Лог утилиты random's system information tool 1.08 (автор: random/random)
Run by Админ at 2011-12-27 09:48:25
Microsoft Windows XP Professional Service Pack 3
Системный раздел D: размер 7 GB (20%) Свободно 35 GB
Total RAM: 2038 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:48:29, on 27.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Dicter\Dicter.exe
D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AnVir Task Manager\AnVir.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
d:\program files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\crypserv.exe
d:\program files\dicter\dicterservice.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\WINDOWS\system32\svchost.exe
d:\program files\Mozilla Firefox\plugin-container.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\avz4\avz.exe
D:\Program Files\avz4\RSIT.exe
D:\Program Files\trend micro\Админ.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell="Explorer.exe"
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Модуль поддержки Microsoft Web Test Recorder 10.0 - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - E:\I)LOVE_MYRI\VisualStudio\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DicterRu] D:\Program Files\Dicter\Dicter.exe
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnVir Task Manager] "D:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hqAPkD14ejM.exe
O4 - Startup: JEJaWOLrTTY.exe
O8 - Extra context menu item: &Отправить в OneNote - res://D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted IP range: http://192.168.0.1
O15 - ESC Trusted IP range: http://192.168.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: BlackfishSQL - CodeGear - D:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Dicter Service (DicterUpdateService) - Zeyfman Genady - d:\program files\dicter\dicterservice.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - D:\WINDOWS\system32\services.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - D:\WINDOWS\system32\imapi.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Unknown owner - D:\Program Files\Borland\InterBase\bin\ibguard.exe (file missing)
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - D:\Program Files\Borland\InterBase\bin\ibserver.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - D:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - D:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - D:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TicnoSearch - Unknown owner - D:\Program Files\Ticno\Multibar\SearchService.exe (file missing)
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - D:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - D:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 6642 bytes

======Снимок реестра======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDA57003-0068-4ed2-9D32-4D1EC707D94D}]
Модуль поддержки Microsoft Web Test Recorder 10.0 - E:\I)LOVE_MYRI\VisualStudio\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19 61360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2011-03-06 16384000]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2011-03-06 69632]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe []
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2010-01-13 166912]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2010-01-13 135680]
"egui"=D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-14 2219184]
"DicterRu"=D:\Program Files\Dicter\Dicter.exe [2011-11-11 2800128]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"AnVir Task Manager"=D:\Program Files\AnVir Task Manager\AnVir.exe [2011-07-07 5566232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-27 1983816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
d:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2]
D:\Documents and Settings\Админ\Local Settings\Application Data\MediaGet2\mediaget.exe [2011-08-11 8507624]

D:\Documents and Settings\Админ\Главное меню\Программы\Автозагрузка
hqAPkD14ejM.exe
JEJaWOLrTTY.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2010-01-13 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll [2010-06-28 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\программы\QIP Infium\infium.exe"="E:\программы\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\ICQ7.4\ICQ.exe"="E:\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"E:\I)LOVE_MYRI\Games\халфа2\Steam.exe"="E:\I)LOVE_MYRI\Games\халфа2\Steam.exe:*:Enabled:Steam"
"D:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="D:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"D:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="D:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"D:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Launcher.exe"="E:\Launcher.exe:*:Enabled:Hellgate: London"
"D:\Program Files\BlastShark\hellgate\BlastShark.exe"="D:\Program Files\BlastShark\hellgate\BlastShark.exe:*:Enabled:hellgate"
"E:\I)LOVE_MYRI\Games\нг\Launcher.exe"="E:\I)LOVE_MYRI\Games\нг\Launcher.exe:*:Enabled:Hellgate: London"
"D:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe"="D:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe:*:Enabled:D:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe"
"D:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe"="D:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe:*:Enabled:D:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe"
"E:\программы\skype\Phone\Skype.exe"="E:\программы\skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\ICQ7.4\ICQ.exe"="E:\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

======Список файлов и папок, созданных за последние 3 месяца======

2011-12-27 09:38:50 ----A---- D:\WINDOWS\system32\drivers\uji0nzmw.sys
2011-12-27 09:38:48 ----A---- D:\WINDOWS\system32\drivers\uti0nzmw.sys
2011-12-27 09:15:39 ----D---- D:\GOEDvM115vayK9N
2011-12-27 09:10:39 ----HD---- D:\WINDOWS\system32\GroupPolicy
2011-12-27 08:45:37 ----D---- D:\74SHnKpTmAE7Vw5
2011-12-26 20:46:06 ----D---- D:\Program Files\trend micro
2011-12-26 20:46:05 ----D---- D:\rsit
2011-12-26 20:39:39 ----D---- D:\Program Files\Hijack
2011-12-26 20:34:36 ----D---- D:\Program Files\avz4
2011-12-23 22:47:25 ----A---- D:\WINDOWS\system32\userinit.exe
2011-11-30 21:35:12 ----D---- D:\WINDOWS.0
2011-11-30 21:35:12 ----ASH---- D:\pagefile.sys
2011-11-30 18:53:09 ----D---- D:\Program Files\msn gaming zone
2011-11-23 12:05:16 ----ASH---- D:\hiberfil.sys
2011-11-21 22:18:24 ----A---- D:\Documents and Settings\Админ\Application Data\timing.txt
2011-11-19 21:25:36 ----D---- D:\Documents and Settings\All Users\Application Data\Sony
2011-11-19 21:18:36 ----D---- D:\Documents and Settings\All Users\Application Data\Socusoft
2011-11-19 21:18:29 ----A---- D:\WINDOWS\system32\msxml3a.dll
2011-11-19 21:18:13 ----D---- D:\Program Files\Socusoft
2011-11-17 21:30:54 ----D---- D:\Documents and Settings\All Users\Application Data\Yandex
2011-11-17 21:30:53 ----D---- D:\Program Files\Yandex
2011-11-13 17:31:55 ----D---- D:\Documents and Settings\Админ\Application Data\Ticno
2011-11-13 17:31:55 ----D---- D:\Documents and Settings\Админ\Application Data\Breakpad
2011-11-13 17:31:37 ----D---- D:\Documents and Settings\All Users\Application Data\Ticno
2011-11-12 15:44:20 ----D---- D:\Documents and Settings\Админ\Application Data\VKDJ
2011-11-12 11:08:15 ----D---- D:\Program Files\SysTools PDF Unlocker - v3.0 (Demo Version)
2011-11-11 23:06:06 ----D---- D:\Program Files\Common Files\Adobe
2011-11-11 21:47:06 ----D---- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2011-11-11 21:30:14 ----SHD---- D:\Config.Msi
2011-11-10 15:37:34 ----D---- D:\Documents and Settings\Админ\Application Data\MicroST
2011-11-10 09:39:39 ----D---- D:\Program Files\QipGuard
2011-11-10 09:39:38 ----D---- D:\Documents and Settings\Админ\Application Data\QipGuard
2011-10-21 18:42:12 ----D---- D:\Documents and Settings\Админ\Application Data\CodeGear
2011-10-21 18:41:42 ----HDC---- D:\Documents and Settings\All Users\Application Data\{55368B49-3888-4F1E-8356-388D0A20BF77}
2011-10-21 18:39:47 ----D---- D:\Program Files\Embarcadero
2011-10-21 18:39:47 ----D---- D:\Program Files\Common Files\CodeGear Shared
2011-10-21 18:39:47 ----D---- D:\Documents and Settings\Админ\Application Data\Embarcadero
2011-10-21 18:39:47 ----D---- D:\Documents and Settings\All Users\Application Data\Embarcadero
2011-10-21 18:31:17 ----HDC---- D:\Documents and Settings\All Users\Application Data\{BBD31133-40F8-4B57-9BA6-DB76C03D153B}
2011-10-18 14:39:04 ----RHD---- D:\Documents and Settings\Админ\Application Data\SecuROM
2011-10-18 14:39:04 ----A---- D:\WINDOWS\system32\CmdLineExt.dll
2011-10-18 14:16:36 ----D---- D:\Documents and Settings\All Users\Application Data\xOcean
2011-10-17 21:13:52 ----A---- D:\WINDOWS\IsUninst.exe
2011-10-17 21:13:38 ----A---- D:\WINDOWS\system32\ibxml.dll
2011-10-17 21:13:36 ----A---- D:\WINDOWS\system32\ibinstall.dll
2011-10-17 21:13:36 ----A---- D:\WINDOWS\system32\gds32.dll
2011-10-17 21:11:24 ----D---- D:\Program Files\Common Files\Borland Shared
2011-10-11 12:35:33 ----D---- D:\Documents and Settings\Админ\Application Data\Microsoft Corporation
2011-10-10 17:42:52 ----D---- D:\Documents and Settings\Админ\Application Data\MOVAVI
2011-10-09 19:11:27 ----D---- D:\Documents and Settings\Админ\Application Data\Unity
2011-10-02 09:11:08 ----D---- D:\Documents and Settings\Админ\Application Data\Obnovi Soft
2011-10-02 09:11:03 ----D---- D:\Program Files\Reg Organizer
2011-10-02 09:11:01 ----D---- D:\Program Files\AnVir Task Manager
2011-10-02 09:03:56 ----D---- D:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

======Список файлов и папок, измененных за последние 3 месяца======

2011-12-27 09:48:26 ----D---- D:\WINDOWS\Temp
2011-12-27 09:43:35 ----D---- D:\WINDOWS\Prefetch
2011-12-27 09:40:50 ----SHD---- D:\WINDOWS\Installer
2011-12-27 09:39:30 ----D---- D:\WINDOWS
2011-12-27 09:38:48 ----D---- D:\WINDOWS\system32\drivers
2011-12-27 09:37:59 ----D---- D:\WINDOWS\system32\CatRoot2
2011-12-27 09:10:39 ----D---- D:\WINDOWS\system32
2011-12-26 23:37:46 ----A---- D:\WINDOWS\SchedLgU.Txt
2011-12-26 20:46:06 ----RD---- D:\Program Files
2011-12-26 19:59:19 ----D---- D:\WINDOWS\Minidump
2011-12-25 23:28:43 ----A---- D:\WINDOWS\DjVuPro.INI
2011-12-25 23:28:13 ----D---- D:\Documents and Settings\Админ\Application Data\Skype
2011-12-25 20:43:20 ----D---- D:\Documents and Settings\Админ\Application Data\uTorrent
2011-12-25 12:46:02 ----D---- D:\WINDOWS\system32\drivers\etc
2011-12-23 19:56:14 ----D---- D:\WINDOWS\system32\config
2011-12-22 17:45:38 ----D---- D:\WINDOWS\system32\DirectX
2011-12-22 17:44:30 ----HD---- D:\WINDOWS\inf
2011-12-13 18:05:48 ----D---- D:\Documents and Settings\Админ\Application Data\Yandex
2011-12-04 15:43:20 ----D---- D:\Program Files\uTorrent
2011-11-30 22:20:29 ----A---- D:\WINDOWS\system32\taskmgr.exe
2011-11-30 19:12:30 ----SHD---- D:\RECYCLER
2011-11-30 18:57:40 ----D---- D:\Documents and Settings
2011-11-30 18:49:41 ----D---- D:\Program Files\Windows Media Player
2011-11-30 18:49:40 ----D---- D:\Program Files\Common Files\Services
2011-11-30 18:49:38 ----D---- D:\Program Files\Outlook Express
2011-11-30 18:49:25 ----D---- D:\Program Files\Movie Maker
2011-11-30 18:48:59 ----D---- D:\Program Files\Common Files\System
2011-11-30 18:48:48 ----D---- D:\Program Files\Internet Explorer
2011-11-30 18:48:07 ----D---- D:\Program Files\Windows Media Connect 2
2011-11-30 18:47:46 ----D---- D:\Program Files\Windows NT
2011-11-21 22:36:39 ----D---- D:\WINDOWS\Help
2011-11-21 22:31:57 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2011-11-21 22:14:11 ----RSHDC---- D:\WINDOWS\system32\dllcache
2011-11-19 21:27:14 ----RSD---- D:\WINDOWS\assembly
2011-11-19 21:24:07 ----D---- D:\WINDOWS\WinSxS
2011-11-13 17:30:02 ----D---- D:\Documents and Settings\Админ\Application Data\Installer
2011-11-12 13:38:48 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2011-11-11 23:06:31 ----D---- D:\Documents and Settings\All Users\Application Data\Adobe
2011-11-11 23:06:06 ----D---- D:\Program Files\Common Files
2011-11-11 23:06:06 ----D---- D:\Program Files\Adobe
2011-11-11 21:44:41 ----D---- D:\WINDOWS\SoftwareDistribution
2011-11-11 19:07:33 ----D---- D:\Program Files\Dicter
2011-11-10 12:24:51 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-11-09 13:16:36 ----D---- D:\Program Files\Mozilla Firefox
2011-10-22 14:52:21 ----D---- D:\Program Files\Garena
2011-10-21 19:24:26 ----D---- D:\WINDOWS\Microsoft.NET
2011-10-21 18:40:02 ----D---- D:\WINDOWS\system32\en-US
2011-10-21 18:30:09 ----D---- D:\WINDOWS\system32\appmgmt
2011-10-05 21:37:13 ----SD---- D:\WINDOWS\system32\Microsoft
2011-10-05 20:22:20 ----RSD---- D:\WINDOWS\Fonts
2011-10-04 19:07:22 ----D---- D:\Documents and Settings\All Users\Application Data\CanonIJPLM
2011-10-02 09:29:19 ----D---- D:\WINDOWS\security
2011-10-02 09:03:55 ----SD---- D:\WINDOWS\Tasks

======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)======

R0 IaStor;Intel AHCI Controller; D:\WINDOWS\system32\DRIVERS\iaStor.sys [2010-04-05 331288]
R0 ohci1394;Texas Instruments OHCI-совместимый IEEE 1394 хост-контроллер; D:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-15 61696]
R0 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2011-03-10 431672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2010-06-28 77568]
R1 ehdrv;ehdrv; D:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir; D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-12-21 94872]
R1 intelppm;Драйвер Intel процессора; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40704]
R1 NetworkX;NetworkX; D:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 newdriver;newdriver; \??\D:\WINDOWS\dfvbn.sys []
R1 oreans32;oreans32; \??\D:\WINDOWS\system32\drivers\oreans32.sys []
R2 eamon;eamon; D:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 exFat;exFat; D:\WINDOWS\system32\drivers\exFat.sys [2009-01-28 133632]
R2 rspndr;Ответчик обнаружения топологии уровня связи; D:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-10-11 62848]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; D:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728]
R3 Arp1394;Протокол клиента 1394 ARP; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2011-01-16 60800]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; D:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-03-10 218176]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 HidUsb;Драйвер класса HID Microsoft; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-01-13 1730272]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-03-06 4603904]
R3 mouhid;Драйвер мыши HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-19 12160]
R3 NIC1394;Сетевой драйвер 1394; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2011-01-16 61824]
R3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-15 20608]
R3 usbvideo;USB-видеоустройство (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 WSIMD;wsimd Service; D:\WINDOWS\system32\DRIVERS\wsimd.sys [2009-03-16 58208]
S3 ag0oa6z7;ag0oa6z7; D:\WINDOWS\system32\drivers\ag0oa6z7.sys []
S3 CCDECODE;Closed Caption декодер; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GGSAFERDriver;GGSAFER Driver; \??\E:\I)LOVE_MYRI\Games\Garena\safedrv.sys []
S3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-08-12 10578]
S3 KProcessHacker2;KProcessHacker2; \??\D:\Documents and Settings\Админ\Local Settings\Temp\yyhjznjh.r1q\kph.sys []
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-10-28 272232]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Класс принтеров Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Драйвер USB-сканера; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VSPerfDrv100;Performance Tools Driver 10.0; \??\E:\I)LOVE_MYRI\VisualStudio\Team Tools\Performance Tools\VSPerfDrv100.sys []
S3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2010-06-28 38528]
S3 WSTCODEC;World Standard Teletext кодек; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2010-06-28 82944]
S3 XDva385;XDva385; \??\D:\WINDOWS\system32\XDva385.sys []
S3 XDva386;XDva386; \??\D:\WINDOWS\system32\XDva386.sys []
S3 XDva388;XDva388; \??\D:\WINDOWS\system32\XDva388.sys []
S3 XDva391;XDva391; \??\D:\WINDOWS\system32\XDva391.sys []
S4 RsFx0103;RsFx0103 Driver; D:\WINDOWS\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)======

R2 Crypkey License;Crypkey License; D:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 DicterUpdateService;Dicter Service; d:\program files\dicter\dicterservice.exe [2011-11-11 938496]
R2 ekrn;ESET Service; D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-14 810144]
R2 SQLWriter;Модуль сервера SQL Server для записи VSS; D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
S3 aspnet_state;Служба состояний ASP.NET; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 BlackfishSQL;BlackfishSQL; D:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [2009-08-02 65536]
S3 EhttpSrv;ESET HTTP Server; D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-14 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
S3 InterBaseGuardian;InterBase Guardian; D:\Program Files\Borland\InterBase\bin\ibguard.exe []
S3 InterBaseServer;InterBase Server; D:\Program Files\Borland\InterBase\bin\ibserver.exe []
S3 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office  Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 Steam Client Service;Steam Client Service; D:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 TicnoSearch;TicnoSearch; D:\Program Files\Ticno\Multibar\SearchService.exe []
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; D:\Program Files\Windows Media Player\wmpnetwk.exe [2009-02-04 914944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 MSSQLServerADHelper100;Служба поддержки Active Directory сервера SQL Server; D:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;Агент SQL Server (SQLEXPRESS); D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server, обозреватель; D:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------