Созданные ответы форума
-
Сообщения
-
Спасибо,все как то само собой пропало.Если что,еще обращусь,если вам не в тягость.Спасибо,за оказываемую вами безвозмездную помощь,и за безграничное понимание!Респект вам,и уважуха!
Валерий,подскажите,плиз,что можно еще попробовать,компьютер летает,ничего не виснетно стоит на острие зайти-все,завершить процесс удается только через диспетчер.Переустановка плеера не помогает,все равно глючит,плиз,что делать?
Сорри,я думал это какой то троян.Значит буду с сайтом разбираться,сайт http://www.ostrie.ru.Там есть видео какое то на главной странице,думаю из за него.
Валерий,по ходу проблема осталась.Захожу в диспетчер задач,процессы,и вижу там процесс smss.exe.Попытался завершить-не завершается.И заметил еще баг один.захожу на один сайт (свой любимый)-виснет,на другие сайты нормально.Пробовал с оперы-не виснет.Вот…
Лог Combofix:
ComboFix 09-01-07.01 — Виталий 2009-01-08 0:17:17.8 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.2030.1654 [GMT 3:00]
Running from: c:documents and settingsВиталийРабочий столComboFix.exe
Command switches used :: c:documents and settingsВиталийРабочий столCFScript.txt
AV: Антивирус Касперского *On-access scanning disabled* (Outdated)
FW: Антивирус Касперского *disabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32000474cf.ini
c:windowssystem3200051ecc.ini
c:windowssystem3200054347.ini
c:windowssystem3252c8a.imi
c:windowssystem32DuBa.exe
c:windowssystem32k.exe
c:windowssystem32Ntsvc.ocx
c:windowssystem32Server.dll
.((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.2009-01-07 10:46 . 2009-01-07 10:46
d
c:documents and settingsВиталийApplication DataRotationPilot
2009-01-06 22:27 . 2009-01-06 23:47d
c:program filesSpybot — Search & Destroy
2009-01-06 21:02 . 2009-01-06 21:02d
c:documents and settingsLocalServiceApplication DataICQ Toolbar
2009-01-06 20:30 . 2009-01-06 21:02dr
c:documents and settingsLocalServiceИзбранное
2009-01-06 20:30 . 2009-01-06 21:02dr
c:documents and settingsLocalServiceИзбранное
2009-01-04 13:15 . 2009-01-04 13:30 96,976 —a
c:windowssystem32driversklin.dat
2009-01-04 13:15 . 2009-01-04 13:15 87,855 —a
c:windowssystem32driversklick.dat
2009-01-04 13:14 . 2009-01-04 13:14d
c:program filesKaspersky Lab
2009-01-04 13:14 . 2009-01-08 00:13d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-01-04 13:14 . 2009-01-08 00:12 3,196,960 —ahs—- c:windowssystem32driversfidbox.dat
2009-01-04 13:14 . 2009-01-08 00:12 327,712 —ahs—- c:windowssystem32driversfidbox2.dat
2009-01-04 13:14 . 2009-01-08 00:12 28,152 —ahs—- c:windowssystem32driversfidbox.idx
2009-01-04 13:14 . 2009-01-08 00:12 3,248 —ahs—- c:windowssystem32driversfidbox2.idx
2009-01-04 13:10 . 2009-01-04 13:10d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-01 19:13 . 2009-01-01 19:13d
c:program filesVSO
2009-01-01 19:13 . 2006-09-29 11:24 217,127 —a
c:windowssystem32drv43260.dll
2009-01-01 19:13 . 2006-09-29 11:25 208,935 —a
c:windowssystem32drv33260.dll
2009-01-01 19:13 . 2006-09-29 11:26 176,165 —a
c:windowssystem32drv23260.dll
2008-12-21 00:40 . 2008-12-21 00:48d
c:program filesWebteh
2008-12-11 12:56 . 2008-12-11 12:56d
c:documents and settingsAll UsersApplication Datavsosdk
2008-12-11 09:32 . 2009-01-04 17:18d
c:documents and settingsВиталийApplication DataVso
2008-12-11 09:32 . 2009-01-01 19:13 47,360 —a
c:windowssystem32driverspcouffin.sys
2008-12-11 09:32 . 2009-01-01 19:13 47,360 —a
c:documents and settingsВиталийApplication Datapcouffin.sys
2008-12-09 23:57 . 2008-12-09 23:57d
c:program filesTrend Micro
2008-12-09 18:08 . 2008-12-09 18:08d
c:program filesCommon FilesLogiShared
2008-12-09 18:08 . 2008-12-09 18:08d
c:documents and settingsВиталийApplication DataLogitech
2008-12-09 18:08 . 2008-12-09 18:08d
c:documents and settingsВиталийApplication DataLeadertech
2008-12-09 18:07 . 2008-12-09 18:07d
c:program filesYahoo!
2008-12-09 18:07 . 2008-12-09 18:07d
c:program filesCommon FilesScanner
2008-12-09 18:06 . 2007-04-11 15:33 1,419,024 —a
c:windowssystem32WdfCoInstaller01005.dll
2008-12-09 18:06 . 2007-04-11 15:32 34,832 —a
c:windowssystem32driversLHidFilt.Sys
2008-12-09 18:06 . 2008-12-09 18:06 0 —ah
c:windowssystem32driversMsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-09 18:06 . 2008-12-09 18:06 0 —ah
c:windowssystem32driversMsft_Kernel_LHidFilt_01005.Wdf
2008-12-09 18:05 . 2008-12-09 18:05d
c:documents and settingsAll UsersApplication DataLogitech
2008-12-09 18:05 . 2007-04-23 04:00 163,840 —a
c:windowssystem32kemutb.dll
2008-12-09 18:05 . 2007-04-23 04:00 135,168 —a
c:windowssystem32KemUtil.dll
2008-12-09 18:05 . 2007-04-23 04:00 110,592 —a
c:windowssystem32KemWnd.dll
2008-12-09 18:05 . 2007-04-23 04:00 69,632 —a
c:windowssystem32KemXML.dll
2008-12-09 18:04 . 2008-12-09 18:04d
c:documents and settingsAll UsersApplication DataLogiShrd
2008-12-09 18:00 . 2004-08-03 23:08 31,616 —a
c:windowssystem32driversusbccgp.sys
2008-12-09 18:00 . 2004-08-03 23:08 31,616 —a—c— c:windowssystem32dllcacheusbccgp.sys
2008-12-09 18:00 . 2004-08-17 16:04 21,504 —a
c:windowssystem32hidserv.dll
2008-12-09 18:00 . 2004-08-17 16:04 21,504 —a—c— c:windowssystem32dllcachehidserv.dll
2008-12-09 14:01 . 2008-12-09 14:01d
c:documents and settingsВиталийApplication DataSamsung
2008-12-09 13:59 . 2008-12-09 13:59d
c:windowssystem32Samsung PC Studio Codecs
2008-12-09 13:59 . 2005-08-28 20:51 766 —a
c:windowssystem32Uninstall.ico
2008-12-09 13:58 . 2008-12-09 13:58d
c:windowssystem32Samsung_USB_Drivers
2008-12-09 13:58 . 2008-12-09 13:58d
c:program filesSamsung
2008-12-09 13:58 . 2005-08-30 17:59 94,000 —a
c:windowssystem32driversss_mdm.sys
2008-12-09 13:58 . 2005-08-30 17:57 58,320 —a
c:windowssystem32driversss_bus.sys
2008-12-09 13:58 . 2005-08-13 05:06 22,486 -ra
c:windowssystem32UnInstall_Driver.ico
2008-12-09 13:58 . 2005-08-30 17:58 8,304 —a
c:windowssystem32driversss_mdfl.sys
2008-12-09 13:58 . 2005-08-30 17:58 6,144 —a
c:windowssystem32driversss_cmnt.sys
2008-12-09 13:58 . 2005-08-30 17:58 6,144 —a
c:windowssystem32driversss_cm.sys
2008-12-09 13:58 . 2005-08-30 17:57 5,808 —a
c:windowssystem32driversss_whnt.sys
2008-12-09 13:58 . 2005-08-30 17:57 5,808 —a
c:windowssystem32driversss_wh.sys
2008-12-09 12:41 . 2008-12-09 12:41d
c:windowssystem32ru-RU
2008-12-09 12:39 . 2008-12-09 12:39d
c:windowssystem32XPSViewer
2008-12-09 12:39 . 2008-12-09 12:39d
c:program filesReference Assemblies
2008-12-09 12:39 . 2008-12-09 12:39d
c:program filesMSBuild
2008-12-09 12:39 . 2006-06-29 13:07 14,048
c:windowssystem32spmsg2.dll
2008-12-09 12:37 . 2008-12-09 12:37d
c:program filesMSXML 6.0
2008-12-09 12:17 . 2008-07-12 08:18 3,851,784 —a
c:windowssystem32D3DX9_39.dll
2008-12-09 12:17 . 2008-07-12 08:18 1,493,528 —a
c:windowssystem32D3DCompiler_39.dll
2008-12-09 12:17 . 2008-07-31 10:40 509,448 —a
c:windowssystem32XAudio2_2.dll
2008-12-09 12:17 . 2008-07-12 08:18 467,984 —a
c:windowssystem32d3dx10_39.dll
2008-12-09 12:17 . 2008-07-31 10:41 238,088 —a
c:windowssystem32xactengine3_2.dll
2008-12-09 12:17 . 2008-07-31 10:41 68,616 —a
c:windowssystem32XAPOFX1_1.dll
2008-12-09 00:46 . 2008-12-28 12:40d
C:Downloads
2008-12-09 00:35 . 2009-01-05 15:56 13,195 —a
c:documents and settingsВиталийzguicfgw.dat
2008-12-09 00:35 . 2009-01-05 15:56 13,195 —a
c:documents and settingsВиталийzguicfgw.dat
2008-12-09 00:29 . 2009-01-06 22:57d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2008-12-09 00:20 . 2008-12-09 18:06d
c:program filesCommon FilesLogitech
2008-12-09 00:20 . 2004-04-14 11:08 44,064 —a
c:windowssystem32driversWmXlCore.sys
2008-12-09 00:20 . 2004-04-14 11:08 21,280 —a
c:windowssystem32driversWmFilter.sys
2008-12-09 00:20 . 2004-04-14 11:08 10,144 —a
c:windowssystem32driversWmBEnum.sys
2008-12-09 00:20 . 2004-04-14 11:08 5,600 —a
c:windowssystem32driversWmVirHid.sys
2008-12-09 00:19 . 2008-12-09 18:05d
c:program filesLogitech
2008-12-09 00:02 . 2008-12-09 00:02d
c:documents and settingsВиталийApplication DataICQ Toolbar
2008-12-08 23:57 . 2008-12-09 00:02d
c:program filesICQToolbar
2008-12-08 23:55 . 2008-12-09 00:00d
c:program filesICQ6
2008-12-08 23:49 . 2008-12-08 23:49d
c:documents and settingsВиталийApplication DataMozilla
2008-12-08 23:49 . 2008-12-09 00:00d
c:documents and settingsВиталийApplication DataICQ
2008-12-08 23:48 . 2008-12-08 23:48d
c:documents and settingsВиталийApplication DataInstallShield
2008-12-08 23:37 . 2008-12-08 23:37d
c:documents and settingsВиталийApplication DataOpera
2008-12-08 23:00 . 2008-12-09 00:07d
c:program filesuTorrent
2008-12-08 23:00 . 2008-12-08 23:00d
c:program filesOpera
2008-12-08 23:00 . 2009-01-07 23:40d
c:documents and settingsВиталийApplication DatauTorrent
2008-12-08 22:46 . 2009-01-06 22:26d
C:Distr.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 17:47 4,224 —-a-w c:windowssystem32driversbeep.sys
2008-12-28 09:41
d
w c:program filesFlashGet
2008-12-14 12:09
d
w c:program filesCommon FilesACD Systems
2008-12-09 15:05
d—h—w c:program filesInstallShield Installation Information
2008-12-08 16:58
d
w c:program filesWebshots
2008-12-04 11:59
d
w c:program filesCommon FilesInstallShield
2008-12-04 11:59
d
w c:program filesASUSTeK
2008-11-23 17:09 304,528 —-a-w c:windowssystem32appdrvrem01.exe
2008-11-23 17:09 3,100,776 —-a-w c:windowssystem32driversappdrv01.sys
2008-11-23 14:23 138,464 —-a-w c:windowssystem32driversPnkBstrK.sys
2008-11-23 14:23 111,928 —-a-w c:windowssystem32PnkBstrB.exe
2008-11-23 14:08
d
w c:program files1C
2008-11-19 21:55
d
w c:program filesArmies Of Exigo
2008-11-19 21:48 81,920 —-a-w c:windowssystem32OpenAL32.dll
2008-11-17 21:09
d
w c:documents and settingsВиталийApplication DataRed Alert 3
2008-11-17 17:45
d—h—r c:documents and settingsВиталийApplication DataSecuROM
2008-11-17 17:42
d
w c:program filesElectronic Arts
2008-11-15 17:12 682,280 —-a-w c:windowssystem32pbsvc.exe
2008-11-15 17:12 66,872 —-a-w c:windowssystem32PnkBstrA.exe
2008-11-15 17:12 22,328 —-a-w c:documents and settingsВиталийApplication DataPnkBstrK.sys
2008-11-15 16:47
d
w c:program filesDAEMON Tools Toolbar
2008-11-15 16:47
d
w c:program filesDAEMON Tools Lite
2008-11-15 16:43 717,296 —-a-w c:windowssystem32driverssptd.sys
2008-11-15 16:43
d
w c:documents and settingsВиталийApplication DataDAEMON Tools
2007-11-21 19:57 5,276 -c—a-w c:program filesPatchWise.log
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-07-24 490952]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2008-09-16 1833296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-16 13529088]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-16 86016]
«RemoteControl»=»c:program filesASUSTeKASUSDVDPDVDServ.exe» [2004-11-02 32768]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2008-07-29 206088]
«nwiz»=»nwiz.exe» [2008-05-16 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2008-01-29 32784]
R1 appdrv01;Application Driver (01);c:windowssystem32driversappdrv01.sys [2008-11-23 3100776]
R3 FStarForce;FStarForce;c:windowssystem32driversFStarForce.sys [2008-11-23 9216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [2008-04-30 24592]
R4 osaio;osaio;c:windowssystem32driversosaio.sys [2007-11-21 6784]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc —> c:windowsSystem32appdrvrem01.exe svc [?]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 00:17:56
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1715567821-113007714-725345543-1003SoftwareMicrosoftActiveMoviedevenum{33D9A761-90C8-11D0-BD43-00A0C911CE86}3*NULL*4*NULL*D*NULL*S*NULL*P*NULL* *NULL*G*NULL*r*NULL*o*NULL*u*NULL*p*NULL* *NULL*T*NULL*r*NULL*u*NULL*e*NULL*S*NULL*p*NULL*e*NULL*e*NULL*c*NULL*h*NULL*»!]
«FriendlyName»=»DSP Group TrueSpeech™»
«CLSID»=»{6A08CF80-0E18-11CF-A24D-0020AFD79767}»
«FilterData»=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,
00,00,00,60,00,00,00,70,00,00,00,31,70,69,33,08,00,00,00,00,00,00,00,01,00,
00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,00,00,00,60,00,00,00,80,00,00,
00,61,75,64,73,00,00,10,00,80,00,00,aa,00,38,9b,71,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,22,00,00,00,00,00,10,00,80,00,00,aa,00,38,9b,71
«AcmId»=dword:00000022[HKEY_LOCAL_MACHINESystemControlSet001ControlMediaPropertiesPrivatePropertiesMidiPortsY%QNIQBN *NULL*OEEM@GM@^EMH *NULL* *NULL*M*NULL*I*NULL*D*NULL*I*NULL* *NULL* *NULL*[*NULL*-
.
Completion time: 2009-01-08 0:18:27
ComboFix-quarantined-files.txt 2009-01-07 21:18:25Pre-Run: 5,700,808,704 байт свободно
Post-Run: 5,691,883,520 байт свободно208
Лог Malwarebytes’ Anti-Malware:
Malwarebytes’ Anti-Malware 1.32
Версия базы данных: 1629
Windows 5.1.2600 Service Pack 22009-01-08 03:51:31
mbam-log-2009-01-08 (03-51-31).txtТип проверки: Полная (C:|D:|E:|)
Проверено объектов: 124515
Прошло времени: 32 minute(s), 30 second(s)Заражено процессов в памяти: 0
Заражено модулей в памяти: 0
Заражено ключей реестра: 0
Заражено значений реестра: 0
Заражено параметров реестра: 0
Заражено папок: 0
Заражено файлов: 3Заражено процессов в памяти:
(Вредоносные программы не обнаружены)Заражено модулей в памяти:
(Вредоносные программы не обнаружены)Заражено ключей реестра:
(Вредоносные программы не обнаружены)Заражено значений реестра:
(Вредоносные программы не обнаружены)Заражено параметров реестра:
(Вредоносные программы не обнаружены)Заражено папок:
(Вредоносные программы не обнаружены)Заражено файлов:
C:DistrДокументыSoftпрограмы_Sound_ForgeSOUND_FORGE_8.128D_RUSKEYGENKEYGEN.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:DistrДокументыSoftпрограмы_Sound_ForgeSOUND_FORGE_8.128D_RUSKEYGENSF8_RETAIL.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:DistrДокументыSoftпрограмы_Sound_ForgeSOUND_FORGE_8.128D_RUSKEYGENSF8_TRIAL.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.Выполнил вышеуказанные действия.Пожалуйста,посмотрите лог:
ComboFix 09-01-05.05 — Виталий 2009-01-06 22:11:44.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.2030.1643 [GMT 3:00]
Running from: c:documents and settingsВиталийРабочий столComboFix.exe
Command switches used :: c:documents and settingsВиталийРабочий столCFScript.txt
AV: Антивирус Касперского *On-access scanning disabled* (Outdated)
FW: Антивирус Касперского *disabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:windowssystem32Commonsmss.exe
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32Commonsmss.exe
c:windowssystem32k.exe
c:windowstemp85440.exe.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_EHRESVC
Legacy_QQSSQF
Legacy_WINHELP
Legacy_WINHELP30
Service_ehResvc
Service_qqssqf
Service_WinHelp30((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.2009-01-06 21:02 . 2009-01-06 21:02
d
c:documents and settingsLocalServiceApplication DataICQ Toolbar
2009-01-06 20:30 . 2009-01-06 21:02dr
c:documents and settingsLocalServiceИзбранное
2009-01-06 20:30 . 2009-01-06 21:02dr
c:documents and settingsLocalServiceИзбранное
2009-01-06 20:30 . 2009-01-06 22:13 69,632 —a
c:windowssystem32Server.dll
2009-01-06 20:29 . 2009-01-06 20:29 1 —a
c:windowssystem3200054347.ini
2009-01-06 18:37 . 2009-01-06 18:37 39,169 —hs—- c:windowssystem32DuBa.exe
2009-01-06 13:35 . 2009-01-06 22:08d
c:windowssystem32SC
2009-01-06 13:34 . 2009-01-06 22:11d
c:windowssystem32Common
2009-01-06 13:34 . 2009-01-06 13:34 34,304 —a
c:windowssystem32Ntsvc.ocx
2009-01-06 13:34 . 2009-01-06 13:34 1 —a
c:windowssystem3252c8a.imi
2009-01-06 13:34 . 2009-01-06 13:34 1 —a
c:windowssystem3200051ecc.ini
2009-01-06 13:34 . 2009-01-06 13:34 1 —a
c:windowssystem32000474cf.ini
2009-01-05 14:34 . 2009-01-06 13:34d
c:windowssystem32MSN
2009-01-04 13:15 . 2009-01-04 13:30 96,976 —a
c:windowssystem32driversklin.dat
2009-01-04 13:15 . 2009-01-04 13:15 87,855 —a
c:windowssystem32driversklick.dat
2009-01-04 13:14 . 2009-01-04 13:14d
c:program filesKaspersky Lab
2009-01-04 13:14 . 2009-01-06 22:06d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-01-04 13:14 . 2009-01-06 22:12 3,196,960 —ahs—- c:windowssystem32driversfidbox.dat
2009-01-04 13:14 . 2009-01-06 22:15 303,136 —ahs—- c:windowssystem32driversfidbox2.dat
2009-01-04 13:14 . 2009-01-06 22:12 28,152 —ahs—- c:windowssystem32driversfidbox.idx
2009-01-04 13:14 . 2009-01-06 22:15 3,164 —ahs—- c:windowssystem32driversfidbox2.idx
2009-01-04 13:10 . 2009-01-04 13:10d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-01 19:13 . 2009-01-01 19:13d
c:program filesVSO
2009-01-01 19:13 . 2006-09-29 11:24 217,127 —a
c:windowssystem32drv43260.dll
2009-01-01 19:13 . 2006-09-29 11:25 208,935 —a
c:windowssystem32drv33260.dll
2009-01-01 19:13 . 2006-09-29 11:26 176,165 —a
c:windowssystem32drv23260.dll
2008-12-21 00:40 . 2008-12-21 00:48d
c:program filesWebteh
2008-12-11 12:56 . 2008-12-11 12:56d
c:documents and settingsAll UsersApplication Datavsosdk
2008-12-11 09:32 . 2009-01-04 17:18d
c:documents and settingsВиталийApplication DataVso
2008-12-11 09:32 . 2009-01-01 19:13 47,360 —a
c:windowssystem32driverspcouffin.sys
2008-12-11 09:32 . 2009-01-01 19:13 47,360 —a
c:documents and settingsВиталийApplication Datapcouffin.sys
2008-12-09 23:57 . 2008-12-09 23:57d
c:program filesTrend Micro
2008-12-09 18:08 . 2008-12-09 18:08d
c:program filesCommon FilesLogiShared
2008-12-09 18:08 . 2008-12-09 18:08d
c:documents and settingsВиталийApplication DataLogitech
2008-12-09 18:08 . 2008-12-09 18:08d
c:documents and settingsВиталийApplication DataLeadertech
2008-12-09 18:07 . 2008-12-09 18:07d
c:program filesYahoo!
2008-12-09 18:07 . 2008-12-09 18:07d
c:program filesCommon FilesScanner
2008-12-09 18:06 . 2007-04-11 15:33 1,419,024 —a
c:windowssystem32WdfCoInstaller01005.dll
2008-12-09 18:06 . 2007-04-11 15:32 34,832 —a
c:windowssystem32driversLHidFilt.Sys
2008-12-09 18:06 . 2008-12-09 18:06 0 —ah
c:windowssystem32driversMsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-09 18:06 . 2008-12-09 18:06 0 —ah
c:windowssystem32driversMsft_Kernel_LHidFilt_01005.Wdf
2008-12-09 18:05 . 2008-12-09 18:05d
c:documents and settingsAll UsersApplication DataLogitech
2008-12-09 18:05 . 2007-04-23 04:00 163,840 —a
c:windowssystem32kemutb.dll
2008-12-09 18:05 . 2007-04-23 04:00 135,168 —a
c:windowssystem32KemUtil.dll
2008-12-09 18:05 . 2007-04-23 04:00 110,592 —a
c:windowssystem32KemWnd.dll
2008-12-09 18:05 . 2007-04-23 04:00 69,632 —a
c:windowssystem32KemXML.dll
2008-12-09 18:04 . 2008-12-09 18:04d
c:documents and settingsAll UsersApplication DataLogiShrd
2008-12-09 18:00 . 2004-08-03 23:08 31,616 —a
c:windowssystem32driversusbccgp.sys
2008-12-09 18:00 . 2004-08-03 23:08 31,616 —a—c— c:windowssystem32dllcacheusbccgp.sys
2008-12-09 18:00 . 2004-08-17 16:04 21,504 —a
c:windowssystem32hidserv.dll
2008-12-09 18:00 . 2004-08-17 16:04 21,504 —a—c— c:windowssystem32dllcachehidserv.dll
2008-12-09 14:01 . 2008-12-09 14:01d
c:documents and settingsВиталийApplication DataSamsung
2008-12-09 13:59 . 2008-12-09 13:59d
c:windowssystem32Samsung PC Studio Codecs
2008-12-09 13:59 . 2005-08-28 20:51 766 —a
c:windowssystem32Uninstall.ico
2008-12-09 13:58 . 2008-12-09 13:58d
c:windowssystem32Samsung_USB_Drivers
2008-12-09 13:58 . 2008-12-09 13:58d
c:program filesSamsung
2008-12-09 13:58 . 2005-08-30 17:59 94,000 —a
c:windowssystem32driversss_mdm.sys
2008-12-09 13:58 . 2005-08-30 17:57 58,320 —a
c:windowssystem32driversss_bus.sys
2008-12-09 13:58 . 2005-08-13 05:06 22,486 -ra
c:windowssystem32UnInstall_Driver.ico
2008-12-09 13:58 . 2005-08-30 17:58 8,304 —a
c:windowssystem32driversss_mdfl.sys
2008-12-09 13:58 . 2005-08-30 17:58 6,144 —a
c:windowssystem32driversss_cmnt.sys
2008-12-09 13:58 . 2005-08-30 17:58 6,144 —a
c:windowssystem32driversss_cm.sys
2008-12-09 13:58 . 2005-08-30 17:57 5,808 —a
c:windowssystem32driversss_whnt.sys
2008-12-09 13:58 . 2005-08-30 17:57 5,808 —a
c:windowssystem32driversss_wh.sys
2008-12-09 12:41 . 2008-12-09 12:41d
c:windowssystem32ru-RU
2008-12-09 12:39 . 2008-12-09 12:39d
c:windowssystem32XPSViewer
2008-12-09 12:39 . 2008-12-09 12:39d
c:program filesReference Assemblies
2008-12-09 12:39 . 2008-12-09 12:39d
c:program filesMSBuild
2008-12-09 12:39 . 2006-06-29 13:07 14,048
c:windowssystem32spmsg2.dll
2008-12-09 12:37 . 2008-12-09 12:37d
c:program filesMSXML 6.0
2008-12-09 12:17 . 2008-07-12 08:18 3,851,784 —a
c:windowssystem32D3DX9_39.dll
2008-12-09 12:17 . 2008-07-12 08:18 1,493,528 —a
c:windowssystem32D3DCompiler_39.dll
2008-12-09 12:17 . 2008-07-31 10:40 509,448 —a
c:windowssystem32XAudio2_2.dll
2008-12-09 12:17 . 2008-07-12 08:18 467,984 —a
c:windowssystem32d3dx10_39.dll
2008-12-09 12:17 . 2008-07-31 10:41 238,088 —a
c:windowssystem32xactengine3_2.dll
2008-12-09 12:17 . 2008-07-31 10:41 68,616 —a
c:windowssystem32XAPOFX1_1.dll
2008-12-09 00:46 . 2008-12-28 12:40d
C:Downloads
2008-12-09 00:35 . 2009-01-05 15:56 13,195 —a
c:documents and settingsВиталийzguicfgw.dat
2008-12-09 00:35 . 2009-01-05 15:56 13,195 —a
c:documents and settingsВиталийzguicfgw.dat
2008-12-09 00:29 . 2009-01-04 13:12d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2008-12-09 00:20 . 2008-12-09 18:06d
c:program filesCommon FilesLogitech
2008-12-09 00:20 . 2004-04-14 11:08 44,064 —a
c:windowssystem32driversWmXlCore.sys
2008-12-09 00:20 . 2004-04-14 11:08 21,280 —a
c:windowssystem32driversWmFilter.sys
2008-12-09 00:20 . 2004-04-14 11:08 10,144 —a
c:windowssystem32driversWmBEnum.sys
2008-12-09 00:20 . 2004-04-14 11:08 5,600 —a
c:windowssystem32driversWmVirHid.sys
2008-12-09 00:19 . 2008-12-09 18:05d
c:program filesLogitech
2008-12-09 00:02 . 2008-12-09 00:02d
c:documents and settingsВиталийApplication DataICQ Toolbar
2008-12-08 23:57 . 2008-12-09 00:02d
c:program filesICQToolbar
2008-12-08 23:55 . 2008-12-09 00:00d
c:program filesICQ6
2008-12-08 23:49 . 2008-12-08 23:49d
c:documents and settingsВиталийApplication DataMozilla
2008-12-08 23:49 . 2008-12-09 00:00d
c:documents and settingsВиталийApplication DataICQ
2008-12-08 23:48 . 2008-12-08 23:48d
c:documents and settingsВиталийApplication DataInstallShield
2008-12-08 23:37 . 2008-12-08 23:37d
c:documents and settingsВиталийApplication DataOpera
2008-12-08 23:00 . 2008-12-09 00:07d
c:program filesuTorrent
2008-12-08 23:00 . 2008-12-08 23:00d
c:program filesOpera
2008-12-08 23:00 . 2009-01-06 20:20d
c:documents and settingsВиталийApplication DatauTorrent
2008-12-08 22:46 . 2009-01-06 11:29d
C:Distr.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 19:08 4,224 —-a-w c:windowssystem32driversbeep.sys
2008-12-28 09:41
d
w c:program filesFlashGet
2008-12-14 12:09
d
w c:program filesCommon FilesACD Systems
2008-12-09 15:05
d—h—w c:program filesInstallShield Installation Information
2008-12-08 16:58
d
w c:program filesWebshots
2008-12-04 11:59
d
w c:program filesCommon FilesInstallShield
2008-12-04 11:59
d
w c:program filesASUSTeK
2008-11-23 17:09 3,100,776 —-a-w c:windowssystem32driversappdrv01.sys
2008-11-23 14:23 138,464 —-a-w c:windowssystem32driversPnkBstrK.sys
2008-11-23 14:08
d
w c:program files1C
2008-11-19 21:55
d
w c:program filesArmies Of Exigo
2008-11-17 21:09
d
w c:documents and settingsВиталийApplication DataRed Alert 3
2008-11-17 17:45
d—h—r c:documents and settingsВиталийApplication DataSecuROM
2008-11-17 17:42
d
w c:program filesElectronic Arts
2008-11-15 17:12 22,328 —-a-w c:documents and settingsВиталийApplication DataPnkBstrK.sys
2008-11-15 16:47
d
w c:program filesDAEMON Tools Toolbar
2008-11-15 16:47
d
w c:program filesDAEMON Tools Lite
2008-11-15 16:43 717,296 —-a-w c:windowssystem32driverssptd.sys
2008-11-15 16:43
d
w c:documents and settingsВиталийApplication DataDAEMON Tools
2007-11-21 19:57 5,276 -c—a-w c:program filesPatchWise.log
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-07-24 490952][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-16 13529088]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-16 86016]
«RemoteControl»=»c:program filesASUSTeKASUSDVDPDVDServ.exe» [2004-11-02 32768]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2008-07-29 206088]
«nwiz»=»nwiz.exe» [2008-05-16 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2008-01-29 32784]
R1 appdrv01;Application Driver (01);c:windowssystem32driversappdrv01.sys [2008-11-23 3100776]
R3 FStarForce;FStarForce;c:windowssystem32driversFStarForce.sys [2008-11-23 9216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [2008-04-30 24592]
R4 osaio;osaio;c:windowssystem32driversosaio.sys [2007-11-21 6784]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc —> c:windowsSystem32appdrvrem01.exe svc [?]
S4 KingDuuBa;KingDuBa Driver;c:windowssystem32DuBa.exe [2009-01-06 39169]
S4 Kingk;Kingk Driver;c:windowssystem32k.exe —> c:windowssystem32k.exe [?]
S4 Storm DDOS Service;Storm DDOS soft Service;c:windowssystem32SCS001.exe [2009-01-06 94208]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 22:15:38
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1715567821-113007714-725345543-1003SoftwareMicrosoftActiveMoviedevenum{33D9A761-90C8-11D0-BD43-00A0C911CE86}3*NULL*4*NULL*D*NULL*S*NULL*P*NULL* *NULL*G*NULL*r*NULL*o*NULL*u*NULL*p*NULL* *NULL*T*NULL*r*NULL*u*NULL*e*NULL*S*NULL*p*NULL*e*NULL*e*NULL*c*NULL*h*NULL*»!]
«FriendlyName»=»DSP Group TrueSpeech™»
«CLSID»=»{6A08CF80-0E18-11CF-A24D-0020AFD79767}»
«FilterData»=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,
00,00,00,60,00,00,00,70,00,00,00,31,70,69,33,08,00,00,00,00,00,00,00,01,00,
00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,00,00,00,60,00,00,00,80,00,00,
00,61,75,64,73,00,00,10,00,80,00,00,aa,00,38,9b,71,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,22,00,00,00,00,00,10,00,80,00,00,aa,00,38,9b,71
«AcmId»=dword:00000022[HKEY_LOCAL_MACHINESystemControlSet001ControlMediaPropertiesPrivatePropertiesMidiPortsY%QNIQBN *NULL*OEEM@GM@^EMH *NULL* *NULL*M*NULL*I*NULL*D*NULL*I*NULL* *NULL* *NULL*[*NULL*-
.
Other Running Processes
.
c:windowssystem32rundll32.exe
c:program filesIntelIDUawServ.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:windowssystem32nvsvc32.exe
c:windowssystem32PnkBstrA.exe
c:program filesSigmaTelC-Major AudioWDMstacsv.exe
c:program filesInternet ExplorerIEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-01-06 22:16:37 — machine was rebooted
ComboFix-quarantined-files.txt 2009-01-06 19:16:35
ComboFix2.txt 2009-01-06 14:39:30Pre-Run: 5 212 291 072 байт свободно
Post-Run: 5,160,394,752 байт свободно233
Вот лог с Combofix:
ComboFix 09-01-05.05 — Виталий 2009-01-06 17:38:14.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.2030.1651 [GMT 3:00]
Running from: c:documents and settingsВиталийРабочий столComboFix.exe
AV: Антивирус Касперского *On-access scanning disabled* (Outdated)
FW: Антивирус Касперского *disabled*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.2009-01-06 13:35 . 2009-01-06 17:37
d
c:windowssystem32SC
2009-01-06 13:34 . 2009-01-06 17:36d
c:windowssystem32Common
2009-01-06 13:34 . 2009-01-06 13:34 34,304 —a
c:windowssystem32Ntsvc.ocx
2009-01-06 13:34 . 2009-01-06 13:34 1 —a
c:windowssystem3252c8a.imi
2009-01-06 13:34 . 2009-01-06 13:34 1 —a
c:windowssystem3200051ecc.ini
2009-01-06 13:34 . 2009-01-06 13:34 1 —a
c:windowssystem32000474cf.ini
2009-01-05 14:34 . 2009-01-06 13:34d
c:windowssystem32MSN
2009-01-04 13:15 . 2009-01-04 13:30 96,976 —a
c:windowssystem32driversklin.dat
2009-01-04 13:15 . 2009-01-04 13:15 87,855 —a
c:windowssystem32driversklick.dat
2009-01-04 13:14 . 2009-01-04 13:14d
c:program filesKaspersky Lab
2009-01-04 13:14 . 2009-01-06 14:19d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-01-04 13:14 . 2009-01-06 14:18 3,196,960 —ahs—- c:windowssystem32driversfidbox.dat
2009-01-04 13:14 . 2009-01-06 14:18 270,368 —ahs—- c:windowssystem32driversfidbox2.dat
2009-01-04 13:14 . 2009-01-06 14:18 28,152 —ahs—- c:windowssystem32driversfidbox.idx
2009-01-04 13:14 . 2009-01-06 14:18 3,052 —ahs—- c:windowssystem32driversfidbox2.idx
2009-01-04 13:10 . 2009-01-04 13:10d
c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-01 19:13 . 2009-01-01 19:13d
c:program filesVSO
2009-01-01 19:13 . 2006-09-29 11:24 217,127 —a
c:windowssystem32drv43260.dll
2009-01-01 19:13 . 2006-09-29 11:25 208,935 —a
c:windowssystem32drv33260.dll
2009-01-01 19:13 . 2006-09-29 11:26 176,165 —a
c:windowssystem32drv23260.dll
2008-12-21 00:40 . 2008-12-21 00:48d
c:program filesWebteh
2008-12-11 12:56 . 2008-12-11 12:56d
c:documents and settingsAll UsersApplication Datavsosdk
2008-12-11 09:32 . 2009-01-04 17:18d
c:documents and settingsВиталийApplication DataVso
2008-12-11 09:32 . 2009-01-01 19:13 47,360 —a
c:windowssystem32driverspcouffin.sys
2008-12-11 09:32 . 2009-01-01 19:13 47,360 —a
c:documents and settingsВиталийApplication Datapcouffin.sys
2008-12-09 23:57 . 2008-12-09 23:57d
c:program filesTrend Micro
2008-12-09 18:08 . 2008-12-09 18:08d
c:program filesCommon FilesLogiShared
2008-12-09 18:08 . 2008-12-09 18:08d
c:documents and settingsВиталийApplication DataLogitech
2008-12-09 18:08 . 2008-12-09 18:08d
c:documents and settingsВиталийApplication DataLeadertech
2008-12-09 18:07 . 2008-12-09 18:07d
c:program filesYahoo!
2008-12-09 18:07 . 2008-12-09 18:07d
c:program filesCommon FilesScanner
2008-12-09 18:06 . 2007-04-11 15:33 1,419,024 —a
c:windowssystem32WdfCoInstaller01005.dll
2008-12-09 18:06 . 2007-04-11 15:32 34,832 —a
c:windowssystem32driversLHidFilt.Sys
2008-12-09 18:06 . 2008-12-09 18:06 0 —ah
c:windowssystem32driversMsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-09 18:06 . 2008-12-09 18:06 0 —ah
c:windowssystem32driversMsft_Kernel_LHidFilt_01005.Wdf
2008-12-09 18:05 . 2008-12-09 18:05d
c:documents and settingsAll UsersApplication DataLogitech
2008-12-09 18:05 . 2007-04-23 04:00 163,840 —a
c:windowssystem32kemutb.dll
2008-12-09 18:05 . 2007-04-23 04:00 135,168 —a
c:windowssystem32KemUtil.dll
2008-12-09 18:05 . 2007-04-23 04:00 110,592 —a
c:windowssystem32KemWnd.dll
2008-12-09 18:05 . 2007-04-23 04:00 69,632 —a
c:windowssystem32KemXML.dll
2008-12-09 18:04 . 2008-12-09 18:04d
c:documents and settingsAll UsersApplication DataLogiShrd
2008-12-09 18:00 . 2004-08-03 23:08 31,616 —a
c:windowssystem32driversusbccgp.sys
2008-12-09 18:00 . 2004-08-03 23:08 31,616 —a—c— c:windowssystem32dllcacheusbccgp.sys
2008-12-09 18:00 . 2004-08-17 16:04 21,504 —a
c:windowssystem32hidserv.dll
2008-12-09 18:00 . 2004-08-17 16:04 21,504 —a—c— c:windowssystem32dllcachehidserv.dll
2008-12-09 14:01 . 2008-12-09 14:01d
c:documents and settingsВиталийApplication DataSamsung
2008-12-09 13:59 . 2008-12-09 13:59d
c:windowssystem32Samsung PC Studio Codecs
2008-12-09 13:59 . 2005-08-28 20:51 766 —a
c:windowssystem32Uninstall.ico
2008-12-09 13:58 . 2008-12-09 13:58d
c:windowssystem32Samsung_USB_Drivers
2008-12-09 13:58 . 2008-12-09 13:58d
c:program filesSamsung
2008-12-09 13:58 . 2005-08-30 17:59 94,000 —a
c:windowssystem32driversss_mdm.sys
2008-12-09 13:58 . 2005-08-30 17:57 58,320 —a
c:windowssystem32driversss_bus.sys
2008-12-09 13:58 . 2005-08-13 05:06 22,486 -ra
c:windowssystem32UnInstall_Driver.ico
2008-12-09 13:58 . 2005-08-30 17:58 8,304 —a
c:windowssystem32driversss_mdfl.sys
2008-12-09 13:58 . 2005-08-30 17:58 6,144 —a
c:windowssystem32driversss_cmnt.sys
2008-12-09 13:58 . 2005-08-30 17:58 6,144 —a
c:windowssystem32driversss_cm.sys
2008-12-09 13:58 . 2005-08-30 17:57 5,808 —a
c:windowssystem32driversss_whnt.sys
2008-12-09 13:58 . 2005-08-30 17:57 5,808 —a
c:windowssystem32driversss_wh.sys
2008-12-09 12:41 . 2008-12-09 12:41d
c:windowssystem32ru-RU
2008-12-09 12:39 . 2008-12-09 12:39d
c:windowssystem32XPSViewer
2008-12-09 12:39 . 2008-12-09 12:39d
c:program filesReference Assemblies
2008-12-09 12:39 . 2008-12-09 12:39d
c:program filesMSBuild
2008-12-09 12:39 . 2006-06-29 13:07 14,048
c:windowssystem32spmsg2.dll
2008-12-09 12:37 . 2008-12-09 12:37d
c:program filesMSXML 6.0
2008-12-09 12:17 . 2008-07-12 08:18 3,851,784 —a
c:windowssystem32D3DX9_39.dll
2008-12-09 12:17 . 2008-07-12 08:18 1,493,528 —a
c:windowssystem32D3DCompiler_39.dll
2008-12-09 12:17 . 2008-07-31 10:40 509,448 —a
c:windowssystem32XAudio2_2.dll
2008-12-09 12:17 . 2008-07-12 08:18 467,984 —a
c:windowssystem32d3dx10_39.dll
2008-12-09 12:17 . 2008-07-31 10:41 238,088 —a
c:windowssystem32xactengine3_2.dll
2008-12-09 12:17 . 2008-07-31 10:41 68,616 —a
c:windowssystem32XAPOFX1_1.dll
2008-12-09 00:46 . 2008-12-28 12:40d
C:Downloads
2008-12-09 00:35 . 2009-01-05 15:56 13,195 —a
c:documents and settingsВиталийzguicfgw.dat
2008-12-09 00:35 . 2009-01-05 15:56 13,195 —a
c:documents and settingsВиталийzguicfgw.dat
2008-12-09 00:29 . 2009-01-04 13:12d
c:program filesSpybot — Search & Destroy
2008-12-09 00:29 . 2009-01-04 13:12d
c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
2008-12-09 00:20 . 2008-12-09 18:06d
c:program filesCommon FilesLogitech
2008-12-09 00:20 . 2004-04-14 11:08 44,064 —a
c:windowssystem32driversWmXlCore.sys
2008-12-09 00:20 . 2004-04-14 11:08 21,280 —a
c:windowssystem32driversWmFilter.sys
2008-12-09 00:20 . 2004-04-14 11:08 10,144 —a
c:windowssystem32driversWmBEnum.sys
2008-12-09 00:20 . 2004-04-14 11:08 5,600 —a
c:windowssystem32driversWmVirHid.sys
2008-12-09 00:19 . 2008-12-09 18:05d
c:program filesLogitech
2008-12-09 00:02 . 2008-12-09 00:02d
c:documents and settingsВиталийApplication DataICQ Toolbar
2008-12-08 23:57 . 2008-12-09 00:02d
c:program filesICQToolbar
2008-12-08 23:55 . 2008-12-09 00:00d
c:program filesICQ6
2008-12-08 23:49 . 2008-12-08 23:49d
c:documents and settingsВиталийApplication DataMozilla
2008-12-08 23:49 . 2008-12-09 00:00d
c:documents and settingsВиталийApplication DataICQ
2008-12-08 23:48 . 2008-12-08 23:48d
c:documents and settingsВиталийApplication DataInstallShield
2008-12-08 23:37 . 2008-12-08 23:37d
c:documents and settingsВиталийApplication DataOpera
2008-12-08 23:00 . 2008-12-09 00:07d
c:program filesuTorrent
2008-12-08 23:00 . 2008-12-08 23:00d
c:program filesOpera
2008-12-08 23:00 . 2009-01-06 13:54d
c:documents and settingsВиталийApplication DatauTorrent
2008-12-08 22:46 . 2009-01-06 11:29d
C:Distr.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 09:41
d
w c:program filesFlashGet
2008-12-14 12:09
d
w c:program filesCommon FilesACD Systems
2008-12-09 15:05
d—h—w c:program filesInstallShield Installation Information
2008-12-08 16:58
d
w c:program filesWebshots
2008-12-04 11:59
d
w c:program filesCommon FilesInstallShield
2008-12-04 11:59
d
w c:program filesASUSTeK
2008-11-23 17:09 304,528 —-a-w c:windowssystem32appdrvrem01.exe
2008-11-23 17:09 3,100,776 —-a-w c:windowssystem32driversappdrv01.sys
2008-11-23 14:23 138,464 —-a-w c:windowssystem32driversPnkBstrK.sys
2008-11-23 14:23 111,928 —-a-w c:windowssystem32PnkBstrB.exe
2008-11-23 14:08
d
w c:program files1C
2008-11-19 21:55
d
w c:program filesArmies Of Exigo
2008-11-19 21:48 81,920 —-a-w c:windowssystem32OpenAL32.dll
2008-11-17 21:09
d
w c:documents and settingsВиталийApplication DataRed Alert 3
2008-11-17 17:45
d—h—r c:documents and settingsВиталийApplication DataSecuROM
2008-11-17 17:42
d
w c:program filesElectronic Arts
2008-11-15 17:12 682,280 —-a-w c:windowssystem32pbsvc.exe
2008-11-15 17:12 66,872 —-a-w c:windowssystem32PnkBstrA.exe
2008-11-15 17:12 22,328 —-a-w c:documents and settingsВиталийApplication DataPnkBstrK.sys
2008-11-15 16:47
d
w c:program filesDAEMON Tools Toolbar
2008-11-15 16:47
d
w c:program filesDAEMON Tools Lite
2008-11-15 16:43 717,296 —-a-w c:windowssystem32driverssptd.sys
2008-11-15 16:43
d
w c:documents and settingsВиталийApplication DataDAEMON Tools
2007-11-21 19:57 5,276 -c—a-w c:program filesPatchWise.log
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«DAEMON Tools Lite»=»c:program filesDAEMON Tools Litedaemon.exe» [2008-07-24 490952][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-05-16 13529088]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-05-16 86016]
«RemoteControl»=»c:program filesASUSTeKASUSDVDPDVDServ.exe» [2004-11-02 32768]
«AVP»=»c:program filesKaspersky LabKaspersky Anti-Virus 2009avp.exe» [2008-07-29 206088]
«nwiz»=»nwiz.exe» [2008-05-16 c:windowssystem32nwiz.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
@=»»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;c:windowssystem32driversklbg.sys [2008-01-29 32784]
R1 appdrv01;Application Driver (01);c:windowssystem32driversappdrv01.sys [2008-11-23 3100776]
R3 FStarForce;FStarForce;c:windowssystem32driversFStarForce.sys [2008-11-23 9216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [2008-04-30 24592]
R4 ehResvc;Event Help Receiver Service;c:windowssystem32Commonsmss.exe [2009-01-06 9728]
R4 osaio;osaio;c:windowssystem32driversosaio.sys [2007-11-21 6784]
R4 qqssqf;qqssqf;c:windowssystem32SVCHOST.EXE -k qqssqf [2004-08-18 14336]
R4 WinHelp;WindowsHelpSysten;c:windowssystem32svchost.exe -k WinHelp [2004-08-18 14336]
R4 WinHelp30;WindowsHelpSystenx30;c:windowssystem32svchost.exe -k WinHelp30 [2004-08-18 14336]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc —> c:windowsSystem32appdrvrem01.exe svc [?][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
WinHelp30 REG_MULTI_SZ WinHelp30
WinHelp REG_MULTI_SZ WinHelp
qqssqf REG_MULTI_SZ qqssqf
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 17:38:58
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1715567821-113007714-725345543-1003SoftwareMicrosoftActiveMoviedevenum{33D9A761-90C8-11D0-BD43-00A0C911CE86}3*NULL*4*NULL*D*NULL*S*NULL*P*NULL* *NULL*G*NULL*r*NULL*o*NULL*u*NULL*p*NULL* *NULL*T*NULL*r*NULL*u*NULL*e*NULL*S*NULL*p*NULL*e*NULL*e*NULL*c*NULL*h*NULL*»!]
«FriendlyName»=»DSP Group TrueSpeech™»
«CLSID»=»{6A08CF80-0E18-11CF-A24D-0020AFD79767}»
«FilterData»=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,
00,00,00,60,00,00,00,70,00,00,00,31,70,69,33,08,00,00,00,00,00,00,00,01,00,
00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,00,00,00,60,00,00,00,80,00,00,
00,61,75,64,73,00,00,10,00,80,00,00,aa,00,38,9b,71,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,22,00,00,00,00,00,10,00,80,00,00,aa,00,38,9b,71
«AcmId»=dword:00000022[HKEY_LOCAL_MACHINESystemControlSet001ControlMediaPropertiesPrivatePropertiesMidiPortsY%QNIQBN *NULL*OEEM@GM@^EMH *NULL* *NULL*M*NULL*I*NULL*D*NULL*I*NULL* *NULL* *NULL*[*NULL*-
.
Completion time: 2009-01-06 17:39:29
ComboFix-quarantined-files.txt 2009-01-06 14:39:26
ComboFix2.txt 2009-01-06 11:07:16Pre-Run: 5 255 114 752 байт свободно
Post-Run: 5,245,796,352 байт свободно206
Да, забыл.Вот еще мой лог с проги Hjtrack this,жду дальнейших указаний.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:57:28, on 09.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
C:Program FilesASUSTeKASUSDVDPDVDServ.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesIntelIDUawServ.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesSigmaTelC-Major AudioWDMSTacSV.exe
C:WINDOWSexplorer.exe
C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
C:Program FilesTrend MicroHijackThisHijackThis.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll
O2 — BHO: XTTBPos00 Class — {055FD26D-3A88-4e15-963D-DC8493744B1D} — C:PROGRA~1ICQTOO~1toolbaru.dll
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Spybot-S&D IE Protection — {53707962-6F74-2D53-2644-206D7942484F} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: FlashGet GetFlash Class — {F156768E-81EF-470C-9057-481BA8380DBA} — C:Program FilesFlashGetgetflash.dll
O3 — Toolbar: &Google — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — c:program filesgooglegoogletoolbar1.dll
O3 — Toolbar: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [RemoteControl] «C:Program FilesASUSTeKASUSDVDPDVDServ.exe»
O4 — HKCU..Run: [DAEMON Tools Lite] «C:Program FilesDAEMON Tools Litedaemon.exe» -autorun
O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Закачать все при помощи FlashGet — C:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: &Закачать при помощи FlashGet — C:Program FilesFlashGetjc_link.htm
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Анти-Баннер — C:Program FilesKaspersky LabKaspersky Internet Security 7.0ie_banner_deny.htm
O9 — Extra button: Cтатистика Веб-Антивируса — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — C:Program FilesKaspersky LabKaspersky Internet Security 7.0SCIEPlgn.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — C:Program FilesFlashGetFlashGet.exe
O9 — Extra ‘Tools’ menuitem: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — C:Program FilesFlashGetFlashGet.exe
O9 — Extra button: (no name) — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O9 — Extra ‘Tools’ menuitem: Spybot — Search && Destroy Configuration — {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} — C:Program FilesSpybot — Search & DestroySDHelper.dll
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O14 — IERESET.INF: START_PAGE_URL=www.yandex.ru
O17 — HKLMSystemCCSServicesTcpip..{5B6F8BDE-0F6F-4CF6-968C-22E4905041A6}: NameServer = 83.239.131.8 83.239.128.30
O23 — Service: Application Driver Auto Removal Service (01) (appdrvrem01) — Protection Technology — C:WINDOWSSystem32appdrvrem01.exe
O23 — Service: Kaspersky Internet Security 7.0 (AVP) — Kaspersky Lab — C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
O23 — Service: Admin Works Agent X8 (AWService) — OSA Technologies Inc., An Avocent Company — C:Program FilesIntelIDUawServ.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — C:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:WINDOWSsystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:WINDOWSSystem32SCardSvr.exe
O23 — Service: SigmaTel Audio Service (STacSV) — SigmaTel, Inc. — C:Program FilesSigmaTelC-Major AudioWDMSTacSV.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 6941 bytesСпасибо большое,с компьютером больше проблем нет,благодаря вам.Если что,теперь знаю куда обращаться,где люди могут помочь.Еще раз огромнейшее спасибо.
Привожу в ответ лог файл Combofix,хочу сказать сразу,он помог,и это уже не первый случай,когда он РЕАЛЬНО мне помог (до этого порно Информер был),за что громаднейший респект и уважуха всем кто помогает нам простым юзерам,в частности большое спасибо Valere за оказанную помощь.Еще хотелось бы узнать,что там было,поэтому и привожу свой лог:
ComboFix 08-11-27.03 — Илья 2008-11-27 23:33:39.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.529 [GMT 3:00]
Running from: d:documents and settingsИлья.COMPРабочий столComboFix.exe
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.d:documents and settingsИлья.COMPApplication Datainst.exe
d:windowssystem32driversVRFYGZVR.sys
d:windowssystem32Pncrt.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_VRFYGZVR
Service_VRFYGZVR((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.2008-11-27 17:19 . 2008-11-27 17:19
d
d:program filesSpybot — Search & Destroy
2008-11-27 17:19 . 2008-11-27 18:33d
d:documents and settingsAll Users.WINDOWSApplication DataSpybot — Search & Destroy
2008-11-27 17:03 . 2008-11-27 17:04d
D:rsit
2008-11-27 00:49 . 2008-11-27 00:49d
d:program filesTrend Micro
2008-11-26 22:52 . 2008-11-26 22:52 166,912 —a
d:windowswin32_n.dll
2008-11-26 09:47 . 2008-11-27 07:49 13,195 —a
d:documents and settingsИлья.COMPzguicfgw.dat
2008-11-26 09:47 . 2008-11-27 07:49 13,195 —a
d:documents and settingsИлья.COMPzguicfgw.dat
2008-11-26 09:45 . 2004-08-17 15:54 14,848 —a
d:windowssystem32driverskbdhid.sys
2008-11-26 09:45 . 2001-10-19 20:33 12,160 —a
d:windowssystem32driversmouhid.sys
2008-11-25 13:16 . 2008-11-25 13:16d
d:program filesRealtek Sound Manager
2008-11-25 13:16 . 2003-08-21 11:31 462,940 —a
d:windowssystem32driversALCXWDM.SYS
2008-11-25 13:16 . 2003-08-14 18:16 404,736 —a
d:windowssystem32driversALCXSENS.SYS
2008-11-24 20:31 . 2008-11-24 20:31 29 —a
d:windowssystem32yaephqor.tmp
2008-11-22 11:12 . 2008-11-22 11:12d
d:documents and settingsAll Users.WINDOWSApplication Datavsosdk
2008-11-20 22:51 . 2004-08-03 23:08 26,496 —a—c— d:windowssystem32dllcacheusbstor.sys
2008-11-20 19:04 . 2008-09-20 00:57 3,596,288 —a
d:windowssystem32qt-dx331.dll
2008-11-20 19:04 . 2008-09-24 21:41 839,680 —a
d:windowssystem32lameACM.acm
2008-11-20 19:04 . 2008-10-29 01:35 684,032 —a
d:windowssystem32divx.dll
2008-11-20 19:04 . 2004-01-25 19:18 217,088 —a
d:windowssystem32yv12vfw.dll
2008-11-20 19:04 . 2007-09-04 19:56 164,352 —a
d:windowssystem32unrar.dll
2008-11-20 19:04 . 2008-01-10 15:16 159,839 —a
d:windowssystem32xvidvfw.dll
2008-11-20 19:04 . 2008-09-25 11:03 81,920 —a
d:windowssystem32dpl100.dll
2008-11-20 19:04 . 2008-11-02 17:02 7,680 —a
d:windowssystem32ff_vfw.dll
2008-11-20 19:04 . 2007-07-10 19:10 547 —a
d:windowssystem32ff_vfw.dll.manifest
2008-11-20 19:04 . 2008-10-03 15:30 414 —a
d:windowssystem32lame_acm.xml
2008-11-20 19:04 . 2008-07-30 22:09 38 —a
d:windowsavisplitter.ini
2008-11-20 18:56 . 2008-11-25 11:57 69 —a
d:windowsNeroDigital.ini
2008-11-20 03:30 . 2008-11-20 03:30d
d:program filesMSXML 6.0
2008-11-20 03:06 . 2005-06-28 10:21 22,752 —a
d:windowssystem32spupdsvc.exe
2008-11-20 01:44 . 2008-06-14 20:59 272,512
d:windowssystem32driversbthport.sys
2008-11-20 01:44 . 2008-06-14 20:59 272,512
c— d:windowssystem32dllcachebthport.sys
2008-11-20 01:33 . 2008-08-14 16:40 2,187,776
c— d:windowssystem32dllcachentoskrnl.exe
2008-11-20 01:33 . 2008-08-14 16:40 2,144,768
c— d:windowssystem32dllcachentkrnlmp.exe
2008-11-20 01:33 . 2008-08-14 16:40 2,064,768
c— d:windowssystem32dllcachentkrnlpa.exe
2008-11-20 01:32 . 2008-08-14 16:40 2,022,912
c— d:windowssystem32dllcachentkrpamp.exe
2008-11-20 01:30 . 2008-10-24 14:25 455,936
c— d:windowssystem32dllcachemrxsmb.sys
2008-11-20 01:24 . 2008-10-16 14:08 31,768 —a
d:windowssystem32wucltui.dll.mui
2008-11-20 01:24 . 2008-10-16 14:08 27,672 —a
d:windowssystem32wuapi.dll.mui
2008-11-20 01:24 . 2008-10-16 14:07 23,576 —a
d:windowssystem32wuaucpl.cpl.mui
2008-11-20 01:24 . 2008-10-16 14:07 18,968 —a
d:windowssystem32wuaueng.dll.mui
2008-11-20 01:18 . 2008-11-20 01:18d
d:documents and settingsИлья.COMPApplication DataCyberLink
2008-11-20 01:12 . 2008-11-20 01:12d
d:documents and settingsAll Users.WINDOWSApplication DataCyberLink
2008-11-20 01:11 . 2001-03-08 18:30 24,064
d:windowssystem32msxml3a.dll
2008-11-20 01:09 . 2008-11-20 01:11d
d:program filesCyberLink
2008-11-20 01:09 . 2003-03-18 20:14 499,712
d:windowssystem32msvcp71.dll
2008-11-20 00:59 . 2008-11-20 01:00d
d:program filesRegCleaner
2008-11-20 00:35 . 2008-11-20 00:39 34 —a
d:windowscdplayer.ini
2008-11-20 00:32 . 2008-11-20 00:33d
d:program filesaudiograbber
2008-11-20 00:24 . 2006-06-14 15:50 172,416 —a
d:windowssystem32driverskmixer.sys
2008-11-20 00:24 . 2006-02-15 07:22 142,464 —a
d:windowssystem32driversaec.sys
2008-11-20 00:24 . 2006-02-15 07:22 142,464 —a—c— d:windowssystem32dllcacheaec.sys
2008-11-20 00:24 . 2006-06-14 16:17 82,944 —a
d:windowssystem32driverswdmaud.sys
2008-11-20 00:24 . 2004-08-04 02:15 60,800 —a
d:windowssystem32driverssysaudio.sys
2008-11-20 00:24 . 2001-08-18 01:00 54,272 —a
d:windowssystem32driversswmidi.sys
2008-11-20 00:24 . 2004-08-04 02:07 52,864 —a
d:windowssystem32driversDMusic.sys
2008-11-20 00:24 . 2004-08-04 01:58 7,552 —a
d:windowssystem32driversMSKSSRV.sys
2008-11-20 00:24 . 2006-06-14 15:50 6,272 —a
d:windowssystem32driverssplitter.sys
2008-11-20 00:24 . 2004-08-04 01:58 5,376 —a
d:windowssystem32driversMSPCLOCK.sys
2008-11-20 00:24 . 2004-08-04 02:07 2,944 —a
d:windowssystem32driversdrmkaud.sys
2008-11-20 00:23 . 2008-05-16 14:01 6,557,408 —a
d:windowssystem32driversnv4_mini.sys
2008-11-20 00:23 . 2008-05-16 14:01 6,557,408 —a—c— d:windowssystem32dllcachenv4_mini.sys
2008-11-20 00:23 . 2008-05-16 14:01 6,108,928 —a
d:windowssystem32nv4_disp.dll
2008-11-20 00:23 . 2004-08-17 18:49 58,112 —a
d:windowssystem32driversredbook.sys
2008-11-20 00:23 . 2004-08-04 01:58 4,992 —a
d:windowssystem32driversMSPQM.sys
2008-11-20 00:23 . 2001-08-18 00:59 3,072 —a
d:windowssystem32driversaudstub.sys
2008-11-20 00:22 . 2004-08-03 23:15 145,792 —a
d:windowssystem32driversportcls.sys
2008-11-20 00:22 . 2004-08-03 23:15 145,792 —a—c— d:windowssystem32dllcacheportcls.sys
2008-11-20 00:22 . 2004-08-17 16:05 130,048 —a
d:windowssystem32ksproxy.ax
2008-11-20 00:22 . 2004-08-17 16:05 130,048 —a—c— d:windowssystem32dllcacheksproxy.ax
2008-11-20 00:22 . 2004-08-17 19:04 76,800 —a
d:windowssystem32usbui.dll
2008-11-20 00:22 . 2004-08-03 23:08 60,288 —a
d:windowssystem32driversdrmk.sys
2008-11-20 00:22 . 2004-08-03 23:08 60,288 —a—c— d:windowssystem32dllcachedrmk.sys
2008-11-20 00:22 . 2004-08-04 02:08 10,624 —a
d:windowssystem32driversgameenum.sys
2008-11-20 00:22 . 2004-08-17 16:04 4,096 —a
d:windowssystem32ksuser.dll
2008-11-20 00:22 . 2004-08-17 16:04 4,096 —a—c— d:windowssystem32dllcacheksuser.dll
2008-11-20 00:22 . 2001-08-18 01:00 2,944 —a
d:windowssystem32driversmsmpu401.sys
2008-11-20 00:20 . 2008-11-23 22:28 755,586 —a
d:windowssystem32PerfStringBackup.INI
2008-11-20 00:20 . 2004-08-18 15:00 66,082 —a—c— d:windowssystem32dllcachec_28603.nls
2008-11-20 00:20 . 2004-08-18 15:00 66,082 —a
d:windowssystem32c_28603.nls
2008-11-20 00:20 . 2004-08-18 15:00 19,456 —a—c— d:windowssystem32dllcacheagt041f.dll
2008-11-20 00:20 . 2008-11-19 21:33 4,337 —a
d:windowsODBCINST.INI
2008-11-20 00:20 . 2008-11-20 03:42 1,393 —a
d:windowsimsins.BAK
2008-11-20 00:19 . 2008-11-19 21:32dr-h
d:documents and settingsDefault User.WINDOWSSendTo
2008-11-20 00:19 . 2008-11-20 00:19d—h
d:documents and settingsDefault User.WINDOWSRecent
2008-11-20 00:19 . 2008-11-20 00:19d—h
d:documents and settingsDefault User.WINDOWSPrintHood
2008-11-20 00:19 . 2008-11-20 00:19d—h
d:documents and settingsDefault User.WINDOWSNetHood
2008-11-20 00:19 . 2008-11-20 00:19dr-h
d:documents and settingsDefault User.WINDOWSLocal Settings
2008-11-20 00:19 . 2008-11-19 21:34d—s—- d:documents and settingsDefault User.WINDOWSCookies
2008-11-20 00:19 . 2008-11-19 21:26d—h
d:documents and settingsDefault User.WINDOWSШаблоны
2008-11-20 00:19 . 2008-11-20 01:11d
d:documents and settingsDefault User.WINDOWSРабочий стол
2008-11-20 00:19 . 2008-11-20 00:19d
d:documents and settingsDefault User.WINDOWSМои документы
2008-11-20 00:19 . 2008-11-20 00:19dr
d:documents and settingsDefault User.WINDOWSГлавное меню
2008-11-20 00:19 . 2008-11-20 00:19d
d:documents and settingsDefault User.WINDOWSИзбранное
2008-11-20 00:19 . 2008-11-20 00:19d—h
d:documents and settingsAll Users.WINDOWSШаблоны
2008-11-20 00:19 . 2008-11-20 01:29d
d:documents and settingsAll Users.WINDOWSРабочий стол
2008-11-20 00:19 . 2008-11-19 21:42dr
d:documents and settingsAll Users.WINDOWSГлавное меню
2008-11-20 00:19 . 2008-11-20 00:19d
d:documents and settingsAll Users.WINDOWSИзбранное
2008-11-20 00:19 . 2008-11-19 21:29dr
d:documents and settingsAll Users.WINDOWSДокументы
2008-11-20 00:18 . 2008-11-20 00:18d
d:documents and settingsИлья.COMPApplication DataOpera
2008-11-20 00:17 . 2004-08-18 15:00 1,896,102 —a—c— d:windowssystem32dllcacheNT5.CAT
2008-11-20 00:16 . 2008-11-27 21:17d
d:program filesOpera
2008-11-20 00:16 . 2008-11-20 00:16d
d:documents and settingsИлья.COMPApplication DataICQ Toolbar
2008-11-20 00:16 . 2008-11-19 23:45dr-h
d:documents and settingsDefault User.WINDOWSApplication Data
2008-11-20 00:16 . 2008-11-19 23:31d—h
d:documents and settingsDefault User.WINDOWS
2008-11-20 00:16 . 2008-11-27 17:19dr-h
d:documents and settingsAll Users.WINDOWSApplication Data
2008-11-20 00:16 . 2008-11-19 21:32d
d:documents and settingsAll Users.WINDOWS
2008-11-20 00:16 . 2004-08-18 15:00 1,086,058 -ra
d:windowsSET4.tmp
2008-11-20 00:16 . 2004-08-18 15:00 1,014,193 -ra
d:windowsSET3.tmp
2008-11-20 00:15 . 2008-11-20 09:52d
d:program filesICQToolbar
2008-11-20 00:15 . 2008-11-19 21:39 1,017 —a
d:windowssystem32$winnt$.inf
2008-11-20 00:09 . 2008-11-22 00:26d
d:program filesICQ6
2008-11-20 00:06 . 2003-06-19 00:31 17,920 —a
d:windowssystem32mdimon.dll
2008-11-20 00:06 . 2008-11-20 00:06 394 —a
d:windowsODBC.INI
2008-11-19 23:57 . 2008-11-20 00:44d
d:documents and settingsИлья.COMPApplication DataICQ
2008-11-19 23:56 . 2008-11-19 23:56d
d:documents and settingsИлья.COMPApplication DataMozilla
2008-11-19 23:55 . 2008-11-19 23:55d
d:documents and settingsИлья.COMPApplication DataInstallShield
2008-11-19 23:54 . 2008-11-24 11:34d
d:documents and settingsИлья.COMPApplication DataVso
2008-11-19 23:54 . 2006-09-29 11:24 217,127 —a
d:windowssystem32drv43260.dll
2008-11-19 23:54 . 2006-09-29 11:25 208,935 —a
d:windowssystem32drv33260.dll
2008-11-19 23:54 . 2006-09-29 11:26 176,165 —a
d:windowssystem32drv23260.dll
2008-11-19 23:54 . 2008-11-19 23:54 47,360 —a
d:windowssystem32driverspcouffin.sys
2008-11-19 23:54 . 2008-11-19 23:54 47,360 —a
d:documents and settingsИлья.COMPApplication Datapcouffin.sys
2008-11-19 23:52 . 2008-11-19 23:53d
d:documents and settingsИлья.COMPApplication DataReGet Software
2008-11-19 23:50 . 2008-11-19 23:50d
d:program filesReGet Software
2008-11-19 23:40 . 2008-11-19 23:40d
d:documents and settingsИлья.COMPApplication DataSamsung.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 10:16
d
w d:program filesAvRack
2008-11-20 16:05
d
w d:program filesK-Lite Codec Pack
2008-11-19 20:50
d
w d:program filesCommon FilesReGet Shared
2008-11-19 19:05
d
w d:program filesKaspersky Lab
2008-11-19 17:26
d
w d:documents and settingsИльяApplication DatauTorrent
2008-11-17 20:19
d
w d:documents and settingsИльяApplication DataReGet Software
2008-11-12 11:04
d
w d:documents and settingsИльяApplication DataVso
2008-10-30 06:37
d—h—w d:program filesInstallShield Installation Information
2008-10-24 11:25 455,936 —-a-w d:windowssystem32driversmrxsmb.sys
2008-10-24 05:11
d
w d:documents and settingsИльяApplication DataDAEMON Tools
2008-10-16 11:13 202,776 —-a-w d:windowssystem32wuweb.dll
2008-10-16 11:12 561,688 —-a-w d:windowssystem32wuapi.dll
2008-10-16 11:12 323,608 —-a-w d:windowssystem32wucltui.dll
2008-10-16 11:09 92,696 —-a-w d:windowssystem32cdm.dll
2008-10-16 11:09 51,224 —-a-w d:windowssystem32wuauclt.exe
2008-10-16 11:09 43,544 —-a-w d:windowssystem32wups2.dll
2008-10-16 11:08 34,328 —-a-w d:windowssystem32wups.dll
2008-09-30 13:43 1,286,152 —-a-w d:windowssystem32msxml4.dll
2008-09-27 10:12
d
w d:program filesCommon FilesDirectX
2008-09-15 15:15 1,847,040 —-a-w d:windowssystem32win32k.sys
2008-09-04 16:45 1,106,944 —-a-w d:windowssystem32msxml3.dll
2008-08-29 17:06 1,350,664 —-a-w d:windowssystem32msxml6.dll
2008-04-29 11:37 47,360 -c—a-w d:documents and settingsИльяApplication Datapcouffin.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«RemoteControl»=»d:program filesCyberLinkPowerDVDPDVDServ.exe» [2005-12-07 30208]
«LanguageShortcut»=»d:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-04-13 49152]
«CloneCDTray»=»d:program filesSlySoftCloneCDCloneCDTray.exe» [2005-05-19 57344]
«NvCplDaemon»=»d:windowssystem32NvCpl.dll» [2008-05-16 13529088]
«nwiz»=»nwiz.exe» [2008-05-16 d:windowssystem32nwiz.exe]
«SoundMan»=»SOUNDMAN.EXE» [2003-08-15 d:windowssoundman.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»d:windowssystem32CTFMON.EXE» [2004-08-18 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«d:\Documents and Settings\Илья.COMP\Рабочий стол\utorrent1.7.7.exe»=
«d:\Program Files\ICQ6\ICQ.exe»=R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:windowssystem32DRIVERSklim5.sys [2007-04-04 24344]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);d:windowssystem32DRIVERSss_bus.sys [2008-11-19 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;d:windowssystem32DRIVERSss_mdfl.sys [2008-11-19 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;d:windowssystem32DRIVERSss_mdm.sys [2008-11-19 94000]
.
— — — — ORPHANS REMOVED — — — —ShellExecuteHooks-{16664848-0E00-11D2-8059-000000000000} — (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 23:41:15
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1032)
d:program filesKaspersky LabKaspersky Internet Security 7.0miscr3.dll
d:windowssystem32klogon.dll— — — — — — — > ‘lsass.exe'(1088)
d:program filesKaspersky LabKaspersky Internet Security 7.0dnsq.dll
d:program filesKaspersky LabKaspersky Internet Security 7.0miscr3.dll— — — — — — — > ‘explorer.exe'(3552)
d:program filesKaspersky LabKaspersky Internet Security 7.0miscr3.dll
.
Other Running Processes
.
d:program filesKaspersky LabKaspersky Internet Security 7.0avp.exe
d:windowssystem32nvsvc32.exe
d:program filesCyberLinkShared filesRichVideo.exe
.
**************************************************************************
.
Completion time: 2008-11-27 23:44:26 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-27 20:44:19Pre-Run: 5 130 207 232 байт свободно
Post-Run: 5,136,207,872 байт свободно232 — E O F — 2008-11-20 00:43:28
По вашей рекомендации выкладываю два лога:
info.txt logfile of random’s system information tool 1.04 2008-11-27 17:04:02======Uninstall list======
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:WINDOWSINFPCHealth.inf
7-Zip 4.43a6—>»D:Program Files7-ZipUninstall.exe»
Adobe Flash Player 9 ActiveX—>D:WINDOWSsystem32MacromedFlashUninstFl.exe -q
CloneCD—>»D:Program FilesSlySoftCloneCDccd-uninst.exe» /D=»D:Program FilesSlySoftCloneCD»
ConvertXtoDVD 2.2.3.258—>»D:Program FilesVSOConvertXtoDVDunins000.exe»
DFE-520TX—>D:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{FCACC379-FEC9-49FE-8FD9-8CD9D6A4F46F}
D-Link PCI Fast Ethernet Adapter—>Rundll32.exe vuins32.dll,vuins32Ex $Rhine $D-Link
HijackThis 2.0.2—>»D:Program FilesTrend MicroHijackThisHijackThis.exe» /uninstall
ICQ Toolbar—>regsvr32 /u /s «D:PROGRA~1ICQTOO~1toolbaru.dll»
ICQ6—>»D:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Kaspersky Internet Security 7.0—>MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0—>MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
K-Lite Codec Pack 4.3.1 (Full)—>»D:Program FilesK-Lite Codec Packunins000.exe»
Logitech Gaming Software—>RunDll32 D:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «D:Program FilesInstallShield Installation Information{B9242864-2841-4ADE-86E0-8F90F91B04DD}setup.exe» -l0x9
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)—>MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 6 Ultra Edition—>D:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
NVIDIA Drivers—>D:WINDOWSsystem32nvuninst.exe UninstallGUI
Opera 9.10—>MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
PowerDVD—>RunDll32 D:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «D:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
Realtek AC’97 Audio—>RunDll32 D:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «D:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» REMOVE
ReGet Deluxe 5.0 RC3—>MsiExec.exe /I{5C2E7D8C-9191-40AA-AB72-9C899BAD8F8B}
SAMSUNG CDMA Modem Driver Set—>D:WINDOWSsystem32Samsung_USB_Drivers3SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software—>D:WINDOWSsystem32Samsung_USB_Drivers1SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software—>D:WINDOWSsystem32Samsung_USB_Drivers2SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer—>RunDll32 D:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «D:Program FilesInstallShield Installation Information{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}setup.exe» -l0x19 -removeonly
Samsung PC Studio—>RunDll32 D:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «D:Program FilesInstallShield Installation Information{C4A4722E-79F9-417C-BD72-8D359A090C97}setup.exe» -l0x19 -removeonly
Vodafone 804SS USB driver Software—>D:WINDOWSsystem32Samsung_USB_Drivers4SSVDUninstall.exe
Архиватор WinRAR—>D:Program FilesWinRARuninstall.exe
Исправление для Windows XP (KB952287)—>»D:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Обновление безопасности для Windows XP — (KB923689)—>»D:WINDOWS$NtUninstallKB923689$spuninstspuninst.exe»
Обновление безопасности для Windows XP — (KB941569)—>»D:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB938464)—>»D:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB944338-v2)—>»D:WINDOWS$NtUninstallKB944338-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950762)—>»D:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB950974)—>»D:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951066)—>»D:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951376-v2)—>»D:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB951698)—>»D:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB952954)—>»D:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB954211)—>»D:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB955069)—>»D:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956390)—>»D:WINDOWS$NtUninstallKB956390$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956391)—>»D:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956803)—>»D:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB956841)—>»D:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957095)—>»D:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB957097)—>»D:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Обновление безопасности для Windows XP (KB958644)—>»D:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Обновление безопасности для проигрывателя Windows Media 10 — (KB936782)—>»D:WINDOWS$NtUninstallKB936782_WMP10$spuninstspuninst.exe»
Обновление для Windows XP (KB951072-v2)—>»D:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»=====HijackThis Backups=====
O18 — Filter hijack: text/html — {53B95212-7D77-11D2-9F80-00104B107C97} — D:WINDOWSwin32_n.dll
O18 — Filter hijack: text/html — {53B95212-7D77-11D2-9F80-00104B107C97} — D:WINDOWSwin32_n.dll
O18 — Filter hijack: text/html — {53B95212-7D77-11D2-9F80-00104B107C97} — D:WINDOWSwin32_n.dll
O18 — Filter hijack: text/html — {53B95212-7D77-11D2-9F80-00104B107C97} — D:WINDOWSwin32_n.dll
O18 — Filter hijack: text/html — {53B95212-7D77-11D2-9F80-00104B107C97} — D:WINDOWSwin32_n.dll======Security center information======
AV: Kaspersky Internet Security
FW: Kaspersky Internet Security======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;D:Program FilesSamsungSamsung PC Studio 3
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 2 Stepping 9, GenuineIntel
«PROCESSOR_REVISION»=0209
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
EOF
Logfile of random’s system information tool 1.04 (written by random/random)
Run by Илья at 2008-11-27 17:03:51
Microsoft Windows XP Professional Service Pack 2
System drive D: has 5 GB (26%) free of 19 GB
Total RAM: 767 MB (68% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03:53, on 27.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32spoolsv.exe
D:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
D:WINDOWSsystem32nvsvc32.exe
D:Program FilesCyberLinkShared filesRichVideo.exe
D:WINDOWSexplorer.exe
D:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
D:Program FilesCyberLinkPowerDVDPDVDServ.exe
D:WINDOWSSOUNDMAN.EXE
D:WINDOWSsystem32wuauclt.exe
D:Program FilesInternet Exploreriexplore.exe
D:Documents and SettingsИлья.COMPРабочий столRSIT.exe
D:Program FilesTrend MicroHijackThisИлья.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yandex.ru/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yandex.ru
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — D:PROGRA~1ICQTOO~1toolbaru.dll
O2 — BHO: XTTBPos00 — {055FD26D-3A88-4e15-963D-DC8493744B1D} — D:PROGRA~1ICQTOO~1toolbaru.dll
O2 — BHO: (no name) — {16664845-0E00-11D2-8059-000000000000} — (no file)
O2 — BHO: TMAgent IE Adapter — {35A6E2B1-27A9-47D2-913C-559E1EF1D034} — D:Program FilesCommon FilesTarget Marketing AgencyTMAgenttmagent.dll
O3 — Toolbar: ReGet Bar — {17939A30-18E2-471E-9D3A-56DD725F1215} — D:Program FilesReGet SoftwareReGet Deluxe 5.0IEBar.dll
O3 — Toolbar: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — D:PROGRA~1ICQTOO~1toolbaru.dll
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [AVP] «D:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe»
O4 — HKLM..Run: [RemoteControl] «D:Program FilesCyberLinkPowerDVDPDVDServ.exe»
O4 — HKLM..Run: [LanguageShortcut] «D:Program FilesCyberLinkPowerDVDLanguageLanguage.exe»
O4 — HKLM..Run: [CloneCDTray] «D:Program FilesSlySoftCloneCDCloneCDTray.exe» /s
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] D:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] D:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] D:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] D:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://D:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Добавить в Анти-Баннер — D:Program FilesKaspersky LabKaspersky Internet Security 7.0ie_banner_deny.htm
O8 — Extra context menu item: Закачать &все при помощи ReGet Deluxe — D:Program FilesCommon FilesReGet SharedCC_All.htm
O8 — Extra context menu item: Закачать при помощи Re&Get Deluxe — D:Program FilesCommon FilesReGet SharedCC_Link.htm
O9 — Extra button: Cтатистика Веб-Антивируса — {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} — D:Program FilesKaspersky LabKaspersky Internet Security 7.0SCIEPlgn.dll
O9 — Extra button: Справочные материалы — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — D:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — D:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — D:Program FilesICQ6ICQ.exe
O14 — IERESET.INF: START_PAGE_URL=www.yandex.ru
O17 — HKLMSystemCCSServicesTcpip..{597D8891-5A52-4395-AA72-6EBFD1239C4B}: NameServer = 83.239.131.8 83.239.128.30
O18 — Filter hijack: text/html — {53B95212-7D77-11D2-9F80-00104B107C97} — D:WINDOWSwin32_n.dll
O20 — AppInit_DLLs: D:PROGRA~1KASPER~1KASPER~1.0adialhk.dll
O23 — Service: Kaspersky Internet Security 7.0 (AVP) — Kaspersky Lab — D:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — D:WINDOWSsystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — D:WINDOWSsystem32imapi.exe
O23 — Service: NetMeeting Remote Desktop Sharing (mnmsrvc) — Корпорация Майкрософт — D:WINDOWSsystem32mnmsrvc.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — D:WINDOWSsystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — D:WINDOWSsystem32services.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — D:WINDOWSsystem32sessmgr.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — D:Program FilesCyberLinkShared filesRichVideo.exe
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — D:WINDOWSSystem32SCardSvr.exe
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — D:WINDOWSsystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — D:WINDOWSSystem32vssvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — D:WINDOWSSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — D:WINDOWSsystem32wbemwmiapsrv.exe—
End of file — 5797 bytes======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class — D:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{16664845-0E00-11D2-8059-000000000000}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{35A6E2B1-27A9-47D2-913C-559E1EF1D034}]
TMAgent IE Adapter — D:Program FilesCommon FilesTarget Marketing AgencyTMAgenttmagent.dll [2008-11-25 1019904][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{17939A30-18E2-471E-9D3A-56DD725F1215} — ReGet Bar — D:Program FilesReGet SoftwareReGet Deluxe 5.0IEBar.dll [2007-04-24 190912]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQ Toolbar — D:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«nwiz»=nwiz.exe /install []
«AVP»=D:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe [2007-06-28 218376]
«RemoteControl»=D:Program FilesCyberLinkPowerDVDPDVDServ.exe [2005-12-07 30208]
«LanguageShortcut»=D:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2006-04-13 49152]
«CloneCDTray»=D:Program FilesSlySoftCloneCDCloneCDTray.exe [2005-05-19 57344]
«NvCplDaemon»=D:WINDOWSsystem32NvCpl.dll [2008-05-16 13529088]
«SoundMan»=D:WINDOWSSOUNDMAN.EXE [2003-08-15 57344][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»D:PROGRA~1KASPER~1KASPER~1.0adialhk.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
D:WINDOWSsystem32klogon.dll [2007-06-28 206088][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{16664848-0E00-11D2-8059-000000000000}»= [][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
«InstallVisualStyle»=D:WINDOWSResourcesThemesRoyaleRoyale.msstyles
«InstallTheme»=D:WINDOWSResourcesThemesRoyale.theme[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«D:Documents and SettingsИлья.COMPРабочий столutorrent1.7.7.exe»=»D:Documents and SettingsИлья.COMPРабочий столutorrent1.7.7.exe:*:Enabled:µTorrent»
«D:Program FilesICQ6ICQ.exe»=»D:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2008-11-27 17:03:51 —-D—- D:rsit
2008-11-27 00:49:57 —-D—- D:Program FilesTrend Micro
2008-11-26 22:52:50 —-A—- D:WINDOWSwin32_n.dll
2008-11-26 13:07:27 —-D—- D:WINDOWSMinidump
2008-11-25 13:16:59 —-D—- D:Program FilesRealtek Sound Manager
2008-11-24 20:31:57 —-A—- D:WINDOWSsystem32yaephqor.tmp
2008-11-24 07:57:55 —-D—- D:Program FilesMicrosoft Common
2008-11-22 11:12:24 —-D—- D:Documents and SettingsAll Users.WINDOWSApplication Datavsosdk
2008-11-20 19:04:58 —-A—- D:WINDOWSsystem32unrar.dll
2008-11-20 19:04:55 —-A—- D:WINDOWSavisplitter.ini
2008-11-20 19:04:46 —-A—- D:WINDOWSsystem32yv12vfw.dll
2008-11-20 19:04:45 —-A—- D:WINDOWSsystem32xvidvfw.dll
2008-11-20 19:04:42 —-A—- D:WINDOWSsystem32qt-dx331.dll
2008-11-20 19:04:41 —-A—- D:WINDOWSsystem32dpl100.dll
2008-11-20 19:04:40 —-A—- D:WINDOWSsystem32divx.dll
2008-11-20 19:04:36 —-A—- D:WINDOWSsystem32ff_vfw.dll.manifest
2008-11-20 19:04:36 —-A—- D:WINDOWSsystem32ff_vfw.dll
2008-11-20 18:56:18 —-A—- D:WINDOWSNeroDigital.ini
2008-11-20 03:30:30 —-D—- D:Program FilesMSXML 6.0
2008-11-20 03:10:42 —-HDC—- D:WINDOWS$NtUninstallKB944338-v2$
2008-11-20 03:06:41 —-N—- D:WINDOWSsystem32spmsg.dll
2008-11-20 03:06:39 —-A—- D:WINDOWSsystem32spupdsvc.exe
2008-11-20 01:24:23 —-A—- D:WINDOWSsystem32wucltui.dll.mui
2008-11-20 01:24:23 —-A—- D:WINDOWSsystem32wuaueng.dll.mui
2008-11-20 01:24:23 —-A—- D:WINDOWSsystem32wuapi.dll.mui
2008-11-20 01:18:09 —-D—- D:Documents and SettingsИлья.COMPApplication DataCyberLink
2008-11-20 01:12:58 —-D—- D:Documents and SettingsAll Users.WINDOWSApplication DataCyberLink
2008-11-20 01:11:30 —-N—- D:WINDOWSsystem32msxml3a.dll
2008-11-20 01:09:32 —-N—- D:WINDOWSsystem32msvcp71.dll
2008-11-20 01:09:30 —-D—- D:Program FilesCyberLink
2008-11-20 00:59:15 —-D—- D:Program FilesRegCleaner
2008-11-20 00:35:06 —-A—- D:WINDOWScdplayer.ini
2008-11-20 00:32:57 —-D—- D:Program Filesaudiograbber
2008-11-20 00:24:21 —-A—- D:WINDOWSsystem32h323log.txt
2008-11-20 00:23:06 —-A—- D:WINDOWSsystem32nv4_disp.dll
2008-11-20 00:22:49 —-A—- D:WINDOWSsystem32ksuser.dll
2008-11-20 00:22:22 —-A—- D:WINDOWSsystem32usbui.dll
2008-11-20 00:20:14 —-A—- D:WINDOWSimsins.BAK
2008-11-20 00:20:09 —-A—- D:WINDOWSsystem32PerfStringBackup.INI
2008-11-20 00:20:08 —-A—- D:WINDOWSODBCINST.INI
2008-11-20 00:19:59 —-RA—- D:WINDOWSsystem32kbdtuq.dll
2008-11-20 00:19:59 —-RA—- D:WINDOWSsystem32kbdtuf.dll
2008-11-20 00:19:59 —-RA—- D:WINDOWSsystem32kbdazel.dll
2008-11-20 00:19:55 —-RA—- D:WINDOWSsystem32kbdhept.dll
2008-11-20 00:19:55 —-RA—- D:WINDOWSsystem32kbdhela3.dll
2008-11-20 00:19:55 —-RA—- D:WINDOWSsystem32kbdhela2.dll
2008-11-20 00:19:55 —-RA—- D:WINDOWSsystem32kbdhe319.dll
2008-11-20 00:19:55 —-RA—- D:WINDOWSsystem32kbdhe220.dll
2008-11-20 00:19:55 —-RA—- D:WINDOWSsystem32kbdhe.dll
2008-11-20 00:19:55 —-RA—- D:WINDOWSsystem32kbdgkl.dll
2008-11-20 00:19:51 —-RA—- D:WINDOWSsystem32kbdlv1.dll
2008-11-20 00:19:51 —-RA—- D:WINDOWSsystem32kbdlv.dll
2008-11-20 00:19:51 —-RA—- D:WINDOWSsystem32kbdlt1.dll
2008-11-20 00:19:51 —-RA—- D:WINDOWSsystem32kbdlt.dll
2008-11-20 00:19:51 —-RA—- D:WINDOWSsystem32kbdest.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdycl.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdsl1.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdsl.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdro.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdpl1.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdpl.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdhu1.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdhu.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdcz2.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdcz1.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdcz.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32kbdcr.dll
2008-11-20 00:19:46 —-RA—- D:WINDOWSsystem32KBDAL.DLL
2008-11-20 00:19:38 —-A—- D:WINDOWSsystem32kbdycc.dll
2008-11-20 00:19:38 —-A—- D:WINDOWSsystem32kbduzb.dll
2008-11-20 00:19:38 —-A—- D:WINDOWSsystem32kbdur.dll
2008-11-20 00:19:38 —-A—- D:WINDOWSsystem32kbdtat.dll
2008-11-20 00:19:38 —-A—- D:WINDOWSsystem32kbdmon.dll
2008-11-20 00:19:38 —-A—- D:WINDOWSsystem32kbdkyr.dll
2008-11-20 00:19:38 —-A—- D:WINDOWSsystem32kbdkaz.dll
2008-11-20 00:19:38 —-A—- D:WINDOWSsystem32kbdaze.dll
2008-11-20 00:19:37 —-A—- D:WINDOWSsystem32kbdbu.dll
2008-11-20 00:19:37 —-A—- D:WINDOWSsystem32kbdblr.dll
2008-11-20 00:19:35 —-A—- D:WINDOWSsystem32irclass.dll
2008-11-20 00:19:35 —-A—- D:WINDOWSsystem32dgsetup.dll
2008-11-20 00:19:35 —-A—- D:WINDOWSsystem32dgrpsetu.dll
2008-11-20 00:19:34 —-A—- D:WINDOWSsystem32spxcoins.dll
2008-11-20 00:19:34 —-A—- D:WINDOWSsystem32EqnClass.Dll
2008-11-20 00:19:29 —-N—- D:WINDOWSsystem32CONFIG.TMP
2008-11-20 00:19:29 —-A—- D:WINDOWSTASKMAN.EXE
2008-11-20 00:19:28 —-A—- D:WINDOWSsystem32batt.dll
2008-11-20 00:19:27 —-A—- D:WINDOWSNOTEPAD.EXE
2008-11-20 00:19:26 —-A—- D:WINDOWSsystem32storprop.dll
2008-11-20 00:19:15 —-ASH—- D:Documents and SettingsAll Users.WINDOWSApplication Datadesktop.ini
2008-11-20 00:18:07 —-D—- D:Documents and SettingsИлья.COMPApplication DataOpera
2008-11-20 00:17:01 —-RA—- D:WINDOWSSET8.tmp
2008-11-20 00:16:58 —-RA—- D:WINDOWSSET4.tmp
2008-11-20 00:16:56 —-RA—- D:WINDOWSSET3.tmp
2008-11-20 00:16:43 —-SD—- D:Documents and SettingsAll Users.WINDOWSApplication DataMicrosoft
2008-11-20 00:16:43 —-D—- D:Documents and SettingsИлья.COMPApplication DataICQ Toolbar
2008-11-20 00:16:24 —-D—- D:Program FilesOpera
2008-11-20 00:16:18 —-A—- D:WINDOWSsetuplog.txt
2008-11-20 00:15:16 —-D—- D:Program FilesICQToolbar
2008-11-20 00:09:20 —-D—- D:Program FilesICQ6
2008-11-20 00:06:46 —-A—- D:WINDOWSODBC.INI
2008-11-20 00:06:34 —-A—- D:WINDOWSsystem32mdimon.dll
2008-11-20 00:03:42 —-D—- D:Program FilesMicrosoft Office
2008-11-19 23:57:08 —-D—- D:Documents and SettingsИлья.COMPApplication DataICQ
2008-11-19 23:56:09 —-D—- D:Documents and SettingsИлья.COMPApplication DataMozilla
2008-11-19 23:55:40 —-D—- D:Documents and SettingsИлья.COMPApplication DataInstallShield
2008-11-19 23:54:32 —-A—- D:Documents and SettingsИлья.COMPApplication Datainst.exe
2008-11-19 23:54:31 —-D—- D:Documents and SettingsИлья.COMPApplication DataVso
2008-11-19 23:54:27 —-A—- D:WINDOWSsystem32Pncrt.dll
2008-11-19 23:54:27 —-A—- D:WINDOWSsystem32drv43260.dll
2008-11-19 23:54:27 —-A—- D:WINDOWSsystem32drv33260.dll
2008-11-19 23:54:27 —-A—- D:WINDOWSsystem32drv23260.dll
2008-11-19 23:52:04 —-D—- D:Documents and SettingsИлья.COMPApplication DataReGet Software
2008-11-19 23:50:43 —-D—- D:Program FilesReGet Software
2008-11-19 23:40:28 —-D—- D:Documents and SettingsИлья.COMPApplication DataSamsung
2008-11-19 23:39:24 —-A—- D:WINDOWSsystem32msvcr71.dll
2008-11-19 23:37:31 —-D—- D:Program FilesSamsung
2008-11-19 23:34:37 —-N—- D:WINDOWSsystem32vxblock.dll
2008-11-19 23:34:37 —-N—- D:WINDOWSsystem32pxwave.dll
2008-11-19 23:34:37 —-N—- D:WINDOWSsystem32pxsfs.dll
2008-11-19 23:34:37 —-N—- D:WINDOWSsystem32pxmas.dll
2008-11-19 23:34:37 —-N—- D:WINDOWSsystem32pxinsi64.exe
2008-11-19 23:34:37 —-N—- D:WINDOWSsystem32pxinsa64.exe
2008-11-19 23:34:37 —-N—- D:WINDOWSsystem32pxhpinst.exe
2008-11-19 23:34:37 —-N—- D:WINDOWSsystem32pxdrv.dll
2008-11-19 23:34:37 —-N—- D:WINDOWSsystem32pxcpya64.exe
2008-11-19 23:34:37 —-N—- D:WINDOWSsystem32pxafs.dll
2008-11-19 23:34:37 —-N—- D:WINDOWSsystem32px.dll
2008-11-19 23:34:28 —-D—- D:Program FilesWinamp
2008-11-19 23:31:52 —-A—- D:WINDOWSsystem32TwnLib20.dll
2008-11-19 23:31:50 —-N—- D:WINDOWSsystem32ImagXRA7.dll
2008-11-19 23:31:50 —-N—- D:WINDOWSsystem32ImagXR7.dll
2008-11-19 23:31:50 —-N—- D:WINDOWSsystem32ImagXpr7.dll
2008-11-19 23:31:50 —-N—- D:WINDOWSsystem32ImagX7.dll
2008-11-19 23:31:48 —-A—- D:WINDOWSsystem32NeroCheck.exe
2008-11-19 23:31:45 —-D—- D:Program FilesAhead
2008-11-19 23:29:32 —-SH—- D:WINDOWSSFA4484F0.tmp
2008-11-19 22:36:08 —-D—- D:Documents and SettingsИлья.COMPApplication DatauTorrent
2008-11-19 22:28:47 —-D—- D:Documents and SettingsИлья.COMPApplication DataMacromedia
2008-11-19 22:13:51 —-D—- D:Documents and SettingsAll Users.WINDOWSApplication DataKaspersky Lab
2008-11-19 21:47:01 —-N—- D:WINDOWSavrack.ini
2008-11-19 21:47:01 —-A—- D:WINDOWSsystem32Audio3D.dll
2008-11-19 21:47:01 —-A—- D:WINDOWSsystem32a3d.dll
2008-11-19 21:47:00 —-A—- D:WINDOWSsoundman.exe
2008-11-19 21:46:59 —-N—- D:WINDOWSalcupd.exe
2008-11-19 21:46:59 —-N—- D:WINDOWSalcrmv.exe
2008-11-19 21:45:34 —-A—- D:WINDOWSsystem32nvudisp.exe
2008-11-19 21:45:12 —-A—- D:WINDOWSsystem32NVUNINST.EXE
2008-11-19 21:41:42 —-D—- D:Documents and SettingsИлья.COMPApplication DataIdentities
2008-11-19 21:41:19 —-SD—- D:Documents and SettingsИлья.COMPApplication DataMicrosoft
2008-11-19 21:41:19 —-ASH—- D:Documents and SettingsИлья.COMPApplication Datadesktop.ini
2008-11-19 21:40:22 —-A—- D:WINDOWSSchedLgU.Txt
2008-11-19 21:34:24 —-A—- D:WINDOWSsystem32oeminfo.ini
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32xinput9_1_0.dll
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32xinput1_1.dll
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32xactengine2_2.dll
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32xactengine2_1.dll
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32xactengine2_0.dll
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32x3daudio1_0.dll
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32d3dx9_30.dll
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32d3dx9_29.dll
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32d3dx9_28.dll
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32d3dx9_27.dll
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32d3dx9_26.dll
2008-11-19 21:34:22 —-A—- D:WINDOWSsystem32d3dx9_25.dll
2008-11-19 21:34:21 —-A—- D:WINDOWSsystem32d3dx9_24.dll
2008-11-19 21:34:08 —-A—- D:WINDOWScontrol.ini
2008-11-19 21:33:53 —-A—- D:WINDOWSOEWABLog.txt
2008-11-19 21:33:44 —-A—- D:WINDOWSsystem32mapi32.dll
2008-11-19 21:32:12 —-RAH—- D:WINDOWSsystem32logonui.exe.manifest
2008-11-19 21:32:00 —-RAH—- D:WINDOWSsystem32cdplayer.exe.manifest
2008-11-19 21:30:37 —-A—- D:WINDOWSsystem32atrace.dll
2008-11-19 21:30:31 —-A—- D:WINDOWSsystem32desktop.ini
2008-11-19 21:30:31 —-A—- D:WINDOWSdesktop.ini
2008-11-19 21:30:17 —-A—- D:WINDOWSsystem32nmevtmsg.dll
2008-11-19 21:30:16 —-A—- D:WINDOWSsystem32acctres.dll
2008-11-19 21:30:15 —-A—- D:WINDOWSsystem32icfgnt5.dll
2008-11-19 21:29:56 —-A—- D:WINDOWSsystem32wuweb.dll
2008-11-19 21:29:56 —-A—- D:WINDOWSsystem32wucltui.dll
2008-11-19 21:29:56 —-A—- D:WINDOWSsystem32wuauserv.dll
2008-11-19 21:29:56 —-A—- D:WINDOWSsystem32wuaueng1.dll
2008-11-19 21:29:54 —-A—- D:WINDOWSsystem32wups.dll
2008-11-19 21:29:54 —-A—- D:WINDOWSsystem32wuaueng.dll
2008-11-19 21:29:54 —-A—- D:WINDOWSsystem32wuauclt1.exe
2008-11-19 21:29:54 —-A—- D:WINDOWSsystem32wuauclt.exe
2008-11-19 21:29:53 —-A—- D:WINDOWSsystem32wuapi.dll
2008-11-19 21:29:53 —-A—- D:WINDOWSsystem32qmgrprxy.dll
2008-11-19 21:29:53 —-A—- D:WINDOWSsystem32bitsprx3.dll
2008-11-19 21:29:53 —-A—- D:WINDOWSsystem32bitsprx2.dll
2008-11-19 21:29:52 —-A—- D:WINDOWSsystem32qmgr.dll
2008-11-19 21:29:44 —-A—- D:WINDOWSsystem32safrslv.dll
2008-11-19 21:29:44 —-A—- D:WINDOWSsystem32safrdm.dll
2008-11-19 21:29:44 —-A—- D:WINDOWSsystem32safrcdlg.dll
2008-11-19 21:29:43 —-A—- D:WINDOWSsystem32racpldlg.dll
2008-11-19 21:29:33 —-A—- D:WINDOWSsystem32fltMc.exe
2008-11-19 21:29:33 —-A—- D:WINDOWSsystem32fltlib.dll
2008-11-19 21:29:32 —-A—- D:WINDOWSsystem32srrstr.dll
2008-11-19 21:29:31 —-A—- D:WINDOWSsystem32srsvc.dll
2008-11-19 21:29:31 —-A—- D:WINDOWSsystem32srclient.dll
2008-11-19 21:29:30 —-A—- D:WINDOWSsystem32ils.dll
2008-11-19 21:29:29 —-A—- D:WINDOWSsystem32nmmkcert.dll
2008-11-19 21:29:29 —-A—- D:WINDOWSsystem32mnmdd.dll
2008-11-19 21:29:29 —-A—- D:WINDOWSsystem32isrdbg32.dll
2008-11-19 21:29:28 —-A—- D:WINDOWSsystem32msoert2.dll
2008-11-19 21:29:28 —-A—- D:WINDOWSsystem32msoeacct.dll
2008-11-19 21:29:28 —-A—- D:WINDOWSsystem32msconf.dll
2008-11-19 21:29:28 —-A—- D:WINDOWSsystem32mnmsrvc.exe
2008-11-19 21:29:26 —-A—- D:WINDOWSsystem32inetres.dll
2008-11-19 21:29:25 —-A—- D:WINDOWSsystem32inetcomm.dll
2008-11-19 21:29:22 —-A—- D:WINDOWSsystem32schedsvc.dll
2008-11-19 21:29:21 —-A—- D:WINDOWSsystem32mstinit.exe
2008-11-19 21:29:21 —-A—- D:WINDOWSsystem32mstask.dll
2008-11-19 21:29:20 —-A—- D:WINDOWSsystem32isign32.dll
2008-11-19 21:29:20 —-A—- D:WINDOWSsystem32icwphbk.dll
2008-11-19 21:29:20 —-A—- D:WINDOWSsystem32icwdial.dll
2008-11-19 21:29:19 —-A—- D:WINDOWSsystem32inetcfg.dll
2008-11-19 21:28:07 —-A—- D:WINDOWSvbaddin.ini
2008-11-19 21:28:07 —-A—- D:WINDOWSvb.ini
2008-11-19 21:27:39 —-A—- D:WINDOWSsystem32uWDF.exe
2008-11-19 21:27:38 —-A—- D:WINDOWSsystem32WMPEncEn.dll
2008-11-19 21:27:38 —-A—- D:WINDOWSsystem32WdfMgr.exe
2008-11-19 21:27:37 —-A—- D:WINDOWSsystem32WMVADVE.DLL
2008-11-19 21:27:37 —-A—- D:WINDOWSsystem32WMVADVD.DLL
2008-11-19 21:27:37 —-A—- D:WINDOWSsystem32audiodev.dll
2008-11-19 21:27:36 —-A—- D:WINDOWSsystem32wmdrmdev.dll
2008-11-19 21:27:35 —-A—- D:WINDOWSsystem32WPDSp.dll
2008-11-19 21:27:35 —-A—- D:WINDOWSsystem32wpdmtpdr.dll
2008-11-19 21:27:35 —-A—- D:WINDOWSsystem32wpdmtp.dll
2008-11-19 21:27:35 —-A—- D:WINDOWSsystem32wmpsrcwp.dll
2008-11-19 21:27:35 —-A—- D:WINDOWSsystem32wmdrmnet.dll
2008-11-19 21:27:34 —-A—- D:WINDOWSsystem32wpdtrace.dll
2008-11-19 21:27:34 —-A—- D:WINDOWSsystem32wpdmtpus.dll
2008-11-19 21:27:34 —-A—- D:WINDOWSsystem32wpdconns.dll
2008-11-19 21:27:34 —-A—- D:WINDOWSsystem32wpd_ci.dll
2008-11-19 21:27:34 —-A—- D:WINDOWSsystem32WdfApi.dll
2008-11-19 21:27:22 —-D—- D:Program FilesWinDjView
2008-11-19 21:27:20 —-A—- D:WINDOWSsystem32StartX.exe
2008-11-19 21:27:18 —-A—- D:WINDOWSsystem32msxml6r.dll
2008-11-19 21:27:17 —-A—- D:WINDOWSsystem32msxml5r.dll
2008-11-19 21:27:17 —-A—- D:WINDOWSsystem32msxml5.dll
2008-11-19 21:27:17 —-A—- D:WINDOWSsystem32msxml4r.dll
2008-11-19 21:27:16 —-D—- D:WINDOWSsystem32ru
2008-11-19 21:27:16 —-A—- D:WINDOWSsystem32mmcperf.exe
2008-11-19 21:27:16 —-A—- D:WINDOWSsystem32mmcfxcommon.dll
2008-11-19 21:27:16 —-A—- D:WINDOWSsystem32mmcex.dll
2008-11-19 21:27:16 —-A—- D:WINDOWSsystem32microsoft.managementconsole.dll
2008-11-19 21:27:08 —-D—- D:Program FilesMiranda IM
2008-11-19 21:26:56 —-D—- D:Program FilesIrfanView
2008-11-19 21:26:53 —-A—- D:WINDOWSsystem32vsfilter.dll
2008-11-19 21:26:52 —-A—- D:WINDOWSsystem32xvidcore.dll
2008-11-19 21:26:45 —-D—- D:Program Files7-Zip
2008-11-19 21:26:44 —-A—- D:WINDOWSsystem32write.exe
2008-11-19 21:26:36 —-A—- D:WINDOWSsystem32sndvol32.exe
2008-11-19 21:26:36 —-A—- D:WINDOWSsystem32hticons.dll
2008-11-19 21:26:36 —-A—- D:WINDOWSsystem32avwav.dll
2008-11-19 21:26:35 —-A—- D:WINDOWSsystem32winchat.exe
2008-11-19 21:26:35 —-A—- D:WINDOWSsystem32avtapi.dll
2008-11-19 21:26:35 —-A—- D:WINDOWSsystem32avmeter.dll
2008-11-19 21:26:24 —-A—- D:WINDOWSsystem32getuname.dll
2008-11-19 21:26:24 —-A—- D:WINDOWSsystem32charmap.exe
2008-11-19 21:26:23 —-A—- D:WINDOWSsystem32sol.exe
2008-11-19 21:26:23 —-A—- D:WINDOWSsystem32calc.exe
2008-11-19 21:26:22 —-A—- D:WINDOWSsystem32winmine.exe
2008-11-19 21:26:22 —-A—- D:WINDOWSsystem32reset.exe
2008-11-19 21:26:22 —-A—- D:WINDOWSsystem32mshearts.exe
2008-11-19 21:26:22 —-A—- D:WINDOWSsystem32freecell.exe
2008-11-19 21:26:21 —-A—- D:WINDOWSsystem32usrlogon.cmd
2008-11-19 21:26:21 —-A—- D:WINDOWSsystem32tsshutdn.exe
2008-11-19 21:26:21 —-A—- D:WINDOWSsystem32tslabels.ini
2008-11-19 21:26:21 —-A—- D:WINDOWSsystem32tskill.exe
2008-11-19 21:26:21 —-A—- D:WINDOWSsystem32tsdiscon.exe
2008-11-19 21:26:21 —-A—- D:WINDOWSsystem32tscon.exe
2008-11-19 21:26:21 —-A—- D:WINDOWSsystem32shadow.exe
2008-11-19 21:26:21 —-A—- D:WINDOWSsystem32rwinsta.exe
2008-11-19 21:26:21 —-A—- D:WINDOWSsystem32regini.exe
2008-11-19 21:26:21 —-A—- D:WINDOWSsystem32rdpcfgex.dll
2008-11-19 21:26:20 —-A—- D:WINDOWSsystem32qwinsta.exe
2008-11-19 21:26:20 —-A—- D:WINDOWSsystem32qappsrv.exe
2008-11-19 21:26:20 —-A—- D:WINDOWSsystem32msg.exe
2008-11-19 21:26:20 —-A—- D:WINDOWSsystem32logoff.exe
2008-11-19 21:26:20 —-A—- D:WINDOWSsystem32cdmodem.dll
2008-11-19 21:26:19 —-A—- D:WINDOWSsystem32msdtcprf.ini
2008-11-19 21:26:18 —-A—- D:WINDOWSsystem32dcomcnfg.exe
2008-11-19 21:26:17 —-A—- D:WINDOWSsystem32mtxlegih.dll
2008-11-19 21:26:17 —-A—- D:WINDOWSsystem32mtxex.dll
2008-11-19 21:26:17 —-A—- D:WINDOWSsystem32mtxdm.dll
2008-11-19 21:26:17 —-A—- D:WINDOWSsystem32comrepl.dll
2008-11-19 21:26:17 —-A—- D:WINDOWSsystem32comaddin.dll
2008-11-19 21:26:16 —-A—- D:WINDOWSsystem32stclient.dll
2008-11-19 21:26:16 —-A—- D:WINDOWSsystem32comsnap.dll
2008-11-19 21:26:06 —-A—- D:WINDOWSsystem32wmimgmt.msc
2008-11-19 21:26:04 —-A—- D:WINDOWSsystem32accwiz.exe
2008-11-19 21:26:03 —-A—- D:WINDOWSsystem32sndrec32.exe
2008-11-19 21:26:03 —-A—- D:WINDOWSsystem32mplay32.exe
2008-11-19 21:26:02 —-A—- D:WINDOWSsystem32hypertrm.dll
2008-11-19 21:26:01 —-A—- D:WINDOWSsystem32mspaint.exe
2008-11-19 21:26:00 —-A—- D:WINDOWSsystem32clipbrd.exe
2008-11-19 21:25:59 —-A—- D:WINDOWSsystem32spider.exe
2008-11-19 21:25:58 —-A—- D:WINDOWSsystem32tscfgwmi.dll
2008-11-19 21:25:57 —-A—- D:WINDOWSsystem32remotepg.dll
2008-11-19 21:25:57 —-A—- D:WINDOWSsystem32mstscax.dll
2008-11-19 21:25:57 —-A—- D:WINDOWSsystem32mstsc.exe
2008-11-19 21:25:56 —-A—- D:WINDOWSsystem32tscupgrd.exe
2008-11-19 21:25:56 —-A—- D:WINDOWSsystem32sessmgr.exe
2008-11-19 21:25:56 —-A—- D:WINDOWSsystem32rdshost.exe
2008-11-19 21:25:56 —-A—- D:WINDOWSsystem32rdsaddin.exe
2008-11-19 21:25:56 —-A—- D:WINDOWSsystem32rdchost.dll
2008-11-19 21:25:55 —-A—- D:WINDOWSsystem32termsrv.dll
2008-11-19 21:25:55 —-A—- D:WINDOWSsystem32rdpwsx.dll
2008-11-19 21:25:55 —-A—- D:WINDOWSsystem32rdpsnd.dll
2008-11-19 21:25:54 —-A—- D:WINDOWSsystem32rdpclip.exe
2008-11-19 21:25:54 —-A—- D:WINDOWSsystem32qprocess.exe
2008-11-19 21:25:54 —-A—- D:WINDOWSsystem32icaapi.dll
2008-11-19 21:25:54 —-A—- D:WINDOWSsystem32cfgbkend.dll
2008-11-19 21:25:53 —-A—- D:WINDOWSsystem32mtxoci.dll
2008-11-19 21:25:53 —-A—- D:WINDOWSsystem32msdtcuiu.dll
2008-11-19 21:25:52 —-A—- D:WINDOWSsystem32msdtcprx.dll
2008-11-19 21:25:51 —-A—- D:WINDOWSsystem32xolehlp.dll
2008-11-19 21:25:51 —-A—- D:WINDOWSsystem32msdtctm.dll
2008-11-19 21:25:51 —-A—- D:WINDOWSsystem32msdtclog.dll
2008-11-19 21:25:51 —-A—- D:WINDOWSsystem32msdtc.exe
2008-11-19 21:25:48 —-A—- D:WINDOWSsystem32colbact.dll
2008-11-19 21:25:48 —-A—- D:WINDOWSsystem32clbcatex.dll
2008-11-19 21:25:48 —-A—- D:WINDOWSsystem32catsrvps.dll
2008-11-19 21:25:47 —-A—- D:WINDOWSsystem32catsrvut.dll
2008-11-19 21:25:47 —-A—- D:WINDOWSsystem32catsrv.dll
2008-11-19 21:25:46 —-A—- D:WINDOWSsystem32comsvcs.dll
2008-11-19 21:25:45 —-A—- D:WINDOWSsystem32comuid.dll
2008-11-19 21:25:44 —-A—- D:WINDOWSsystem32clbcatq.dll
2008-11-19 21:25:30 —-A—- D:WINDOWSsystem32servdeps.dll
2008-11-19 21:25:30 —-A—- D:WINDOWSsystem32mmfutil.dll
2008-11-19 21:25:29 —-A—- D:WINDOWSsystem32licwmi.dll
2008-11-19 21:25:29 —-A—- D:WINDOWSsystem32cmprops.dll
2008-11-19 20:28:58 —-D—- D:Program FilesCommon FilesTarget Marketing Agency
2008-11-19 20:19:50 —-D—- D:WINDOWSsystem32appmgmt
2008-11-18 23:15:42 —-SHD—- D:RECYCLER
2008-11-18 23:09:11 —-D—- D:WINDOWStemp
2008-11-18 22:54:22 —-D—- D:WINDOWSERDNT
2008-11-16 18:38:38 —-ASH—- D:desktop.ini
2008-11-12 08:26:33 —-D—- D:Program FilesGoogle
2008-11-12 03:12:15 —-HDC—- D:WINDOWS$NtUninstallKB957097$
2008-11-12 03:06:50 —-HDC—- D:WINDOWS$NtUninstallKB955069$
2008-11-11 22:45:00 —-D—- D:Program FilesCommon FilesYandex
2008-10-31 00:07:01 —-D—- D:WINDOWSnview
2008-10-28 00:59:33 —-D—- D:WINDOWSassembly
2008-10-28 00:59:23 —-D—- D:WINDOWSMicrosoft.NET======List of files/folders modified in the last 1 months======
2008-11-27 16:58:26 —-D—- D:WINDOWSsystem32CatRoot2
2008-11-27 16:55:57 —-HD—- D:WINDOWSsystem32drivers
2008-11-27 15:52:42 —-D—- D:WINDOWSPrefetch
2008-11-27 00:49:57 —-RD—- D:Program Files
2008-11-27 00:16:02 —-D—- D:WINDOWSsystem32
2008-11-26 22:52:50 —-D—- D:WINDOWS
2008-11-26 09:45:00 —-HD—- D:WINDOWSinf
2008-11-25 15:57:22 —-D—- D:WINDOWSsystem32CatRoot
2008-11-25 15:56:02 —-D—- D:WINDOWSsystem32CatRoot_bak
2008-11-25 13:17:14 —-D—- D:WINDOWSsystem
2008-11-25 13:16:58 —-D—- D:Program FilesAvRack
2008-11-25 12:41:27 —-D—- D:WINDOWSHelp
2008-11-25 09:56:37 —-RSHDC—- D:WINDOWSsystem32dllcache
2008-11-23 22:28:33 —-D—- D:WINDOWSsystem32wbem
2008-11-20 19:05:03 —-D—- D:Program FilesK-Lite Codec Pack
2008-11-20 03:31:46 —-HDC—- D:WINDOWS$NtUninstallKB956841$
2008-11-20 03:31:03 —-SHD—- D:WINDOWSInstaller
2008-11-20 03:23:49 —-HDC—- D:WINDOWS$NtUninstallKB923689$
2008-11-20 03:20:04 —-HDC—- D:WINDOWS$NtUninstallKB952287$
2008-11-20 03:18:49 —-HDC—- D:WINDOWS$NtUninstallKB951066$
2008-11-20 03:16:51 —-HDC—- D:WINDOWS$NtUninstallKB958644$
2008-11-20 03:14:00 —-D—- D:Program FilesInternet Explorer
2008-11-20 03:13:37 —-HDC—- D:WINDOWS$NtUninstallKB956390$
2008-11-20 03:06:37 —-HDC—- D:WINDOWS$NtUninstallKB936782_WMP10$
2008-11-20 01:28:51 —-HD—- D:WINDOWS$hf_mig$
2008-11-20 00:20:03 —-A—- D:WINDOWSsystem.ini
2008-11-20 00:16:35 —-D—- D:WINDOWSWinSxS
2008-11-20 00:16:18 —-D—- D:WINDOWSDebug
2008-11-20 00:14:55 —-D—- D:WINDOWSsystem32Setup
2008-11-20 00:14:53 —-D—- D:WINDOWSsystem32usmt
2008-11-20 00:14:42 —-D—- D:WINDOWSAppPatch
2008-11-20 00:14:31 —-D—- D:WINDOWSehome
2008-11-20 00:14:30 —-D—- D:WINDOWSime
2008-11-20 00:14:27 —-D—- D:WINDOWSMedia
2008-11-20 00:14:14 —-D—- D:WINDOWSPeerNet
2008-11-20 00:13:52 —-D—- D:WINDOWSsystem32npp
2008-11-20 00:13:44 —-D—- D:WINDOWSmsagent
2008-11-20 00:08:51 —-D—- D:WINDOWSsystem321049
2008-11-20 00:08:37 —-D—- D:WINDOWStwain_32
2008-11-20 00:08:05 —-D—- D:WINDOWSsystem32ras
2008-11-20 00:07:34 —-D—- D:WINDOWSsystem32icsxml
2008-11-20 00:06:57 —-D—- D:WINDOWSsystem321033
2008-11-20 00:06:00 —-A—- D:WINDOWSwin.ini
2008-11-20 00:05:18 —-RSD—- D:WINDOWSFonts
2008-11-20 00:05:15 —-HD—- D:WINDOWSShellNew
2008-11-20 00:01:05 —-D—- D:Program FilesCommon FilesMicrosoft Shared
2008-11-19 23:52:30 —-D—- D:WINDOWSusbbin
2008-11-19 23:52:16 —-D—- D:WINDOWSsystem32color
2008-11-19 23:51:51 —-HDC—- D:WINDOWS$NtUninstallKB957095$
2008-11-19 23:51:51 —-HDC—- D:WINDOWS$NtUninstallKB956803$
2008-11-19 23:51:51 —-HDC—- D:WINDOWS$NtUninstallKB956391$
2008-11-19 23:51:51 —-HDC—- D:WINDOWS$NtUninstallKB954211$
2008-11-19 23:51:51 —-HDC—- D:WINDOWS$NtUninstallKB953839$
2008-11-19 23:51:51 —-HDC—- D:WINDOWS$NtUninstallKB953838$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB952954$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB951748$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB951698$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB951376-v2$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB951072-v2$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB950974$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB950762$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB950760$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB950759$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB950749$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB948881$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB948590$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB947864$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB946648$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB946026$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB945553$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB944653$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB944338$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB943485$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB943460$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB943055$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB941693$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB941644$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB941569$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB941568$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB941202$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB938828$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB938127$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB937894$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB936357$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB936021$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB935840$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB935839$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB933729$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB932168$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB931784$
2008-11-19 23:51:50 —-HDC—- D:WINDOWS$NtUninstallKB931261$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB930916$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB930178$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB929123$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB928843$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB928255$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB927891$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB927802$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB927779$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB926436$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB926255$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB925902$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB925398_WMP64$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB924667$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB924496$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB924270$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB923980$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB923414$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB923191$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB922819$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB922582$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB920872$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB920685$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB920683$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB920670$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB920213$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB919007$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB918439$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB918118$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB916595$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB914389$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB914388$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB913580$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB911927$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB911564$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB911562$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB911280$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB910437$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB908531$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB908519$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB905749$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB905414$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB902400$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB901214$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB901017$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB900725$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB900485$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB899591$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB899587$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB896428$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB896423$
2008-11-19 23:51:49 —-HDC—- D:WINDOWS$NtUninstallKB896358$
2008-11-19 23:51:48 —-HDC—- D:WINDOWS$NtUninstallKB894391$
2008-11-19 23:51:48 —-HDC—- D:WINDOWS$NtUninstallKB893756$
2008-11-19 23:51:48 —-HDC—- D:WINDOWS$NtUninstallKB891781$
2008-11-19 23:51:48 —-HDC—- D:WINDOWS$NtUninstallKB890859$
2008-11-19 23:51:48 —-HDC—- D:WINDOWS$NtUninstallKB888302$
2008-11-19 23:51:48 —-HDC—- D:WINDOWS$NtUninstallKB887472$
2008-11-19 23:51:48 —-HDC—- D:WINDOWS$NtUninstallKB886185$
2008-11-19 23:51:48 —-HDC—- D:WINDOWS$NtUninstallKB885836$
2008-11-19 23:51:48 —-HDC—- D:WINDOWS$NtUninstallKB873339$
2008-11-19 23:51:48 —-HDC—- D:WINDOWS$MSI31Uninstall_KB893803v2$
2008-11-19 23:50:44 —-D—- D:Program FilesCommon FilesReGet Shared
2008-11-19 23:38:59 —-D—- D:WINDOWSsystem32Samsung PC Studio Codecs
2008-11-19 22:52:09 —-RD—- D:Фильмы 2
2008-11-19 22:05:47 —-D—- D:Program FilesKaspersky Lab
2008-11-19 21:41:18 —-D—- D:Documents and Settings
2008-11-19 21:41:11 —-D—- D:WINDOWSSoftwareDistribution
2008-11-19 21:40:25 —-SHD—- D:System Volume Information
2008-11-19 21:40:25 —-D—- D:WINDOWSsystem32Restore
2008-11-19 21:40:23 —-SD—- D:WINDOWSTasks
2008-11-19 21:39:50 —-D—- D:WINDOWSsystem32config
2008-11-19 21:35:01 —-D—- D:WINDOWSsecurity
2008-11-19 21:35:01 —-D—- D:WINDOWSrepair
2008-11-19 21:33:37 —-D—- D:Program FilesWindows Media Player
2008-11-19 21:33:31 —-D—- D:WINDOWSRegistration
2008-11-19 21:33:14 —-D—- D:WINDOWSsystem32ias
2008-11-19 21:32:17 —-RD—- D:WINDOWSWeb
2008-11-19 21:32:12 —-SD—- D:WINDOWSDownloaded Program Files
2008-11-19 21:32:12 —-RD—- D:WINDOWSOffline Web Pages
2008-11-19 21:31:34 —-D—- D:WINDOWSsrchasst
2008-11-19 21:30:40 —-D—- D:WINDOWSsystem32oobe
2008-11-19 21:29:27 —-D—- D:Program FilesOutlook Express
2008-11-19 21:29:27 —-D—- D:Program FilesCommon FilesSystem
2008-11-19 21:28:22 —-D—- D:WINDOWSsystem32Com
2008-11-19 21:27:57 —-D—- D:WINDOWSsystem32MsDtc
2008-11-19 21:27:33 —-D—- D:Program FilesWinRAR
2008-11-19 21:26:44 —-D—- D:WINDOWSCursors
2008-11-19 21:26:36 —-D—- D:Program FilesWindows NT
2008-11-19 20:28:58 —-D—- D:Program FilesCommon Files
2008-10-30 09:37:48 —-HD—- D:Program FilesInstallShield Installation Information======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Драйвер Intel процессора; D:WINDOWSsystem32DRIVERSintelppm.sys [2006-09-13 40448]
R1 klif;Klif; ??D:WINDOWSsystem32driversklif.sys []
R2 ElbyCDIO;ElbyCDIO Driver; D:WINDOWSSystem32DriversElbyCDIO.sys [2005-04-21 10624]
R3 ALCXSENS;Service for WDM 3D Audio Driver; D:WINDOWSsystem32driversALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:WINDOWSsystem32driversALCXWDM.SYS [2003-08-21 462940]
R3 ElbyCDFL;ElbyCDFL; D:WINDOWSSystem32DriversElbyCDFL.sys [2005-05-03 27392]
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; D:WINDOWSsystem32DRIVERSdlkfet5b.sys [2005-01-19 43008]
R3 hidusb;Драйвер класса HID Microsoft; D:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; D:WINDOWSsystem32DRIVERSklim5.sys [2007-04-04 24344]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; D:WINDOWSsystem32driversmsmpu401.sys [2001-08-18 2944]
R3 nv;nv; D:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-05-16 6557408]
R3 pcouffin;VSO Software pcouffin; D:WINDOWSSystem32Driverspcouffin.sys [2008-11-19 47360]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; D:WINDOWSsystem32DRIVERSusbehci.sys [2006-09-13 30080]
R3 usbhub;USB2 концентратор; D:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-18 57600]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; D:WINDOWSsystem32DRIVERSusbuhci.sys [2006-09-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; D:WINDOWSsystem32driversWmBEnum.sys [2004-04-14 10144]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; D:WINDOWSsystem32driversWmBEnum.sys [2004-04-14 10144]
R3 WmFilter;Logitech WingMan HID Filter Driver; D:WINDOWSsystem32driversWmFilter.sys [2004-04-14 21280]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; D:WINDOWSsystem32driversWmXlCore.sys [2004-04-14 44064]
S1 kbdhid;Драйвер клавиатуры HID; D:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-17 14848]
S3 mouhid;Драйвер мыши HID; D:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); D:WINDOWSsystem32DRIVERSss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; D:WINDOWSsystem32DRIVERSss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; D:WINDOWSsystem32DRIVERSss_mdm.sys [2005-08-30 94000]
S3 USBSTOR;Драйвер запоминающих устройств для USB; D:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WmVirHid;Logitech Virtual Hid Device Driver; D:WINDOWSsystem32driversWmVirHid.sys [2004-04-14 5600]
S4 sfc;sfc; D:WINDOWSsystem32driverssfc.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Kaspersky Internet Security 7.0; D:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe [2007-06-28 218376]
R2 NVSvc;NVIDIA Display Driver Service; D:WINDOWSsystem32nvsvc32.exe [2008-05-16 159812]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); D:Program FilesCyberLinkShared filesRichVideo.exe [2005-08-08 167936]
S3 ose;Office Source Engine; D:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S4 UMWdf;Компонент драйверов пользовательского режима Windows; D:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
EOF
