdeIdePort0 867D31E8
Device Driveratapi DeviceIdeIdeDeviceP0T0L0-3 867D31E8
Device Driveratapi DeviceIdeIdePort1 867D31E8
Device Driveratapi DeviceIdeIdeDeviceP1T0L0-e 867D31E8
Device Driverusbstor Device�0000074 863FE1E8
Device Driverusbstor Device�0000075 863FE1E8
Device DriverNetBT DeviceNetBt_Wins_Export 86495618
Device DriverNetBT DeviceNetbiosSmb 86495618
Device Driverusbuhci DeviceUSBFDO-0 8623B1E8
Device Driverusbuhci DeviceUSBFDO-1 8623B1E8
Device FileSystemMRxSmb DeviceLanmanDatagramReceiver 86390790
Device Driverusbehci DeviceUSBFDO-2 861803D0
Device Driverusbuhci DeviceUSBFDO-3 8623B1E8
Device FileSystemMRxSmb DeviceLanmanRedirector 86390790
Device DriverFtdisk DeviceFtControl 867D41E8
Device Driverusbuhci DeviceUSBFDO-4 8623B1E8
Device Driverusbuhci DeviceUSBFDO-5 8623B1E8
Device Driverusbuhci DeviceUSBFDO-6 8623B1E8
Device Driverusbehci DeviceUSBFDO-7 861803D0
Device Driverviasraid DeviceScsiviasraid1 867651E8
Device Driverviasraid DeviceScsiviasraid1Port2Path0Target0Lun0 867651E8
Device FileSystemFastfat Fat 867D11E8AttachedDevice FileSystemFastfat Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device FileSystemCdfs Cdfs 8658D2A8
—- Registry — GMER 1.0.14 —-
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �?4;�0404=484@4>�0424I484:�0404 �?�0404:�0454B4>�0424 1?2?3?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�L�002�T�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�T�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�P�o�E�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 �?�0404@�0404;4;�0454;4L4=4K494 �?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�I�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@#4A4B4@4>494A4B�0424>4 �B�l�u�e�t�o�o�t�h� �(�?4@4>4B4>4:4>4;4 �R�F�C�O�M�M� �T�D�I�) 1?
Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys�00272c284d8
Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys�00272c284d8@0012ee86b8bf 0xE9 0x31 0xB3 0x8E …
Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys�00272c284d8@0018132de689 0xCF 0xC7 0x38 0x43 …
Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys�00272c284d8@001f015dc9bf 0xE9 0x15 0xC4 0xED …
Reg HKLMSYSTEMCurrentControlSetServiceslanmanserverShares@244>4:4C4<�0454=4B4K4 CSCFlags=0?MaxUses=4294967295?Path=D:??????????Permissions=0?Remark=?Type=0?
Reg HKLMSYSTEMCurrentControlSetServiceslanmanserverShares@2248�044�0454>4 CSCFlags=0?MaxUses=4294967295?Path=E:??????Permissions=0?Remark=?Type=0?
Reg HKLMSYSTEMCurrentControlSetServiceslanmanserverShares@374@484=4B�0454@�042 CSCFlags=0?MaxUses=4294967295?Path=Microsoft XPS Document Writer,LocalsplOnly?Permissions=0?Remark=Microsoft XPS Document Writer?Type=1?
Reg HKLMSYSTEMCurrentControlSetServiceslanmanserverShares@374@484=4B�0454@�043 CSCFlags=0?MaxUses=4294967295?Path=HP Deskjet 3740 Series,LocalsplOnly?Permissions=0?Remark=HP Deskjet 3740 Series?Type=1?
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools
Reg HKLMSYSTEMCurrentControlSetServicesSysmonLogLog Queries{38852fd1-67dd-4c91-8be3-775bebb09db1}@204B4@48�0414C4B4K4 �E4@�0404=�0454=484O4 �004�0404=4=4K4E4 33
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �?4;�0404=484@4>�0424I484:�0404 �?�0404:�0454B4>�0424 1?2?3?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�L�002�T�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�T�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�P�o�E�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 �?�0404@�0404;4;�0454;4L4=4K494 �?4>4@4B4 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�I�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@#4A4B4@4>494A4B�0424>4 �B�l�u�e�t�o�o�t�h� �(�?4@4>4B4>4:4>4;4 �R�F�C�O�M�M� �T�D�I�) 1?
Reg HKLMSYSTEMControlSet002ServicesBTHPORTParametersKeys�00272c284d8
Reg HKLMSYSTEMControlSet002ServicesBTHPORTParametersKeys�00272c284d8@0012ee86b8bf 0xE9 0x31 0xB3 0x8E …
Reg HKLMSYSTEMControlSet002ServicesBTHPORTParametersKeys�00272c284d8@0018132de689 0xCF 0xC7 0x38 0x43 …
Reg HKLMSYSTEMControlSet002ServicesBTHPORTParametersKeys�00272c284d8@001f015dc9bf 0xE9 0x15 0xC4 0xED …
Reg HKLMSYSTEMControlSet002ServiceslanmanserverShares@244>4:4C4<�0454=4B4K4 CSCFlags=0?MaxUses=4294967295?Path=D:??????????Permissions=0?Remark=?Type=0?
Reg HKLMSYSTEMControlSet002ServiceslanmanserverShares@2248�044�0454>4 CSCFlags=0?MaxUses=4294967295?Path=E:??????Permissions=0?Remark=?Type=0?
Reg HKLMSYSTEMControlSet002ServiceslanmanserverShares@374@484=4B�0454@�042 CSCFlags=0?MaxUses=4294967295?Path=Microsoft XPS Document Writer,LocalsplOnly?Permissions=0?Remark=Microsoft XPS Document Writer?Type=1?
Reg HKLMSYSTEMControlSet002ServiceslanmanserverShares@374@484=4B�0454@�043 CSCFlags=0?MaxUses=4294967295?Path=HP Deskjet 3740 Series,LocalsplOnly?Permissions=0?Remark=HP Deskjet 3740 Series?Type=1?
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0 C:Program FilesDAEMON Tools
Reg HKLMSYSTEMControlSet002ServicesSysmonLogLog Queries{38852fd1-67dd-4c91-8be3-775bebb09db1}@204B4@48�0414C4B4K4 �E4@�0404=�0454=484O4 �004�0404=4=4K4E4 33
Reg HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced@354>�0424K494 �?�0404@�0404<�0454B4@4 �#�001 0 —- EOF — GMER 1.0.14 —-Добавлю: файлы с разными названиями появляются посте того как происходит отправка и получение чего-то в течении 10-15 сек со скоростью до 100кБ/сек
c:documents and settings
c:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsc:documents and settingsscan completed successfully
hidden files: 2768**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(940)
c:windowssystem32SETUPAPI.dll
c:windowssystem32cscui.dll
c:windowssystem32COMRes.dll— — — — — — — > ‘lsass.exe'(996)
c:windowssystem32relog_ap.dll
c:windowssystem32SETUPAPI.dll
c:program filesAshampooAshampoo FireWallspi.dll
.
Other Running Processes
.
c:program filesAviraAntiVir PersonalEdition Classicsched.exe
c:program filesCommon FilesAcronisSchedule2schedul2.exe
c:program filesAviraAntiVir PersonalEdition Classicavguard.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32rundll32.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-16 20:44:09 — machine was rebooted
ComboFix-quarantined-files.txt 2009-02-16 13:44:08Pre-Run: 12 203 950 080 байт свободно
Post-Run: 12,251,414,528 байт свободно2337
Повторюсь
Теперь дополнительно к тому что так же появляются файлы в папке «общие документы», на которых ругается Avira обзывая их тряном, выскакивает ошибка что память не может быть «written» проводник виснет, так что не запускается диспетчер задач.c:windowssystem32wbemRepository
c:windowssystem32wbemRepositoryFS
c:windowssystem32wbemRepositoryFSMAPPING1.MAP 16384 bytes
c:windowssystem32wbemRepositoryFSMAPPING2.MAP 16384 bytes
c:windowssystem32wbemRepositoryFSMAPPING.VER 16384 bytes
c:windowssystem32wbemRepositoryFSINDEX.MAP 16384 bytes
c:windowssystem32wbemRepositoryFSOBJECTS.MAP 16384 bytes
c:windowssystem32wbemRepositoryFSOBJECTS.DATA 10993664 bytes
c:windowssystem32wbemRepositoryFSINDEX.BTR 1425408 bytes
c:windowssystem32wbemRepository$WinMgmt.CFG 16384 bytes
c:windowssystem32wbemmof
c:windowssystem32wbemmofbad
c:windowssystem32wbemmofgood
c:windowssystem32wbemxml
c:windowssystem32wbemxmlcim20.dtd 16384 bytes
c:windowssystem32wbemxmlwmi20.dtd 16384 bytes
c:windowssystem32wbemxmlwmi2xml.dll 49152 bytes
c:windowssystem32wbemLogs
c:windowssystem32wbemLogsFrameWork.log 16384 bytes
c:windowssystem32wbemLogssetup.log 16384 bytes
c:windowssystem32wbemLogsmofcomp.log 16384 bytes
c:windowssystem32wbemLogsreplog.log 16384 bytes
c:windowssystem32wbemLogswbemcore.log 16384 bytes
c:windowssystem32wbemLogswmiprov.log 32768 bytes
c:windowssystem32wbemLogswbemprox.log 65536 bytes
c:windowssystem32wbemLogswmiadap.log 16384 bytes
c:windowssystem32wbemLogsWinMgmt.log 16384 bytes
c:windowssystem32wbemLogswbemess.lo_ 81920 bytes
c:windowssystem32wbemLogswbemess.log 49152 bytes
c:windowssystem32wbemdgnet.mof 16384 bytes
c:windowssystem32wbemevntrprv.mof 16384 bytes
c:windowssystem32wbemCmdEvTgProv.mof 16384 bytes
c:windowssystem32wbemhnetcfg.mof 32768 bytes
c:windowssystem32wbemieinfo5.mof 49152 bytes
c:windowssystem32wbemrsop.mfl 294912 bytes
c:windowssystem32wbemscersop.mof 16384 bytes
c:windowssystem32wbemsr.mof 16384 bytes
c:windowssystem32wbemwhqlprov.mof 32768 bytes
c:windowssystem32wbemevntrprv.dll 32768 bytes
c:windowssystem32wbemCmdEvTgProv.dll 49152 bytes
c:windowssystem32wbemrsop.mof 98304 bytes
c:windowssystem32wbemwbemperf.dll 49152 bytes
c:windowssystem32wbemwscenter.mof 16384 bytes
c:windowssystem32wbemcimwin32.dll 1359872 bytes
c:windowssystem32wbemcsv.xsl 16384 bytes
c:windowssystem32wbemesscli.dll 262144 bytes
c:windowssystem32wbemfastprox.dll 475136 bytes
c:windowssystem32wbemframedyn.dll 196608 bytes
c:windowssystem32wbemhform.xsl 16384 bytes
c:windowssystem32wbemhtable.xsl 16384 bytes
c:windowssystem32wbemkrnlprov.dll 32768 bytes
c:windowssystem32wbemmof.xsl 16384 bytes
c:windowssystem32wbemmofcomp.exe 32768 bytes
c:windowssystem32wbemmofd.dll 131072 bytes
c:windowssystem32wbemncprov.dll 49152 bytes
c:windowssystem32wbemntevt.dll 212992 bytes
c:windowssystem32wbempolicman.dll 98304 bytes
c:windowssystem32wbemprovthrd.dll 245760 bytes
c:windowssystem32wbemrawxml.xsl 16384 bytes
c:windowssystem32wbemrepdrvfs.dll 180224 bytes
c:windowssystem32wbemscrcons.exe 49152 bytes
c:windowssystem32wbemstdprov.dll 98304 bytes
c:windowssystem32wbemtexttable.xsl 16384 bytes
c:windowssystem32wbemtextvaluelist.xsl 16384 bytes
c:windowssystem32wbemviewprov.dll 147456 bytes
c:windowssystem32wbemwbemcntl.dll 212992 bytes
c:windowssystem32wbemwbemcomn.dll 229376 bytes
c:windowssystem32wbemwbemcons.dll 81920 bytes
c:windowssystem32wbemwbemcore.dll 540672 bytes
c:windowssystem32wbemwbemdisp.dll 180224 bytes
c:windowssystem32wbemwbemess.dll 278528 bytes
c:windowssystem32wbemwbemprox.dll 32768 bytes
c:windowssystem32wbemwbemsvc.dll 49152 bytes
c:windowssystem32wbemwbemtest.exe 131072 bytes
c:windowssystem32wbemwbemupgd.dll 212992 bytes
c:windowssystem32wbemwmiadap.exe 196608 bytes
c:windowssystem32wbemwmiapres.dll 16384 bytes
c:windowssystem32wbemwmiaprpl.dll 98304 bytes
c:windowssystem32wbemwmiapsrv.exe 131072 bytes
c:windowssystem32wbemwmic.exe 376832 bytes
c:windowssystem32wbemwmicookr.dll 65536 bytes
c:windowssystem32wbemwmidcprv.dll 147456 bytes
c:windowssystem32wbemwmipcima.dll 163840 bytes
c:windowssystem32wbemwmipdskq.dll 147456 bytes
c:windowssystem32wbemwmipiprt.dll 65536 bytes
c:windowssystem32wbemwmipjobj.dll 65536 bytes
c:windowssystem32wbemwmiprov.dll 147456 bytes
c:windowssystem32wbemwmiprvsd.dll 442368 bytes
c:windowssystem32wbemwmiprvse.exe 229376 bytes
c:windowssystem32wbemwmipsess.dll 49152 bytes
c:windowssystem32wbemwmisvc.dll 147456 bytes
c:windowssystem32wbemwmiutils.dll 98304 bytes
c:windowssystem32wbemxml.xsl 16384 bytes
c:windowssystem32wbemxsl-mappings.xml 16384 bytes
c:windowssystem32wbemcimwin32.mfl 1998848 bytes
c:windowssystem32wbemcimwin32.mof 2785280 bytes
c:windowssystem32wbemcli.mof 32768 bytes
c:windowssystem32wbemcliegaliases.mfl 49152 bytes
c:windowssystem32wbemcliegaliases.mof 2572288 bytes
c:windowssystem32wbemlicwmi.mfl 16384 bytes
c:windowssystem32wbemlicwmi.mof 16384 bytes
c:windowssystem32wbemwmi.mof 16384 bytes
c:windowssystem32wbemtscfgwmi.mof 114688 bytes
c:windowssystem32wbemtscfgwmi.mfl 65536 bytes
c:windowssystem32wbemdsprov.dll 131072 bytes
c:windowssystem32wbemfwdprov.dll 65536 bytes
c:windowssystem32wbemhtable-sortby.xsl 16384 bytes
c:windowssystem32wbemmsiprov.dll 278528 bytes
c:windowssystem32wbemsmtpcons.dll 49152 bytes
c:windowssystem32wbemtexttablewsys.xsl 16384 bytes
c:windowssystem32wbemtmplprov.dll 65536 bytes
c:windowssystem32wbemtrnsprov.dll 65536 bytes
c:windowssystem32wbemunsecapp.exe 32768 bytes
c:windowssystem32wbemupdprov.dll 131072 bytes
c:windowssystem32wbemwbemads.dll 16384 bytes
c:windowssystem32wbemwbemads.tlb 32768 bytes
c:windowssystem32wbemwbemdisp.tlb 65536 bytes
c:windowssystem32wbemwinmgmt.exe 16384 bytes
c:windowssystem32wbemwinmgmtr.dll 16384 bytes
c:windowssystem32wbemwmiclimofformat.xsl 16384 bytes
c:windowssystem32wbemwmiclitableformat.xsl 16384 bytes
c:windowssystem32wbemwmiclitableformatnosys.xsl 16384 bytes
c:windowssystem32wbemwmiclivalueformat.xsl 16384 bytes
c:windowssystem32wbemwmimsg.dll 65536 bytes
c:windowssystem32wbemwmipicmp.dll 81920 bytes
c:windowssystem32wbemwmitimep.dll 65536 bytes
c:windowssystem32wbemdsprov.mfl 16384 bytes
c:windowssystem32wbemdsprov.mof 32768 bytes
c:windowssystem32wbemfconprov.mfl 16384 bytes
c:windowssystem32wbemfconprov.mof 16384 bytes
c:windowssystem32wbemfevprov.mfl 16384 bytes
c:windowssystem32wbemfevprov.mof 16384 bytes
c:windowssystem32wbemkrnlprov.mfl 16384 bytes
c:windowssystem32wbemkrnlprov.mof 16384 bytes
c:windowssystem32wbemmsi.mfl 114688 bytes
c:windowssystem32wbemmsi.mof 180224 bytes
c:windowssystem32wbemncprov.mfl 16384 bytes
c:windowssystem32wbemncprov.mof 16384 bytes
c:windowssystem32wbemntevt.mfl 32768 bytes
c:windowssystem32wbemntevt.mof 32768 bytes
c:windowssystem32wbempolicman.mfl 16384 bytes
c:windowssystem32wbempolicman.mof 16384 bytes
c:windowssystem32wbemregevent.mfl 49152 bytes
c:windowssystem32wbemregevent.mof 49152 bytes
c:windowssystem32wbemscm.mof 32768 bytes
c:windowssystem32wbemscrcons.mfl 16384 bytes
c:windowssystem32wbemscrcons.mof 16384 bytes
c:windowssystem32wbemsecrcw32.mfl 49152 bytes
c:windowssystem32wbemsecrcw32.mof 65536 bytes
c:windowssystem32wbemsmtpcons.mfl 16384 bytes
c:windowssystem32wbemsmtpcons.mof 16384 bytes
c:windowssystem32wbemsubscrpt.mof 16384 bytes
c:windowssystem32wbemsystem.mof 131072 bytes
c:windowssystem32wbemtmplprov.mfl 16384 bytes
c:windowssystem32wbemtmplprov.mof 16384 bytes
c:windowssystem32wbemtrnsprov.mfl 16384 bytes
c:windowssystem32wbemtrnsprov.mof 16384 bytes
c:windowssystem32wbemupdprov.mfl 16384 bytes
c:windowssystem32wbemupdprov.mof 32768 bytes
c:windowssystem32wbemwbemcons.mfl 16384 bytes
c:windowssystem32wbemwbemcons.mof 32768 bytes
c:windowssystem32wbemwmi.mfl 16384 bytes
c:windowssystem32wbemwmipcima.mfl 32768 bytes
c:windowssystem32wbemwmipcima.mof 49152 bytes
c:windowssystem32wbemwmipdskq.mfl 16384 bytes
c:windowssystem32wbemwmipdskq.mof 16384 bytes
c:windowssystem32wbemwmipicmp.mfl 16384 bytes
c:windowssystem32wbemwmipicmp.mof 32768 bytes
c:windowssystem32wbemwmipiprt.mfl 16384 bytes
c:windowssystem32wbemwmipiprt.mof 32768 bytes
c:windowssystem32wbemwmipjobj.mfl 49152 bytes
c:windowssystem32wbemwmipjobj.mof 65536 bytes
c:windowssystem32wbemwmipsess.mfl 16384 bytes
c:windowssystem32wbemwmipsess.mof 16384 bytes
c:windowssystem32wbemwmitimep.mfl 16384 bytes
c:windowssystem32wbemwmitimep.mof 16384 bytes
c:windowssystem32wbemPerformance
c:windowssystem32wbemPerformanceWmiApRpl.h 16384 bytes
c:windowssystem32wbemPerformanceWmiApRpl.ini 16384 bytes
c:windowssystem32wbemAutoRecover
c:windowssystem32wbemAutoRecover26C097A9392F8C541AD42E89B7909073.mof 2785280 bytes
c:windowssystem32wbemAutoRecover3EC317800FF508210BB945C81C0EACE7.mof 1998848 bytes
c:windowssystem32wbemAutoRecover0A9DBC92D554324656F61F9862679F27.mof 131072 bytes
c:windowssystem32wbemAutoRecover2AA23BB86A5EBD8BC2D820944E55B233.mof 49152 bytes
c:windowssystem32wbemAutoRecoverC92641594A6F2DA8A55FE4738AFDA539.mof 32768 bytes
c:windowssystem32wbemAutoRecoverA7575F8DE31A912FFE91A7A41B1E382A.mof 49152 bytes
c:windowssystem32wbemAutoRecoverCA0106054EB09C302ED3E0669F99D021.mof 49152 bytes
c:windowssystem32wbemAutoRecover37134956F76D3C30C9BE0C12571CAF43.mof 32768 bytes
c:windowssystem32wbemAutoRecoverDFD614E4D613EF4506AC8F525F5F514B.mof 32768 bytes
c:windowssystem32wbemAutoRecoverE737DE61441445E1FDFCA45EF5E7D987.mof 65536 bytes
c:windowssystem32wbemAutoRecover02E78424AB18BDBFA706C08B7D7B9F1D.mof 49152 bytes
c:windowssystem32wbemAutoRecoverC81ACF420917AA0F87487BC4D958BEB4.mof 32768 bytes
c:windowssystem32wbemAutoRecover958A50DFF8A9DF5FAEA042AC9F60815F.mof 16384 bytes
c:windowssystem32wbemAutoRecoverDC999686F8B85B326CEDFA199DD07F72.mof 180224 bytes
c:windowssystem32wbemAutoRecover6B38F33147D0369D5038BBB61C7A31C8.mof 114688 bytes
c:windowssystem32wbemAutoRecover2CFB5B149FA396D1AEA5F89B1C5A8D81.mof 16384 bytes
c:windowssystem32wbemAutoRecover60A06765DDFE47EF7240BD9C1EB29EFE.mof 16384 bytes
c:windowssystem32wbemAutoRecover72F867EF62976CE9F70993FF3E68A4EB.mof 131072 bytes
c:windowssystem32wbemAutoRecoverE04DE4CDFEC284A342159BB920976701.mof 16384 bytes
c:windowssystem32wbemAutoRecover7A62FA52E22CE751514BC93BE067BC80.mof 16384 bytes
c:windowssystem32wbemAutoRecoverBE81B2C0741907C1FC1C42B6223E59AD.mof 49152 bytes
c:windowssystem32wbemAutoRecoverCFC35B349D24A8495FD2CEAB15C32D88.mof 16384 bytes
c:windowssystem32wbemAutoRecover20D2C3B8CE10B96CE6B8A3C241EF4416.mof 16384 bytes
c:windowssystem32wbemAutoRecoverEDBF963FB003D0670AA9C2219BD091FB.mof 16384 bytes
c:windowssystem32wbemAutoRecover852ECCDBABE77624586E4417FE66F857.mof 16384 bytes
c:windowssystem32wbemAutoRecover2C142C4C15E3B8D139B98154CD083071.mof 16384 bytes
c:windowssystem32wbemAutoRecoverABB70D53B97FC8002205F77E02C97304.mof 16384 bytes
c:windowssystem32wbemAutoRecoverAE7023598F41510BF261111652046301.mof 32768 bytes
c:windowssystem32wbemAutoRecoverA99860BB696AE92ED001E48B014365CE.mof 16384 bytes
c:windowssystem32wbemAutoRecover092389D621F5A8834203DAAC74CCA279.mof 32768 bytes
c:windowssystem32wbemAutoRecover2A61A823DC2C1C838EE71C4351BED0B4.mof 16384 bytes
c:windowssystem32wbemAutoRecoverFAAD7D567E76CAB10704AFD7C0488F23.mof 65536 bytes
c:windowssystem32wbemAutoRecover2CE64FBD51953C097BB5470043A6DAF9.mof 49152 bytes
c:windowssystem32wbemAutoRecover42355E8E232EF8CADD187D531DEC55DD.mof 16384 bytes
c:windowssystem32wbemAutoRecoverAEA50E449C23761CA4D9B7F9ED0D9C89.mof 16384 bytes
c:windowssystem32wbemAutoRecover8636DC7F9479DACE67781080224 bytes
c:windowssystem32winhttp.dll 360448 bytes
c:windowssystem32PreSetup.ini 16384 bytes
c:windowssystem32winnls.dll 16384 bytes
c:windowssystem32Finish.exe 229376 bytes
c:windowssystem32winntbbu.dll 2785280 bytes
c:windowssystem32DSPHook.dll 49152 bytes
c:windowssystem32ctl3d32.dll 32768 bytes
c:windowssystem32d3dramp.dll 606208 bytes
c:windowssystem32ega.cpi 131072 bytes
c:windowssystem32imgutil.dll 49152 bytes
c:windowssystem32migpwd.exe 65536 bytes
c:windowssystem32lnkstub.exe 32768 bytes
c:windowssystem32msr2c.dll 81920 bytes
c:windowssystem32msrclr40.dll 81920 bytes
c:windowssystem32msrecr40.dll 32768 bytes
c:windowssystem32msr2cenu.dll 16384 bytes
c:windowssystem32msvcrt20.dll 262144 bytes
c:windowssystem32paqsp.dll 163840 bytes
c:windowssystem32pentnt.exe 16384 bytes
c:windowssystem32usrcntra.dll 65536 bytes
c:windowssystem32usrcoina.dll 81920 bytes
c:windowssystem32usrdpa.dll 81920 bytes
c:windowssystem32usrdtea.dll 327680 bytes
c:windowssystem32usrfaxa.dll 98304 bytes
c:windowssystem32usrlbva.dll 65536 bytes
c:windowssystem32usrmlnka.exe 81920 bytes
c:windowssystem32usrprbda.exe 65536 bytes
c:windowssystem32usrrtosa.dll 81920 bytes
c:windowssystem32usrsdpia.dll 65536 bytes
c:windowssystem32usrshuta.exe 81920 bytes
c:windowssystem32usrsvpia.dll 49152 bytes
c:windowssystem32usrv42a.dll 114688 bytes
c:windowssystem32usrv80a.dll 65536 bytes
c:windowssystem32usrvoica.dll 49152 bytes
c:windowssystem32usrvpa.dll 65536 bytes
c:windowssystem32osuninst.exe 49152 bytes
c:windowssystem32acelpdec.ax 65536 bytes
c:windowssystem32l3codecx.ax 98304 bytes
c:windowssystem32vga256.dll 65536 bytes
c:windowssystem32vga64k.dll 32768 bytes
c:windowssystem32ntdll.dll 720896 bytes
c:windowssystem32smss.exe 65536 bytes
c:windowssystem32autochk.exe 589824 bytes
c:windowssystem32sfcfiles.dll 1556480 bytes
c:windowssystem32advapi32.dll 688128 bytes
c:windowssystem32comdlg32.dll 278528 bytes
c:windowssystem32gdi32.dll 294912 bytes
c:windowssystem32imagehlp.dll 147456 bytes
c:windowssystem32kernel32.dll 999424 bytes
c:windowssystem32ole32.dll 1294336 bytes
c:windowssystem32oleaut32.dll 557056 bytes
c:windowssystem32rpcrt4.dll 589824 bytes
c:windowssystem32shell32.dll 12812288 bytes
c:windowssystem32url.dll 163840 bytes
c:windowssystem32urlmon.dll 1179648 bytes
c:windowssystem32user32.dll 589824 bytes
c:windowssystem32version.dll 32768 bytes
c:windowssystem32wininet.dll 950272 bytes
c:windowssystem32wldap32.dll 180224 bytes
c:windowssystem32shlwapi.dll 507904 bytes
c:windowssystem32comctl32.dll 622592 bytes
c:windowssystem32msvcrt.dll 344064 bytes
c:windowssystem32mpr.dll 65536 bytes
c:windowssystem32ntvdm.exe 425984 bytes
c:windowssystem32wow32.dll 278528 bytes
c:windowssystem32crypt32.dll 606208 bytes
c:windowssystem32userenv.dll 737280 bytes
c:windowssystem32msasn1.dll 65536 bytes
c:windowssystem32win32k.sys 1851392 bytes
c:windowssystem32watchdog.sys 32768 bytes
c:windowssystem32csrsrv.dll 32768 bytes
c:windowssystem32basesrv.dll 65536 bytes
c:windowssystem32winsrv.dll 294912 bytes
c:windowssystem32locale.nls 262144 bytes
c:windowssystem32sorttbls.nls 32768 bytes
c:windowssystem32winlogon.exe 507904 bytes
c:windowssystem32nddeapi.dll 32768 bytes
c:windowssystem32secur32.dll 65536 bytes
c:windowssystem32winsta.dll 65536 bytes
c:windowssystem32profmap.dll 32768 bytes
c:windowssystem32netapi32.dll 344064 bytes
c:windowssystem32regapi.dll 65536 bytes
c:windowssystem32ws2_32.dll 98304 bytes
c:windowssystem32ws2help.dll 32768 bytes
c:windowssystem32sortkey.nls 278528 bytes
c:windowssystem32msgina.dll 1343488 bytes
c:windowssystem32odbc32.dll 262144 bytes
c:windowssystem32sxs.dll 753664 bytes
c:windowssystem32odbcint.dll 114688 bytes
c:windowssystem32wbemAutoRecoverDBD781C2C031C708BCB490F228E7BEF9.mof 16384 bytes
c:windowssystem32wbemAutoRecover88744D2A29102FC88ECF505DD2E984FC.mof 32768 bytes
c:windowssystem32wbemAutoRecoverC6300BFE37ADE6B52EC023F66124985F.mof 114688 bytes
c:windowssystem32wbemAutoRecover701B705ED7DF100F88D5BC4A595E938D.mof 65536 bytes
c:windowssystem32wbemAutoRecover79E817BC978E2D450EB9E3794DFDA6CF.mof 16384 bytes
c:windowssystem32wbemAutoRecover26D6C4EB696DD0C83F5D5BF2235000A7.mof 16384 bytes
c:windowssystem32wbemAutoRecoverE441354B9FE5F63362A481C9B9195A73.mof 16384 bytes
c:windowssystem32wbemAutoRecover42C894EEACAD83A4E41154685841B3E1.mof 32768 bytes
c:windowssystem32wbemAutoRecover1E97A05DE566CF6EEAE29D0634E27392.mof 16384 bytes
c:windowssystem32wbemAutoRecoverD92470B796B6B18F9EE52301857F0567.mof 16384 bytes
c:windowssystem32wbemAutoRecover2DA80135BA8EC175C9B1C1598F659434.mof 16384 bytes
c:windowssystem32wbemAutoRecover608B41C6A2CD9460C2263E6CD80C335A.mof 32768 bytes
c:windowssystem32wbemAutoRecover731AE1FC8C795979F40FAD645FFBAEB1.mof 49152 bytes
c:windowssystem32wbemAutoRecoverC3A0BE17B37ACE48BE78B31580231AE9.mof 98304 bytes
c:windowssystem32wbemAutoRecoverD724DF13E0B0DF051EB5D403DD8EF2FC.mof 294912 bytes
c:windowssystem32wbemAutoRecover6FFF7467A5B40765D5740A413CA8BB8A.mof 16384 bytes
c:windowssystem32wbemAutoRecover9AD3182A2F39A3E091E15109132EC6CC.mof 16384 bytes
c:windowssystem32wbemAutoRecover2B8B1A8B0ACD3EE28B421D3918DC1F29.mof 16384 bytes
c:windowssystem32wbemAutoRecover1EBE968EB7AF815A32641E6185350A9E.mof 114688 bytes
c:windowssystem32wbemAutoRecover7E27EAAD25AA36FEADFF502991DFC5C1.mof 163840 bytes
c:windowssystem32wbemAutoRecoverE478A5DB75C9721E744C05D78DBACFD3.mof 163840 bytes
c:windowssystem32wbemsnmp
c:windowsTEMPWPDNSE
c:windowsTEMPSma1.tmp 0 bytes
c:windowsTEMPPerflib_Perfdata_b94.dat 16384 bytes
c:windowsTEMPWPDNSE
c:windowsTEMPSma1.tmp 0 bytes
c:windowsTEMPPerflib_Perfdata_b94.dat 16384 bytes
c:windowsFontsvgaoem.fon 16384 bytes
c:windowsFontsvgasys.fon 16384 bytes
c:windowsFontsvgafix.fon 16384 bytes
c:windowsFontsdosapp.fon 49152 bytes
c:windowsFontsega80woa.fon 16384 bytes
c:windowsFontsega40woa.fon 16384 bytes
c:windowsFontscga80woa.fon 16384 bytes
c:windowsFontscga40woa.fon 16384 bytes
c:windowsFontsroman.fon 16384 bytes
c:windowsFontsscript.fon 16384 bytes
c:windowsFontsmodern.fon 16384 bytes
c:windowsFontssmalle.fon 32768 bytes
c:windowsFontssymbole.fon 65536 bytes
c:windowsFontscoure.fon 32768 bytes
c:windowsFontssserife.fon 65536 bytes
c:windowsFontsserife.fon 65536 bytes
c:windowsFontsmarlett.ttf 32768 bytes
c:windowsFontsestre.ttf 81920 bytes
c:windowsFontsgautami.ttf 229376 bytes
c:windowsFontslatha.ttf 81920 bytes
c:windowsFontsmangal.ttf 147456 bytes
c:windowsFontsmvboli.ttf 49152 bytes
c:windowsFontsraavi.ttf 65536 bytes
c:windowsFontsshruti.ttf 245760 bytes
c:windowsFontstunga.ttf 163840 bytes
c:windowsFontstrebucbd.ttf 131072 bytes
c:windowsFontsarialbi.ttf 229376 bytes
c:windowsFontsariali.ttf 212992 bytes
c:windowsFontsariblk.ttf 131072 bytes
c:windowsFontscomicbd.ttf 114688 bytes
c:windowsFontscour.ttf 311296 bytes
c:windowsFontscourbd.ttf 327680 bytes
c:windowsFontscourbi.ttf 245760 bytes
c:windowsFontscouri.ttf 245760 bytes
c:windowsFontsgeorgiab.ttf 147456 bytes
c:windowsFontsgeorgiai.ttf 163840 bytes
c:windowsFontsgeorgiaz.ttf 163840 bytes
c:windowsFontsimpact.ttf 147456 bytes
c:windowsFontsl_10646.ttf 327680 bytes
c:windowsFontslucon.ttf 131072 bytes
c:windowsFontspala.ttf 491520 bytes
c:windowsFontspalab.ttf 442368 bytes
c:windowsFontspalabi.ttf 360448 bytes
c:windowsFontspalai.ttf 442368 bytes
c:windowsFontssymbol.ttf 81920 bytes
c:windowsFontstimesbi.ttf 245760 bytes
c:windowsFontstimesi.ttf 262144 bytes
c:windowsFontstrebucbi.ttf 147456 bytes
c:windowsFontstrebucit.ttf 147456 bytes
c:windowsFontsverdanai.ttf 163840 bytes
c:windowsFontsverdanaz.ttf 163840 bytes
c:windowsFontswebdings.ttf 131072 bytes
c:windowsFontswingding.ttf 81920 bytes
c:windowsFontsverdanab.ttf 147456 bytes
c:windowsFontscga40850.fon 16384 bytes
c:windowsFontscga80850.fon 16384 bytes
c:windowsFontscourf.fon 32768 bytes
c:windowsFontsdesktop.ini 16384 bytes
c:windowsFontsega40850.fon 16384 bytes
c:windowsFontsega80850.fon 16384 bytes
c:windowsFontsframd.ttf 147456 bytes
c:windowsFontsframdit.ttf 163840 bytes
c:windowsFontsseriff.fon 81920 bytes
c:windowsFontssseriff.fon 98304 bytes
c:windowsFontssylfaen.ttf 229376 bytes
c:windowsFontsvga850.fon 16384 bytes
c:windowsFontswst_czec.fon 32768 bytes
c:windowsFontswst_engl.fon 32768 bytes
c:windowsFontswst_fren.fon 32768 bytes
c:windowsFontswst_germ.fon 32768 bytes
c:windowsFontswst_ital.fon 32768 bytes
c:windowsFontswst_span.fon 32768 bytes
c:windowsFontswst_swed.fon 32768 bytes
c:windowsFontstahomabd.ttf 360448 bytes
c:windowsFontstahoma.ttf 393216 bytes
c:windowsFontsmicross.ttf 475136 bytes
c:windowsFontsarial.ttf 376832 bytes
c:windowsFontstrebuc.ttf 147456 bytes
c:windowsFontsverdana.ttf 180224 bytes
c:windowsFontsarialbd.ttf 360448 bytes
c:windowsFontscomic.ttf 131072 bytes
c:windowsFontsgeorgia.ttf 163840 bytes
c:windowsFontstimesbd.ttf 409600 bytes
c:windowsFontstimes.ttf 409600 bytes
c:windowsFontsROCKB.TTF 81920 bytes
c:windowsFontsROCKBI.TTF 81920 bytes
c:windowsFontsROCKI.TTF 81920 bytes
c:windowsFontsROCCB___.TTF 65536 bytes
c:windowsFontskartika.ttf 131072 bytes
c:windowsFontsvrinda.ttf 262144 bytes
c:windowsFontsROCC____.TTF 65536 bytes
c:windowsFonts8514fixr.fon 16384 bytes
c:windowsFontsROCKEB.TTF 65536 bytes
c:windowsFonts8514oemr.fon 16384 bytes
c:windowsFontsINFROMAN.TTF 81920 bytes
c:windowsFonts8514sysr.fon 16384 bytes
c:windowsFontsSCRIPTBL.TTF 65536 bytes
c:windowsFonts85855.fon 16384 bytes
c:windowsFontsSHOWG.TTF 65536 bytes
c:windowsFontsapp855.fon 49152 bytes
c:windowsFontsSNAP____.TTF 65536 bytes
c:windowsFontsapp866.fon 49152 bytes
c:windowsFontsSTENCIL.TTF 65536 bytes
c:windowsFontscga40866.fon 16384 bytes
c:windowsFontsTEMPSITC.TTF 81920 bytes
c:windowsFontscga80866.fon 16384 bytes
c:windowsFontsTCBI____.TTF 81920 bytes
c:windowsFontscourer.fon 32768 bytes
c:windowsFontsTCB_____.TTF 81920 bytes
c:windowsFontscourfr.fon 32768 bytes
c:windowsFontsTCCM____.TTF 81920 bytes
c:windowsFontsega40866.fon 16384 bytes
c:windowsFontsTCCB____.TTF 81920 bytes
c:windowsFontsega80866.fon 16384 bytes
c:windowsFontsTCCEB.TTF 81920 bytes
c:windowsFontsserifer.fon 65536 bytes
c:windowsFontsTCMI____.TTF 81920 bytes
c:windowsFontsseriffr.fon 98304 bytes
c:windowsFontsTCM_____.TTF 81920 bytes
c:windowsFontssmaller.fon 32768 bytes
c:windowsFontsVINERITC.TTF 114688 bytes
c:windowsFontssmallfr.fon 32768 bytes
c:windowsFontsVIVALDII.TTF 65536 bytes
c:windowsFontssserifer.fon 81920 bytes
c:windowsFontsVLADIMIR.TTF 65536 bytes
c:windowsFontssseriffr.fon 98304 bytes
c:windowsFontsLATINWD.TTF 49152 bytes
c:windowsFontsvga855.fon 16384 bytes
c:windowsFontsWINGDNG2.TTF 81920 bytes
c:windowsFontsvga866.fon 16384 bytes
c:windowsFontsWINGDNG3.TTF 49152 bytes
c:windowsFontsvgafixr.fon 16384 bytes
c:windowsFontsvgasysr.fon 16384 bytes
c:windowsFonts8514fix.fon 16384 bytes
c:windowsFonts8514oem.fon 16384 bytes
c:windowsFonts8514sys.fon 16384 bytes
c:windowsFontsapp850.fon 49152 bytes
c:windowsFontssmallf.fon 32768 bytes
c:windowsFontsvga860.fon 16384 bytes
c:windowsFontsvga863.fon 16384 bytes
c:windowsFontsvga865.fon 16384 bytes
c:windowsFonts8514fixe.fon 16384 bytes
c:windowsFonts8514oeme.fon 16384 bytes
c:windowsFonts8514syse.fon 16384 bytes
c:windowsFontsapp852.fon 49152 bytes
c:windowsFontscga40852.fon 16384 bytes
c:windowsFontscga80852.fon 16384 bytes
c:windowsFontscouree.fon 32768 bytes
c:windowsFontscourfe.fon 32768 bytes
c:windowsFontsega40852.fon 16384 bytes
c:windowsFontsega80852.fon 16384 bytes
c:windowsFontsserifee.fon 65536 bytes
c:windowsFontsseriffe.fon 98304 bytes
c:windowsFontssmallee.fon 32768 bytes
c:windowsFontssmallfe.fon 32768 bytes
c:windowsFontssserifee.fon 81920 bytes
c:windowsFontssseriffe.fon 98304 bytes
c:windowsFontsvga852.fon 16384 bytes
c:windowsFontsvgafixe.fon 16384 bytes
c:windowsFontsvgasyse.fon 16384 bytes
c:windowsFonts85775.fon 16384 bytes
c:windowsFonts85f1257.fon 16384 bytes
c:windowsFonts85s1257.fon 16384 bytes
c:windowsFontsapp775.fon 49152 bytes
c:windowsFontscoue1257.fon 32768 bytes
c:windowsFontscouf1257.fon 32768 bytes
c:windowsFontssere1257.fon 65536 bytes
c:windowsFontsserf1257.fon 98304 bytes
c:windowsFontssmae1257.fon 32768 bytes
c:windowsFontssmaf1257.fon 32768 bytes
c:windowsFontsssee1257.fon 65536 bytes
c:windowsFontsssef1257.fon 98304 bytes
c:windowsFontsvga775.fon 16384 bytes
c:windowsFontsvgaf1257.fon 16384 bytes
c:windowsFontsvgas1257.fon 16384 bytes
c:windowsFonts8514fixg.fon 16384 bytes
c:windowsFonts8514oemg.fon 16384 bytes
c:windowsFonts8514sysg.fon 16384 bytes
c:windowsFontscga40737.fon 16384 bytes
c:windowsFontscga40869.fon 16384 bytes
c:windowsFontscga80737.fon 16384 bytes
c:windowsFontscga80869.fon 16384 bytes
c:windowsFontscoureg.fon 32768 bytes
c:windowsFontscourfg.fon 49152 bytes
c:windowsFontsdos737.fon 49152 bytes
c:windowsFontsega40737.fon 16384 bytes
c:windowsFontsega40869.fon 16384 bytes
c:windowsFontsega80737.fon 16384 bytes
c:windowsFontsega80869.fon 16384 bytes
c:windowsFontsserifeg.fon 65536 bytes
c:windowsFontsseriffg.fon 98304 bytes
c:windowsFontssmalleg.fon 32768 bytes
c:windowsFontssmallfg.fon 32768 bytes
c:windowsFontssserifeg.fon 65536 bytes
c:windowsFontssseriffg.fon 98304 bytes
c:windowsFontsvga737.fon 16384 bytes
c:windowsFontsvga869.fon 16384 bytes
c:windowsFontsvgafixg.fon 16384 bytes
c:windowsFontsvgasysg.fon 16384 bytes
c:windowsFonts8514fixt.fon 16384 bytes
c:windowsFonts8514oemt.fon 16384 bytes
c:windowsFonts8514syst.fon 16384 bytes
c:windowsFontsapp857.fon 49152 bytes
c:windowsFontscga40857.fon 16384 bytes
c:windowsFontscga80857.fon 16384 bytes
c:windowsFontscouret.fon 32768 bytes
c:windowsFontscourft.fon 49152 bytes
c:windowsFontsega40857.fon 16384 bytes
c:windowsFontsega80857.fon 16384 bytes
c:windowsFontsserifet.fon 65536 bytes
c:windowsFontsserifft.fon 98304 bytes
c:windowsFontssmallet.fon 32768 bytes
c:windowsFontssmallft.fon 32768 bytes
c:windowsFontssserifet.fon 65536 bytes
c:windowsFontssserifft.fon 98304 bytes
c:windowsFontsvga857.fon 16384 bytes
c:windowsFontsvgafixt.fon 16384 bytes
c:windowsFontsvgasyst.fon 16384 bytes
c:windowsFontsGlobalMonospace.CompositeFont 32768 bytes
c:windowsFontsGlobalSansSerif.CompositeFont 32768 bytes
c:windowsFontsGlobalSerif.CompositeFont 32768 bytes
c:windowsFontsGlobalUserInterface.CompositeFont 32768 bytes
c:windowsFontsCALIBRI.TTF 360448 bytes
c:windowsFontsCALIBRIB.TTF 360448 bytes
c:windowsFontsCALIBRII.TTF 376832 bytes
c:windowsFontsCALIBRIZ.TTF 376832 bytes
c:windowsFontsCAMBRIA.TTC 1097728 bytes
c:windowsFontsCAMBRIAB.TTF 344064 bytes
c:windowsFontsCAMBRIAI.TTF 344064 bytes
c:windowsFontsCAMBRIAZ.TTF 327680 bytes
c:windowsFontsCANDARA.TTF 163840 bytes
c:windowsFontsCANDARAB.TTF 180224 bytes
c:windowsFontsCANDARAI.TTF 180224 bytes
c:windowsFontsCANDARAZ.TTF 180224 bytes
c:windowsFontsCONSOLA.TTF 114688 bytes
c:windowsFontsCONSOLAB.TTF 114688 bytes
c:windowsFontsCONSOLAI.TTF 114688 bytes
c:windowsFontsCONSOLAZ.TTF 114688 bytes
c:windowsFontsCONSTAN.TTF 327680 bytes
c:windowsFontsCONSTANB.TTF 327680 bytes
c:windowsFontsCONSTANI.TTF 311296 bytes
c:windowsFontsCONSTANZ.TTF 327680 bytes
c:windowsFontsCORBEL.TTF 212992 bytes
c:windowsFontsCORBELB.TTF 212992 bytes
c:windowsFontsCORBELI.TTF 212992 bytes
c:windowsFontsCORBELZ.TTF 229376 bytes
c:windowsFontsSEGOEUI.TTF 524288 bytes
c:windowsFontsSEGOEUIB.TTF 491520 bytes
c:windowsFontsSEGOEUII.TTF 393216 bytes
c:windowsFontsSEGOEUIZ.TTF 393216 bytes
c:windowsFontsAGENCYB.TTF 65536 bytes
c:windowsFontsAGENCYR.TTF 65536 bytes
c:windowsFontsALGER.TTF 81920 bytes
c:windowsFontsARIALN.TTF 180224 bytes
c:windowsFontsARIALNB.TTF 180224 bytes
c:windowsFontsARIALNBI.TTF 180224 bytes
c:windowsFontsARIALNI.TTF 180224 bytes
c:windowsFontsARLRDBD.TTF 49152 bytes
c:windowsFontsARIALUNI.TTF 23281664 bytes
c:windowsFontsBASKVILL.TTF 65536 bytes
c:windowsFontsBAUHS93.TTF 49152 bytes
c:windowsFontsBELL.TTF 98304 bytes
c:windowsFontsBELLB.TTF 98304 bytes
c:windowsFontsBELLI.TTF 98304 bytes
c:windowsFontsBRLNSB.TTF 98304 bytes
c:windowsFontsBRLNSDB.TTF 98304 bytes
c:windowsFontsBRLNSR.TTF 98304 bytes
c:windowsFontsBERNHC.TTF 81920 bytes
c:windowsFontsITCBLKAD.TTF 147456 bytes
c:windowsFontsBOD_B.TTF 81920 bytes
c:windowsFontsBOD_BI.TTF 98304 bytes
c:windowsFontsBOD_I.TTF 98304 bytes
c:windowsFontsBOD_R.TTF 81920 bytes
c:windowsFontsBOD_BLAI.TTF 98304 bytes
c:windowsFontsBOD_BLAR.TTF 81920 bytes
c:windowsFontsBOD_CB.TTF 81920 bytes
c:windowsFontsBOD_CBI.TTF 81920 bytes
c:windowsFontsBOD_CI.TTF 81920 bytes
c:windowsFontsBOD_CR.TTF 81920 bytes
c:windowsFontsBOD_PSTC.TTF 98304 bytes
c:windowsFontsANTQUAB.TTF 163840 bytes
c:windowsFontsANTQUABI.TTF 163840 bytes
c:windowsFontsANTQUAI.TTF 163840 bytes
c:windowsFontsBKANT.TTF 163840 bytes
c:windowsFontsBOOKOS.TTF 163840 bytes
c:windowsFontsBOOKOSB.TTF 163840 bytes
c:windowsFontsBOOKOSBI.TTF 163840 bytes
c:windowsFontsBOOKOSI.TTF 163840 bytes
c:windowsFontsBRADHITC.TTF 114688 bytes
c:windowsFontsBRITANIC.TTF 49152 bytes
c:windowsFontsBROADW.TTF 65536 bytes
c:windowsFontsBRUSHSCI.TTF 65536 bytes
c:windowsFontsCALIFB.TTF 81920 bytes
c:windowsFontsCALIFI.TTF 114688 bytes
c:windowsFontsCALIFR.TTF 114688 bytes
c:windowsFontsCALIST.TTF 81920 bytes
c:windowsFontsCALISTB.TTF 98304 bytes
c:windowsFontsCALISTBI.TTF 98304 bytes
c:windowsFontsCALISTI.TTF 65536 bytes
c:windowsFontsCASTELAR.TTF 49152 bytes
c:windowsFontsCENTAUR.TTF 98304 bytes
c:windowsFontsCENTURY.TTF 180224 bytes
c:windowsFontsGOTHIC.TTF 147456 bytes
c:windowsFontsGOTHICB.TTF 131072 bytes
c:windowsFontsGOTHICBI.TTF 147456 bytes
c:windowsFontsGOTHICI.TTF 163840 bytes
c:windowsFontsCENSCBK.TTF 163840 bytes
c:windowsFontsSCHLBKB.TTF 180224 bytes
c:windowsFontsSCHLBKBI.TTF 163840 bytes
c:windowsFontsSCHLBKI.TTF 163840 bytes
c:windowsFontsCHILLER.TTF 98304 bytes
c:windowsFontsCOLONNA.TTF 65536 bytes
c:windowsFontsCOOPBL.TTF 81920 bytes
c:windowsFontsCOPRGTB.TTF 65536 bytes
c:windowsFontsCOPRGTL.TTF 65536 bytes
c:windowsFontsCURLZ___.TTF 81920 bytes
c:windowsFontsITCEDSCR.TTF 65536 bytes
c:windowsFontsELEPHNT.TTF 65536 bytes
c:windowsFontsELEPHNTI.TTF 65536 bytes
c:windowsFontsENGR.TTF 65536 bytes
c:windowsFontsERASBD.TTF 65536 bytes
c:windowsFontsERASDEMI.TTF 65536 bytes
c:windowsFontsERASLGHT.TTF 81920 bytes
c:windowsFontsERASMD.TTF 65536 bytes
c:windowsFontsFELIXTI.TTF 49152 bytes
c:windowsFontsFTLTLT.TTF 98304 bytes
c:windowsFontsFORTE.TTF 65536 bytes
c:windowsFontsFRABK.TTF 163840 bytes
c:windowsFontsFRABKIT.TTF 180224 bytes
c:windowsFontsFRADM.TTF 147456 bytes
c:windowsFontsFRADMIT.TTF 147456 bytes
c:windowsFontsFRADMCN.TTF 131072 bytes
c:windowsFontsFRAHV.TTF 147456 bytes
c:windowsFontsFRAHVIT.TTF 163840 bytes
c:windowsFontsFRAMDCN.TTF 147456 bytes
c:windowsFontsFREESCPT.TTF 81920 bytes
c:windowsFontsFRSCRIPT.TTF 65536 bytes
c:windowsFontsGARA.TTF 212992 bytes
c:windowsFontsGARABD.TTF 212992 bytes
c:windowsFontsGARAIT.TTF 196608 bytes
c:windowsFontsGIGI.TTF 147456 bytes
c:windowsFontsGILBI___.TTF 81920 bytes
c:windowsFontsGILB____.TTF 81920 bytes
c:windowsFontsGILI____.TTF 81920 bytes
c:windowsFontsGIL_____.TTF 81920 bytes
c:windowsFontsGILC____.TTF 65536 bytes
c:windowsFontsGILSANUB.TTF 81920 bytes
c:windowsFontsGILLUBCD.TTF 81920 bytes
c:windowsFontsGLSNECB.TTF 98304 bytes
c:windowsFontsGLECB.TTF 81920 bytes
c:windowsFontsGOUDOS.TTF 81920 bytes
c:windowsFontsGOUDOSB.TTF 98304 bytes
c:windowsFontsGOUDOSI.TTF 81920 bytes
c:windowsFontsGOUDYSTO.TTF 65536 bytes
c:windowsFontsHATTEN.TTF 114688 bytes
c:windowsFontsHARLOWSI.TTF 65536 bytes
c:windowsFontsHARNGTON.TTF 81920 bytes
c:windowsFontsHTOWERT.TTF 98304 bytes
c:windowsFontsHTOWERTI.TTF 81920 bytes
c:windowsFontsIMPRISHA.TTF 65536 bytes
c:windowsFontsJOKERMAN.TTF 81920 bytes
c:windowsFontsJUICE___.TTF 65536 bytes
c:windowsFontsITCKRIST.TTF 65536 bytes
c:windowsFontsKUNSTLER.TTF 65536 bytes
c:windowsFontsLBRITE.TTF 81920 bytes
c:windowsFontsLBRITED.TTF 81920 bytes
c:windowsFontsLBRITEDI.TTF 81920 bytes
c:windowsFontsLBRITEI.TTF 81920 bytes
c:windowsFontsLCALLIG.TTF 65536 bytes
c:windowsFontsLFAX.TTF 65536 bytes
c:windowsFontsLFAXD.TTF 65536 bytes
c:windowsFontsLFAXDI.TTF 81920 bytes
c:windowsFontsLFAXI.TTF 81920 bytes
c:windowsFontsLHANDW.TTF 65536 bytes
c:windowsFontsLSANS.TTF 65536 bytes
c:windowsFontsLSANSD.TTF 65536 bytes
c:windowsFontsLSANSDI.TTF 81920 bytes
c:windowsFontsLSANSI.TTF 65536 bytes
c:windowsFontsLTYPE.TTF 65536 bytes
c:windowsFontsLTYPEB.TTF 65536 bytes
c:windowsFontsLTYPEBO.TTF 65536 bytes
c:windowsFontsLTYPEO.TTF 65536 bytes
c:windowsFontsMAGNETOB.TTF 65536 bytes
c:windowsFontsMAIAN.TTF 65536 bytes
c:windowsFontsMATURASC.TTF 65536 bytes
c:windowsFontsMISTRAL.TTF 196608 bytes
c:windowsFontsMOD20.TTF 65536 bytes
c:windowsFontsMTCORSVA.TTF 163840 bytes
c:windowsFontsMSMINCHO.TTF 9093120 bytes
c:windowsFontsOUTLOOK.TTF 32768 bytes
c:windowsFontsNIAGENG.TTF 98304 bytes
c:windowsFontsNIAGSOL.TTF 81920 bytes
c:windowsFontsOCRAEXT.TTF 65536 bytes
c:windowsFontsOLDENGL.TTF 98304 bytes
c:windowsFontsONYX.TTF 81920 bytes
c:windowsFontsPALSCRI.TTF 65536 bytes
c:windowsFontsPAPYRUS.TTF 163840 bytes
c:windowsFontsPARCHM.TTF 163840 bytes
c:windowsFontsPERBI___.TTF 81920 bytes
c:windowsFontsPERB____.TTF 65536 bytes
c:windowsFontsPERI____.TTF 81920 bytes
c:windowsFontsPER_____.TTF 65536 bytes
c:windowsFontsPERTIBD.TTF 49152 bytes
c:windowsFontsPERTILI.TTF 49152 bytes
c:windowsFontsPLAYBILL.TTF 49152 bytes
c:windowsFontsPOORICH.TTF 81920 bytes
c:windowsFontsPRISTINA.TTF 98304 bytes
c:windowsFontsRAGE.TTF 147456 bytes
c:windowsFontsRAVIE.TTF 81920 bytes
c:windowsFontsBSSYM7.TTF 65536 bytes
c:windowsFontsREFSAN.TTF 229376 bytes
c:windowsFontsREFSPCL.TTF 65536 bytes
c:windowsFontsROCK.TTF 81920 bytes
c:windowsFontsAcadEref.ttf 16384 bytes
c:windowsFontsAIGDT___.TTF 32768 bytes
c:windowsFontsAMDT_Symbols.ttf 16384 bytes
c:windowsFontsAMGDT___.TTF 32768 bytes
c:windowsFontsbgothl.ttf 49152 bytes
c:windowsFontsbgothm.ttf 49152 bytes
c:windowsFontscityb___.ttf 65536 bytes
c:windowsFontscompi.ttf 32768 bytes
c:windowsFontscomplex_.ttf 81920 bytes
c:windowsFontscomsc.ttf 65536 bytes
c:windowsFontscounb___.ttf 65536 bytes
c:windowsFontsdutch.ttf 49152 bytes
c:windowsFontsdutchb.ttf 49152 bytes
c:windowsFontsdutchbi.ttf 49152 bytes
c:windowsFontsdutcheb.ttf 49152 bytes
c:windowsFontsdutchi.ttf 49152 bytes
c:windowsFontseurr____.ttf 65536 bytes
c:windowsFontseurro___.ttf 65536 bytes
c:windowsFontsgdt_____.ttf 32768 bytes
c:windowsFontsgothice_.ttf 81920 bytes
c:windowsFontsgothicg_.ttf 65536 bytes
c:windowsFontsgothici_.ttf 65536 bytes
c:windowsFontsgreekc__.ttf 32768 bytes
c:windowsFontsgreeks__.ttf 32768 bytes
c:windowsFontsisocp___.ttf 49152 bytes
c:windowsFontsisocp2__.ttf 49152 bytes
c:windowsFontsisocp3__.ttf 49152 bytes
c:windowsFontsisocpeui.ttf 147456 bytes
c:windowsFontsisocpeur.ttf 147456 bytes
c:windowsFontsisoct___.ttf 49152 bytes
c:windowsFontsisoct2__.ttf 49152 bytes
c:windowsFontsisoct3__.ttf 49152 bytes
c:windowsFontsisocteui.ttf 147456 bytes
c:windowsFontsisocteur.ttf 147456 bytes
c:windowsFontsitalic__.ttf 65536 bytes
c:windowsFontsitalicc_.ttf 65536 bytes
c:windowsFontsitalict_.ttf 65536 bytes
c:windowsFontsmonos.ttf 49152 bytes
c:windowsFontsmonosb.ttf 49152 bytes
c:windowsFontsmonosbi.ttf 49152 bytes
c:windowsFontsmonosi.ttf 49152 bytes
c:windowsFontsmonotxt_.ttf 49152 bytes
c:windowsFontsmtproxy1.ttf 49152 bytes
c:windowsFontsmtproxy2.ttf 49152 bytes
c:windowsFontsmtproxy3.ttf 49152 bytes
c:windowsFontsmtproxy4.ttf 49152 bytes
c:windowsFontsmtproxy5.ttf 49152 bytes
c:windowsFontsmtproxy6.ttf 49152 bytes
c:windowsFontsmtproxy7.ttf 49152 bytes
c:windowsFontsmtproxy8.ttf 49152 bytes
c:windowsFontsmtproxy9.ttf 49152 bytes
c:windowsFontspanroman.ttf 65536 bytes
c:windowsFontsromab___.ttf 65536 bytes
c:windowsFontsromai___.ttf 65536 bytes
c:windowsFontsromanc__.ttf 49152 bytes
c:windowsFontsromand__.ttf 49152 bytes
c:windowsFontsromans__.ttf 65536 bytes
c:windowsFontsromant__.ttf 65536 bytes
c:windowsFontsromantic.ttf 65536 bytes
c:windowsFontssanss___.ttf 65536 bytes
c:windowsFontssanssb__.ttf 65536 bytes
c:windowsFontssanssbo_.ttf 65536 bytes
c:windowsFontssansso__.ttf 65536 bytes
c:windowsFontsscriptc_.ttf 65536 bytes
c:windowsFontsscripts_.ttf 65536 bytes
c:windowsFontssimplex_.ttf 65536 bytes
c:windowsFontsstylu.ttf 49152 bytes
c:windowsFontssupef___.ttf 49152 bytes
c:windowsFontsswiss.ttf 49152 bytes
c:windowsFontsswissb.ttf 49152 bytes
c:windowsFontsswissbi.ttf 49152 bytes
c:windowsFontsswissbo.ttf 65536 bytes
c:windowsFontsswissc.ttf 49152 bytes
c:windowsFontsswisscb.ttf 49152 bytes
c:windowsFontsswisscbi.ttf 49152 bytes
c:windowsFontsswisscbo.ttf 65536 bytes
c:windowsFontsswissci.ttf 49152 bytes
c:windowsFontsswissck.ttf 49152 bytes
c:windowsFontsswisscki.ttf 49152 bytes
c:windowsFontsswisscl.ttf 49152 bytes
c:windowsFontsswisscli.ttf 49152 bytes
c:windowsFontsswisse.ttf 49152 bytes
c:windowsFontsswisseb.ttf 49152 bytes
c:windowsFontsswissek.ttf 49152 bytes
c:windowsFontsswissel.ttf 49152 bytes
c:windowsFontsswissi.ttf 49152 bytes
c:windowsFontsswissk.ttf 49152 bytes
c:windowsFontsswisski.ttf 49152 bytes
c:windowsFontsswissko.ttf 65536 bytes
c:windowsFontsswissl.ttf 49152 bytes
c:windowsFontsswissli.ttf 49152 bytes
c:windowsFontssyastro_.ttf 49152 bytes
c:windowsFontssymap___.ttf 49152 bytes
c:windowsFontssymath__.ttf 32768 bytes
c:windowsFontssymeteo_.ttf 32768 bytes
c:windowsFontssymusic_.ttf 32768 bytes
c:windowsFontstechb___.ttf 65536 bytes
c:windowsFontstechl___.ttf 65536 bytes
c:windowsFontstechnic_.ttf 65536 bytes
c:windowsFontstxt_____.ttf 49152 bytes
c:windowsFontsumath.ttf 32768 bytes
c:windowsFontsvinet.ttf 81920 bytes
c:windowsFontsACaslonPro-Bold.otf 147456 bytes
c:windowsFontsACaslonPro-BoldItalic.otf 180224 bytes
c:windowsFontsACaslonPro-Italic.otf 180224 bytes
c:windowsFontsACaslonPro-Regular.otf 163840 bytes
c:windowsFontsACaslonPro-Semibold.otf 180224 bytes
c:windowsFontsACaslonPro-SemiboldItalic.otf 180224 bytes
c:windowsFontsAGaramondPro-Bold.otf 81920 bytes
c:windowsFontsAGaramondPro-BoldItalic.otf 81920 bytes
c:windowsFontsAGaramondPro-Italic.otf 98304 bytes
c:windowsFontsAGaramondPro-Regular.otf 131072 bytes
c:windowsFontsArnoPro-Bold.otf 409600 bytes
c:windowsFontsArnoPro-BoldCaption.otf 409600 bytes
c:windowsFontsArnoPro-BoldDisplay.otf 393216 bytes
c:windowsFontsArnoPro-BoldItalic.otf 491520 bytes
c:windowsFontsArnoPro-BoldItalicCaption.otf 475136 bytes
c:windowsFontsArnoPro-BoldItalicDisplay.otf 475136 bytes
c:windowsFontsArnoPro-BoldItalicSmText.otf 475136 bytes
c:windowsFontsArnoPro-BoldItalicSubhead.otf 475136 bytes
c:windowsFontsArnoPro-BoldSmText.otf 409600 bytes
c:windowsFontsArnoPro-BoldSubhead.otf 409600 bytes
c:windowsFontsArnoPro-Caption.otf 409600 bytes
c:windowsFontsArnoPro-Display.otf 393216 bytes
c:windowsFontsArnoPro-Italic.otf 491520 bytes
c:windowsFontsArnoPro-ItalicCaption.otf 475136 bytes
c:windowsFontsArnoPro-ItalicDisplay.otf 475136 bytes
c:windowsFontsArnoPro-ItalicSmText.otf 475136 bytes
c:windowsFontsArnoPro-ItalicSubhead.otf 491520 bytes
c:windowsFontsArnoPro-LightDisplay.otf 393216 bytes
c:windowsFontsArnoPro-LightItalicDisplay.otf 475136 bytes
c:windowsFontsArnoPro-Regular.otf 409600 bytes
c:windowsFontsArnoPro-Smbd.otf 409600 bytes
c:windowsFontsArnoPro-SmbdCaption.otf 409600 bytes
c:windowsFontsArnoPro-SmbdDisplay.otf 409600 bytes
c:windowsFontsArnoPro-SmbdItalic.otf 475136 bytes
c:windowsFontsArnoPro-SmbdItalicCaption.otf 475136 bytes
c:windowsFontsArnoPro-SmbdItalicDisplay.otf 475136 bytes
c:windowsFontsArnoPro-SmbdItalicSmText.otf 475136 bytes
c:windowsFontsArnoPro-SmbdItalicSubhead.otf 475136 bytes
c:windowsFontsArnoPro-SmbdSmText.otf 409600 bytes
c:windowsFontsArnoPro-SmbdSubhead.otf 409600 bytes
c:windowsFontsArnoPro-SmText.otf 409600 bytes
c:windowsFontsArnoPro-Subhead.otf 409600 bytes
c:windowsFontsBellGothicStd-Black.otf 32768 bytes
c:windowsFontsBellGothicStd-Bold.otf 32768 bytes
c:windowsFontsBickhamScriptPro-Bold.otf 622592 bytes
c:windowsFontsBickhamScriptPro-Regular.otf 606208 bytes
c:windowsFontsBickhamScriptPro-Semibold.otf 638976 bytes
c:windowsFontsBirchStd.otf 49152 bytes
c:windowsFontsBlackoakStd.otf 49152 bytes
c:windowsFontsBrushScriptStd.otf 49152 bytes
c:windowsFontsChaparralPro-Bold.otf 131072 bytes
c:windowsFontsChaparralPro-BoldIt.otf 131072 bytes
c:windowsFontsChaparralPro-Italic.otf 131072 bytes
c:windowsFontsChaparralPro-Regular.otf 131072 bytes
c:windowsFontsCharlemagneStd-Bold.otf 49152 bytes
c:windowsFontsCooperBlackStd-Italic.otf 49152 bytes
c:windowsFontsCooperBlackStd.otf 49152 bytes
c:windowsFontsEccentricStd.otf 32768 bytes
c:windowsFontsGaramondPremrPro-It.otf 393216 bytes
c:windowsFontsGaramondPremrPro-Smbd.otf 360448 bytes
c:windowsFontsGaramondPremrPro-SmbdIt.otf 409600 bytes
c:windowsFontsGaramondPremrPro.otf 360448 bytes
c:windowsFontsGiddyupStd.otf 49152 bytes
c:windowsFontsHoboStd.otf 32768 bytes
c:windowsFontsKozGoPro-Bold.otf 3571712 bytes
c:windowsFontsKozGoPro-ExtraLight.otf 3227648 bytes
c:windowsFontsKozGoPro-Heavy.otf 3653632 bytes
c:windowsFontsKozGoPro-Light.otf 3440640 bytes
c:windowsFontsKozGoPro-Medium.otf 3473408 bytes
c:windowsFontsKozGoPro-Regular.otf 3440640 bytes
c:windowsFontsKozMinPro-Bold.otf 4374528 bytes
c:windowsFontsKozMinPro-ExtraLight.otf 3817472 bytes
c:windowsFontsKozMinPro-Heavy.otf 4259840 bytes
c:windowsFontsKozMinPro-Light.otf 4227072 bytes
c:windowsFontsKozMinPro-Medium.otf 4292608 bytes
c:windowsFontsKozMinPro-Regular.otf 4227072 bytes
c:windowsFontsLetterGothicStd-Bold.otf 32768 bytes
c:windowsFontsLetterGothicStd-BoldSlanted.otf 49152 bytes
c:windowsFontsLetterGothicStd-Slanted.otf 49152 bytes
c:windowsFontsLetterGothicStd.otf 49152 bytes
c:windowsFontsLithosPro-Black.otf 81920 bytes
c:windowsFontsLithosPro-Regular.otf 81920 bytes
c:windowsFontsMesquiteStd.otf 65536 bytes
c:windowsFontsMinionPro-Bold.otf 212992 bytes
c:windowsFontsMinionPro-BoldCn.otf 212992 bytes
c:windowsFontsMinionPro-BoldCnIt.otf 262144 bytes
c:windowsFontsMinionPro-BoldIt.otf 262144 bytes
c:windowsFontsMinionPro-It.otf 262144 bytes
c:windowsFontsMinionPro-Medium.otf 212992 bytes
c:windowsFontsMinionPro-MediumIt.otf 262144 bytes
c:windowsFontsMinionPro-Regular.otf 212992 bytes
c:windowsFontsMinionPro-Semibold.otf 212992 bytes
c:windowsFontsMinionPro-SemiboldIt.otf 262144 bytes
c:windowsFontsMyriadPro-Bold.otf 98304 bytes
c:windowsFontsMyriadPro-BoldCond.otf 98304 bytes
c:windowsFontsMyriadPro-BoldCondIt.otf 114688 bytes
c:windowsFontsMyriadPro-BoldIt.otf 114688 bytes
c:windowsFontsMyriadPro-Cond.otf 98304 bytes
c:windowsFontsMyriadPro-CondIt.otf 114688 bytes
c:windowsFontsMyriadPro-It.otf 114688 bytes
c:windowsFontsMyriadPro-Regular.otf 98304 bytes
c:windowsFontsMyriadPro-Semibold.otf 98304 bytes
c:windowsFontsMyriadPro-SemiboldIt.otf 114688 bytes
c:windowsFontsNuevaStd-BoldCond.otf 65536 bytes
c:windowsFontsNuevaStd-BoldCondItalic.otf 65536 bytes
c:windowsFontsNuevaStd-Cond.otf 65536 bytes
c:windowsFontsNuevaStd-CondItalic.otf 65536 bytes
c:windowsFontsOCRAStd.otf 32768 bytes
c:windowsFontsOratorStd-Slanted.otf 49152 bytes
c:windowsFontsOratorStd.otf 32768 bytes
c:windowsFontsPoplarStd.otf 49152 bytes
c:windowsFontsPrestigeEliteStd-Bd.otf 49152 bytes
c:windowsFontsRosewoodStd-Regular.otf 81920 bytes
c:windowsFontsStencilStd.otf 32768 bytes
c:windowsFontsTektonPro-Bold.otf 81920 bytes
c:windowsFontsTektonPro-BoldCond.otf 81920 bytes
c:windowsFontsTektonPro-BoldExt.otf 81920 bytes
c:windowsFontsTektonPro-BoldObl.otf 81920 bytes
c:windowsFontsTrajanPro-Bold.otf 81920 bytes
c:windowsFontsTrajanPro-Regular.otf 81920 bytes
c:windowsDownloaded Program Filesdesktop.ini 16384 bytes
c:windowsDownloaded Program FilesIDropENU.dll 131072 bytes
c:windowsDownloaded Program FilesIDropRUS.dll 131072 bytes
c:windowsDownloaded Program FilesIDrop.ocx 311296 bytescatchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 20:43:07
Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
c:windowssystem32
c:windowssystem
c:windowsrepair
c:windowsinf
c:windowsHelp
c:windowsFonts
c:windowsmsagent
c:windowsCursors
c:windowsMedia
c:windowsjava
c:windowsWeb
c:windowsDriver Cache
c:windowssecurity
c:windowsTemp
c:windowstwain_32
c:windowsmsapps
c:windowsAppPatch
c:windowsDebug
c:windowsResources
c:windowsProvisioning
c:windowsWinSxS
c:windowsime
c:windowspchealth
c:windowsPeerNet
c:windowssystem.ini 16384 bytes
c:windowswin.ini 16384 bytes
c:windows_default.pif 16384 bytes
c:windowsexplorer.scf 16384 bytes
c:windowsmsdfmap.ini 16384 bytes
c:windowstwain.dll 98304 bytes
c:windowstwunk_16.exe 65536 bytes
c:windowstwunk_32.exe 32768 bytes
c:windowswinhelp.exe 262144 bytes
c:windowswmp11.log 32768 bytes
c:windowswmprfRUS.prx 49152 bytes
c:windowsvmmreg32.dll 32768 bytes
c:windowsexplorer.exe 1622016 bytes
c:windowsregedit.exe 229376 bytes
c:windowshh.exe 32768 bytes
c:windowstwain_32.dll 65536 bytes
c:windowswinhlp32.exe 294912 bytes
c:windowsPreSetup.log 16384 bytes
c:windowssetupact.log 245760 bytes
c:windowssetupapi.log 1081344 bytes
c:windowsWudf01000Inst.log 16384 bytes
c:windowsWMFDist11.log 49152 bytes
c:windowsKB926239.log 16384 bytes
c:windows$NtUninstallWudf01000$
c:windows$NtUninstallWMFDist11$
c:windowsupdspapi.log 16384 bytes
c:windows$NtUninstallwmp11$
c:windows$NtUninstallKB926239$
c:windowsMSCompPackV1.log 16384 bytes
c:windows$NtUninstallMSCompPackV1$
c:windowsKB929399.log 16384 bytes
c:windows$NtUninstallKB929399$
c:windowsHashTab.dll 294912 bytes
c:windowsFinishDrv.log 16384 bytes
c:windowsbootstat.dat 16384 bytes
c:windowsREGLOCS.OLD 16384 bytes
c:windowsSchedLgU.Txt 32768 bytes
c:windowsPrefetch
c:windowsspupdsvc.log 16384 bytes
c:windowsoobeact.log 16384 bytes
c:windowsI386
c:windowsIsUninst.exe 311296 bytes
c:windowsOPTIONS
c:windowsnview
c:windowsRESULT.QTW 16384 bytes
c:windowsalcrmv.exe 147456 bytes
c:windowsalcupd.exe 212992 bytes
c:windowshpdj3740.hi1 360448 bytes
c:windowsavrack.ini 16384 bytes
c:windowsSOUNDMAN.EXE 65536 bytes
c:windowshpdj3740.ini 16384 bytes
c:windowshpdj3740.bu1 16384 bytes
c:windowshpdj3740.his 360448 bytes
c:windowshpfins_s04_main.dat 16384 bytes
c:windowshpfmdl_s04_main.dat 16384 bytes
c:windowsbthservsdp.dat 16384 bytes
c:windowsntbtlog.txt 851968 bytes
c:windowsimsins.log 16384 bytes
c:windowsMinidump
c:windows$NtUninstallWIC$
c:windows$NtUninstallXPSEPSCLP$
c:windowsSHELLNEW
c:windowswmsetup10.log 16384 bytes
c:windowsDownloaded Installations
c:windowsUNNeroVision.cfg 16384 bytes
c:windowsUNNeroVision.exe 983040 bytes
c:windowsUNRecode.cfg 16384 bytes
c:windowsUNRecode.exe 966656 bytes
c:windowssleen1564.sys 98304 bytes
c:windowsLogs
c:windowsnsw.log 16384 bytes
c:windowsDjVuPro.INI 16384 bytes
c:windowsNeroDigital.ini 16384 bytes
c:windowsUpdateClientUI.INI 16384 bytes
c:windowsNOTEPAD.EXE 81920 bytes
c:windowsTASKMAN.EXE 16384 bytes
c:windowsregopt.log 16384 bytes
c:windowsODBCINST.INI 16384 bytes
c:windowsInstaller
c:windowsocgen.log 98304 bytes
c:windowsFaxSetup.log 65536 bytes
c:windowsiis6.log 114688 bytes
c:windowscomsetup.log 32768 bytes
c:windowsntdtcsetup.log 16384 bytes
c:windowstsoc.log 49152 bytes
c:windowsmsmqinst.log 32768 bytes
c:windowsmsgsocm.log 16384 bytes
c:windowstabletoc.log 16384 bytes
c:windowsMedCtrOC.log 16384 bytes
c:windowsnetfxocm.log 16384 bytes
c:windowsSti_Trace.log 0 bytes
c:windowswiaservc.log 16384 bytes
c:windowswiadebug.log 16384 bytes
c:windowscmsetacl.log 16384 bytes
c:windowsSoftwareDistribution
c:windowsnetwork diagnostic
c:windowsDownloaded Program Files
c:windowsOffline Web Pages
c:windowswbem
c:windowswmsetup.log 16384 bytes
c:windowsDtcInstall.log 16384 bytes
c:windowsRegistration
c:windowsvb.ini 16384 bytes
c:windowsvbaddin.ini 16384 bytes
c:windowssessmgr.setup.log 16384 bytes
c:windowssrchasst
c:windowsTasks
c:windowsdesktop.ini 16384 bytes
c:windowswinnt.bmp 49152 bytes
c:windowswinnt256.bmp 49152 bytes
c:windowsWindowsUpdate.log 212992 bytes
c:windowsWindowsShell.Manifest 16384 bytes
c:windowsOEWABLog.txt 16384 bytes
c:windowsWMSysPr9.prx 327680 bytes
c:windowsMicrosoft.NET
c:windowsassembly
c:windowsSun
c:windowssleen1664.sys 98304 bytes
c:windowsDirectX.log 49152 bytes
c:windowsdasetup.log 32768 bytes
c:windows0.log 0 bytes
c:windowssetuperr.log 0 bytes
c:windowspss
c:windowsWPI_Log_2009.02.07_20.29.48.txt 16384 bytes
c:windowsavisplitter.ini 16384 bytes
c:windowsACD Wallpaper.bmp 3702784 bytes
c:windowspopcinfo.dat 16384 bytes
c:windowsehome
c:windowsuninst.exe 311296 bytes
c:windowsERDNT
c:windowsSWXCACLS.exe 212992 bytes
c:windowsSWSC.exe 147456 bytes
c:windowsVFIND.exe 49152 bytes
c:windowsfdsv.exe 98304 bytes
c:windowssed.exe 114688 bytes
c:windowsgrep.exe 81920 bytes
c:windowszip.exe 81920 bytes
c:windowsSWREG.exe 163840 bytes
c:windowsNIRCMD.exe 32768 bytes
c:windowsPSEXESVC.EXE 65536 bytes
c:windowssystem32driversetc
c:windowssystem32driversetclmhosts.sam 16384 bytes
c:windowssystem32driversetcnetworks 16384 bytes
c:windowssystem32driversetcprotocol 16384 bytes
c:windowssystem32driversetcservices 16384 bytes
c:windowssystem32driversetchosts.ics 16384 bytes
c:windowssystem32driversetchosts.20090215-154825.backup 16384 bytes
c:windowssystem32driversetchosts 16384 bytes
c:windowssystem32driversdisdn
c:windowssystem32driverswmilib.sys 16384 bytes
c:windowssystem32driversdmload.sys 16384 bytes
c:windowssystem32driversftdisk.sys 131072 bytes
c:windowssystem32driverspartmgr.sys 32768 bytes
c:windowssystem32driversndistapi.sys 16384 bytes
c:windowssystem32driversptilink.sys 32768 bytes
c:windowssystem32driversraspti.sys 32768 bytes
c:windowssystem32driversndproxy.sys 49152 bytes
c:windowssystem32driverscdaudio.sys 32768 bytes
c:windowssystem32driversfs_rec.sys 16384 bytes
c:windowssystem32driversnull.sys 16384 bytes
c:windowssystem32driversbeep.sys 16384 bytes
c:windowssystem32driversrdpcdd.sys 16384 bytes
c:windowssystem32driversrasacd.sys 16384 bytes
c:windowssystem32driversfips.sys 49152 bytes
c:windowssystem32driversdxgthk.sys 16384 bytes
c:windowssystem32driversparvdm.sys 16384 bytes
c:windowssystem32driversatmepvc.sys 32768 bytes
c:windowssystem32driversatmuni.sys 360448 bytes
c:windowssystem32driverscbidf2k.sys 16384 bytes
c:windowssystem32driverscinemst2.sys 278528 bytes
c:windowssystem32driverscpqdap01.sys 16384 bytes
c:windowssystem32driversdxapi.sys 16384 bytes
c:windowssystem32driversgm.dls 3457024 bytes
c:windowssystem32driversgmreadme.txt 16384 bytes
c:windowssystem32driversipfltdrv.sys 49152 bytes
c:windowssystem32driversmcd.sys 16384 bytes
c:windowssystem32driversnikedrv.sys 16384 bytes
c:windowssystem32driversnwlnkflt.sys 16384 bytes
c:windowssystem32driversnwlnkfwd.sys 32768 bytes
c:windowssystem32driversnwlnknb.sys 65536 bytes
c:windowssystem32driversnwlnkspx.sys 65536 bytes
c:windowssystem32driversrawwan.sys 49152 bytes
c:windowssystem32driversrio8drv.sys 16384 bytes
c:windowssystem32driversriodrv.sys 16384 bytes
c:windowssystem32driversRMCast.sys 212992 bytes
c:windowssystem32driversrootmdm.sys 16384 bytes
c:windowssystem32driverssmclib.sys 16384 bytes
c:windowssystem32driverstosdvd.sys 65536 bytes
c:windowssystem32driverstsbvcap.sys 32768 bytes
c:windowssystem32driversusbcamd.sys 32768 bytes
c:windowssystem32driversusbcamd2.sys 32768 bytes
c:windowssystem32driversvdmindvd.sys 65536 bytes
c:windowssystem32driversws2ifsl.sys 16384 bytes
c:windowssystem32driversmnmdd.sys 16384 bytes
c:windowssystem32driversfsvga.sys 16384 bytes
c:windowssystem32driversmouhid.sys 16384 bytes
c:windowssystem32driversviamraid.sys 114688 bytes
c:windowssystem32driversacpiec.sys 16384 bytes
c:windowssystem32driversoprghdlr.sys 16384 bytes
c:windowssystem32drivershidusb.sys 16384 bytes
c:windowssystem32driversusbd.sys 16384 bytes
c:windowssystem32driversatapi.sys 98304 bytes
c:windowssystem32driversdisk.sys 49152 bytes
c:windowssystem32driversclasspnp.sys 65536 bytes
c:windowssystem32driversdmio.sys 163840 bytes
c:windowssystem32driverspciidex.sys 32768 bytes
c:windowssystem32driversksecdd.sys 98304 bytes
c:windowssystem32driversmountmgr.sys 49152 bytes
c:windowssystem32driversmrxdav.sys 196608 bytes
c:windowssystem32driverstdi.sys 32768 bytes
c:windowssystem32driversndis.sys 196608 bytes
c:windowssystem32driversmrxsmb.sys 458752 bytes
c:windowssystem32driversrdbss.sys 180224 bytes
c:windowssystem32driversmsfs.sys 32768 bytes
c:windowssystem32driversmup.sys 114688 bytes
c:windowssystem32driversnetbios.sys 49152 bytes
c:windowssystem32driversnpfs.sys 32768 bytes
c:windowssystem32driversvolsnap.sys 65536 bytes
c:windowssystem32driversp3.sys 49152 bytes
c:windowssystem32driversvideoprt.sys 81920 bytes
c:windowssystem32driversmodem.sys 32768 bytes
c:windowssystem32driversfdc.sys 32768 bytes
c:windowssystem32driversserial.sys 65536 bytes
c:windowssystem32driversserenum.sys 16384 bytes
c:windowssystem32driversparport.sys 81920 bytes
c:windowssystem32driverscdrom.sys 65536 bytes
c:windowssystem32driversrasl2tp.sys 65536 bytes
c:windowssystem32driversndiswan.sys 98304 bytes
c:windowssystem32driversraspppoe.sys 49152 bytes
c:windowssystem32driversraspptp.sys 49152 bytes
c:windowssystem32driverspsched.sys 81920 bytes
c:windowssystem32driversmsgpc.sys 49152 bytes
c:windowssystem32driversswenum.sys 16384 bytes
c:windowssystem32driversflpydisk.sys 32768 bytes
c:windowssystem32driverssfloppy.sys 16384 bytes
c:windowssystem32driversvga.sys 32768 bytes
c:windowssystem32driversipsec.sys 81920 bytes
c:windowssystem32driverstcpip.sys 376832 bytes
c:windowssystem32driversnetbt.sys 163840 bytes
c:windowssystem32driverswanarp.sys 49152 bytes
c:windowssystem32driversimapi.sys 49152 bytes
c:windowssystem32driversfastfat.sys 147456 bytes
c:windowssystem32driversdxg.sys 81920 bytes
c:windowssystem32driversafd.sys 147456 bytes
c:windowssystem32driverssrv.sys 344064 bytes
c:windowssystem32driversndisuio.sys 16384 bytes
c:windowssystem32driversdiskdump.sys 16384 bytes
c:windowssystem32driversprocessr.sys 49152 bytes
c:windowssystem32driversamdk6.sys 49152 bytes
c:windowssystem32driversamdk7.sys 49152 bytes
c:windowssystem32driversarp1394.sys 65536 bytes
c:windowssystem32driversasyncmac.sys 16384 bytes
c:windowssystem32driversatmarpc.sys 65536 bytes
c:windowssystem32driversatmlane.sys 65536 bytes
c:windowssystem32driversbridge.sys 81920 bytes
c:windowssystem32driverscdfs.sys 65536 bytes
c:windowssystem32driverscrusoe.sys 49152 bytes
c:windowssystem32driversdmboot.sys 802816 bytes
c:windowssystem32drivershttp.sys 278528 bytes
c:windowssystem32driversintelppm.sys 49152 bytes
c:windowssystem32driversip6fw.sys 32768 bytes
c:windowssystem32driversipinip.sys 32768 bytes
c:windowssystem32driversipnat.sys 147456 bytes
c:windowssystem32driversmf.sys 65536 bytes
c:windowssystem32driversmqac.sys 81920 bytes
c:windowssystem32driversmssmbios.sys 16384 bytes
c:windowssystem32driversnic1394.sys 65536 bytes
c:windowssystem32driversnmnt.sys 49152 bytes
c:windowssystem32driversntfs.sys 589824 bytes
c:windowssystem32driversnwlnkipx.sys 98304 bytes
c:windowssystem32driversnwrdr.sys 163840 bytes
c:windowssystem32driverspcmcia.sys 131072 bytes
c:windowssystem32driversrndismp.sys 32768 bytes
c:windowssystem32driversscsiport.sys 98304 bytes
c:windowssystem32driverssdbus.sys 81920 bytes
c:windowssystem32driverssecdrv.sys 32768 bytes
c:windowssystem32driverssffdisk.sys 16384 bytes
c:windowssystem32driverssffp_sd.sys 16384 bytes
c:windowssystem32driverssonydcam.sys 32768 bytes
c:windowssystem32driverstape.sys 16384 bytes
c:windowssystem32driverstcpip6.sys 229376 bytes
c:windowssystem32driverstunmp.sys 16384 bytes
c:windowssystem32driversudfs.sys 81920 bytes
c:windowssystem32driversusb8023.sys 16384 bytes
c:windowssystem32driversrspndr.sys 65536 bytes
c:windowssystem32drivershdaudbus.sys 147456 bytes
c:windowssystem32drivershdaudio.sys 147456 bytes
c:windowssystem32driverssffp_mmc.sys 16384 bytes
c:windowssystem32driversupdate.sys 376832 bytes
c:windowssystem32driversusbintel.sys 16384 bytes
c:windowssystem32driversi8042prt.sys 65536 bytes
c:windowssystem32driversacpi.sys 196608 bytes
c:windowssystem32driverspci.sys 81920 bytes
c:windowssystem32driversviaide.sys 16384 bytes
c:windowssystem32driversusbstor.sys 32768 bytes
c:windowssystem32driversusbhub.sys 65536 bytes
c:windowscatchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
c:windowssystem32config
c:windowssystem32drivers
c:windowssystem32ras
c:windowssystem32spool
c:windowssystem32Setup
c:windowssystem32wbem
c:windowssystem32npp
c:windowssystem32ias
c:windowssystem32dllcache
c:windowssystem32icsxml
c:windowssystem32mui
c:windowssystem32oobe
c:windowssystem321033
c:windowssystem32usmt
c:windowssystem32inetsrv
c:windowssystem32IME
c:windowssystem321049
c:windowssystem32bootvid.dll 16384 bytes
c:windowssystem32kdcom.dll 16384 bytes
c:windowssystem32c_1252.nls 81920 bytes
c:windowssystem32c_437.nls 81920 bytes
c:windowssystem32l_intl.nls 16384 bytes
c:windowssystem32lz32.dll 16384 bytes
c:windowssystem32olecli32.dll 81920 bytes
c:windowssystem32olecnv32.dll 49152 bytes
c:windowssystem32olesvr32.dll 32768 bytes
c:windowssystem32olethk32.dll 81920 bytes
c:windowssystem32unicode.nls 98304 bytes
c:windowssystem32vga.dll 16384 bytes
c:windowssystem32ctype.nls 16384 bytes
c:windowssystem32kbdus.dll 16384 bytes
c:windowssystem32netevent.dll 229376 bytes
c:windowssystem32msacm32.drv 32768 bytes
c:windowssystem32netmsg.dll 180224 bytes
c:windowssystem32wpa.dbl 16384 bytes
c:windowssystem32stdole2.tlb 32768 bytes
c:windowssystem32clb.dll 16384 bytes
c:windowssystem32msxmlr.dll 32768 bytes
c:windowssystem32crtdll.dll 163840 bytes
c:windowssystem32msidntld.dll 16384 bytes
c:windowssystem32mprui.dll 49152 bytes
c:windowssystem32netui2.dll 311296 bytes
c:windowssystem32dfrgres.dll 98304 bytes
c:windowssystem32net.hlp 131072 bytes
c:windowssystem32sort.exe 32768 bytes
c:windowssystem32perfc009.dat 81920 bytes
c:windowssystem32perfh009.dat 442368 bytes
c:windowssystem32console.dll 81920 bytes
c:windowssystem32more.com 16384 bytes
c:windowssystem3212520437.cpx 16384 bytes
c:windowssystem3212520850.cpx 16384 bytes
c:windowssystem32aaaamon.dll 32768 bytes
c:windowssystem32acledit.dll 131072 bytes
c:windowssystem32activeds.tlb 114688 bytes
c:windowssystem32adptif.dll 32768 bytes
c:windowssystem32adsnds.dll 163840 bytes
c:windowssystem32adsnw.dll 114688 bytes
c:windowssystem32ansi.sys 16384 bytes
c:windowssystem32apcups.dll 114688 bytes
c:windowssystem32append.exe 16384 bytes
c:windowssystem32arp.exe 32768 bytes
c:windowssystem32asr_ldm.exe 32768 bytes
c:windowssystem32atkctrs.dll 16384 bytes
c:windowssystem32atmpvcno.dll 49152 bytes
c:windowssystem32attrib.exe 16384 bytes
c:windowssystem32autodisc.dll 81920 bytes
c:windowssystem32avicap.dll 81920 bytes
c:windowssystem32avicap32.dll 65536 bytes
c:windowssystem32avifile.dll 114688 bytes
c:windowssystem32bios1.rom 32768 bytes
c:windowssystem32bios4.rom 16384 bytes
c:windowssystem32bootcfg.exe 147456 bytes
c:windowssystem32bootok.exe 16384 bytes
c:windowssystem32bootvrfy.exe 16384 bytes
c:windowssystem32c_037.nls 81920 bytes
c:windowssystem32c_10000.nls 81920 bytes
c:windowssystem32c_10079.nls 81920 bytes
c:windowssystem32c_1026.nls 81920 bytes
c:windowssystem32c_1250.nls 81920 bytes
c:windowssystem32c_1251.nls 81920 bytes
c:windowssystem32c_1253.nls 81920 bytes
c:windowssystem32c_1254.nls 81920 bytes
c:windowssystem32c_1255.nls 81920 bytes
c:windowssystem32c_1256.nls 81920 bytes
c:windowssystem32c_1257.nls 81920 bytes
c:windowssystem32c_1258.nls 81920 bytes
c:windowssystem32c_20261.nls 147456 bytes
c:windowssystem32c_20866.nls 81920 bytes
c:windowssystem32c_20905.nls 81920 bytes
c:windowssystem32c_21866.nls 81920 bytes
c:windowssystem32c_28591.nls 81920 bytes
c:windowssystem32c_28592.nls 81920 bytes
c:windowssystem32c_28593.nls 81920 bytes
c:windowssystem32c_28598.nls 81920 bytes
c:windowssystem32c_28605.nls 81920 bytes
c:windowssystem32c_500.nls 81920 bytes
c:windowssystem32c_775.nls 81920 bytes
c:windowssystem32c_850.nls 81920 bytes
c:windowssystem32c_860.nls 81920 bytes
c:windowssystem32c_861.nls 81920 bytes
c:windowssystem32c_863.nls 81920 bytes
c:windowssystem32c_865.nls 81920 bytes
c:windowssystem32c_874.nls 81920 bytes
c:windowssystem32c_932.nls 163840 bytes
c:windowssystem32c_936.nls 212992 bytes
c:windowssystem32c_949.nls 212992 bytes
c:windowssystem32c_950.nls 212992 bytes
c:windowssystem32cacls.exe 32768 bytes
c:windowssystem32capesnpn.dll 147456 bytes
c:windowssystem32cards.dll 360448 bytes
c:windowssystem32ccfgnt.dll 32768 bytes
c:windowssystem32certmgr.msc 49152 bytes
c:windowssystem32rasdial.exe 16384 bytes
c:windowssystem32c:windowssystem32chcp.com 16384 bytes
c:windowssystem32chkdsk.exe 16384 bytes
c:windowssystem32chkntfs.exe 16384 bytes
c:windowssystem32ciadmin.dll 180224 bytes
c:windowssystem32ciadv.msc 49152 bytes
c:windowssystem32cic.dll 163840 bytes
c:windowssystem32cidaemon.exe 16384 bytes
c:windowssystem32ckcnv.exe 16384 bytes
c:windowssystem32rasmontr.dll 147456 bytes
c:windowssystem32shellstyle.dll 442368 bytes
c:windowssystem32cliconf.chm 65536 bytes
c:windowssystem32cmdlib.wsc 49152 bytes
c:windowssystem32cmmgr32.hlp 65536 bytes
c:windowssystem32cmos.ram 16384 bytes
c:windowssystem32cmpbk32.dll 16384 bytes
c:windowssystem32cnetcfg.dll 32768 bytes
c:windowssystem32cnvfat.dll 32768 bytes
c:windowssystem32comcat.dll 16384 bytes
c:windowssystem32comm.drv 16384 bytes
c:windowssystem32command.com 65536 bytes
c:windowssystem32commdlg.dll 49152 bytes
c:windowssystem32comp.exe 16384 bytes
c:windowssystem32compact.exe 32768 bytes
c:windowssystem32compmgmt.msc 49152 bytes
c:windowssystem32compobj.dll 32768 bytes
c:windowssystem32confmsp.dll 360448 bytes
c:windowssystem32control.exe 16384 bytes
c:windowssystem32convert.exe 16384 bytes
c:windowssystem32country.sys 32768 bytes
c:windowssystem32csseqchk.dll 81920 bytes
c:windowssystem32ctl3dv2.dll 32768 bytes
c:windowssystem32d3dim.dll 442368 bytes
c:windowssystem32d3dpmesh.dll 49152 bytes
c:windowssystem32d3drm.dll 360448 bytes
c:windowssystem32d3dxof.dll 49152 bytes
c:windowssystem32datime.dll 163840 bytes
c:windowssystem32dbgeng.dll 851968 bytes
c:windowssystem32ddeml.dll 49152 bytes
c:windowssystem32debug.exe 32768 bytes
c:windowssystem32deskadp.dll 32768 bytes
c:windowssystem32deskmon.dll 49152 bytes
c:windowssystem32deskperf.dll 32768 bytes
c:windowssystem32devmgmt.msc 49152 bytes
c:windowssystem32dfrg.msc 49152 bytes
c:windowssystem32dhcpmon.dll 393216 bytes
c:windowssystem32dhcpsapi.dll 81920 bytes
c:windowssystem32diactfrm.dll 409600 bytes
c:windowssystem32dimap.dll 49152 bytes
c:windowssystem32diskcomp.com 16384 bytes
c:windowssystem32diskcopy.com 16384 bytes
c:windowssystem32diskcopy.dll 1507328 bytes
c:windowssystem32diskmgmt.msc 49152 bytes
c:windowssystem32diskperf.exe 32768 bytes
c:windowssystem32dispex.dll 32768 bytes
c:windowssystem32dllhst3g.exe 16384 bytes
c:windowssystem32dmconfig.dll 344064 bytes
c:windowssystem32dmdlgs.dll 393216 bytes
c:windowssystem32dmdskres.dll 131072 bytes
c:windowssystem32dmintf.dll 32768 bytes
c:windowssystem32dmocx.dll 32768 bytes
c:windowssystem32dmview.ocx 65536 bytes
c:windowssystem32docprop.dll 49152 bytes
c:windowssystem32doskey.exe 16384 bytes
c:windowssystem32dplay.dll 49152 bytes
c:windowssystem32dpnmodem.dll 65536 bytes
c:windowssystem32dpnwsock.dll 65536 bytes
c:windowssystem32dpserial.dll 65536 bytes
c:windowssystem32dpwsock.dll 49152 bytes
c:windowssystem32rasmxs.dll 32768 bytes
c:windowssystem32driverquery.exe 65536 bytes
c:windowssystem32drwatson.exe 32768 bytes
c:windowssystem32drwtsn32.exe 49152 bytes
c:windowssystem32dsauth.dll 65536 bytes
c:windowssystem32dskquoui.dll 180224 bytes
c:windowssystem32dsound.vxd 16384 bytes
c:windowssystem32dssec.dat 229376 bytes
c:windowssystem32dvdplay.exe 65536 bytes
c:windowssystem32edlin.exe 16384 bytes
c:windowssystem32esent97.dll 1130496 bytes
c:windowssystem32esentprf.dll 32768 bytes
c:windowssystem32esentprf.hxx 16384 bytes
c:windowssystem32esentprf.ini 1015808 bytes
c:windowssystem32esentutl.exe 49152 bytes
c:windowssystem32eventcls.dll 49152 bytes
c:windowssystem32eventvwr.exe 147456 bytes
c:windowssystem32eventvwr.msc 65536 bytes
c:windowssystem32rasrad.dll 32768 bytes
c:windowssystem32eventquery.vbs 114688 bytes
c:windowssystem32rasser.dll 16384 bytes
c:windowssystem32eventtriggers.exe 81920 bytes
c:windowssystem32exe2bin.exe 16384 bytes
c:windowssystem32expand.exe 16384 bytes
c:windowssystem32exts.dll 131072 bytes
c:windowssystem32fastopen.exe 16384 bytes
c:windowssystem32fc.exe 16384 bytes
c:windowssystem32fde.dll 131072 bytes
c:windowssystem32find.exe 16384 bytes
c:windowssystem32finger.exe 16384 bytes
c:windowssystem32fixmapi.exe 16384 bytes
c:windowssystem32fmifs.dll 16384 bytes
c:windowssystem32fontsub.dll 81920 bytes
c:windowssystem32forcedos.exe 16384 bytes
c:windowssystem32format.com 32768 bytes
c:windowssystem32fsmgmt.msc 32768 bytes
c:windowssystem32fsusd.dll 81920 bytes
c:windowssystem32fsutil.exe 65536 bytes
c:windowssystem32ftsrch.dll 180224 bytes
c:windowssystem32g711codc.ax 49152 bytes
c:windowssystem32gcdef.dll 147456 bytes
c:windowssystem32gdi.exe 32768 bytes
c:windowssystem32geo.nls 32768 bytes
c:windowssystem32getmac.exe 65536 bytes
c:windowssystem32glmf32.dll 294912 bytes
c:windowssystem32gpedit.msc 49152 bytes
c:windowssystem32graftabl.com 32768 bytes
c:windowssystem32graphics.com 32768 bytes
c:windowssystem32graphics.pro 32768 bytes
c:windowssystem32help.exe 16384 bytes
c:windowssystem32himem.sys 16384 bytes
c:windowssystem32hlink.dll 81920 bytes
c:windowssystem32hnetmon.dll 16384 bytes
c:windowssystem32hostname.exe 16384 bytes
c:windowssystem32iasads.dll 49152 bytes
c:windowssystem32iasacct.dll 32768 bytes
c:windowssystem32iashlpr.dll 32768 bytes
c:windowssystem32iasnap.dll 65536 bytes
c:windowssystem32iaspolcy.dll 32768 bytes
c:windowssystem32iasrecst.dll 147456 bytes
c:windowssystem32iassam.dll 98304 bytes
c:windowssystem32iassdo.dll 262144 bytes
c:windowssystem32iassvcs.dll 65536 bytes
c:windowssystem32icmui.dll 81920 bytes
c:windowssystem32ieakui.dll 163840 bytes
c:windowssystem32ifsutil.dll 81920 bytes
c:windowssystem32iissuba.dll 16384 bytes
c:windowssystem32inetcplc.dll 327680 bytes
c:windowssystem32infosoft.dll 458752 bytes
c:windowssystem32iologmsg.dll 49152 bytes
c:windowssystem32ipmontr.dll 163840 bytes
c:windowssystem32iprop.dll 16384 bytes
c:windowssystem32iprtprio.dll 16384 bytes
c:windowssystem32iprtrmgr.dll 180224 bytes
c:windowssystem32ipsec6.exe 49152 bytes
c:windowssystem32ipxmontr.dll 98304 bytes
c:windowssystem32ipxpromn.dll 81920 bytes
c:windowssystem32ipxrip.dll 32768 bytes
c:windowssystem32ipxrtmgr.dll 49152 bytes
c:windowssystem32ipxsap.dll 81920 bytes
c:windowssystem32ipxwan.dll 32768 bytes
c:windowssystem32ir32_32.dll 212992 bytes
c:windowssystem32jet500.dll 376832 bytes
c:windowssystem32jgaw400.dll 49152 bytes
c:windowssystem32jgdw400.dll 163840 bytes
c:windowssystem32jgmd400.dll 49152 bytes
c:windowssystem32jgpl400.dll 32768 bytes
c:windowssystem32jgsd400.dll 49152 bytes
c:windowssystem32jgsh400.dll 65536 bytes
c:windowssystem32jobexec.dll 49152 bytes
c:windowssystem32kb16.com 16384 bytes
c:windowssystem32kbdbe.dll 16384 bytes
c:windowssystem32kbdbene.dll 16384 bytes
c:windowssystem32kbdbr.dll 16384 bytes
c:windowssystem32kbdca.dll 16384 bytes
c:windowssystem32kbdcan.dll 16384 bytes
c:windowssystem32kbdda.dll 16384 bytes
c:windowssystem32kbddv.dll 16384 bytes
c:windowssystem32kbdes.dll 16384 bytes
c:windowssystem32kbdfc.dll 16384 bytes
c:windowssystem32kbdfi.dll 16384 bytes
c:windowssystem32kbdfo.dll 16384 bytes
c:windowssystem32kbdfr.dll 16384 bytes
c:windowssystem32kbdgae.dll 16384 bytes
c:windowssystem32kbdgr.dll 16384 bytes
c:windowssystem32kbdgr1.dll 16384 bytes
c:windowssystem32kbdic.dll 16384 bytes
c:windowssystem32kbdir.dll 16384 bytes
c:windowssystem32kbdit.dll 16384 bytes
c:windowssystem32kbdit142.dll 16384 bytes
c:windowssystem32kbdla.dll 16384 bytes
c:windowssystem32kbdmac.dll 16384 bytes
c:windowssystem32kbdne.dll 16384 bytes
c:windowssystem32kbdnec.dll 16384 bytes
c:windowssystem32kbdno.dll 16384 bytes
c:windowssystem32kbdpo.dll 16384 bytes
c:windowssystem32kbdsf.dll 16384 bytes
c:windowssystem32kbdsg.dll 16384 bytes
c:windowssystem32kbdsp.dll 16384 bytes
c:windowssystem32kbdsw.dll 16384 bytes
c:windowssystem32kbduk.dll 16384 bytes
c:windowssystem32kbdusl.dll 16384 bytes
c:windowssystem32kbdusr.dll 16384 bytes
c:windowssystem32kbdusx.dll 16384 bytes
c:windowssystem32key01.sys 49152 bytes
c:windowssystem32keyboard.drv 16384 bytes
c:windowssystem32l_except.nls 16384 bytes
c:windowssystem32label.exe 16384 bytes
c:windowssystem32langwrbk.dll 98304 bytes
c:windowssystem32lanman.drv 229376 bytes
c:windowssystem32lights.exe 32768 bytes
c:windowssystem32loadfix.com 16384 bytes
c:windowssystem32lodctr.exe 16384 bytes
c:windowssystem32loghours.dll 65536 bytes
c:windowssystem32lpq.exe 16384 bytes
c:windowssystem32lpr.exe 16384 bytes
c:windowssystem32lprmonui.dll 16384 bytes
c:windowssystem32lusrmgr.msc 49152 bytes
c:windowssystem32lzexpand.dll 16384 bytes
c:windowssystem32mag_hook.dll 16384 bytes
c:windowssystem32main.cpl 311296 bytes
c:windowssystem32mapistub.dll 114688 bytes
c:windowssystem32mcd32.dll 16384 bytes
c:windowssystem32mcdsrv32.dll 16384 bytes
c:windowssystem32mchgrcoi.dll 16384 bytes
c:windowssystem32mciavi.drv 81920 bytes
c:windowssystem32mcicda.dll 32768 bytes
c:windowssystem32mciole16.dll 16384 bytes
c:windowssystem32mciole32.dll 16384 bytes
c:windowssystem32mciseq.drv 32768 bytes
c:windowssystem32mciwave.drv 32768 bytes
c:windowssystem32mdhcp.dll 65536 bytes
c:windowssystem32mdwmdmsp.dll 163840 bytes
c:windowssystem32mem.exe 49152 bytes
c:windowssystem32mfc40.dll 933888 bytes
c:windowssystem32mfc40u.dll 933888 bytes
c:windowssystem32mib.bin 49152 bytes
c:windowssystem32mimefilt.dll 32768 bytes
c:windowssystem32mlang.dat 688128 bytes
c:windowssystem32mll_hp.dll 16384 bytes
c:windowssystem32mll_mtf.dll 16384 bytes
c:windowssystem32mll_qic.dll 16384 bytes
c:windowssystem32mmdriver.inf 16384 bytes
c:windowssystem32mmdrv.dll 16384 bytes
c:windowssystem32mmtask.tsk 16384 bytes
c:windowssystem32mmutilse.dll 131072 bytes
c:windowssystem32mode.com 32768 bytes
c:windowssystem32modex.dll 16384 bytes
c:windowssystem32mountvol.exe 16384 bytes
c:windowssystem32mouse.drv 16384 bytes
c:windowssystem32mpnotify.exe 32768 bytes
c:windowssystem32mprddm.dll 81920 bytes
c:windowssystem32mprdim.dll 49152 bytes
c:windowssystem32mprmsg.dll 114688 bytes
c:windowssystem32mqcertui.dll 16384 bytes
c:windowssystem32mqgentr.dll 65536 bytes
c:windowssystem32mqoa.tlb 81920 bytes
c:windowssystem32mqoa10.tlb 49152 bytes
c:windowssystem32mqoa20.tlb 65536 bytes
c:windowssystem32mqperf.dll 16384 bytes
c:windowssystem32mqperf.ini 32768 bytes
c:windowssystem32mqprfsym.h 16384 bytes
c:windowssystem32mrinfo.exe 16384 bytes
c:windowssystem32msaatext.dll 114688 bytes
c:windowssystem32msacm.dll 65536 bytes
c:windowssystem32msaudite.dll 81920 bytes
c:windowssystem32mscat32.dll 16384 bytes
c:windowssystem32mscdexnt.exe 16384 bytes
c:windowssystem32msencode.dll 98304 bytes
c:windowssystem32msg711.acm 16384 bytes
c:windowssystem32msgsm32.acm 32768 bytes
c:windowssystem32msls31.dll 163840 bytes
c:windowssystem32msobjs.dll 49152 bytes
c:windowssystem32msports.dll 49152 bytes
c:windowssystem32msratelc.dll 65536 bytes
c:windowssystem32mssign32.dll 49152 bytes
c:windowssystem32mssip32.dll 16384 bytes
c:windowssystem32msswch.dll 16384 bytes
c:windowssystem32msswchx.exe 16384 bytes
c:windowssystem32msvbvm50.dll 1359872 bytes
c:windowssystem32msvcp50.dll 573440 bytes
c:windowssystem32msvidc32.dll 32768 bytes
c:windowssystem32msvideo.dll 131072 bytes
c:windowssystem32msxml2r.dll 49152 bytes
c:windowssystem32msxml3r.dll 49152 bytes
c:windowssystem32wmdrmnet.dll 360448 bytes
c:windowssystem32mycomput.dll 131072 bytes
c:windowssystem32narrhook.dll 49152 bytes
c:windowssystem32nbtstat.exe 32768 bytes
c:windowssystem32ncxpnt.dll 16384 bytes
c:windowssystem32ncpa.cpl 49152 bytes
c:windowssystem32netapi.dll 114688 bytes
c:windowssystem32neth.dll 278528 bytes
c:windowssystem32netware.drv 16384 bytes
c:windowssystem32nlsfunc.exe 16384 bytes
c:windowssystem32noise.dat 16384 bytes
c:windowssystem32noise.deu 163840 bytes
c:windowssystem32noise.eng 16384 bytes
c:windowssystem32noise.enu 16384 bytes
c:windowssystem32noise.esn 32768 bytes
c:windowssystem32noise.fra 65536 bytes
c:windowssystem32noise.ita 32768 bytes
c:windowssystem32noise.nld 16384 bytes
c:windowssystem32noise.sve 16384 bytes
c:windowssystem32ntdos.sys 32768 bytes
c:windowssystem32ntdos411.sys 32768 bytes
c:windowssystem32ntdos412.sys 32768 bytes
c:windowssystem32ntdos404.sys 32768 bytes
c:windowssystem32ntdos804.sys 32768 bytes
c:windowssystem32ntdsbcli.dll 32768 bytes
c:windowssystem32ntimage.gif 49152 bytes
c:windowssystem32ntlanui.dll 65536 bytes
c:windowssystem32ntlanui2.dll 98304 bytes
c:windowssystem32ntmsevt.dll 49152 bytes
c:windowssystem32ntmsmgr.msc 32768 bytes
c:windowssystem32ntmsoprq.msc 32768 bytes
c:windowssystem32ntsd.exe 49152 bytes
c:windowssystem32ntsdexts.dll 49152 bytes
c:windowssystem32ntvdmd.dll 16384 bytes
c:windowssystem32nw16.exe 16384 bytes
c:windowssystem32nwapi16.dll 32768 bytes
c:windowssystem32nwapi32.dll 65536 bytes
c:windowssystem32nwc.cpl 49152 bytes
c:windowssystem32nwcfg.dll 32768 bytes
c:windowssystem32nwevent.dll 16384 bytes
c:windowssystem32nwscript.exe 131072 bytes
c:windowssystem32ocmanage.dll 65536 bytes
c:windowssystem32oembios.bin 13107200 bytes
c:windowssystem32oembios.dat 16384 bytes
c:windowssystem32oembios.sig 16384 bytes
c:windowssystem32ole2.dll 49152 bytes
c:windowssystem32ole2disp.dll 180224 bytes
c:windowssystem32ole2nls.dll 163840 bytes
c:windowssystem32oleacc.dll 163840 bytes
c:windowssystem32oleaccrc.dll 32768 bytes
c:windowssystem32olecli.dll 98304 bytes
c:windowssystem32oledlg.dll 131072 bytes
c:windowssystem32olesvr.dll 32768 bytes
c:windowssystem32recover.exe 16384 bytes
c:windowssystem32pagefileconfig.vbs 180224 bytes
c:windowssystem32panmap.dll 16384 bytes
c:windowssystem32pathping.exe 32768 bytes
c:windowssystem32pcl.sep 16384 bytes
c:windowssystem32perfci.h 16384 bytes
c:windowssystem32perfci.ini 16384 bytes
c:windowssystem32perfd009.dat 32768 bytes
c:windowssystem32perffilt.h 16384 bytes
c:windowssystem32perffilt.ini 16384 bytes
c:windowssystem32perfi009.dat 278528 bytes
c:windowssystem32perfmon.msc 65536 bytes
c:windowssystem32perfnet.dll 32768 bytes
c:windowssystem32perfnw.dll 16384 bytes
c:windowssystem32perfts.dll 16384 bytes
c:windowssystem32perfwci.h 16384 bytes
c:windowssystem32perfwci.ini 16384 bytes
c:windowssystem32pifmgr.dll 65536 bytes
c:windowssystem32ping6.exe 49152 bytes
c:windowssystem32wmdrmsdk.dll 540672 bytes
c:windowssystem32plustab.dll 32768 bytes
c:windowssystem32pmspl.dll 49152 bytes
c:windowssystem32prflbmsg.dll 16384 bytes
c:windowssystem32print.exe 16384 bytes
c:windowssystem32prncnfg.vbs 49152 bytes
c:windowssystem32prndrvr.vbs 32768 bytes
c:windowssystem32prnjobs.vbs 32768 bytes
c:windowssystem32prnmngr.vbs 32768 bytes
c:windowssystem32prnport.vbs 32768 bytes
c:windowssystem32prnqctl.vbs 16384 bytes
c:windowssystem32prodspec.ini 16384 bytes
c:windowssystem32pschdcnt.h 16384 bytes
c:windowssystem32pschdprf.dll 16384 bytes
c:windowssystem32pschdprf.ini 16384 bytes
c:windowssystem32pscript.sep 16384 bytes
c:windowssystem32psnppagn.dll 16384 bytes
c:windowssystem32pubprn.vbs 16384 bytes
c:windowssystem32qosname.dll 16384 bytes
c:windowssystem32rasautou.exe 16384 bytes
c:windowssystem32rasctrnm.h 16384 bytes
c:windowssystem32rasctrs.dll 16384 bytes
c:windowssystem32rasctrs.ini 16384 bytes
c:windowssystem32gpupdate.exe 65536 bytes
c:windowssystem32regedt32.exe 32768 bytes
c:windowssystem32regwiz.exe 16384 bytes
c:windowssystem32relog.exe 49152 bytes
c:windowssystem32rend.dll 114688 bytes
c:windowssystem32replace.exe 16384 bytes
c:windowssystem32riched32.dll 16384 bytes
c:windowssystem32rnr20.dll 16384 bytes
c:windowssystem32route.exe 32768 bytes
c:windowssystem32routemon.exe 32768 bytes
c:windowssystem32routetab.dll 16384 bytes
c:windowssystem32rpcns4.dll 32768 bytes
c:windowssystem32rsaci.rat 16384 bytes
c:windowssystem32rsfsaps.dll 32768 bytes
c:windowssystem32rsm.exe 65536 bytes
c:windowssystem32rsmsink.exe 32768 bytes
c:windowssystem32rsmui.exe 49152 bytes
c:windowssystem32rsop.msc 49152 bytes
c:windowssystem32rsopprov.exe 65536 bytes
c:windowssystem32rsvp.exe 147456 bytes
c:windowssystem32rsvp.ini 16384 bytes
c:windowssystem32rsvpcnts.h 16384 bytes
c:windowssystem32rsvpmsg.dll 32768 bytes
c:windowssystem32rsvpperf.dll 16384 bytes
c:windowssystem32rsvpsp.dll 98304 bytes
c:windowssystem32rtm.dll 98304 bytes
c:windowssystem32runas.exe 32768 bytes
c:windowssystem32sc.exe 32768 bytes
c:windowssystem32scardssp.dll 131072 bytes
c:windowssystem32scredir.dll 32768 bytes
c:windowssystem32scriptpw.dll 16384 bytes
c:windowssystem32sdpblb.dll 131072 bytes
c:windowssystem32secpol.msc 49152 bytes
c:windowssystem32senscfg.dll 16384 bytes
c:windowssystem32serialui.dll 16384 bytes
c:windowssystem32services.msc 49152 bytes
c:windowssystem32serwvdrv.dll 16384 bytes
c:windowssystem32setup.bmp 245760 bytes
c:windowssystem32setupdll.dll 425984 bytes
c:windowssystem32setver.exe 16384 bytes
c:windowssystem32sfc.exe 16384 bytes
c:windowssystem32sfmapi.dll 32768 bytes
c:windowssystem32share.exe 16384 bytes
c:windowssystem32shell.dll 16384 bytes
c:windowssystem32sisbkup.dll 16384 bytes
c:windowssystem32skdll.dll 16384 bytes
c:windowssystem32slbrccsp.dll 16384 bytes
c:windowssystem32softpub.dll 16384 bytes
c:windowssystem32sound.drv 16384 bytes
c:windowssystem32spnike.dll 81920 bytes
c:windowssystem32sprestrt.exe 16384 bytes
c:windowssystem32sprio600.dll 81920 bytes
c:windowssystem32sprio800.dll 81920 bytes
c:windowssystem32sqlsodbc.chm 65536 bytes
c:windowssystem32sqlwid.dll 32768 bytes
c:windowssystem32sqlwoa.dll 65536 bytes
c:windowssystem32stdole32.tlb 16384 bytes
c:windowssystem32storage.dll 16384 bytes
c:windowssystem32streamci.dll 16384 bytes
c:windowssystem32subst.exe 16384 bytes
c:windowssystem32svcpack.dll 16384 bytes
c:windowssystem32swprv.dll 147456 bytes
c:windowssystem32syncapp.exe 65536 bytes
c:windowssystem32sysedit.exe 32768 bytes
c:windowssystem32wiashext.dll 688128 bytes
c:windowssystem32systeminfo.exe 81920 bytes
c:windowssystem32sysinv.dll 16384 bytes
c:windowssystem32syskey.exe 49152 bytes
c:windowssystem32sysprint.sep 16384 bytes
c:windowssystem32sysprtj.sep 16384 bytes
c:windowssystem32system.drv 16384 bytes
c:windowssystem32systray.exe 16384 bytes
c:windowssystem32tapi.dll 32768 bytes
c:windowssystem32tapiperf.dll 16384 bytes
c:windowssystem32tapiui.dll 147456 bytes
c:windowssystem32taskkill.exe 81920 bytes
c:windowssystem32tasklist.exe 81920 bytes
c:windowssystem32taskman.exe 16384 bytes
c:windowssystem32tcmsetup.exe 16384 bytes
c:windowssystem32tcpsvcs.exe 32768 bytes
c:windowssystem32telephon.cpl 32768 bytes
c:windowssystem32tftp.exe 32768 bytes
c:windowssystem32timer.drv 16384 bytes
c:windowssystem32toolhelp.dll 16384 bytes
c:windowssystem32tracert6.exe 32768 bytes
c:windowssystem32traffic.dll 32768 bytes
c:windowssystem32tree.com 16384 bytes
c:windowssystem32tsappcmp.dll 65536 bytes
c:windowssystem32tsbyuv.dll 16384 bytes
c:windowssystem32tsd32.dll 16384 bytes
c:windowssystem32tssoft32.acm 16384 bytes
c:windowssystem32typelib.dll 180224 bytes
c:windowssystem32typeperf.exe 49152 bytes
c:windowssystem32ufat.dll 98304 bytes
c:windowssystem32umdmxfrm.dll 16384 bytes
c:windowssystem32unlodctr.exe 16384 bytes
c:windowssystem32ureg.dll 32768 bytes
c:windowssystem32user.exe 49152 bytes
c:windowssystem32utildll.dll 32768 bytes
c:windowssystem32v7vga.rom 32768 bytes
c:windowssystem32vcdex.dll 16384 bytes
c:windowssystem32ver.dll 16384 bytes
c:windowssystem32verifier.dll 32768 bytes
c:windowssystem32verifier.exe 114688 bytes
c:windowssystem32vfpodbc.dll 32768 bytes
c:windowssystem32vga.drv 16384 bytes
c:windowssystem32vjoy.dll 16384 bytes
c:windowssystem32vssadmin.exe 49152 bytes
c:windowssystem32vss_ps.dll 32768 bytes
c:windowssystem32vwipxspx.dll 32768 bytes
c:windowssystem32vwipxspx.exe 16384 bytes
c:windowssystem32w32tm.exe 65536 bytes
c:windowssystem32w32topl.dll 32768 bytes
c:windowssystem32wavemsp.dll 212992 bytes
c:windowssystem32wbcache.deu 65536 bytes
c:windowssystem32wbcache.enu 65536 bytes
c:windowssystem32wbcache.esn 65536 bytes
c:windowssystem32wbcache.fra 65536 bytes
c:windowssystem32wbcache.ita 65536 bytes
c:windowssystem32wbcache.nld 65536 bytes
c:windowssystem32wbcache.sve 65536 bytes
c:windowssystem32wbdbase.deu 1310720 bytes
c:windowssystem32wbdbase.enu 966656 bytes
c:windowssystem32wbdbase.esn 753664 bytes
c:windowssystem32wbdbase.fra 802816 bytes
c:windowssystem32wbdbase.ita 868352 bytes
c:windowssystem32wbdbase.nld 1097728 bytes
c:windowssystem32wbdbase.sve 950272 bytes
c:windowssystem32wdl.trm 16384 bytes
c:windowssystem32webhits.dll 49152 bytes
c:windowssystem32wfwnet.drv 16384 bytes
c:windowssystem32wiasf.ax 49152 bytes
c:windowssystem32wiavusd.dll 147456 bytes
c:windowssystem32wifeman.dll 16384 bytes
c:windowssystem32win.com 32768 bytes
c:windowssystem32win87em.dll 16384 bytes
c:windowssystem32winfax.dll 16384 bytes
c:windowssystem32winhelp.hlp 32768 bytes
c:windowssystem32winhlp32.exe 16384 bytes
c:windowssystem32winmsd.exe 16384 bytes
c:windowssystem32winoldap.mod 16384 bytes
c:windowssystem32winsock.dll 16384 bytes
c:windowssystem32winspool.exe 16384 bytes
c:windowssystem32winstrm.dll 32768 bytes
c:windowssystem32wmiprop.dll 32768 bytes
c:windowssystem32wmiscmgr.dll 65536 bytes
c:windowssystem32wowdeb.exe 16384 bytes
c:windowssystem32wowexec.exe 16384 bytes
c:windowssystem32wowfax.dll 16384 bytes
c:windowssystem32wowfaxui.dll 16384 bytes
c:windowssystem32wshatm.dll 16384 bytes
c:windowssystem32wshisn.dll 16384 bytes
c:windowssystem32wshnetbs.dll 16384 bytes
c:windowssystem32wupdmgr.exe 49152 bytes
c:windowssystem32noise.tha 16384 bytes
c:windowssystem32edit.com 81920 bytes
c:windowssystem32edit.hlp 16384 bytes
c:windowssystem32noise.chs 16384 bytes
c:windowssystem32noise.cht 16384 bytes
c:windowssystem32jsru.dll 16384 bytes
c:windowssystem32scoru.dll 16384 bytes
c:windowssystem32scrrnru.dll 16384 bytes
c:windowssystem32vbsru.dll 16384 bytes
c:windowssystem32wshru.dll 65536 bytes
c:windowssystem32wiavideo.dll 114688 bytes
c:windowssystem32wmerrRUS.dll 65536 bytes
c:windowssystem32perfc019.dat 98304 bytes
c:windowssystem32perfh019.dat 491520 bytes
c:windowssystem32perfd019.dat 49152 bytes
c:windowssystem32perfi019.dat 311296 bytes
c:windowssystem32c_866.nls 81920 bytes
c:windowssystem32kbdru.dll 16384 bytes
c:windowssystem32kbdru1.dll 16384 bytes
c:windowssystem32mfc42loc.dll 65536 bytes
c:windowssystem32mfc40loc.dll 65536 bytes
c:windowssystem32setup.exe 32768 bytes
c:windowssystem32presetup.cmd 16384 bytes
c:windowssystem32winbrand.dll 950272 bytes
c:windowssystem32Un7z.dll 1system32drivershidclass.sys 49152 bytes
c:windowssystem32drivershidparse.sys 32768 bytes
c:windowssystem32driversusbport.sys 147456 bytes
c:windowssystem32driversusbuhci.sys 32768 bytes
c:windowssystem32driversusbehci.sys 32768 bytes
c:windowssystem32driversmouclass.sys 32768 bytes
c:windowssystem32driverskbdclass.sys 32768 bytes
c:windowssystem32driversirenum.sys 16384 bytes
c:windowssystem32driversgameenum.sys 16384 bytes
c:windowssystem32driversGAGP30KX.SYS 49152 bytes
c:windowssystem32driversRTL8139.sys 32768 bytes
c:windowssystem32driversusbprint.sys 32768 bytes
c:windowssystem32driversredbook.sys 65536 bytes
c:windowssystem32driversaudstub.sys 16384 bytes
c:windowssystem32driverstermdd.sys 49152 bytes
c:windowssystem32driversrdpdr.sys 212992 bytes
c:windowssystem32driversrdpwd.sys 147456 bytes
c:windowssystem32driverstdpipe.sys 16384 bytes
c:windowssystem32driverstdtcp.sys 32768 bytes
c:windowssystem32driverssr.sys 81920 bytes
c:windowssystem32driversfltMgr.sys 131072 bytes
c:windowssystem32driversWudfPf.sys 81920 bytes
c:windowssystem32driversWudfRd.sys 98304 bytes
c:windowssystem32driversUMDF
c:windowssystem32driversUMDFwpdmtpdr.dll 671744 bytes
c:windowssystem32driverswpdusb.sys 49152 bytes
c:windowssystem32driverssptd.sys 688128 bytes
c:windowssystem32driversisapnp.sys 49152 bytes
c:windowssystem32driversVIAAGP1.SYS 32768 bytes
c:windowssystem32driversRtlnic51.sys 65536 bytes
c:windowssystem32driversdrmk.sys 65536 bytes
c:windowssystem32driversstream.sys 49152 bytes
c:windowssystem32driversks.sys 147456 bytes
c:windowssystem32driversportcls.sys 147456 bytes
c:windowssystem32driversALCXWDM.SYS 606208 bytes
c:windowssystem32driversALCXSENS.SYS 393216 bytes
c:windowssystem32driversMSPCLOCK.sys 16384 bytes
c:windowssystem32driversMSPQM.sys 16384 bytes
c:windowssystem32driversMSKSSRV.sys 16384 bytes
c:windowssystem32driverssysaudio.sys 65536 bytes
c:windowssystem32driversdrmkaud.sys 16384 bytes
c:windowssystem32driverskmixer.sys 180224 bytes
c:windowssystem32driversaec.sys 147456 bytes
c:windowssystem32driversswmidi.sys 65536 bytes
c:windowssystem32driversDMusic.sys 65536 bytes
c:windowssystem32driverswdmaud.sys 98304 bytes
c:windowssystem32driverssplitter.sys 16384 bytes
c:windowssystem32driversviasraid.sys 81920 bytes
c:windowssystem32driversusbscan.sys 16384 bytes
c:windowssystem32driversAmps2prt.sys 16384 bytes
c:windowssystem32driversAmusbprt.sys 16384 bytes
c:windowssystem32driversAmfilter.sys 16384 bytes
c:windowssystem32driversbthport.sys 278528 bytes
c:windowssystem32driversBTHUSB.SYS 32768 bytes
c:windowssystem32driversBthEnum.sys 32768 bytes
c:windowssystem32driversrfcomm.sys 65536 bytes
c:windowssystem32driversbthpan.sys 114688 bytes
c:windowssystem32driversnv4_mini.sys 1884160 bytes
c:windowssystem32driversctdvda2k.sys 344064 bytes
c:windowssystem32driversimagedrv.sys 16384 bytes
c:windowssystem32driversimagesrv.sys 131072 bytes
c:windowssystem32driverssleen15.sys 81920 bytes
c:windowssystem32driverssnapman.sys 114688 bytes
c:windowssystem32driverstimntr.sys 393216 bytes
c:windowssystem32driverstifsfilt.sys 32768 bytes
c:windowssystem32driversPxHelp20.sys 49152 bytes
c:windowssystem32driverscdralw2k.sys 16384 bytes
c:windowssystem32driverscdr4_xp.sys 16384 bytes
c:windowssystem32driversappdrv01.sys 3112960 bytes
c:windowssystem32driversETDrv.sys 180224 bytes
c:windowssystem32driverssleen16.sys 81920 bytes
c:windowssystem32driversavipbb.sys 81920 bytes
c:windowssystem32driversssmdrv.sys 32768 bytes
c:windowssystem32driversavgntdd.sys 49152 bytes
c:windowssystem32driversavgntmgr.sys 32768 bytesТеперь дополнительно к тому что появляются файлы в папке общие документы, на которых ругается Avira обзывая их тряном, выскакивает ошибка что память не может быть written проводник виснет, так что не запускается диспетчер задач.
Посылаю лог частями, т.к. весь не входит:
ComboFix 09-02-15.01 — Администратор 2009-02-16 20:37:58.1 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.1023.675 [GMT 7:00]
Running from: c:documents and settingsАдминистраторРабочий столComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32CDClose.dll
c:windowssystem32l_except.nls.
((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.2009-02-16 17:44 . 2009-02-16 17:44 478,878 —a
c:windowssystem32prfh0419.dat
2009-02-16 17:44 . 2009-02-16 17:44 82,450 —a
c:windowssystem32prfc0419.dat
2009-02-15 19:53 . 2009-02-15 19:53d
c:program filesWinPatrol
2009-02-15 19:53 . 2009-02-15 19:53d
c:documents and settingsАдминистраторApplication DataWinPatrol
2009-02-15 15:36 . 2009-02-15 15:36d
c:program filesSpybot — Search & Destroy
2009-02-15 15:36 . 2009-02-15 15:36d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2009-02-15 14:53 . 2009-02-15 14:53d
C:rsit
2009-02-15 14:47 . 2009-02-15 14:47d
c:program filesTrend Micro
2009-02-15 10:47 . 2009-02-15 10:47d
c:program filesMediaCoder
2009-02-13 21:37 . 2009-02-13 21:37d
c:program filesAvira
2009-02-13 21:37 . 2009-02-13 21:37d
c:documents and settingsAll UsersApplication DataAvira
2009-02-13 12:28 . 2009-02-13 12:28d
c:program filesDU Meter
2009-02-08 21:32 . 2009-02-08 21:32 10 —a
c:windowspopcinfo.dat
2009-02-08 11:33 . 2009-02-08 11:34d
c:documents and settingsАдминистраторApplication DataWinamp
2009-02-08 11:21 . 2009-02-08 11:21d
c:windowssystem32NtmsData
2009-02-08 11:19 . 2009-02-08 11:19d—h
c:windowssystem32GroupPolicy
2009-02-07 21:37 . 2009-02-07 21:37d
c:documents and settingsАдминистраторApplication DataAuslogics
2009-02-07 21:06 . 2009-02-07 21:06d
c:program filesAshampoo
2009-02-07 20:54 . 2009-02-07 20:55d
c:program filesESET
2009-02-07 20:45 . 2009-02-07 20:45d
c:documents and settingsAll UsersApplication Data2DBoy
2009-02-07 20:41 . 2009-02-07 20:41d
c:program filesWorldOfGoo
2009-02-07 20:41 . 2009-02-07 20:41d
c:program filesVista Games
2009-02-07 20:41 . 2009-02-07 20:41d
c:program filesUSBGuard
2009-02-07 20:41 . 2009-02-07 20:41d
c:program filesUnlocker
2009-02-07 20:39 . 2008-09-25 01:41 839,680 —a
c:windowssystem32lameACM.acm
2009-02-07 20:39 . 2007-09-21 07:52 118,784 —a
c:windowssystem32ac3acm.acm
2009-02-07 20:39 . 2008-10-03 19:30 414 —a
c:windowssystem32lame_acm.xml
2009-02-07 20:39 . 2008-07-31 02:09 38 —a
c:windowsavisplitter.ini
2009-02-07 20:38 . 2009-02-07 20:38d
c:program filesXPTweaker
2009-02-07 20:38 . 2009-02-07 20:38d
c:program filesThe KMPlayer
2009-02-07 20:29 . 2009-02-07 20:29d
c:program filesWinDjView
2009-02-07 20:05 . 2009-02-07 20:06d
c:documents and settingsAll UsersApplication DatanView_Profiles
2009-02-07 20:01 . 2009-02-07 20:01d
c:documents and settingsАдминистраторApplication DataMKey
2009-02-07 19:36 . 2009-02-07 19:36d—hs—- C:Recycled
2009-02-07 19:36 . 2009-02-08 12:16 13,030 —a
C:PDOXUSRS.NET
2009-02-07 19:34 . 2009-02-07 19:34d
c:program filesEverest
2009-02-07 19:30 . 2009-02-07 19:30d
c:program filesSteganos Safe One
2009-02-07 19:30 . 2009-02-07 19:30d
c:program filesStamp0.85
2009-02-07 19:30 . 2009-02-07 19:30d
c:program filesAutodesk
2009-02-07 19:30 . 2009-02-07 19:30d
c:program filesAutoCAD 2008
2009-02-07 19:29 . 2009-02-07 19:29d
c:program filesYour Uninstaller 2006
2009-02-07 19:29 . 2009-02-07 19:29d
c:program filesWindows Sidebar
2009-02-07 19:29 . 2009-02-07 19:29d
c:program filesuTorrent
2009-02-07 19:29 . 2009-02-07 19:29d
c:program filesSkype
2009-02-07 19:29 . 2009-02-07 19:29d
c:program filesLClock
2009-02-07 19:29 . 2009-02-07 19:29d
c:program fileseMulePlus
2009-02-07 19:29 . 2009-02-07 19:29d
c:program filesAusLogics Disk Defrag
2009-02-07 19:29 . 2009-02-07 19:29d
c:program filesArsenal Company
2009-02-07 19:29 . 2009-02-07 19:29d
c:program files2gis
2009-02-07 19:28 . 2009-02-07 19:28d
c:program filesSteganos Security Suite 2007
2009-02-07 19:28 . 2009-02-07 19:28d
c:program filesRivaTuner v2.08
2009-02-07 19:28 . 2009-02-07 19:28d
c:program fileshome
2009-02-07 19:28 . 2009-02-07 19:28d
c:program filesAcronis
2009-02-07 19:26 . 2009-02-07 19:26d
c:program filesThe Bat!
2009-02-07 19:26 . 2009-02-07 19:26d
c:program filesSpeedFan
2009-02-07 19:26 . 2009-02-07 19:26d
c:program filesNero
2009-02-07 19:26 . 2009-02-07 19:26d
c:program filesCreative
2009-02-07 19:26 . 2009-02-07 19:26d
c:program filesACD Systems
2009-02-07 19:25 . 2009-02-07 19:25d
c:program filesInterVideo
2009-02-07 19:23 . 2009-02-07 19:23d
c:program filesMicrosoft.NET
2009-02-07 19:23 . 2009-02-07 19:23d
c:program filesMicrosoft Works
2009-02-07 19:23 . 2009-02-07 19:23d
c:program filesABBYY FineReader 8.0 Professional Edition
2009-02-07 19:22 . 2009-02-07 19:22d
c:program filesMicrosoft Visual Studio 8
2009-02-07 19:19 . 2009-02-07 19:19d
c:program filesTotal Commander
2009-02-07 19:19 . 2009-02-07 19:19d
c:program filesReference Assemblies
2009-02-07 19:19 . 2009-02-07 19:19d
c:program filesMSBuild
2009-02-07 19:17 . 2009-02-07 19:17d
c:program filesVIA
2009-02-07 19:17 . 2009-02-07 19:17d
c:program filesmsi InstallSource .NET Framework 3.0
2009-02-07 19:17 . 2009-02-07 19:17d—h
c:program filesInstallShield Installation Information
2009-02-07 19:17 . 2009-02-07 19:17d
c:program filesHP
2009-02-07 19:17 . 2009-02-07 19:17d
c:program filesHewlett-Packard
2009-02-07 19:17 . 2009-02-07 19:17d
c:program filesGigabyte
2009-02-07 19:17 . 2009-02-07 19:17d
c:program filesDAEMON Tools
2009-02-07 19:17 . 2009-02-07 19:17d
c:program filesAvRack
2009-02-07 19:17 . 2009-02-07 19:17d
c:program filesA4Tech
2009-02-07 19:16 . 2009-02-07 19:16d
c:program filesWindows Media Connect 2
2009-02-07 19:16 . 2009-02-07 19:16d
c:program filesWinamp
2009-02-07 19:16 . 2009-02-07 19:16d
c:program filesmicrosoft frontpage
2009-02-07 19:16 . 2009-02-07 19:16d
c:program filesK-Lite Codec Pack
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesVistaDriveIcon
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesUndeletePlus
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesRegShot v.1.7
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesPunto Switcher
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesPaint.NET
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesMSXML 6.0
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesmsi InstallSource MSXML
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesMainreg v.5.0
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesLaunchy
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesJava
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesFoxit Reader
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesDownload Master
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesConsole2
2009-02-07 19:15 . 2009-02-07 19:15d
c:program filesCommon FilesAdobe Systems Shared
2009-02-07 19:14 . 2009-02-07 19:14d
c:program filesCommon FilesSkype
2009-02-07 19:14 . 2009-02-07 19:14d
c:program filesCommon FilesBorland Shared
2009-02-07 19:14 . 2009-02-07 19:14d
c:program filesCommon FilesAutodesk Shared
2009-02-07 19:14 . 2009-02-07 19:14d
c:program filesCommon FilesArsenal Shared
2009-02-07 19:14 . 2009-02-07 19:14d
c:program filesCommon FilesAdobe
2009-02-07 19:13 . 2009-02-07 19:13d
c:program filesCommon FilesAcronis
2009-02-07 19:12 . 2009-02-07 19:12d
c:program filesCommon FilesJava
2009-02-07 19:12 . 2009-02-07 19:12d
c:program filesCommon FilesInterVideo
2009-02-07 19:12 . 2009-02-07 19:12d
c:program filesCommon FilesInstallShield
2009-02-07 19:12 . 2009-02-07 19:12d
c:program filesCommon FilesAhead
2009-02-07 19:12 . 2009-02-07 19:12d
c:program filesCommon FilesACD Systems
2009-02-07 19:10 . 2009-02-07 19:10dr
C:Program Files
2009-02-07 19:10 . 2009-02-07 19:10d
c:documents and settingsАдминистраторWINDOWS
2009-02-07 19:10 . 2009-02-07 19:10d
c:documents and settingsАдминистраторWINDOWS
2009-02-07 19:10 . 2009-02-07 19:10d
c:documents and settingsАдминистраторDoctorWeb
2009-02-07 19:10 . 2009-02-07 19:10d
c:documents and settingsАдминистраторDoctorWeb
2009-02-07 19:10 . 2009-02-07 19:10d
c:documents and settingsАдминистраторApplication DataURSoft
2009-02-07 19:10 . 2009-02-07 19:10d
c:documents and settingsАдминистраторApplication DataskypePM
2009-02-07 19:10 . 2009-02-07 19:10d
c:documents and settingsАдминистраторApplication DataSkype
2009-02-07 19:10 . 2009-02-07 19:10d
c:documents and settingsАдминистраторApplication DataMedia Player Classic
2009-02-07 19:10 . 2009-02-07 19:10d
c:documents and settingsАдминистраторApplication DataLightAlloy
2009-02-07 19:10 . 2009-02-07 19:10d
c:documents and settingsАдминистраторApplication DataGrym
2009-02-07 19:10 . 2009-02-07 19:10d
c:documents and settingsАдминистраторApplication DataAutodesk
2009-02-07 19:07 . 2009-02-07 19:07d
c:documents and settingsАдминистраторApplication DataXRay Engine
2009-02-07 19:07 . 2009-02-07 19:07d
c:documents and settingsАдминистраторApplication DataLaunchy
2009-02-07 19:07 . 2009-02-07 19:07d
c:documents and settingsАдминистраторApplication DataInterVideo
2009-02-07 19:07 . 2009-02-07 19:07d
c:documents and settingsАдминистраторApplication DataDownload Master
2009-02-07 19:07 . 2009-02-07 19:07dr-h
c:documents and settingsАдминистраторApplication DataCrystalSpace
2009-02-07 19:07 . 2009-02-07 19:07d
c:documents and settingsАдминистраторApplication DataCanon
2009-02-07 19:07 . 2009-02-07 19:07d
c:documents and settingsАдминистраторApplication DataAhead
2009-02-07 19:07 . 2009-02-07 19:07d
c:documents and settingsАдминистраторApplication DataACD Systems
2009-02-07 19:07 . 2009-02-07 19:07d
c:documents and settingsАдминистраторApplication DataABBYY.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 12:26 5,549 —-a-w c:program filesPatchWise.log
2009-02-07 11:57 725,566 —-a-w c:windowssrchasstsrchui.dll
2009-02-07 11:57 58,434 —-a-w c:windowssrchasstsrchctls.dll
2009-02-07 11:57 3,166,208 —-a-w c:windowssrchasstmsgr3en.dll
2009-02-07 11:56 972,336 —-a-w c:windowsUNNeroVision.exe
2009-02-07 11:56 966,656 —-a-w c:windowsUNRecode.exe
2009-02-07 11:56 86,024 —-a-w c:windowssleen1564.sys
2009-02-07 11:56 69,120 —-a-w c:windowsNOTEPAD.EXE
2009-02-07 11:56 65,536 —-a-w c:windowsSOUNDMAN.EXE
2009-02-07 11:56 306,688 —-a-w c:windowsIsUninst.exe
2009-02-07 11:56 208,896
w c:windowsalcupd.exe
2009-02-07 11:56 15,360 —-a-w c:windowsTASKMAN.EXE
2009-02-07 11:56 139,264
w c:windowsalcrmv.exe
2009-02-07 11:53 282,624 —-a-w c:windowsHashTab.dll
2009-02-07 11:51 450,048 —-a-w c:windowsAppPatchAcLayers.dll
2009-02-07 11:51 39,424 —-a-w c:windowsAppPatchacadproc.dll
2009-02-07 11:51 245,248 —-a-w c:windowsAppPatchAcSpecfc.dll
2009-02-07 11:51 137,728 —-a-w c:windowsAppPatchAcLua.dll
2009-02-07 11:51 116,224 —-a-w c:windowsAppPatchAcXtrnal.dll
2009-02-07 11:51 1,852,928 —-a-w c:windowsAppPatchAcGenral.dll
2009-02-07 11:49 34,816 —-a-w c:windowsHelpsniffpol.dll
2009-02-07 11:49 33,280 —-a-w c:windowsHelpsstub.dll
2009-02-07 11:49 279,040 —-a-w c:windowsHelpTSHOOT.dll
2009-02-07 11:49 152,576 —-a-w c:windowsHelpbnts.dll
2009-02-07 11:46 97,792 —-a-w c:windowssystem32comrepl.dll
2009-02-07 11:45 99,840 —-a-w c:windowssystem32wmpshell.dll
2009-02-07 11:44 99,328 —-a-w c:windowssystem32cabview.dll
2009-02-07 11:43 990,208 —-a-w c:windowssystem32syssetup.dll
2009-02-07 11:42 99,840 —-a-w c:windowssystem32dllcachewmpshell.dll
2009-02-07 11:41 990,208 —-a-w c:windowssystem32dllcachesyssetup.dll
2009-02-07 11:40 991,744 —-a-w c:windowssystem32dllcachedrmv2clt.dll
2009-02-07 11:39 992,256 —-a-w c:windowssystem32dllcachekernel32.dll
2009-02-07 11:38 99,776 —-a-w c:windowssystem32driverssnapman.sys
2009-02-07 11:37 96,256 —-a-w c:windowssystem32driversscsiport.sys
2008-12-08 11:53 57,344 —-a-w c:windowssystem32ff_vfw.dll
2008-12-07 18:08 795,648 —-a-w c:windowssystem32xvidcore.dll
2008-12-07 18:08 130,048 —-a-w c:windowssystem32xvidvfw.dll
.
Sigcheck
2009-02-07 18:43 578560 5231f1983829611637e9493105e84751 c:windowssystem32user32.dll2009-02-07 18:43 948736 8c9f562b1f0b0e2a421161822244a337 c:windowssystem32wininet.dll
2009-02-07 18:37 360576 bb4d3a8e6f7eb1d370bc4ad27ab23368 c:windowssystem32driverstcpip.sys
2009-02-07 18:52 1608704 d55a919f1860d6adcf24d599d69041cd c:windowsexplorer.exe
2009-02-07 18:45 30208 4f654aecff06d7e853dfeee0c8dc9950 c:windowssystem32ctfmon.exe
2009-02-07 18:46 80216 1904f84c58ef952d7c036557e7d0dc08 c:windowssystem32wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2009-02-07 132608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«Ashampoo FireWall»=»c:program filesAshampooAshampoo FireWallFireWall.exe» [2007-04-05 3251800]
«Avgnt»=»c:program filesAviraAntiVir PersonalEdition Classicavgnt.exe» [2008-06-12 266497]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2009-02-07 2899968]
«WheelMouse»=»c:program filesA4TechMouseAmoumain.exe» [2009-02-07 196608]
«MKey.exe»=»c:utilMKeyMKey.exe» [2005-08-17 670720]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2009-02-07 c:windowssystem32bthprops.cpl]
«Nwiz»=»nwiz.exe» [2009-02-07 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2009-02-07 201728]
«VistaIcon»=»c:program filesVistaDriveIconVistaDrv.exe» [2009-02-07 132608][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«IE7_011″=»shell32» [X]
«IE7-012″=»advpack.dll» [2009-02-07 c:windowssystem32advpack.dll]c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
speedfan.lnk — c:program filesSpeedFanspeedfan.exe [2009-02-07 2189312]c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
speedfan.lnk — c:program filesSpeedFanspeedfan.exe [2009-02-07 2189312]c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
speedfan.lnk — c:program filesSpeedFanspeedfan.exe [2009-02-07 2189312][HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«NoSMConfigurePrograms»= 1 (0x1)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.ac3filter»= ac3filter.acm[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSidebar]
—a
2007-02-26 23:50 1254912 c:program filesWindows Sidebarsidebar.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«ose»=3 (0x3)
«Autodesk Licensing Service»=3 (0x3)
«Adobe LM Service»=3 (0x3)
«2GIS UpdateClientService»=3 (0x3)
«Schedule»=2 (0x2)
«UPS»=3 (0x3)
«odserv»=3 (0x3)
«NMIndexingService»=3 (0x3)
«DUMeterSvc»=2 (0x2)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\InterVideo\DVD7\WinDVD.exe»=
«d:\Games\StalkerCS\bin\xrEngine.exe»=
«d:\Games\StalkerCS\bin\dedicated\xrEngine.exe»=R0 viasraid;viasraid;c:windowssystem32driversviasraid.sys [2009-02-07 75904]
R1 appdrv01;Application Driver (01);c:windowssystem32driversappdrv01.sys [2009-02-07 3100776]
R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:windowssystem32driverssleen15.sys [2009-02-07 18:38:03 80232]
R2 ETDrv;ETDrv;c:windowssystem32driversETDrv.sys [2009-02-07 170128]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc —> c:windowsSystem32appdrvrem01.exe svc [?]
S2 SLEE_81_DRIVER;Steganos Live Encryption Engine 8.1 [Driver];??c:windowssystem32driversSLEE81.sys —> c:windowssystem32driversSLEE81.sys [?]
S3 CrystalSysInfo;CrystalSysInfo;c:program filesMediaCoderSysInfo.sys [2007-09-25 15152]
S3 MarkFun_NT;MarkFun_NT;??c:program filesGigabyteGigabyte Windows Utility ManagerET4markfun.w32 —> c:program filesGigabyteGigabyte Windows Utility ManagerET4markfun.w32 [?]
S4 2GIS UpdateClientService;2GIS UpdateClientService;c:program files2gisUpdateClientWin32UpdateClientService.exe [2009-02-07 1134592]
S4 DUMeterSvc;DU Meter Service;c:program filesDU MeterDUMeterSvc.exe [2009-02-13 1386008][HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{34A19196-274E-4D75-9D30-D7A45A0A4178}]
«c:program filesWindows Sidebar.regsvr32.exe» /s wlsrvc.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{6B9228DA-9C15-419e-856C-19E768A13BDC}]
«c:program filesWindows Sidebar.regsvr32.exe» /s sbdrop.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s c:program filesWindows SidebarVAIO.vshellext.dll
.
— — — — ORPHANS REMOVED — — — —MSConfigStartUp-LClock — c:program filesLClocklclock.exe
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.winamp.com/buy
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
LSP: c:program filesAshampooAshampoo FireWallspi.dll
.**************************************************************************
info.txt logfile of random’s system information tool 1.05 2009-02-15 17:20:21
======Uninstall list======
—>C:Program FilesNeroNero 7\nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {C5060182-C90D-4314-9AE9-5C0DCF8FD1EF}
—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {3520B304-0EF8-475D-8C52-47ABCCC75FC6}
—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
—>MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee 8—>MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027}
Acronis True Image Home—>MsiExec.exe /X{B1914265-0D07-48E0-A937-F20A76D0032D}
Adobe Flash Player 9 ActiveX—>C:WINDOWSsystem32MacromedFlashFlashUtil9d.exe -uninstallDelete
Adobe Flash Player 9 ActiveX—>MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Photoshop CS2—>msiexec /I {236BB7C4-4419-42FD-0419-1E257A25E34D}
Ashampoo FireWall 1.20—>»C:Program FilesAshampooAshampoo FireWallunins000.exe»
AusLogics Disk Defrag—>»C:Program FilesAusLogics Disk Defragunins000.exe»
AutoCAD 2008 — Русский—>C:Program FilesAutoCAD 2008SetupSetup.exe /P {5783F2D7-6001-0419-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7—>MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Avira AntiVir Personal — Free Antivirus—>C:Program FilesAviraAntiVir PersonalEdition ClassicSETUP.EXE /REMOVE
Creative DVD Audio Plugin for Audigy Series—>»C:Program FilesCreativeCTDPluginCTUIDVD.exe » -u
Daemon Tools—>»C:Program FilesDaemon ToolsUninst.exe»
Download Master 5.5.7.1145—>»C:Program FilesDownload Masterunins000.exe»
DU Meter—>»C:Program FilesDU Meterunins000.exe»
eMulePlus—>C:Program FileseMulePlusUninstall.exe
Enable S3 for USB Device—>C:WINDOWSIsUninst.exe -f»C:Program FilesGigabyteEnable S3 for USB DeviceUninst.isu»
Everest—>C:Program FilesEverestUninstall.exe
Foxit Reader 3.0 Build 1122—>C:Program FilesFoxit ReaderUninstall.exe
HijackThis 2.0.2—>»C:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)—>C:WINDOWSsystem32msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows XP (KB926239)—>»C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe»
HP Deskjet 3740—>msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}
InterVideo WinDVD 7—>»C:Program FilesInstallShield Installation Information{90885A82-9673-49EA-AB39-AF776639C67C}setup.exe» REMOVEALL
Java(TM) 6 Update 2—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
K-Lite Mega Codec Pack 4.4.2—>»C:Program FilesK-Lite Codec Packunins000.exe»
MediaCoder 0.6.2—>C:Program FilesMediaCoderuninst.exe
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack — RUS—>MsiExec.exe /X{F4D0F248-2BF7-4912-814E-4FD751923838}
Microsoft .NET Framework 2.0—>MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft .NET Framework 3.0 Russian Language Pack—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0 Russian Language Packsetup.exe
Microsoft .NET Framework 3.0 Russian Language Pack—>MsiExec.exe /X{855B04CC-4F7A-4FBB-B7BA-D965D23F7AD5}
Microsoft .NET Framework 3.0—>C:WINDOWSMicrosoft.NETFrameworkv3.0Microsoft .NET Framework 3.0setup.exe
Microsoft .NET Framework 3.0—>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office Excel 2007—>MsiExec.exe /X{90120000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007—>MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
MSXML 4.0 SP2 (KB927978)—>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser—>MsiExec.exe /I{8E719AE4-286B-4F01-8DA1-6270B0BF819D}
Nero 7 Ultra Edition—>MsiExec.exe /I{400348D1-032F-4717-A840-D52F975C1049}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NGTS_XP—>C:WINDOWSuninst.exe -f»C:Program FileshomeNGTSDeIsL1.isu» -c»C:Program FileshomeNGTS_ISREG32.DLL»
NVIDIA Display Driver—>C:WINDOWSsystem32nvudisp.exe Uninstall C:WINDOWSsystem32nvdisp.nvu,NVIDIA Display Driver
QIP 2005 8082—>»C:UtilQIPunins000.exe»
QIP Infium 2.0.9024 RC4—>»C:UtilQIP Infiumunins000.exe»
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{94FB906A-CF42-4128-A509-D353026A607E}Setup.exe» -l0x19 REMOVE
RivaTuner v2.08—>»C:Program FilesRivaTuner v2.08uninstall.exe»
Security Update для Microsoft .NET Framework 2.0 (КБ928365)—>C:WINDOWSsystem32msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Skype—>C:Program FilesSkypeUninstall.exe
Skype™ 3.6—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart-X7 7.80—>C:Program FilesA4TechMouseUninst32.exe
SpeedFan (remove only)—>»C:Program FilesSpeedFanuninstall.exe»
Spybot — Search & Destroy—>»C:Program FilesSpybot — Search & Destroyunins000.exe»
Stamp v0.85 (SPB)—>»C:Program FilesStamp0.85uninstall.exe»
Steganos Security Suite 2007—>C:Program FilesSteganos Security Suite 2007uninstall.exe
Unlocker—>C:Program FilesUnlockeruninst.exe
Update для Microsoft .NET Framework 3.0 (КБ932394)—>C:WINDOWSsystem32msiexec.exe /promptrestart /uninstall {6CDA893D-A8BB-44B5-896E-A474508B2EFF} /package {7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
USBGuard 5.1.0.15—>C:Program FilesUSBGuardUninstall.exe
VIA Integrated Setup Wizard—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}
Vista Games 1.3 XP—>C:Program FilesVista Gamesuninst.exe
Winamp—>C:Program FilesWinampUninstall.exe
WinDjView 0.5—>»C:Program FilesWinDjViewunins000.exe»
Windows Communication Foundation—>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows Presentation Foundation Language Pack (RUS)—>MsiExec.exe /X{D83A3DFC-8528-4E31-93DC-0A41C477109C}
Windows Presentation Foundation—>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation RU Language Pack—>MsiExec.exe /I{1C7ADED3-C371-40DF-A69D-FE0EA73DC394}
Windows Workflow Foundation—>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
XPTweaker—>C:Program FilesXPTweakerUninstall.exe
Your Uninstaller! 2006 Version 5—>»C:Program FilesYour Uninstaller 2006unins000.exe»
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Боковая панель Windows—>rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFSidebar.inf,DefaultUnInstall
Данные ДубльГИС г.Новокузнецк 01.01.2009—>MsiExec.exe /X{10E7BB8F-E0BA-421D-8B9A-082AAA993D2B}
ДубльГИС 3.0.4.1—>MsiExec.exe /X{FA671504-B676-42B9-A5E5-30399BD8F676}
Пакет обновления 2 для клиента управления правами Windows с поддержкой прежних версий—>MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Пакет обновления 2 для клиента управления правами Windows—>MsiExec.exe /X{9350CD11-D3F0-4B6D-B18F-74E968D5770A}
Проигрыватель Windows Media 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
С.Т.А.Л.К.Е.Р. — Чистое Небо [v1.0007]—>»D:GamesStalkerCSunins000.exe»
Сократ Персональный 4.1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}setup.exe»
Центр обновлений ДубльГИС—>MsiExec.exe /X{2FB165EB-69C0-416D-9B4E-E805ABC8CB1F}======Hosts File======
127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com======Security center information======
AV: Avira AntiVir PersonalEdition
System event log
Computer Name: AS
Event Code: 7000
Message: Сбой при запуске службы «Steganos Live Encryption Engine 8.1 [Service]» из-за ошибки
Не удается найти указанный файл.Record Number: 6980
Source Name: Service Control Manager
Time Written: 20081213194116.000000+420
Event Type: ошибка
User:Computer Name: AS
Event Code: 7000
Message: Сбой при запуске службы «Steganos Live Encryption Engine 8.1 [Driver]» из-за ошибки
Не удается найти указанный файл.Record Number: 6979
Source Name: Service Control Manager
Time Written: 20081213194116.000000+420
Event Type: ошибка
User:Computer Name: AS
Event Code: 20158
Message: Успешно выполнено подключение пользователя «antirinka.Nvkz»к «Stream», с помощью устройства «PPPoE8-0».Record Number: 6978
Source Name: RemoteAccess
Time Written: 20081213194008.000000+420
Event Type: информация
User:Computer Name: AS
Event Code: 26
Message: Всплывающее окно приложения: : Machine Check: RegsRecord Number: 6977
Source Name: Application Popup
Time Written: 20081213194008.000000+420
Event Type: информация
User:Computer Name: AS
Event Code: 26
Message: Всплывающее окно приложения: : Machine Check:Record Number: 6976
Source Name: Application Popup
Time Written: 20081213194008.000000+420
Event Type: информация
User:Application event log
Computer Name: AS
Event Code: 4113
Message:
Record Number: 463
Source Name: Avira AntiVir
Time Written: 20090215170736.000000+420
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: AS
Event Code: 4113
Message:
Record Number: 462
Source Name: Avira AntiVir
Time Written: 20090215170733.000000+420
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: AS
Event Code: 4113
Message:
Record Number: 461
Source Name: Avira AntiVir
Time Written: 20090215170047.000000+420
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: AS
Event Code: 4113
Message:
Record Number: 460
Source Name: Avira AntiVir
Time Written: 20090215170041.000000+420
Event Type: предупреждение
User: NT AUTHORITYSYSTEMComputer Name: AS
Event Code: 4113
Message:
Record Number: 459
Source Name: Avira AntiVir
Time Written: 20090215165853.000000+420
Event Type: предупреждение
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«NUMBER_OF_PROCESSORS»=1
«OS»=Windows_NT
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
«PROCESSOR_LEVEL»=15
«PROCESSOR_REVISION»=040a
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«windir»=%SystemRoot%====List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Amfilter;A4Tech Mouse Filter Driver; C:WINDOWSsystem32DRIVERSAmfilter.sys [2009-02-07 8704]
R1 appdrv01;Application Driver (01); C:WINDOWSSystem32Driversappdrv01.sys [2009-02-07 3100776]
R1 avgio;avgio; ??C:Program FilesAviraAntiVir PersonalEdition Classicavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2008-06-27 75072]
R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver]; ??C:WINDOWSsystem32driversSleen15.sys []
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:WINDOWSSystem32driversws2ifsl.sys [2009-02-07 12032]
R2 ETDrv;ETDrv; C:WINDOWSsystem32driversETDrv.sys [2009-02-07 170128]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:WINDOWSsystem32DRIVERSrspndr.sys [2009-02-07 62336]
R2 tifsfilter;Acronis True Image FS Filter; C:WINDOWSsystem32DRIVERStifsfilt.sys [2009-02-07 32288]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2009-02-07 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2009-02-07 601100]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:WINDOWSsystem32DRIVERSAmusbprt.sys [2009-02-07 13824]
R3 ASFWHide;ASFWHide; ??C:WINDOWSTEMPASFWHide []
R3 avgntflt;avgntflt; ??C:Program FilesAviraAntiVir PersonalEdition Classicavgntflt.sys []
R3 hidusb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2009-02-07 9600]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2009-02-07 1880320]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:WINDOWSsystem32DRIVERSRtlnic51.sys [2009-02-07 65280]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2009-02-07 30208]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2009-02-07 59392]
R3 usbstor;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2009-02-07 26496]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:WINDOWSsystem32DRIVERSusbuhci.sys [2009-02-07 20608]
S2 SLEE_81_DRIVER;Steganos Live Encryption Engine 8.1 [Driver]; ??C:WINDOWSsystem32driversSLEE81.sys []
S3 BthEnum;Драйвер блока запроса Bluetooth; C:WINDOWSsystem32DRIVERSBthEnum.sys [2009-02-07 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2009-02-07 100992]
S3 BTHPORT;Драйвер порта Bluetooth; C:WINDOWSSystem32DriversBTHport.sys [2009-02-07 274688]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:WINDOWSSystem32DriversBTHUSB.sys [2009-02-07 18944]
S3 CrystalSysInfo;CrystalSysInfo; ??C:Program FilesMediaCoderSysInfo.sys []
S3 MarkFun_NT;MarkFun_NT; ??C:Program FilesGigabyteGigabyte Windows Utility ManagerET4markfun.w32 []
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2009-02-07 12160]
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2009-02-07 59648]
S3 RivaTuner32;RivaTuner32; ??C:Program FilesRivaTuner v2.08RivaTuner32.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2009-02-07 20992]
S3 usbprint;Класс принтеров Microsoft USB; C:WINDOWSsystem32DRIVERSusbprint.sys [2009-02-07 25856]
S3 usbscan;Драйвер USB-сканера; C:WINDOWSsystem32DRIVERSusbscan.sys [2009-02-07 15104]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2009-02-07 77568]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2009-02-07 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:Program FilesCommon FilesAcronisSchedule2schedul2.exe [2009-02-07 204800]
R2 AntiVirScheduler;Avira AntiVir Personal — Free Antivirus Scheduler; C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal — Free Antivirus Guard; C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe [2008-10-15 151297]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2009-02-07 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2009-02-07 77824]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:WINDOWSSystem32appdrvrem01.exe [2009-02-07 304528]
S2 SLEE_81_SERVICE;Steganos Live Encryption Engine 8.1 [Service]; C:WINDOWSsystem32SLEE81.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2009-02-07 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2009-02-07 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2009-02-07 36864]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2009-02-07 741376]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:Program FilesWindows Media PlayerWMPNetwk.exe [2009-02-07 914944]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2009-02-07 14336]
S4 2GIS UpdateClientService;2GIS UpdateClientService; C:Program Files2gisUpdateClientWin32UpdateClientService.exe [2009-02-07 1134592]
S4 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2009-02-07 72704]
S4 Autodesk Licensing Service;Autodesk Licensing Service; C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [2009-02-07 85096]
S4 DUMeterSvc;DU Meter Service; C:Program FilesDU MeterDUMeterSvc.exe [2008-06-10 1386008]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2009-02-07 122880]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2009-02-07 271920]
S4 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S4 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2009-02-07 145184]
EOF
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_02binssv.dll [2009-02-07 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2008-10-24 157696][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«WheelMouse»=C:Program FilesA4TechMouseAmoumain.exe [2009-02-07 196608]
«BluetoothAuthenticationAgent»=C:WINDOWSsystem32bthprops.cpl [2009-02-07 110592]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2009-02-07 2899968]
«nwiz»=nwiz.exe /install []
«Ashampoo FireWall»=C:Program FilesAshampooAshampoo FireWallFireWall.exe [2007-04-05 3251800]
«avgnt»=C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe [2008-06-12 266497]
«MKey.exe»=C:UtilMKeyMKey.exe [2005-08-17 670720][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2009-02-07 30208]
«VistaIcon»=C:Program FilesVistaDriveIconVistaDrv.exe [2009-02-07 132608][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
C:Program FilesLClocklclock.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSidebar]
C:Program FilesWindows Sidebarsidebar.exe [2007-02-26 1254912][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«ose»=3
«Autodesk Licensing Service»=3
«Adobe LM Service»=3
«2GIS UpdateClientService»=3
«Schedule»=2
«UPS»=3
«odserv»=3
«NMIndexingService»=3
«DUMeterSvc»=2C:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
SpeedFan.lnk — C:Program FilesSpeedFanspeedfan.exeC:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
SpeedFan.lnk — C:Program FilesSpeedFanspeedfan.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2009-02-07 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
relog_ap[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«NoInternetOpenWith «=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=159
«NoSMConfigurePrograms»=1
«NoUserNameInStartMenu»=1[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesInterVideoDVD7WinDVD.exe»=»C:Program FilesInterVideoDVD7WinDVD.exe:*:Enabled:WinDVD»
«D:GamesStalkerCSbinxrEngine.exe»=»D:GamesStalkerCSbinxrEngine.exe:*:Enabled:С.Т.А.Л.К.Е.Р. — Чистое Небо (CLI)»
«D:GamesStalkerCSbindedicatedxrEngine.exe»=»D:GamesStalkerCSbindedicatedxrEngine.exe:*:Enabled:С.Т.А.Л.К.Е.Р. — Чистое Небо (SRV)»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======File associations======
.scr — open — «C:WINDOWSsystem32NOTEPAD.EXE» «%1»
.scr — install —
.scr — config —ogfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-02-15 17:20:03
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (54%) free of 22 GB
Total RAM: 1023 MB (67% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:14, on 15.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesA4TechMouseAmoumain.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesAshampooAshampoo FireWallFireWall.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
C:UtilMKeyMKey.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSpeedFanspeedfan.exe
C:UtilDumeterDUMeter.exe
C:Documents and SettingsАдминистраторРабочий столRSIT.exe
C:Program Filestrend microАдминистратор.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.winamp.com/buy
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_02binssv.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O4 — HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [Ashampoo FireWall] «C:Program FilesAshampooAshampoo FireWallFireWall.exe» -TRAY
O4 — HKLM..Run: [avgnt] «C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe» /min
O4 — HKLM..Run: [MKey.exe] C:UtilMKeyMKey.exe
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe
O4 — HKUSS-1-5-19..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [VistaIcon] C:Program FilesVistaDriveIconVistaDrv.exe (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-20..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [Punto Switcher] C:Program FilesPunto Switcherps.exe (User ‘Default user’)
O4 — HKUS.DEFAULT..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘Default user’)
O4 — S-1-5-18 Startup: SpeedFan.lnk = C:Program FilesSpeedFanspeedfan.exe (User ‘SYSTEM’)
O4 — .DEFAULT Startup: SpeedFan.lnk = C:Program FilesSpeedFanspeedfan.exe (User ‘Default user’)
O4 — Startup: SpeedFan.lnk = C:Program FilesSpeedFanspeedfan.exe
O6 — HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_02binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_02binssv.dll
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O17 — HKLMSystemCCSServicesTcpip..{DD7E8D8F-8FD6-4E49-8563-DC03D7F7F99B}: NameServer = 217.116.148.10 217.116.148.2
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Acronis Scheduler2 Service (AcrSch2Svc) — Acronis — C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
O23 — Service: Avira AntiVir Personal — Free Antivirus Scheduler (AntiVirScheduler) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 — Service: Avira AntiVir Personal — Free Antivirus Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — C:WINDOWSSystem32appdrvrem01.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) — Unknown owner — C:WINDOWSsystem32SLEE81.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 7448 bytes
