Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My PC is full of Trojans... :( [Closed]

Started by AlexIT , Oct 30 2009 03:52 AM

  • This topic is locked This topic is locked

#1
AlexIT
Posted 30 October 2009 - 03:52 AM

AlexIT

    Member

  • Member
  • PipPip
  • 76 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:24, on 30.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\WebMoney Agent\wmagent.exe
D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
D:\Program Files\Nero\Nero 7\InCD\InCD.exe
D:\WINDOWS\system32\bcd3kcpan.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Yandex\Online\online.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe
D:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\PAStiSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Kaspersky Lab\Kaspersky AV for Yandex Online\avp.exe
D:\Program Files\Kaspersky Lab\Kaspersky AV for Yandex Online\avp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\AlexIT\Мои документы\Загрузки\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.km.ru
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Помощник по входу в Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - D:\PROGRA~1\DOWNLO~1\dmiehlp.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [wmagent.exe] "D:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [OpenDNS Update] "D:\Program Files\OpenDNS U
O4 - HKLM\..\Run: [BCD3000] %SystemRoot%\system32\bcd3kcpan.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DigiNotifier] D:\Program Files\DigiNotifier\DigiNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YandexDesktopSearch] "D:\Program Files\Yandex\Desktop\yandesk.exe"
O4 - HKCU\..\Run: [YandexOnline] "D:\Program Files\Yandex\Online\online.exe" -AutoStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "D:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\AlexIT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Yupdate!] "D:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Create virtual drive for Denwer.lnk = C:\WebServers\denwer\Boot.exe
O4 - Global Startup: Air Mouse.lnk = D:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O8 - Extra context menu item: &Закачать все при помощи FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Закачать при помощи FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - D:\Program Files\Download Master\dmieall.htm
O8 - Extra context menu item: Закачать при помощи Download Master - D:\Program Files\Download Master\dmie.htm
O8 - Extra context menu item: Передать на удаленную закачку DM - D:\Program Files\Download Master\remdown.htm
O9 - Extra button: Cтатистика Веб-Антивируса - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky AV for Yandex Online\SCIEPlgn.dll
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - D:\Program Files\Download Master\dmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - D:\Program Files\Download Master\dmaster.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E2249A1-468F-4FD3-BEFA-17F775E724B2}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\vksaver.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Антивирусная защита для Я.Онлайн (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky AV for Yandex Online\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - D:\WINDOWS\system32\services.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - D:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Сервис iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - D:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - D:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - D:\WINDOWS\System32\SCardSvr.exe
O23 - Service: STI Simulator - Unknown owner - D:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - D:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - D:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 11678 bytes

OTL logfile created on: 30.10.2009 10:38:57 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = D:\Documents and Settings\AlexIT\Рабочий стол
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

1022,42 Mb Total Physical Memory | 699,36 Mb Available Physical Memory | 68,40% Memory free
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 72,88% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 8,59 Gb Total Space | 4,39 Gb Free Space | 51,07% Space Free | Partition Type: NTFS
Drive D: | 216,48 Gb Total Space | 2,13 Gb Free Space | 0,98% Space Free | Partition Type: NTFS
Drive E: | 7,79 Gb Total Space | 0,17 Gb Free Space | 2,23% Space Free | Partition Type: FAT32
Drive F: | 289,80 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 931,28 Gb Total Space | 364,27 Gb Free Space | 39,11% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: AlexIT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009.10.30 10:20:48 | 00,521,728 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\AlexIT\Рабочий стол\OTL.exe
PRC - [2009.10.29 12:25:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.07.31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.07.31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.06.22 16:20:24 | 02,558,728 | ---- | M] (ООО Яндекс) -- D:\Program Files\Yandex\Online\online.exe
PRC - [2009.06.16 08:40:42 | 00,209,376 | ---- | M] () -- D:\Program Files\WebMoney Agent\wmagent.exe
PRC - [2009.06.05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- D:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009.06.05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe
PRC - [2009.06.05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.02.16 11:11:44 | 00,269,824 | ---- | M] () -- D:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2008.12.12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008.11.21 19:57:55 | 00,552,960 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) -- D:\WINDOWS\System32\bcd3kcpan.exe
PRC - [2008.10.09 14:54:26 | 17,021,440 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\RTHDCPL.EXE
PRC - [2008.10.07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe
PRC - [2008.09.05 23:30:06 | 00,952,360 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\WgaTray.exe
PRC - [2008.09.01 14:27:14 | 00,479,496 | ---- | M] (ООО "ЯНДЕКС") -- D:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe
PRC - [2008.01.25 12:58:00 | 00,221,184 | ---- | M] (Kaspersky Lab) -- D:\Program Files\Kaspersky Lab\Kaspersky AV for Yandex Online\avp.exe
PRC - [2007.06.01 10:21:30 | 01,209,904 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:30 | 00,271,920 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007.06.01 10:21:08 | 00,153,136 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.06.01 10:06:06 | 01,629,744 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007.06.01 10:05:56 | 01,551,408 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007.06.01 10:05:46 | 01,057,328 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007.05.15 17:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company) -- D:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007.03.29 15:41:26 | 00,222,128 | ---- | M] (Macrovision Corporation) -- D:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2005.01.14 09:32:38 | 00,053,248 | ---- | M] () -- D:\WINDOWS\System32\PAStiSvc.exe
PRC - [2004.08.17 13:05:12 | 00,126,464 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\wbem\wmiapsrv.exe
PRC - [2004.08.17 13:05:12 | 00,013,824 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wscntfy.exe
PRC - [2004.08.17 13:05:10 | 00,503,808 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\winlogon.exe
PRC - [2004.08.17 13:05:06 | 00,050,688 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\smss.exe
PRC - [2004.08.17 13:05:04 | 00,108,544 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\services.exe
PRC - [2004.08.17 13:05:04 | 00,033,280 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\RUNDLL32.EXE
PRC - [2004.08.17 13:04:48 | 01,032,704 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\Explorer.EXE
PRC - [2003.06.19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Win32 Services (SafeList) ==========

SRV - [2009.07.31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009.06.05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009.06.05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009.04.24 12:05:16 | 00,072,704 | ---- | M] (Adobe Systems) -- D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009.03.25 03:46:12 | 00,183,280 | ---- | M] (Google) -- D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008.12.14 22:13:52 | 00,024,064 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\dmserver.dll -- (dmserver [Auto | Running])
SRV - [2008.12.12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008.10.07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2008.06.20 18:42:17 | 00,247,296 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\mswsock.dll -- (Nla [On_Demand | Running])
SRV - [2008.01.25 12:58:00 | 00,221,184 | ---- | M] (Kaspersky Lab) -- D:\Program Files\Kaspersky Lab\Kaspersky AV for Yandex Online\avp.exe -- (AVP [On_Demand | Running])
SRV - [2007.11.06 21:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- D:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2007.10.25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007.10.18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007.06.01 10:21:30 | 00,271,920 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2007.06.01 10:05:56 | 01,551,408 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2007.05.15 17:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company) -- D:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007.04.13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2006.11.02 22:06:32 | 00,914,944 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005.09.23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005.09.23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005.01.14 09:32:38 | 00,053,248 | ---- | M] () -- D:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
SRV - [2004.08.17 15:04:20 | 00,027,136 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2004.08.17 13:16:30 | 00,359,936 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\wzcsvc.dll -- (WZCSVC [Auto | Running])
SRV - [2004.08.17 13:05:12 | 00,126,464 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Running])
SRV - [2004.08.17 13:05:10 | 00,290,304 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\vssvc.exe -- (VSS [On_Demand | Stopped])
SRV - [2004.08.17 13:05:08 | 00,073,216 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
SRV - [2004.08.17 13:05:06 | 00,141,312 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\sessmgr.exe -- (RDSessMgr [On_Demand | Stopped])
SRV - [2004.08.17 13:05:06 | 00,091,648 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\smlogsvc.exe -- (SysmonLog [On_Demand | Stopped])
SRV - [2004.08.17 13:05:04 | 00,108,544 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\services.exe -- (PlugPlay [Auto | Running])
SRV - [2004.08.17 13:05:04 | 00,108,544 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\services.exe -- (Eventlog [Auto | Running])
SRV - [2004.08.17 13:05:04 | 00,096,768 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\SCardSvr.exe -- (SCardSvr [On_Demand | Stopped])
SRV - [2004.08.17 13:04:58 | 00,113,664 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\netdde.exe -- (NetDDEdsdm [Disabled | Stopped])
SRV - [2004.08.17 13:04:58 | 00,113,664 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\netdde.exe -- (NetDDE [Disabled | Stopped])
SRV - [2004.08.17 13:04:54 | 00,032,768 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\mnmsrvc.exe -- (mnmsrvc [On_Demand | Stopped])
SRV - [2004.08.17 13:04:52 | 00,150,016 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\imapi.exe -- (ImapiService [On_Demand | Stopped])
SRV - [2004.08.17 13:04:36 | 00,145,408 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\wbem\WMIsvc.dll -- (winmgmt [Auto | Running])
SRV - [2004.08.17 13:04:34 | 00,333,312 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\wiaservc.dll -- (stisvc [Auto | Running])
SRV - [2004.08.17 13:04:34 | 00,295,936 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\termsrv.dll -- (TermService [On_Demand | Running])
SRV - [2004.08.17 13:04:34 | 00,246,272 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\tapisrv.dll -- (TapiSrv [On_Demand | Running])
SRV - [2004.08.17 13:04:34 | 00,185,344 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\upnphost.dll -- (upnphost [On_Demand | Running])
SRV - [2004.08.17 13:04:34 | 00,175,104 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\w32time.dll -- (W32Time [Auto | Running])
SRV - [2004.08.17 13:04:32 | 00,170,496 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\srsvc.dll -- (srservice [Auto | Running])
SRV - [2004.08.17 13:04:30 | 00,191,488 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\schedsvc.dll -- (Schedule [Auto | Running])
SRV - [2004.08.17 13:04:30 | 00,135,168 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\shsvcs.dll -- (Themes [Auto | Running])
SRV - [2004.08.17 13:04:30 | 00,135,168 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection [Auto | Running])
SRV - [2004.08.17 13:04:30 | 00,135,168 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\shsvcs.dll -- (FastUserSwitchingCompatibility [On_Demand | Running])
SRV - [2004.08.17 13:04:30 | 00,018,944 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\seclogon.dll -- (seclogon [Auto | Running])
SRV - [2004.08.17 13:04:28 | 00,436,736 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\ntmssvc.dll -- (NtmsSvc [On_Demand | Stopped])
SRV - [2004.08.17 13:04:28 | 00,382,464 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\qmgr.dll -- (BITS [Auto | Running])
SRV - [2004.08.17 13:04:28 | 00,198,144 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\netman.dll -- (Netman [On_Demand | Running])
SRV - [2004.08.17 13:04:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004.08.17 13:04:20 | 00,331,264 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess [Auto | Running])
SRV - [2004.08.17 13:04:14 | 00,110,592 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp [Auto | Running])
SRV - [2004.08.17 13:04:14 | 00,045,568 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache [Auto | Running])
SRV - [2004.08.17 13:04:10 | 00,687,104 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\advapi32.dll -- (Wmi [On_Demand | Stopped])
SRV - [2004.08.17 13:04:10 | 00,171,008 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\appmgmts.dll -- (AppMgmt [On_Demand | Stopped])
SRV - [2003.07.28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003.06.19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

========== Modules (SafeList) ==========

MOD - [2009.10.30 10:20:48 | 00,521,728 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\AlexIT\Рабочий стол\OTL.exe
MOD - [2009.04.23 07:28:26 | 00,023,552 | ---- | M] () -- D:\WINDOWS\System32\vksaver.dll
MOD - [2008.10.16 11:39:41 | 00,474,112 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\SHLWAPI.dll
MOD - [2008.07.03 14:16:01 | 08,472,064 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\shell32.dll
MOD - [2004.08.17 13:05:16 | 00,146,944 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\winspool.drv
MOD - [2004.08.17 13:04:36 | 00,177,152 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\winmm.dll
MOD - [2004.08.17 13:04:36 | 00,172,544 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\WLDAP32.dll
MOD - [2004.08.17 13:04:34 | 00,577,536 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\user32.dll
MOD - [2004.08.17 13:04:34 | 00,219,648 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\uxtheme.dll
MOD - [2004.08.17 13:04:30 | 00,990,208 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\SETUPAPI.dll
MOD - [2004.08.17 13:04:28 | 01,281,024 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\ole32.dll
MOD - [2004.08.17 13:04:28 | 00,119,296 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\NTMARTA.DLL
MOD - [2004.08.17 13:04:22 | 00,294,400 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\MSCTF.dll
MOD - [2004.08.17 13:04:20 | 00,989,696 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\kernel32.dll
MOD - [2004.08.17 13:04:10 | 00,687,104 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\ADVAPI32.dll
MOD - [2004.08.17 13:04:06 | 00,712,192 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\ntdll.dll
MOD - [2004.08.17 13:01:56 | 01,050,624 | R--- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.km.ru
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\System32\shdocvw.dll (Корпорация Майкрософт)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.1.7
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.02.10 19:44:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009.10.29 12:25:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009.10.29 12:25:14 | 00,000,000 | ---D | M]

[2008.10.30 01:58:52 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\mozilla\Extensions
[2008.10.30 01:58:52 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.10.30 09:19:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\mozilla\Firefox\Profiles\fpf36mpe.default\extensions
[2009.08.22 21:35:37 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\mozilla\Firefox\Profiles\fpf36mpe.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2008.12.10 19:21:29 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\mozilla\Firefox\Profiles\fpf36mpe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.08.21 21:39:39 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\mozilla\Firefox\Profiles\fpf36mpe.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2009.05.15 19:25:06 | 00,000,655 | ---- | M] () -- D:\Documents and Settings\AlexIT\Application Data\Mozilla\FireFox\Profiles\fpf36mpe.default\searchplugins\yahoo-search.xml
[2009.10.29 21:15:37 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2009.10.29 12:25:14 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.10.30 03:42:55 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009.02.10 19:44:32 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009.03.31 07:50:07 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.26 08:14:22 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.10.21 00:24:26 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.10.29 12:25:02 | 00,023,544 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.10.29 12:25:02 | 00,137,208 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008.08.06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- D:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009.07.31 14:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008.09.16 07:18:20 | 00,122,880 | ---- | M] (WestByte) -- D:\Program Files\mozilla firefox\plugins\npdm.dll
[2009.10.29 12:25:05 | 00,065,016 | ---- | M] (mozilla.org) -- D:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007.03.22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- D:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009.02.27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008.09.10 20:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009.06.17 18:56:57 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009.06.17 18:56:57 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009.06.17 18:56:57 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009.06.17 18:56:57 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009.06.17 18:56:57 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009.06.17 18:56:57 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009.06.17 18:56:57 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008.09.10 20:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009.08.21 21:38:21 | 00,002,371 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.08.21 21:38:21 | 00,001,122 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\priceru.xml
[2009.08.21 21:38:21 | 00,002,395 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\rambler.xml
[2009.08.21 21:38:21 | 00,001,945 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\torgmailru.xml
[2009.08.21 21:38:21 | 00,001,304 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml
[2009.08.21 21:38:21 | 00,004,072 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
[2009.08.21 21:38:21 | 00,004,281 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yandex.xml

O1 HOSTS File: (0 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Помощник по входу в Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IE 4.x-6.x BHO for Download Master) - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - D:\Program Files\Download Master\dmiehlp.dll (WestByte)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\System32\browseui.dll (Корпорация Майкрософт)
O3 - HKCU\..\Toolbar\WebBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\System32\browseui.dll (Корпорация Майкрософт)
O3 - HKCU\..\Toolbar\WebBrowser: (&Ссылки) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\System32\SHELL32.dll (Корпорация Майкрософт)
O4 - HKLM..\Run: [Adobe ARM] D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCD3000] D:\WINDOWS\System32\bcd3kcpan.exe (Behringer Spezielle Studiotechnik GmbH)
O4 - HKLM..\Run: [DigiNotifier] D:\Program Files\DigiNotifier\DigiNotifier.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpenDNS Update] D:\Program Files\OpenDNS Up\WINDOWS\System32\nwiz.exe File not found
O4 - HKLM..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] D:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SecurDisc] D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [wmagent.exe] D:\Program Files\WebMoney Agent\wmagent.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Google Update] D:\Documents and Settings\AlexIT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [ISUSPM] D:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [YandexDesktopSearch] D:\Program Files\Yandex\Desktop\yandesk.exe File not found
O4 - HKCU..\Run: [YandexOnline] D:\Program Files\Yandex\Online\online.exe (ООО Яндекс)
O4 - HKCU..\Run: [Yupdate!] D:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe (ООО "ЯНДЕКС")
O4 - Startup: D:\Documents and Settings\AlexIT\Главное меню\Программы\Автозагрузка\Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: D:\Documents and Settings\AlexIT\Главное меню\Программы\Автозагрузка\Create virtual drive for Denwer.lnk = C:\WebServers\denwer\Boot.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\Air Mouse.lnk = D:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Закачать все при помощи FlashGet - D:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Закачать при помощи FlashGet - D:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&sporta in Microsoft Excel - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - D:\Program Files\Download Master\dmieall.htm ()
O8 - Extra context menu item: Закачать при помощи Download Master - D:\Program Files\Download Master\dmie.htm ()
O8 - Extra context menu item: Передать на удаленную закачку DM - D:\Program Files\Download Master\remdown.htm ()
O9 - Extra Button: Cтатистика Веб-Антивируса - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky AV for Yandex Online\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - D:\Program Files\Download Master\dmaster.exe (WestByte)
O9 - Extra 'Tools' menuitem : &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - D:\Program Files\Download Master\dmaster.exe (WestByte)
O9 - Extra Button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} https://w3s.webmoney.ru/WMAcceptor.dll (AcceptWM Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\System32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\System32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\System32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\System32\urlmon.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - D:\WINDOWS\System32\SHELL32.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (D:\WINDOWS\system32\vksaver.dll) - D:\WINDOWS\System32\vksaver.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\System32\userinit.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - D:\WINDOWS\System32\logonui.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (Корпорация Майкрософт)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - D:\WINDOWS\System32\crypt32.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - D:\WINDOWS\System32\cscdll.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\klogon: DllName - D:\WINDOWS\system32\klogon.dll - D:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - D:\WINDOWS\System32\sclgntfy.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - D:\WINDOWS\System32\WlNotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - D:\WINDOWS\System32\WgaLogon.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\System32\SHELL32.dll (Корпорация Майкрософт)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\System32\SHELL32.dll (Корпорация Майкрософт)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\System32\stobject.dll (Корпорация Майкрософт)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\System32\webcheck.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Предзагрузчик Browseui - D:\WINDOWS\System32\browseui.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Демон кэша категорий компонентов - D:\WINDOWS\System32\browseui.dll (Корпорация Майкрософт)
O24 - Desktop Components:0 (Моя текущая домашняя страница) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - D:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (digest.dll) - D:\WINDOWS\System32\digest.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (msnsspc.dll) - D:\WINDOWS\System32\msnsspc.dll (Корпорация Майкрософт)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.30 01:48:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.04.10 09:24:34 | 00,004,398 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008.10.21 08:30:34 | 00,000,059 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{05877fbe-b6ea-11dd-be51-001617ce8dfe}\Shell - "" = AutoRun
O33 - MountPoints2\{05877fbe-b6ea-11dd-be51-001617ce8dfe}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{05877fc1-b6ea-11dd-be51-001617ce8dfe}\Shell - "" = AutoRun
O33 - MountPoints2\{05877fc1-b6ea-11dd-be51-001617ce8dfe}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{0ca67b74-739c-11dd-a823-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0ca67b74-739c-11dd-a823-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009.04.14 16:07:07 | 00,295,906 | R--- | M] (ЗАО "Образование-Медиа" )
O33 - MountPoints2\{d6fb541a-b540-11dd-be4f-001617ce8dfe}\Shell - "" = AutoRun
O33 - MountPoints2\{d6fb541a-b540-11dd-be4f-001617ce8dfe}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{d6fb5746-b540-11dd-be4f-001617ce8dfe}\Shell - "" = AutoRun
O33 - MountPoints2\{d6fb5746-b540-11dd-be4f-001617ce8dfe}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: AppMgmt - D:\WINDOWS\System32\appmgmts.dll (Корпорация Майкрософт)
NetSvcs: DMServer - D:\WINDOWS\System32\dmserver.dll (Корпорация Майкрософт)
NetSvcs: DHCP - D:\WINDOWS\System32\dhcpcsvc.dll (Корпорация Майкрософт)
NetSvcs: FastUserSwitchingCompatibility - D:\WINDOWS\System32\shsvcs.dll (Корпорация Майкрософт)
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - D:\WINDOWS\System32\irmon.dll (Корпорация Майкрософт)
NetSvcs: Netman - D:\WINDOWS\System32\netman.dll (Корпорация Майкрософт)
NetSvcs: Nla - D:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
NetSvcs: Ntmssvc - D:\WINDOWS\System32\ntmssvc.dll (Корпорация Майкрософт)
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Schedule - D:\WINDOWS\System32\schedsvc.dll (Корпорация Майкрософт)
NetSvcs: Seclogon - D:\WINDOWS\System32\seclogon.dll (Корпорация Майкрософт)
NetSvcs: Sharedaccess - D:\WINDOWS\System32\ipnathlp.dll (Корпорация Майкрософт)
NetSvcs: SRService - D:\WINDOWS\System32\srsvc.dll (Корпорация Майкрософт)
NetSvcs: Tapisrv - D:\WINDOWS\System32\tapisrv.dll (Корпорация Майкрософт)
NetSvcs: Themes - D:\WINDOWS\System32\shsvcs.dll (Корпорация Майкрософт)
NetSvcs: W32Time - D:\WINDOWS\System32\w32time.dll (Корпорация Майкрософт)
NetSvcs: WZCSVC - D:\WINDOWS\System32\wzcsvc.dll (Корпорация Майкрософт)
NetSvcs: Wmi - D:\WINDOWS\System32\advapi32.dll (Корпорация Майкрософт)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: winmgmt - D:\WINDOWS\System32\wbem\WMIsvc.dll (Корпорация Майкрософт)
NetSvcs: BITS - D:\WINDOWS\System32\qmgr.dll (Корпорация Майкрософт)
NetSvcs: ShellHWDetection - D:\WINDOWS\System32\shsvcs.dll (Корпорация Майкрософт)
NetSvcs: helpsvc - D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009.10.29 22:04:24 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Application Data\edu-media
[2009.10.27 17:48:22 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Application Data\gtk-2.0
[2009.10.28 15:58:54 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Application Data\Opera
[2009.10.21 23:58:14 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Local Settings\Application Data\Ephox
[2009.10.28 15:58:54 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Local Settings\Application Data\Opera
[2009.10.27 18:05:55 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Local Settings\Application Data\Paint.NET
[2009.10.27 18:04:37 | 00,000,000 | ---D | C] -- D:\Program Files\Free Image Editor
[2009.10.27 17:43:54 | 00,000,000 | ---D | C] -- D:\Program Files\GIMP-2.0
[2009.10.28 15:58:28 | 00,000,000 | ---D | C] -- D:\Program Files\Opera
[2009.10.27 18:06:09 | 00,000,000 | ---D | C] -- D:\Program Files\Paint.NET
[2009.10.29 21:52:43 | 00,000,000 | ---D | C] -- D:\Program Files\Образование-Медиа
[2009.10.30 10:20:39 | 00,521,728 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\AlexIT\Рабочий стол\OTL.exe
[2009.10.29 00:25:17 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Рабочий стол\air
[2009.10.29 00:09:48 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Рабочий стол\player
[2009.10.28 20:25:25 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Рабочий стол\sanfmtrinol
[2009.10.27 22:43:56 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Рабочий стол\skycastsu
[2009.10.27 22:41:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Рабочий стол\skycasteu
[2009.10.27 17:46:23 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Мои документы\gegl-0.0
[2009.10.21 17:12:54 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Рабочий стол\pay
[2009.10.20 15:04:29 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Рабочий стол\SKYCAST.EU
[2009.10.16 13:44:07 | 00,000,000 | ---D | C] -- D:\Documents and Settings\AlexIT\Рабочий стол\images

========== Files - Modified Within 14 Days ==========

[1 D:\WINDOWS\System32\*.tmp files]
[3 D:\WINDOWS\*.tmp files]
[2009.10.30 10:43:18 | 00,632,608 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox.dat
[2009.10.30 10:42:15 | 00,000,032 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox.idx
[2009.10.30 10:38:06 | 02,539,296 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox2.dat
[2009.10.30 10:20:48 | 00,521,728 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\AlexIT\Рабочий стол\OTL.exe
[2009.10.30 09:59:01 | 00,001,028 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-682003330-1003UA.job
[2009.10.30 02:03:47 | 00,000,600 | ---- | M] () -- D:\Documents and Settings\AlexIT\Application Data\winscp.rnd
[2009.10.29 23:26:22 | 00,000,976 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job
[2009.10.29 22:16:29 | 00,041,472 | ---- | M] () -- D:\Documents and Settings\AlexIT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.29 22:04:10 | 00,000,946 | ---- | M] () -- D:\Documents and Settings\All Users\Рабочий стол\Алгебра 10 - 11 класс.lnk
[2009.10.29 19:11:10 | 00,000,600 | ---- | M] () -- D:\Documents and Settings\AlexIT\Local Settings\Application Data\PUTTY.RND
[2009.10.29 19:02:44 | 00,001,804 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\de01.skycast.eu.2009.xml
[2009.10.29 18:02:09 | 00,009,853 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\site.js
[2009.10.29 13:59:00 | 00,000,976 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-682003330-1003Core.job
[2009.10.29 12:31:54 | 00,047,852 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\icecast.xml
[2009.10.29 12:15:05 | 00,002,228 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009.10.29 12:14:39 | 00,200,819 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2009.10.29 12:14:30 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009.10.29 12:14:15 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009.10.29 03:42:00 | 00,000,300 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\trance.xsl
[2009.10.29 01:41:53 | 00,235,088 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox2.idx
[2009.10.29 01:04:18 | 00,004,778 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\player_mp3.swf
[2009.10.28 18:08:21 | 00,006,160 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\clean_skycast_db.sql
[2009.10.28 15:58:39 | 00,000,592 | ---- | M] () -- D:\Documents and Settings\All Users\Рабочий стол\Opera.lnk
[2009.10.28 10:27:29 | 00,665,407 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\sanfmru_sky_2009-10-28_12-27.sql
[2009.10.28 10:11:21 | 00,050,547 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\rack.jpg
[2009.10.27 21:47:01 | 00,070,619 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\dns.JPG
[2009.10.27 21:26:54 | 00,000,032 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\test.m3u
[2009.10.27 19:56:31 | 00,002,133 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\download_button.gif
[2009.10.27 19:53:31 | 00,002,338 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\main_logo.png
[2009.10.27 18:06:35 | 00,000,812 | ---- | M] () -- D:\Documents and Settings\All Users\Рабочий стол\Paint.NET.lnk
[2009.10.27 18:04:38 | 00,000,750 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\Free Image Editor.lnk
[2009.10.27 18:01:36 | 00,004,530 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\skylog.gif
[2009.10.27 17:45:53 | 00,000,792 | ---- | M] () -- D:\Documents and Settings\All Users\Рабочий стол\GIMP 2.lnk
[2009.10.27 16:03:56 | 00,033,099 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\italian_driver_license.jpg
[2009.10.27 15:27:41 | 00,001,297 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\en.gif
[2009.10.27 13:10:28 | 00,000,744 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\en.png
[2009.10.27 13:01:02 | 00,005,096 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\subscribe.jpg
[2009.10.26 23:30:57 | 00,033,094 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\2241.JPG
[2009.10.26 20:45:43 | 00,033,087 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\2299.JPG
[2009.10.26 20:42:18 | 00,033,178 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\2318.JPG
[2009.10.22 19:02:39 | 00,131,072 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\CV_di_Gubchenko_Oleksandr.doc
[2009.10.22 18:56:13 | 00,137,216 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\CVTemplate_it_IT.doc
[2009.10.22 17:50:24 | 00,005,739 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\index.gif.png
[2009.10.22 16:40:19 | 00,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2009.10.22 12:50:00 | 00,031,232 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\www.doc
[2009.10.22 12:22:47 | 00,025,600 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\Traduzione da russo.doc
[2009.10.22 11:47:58 | 00,031,744 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\sasha-kasha.doc
[2009.10.21 20:48:05 | 00,072,515 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\Foto 279.jpg
[2009.10.21 19:24:50 | 00,000,572 | ---- | M] () -- D:\Documents and Settings\AlexIT\Мои документы\Мои общие папки.lnk
[2009.10.21 14:07:59 | 00,001,729 | ---- | M] () -- D:\Documents and Settings\All Users\Рабочий стол\Adobe Reader 9.lnk
[2009.10.20 23:20:00 | 00,001,726 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\index.php
[2009.10.20 20:09:00 | 00,004,051 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\header.php
[2009.10.20 17:04:31 | 00,031,744 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\argomenti_Micr_ Gen.doc
[2009.10.20 17:03:50 | 00,096,317 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\vademecum.pdf
[2009.10.20 17:03:39 | 00,013,656 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\Programma.pdf
[2009.10.20 12:27:23 | 00,086,915 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\girl.jpg
[2009.10.20 12:18:18 | 00,217,430 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\ppassport_003.jpg
[2009.10.20 12:17:30 | 00,245,087 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\ppassport_002.jpg
[2009.10.20 12:16:55 | 00,197,182 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\ppassport_001.jpg
[2009.10.19 19:33:41 | 00,007,390 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\cv.jpg
[2009.10.18 19:29:08 | 00,033,099 | ---- | M] () -- D:\Documents and Settings\AlexIT\Рабочий стол\2223.JPG
[2009.10.16 19:40:02 | 00,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files - No Company Name ==========
[2009.10.29 22:04:10 | 00,000,946 | ---- | C] () -- D:\Documents and Settings\All Users\Рабочий стол\Алгебра 10 - 11 класс.lnk
[2009.10.29 19:44:00 | 00,009,853 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\site.js
[2009.10.29 03:42:00 | 00,000,300 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\trance.xsl
[2009.10.29 02:31:00 | 00,047,852 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\icecast.xml
[2009.10.29 01:04:18 | 00,004,778 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\player_mp3.swf
[2009.10.28 19:19:00 | 00,001,804 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\de01.skycast.eu.2009.xml
[2009.10.28 18:08:20 | 00,006,160 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\clean_skycast_db.sql
[2009.10.28 15:58:39 | 00,000,592 | ---- | C] () -- D:\Documents and Settings\All Users\Рабочий стол\Opera.lnk
[2009.10.28 10:27:26 | 00,665,407 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\sanfmru_sky_2009-10-28_12-27.sql
[2009.10.28 10:11:21 | 00,050,547 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\rack.jpg
[2009.10.27 21:47:01 | 00,070,619 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\dns.JPG
[2009.10.27 21:26:53 | 00,000,032 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\test.m3u
[2009.10.27 19:54:02 | 00,002,133 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\download_button.gif
[2009.10.27 19:52:29 | 00,002,338 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\main_logo.png
[2009.10.27 18:06:34 | 00,000,812 | ---- | C] () -- D:\Documents and Settings\All Users\Рабочий стол\Paint.NET.lnk
[2009.10.27 18:04:38 | 00,000,750 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\Free Image Editor.lnk
[2009.10.27 17:52:57 | 00,004,530 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\skylog.gif
[2009.10.27 17:45:53 | 00,000,792 | ---- | C] () -- D:\Documents and Settings\All Users\Рабочий стол\GIMP 2.lnk
[2009.10.27 16:03:53 | 00,033,099 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\italian_driver_license.jpg
[2009.10.27 15:27:40 | 00,001,297 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\en.gif
[2009.10.27 13:10:28 | 00,000,744 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\en.png
[2009.10.27 12:59:58 | 00,005,096 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\subscribe.jpg
[2009.10.26 23:30:56 | 00,033,094 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\2241.JPG
[2009.10.26 20:45:43 | 00,033,087 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\2299.JPG
[2009.10.26 20:42:18 | 00,033,178 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\2318.JPG
[2009.10.22 18:57:12 | 00,131,072 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\CV_di_Gubchenko_Oleksandr.doc
[2009.10.22 18:02:26 | 00,137,216 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\CVTemplate_it_IT.doc
[2009.10.22 17:50:23 | 00,005,739 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\index.gif.png
[2009.10.22 12:46:08 | 00,031,232 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\www.doc
[2009.10.22 12:22:46 | 00,025,600 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\Traduzione da russo.doc
[2009.10.22 11:19:05 | 00,031,744 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\sasha-kasha.doc
[2009.10.21 20:47:59 | 00,072,515 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\Foto 279.jpg
[2009.10.21 14:07:59 | 00,001,729 | ---- | C] () -- D:\Documents and Settings\All Users\Рабочий стол\Adobe Reader 9.lnk
[2009.10.20 23:20:00 | 00,001,726 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\index.php
[2009.10.20 20:09:00 | 00,004,051 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\header.php
[2009.10.20 17:04:27 | 00,031,744 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\argomenti_Micr_ Gen.doc
[2009.10.20 17:03:37 | 00,096,317 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\vademecum.pdf
[2009.10.20 17:03:30 | 00,013,656 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\Programma.pdf
[2009.10.20 12:27:22 | 00,086,915 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\girl.jpg
[2009.10.20 12:18:14 | 00,217,430 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\ppassport_003.jpg
[2009.10.20 12:17:25 | 00,245,087 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\ppassport_002.jpg
[2009.10.20 12:16:48 | 00,197,182 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\ppassport_001.jpg
[2009.10.19 19:33:40 | 00,007,390 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\cv.jpg
[2009.10.18 19:29:08 | 00,033,099 | ---- | C] () -- D:\Documents and Settings\AlexIT\Рабочий стол\2223.JPG
[2009.10.13 10:46:50 | 00,049,152 | ---- | C] () -- D:\WINDOWS\System32\kmword.dll
[2009.10.13 10:46:19 | 00,000,069 | ---- | C] () -- D:\WINDOWS\cm.ini
[2009.06.03 11:06:47 | 00,010,752 | ---- | C] () -- D:\WINDOWS\System32\BASSMOD.dll
[2009.05.27 09:09:29 | 00,000,600 | ---- | C] () -- D:\Documents and Settings\AlexIT\Local Settings\Application Data\PUTTY.RND
[2009.04.23 07:28:26 | 00,023,552 | ---- | C] () -- D:\WINDOWS\System32\vksaver.dll
[2009.03.28 21:01:57 | 00,283,680 | ---- | C] () -- D:\WINDOWS\System32\prntjpg.dll
[2009.03.10 08:28:44 | 00,000,129 | ---- | C] () -- D:\Documents and Settings\AlexIT\Local Settings\Application Data\fusioncache.dat
[2009.02.10 15:23:22 | 01,970,176 | ---- | C] () -- D:\WINDOWS\System32\d3dx9.dll
[2009.02.02 18:52:32 | 00,000,436 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2008.12.14 02:22:46 | 00,118,784 | ---- | C] () -- D:\WINDOWS\System32\NxExtensions.dll
[2008.11.05 17:35:05 | 00,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2008.11.03 13:39:42 | 00,717,296 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2008.10.31 18:39:02 | 00,000,180 | ---- | C] () -- D:\WINDOWS\wcx_ftp.ini
[2008.10.31 17:51:39 | 01,053,056 | ---- | C] () -- D:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2008.10.31 01:35:15 | 00,001,682 | ---- | C] () -- D:\WINDOWS\wincmd.ini
[2008.10.30 11:24:34 | 00,000,600 | ---- | C] () -- D:\Documents and Settings\AlexIT\Application Data\winscp.rnd
[2008.10.30 03:50:40 | 00,164,352 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2008.10.30 03:50:40 | 00,000,038 | ---- | C] () -- D:\WINDOWS\avisplitter.ini
[2008.10.30 03:50:38 | 03,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2008.10.30 03:50:38 | 00,755,027 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2008.10.30 03:50:38 | 00,159,839 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2008.10.30 03:50:37 | 00,007,680 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2008.10.30 03:50:37 | 00,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.10.30 02:42:52 | 00,041,472 | ---- | C] () -- D:\Documents and Settings\AlexIT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.30 02:37:10 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\desktop.ini
[2008.10.30 02:11:55 | 02,639,920 | -H-- | C] () -- D:\Documents and Settings\AlexIT\Local Settings\Application Data\IconCache.db
[2008.10.30 01:54:47 | 00,089,384 | ---- | C] () -- D:\Documents and Settings\AlexIT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008.10.30 01:54:17 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\AlexIT\Application Data\desktop.ini
[2008.10.07 13:33:00 | 01,703,936 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2008.10.07 13:33:00 | 01,486,848 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2008.10.07 13:33:00 | 01,019,904 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2008.10.07 13:33:00 | 00,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2008.10.07 13:33:00 | 00,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2007.11.06 21:19:28 | 00,053,299 | ---- | C] () -- D:\WINDOWS\System32\pthreadVC.dll
[2005.02.24 12:29:14 | 00,162,176 | ---- | C] () -- D:\WINDOWS\System32\drivers\PFC027.sys
[2005.01.25 15:15:42 | 00,010,240 | ---- | C] () -- D:\WINDOWS\System32\PA207USD.DLL
[2004.08.17 13:04:16 | 00,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2004.07.17 08:36:38 | 00,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys
[2003.04.01 11:49:16 | 00,005,360 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[2001.10.20 14:00:00 | 00,000,877 | ---- | C] () -- D:\WINDOWS\win.ini
[2001.10.20 14:00:00 | 00,000,231 | ---- | C] () -- D:\WINDOWS\system.ini

========== LOP Check ==========

[2009.10.29 22:04:24 | 00,000,000 | RH-D | M] -- D:\Documents and Settings\AlexIT\Application Data
[2008.11.05 17:40:17 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\Ahead
[2008.11.03 13:39:38 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\DAEMON Tools
[2008.12.14 02:22:06 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\Download Manager
[2009.09.04 09:25:21 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\Download Master
[2009.10.07 15:44:56 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\Easy Thumbnails
[2009.10.29 22:04:24 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\edu-media
[2009.09.05 21:10:19 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\FileZilla
[2009.03.21 12:06:43 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\foobar2000
[2009.04.30 16:26:48 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\GlobalSCAPE
[2009.10.28 18:37:05 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\gtk-2.0
[2009.01.21 18:44:21 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\ICQ
[2009.05.19 09:32:07 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
[2008.11.19 09:08:09 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\Macrovision
[2009.03.18 20:08:13 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\NCH Software
[2009.10.28 15:58:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\Opera
[2008.10.31 17:19:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\Pistonsoft
[2009.04.30 11:32:34 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\PrimeTV
[2009.03.09 10:36:39 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\Publish Providers
[2009.01.23 16:14:59 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\QIP.Online
[2009.03.09 10:35:29 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\Sony
[2008.10.31 17:51:57 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\Webcammax
[2009.04.29 19:47:27 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\WebMoney
[2009.03.18 18:14:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\YaChatData
[2009.03.04 21:28:24 | 00,000,000 | ---D | M] -- D:\Documents and Settings\AlexIT\Application Data\Yandex
[2009.09.08 18:36:54 | 00,000,000 | RH-D | M] -- D:\Documents and Settings\All Users\Application Data
[2009.06.17 18:59:37 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008.11.05 17:31:48 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Ahead
[2009.01.18 17:13:20 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009.04.30 16:27:01 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2008.11.05 17:40:16 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\LightScribe
[2008.11.18 12:01:16 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Macrovision
[2009.03.09 17:42:29 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\OpenDNS Updater
[2009.10.28 23:19:24 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2009.06.29 10:00:37 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\VOWSoft
[2008.10.31 18:00:01 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Webcammax
[2008.10.30 03:23:39 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\YandexPack
[2009.10.16 19:40:02 | 00,000,284 | ---- | M] () -- D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001.10.20 14:00:00 | 00,000,065 | RH-- | M] () -- D:\WINDOWS\Tasks\desktop.ini
[2009.10.29 23:26:22 | 00,000,976 | ---- | M] () -- D:\WINDOWS\Tasks\Google Software Updater.job
[2009.10.29 13:59:00 | 00,000,976 | ---- | M] () -- D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-682003330-1003Core.job
[2009.10.30 09:59:01 | 00,001,028 | ---- | M] () -- D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-682003330-1003UA.job
[2009.10.29 12:14:30 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009.01.30 22:06:38 | 16,249,109 | ---- | M] () -- D:\QuickPwn.exe
[2009.01.22 19:17:24 | 00,492,544 | ---- | M] () -- D:\SanFM.ru.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[eventlog.dll : MD5=239622CC309B9650B345893D54C4D74E] -> [2008.04.14 17:10:36 | 00,056,320 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\SoftwareDistribution\Download\66acf1be846aed209759f98abf400dd6\eventlog.dll
[eventlog.dll : MD5=6CD35BE0991DF15A07BC60B894E6482B] -> [2004.08.17 13:04:16 | 00,055,808 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\eventlog.dll
[1 D:\WINDOWS\system32\*.tmp files]
[eventlog.dll : MD5=6CD35BE0991DF15A07BC60B894E6482B] -> [2004.08.17 13:04:16 | 00,055,808 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[scecli.dll : MD5=04423B01963ECF4BEEC4BD26A740D809] -> [2008.04.14 17:10:43 | 00,184,832 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\SoftwareDistribution\Download\66acf1be846aed209759f98abf400dd6\scecli.dll
[scecli.dll : MD5=5D5A37C65A5E86ED3811A4128B3A84E4] -> [2004.08.17 13:04:30 | 00,183,808 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\scecli.dll
[1 D:\WINDOWS\system32\*.tmp files]
[scecli.dll : MD5=5D5A37C65A5E86ED3811A4128B3A84E4] -> [2004.08.17 13:04:30 | 00,183,808 | ---- | M] (Корпорация Майкрософт) -- D:\WINDOWS\System32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[netlogon.dll : MD5=BE915B967E7CA7AE746387D2E5CDCE3B] -> [2008.04.14 17:10:41 | 00,407,040 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\SoftwareDistribution\Download\66acf1be846aed209759f98abf400dd6\netlogon.dll
[netlogon.dll : MD5=4922B0C854A0B4A2CD2061BBFE29B251] -> [2004.08.17 13:04:28 | 00,407,040 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\netlogon.dll
[1 D:\WINDOWS\system32\*.tmp files]
[netlogon.dll : MD5=4922B0C854A0B4A2CD2061BBFE29B251] -> [2004.08.17 13:04:28 | 00,407,040 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\SoftwareDistribution\Download\66acf1be846aed209759f98abf400dd6\atapi.sys
[atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004.08.03 19:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\SoftwareDistribution\Download\66acf1be846aed209759f98abf400dd6\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:41ADDB8A
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A064CECC
@Alternate Data Stream - 123 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1493A0EF
< End of report >

OTL Extras logfile created on: 30.10.2009 10:38:57 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = D:\Documents and Settings\AlexIT\Рабочий стол
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

1022,42 Mb Total Physical Memory | 699,36 Mb Available Physical Memory | 68,40% Memory free
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 72,88% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 8,59 Gb Total Space | 4,39 Gb Free Space | 51,07% Space Free | Partition Type: NTFS
Drive D: | 216,48 Gb Total Space | 2,13 Gb Free Space | 0,98% Space Free | Partition Type: NTFS
Drive E: | 7,79 Gb Total Space | 0,17 Gb Free Space | 2,23% Space Free | Partition Type: FAT32
Drive F: | 289,80 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 931,28 Gb Total Space | 364,27 Gb Free Space | 39,11% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: AlexIT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- D:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- D:\WINDOWS\System32\shell32.DLL (Корпорация Майкрософт)
.hlp [@ = hlpfile] -- D:\WINDOWS\System32\winhlp32.exe (Корпорация Майкрософт)
.html [@ = SafariHTML] -- D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE (Microsoft Corporation)
.inf [@ = inffile] -- D:\WINDOWS\System32\NOTEPAD.EXE (Корпорация Майкрософт)
.ini [@ = inifile] -- D:\WINDOWS\System32\NOTEPAD.EXE (Корпорация Майкрософт)
.url [@ = InternetShortcut] -- D:\WINDOWS\System32\shdocvw.DLL (Корпорация Майкрософт)
.reg [@ = regfile] -- D:\WINDOWS\regedit.exe (Корпорация Майкрософт)
.txt [@ = txtfile] -- D:\WINDOWS\System32\NOTEPAD.EXE (Корпорация Майкрософт)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
chm.file [open] -- "D:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Корпорация Майкрософт)
exefile [open] -- "%1" %* File not found
helpfile [open] -- winhlp32.exe %1 (Корпорация Майкрософт)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Корпорация Майкрософт)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "D:\Program Files\Internet Explorer\iexplore.exe" -nohome (Корпорация Майкрософт)
htmlfile [opennew] -- "D:\Program Files\Internet Explorer\iexplore.exe" %1 (Корпорация Майкрософт)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Корпорация Майкрософт)
http [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Корпорация Майкрософт)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l (Корпорация Майкрософт)
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Корпорация Майкрософт)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Корпорация Майкрософт)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Корпорация Майкрософт)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Корпорация Майкрософт)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Корпорация Майкрософт)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
regfile [open] -- regedit.exe "%1" (Корпорация Майкрософт)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Корпорация Майкрософт)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Корпорация Майкрософт)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Корпорация Майкрософт)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Корпорация Майкрософт)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Корпорация Майкрософт)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Корпорация Майкрософт)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Корпорация Майкрософт)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Корпорация Майкрософт)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Корпорация Майкрософт)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Корпорация Майкрософт)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Корпорация Майкрософт)
Directory [find] -- %SystemRoot%\Explorer.exe (Корпорация Майкрософт)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Корпорация Майкрософт)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Корпорация Майкрософт)
Drive [find] -- %SystemRoot%\Explorer.exe (Корпорация Майкрософт)
Applications\iexplore.exe [open] -- "D:\Program Files\Internet Explorer\iexplore.exe" %1 (Корпорация Майкрософт)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "D:\Program Files\Internet Explorer\iexplore.exe" (Корпорация Майкрософт)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Корпорация Майкрософт)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe" = D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Messenger\livecall.exe" = D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Корпорация Майкрософт)
"D:\Program Files\Kaspersky Lab\Kaspersky AV for Yandex Online\avp.exe" = D:\Program Files\Kaspersky Lab\Kaspersky AV for Yandex Online\avp.exe:*:Enabled:Kaspersky Anti-Virus -- (Kaspersky Lab)
"D:\Program Files\FlashGet\flashget.exe" = D:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"D:\Program Files\WinSCP\WinSCP.exe" = D:\Program Files\WinSCP\WinSCP.exe:*:Enabled:SFTP, FTP and SCP client -- (Martin Prikryl)
"D:\Program Files\WebMoney\WebMoney.exe" = D:\Program Files\WebMoney\WebMoney.exe:*:Enabled:WebMoney Keeper Classic Runner Module -- (CJSC "Computing Forces")
"C:\WebServers\usr\local\apache\bin\httpd.exe" = C:\WebServers\usr\local\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"D:\Program Files\QIP\qip.exe" = D:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"D:\Program Files\totalcmd\TOTALCMD.EXE" = D:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"D:\WINDOWS\system32\dpvsetup.exe" = D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\WINDOWS\system32\rundll32.exe" = D:\WINDOWS\system32\rundll32.exe:*:Enabled:Запуск библиотеки DLL как приложения -- (Корпорация Майкрософт)
"D:\Program Files\Radio Toolbox\rtb.exe" = D:\Program Files\Radio Toolbox\rtb.exe:*:Enabled:Radio Toolbox -- (www.radiotoolbox.com)
"D:\Program Files\Valve\hl.exe" = D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe" = D:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk -- ()
"D:\Program Files\Messenger\msmsgs.exe" = D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Program Files\QuickTime\QuickTimePlayer.exe" = D:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"D:\Program Files\ICQ6.5\ICQ.exe" = D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
"D:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = D:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"D:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" = D:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe:*:Enabled:iPhone PC Suite -- ()
"D:\Downloads\stalker-dream-16oct04\XR_3DA.exe" = D:\Downloads\stalker-dream-16oct04\XR_3DA.exe:*:Enabled:XR_3DA -- ()
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe" = D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Messenger\livecall.exe" = D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"D:\Program Files\eMule\emule.exe" = D:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"D:\Program Files\Warcraft III\Warcraft III.exe" = D:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"D:\Program Files\Bonjour\mDNSResponder.exe" = D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\Java\jre6\bin\java.exe" = D:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe" = D:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe:*:Enabled:AirMouse -- ()
"D:\Program Files\Skype\Phone\Skype.exe" = D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{087B2CCA-0F1C-4434-B7C6-6B5E0EFD31BC}" = Windows Live Messenger
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Планета Земля
"{1DED92A7-05FA-4736-8AEA-1BE2363F1049}" = Nero 7 Essentials
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26048B61-7083-494A-B441-69E461CE8686}" = Помощник по входу в Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 16
"{300A470B-681B-449F-82AE-6D19114702CE}" = PhysX Screen Saver
"{30E04366-9C5B-4B94-954E-84C820BAFFBF}_is1" = Экранная заставка «Яндекс.Фотки» 1.0.0
"{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}" = Антивирусная защита Касперского для Я.Онлайн
"{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}" = Air Mouse Server
"{555C3998-F1C7-7420-CD89-98D2F68A650D}" = Widget vodafone.it
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61C981F9-FF8A-46EC-B6FE-FF8B293F36D3}" = Windows Live installer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D9A7CEE-054A-437D-99EF-DD7C77E001FD}" = WebMoney Keeper Classic 3.8.0.0
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}" = Sony Sound Forge 8.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8865B208-4759-4308-8DB5-3C18D2F568E2}" = CrazyTalk for Skype
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1049-7B44-A92000000001}" = Adobe Reader 9.2 - Russian
"{B0597A9E-38AE-4764-B394-AC692F1156ED}" = The Bat! v4.0.34 Русская Версия
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C066286F-E002-46C0-9DFD-2DCB9A2B7A99}_is1" = iLiberty+ 1.3.0 Build 113
"{C6A370C0-8924-4A60-A079-5E361221882B}" = 91 PC Suite
"{C6C30FA1-FC91-4796-9E4F-CD9E61D25700}_is1" = Алгебра 10 - 11 класс 1.1.2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9ED680E-368B-43CF-A6EA-4F365C9C8F9F}" = «Виртуальная школа Кирилла и Мефодия. Уроки алгебры. 10-11 класс»
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DFD27663-9F56-47F3-8C44-CCF6B72BE64D}" = Pistonsoft MP3 Tags Editor
"{E33EAB77-A36A-4FBF-BB15-2BBF74C7A796}" = iPhoneBrowser
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Cain & Abel v4.9.25" = Cain & Abel v4.9.25
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"DigiNotifier" = DigiNotifier
"Download Master_is1" = Download Master version 5.5.13.1173
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy CD-DA Extractor 11" = Easy CD-DA Extractor 11
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"eLecta Live Virtual Room_is1" = eLecta Live Virtual Room 6.2
"eMule" = eMule
"FileZilla Client" = FileZilla Client 3.2.7.1
"FlashGet" = FlashGet 1.9.6.1073
"foobar2000" = foobar2000 v0.9.6.2
"Free Image Editor 2.1_is1" = Free Image Editor 2.1
"Fun SoundPlayer Maker_is1" = Fun SoundPlayer Maker 2.3
"GIF Animator" = Microsoft GIF Animator
"Google Updater" = Программа обновлений Google
"Grand Theft Auto - Vice City" = Grand Theft Auto - Vice City
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam
"InstallWIX_{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}" = Антивирусная защита Касперского для Я.Онлайн
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.2.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Traktor 3 LE" = Native Instruments Traktor 3 LE
"NI Service Center" = NI Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"noSteam Counter-Strike 1.6 v.7" = noSteam Counter-Strike 1.6 v.7
"NVIDIA Drivers" = NVIDIA Drivers
"OpenDNS Updater" = OpenDNS Updater 1.3.0.187
"plist Editor for Windows" = plist Editor for Windows 1.0.1
"Prism" = Prism Video Converter
"QIP.Online" = QIP.Online
"QIP2005" = QIP 2005 Uninstall
"Radio Toolbox" = Radio Toolbox
"Revo Uninstaller" = Revo Uninstaller 1.80
"Totalcmd" = Total Commander (Remove or Repair)
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VKSaver" = VKSaver
"WebcamMax" = WebcamMax
"WebMoney Agent" = WebMoney Agent
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Проигрыватель Windows Media 11
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = Архиватор WinRAR
"winscp3_is1" = WinSCP 4.1.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Я.Онлайн_is1" = Я.Онлайн 2.1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP 2005" = QIP 2005 8095
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.10.2009 11:56:17 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Ошибка приложения skype.exe, версия 4.0.0.206, модуль unknown, версия
0.0.0.0, адрес 0x00000000.

Error - 28.10.2009 14:29:52 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Зависшее приложение WinSCP.exe, версия 4.1.7.413, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error - 28.10.2009 14:46:08 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Зависшее приложение WinSCP.exe, версия 4.1.7.413, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error - 28.10.2009 15:50:46 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Зависшее приложение WinSCP.exe, версия 4.1.7.413, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error - 28.10.2009 15:50:48 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Зависшее приложение WinSCP.exe, версия 4.1.7.413, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error - 28.10.2009 17:10:13 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Зависшее приложение WinSCP.exe, версия 4.1.7.413, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error - 28.10.2009 18:20:58 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Зависшее приложение WinSCP.exe, версия 4.1.7.413, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error - 28.10.2009 20:07:39 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Зависшее приложение WinSCP.exe, версия 4.1.7.413, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error - 29.10.2009 7:48:57 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Зависшее приложение WinSCP.exe, версия 4.1.7.413, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error - 29.10.2009 13:33:49 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Зависшее приложение Safari.exe, версия 3.525.27.1, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

[ System Events ]
Error - 05.10.2009 12:43:04 | Computer Name = ALEX | Source = W32Time | ID = 39452689
Description = NTP-клиент поставщика времени: произошла ошибка при поиске в DNS настроенного
вручную узла 'time.windows.com,0x1'. NTP-клиент вновь повторит поиск в DNS через
15 мин. Ошибка: Сделана попытка выполнить операцию на сокете для недоступного хоста.
(0x80072751)

Error - 05.10.2009 12:43:04 | Computer Name = ALEX | Source = W32Time | ID = 39452701
Description = The NTP-клиент поставщика времени настроен на получение времени из
одного или нескольких источников, однако ни один из этих источников недоступен.
Попытки подключения к источнику не будут выполняться в течение 15 мин. NTP-клиент
не имеет источника правильного времени.

Error - 06.10.2009 17:17:12 | Computer Name = ALEX | Source = Dhcp | ID = 1002
Description = Аренда IP-адреса 192.168.1.102 для сетевого адаптера с сетевым адресом
001617CE8DFE отклонена DHCP-сервером 192.168.1.1 (DHCP-сервер отправил сообщение
DHCPNACK).

Error - 07.10.2009 14:28:09 | Computer Name = ALEX | Source = Dhcp | ID = 1002
Description = Аренда IP-адреса 192.168.1.100 для сетевого адаптера с сетевым адресом
001617CE8DFE отклонена DHCP-сервером 192.168.1.1 (DHCP-сервер отправил сообщение
DHCPNACK).

Error - 14.10.2009 17:56:05 | Computer Name = ALEX | Source = Dhcp | ID = 1002
Description = Аренда IP-адреса 192.168.1.102 для сетевого адаптера с сетевым адресом
001617CE8DFE отклонена DHCP-сервером 192.168.1.1 (DHCP-сервер отправил сообщение
DHCPNACK).

Error - 16.10.2009 10:26:21 | Computer Name = ALEX | Source = System Error | ID = 1003
Description = Код ошибки 000000c2, параметр1 00000007, параметр2 00000cd4, параметр3
00000000, параметр4 85716cdc.

Error - 27.10.2009 12:07:51 | Computer Name = ALEX | Source = Dhcp | ID = 1002
Description = Аренда IP-адреса 192.168.1.100 для сетевого адаптера с сетевым адресом
001617CE8DFE отклонена DHCP-сервером 192.168.1.1 (DHCP-сервер отправил сообщение
DHCPNACK).

Error - 27.10.2009 16:48:54 | Computer Name = ALEX | Source = Dhcp | ID = 1002
Description = Аренда IP-адреса 192.168.1.101 для сетевого адаптера с сетевым адресом
001617CE8DFE отклонена DHCP-сервером 192.168.1.1 (DHCP-сервер отправил сообщение
DHCPNACK).

Error - 28.10.2009 14:31:24 | Computer Name = ALEX | Source = Dhcp | ID = 1002
Description = Аренда IP-адреса 192.168.1.100 для сетевого адаптера с сетевым адресом
001617CE8DFE отклонена DHCP-сервером 192.168.1.1 (DHCP-сервер отправил сообщение
DHCPNACK).

Error - 29.10.2009 21:14:20 | Computer Name = ALEX | Source = Dhcp | ID = 1002
Description = Аренда IP-адреса 192.168.1.101 для сетевого адаптера с сетевым адресом
001617CE8DFE отклонена DHCP-сервером 192.168.1.1 (DHCP-сервер отправил сообщение
DHCPNACK).


< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 09 November 2009 - 04:59 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello AlexIT,

Your logs are showing only have 0,98% Space Free on your System Drive D.

At that low level you are in extreme danger of problems with your machines Master File Table

I am reluctant to run any tools until you have freed up at least 15% of D drive because if we try to run them we are in danger of crashing your machine completely and making it unusable.

Actually, what are your machines symptoms? Maybe this is a problem caused by the extreme lack of space rather than a virus one?
  • 0

#3
AlexIT
Posted 10 November 2009 - 05:35 AM

AlexIT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Now I have 4.71 GB of 216 GB free.

The problem is, Kaspersky Antivirus is finding and repairing
Backdoor.Win32.Sinowal.kv
on
\Device\Harddisk1\DR4

And it's happening after every reboot, also it finds ~10 other trojans...
  • 0

#4
emeraldnzl
Posted 10 November 2009 - 01:20 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello AlexIT,

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
AlexIT
Posted 10 November 2009 - 03:06 PM

AlexIT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
404 error on all three links! :)
  • 0

#6
emeraldnzl
Posted 10 November 2009 - 04:26 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi AlexIT,

It seems ComboFix was withdrawn for a while so that a problem can be fixed.

Should be back but might be a few hours.

Let's do this instead.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#7
AlexIT
Posted 11 November 2009 - 02:55 AM

AlexIT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
It doesn't asked me to install Microsoft Windows Recovery Console.

ComboFix 09-11-09.02 - AlexIT 11.11.2009 9:40.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.1022.570 [GMT 1:00]
Running from: d:\documents and settings\AlexIT\Рабочий стол\ComboFix.exe
AV: Антивирусная защита Касперского для Я.Онлайн *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
d:\windows\system32\ieuinit.inf
d:\windows\system32\zip32.dll

----- BITS: Possible infected sites -----

hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-06 19:44 . 2009-11-06 19:44 -------- d-----w- d:\documents and settings\AlexIT\Tracing
2009-11-06 19:37 . 2009-11-06 19:37 -------- d-----w- d:\program files\Microsoft
2009-11-06 19:36 . 2009-11-06 19:36 -------- d-----w- d:\program files\Windows Live SkyDrive
2009-11-06 19:31 . 2009-11-06 19:31 -------- d-----w- d:\program files\Common Files\Windows Live
2009-10-29 21:04 . 2009-10-29 21:04 -------- d-----w- d:\documents and settings\AlexIT\Application Data\edu-media
2009-10-29 20:52 . 2009-10-29 20:52 -------- d-----w- d:\program files\Образование-Медиа
2009-10-28 17:32 . 2009-10-28 17:32 -------- d-----w- d:\documents and settings\AlexIT\.thumbnails
2009-10-28 14:58 . 2009-10-28 14:58 -------- d-----w- d:\documents and settings\AlexIT\Local Settings\Application Data\Opera
2009-10-28 14:58 . 2009-10-28 14:58 -------- d-----w- d:\program files\Opera
2009-10-27 17:06 . 2009-10-27 17:06 -------- d-----w- d:\program files\Paint.NET
2009-10-27 17:05 . 2009-10-28 17:30 -------- d-----w- d:\documents and settings\AlexIT\Local Settings\Application Data\Paint.NET
2009-10-27 17:04 . 2009-10-27 17:04 -------- d-----w- d:\program files\Free Image Editor
2009-10-27 16:48 . 2009-10-28 17:37 -------- d-----w- d:\documents and settings\AlexIT\Application Data\gtk-2.0
2009-10-27 16:46 . 2009-10-29 15:10 -------- d-----w- d:\documents and settings\AlexIT\.gimp-2.6
2009-10-27 16:43 . 2009-10-27 16:44 -------- d-----w- d:\program files\GIMP-2.0
2009-10-21 22:58 . 2009-10-21 22:59 -------- d-----w- d:\documents and settings\AlexIT\Local Settings\Application Data\Ephox
2009-10-20 23:22 . 2009-10-20 23:22 152576 ----a-w- d:\documents and settings\AlexIT\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-15 19:26 . 2009-10-15 19:26 -------- d-----w- d:\program files\DigiNotifier
2009-10-15 17:54 . 2009-10-15 17:55 -------- d-----w- d:\program files\XML Notepad 2007
2009-10-13 09:47 . 2009-10-13 09:47 -------- d-----w- d:\program files\Viewpoint
2009-10-13 09:46 . 2003-05-20 10:31 383488 ------w- d:\windows\system32\WPRH.dll
2009-10-13 09:46 . 2002-02-18 01:58 98304 ------w- d:\windows\system32\unzip32.dll
2009-10-13 09:46 . 2001-06-14 09:30 1044480 ------w- d:\windows\system32\ROBOEX32.DLL
2009-10-13 09:46 . 2002-11-13 08:39 49152 ------w- d:\windows\system32\kmword.dll
2009-10-13 09:46 . 2002-02-15 12:02 4142592 ------w- d:\windows\system32\qtintf.dll
2009-10-13 09:46 . 2001-05-22 09:00 22016 ------w- d:\windows\system32\borlndmm.dll
2009-10-13 09:46 . 2009-10-13 09:46 -------- d-----w- D:\C&M

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 08:49 . 2008-10-30 03:03 21536 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-11-11 08:49 . 2008-10-30 03:03 32 --sha-w- d:\windows\system32\drivers\fidbox.idx
2009-11-11 08:49 . 2008-10-30 03:03 2609696 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2009-11-11 08:33 . 2008-10-30 03:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-10 22:10 . 2008-10-30 03:03 247460 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2009-11-10 21:15 . 2008-11-05 20:25 -------- d-----w- d:\documents and settings\AlexIT\Application Data\Skype
2009-11-10 18:37 . 2008-11-22 22:08 -------- d-----w- d:\documents and settings\All Users\Application Data\Google Updater
2009-11-10 16:06 . 2009-11-10 14:59 9876743 ----a-w- d:\program files\edcast.log
2009-11-10 15:17 . 2008-10-30 12:48 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-11-09 17:44 . 2008-11-05 20:26 -------- d-----w- d:\documents and settings\AlexIT\Application Data\skypePM
2009-11-06 19:44 . 2008-10-30 00:54 89968 ----a-w- d:\documents and settings\AlexIT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 19:36 . 2008-12-12 19:25 -------- d-----w- d:\program files\Windows Live
2009-10-30 22:15 . 2001-10-20 13:00 74560 ----a-w- d:\windows\system32\perfc019.dat
2009-10-30 22:15 . 2001-10-20 13:00 441244 ----a-w- d:\windows\system32\perfh019.dat
2009-10-29 21:30 . 2008-10-30 04:02 -------- d-----w- d:\program files\FlashGet
2009-10-21 13:07 . 2008-10-30 02:39 -------- d-----w- d:\program files\Common Files\Adobe
2009-10-21 09:51 . 2008-11-07 23:37 -------- d-----w- d:\program files\Microsoft Silverlight
2009-10-20 23:24 . 2008-10-30 02:42 -------- d-----w- d:\program files\Java
2009-10-14 14:35 . 2008-10-30 03:03 95259 ----a-w- d:\windows\system32\drivers\klick.dat
2009-10-14 14:35 . 2008-10-30 03:03 108059 ----a-w- d:\windows\system32\drivers\klin.dat
2009-10-13 09:46 . 2008-10-30 01:51 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-10-12 19:06 . 2008-10-30 12:47 -------- d-----w- d:\program files\WebMoney
2009-10-08 10:37 . 2009-05-15 17:13 -------- d-----w- d:\program files\Warcraft III
2009-10-07 14:44 . 2009-10-07 14:43 -------- d-----w- d:\documents and settings\AlexIT\Application Data\Easy Thumbnails
2009-10-07 14:43 . 2009-10-07 14:43 -------- d-----w- d:\program files\Easy Thumbnails
2009-09-28 20:37 . 2009-09-28 20:37 -------- d-----w- d:\program files\Air Mouse
2009-09-28 11:14 . 2009-09-28 11:14 325 ----a-w- d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\avc\i386\ForDiff\daily.avc.scr
2009-09-25 18:51 . 2008-10-31 16:59 -------- d-----w- d:\program files\WebcamMax
2009-09-16 11:28 . 2009-09-16 11:28 98304 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-09-15 18:06 . 2009-09-15 17:49 -------- d-----w- d:\program files\GTA-ViceCity
2009-09-05 14:47 . 2009-09-05 14:47 349 ----a-w- d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\avc\i386\ForDiff\daily-ec.avc.com
2009-08-26 07:12 . 2009-08-26 07:12 152576 ----a-w- d:\documents and settings\AlexIT\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-20 11:56 . 2008-12-14 22:46 68556 ---ha-w- d:\windows\system32\mlfcache.dat
2009-08-19 21:46 . 2009-08-19 21:46 38208 ----a-w- d:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-19 21:46 . 2009-05-19 08:31 38208 ----a-w- d:\documents and settings\AlexIT\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YandexOnline"="d:\program files\Yandex\Online\online.exe" [2009-06-22 2558728]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"ISUSPM"="d:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Google Update"="d:\documents and settings\AlexIT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-04 133104]
"Yupdate!"="d:\program files\Common Files\Yandex\Yupdate\yupdate.exe" [2008-09-01 479496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Update"="d:\program files\OpenDNS U" [X]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"wmagent.exe"="d:\program files\WebMoney Agent\wmagent.exe" [2009-06-16 209376]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-01 1629744]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-01 1057328]
"BCD3000"="d:\windows\system32\bcd3kcpan.exe" [2008-11-21 552960]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"DigiNotifier"="d:\program files\DigiNotifier\DigiNotifier.exe" [2008-12-04 83479]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2008-10-07 1630208]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-10-09 17021440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

d:\documents and settings\AlexIT\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Create virtual drive for Denwer.lnk - c:\webservers\denwer\Boot.exe [2008-10-30 6656]

d:\documents and settings\All Users\ѓ« ў­®Ґ ¬Ґ­о\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
Air Mouse.lnk - d:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\vksaver.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Kaspersky Lab\\Kaspersky AV for Yandex Online\\avp.exe"=
"d:\\Program Files\\FlashGet\\flashget.exe"=
"d:\\Program Files\\WinSCP\\WinSCP.exe"=
"d:\\Program Files\\WebMoney\\WebMoney.exe"=
"c:\\WebServers\\usr\\local\\apache\\bin\\httpd.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Radio Toolbox\\rtb.exe"=
"d:\\Program Files\\Valve\\hl.exe"=
"d:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"d:\\Program Files\\NetDragon\\91 Mobile\\iPhone\\iPhone PC Suite.exe"=
"d:\\Downloads\\stalker-dream-16oct04\\XR_3DA.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 CAMTHWDM;WebcamMax, WDM Video Capture;d:\windows\system32\drivers\CAMTHWDM.sys [31.10.2008 17:51 1053056]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [13.12.2007 14:28 24592]
S3 BCD3000;Behringer BCD3000 V1.1.2.0;d:\windows\system32\drivers\BCD3000.SYS [24.07.2008 13:18 42496]
S3 BCD3000WDM;Behringer BCD3000WDM V1.1.2.0;d:\windows\system32\drivers\BCD3000WDM.SYS [24.07.2008 13:18 21600]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [06.11.2007 21:22 34064]
S3 PAC207;Trust WB-1400T Webcam;d:\windows\system32\drivers\PFC027.sys [24.02.2005 12:29 162176]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"d:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-11 d:\windows\Tasks\Google Software Updater.job
- d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-22 02:46]

2009-11-10 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-682003330-1003Core.job
- d:\documents and settings\AlexIT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-04 21:48]

2009-11-10 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-682003330-1003UA.job
- d:\documents and settings\AlexIT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-04 21:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.km.ru
uInternet Settings,ProxyOverride = *.local
IE: &Закачать все при помощи FlashGet - d:\program files\FlashGet\jc_all.htm
IE: &Закачать при помощи FlashGet - d:\program files\FlashGet\jc_link.htm
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master - d:\program files\Download Master\dmieall.htm
IE: Закачать при помощи Download Master - d:\program files\Download Master\dmie.htm
IE: Передать на удаленную закачку DM - d:\program files\Download Master\remdown.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} - d:\program files\Download Master\dmaster.exe
TCP: {5E2249A1-468F-4FD3-BEFA-17F775E724B2} = 208.67.222.222,208.67.220.220
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} - hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF - ProfilePath - d:\documents and settings\AlexIT\Application Data\Mozilla\Firefox\Profiles\fpf36mpe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: d:\documents and settings\AlexIT\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdm.dll

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-YandexDesktopSearch - d:\program files\Yandex\Desktop\yandesk.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 09:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867D81F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x867d81f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
malicious code @ sector 0x1d1c4581 size 0x1ac !
copy of MBR has been found in sector 62 !
PE file found in sector at 0x01D1C4581 !
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1252)
d:\windows\system32\vksaver.dll
d:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1324)
d:\windows\system32\vksaver.dll
.
Completion time: 2009-11-11 9:52
ComboFix-quarantined-files.txt 2009-11-11 08:51

Pre-Run: 4 488 122 368 байт свободно
Post-Run: 5 233 897 472 байт свободно

- - End Of File - - D05F5A84BA7E3CBBB6B493E259DAAB10
  • 0

#8
AlexIT
Posted 11 November 2009 - 03:04 AM

AlexIT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Malwarebytes' Anti-Malware 1.41
Database version: 3145
Windows 5.1.2600 Service Pack 2

11.11.2009 10:03:44
mbam-log-2009-11-11 (10-03-44).txt

Scan type: Quick Scan
Objects scanned: 99390
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Vkontakte (Trojan.Fkantakte) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#9
emeraldnzl
Posted 11 November 2009 - 01:40 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello AlexIT,

Download this tool to E:\Windows folder.

http://www2.gmer.net/mbr/mbr.exe

Double click it. It will create a log on your desktop. (mbr.log) Copy and post the contents back here.
  • 0

#10
AlexIT
Posted 11 November 2009 - 04:40 PM

AlexIT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x1d1c4581 size 0x1ac !
copy of MBR has been found in sector 62 !
PE file found in sector at 0x01D1C4581 !
  • 0

Advertisements

#11
emeraldnzl
Posted 11 November 2009 - 07:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello AlexIT,

Do you have your Windows Installation Disk?

If you have it then do this:
  • Restart your computer with the Windows XP Setup disk in the CDROM drive.
  • If you are prompted to press a key to start the computer from CDROM, do so quickly. Otherwise it may try to boot from the hard drive.
  • After a few minutes, you'll see a prompt to press the R key to start the Recovery Console.
  • When Recovery Console starts, it will prompt you to enter a number corresponding to the Windows XP installation that you need to repair. In most cases, you'll enter "1" (which will be the only choice). If you press ENTER without typing a number, Recovery Console will quit and restart your computer.
  • Enter your Administrator password. If you don't enter the correct password, you cannot continue. If you don't have a password just press enter.
  • At the Recovery Console command prompt, type fixmbr and then verify that you want to proceed.
After the restart go back to the Desktop & delete the existing mbr.log file
  • Double click on mbr.exe
  • Post me the text from the new mbr.log file

  • 0

#12
AlexIT
Posted 12 November 2009 - 10:02 AM

AlexIT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
I don't have Windows Installation Disk.
My Packard Bell comes with no CDs...
  • 0

#13
emeraldnzl
Posted 12 November 2009 - 01:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okay let's see if we can do this another way.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
*atapi*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
  • 0

#14
AlexIT
Posted 12 November 2009 - 04:42 PM

AlexIT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:38 on 12/11/2009 by AlexIT (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi*"
D:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95360 bytes [08:50 11/11/2009] [18:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
D:\WINDOWS\SoftwareDistribution\Download\66acf1be846aed209759f98abf400dd6\atapi.sys --a--- 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
D:\WINDOWS\system32\drivers\atapi.sys ------ 95360 bytes [18:59 03/08/2004] [18:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-
  • 0

#15
emeraldnzl
Posted 12 November 2009 - 05:40 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello AlexIT,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
D:\WINDOWS\ERDNT\cache\atapi.sys | D:\WINDOWS\system32\drivers\atapi.sys

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP