Лог утилиты random's system information tool 1.09 (автор: random/random)
Run by администратор at 2012-01-25 17:25:06
Microsoft Windows XP Professional Service Pack 3
Системный раздел C: размер 8 GB (40%) Свободно 20 GB
Total RAM: 1023 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:25:22, on 25.01.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DrWeb Enterprise Suite\DWENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\DrWeb Enterprise Suite\drwagntd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DrWeb Enterprise Suite\drwagnui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Documents and Settings\администратор\Рабочий стол\RSIT.exe
C:\Program Files\trend micro\администратор.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 1.0.0.252:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DrWebAgentUI] "C:\Program Files\DrWeb Enterprise Suite\drwagnui.exe"
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb Enterprise Suite\SPIDERML.EXE" -autorun
O4 - HKLM\..\Run: [spidergate] "C:\Program Files\DrWeb Enterprise Suite\SPIDERGATE.EXE" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = svetly.adm
O17 - HKLM\Software\..\Telephony: DomainName = svetly.adm
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA44D4D1-46C3-4E1C-8EF3-D42C40C76856}: NameServer = 1.0.0.244
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = svetly.adm
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Dr.Web(R) Enterprise Agent (drwagntd) - Doctor Web, Ltd. - C:\Program Files\DrWeb Enterprise Suite\drwagntd.exe
O23 - Service: Dr.Web (R) Scanning Engine (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\DrWeb Enterprise Suite\DWENGINE.EXE
O23 - Service: Dr.Web(R) Enterprise Upgrade Service (drwupgrade) - Doctor Web, Ltd. - C:\Program Files\DrWeb Enterprise Suite\1\drwupgrade.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 7300 bytes

======Папка назначеных зданий======

C:\WINDOWS\tasks\User_Feed_Synchronization-{59214F1E-D800-4EBE-833B-5CE89FF920DD}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C1781EC8-367B-470B-9110-A1F92C733B1E}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{F59CA515-EB6A-4EDC-9976-E57F93F3DA91}.job

======Снимок реестра======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll [2010-08-14 423792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL [2010-06-13 80248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll [2010-08-14 423792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"DrWebAgentUI"=C:\Program Files\DrWeb Enterprise Suite\drwagnui.exe [2011-11-01 2516880]
"SpIDerMail"=C:\Program Files\DrWeb Enterprise Suite\SPIDERML.EXE [2011-08-23 1591024]
"spidergate"=C:\Program Files\DrWeb Enterprise Suite\SPIDERGATE.EXE [2011-11-18 2194160]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-11-09 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-11-10 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NetWriter\NetWriter.exe"="C:\Program Files\NetWriter\NetWriter.exe:*:Enabled:NetWriter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NetWriter\NetWriter.exe"="C:\Program Files\NetWriter\NetWriter.exe:*:Enabled:NetWriter"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======Список файлов и папок, созданных за последние 3 месяца======

2012-01-25 17:25:10 ----D---- C:\Program Files\trend micro
2012-01-25 17:25:06 ----D---- C:\rsit
2012-01-25 16:54:20 ----D---- C:\Program Files\Symantec
2012-01-25 16:54:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-01-25 16:54:20 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2012-01-25 16:54:20 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2012-01-25 16:53:50 ----D---- C:\WINDOWS\system32\drivers\NIS
2012-01-25 16:53:47 ----D---- C:\Program Files\Windows Sidebar
2012-01-25 16:53:47 ----D---- C:\Program Files\Norton Internet Security
2012-01-25 16:53:46 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2012-01-25 16:53:35 ----D---- C:\Program Files\NortonInstaller
2012-01-25 16:53:35 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2012-01-25 15:47:22 ----A---- C:\WINDOWS\system32\drivers\uzm3mtq3.sys
2012-01-25 10:02:41 ----D---- C:\Documents and Settings\администратор\Application Data\Macromedia
2012-01-25 10:02:35 ----D---- C:\Documents and Settings\администратор\Application Data\Adobe
2012-01-25 09:24:41 ----A---- C:\WINDOWS\Face.INI
2012-01-25 09:24:39 ----A---- C:\WINDOWS\Layout2.INI
2012-01-18 10:16:52 ----A---- C:\WINDOWS\system32\drivers\SiWinAcc.sys
2012-01-18 10:16:52 ----A---- C:\WINDOWS\system32\drivers\SiRemFil.sys
2012-01-18 10:16:52 ----A---- C:\WINDOWS\system32\drivers\Si3114r5.sys
2012-01-18 09:43:05 ----A---- C:\WINDOWS\system32\drivers\RtKHDMI.sys
2012-01-18 09:43:04 ----A---- C:\WINDOWS\system32\RHCoInstXP.dll
2012-01-18 09:43:04 ----A---- C:\WINDOWS\RtaUpd.exe
2011-12-29 16:24:37 ----A---- C:\WINDOWS\system32\drivers\AsIO.sys
2011-12-29 16:24:37 ----A---- C:\WINDOWS\system32\AsIO.dll
2011-12-29 16:24:34 ----D---- C:\Program Files\ASUS
2011-12-29 16:24:34 ----A---- C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2011-12-29 16:24:34 ----A---- C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2011-12-29 16:05:51 ----D---- C:\WINDOWS\system32\Lang
2011-12-29 16:02:27 ----A---- C:\WINDOWS\SkyTel.exe
2011-12-29 16:02:27 ----A---- C:\WINDOWS\RTHDCPL.exe
2011-12-29 16:02:27 ----A---- C:\WINDOWS\alcwzrd.exe
2011-12-29 16:02:27 ----A---- C:\WINDOWS\Alcmtr.exe
2011-12-29 16:02:26 ----A---- C:\WINDOWS\RtlUpd.exe
2011-12-29 16:02:26 ----A---- C:\WINDOWS\RTLCPL.exe
2011-12-29 16:02:26 ----A---- C:\WINDOWS\MicCal.exe
2011-12-29 16:02:25 ----D---- C:\WINDOWS\system32\RTCOM
2011-12-29 16:02:25 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011-12-29 16:02:12 ----D---- C:\Program Files\Realtek
2011-12-29 16:01:38 ----A---- C:\WINDOWS\RtlExUpd.dll
2011-12-29 15:54:35 ----D---- C:\Documents and Settings\администратор\Application Data\ATI
2011-12-29 15:54:35 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2011-12-29 15:48:31 ----D---- C:\Program Files\AMD APP
2011-12-29 15:47:20 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2011-12-29 15:47:20 ----A---- C:\WINDOWS\system32\ativva6x.dat
2011-12-29 15:47:20 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\drivers\ati2erec.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\ativvamv.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\ativva5x.dat
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\atitvo32.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\atioglxx.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\ATIODE.exe
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\ATIODCLI.exe
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\atimpc32.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\atikvmag.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\atiicdxx.dat
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\aticalrt.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\aticaldd.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\aticalcl.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\atibtmon.exe
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2011-12-29 15:47:19 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2011-12-29 15:47:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-12-29 15:33:00 ----A---- C:\WINDOWS\system32\ChCfg.exe
2011-12-29 15:31:44 ----D---- C:\Program Files\Realtek AC97
2011-12-29 15:31:37 ----A---- C:\WINDOWS\alcupd.exe
2011-12-29 15:31:37 ----A---- C:\WINDOWS\Alcrmv.exe
2011-12-28 11:15:04 ----D---- C:\Program Files\ATI
2011-12-28 11:11:14 ----D---- C:\Program Files\ATI Technologies
2011-12-28 11:11:01 ----HD---- C:\Program Files\InstallShield Installation Information
2011-12-28 11:09:37 ----D---- C:\Program Files\Common Files\InstallShield
2011-12-28 11:09:08 ----D---- C:\ATI
2011-12-28 10:58:04 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2011-12-28 10:55:07 ----A---- C:\WINDOWS\Ascd_tmp.ini
2011-12-28 10:55:05 ----A---- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2011-12-28 10:51:01 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2011-12-28 10:42:56 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2011-12-28 10:41:08 ----ASH---- C:\pagefile.sys
2011-11-09 22:39:44 ----A---- C:\WINDOWS\system32\OpenVideo.dll
2011-11-09 22:39:32 ----A---- C:\WINDOWS\system32\OVDecode.dll
2011-11-09 22:38:40 ----A---- C:\WINDOWS\system32\amdocl.dll
2011-11-09 22:37:46 ----A---- C:\WINDOWS\system32\OpenCL.dll

======Список файлов и папок, измененных за последние 3 месяца======

2012-01-25 17:25:22 ----D---- C:\WINDOWS\Prefetch
2012-01-25 17:25:10 ----RD---- C:\Program Files
2012-01-25 17:22:00 ----D---- C:\WINDOWS\Temp
2012-01-25 16:54:23 ----SHD---- C:\System Volume Information
2012-01-25 16:54:20 ----D---- C:\WINDOWS\system32\drivers
2012-01-25 16:54:20 ----D---- C:\WINDOWS\system32
2012-01-25 16:54:20 ----D---- C:\Program Files\Common Files
2012-01-25 16:01:27 ----D---- C:\WINDOWS
2012-01-25 15:59:28 ----D---- C:\Program Files\DrWeb Enterprise Suite
2012-01-25 15:59:19 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-25 15:57:47 ----D---- C:\WINDOWS\security
2012-01-25 15:57:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-25 13:36:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-01-25 09:33:03 ----SD---- C:\Documents and Settings\администратор\Application Data\Microsoft
2012-01-25 09:26:29 ----HD---- C:\WINDOWS\inf
2012-01-25 09:21:36 ----SHD---- C:\RECYCLER
2012-01-18 14:06:02 ----D---- C:\WINDOWS\Minidump
2012-01-18 11:18:45 ----RSD---- C:\WINDOWS\assembly
2012-01-18 11:18:45 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-18 10:23:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-18 10:10:02 ----SHD---- C:\WINDOWS\Installer
2012-01-18 10:09:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-18 10:09:10 ----A---- C:\WINDOWS\imsins.BAK
2012-01-18 10:06:42 ----A---- C:\WINDOWS\system32\MRT.exe
2012-01-18 10:05:19 ----D---- C:\Program Files\Internet Explorer
2012-01-18 10:03:35 ----D---- C:\WINDOWS\WinSxS
2012-01-18 10:00:52 ----A---- C:\WINDOWS\win.ini
2011-12-29 15:54:35 ----D---- C:\WINDOWS\system32\config
2011-12-28 10:02:28 ----A---- C:\WINDOWS\DUMP4110.tmp
2011-12-09 15:24:31 ----A---- C:\WINDOWS\DUMP3bd0.tmp
2011-12-07 17:43:11 ----A---- C:\WINDOWS\DUMP38d2.tmp
2011-12-06 18:29:29 ----D---- C:\ConsUserData
2011-11-26 01:57:31 ----A---- C:\WINDOWS\system32\winsrv.dll
2011-11-20 10:12:43 ----A---- C:\WINDOWS\system32\packager.exe
2011-11-16 18:21:50 ----A---- C:\WINDOWS\system32\winhttp.dll
2011-11-16 18:21:49 ----A---- C:\WINDOWS\system32\schannel.dll
2011-11-15 12:06:05 ----D---- C:\WINDOWS\ie8updates
2011-11-10 06:53:20 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2011-11-10 06:50:00 ----A---- C:\WINDOWS\system32\ati3duag.dll
2011-11-10 06:30:14 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2011-11-10 06:12:22 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2011-11-08 17:46:16 ----N---- C:\WINDOWS\system32\tzchange.exe
2011-11-05 14:13:50 ----A---- C:\WINDOWS\system32\ieframe.dll
2011-11-04 23:13:49 ----N---- C:\WINDOWS\system32\occache.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\wininet.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\urlmon.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\url.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\mstime.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\mshtmled.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\msfeeds.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\licmgr10.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\jsproxy.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\iertutil.dll
2011-11-04 23:13:49 ----A---- C:\WINDOWS\system32\iepeers.dll
2011-11-04 23:13:48 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2011-11-04 15:25:39 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2011-11-03 19:29:12 ----A---- C:\WINDOWS\system32\quartz.dll
2011-11-03 19:29:12 ----A---- C:\WINDOWS\system32\qdvd.dll
2011-11-01 20:07:12 ----A---- C:\WINDOWS\system32\ole32.dll
2011-10-28 20:07:18 ----A---- C:\WINDOWS\system32\jscript.dll
2011-10-28 09:32:21 ----A---- C:\WINDOWS\system32\csrsrv.dll
2011-10-26 14:49:56 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2011-10-26 14:49:56 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)======

R0 DwProt;DrWeb Protection; C:\WINDOWS\system32\drivers\dwprot.sys [2011-10-04 149272]
R0 ohci1394;Texas Instruments OHCI-совместимый IEEE 1394 хост-контроллер; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 Si3114r5;SiI-3114 SoftRaid 5 Controller; C:\WINDOWS\system32\DRIVERS\Si3114r5.sys [2007-02-07 209200]
R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys [2004-11-01 10368]
R0 SiRemFil;SATALink External Device Filter; C:\WINDOWS\system32\DRIVERS\SiRemFil.sys [2006-10-18 5504]
R0 SpiderG3;DrWeb file system scanner; C:\WINDOWS\system32\drivers\spiderg3.sys [2011-09-27 109560]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMDS.SYS [2010-06-13 339504]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMEFA.SYS [2010-07-29 666672]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSPX.SYS [2010-07-29 50096]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1201000.025\Ironx86.SYS [2010-06-27 134704]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMTDI.SYS [2010-07-13 369072]
R1 uzm3mtq3;AVZ-RK Kernel Driver; \??\C:\WINDOWS\system32\Drivers\uzm3mtq3.sys []
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]
R3 Arp1394;Протокол клиента 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-11-10 7493120]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys []
R3 mouhid;Драйвер мыши HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-19 12160]
R3 ms_mpu401;Драйвер UART Microsoft MPU-401 MIDI; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS []
R3 NIC1394;Сетевой драйвер 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2011-07-06 4137960]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSP.SYS [2010-07-29 489008]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S3 EraserUtilDrv11010;EraserUtilDrv11010; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Драйвер USB-сканера; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-11-10 643072]
R2 DrWebEngine;Dr.Web (R) Scanning Engine; C:\Program Files\DrWeb Enterprise Suite\DWENGINE.EXE [2011-09-23 1830744]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-07-23 126904]
R2 uvnc_service;uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [2009-04-03 1693128]
R3 drwagntd;Dr.Web(R) Enterprise Agent; C:\Program Files\DrWeb Enterprise Suite\drwagntd.exe [2011-11-01 3770256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 drwupgrade;Dr.Web(R) Enterprise Upgrade Service; C:\Program Files\DrWeb Enterprise Suite\1\drwupgrade.exe [2011-10-19 1307968]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
S3 aspnet_state;Служба состояний ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------