OTL logfile created on: 01.04.2011 20:21:41 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\User\Мои документы\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 2,05 Gb Free Space | 10,47% Space Free | Partition Type: NTFS
Drive D: | 213,35 Gb Total Space | 105,67 Gb Free Space | 49,53% Space Free | Partition Type: NTFS
 
Computer Name: MYCOMP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011.04.01 19:11:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe
PRC - [2011.02.23 18:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.02.23 18:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.01.01 19:45:29 | 001,041,088 | ---- | M] () -- C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
PRC - [2009.07.27 06:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.03.30 13:04:16 | 000,418,816 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2009.01.11 19:28:29 | 000,132,096 | ---- | M] () -- C:\Program Files\VistaDriveIcon\VistaDrv.exe
PRC - [2008.04.15 16:00:00 | 000,111,104 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\services.exe
PRC - [2008.04.15 16:00:00 | 000,069,120 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\NOTEPAD.EXE
PRC - [2008.04.15 16:00:00 | 000,050,688 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\smss.exe
PRC - [2008.04.14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.19 21:32:12 | 000,041,472 | ---- | M] () -- C:\Program Files\Volumecontrol2\LouderIt.exe
PRC - [2007.12.18 17:34:10 | 000,074,240 | ---- | M] (G&G Software, Moscow State University) -- C:\Program Files\AmlMaple\AmlMaple.exe
PRC - [2007.12.14 18:17:33 | 000,086,016 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
PRC - [2007.03.09 12:47:08 | 000,062,976 | ---- | M] (Alexander Avdonin) -- C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
PRC - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011.04.01 19:11:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe
MOD - [2009.03.30 12:48:14 | 000,245,760 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDApix.dll
MOD - [2008.04.15 16:00:00 | 008,480,256 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008.04.15 16:00:00 | 001,287,168 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008.04.15 16:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008.04.15 16:00:00 | 000,997,888 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008.04.15 16:00:00 | 000,991,744 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008.04.15 16:00:00 | 000,797,696 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\comres.dll
MOD - [2008.04.15 16:00:00 | 000,719,360 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008.04.15 16:00:00 | 000,687,616 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008.04.15 16:00:00 | 000,634,368 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\user32.dll
MOD - [2008.04.15 16:00:00 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2008.04.15 16:00:00 | 000,474,112 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008.04.15 16:00:00 | 000,279,040 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008.04.15 16:00:00 | 000,219,648 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008.04.15 16:00:00 | 000,146,944 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008.04.15 16:00:00 | 000,067,584 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008.02.19 21:32:38 | 000,018,944 | ---- | M] () -- C:\Program Files\Volumecontrol2\LHook.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011.02.23 18:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.01.01 19:45:29 | 001,041,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe -- (Guard.Mail.ru)
SRV - [2010.11.04 21:44:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.04.15 16:00:00 | 000,687,616 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi) Расширения драйверов WMI (Windows Management Instrumentation)
SRV - [2008.04.15 16:00:00 | 000,483,840 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008.04.15 16:00:00 | 000,436,736 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008.04.15 16:00:00 | 000,409,088 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) Фоновая интеллектуальная служба передачи (BITS)
SRV - [2008.04.15 16:00:00 | 000,333,824 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Служба загрузки изображений (WIA)
SRV - [2008.04.15 16:00:00 | 000,330,752 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Брандмауэр Windows/Общий доступ к Интернету (ICS)
SRV - [2008.04.15 16:00:00 | 000,295,936 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008.04.15 16:00:00 | 000,290,304 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008.04.15 16:00:00 | 000,249,856 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008.04.15 16:00:00 | 000,247,296 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Служба сетевого расположения (NLA)
SRV - [2008.04.15 16:00:00 | 000,198,144 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008.04.15 16:00:00 | 000,193,024 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008.04.15 16:00:00 | 000,186,368 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008.04.15 16:00:00 | 000,175,616 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008.04.15 16:00:00 | 000,171,008 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008.04.15 16:00:00 | 000,171,008 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008.04.15 16:00:00 | 000,150,528 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008.04.15 16:00:00 | 000,145,408 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008.04.15 16:00:00 | 000,141,824 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008.04.15 16:00:00 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008.04.15 16:00:00 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008.04.15 16:00:00 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008.04.15 16:00:00 | 000,126,464 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008.04.15 16:00:00 | 000,126,464 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008.04.15 16:00:00 | 000,113,664 | ---- | M] (Корпорация Майкрософт) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.15 16:00:00 | 000,113,664 | ---- | M] (Корпорация Майкрософт) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.15 16:00:00 | 000,111,104 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2008.04.15 16:00:00 | 000,111,104 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008.04.15 16:00:00 | 000,096,768 | ---- | M] (Корпорация Майкрософт) [Disabled | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008.04.15 16:00:00 | 000,091,648 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008.04.15 16:00:00 | 000,073,216 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008.04.15 16:00:00 | 000,045,568 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008.04.15 16:00:00 | 000,032,768 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008.04.15 16:00:00 | 000,024,064 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008.04.15 16:00:00 | 000,018,944 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011.02.23 17:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.02.23 17:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.02.23 17:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.02.23 17:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.02.23 17:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.02.23 17:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.02.23 17:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.06.30 01:15:27 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009.06.09 18:29:22 | 001,177,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athr.sys -- (athr)
DRV - [2009.06.05 19:14:40 | 001,766,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.03.27 17:43:42 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.10.27 16:28:52 | 000,878,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.07.21 00:31:12 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDLWWAN.sys -- (PTDLWWAN)
DRV - [2008.07.21 00:31:06 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDLVsp.sys -- (PTDLVsp)
DRV - [2008.07.21 00:31:04 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDLMdm.sys -- (PTDLMdm)
DRV - [2008.07.21 00:31:02 | 000,032,256 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDLBus.sys -- (PTDLBus)
DRV - [2008.04.15 16:00:00 | 000,188,288 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008.04.15 16:00:00 | 000,125,440 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2008.04.15 16:00:00 | 000,120,192 | ---- | M] (Корпорация Майкрософт) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008.04.15 16:00:00 | 000,080,128 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2008.04.15 16:00:00 | 000,073,472 | ---- | M] (Корпорация Майкрософт) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008.04.15 16:00:00 | 000,065,024 | ---- | M] (Корпорация Майкрософт) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\serial.sys -- (Serial)
DRV - [2008.04.15 16:00:00 | 000,051,968 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008.04.15 16:00:00 | 000,044,544 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008.04.15 16:00:00 | 000,030,208 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008.04.15 16:00:00 | 000,024,832 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008.04.15 16:00:00 | 000,012,160 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2008.04.15 16:00:00 | 000,011,776 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys -- (ACPIEC)
DRV - [2008.04.15 16:00:00 | 000,006,912 | ---- | M] (Корпорация Майкрософт) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2008.04.15 01:11:48 | 000,058,368 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008.04.14 22:22:30 | 000,068,480 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008.04.14 22:17:16 | 000,037,504 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008.04.14 22:14:10 | 000,053,120 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008.04.14 22:07:44 | 000,023,296 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008.04.07 15:00:46 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CRFILTER.sys -- (CRFILTER)
DRV - [2006.12.18 00:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\G, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\G, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\G, = http://www.google.com/search?q=%s
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\G, = http://www.google.com/search?q=%s
 
IE - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru/cnt/7828
IE - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\Software\Microsoft\Internet Explorer\SearchURL\G, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
IE - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "http://www.mail.ru/"
FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/search?fr=fftb&utf8in&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mail.ru/cnt/7828"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.4
FF - prefs.js..extensions.enabledItems: imglikeopera@imfo.ru:0.6.18
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.3.4
FF - prefs.js..extensions.enabledItems: yasearch@yandex.ru:5.0.3
FF - prefs.js..extensions.enabledItems: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D}:2.4.0.30
FF - prefs.js..extensions.enabledItems: {81514210-E22A-4e69-93D5-E1EFD45B4620}:0.2.09.07.07
FF - prefs.js..keyword.URL: "http://go.mail.ru/search?utf8in=1&fr=fftbUFix&q="
 
 
[2010.11.04 21:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011.02.12 00:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions
[2010.11.04 21:42:08 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011.01.20 00:30:43 | 000,000,000 | ---D | M] (Спутник @Mail.Ru) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2010.11.04 21:42:08 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.11.04 21:42:08 | 000,000,000 | ---D | M] ("Text Link") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}
[2010.11.04 21:42:08 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010.11.04 21:42:08 | 000,000,000 | ---D | M] (Past Modern) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
[2010.11.04 21:42:09 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010.11.04 21:42:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.04 21:42:09 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.11.04 21:42:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.11.04 21:42:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\elemhidehelper@adblockplus.org
[2010.11.04 21:42:08 | 000,000,000 | ---D | M] (ImgLikeOpera) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\imglikeopera@imfo.ru
[2010.12.20 00:01:58 | 000,000,000 | ---D | M] (MyPlayCity.Бар) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\yasearch@yandex.ru
[2010.12.20 00:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\extensions\yasearch@yandex.ru\chrome\skin\extensions-hacks
[2011.02.05 23:20:33 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\k7wui19f.default\searchplugins\mailru---.xml
[2011.02.11 14:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.11.04 21:42:10 | 000,000,000 | ---D | M] (FlashGot) -- C:\Program Files\Mozilla Firefox\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.11.04 21:42:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Program Files\Mozilla Firefox\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.11.04 21:42:10 | 000,000,000 | ---D | M] ("Text Link") -- C:\Program Files\Mozilla Firefox\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}
[2010.11.04 21:42:10 | 000,000,000 | ---D | M] (IE Tab) -- C:\Program Files\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010.11.04 21:42:10 | 000,000,000 | ---D | M] (Past Modern) -- C:\Program Files\Mozilla Firefox\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
[2010.11.04 21:42:10 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Program Files\Mozilla Firefox\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010.11.04 21:42:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Program Files\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.04 21:42:11 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Program Files\Mozilla Firefox\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.11.04 21:42:12 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Program Files\Mozilla Firefox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010.11.04 21:42:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Program Files\Mozilla Firefox\extensions\elemhidehelper@adblockplus.org
[2010.11.04 21:42:10 | 000,000,000 | ---D | M] (ImgLikeOpera) -- C:\Program Files\Mozilla Firefox\extensions\imglikeopera@imfo.ru
[2010.11.04 21:26:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.11.04 21:35:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2008.10.05 07:24:02 | 003,695,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2009.07.03 20:36:44 | 000,001,122 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\priceru.xml
[2009.07.03 20:36:44 | 000,002,395 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\rambler.xml
[2009.07.03 20:36:44 | 000,001,945 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\torgmailru.xml
[2009.07.03 20:36:44 | 000,001,304 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-ru.xml
[2009.07.03 20:36:44 | 000,004,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yandex-slovari.xml
[2009.07.03 20:36:44 | 000,004,281 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yandex.xml
 
O1 HOSTS File: ([2011.04.01 18:11:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (IE 4.x-6.x BHO for Download Master) - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\Program Files\Download Master\dmiehlp.dll (WestByte)
O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EDF7BDB3-F1D6-4b9f-8E93-742A4D9443FC} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EDF7BDB3-F1D6-4b9f-8E93-742A4D9443FC} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKU\.DEFAULT..\Run: [Aml Maple] C:\Program Files\AmlMaple\AmlMaple.exe (G&G Software, Moscow State University)
O4 - HKU\.DEFAULT..\Run: [louderit.exe] C:\Program Files\Volumecontrol2\LouderIt.exe ()
O4 - HKU\.DEFAULT..\Run: [VistaIcon] C:\Program Files\VistaDriveIcon\VistaDrv.exe ()
O4 - HKU\S-1-5-18..\Run: [Aml Maple] C:\Program Files\AmlMaple\AmlMaple.exe (G&G Software, Moscow State University)
O4 - HKU\S-1-5-18..\Run: [louderit.exe] C:\Program Files\Volumecontrol2\LouderIt.exe ()
O4 - HKU\S-1-5-18..\Run: [VistaIcon] C:\Program Files\VistaDriveIcon\VistaDrv.exe ()
O4 - HKU\S-1-5-21-2025429265-926492609-1417001333-1004..\Run: [Aml Maple] C:\Program Files\AmlMaple\AmlMaple.exe (G&G Software, Moscow State University)
O4 - HKU\S-1-5-21-2025429265-926492609-1417001333-1004..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-21-2025429265-926492609-1417001333-1004..\Run: [louderit.exe] C:\Program Files\Volumecontrol2\LouderIt.exe ()
O4 - HKU\S-1-5-21-2025429265-926492609-1417001333-1004..\Run: [VistaIcon] C:\Program Files\VistaDriveIcon\VistaDrv.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [IE7_00]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [Rebuild Icon Cache] C:\WINDOWS\System32\REBUILDI.EXE (Quiet Installer by YikxX)
O4 - HKU\S-1-5-18..\RunOnce: [IE7_00]  File not found
O4 - HKU\S-1-5-18..\RunOnce: [Rebuild Icon Cache] C:\WINDOWS\System32\REBUILDI.EXE (Quiet Installer by YikxX)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: InternetOpenWith = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: InternetOpenWith = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: InternetOpenWith = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: InternetOpenWith = 0
O7 - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: InternetOpenWith = 0
O7 - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2025429265-926492609-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files\Download Master\dmieall.htm ()
O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files\Download Master\dmie.htm ()
O9 - Extra Button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe (WestByte)
O9 - Extra 'Tools' menuitem : &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe (WestByte)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Корпорация Майкрософт)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.34.50 192.168.0.1
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Корпорация Майкрософт)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Предзагрузчик Browseui - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Демон кэша категорий компонентов - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O24 - Desktop Components:0 (Моя текущая домашняя страница) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Корпорация Майкрософт)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.04 21:24:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.04.01 20:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011.04.01 20:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011.04.01 20:19:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1045
[2011.04.01 20:17:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.04.01 20:17:19 | 001,571,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sfcfiles.dll
[2011.04.01 20:17:19 | 001,035,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2011.04.01 20:17:19 | 000,510,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winlogon.exe
[2011.04.01 20:17:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.01 20:16:25 | 001,571,840 | ---- | C] (Microsoft Corporation) -- C:\sfcfiles.dll
[2011.04.01 20:16:25 | 001,035,264 | ---- | C] (Microsoft Corporation) -- C:\explorer.exe
[2011.04.01 20:16:25 | 000,510,464 | ---- | C] (Microsoft Corporation) -- C:\winlogon.exe
[2011.04.01 18:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.04.01 18:02:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.04.01 18:00:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.04.01 18:00:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.04.01 18:00:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.04.01 18:00:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.04.01 18:00:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.04.01 18:00:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.01 17:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mail.Ru
[2011.03.31 15:41:46 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.04.01 20:21:03 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2011.04.01 20:19:54 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.01 20:19:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011.04.01 20:19:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.01 20:19:46 | 2110,869,504 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.01 19:28:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.01 18:15:28 | 001,095,360 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011.04.01 18:15:28 | 000,484,600 | ---- | M] () -- C:\WINDOWS\System32\perfh019.dat
[2011.04.01 18:15:28 | 000,441,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.01 18:15:28 | 000,084,280 | ---- | M] () -- C:\WINDOWS\System32\perfc019.dat
[2011.04.01 18:15:28 | 000,071,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.01 18:11:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2011.04.01 18:11:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.04.01 18:02:22 | 000,000,330 | RHS- | M] () -- C:\boot.ini
[2011.04.01 17:39:17 | 004,311,627 | R--- | M] () -- C:\Documents and Settings\User\Рабочий стол\ComboFix.exe
[2011.04.01 17:31:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.01 17:31:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2011.03.31 15:41:46 | 000,005,758 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.03.16 18:57:13 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Рабочий стол\Skype.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.04.01 18:02:22 | 000,000,214 | ---- | C] () -- C:\Boot.bak
[2011.04.01 18:02:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011.04.01 18:00:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.04.01 18:00:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.04.01 18:00:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.04.01 18:00:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.04.01 18:00:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.04.01 17:38:57 | 004,311,627 | R--- | C] () -- C:\Documents and Settings\User\Рабочий стол\ComboFix.exe
[2011.02.13 05:27:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010.12.18 14:30:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.12.04 01:09:54 | 000,000,196 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2010.12.04 01:09:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010.11.05 00:17:04 | 001,095,360 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.11.05 00:17:04 | 000,004,337 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.11.05 00:13:30 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010.11.05 00:13:30 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010.11.05 00:11:30 | 001,451,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.04 22:55:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.11.04 22:54:49 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.11.04 22:54:48 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.11.04 22:54:48 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.11.04 22:54:47 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010.11.04 22:54:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.11.04 22:54:47 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.11.04 22:16:55 | 002,110,646 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010.11.04 22:15:09 | 001,766,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010.11.04 22:15:09 | 000,035,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010.11.04 21:58:48 | 000,026,088 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.11.04 21:37:35 | 000,001,174 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010.11.04 21:35:08 | 000,066,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.11.04 21:28:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.11.04 21:26:53 | 000,696,240 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010.11.04 21:26:53 | 000,000,792 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010.11.04 21:26:08 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\hidcon.exe
[2010.11.04 21:25:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LM_Helper.exe
[2010.11.04 21:24:24 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll
[2010.11.04 21:24:24 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2010.11.04 21:24:24 | 000,052,836 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010.11.04 21:24:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2010.11.04 21:23:08 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.11.04 21:23:04 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010.11.04 21:21:23 | 000,022,564 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.11.04 21:21:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2010.11.04 21:21:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2010.11.04 21:20:42 | 000,025,791 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2010.11.04 21:20:41 | 000,003,841 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008.04.15 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.15 16:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2008.04.15 16:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2008.04.15 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.15 16:00:00 | 000,484,600 | ---- | C] () -- C:\WINDOWS\System32\perfh019.dat
[2008.04.15 16:00:00 | 000,441,322 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.15 16:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2008.04.15 16:00:00 | 000,305,414 | ---- | C] () -- C:\WINDOWS\System32\perfi019.dat
[2008.04.15 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.15 16:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2008.04.15 16:00:00 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2008.04.15 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.15 16:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2008.04.15 16:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2008.04.15 16:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2008.04.15 16:00:00 | 000,084,280 | ---- | C] () -- C:\WINDOWS\System32\perfc019.dat
[2008.04.15 16:00:00 | 000,071,258 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.15 16:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2008.04.15 16:00:00 | 000,070,318 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2008.04.15 16:00:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2008.04.15 16:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2008.04.15 16:00:00 | 000,051,981 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2008.04.15 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.15 16:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2008.04.15 16:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2008.04.15 16:00:00 | 000,039,370 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2008.04.15 16:00:00 | 000,036,176 | ---- | C] () -- C:\WINDOWS\System32\perfd019.dat
[2008.04.15 16:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2008.04.15 16:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2008.04.15 16:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2008.04.15 16:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2008.04.15 16:00:00 | 000,034,000 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2008.04.15 16:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2008.04.15 16:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2008.04.15 16:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2008.04.15 16:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2008.04.15 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.15 16:00:00 | 000,027,900 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2008.04.15 16:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2008.04.15 16:00:00 | 000,021,002 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2008.04.15 16:00:00 | 000,019,940 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2008.04.15 16:00:00 | 000,019,854 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2008.04.15 16:00:00 | 000,015,738 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2008.04.15 16:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2008.04.15 16:00:00 | 000,014,959 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2008.04.15 16:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2008.04.15 16:00:00 | 000,013,787 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2008.04.15 16:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2008.04.15 16:00:00 | 000,013,042 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2008.04.15 16:00:00 | 000,012,610 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2008.04.15 16:00:00 | 000,011,835 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2008.04.15 16:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2008.04.15 16:00:00 | 000,009,035 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2008.04.15 16:00:00 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2008.04.15 16:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2008.04.15 16:00:00 | 000,006,191 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2008.04.15 16:00:00 | 000,004,960 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2008.04.15 16:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.15 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.15 16:00:00 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\kb.dll
[2008.04.15 16:00:00 | 000,003,332 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2008.04.15 16:00:00 | 000,003,244 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe
[2008.04.15 16:00:00 | 000,002,982 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2008.04.15 16:00:00 | 000,002,903 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2008.04.15 16:00:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2008.04.15 16:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.15 16:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2008.04.15 16:00:00 | 000,001,269 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2008.04.15 16:00:00 | 000,001,149 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2008.04.15 16:00:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe
[2008.04.15 16:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2008.04.15 16:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2008.04.15 16:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2008.04.15 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.04.15 16:00:00 | 000,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2008.04.15 16:00:00 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2008.04.15 16:00:00 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2008.04.15 16:00:00 | 000,000,143 | ---- | C] () -- C:\WINDOWS\System32\fSetup.ini
[2008.04.07 15:00:46 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\CRFILTER.dll
[2001.10.20 01:06:36 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001.10.20 01:06:20 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2001.04.25 17:37:43 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\QTJavaNative.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.12.22 23:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010.12.09 12:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010.12.04 19:15:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010.12.04 19:41:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011.01.01 19:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guard.Mail.Ru
[2010.12.09 12:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MonteCristo
[2010.11.04 21:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\uTorrent
[2010.12.22 23:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2010.12.09 12:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\blg
[2010.12.04 19:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2010.12.09 14:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Download Master
[2010.11.29 19:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iPlus
[2010.11.04 21:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2011.02.17 04:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2010.12.20 00:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Yandex
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >