ComboFix 10-07-13.08 - Maxim 15.07.2010 1:17:25.1.1 - x86 Running from: C:\Documents and Settings\Maxim\╨рсюўшщ ёЄюы\ComboFix.exe AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B} FW: Doctor Web Firewall *disabled* {3454C8F1-ECBC-4181-A7F4-04632FBA762B} * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . [i] ADS - svchost.exe: deleted 68 bytes in 1 streams. [/i] [i] ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams. [/i] [i] ADS - explorer.exe: deleted 132 bytes in 1 streams. [/i] [i] ADS - win32k.sys: deleted 68 bytes in 1 streams. [/i] [i] ADS - netcfgx.dll: deleted 36 bytes in 1 streams. [/i] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\Maxim\Application Data\AD ON Multimedia C:\Documents and Settings\Maxim\Application Data\AD ON Multimedia\eBay Shortcuts\config.ini C:\Documents and Settings\Maxim\Application Data\CMedia\CMedia.dat C:\Documents and Settings\Maxim\Application Data\CMedia\Feed\feed.xml C:\Documents and Settings\Maxim\Application Data\CMedia\g.fla C:\Documents and Settings\Maxim\Application Data\EurekaLog C:\Documents and Settings\Maxim\Application Data\Microsoft\Internet Explorer\qiPSearchbar.dll C:\WINDOWS.1\system32\Sqldebug.exe C:\DOCUME~2\Maxim\LOCALS~1\Temp\16C77995-417E8290-2208D8E0-3D3F2ED1\62a9d_xp.exe . . . . failed to delete C:\DOCUME~2\Maxim\LOCALS~1\Temp\16C77995-417E8290-2208D8E0-3D3F2ED1\ea44bf.exe . . . . failed to delete C:\DOCUME~2\Maxim\LOCALS~1\Temp\16C77995-417E8290-2208D8E0-3D3F2ED1\setup.dll . . . . failed to delete C:\Documents and Settings\Maxim\Local Settings\Temp\16C77995-417E8290-2208D8E0-3D3F2ED1\62a9d_xp.exe . . . . failed to delete C:\Documents and Settings\Maxim\Local Settings\Temp\16C77995-417E8290-2208D8E0-3D3F2ED1\ea44bf.exe . . . . failed to delete C:\Documents and Settings\Maxim\Local Settings\Temp\16C77995-417E8290-2208D8E0-3D3F2ED1\setup.dll . . . . failed to delete ----- File Replicators ----- C:\WINDOWS.1\system32\08IA6R38\P001.exe C:\WINDOWS.1\system32\0EK25LZU\P001.exe C:\WINDOWS.1\system32\0KDU1Z0D\P001.exe C:\WINDOWS.1\system32\0PSSWQBL\P001.exe C:\WINDOWS.1\system32\0PT8K4JC\P001.exe C:\WINDOWS.1\system32\0R5RZ8ZT\P001.exe C:\WINDOWS.1\system32\0RARULWJ\P001.exe C:\WINDOWS.1\system32\1255YTY0\P001.exe C:\WINDOWS.1\system32\1DOPHPVP\P001.exe C:\WINDOWS.1\system32\1FA0344R\P001.exe C:\WINDOWS.1\system32\1JSTSCER\P001.exe C:\WINDOWS.1\system32\1K2S0J5A\P001.exe C:\WINDOWS.1\system32\1OLLPPFA\P001.exe C:\WINDOWS.1\system32\1PQ06GKQ\P001.exe C:\WINDOWS.1\system32\1QVKWW6S\P001.exe C:\WINDOWS.1\system32\1VKKT3C3\P001.exe C:\WINDOWS.1\system32\27614FB7\P001.exe C:\WINDOWS.1\system32\2CTUOXHX\P001.exe C:\WINDOWS.1\system32\2EUOMWXR\P001.exe C:\WINDOWS.1\system32\2EZT1SCQ\P001.exe C:\WINDOWS.1\system32\2FQ23684\P001.exe C:\WINDOWS.1\system32\2H8TIOS6\P001.exe C:\WINDOWS.1\system32\2VCB8BG5\P001.exe C:\WINDOWS.1\system32\31425OHO\P001.exe C:\WINDOWS.1\system32\32RCDQHC\P001.exe C:\WINDOWS.1\system32\34E2NKX3\P001.exe C:\WINDOWS.1\system32\3B6UJYYM\P001.exe C:\WINDOWS.1\system32\3E5ACVOF\P001.exe C:\WINDOWS.1\system32\3JGLE6L2\P001.exe C:\WINDOWS.1\system32\3O8CAKML\P001.exe C:\WINDOWS.1\system32\3ZLCQ6WL\P001.exe C:\WINDOWS.1\system32\42W4PPC5\P001.exe C:\WINDOWS.1\system32\43Q2ILFT\P001.exe C:\WINDOWS.1\system32\45LUI2Q0\P001.exe C:\WINDOWS.1\system32\4CELEGRJ\P001.exe C:\WINDOWS.1\system32\4GYMGCZ4\P001.exe C:\WINDOWS.1\system32\4H1DGIUC\P001.exe C:\WINDOWS.1\system32\4MELB2BE\P001.exe C:\WINDOWS.1\system32\4Q4EOXET\P001.exe C:\WINDOWS.1\system32\4WX4LBFC\P001.exe C:\WINDOWS.1\system32\4ZQV70QW\P001.exe C:\WINDOWS.1\system32\51PWHPGU\P001.exe C:\WINDOWS.1\system32\52KVBKJI\P001.exe C:\WINDOWS.1\system32\546MKEZA\P001.exe C:\WINDOWS.1\system32\57IOE2HD\P001.exe C:\WINDOWS.1\system32\58JUFYGC\P001.exe C:\WINDOWS.1\system32\5EBGBHIV\P001.exe C:\WINDOWS.1\system32\5FBMBDGU\P001.exe C:\WINDOWS.1\system32\5MJ4SW3P\P001.exe C:\WINDOWS.1\system32\5NU4DWVU\P001.exe C:\WINDOWS.1\system32\61JPAOKJ\P001.exe C:\WINDOWS.1\system32\66CH62L1\P001.exe C:\WINDOWS.1\system32\674MHBPK\P001.exe C:\WINDOWS.1\system32\6D88T0U6\P001.exe C:\WINDOWS.1\system32\6GEDCJC0\P001.exe C:\WINDOWS.1\system32\6KVDI2NX\P001.exe C:\WINDOWS.1\system32\6M647WDJ\P001.exe C:\WINDOWS.1\system32\6RM22NOS\P001.exe C:\WINDOWS.1\system32\70KIRCIN\P001.exe C:\WINDOWS.1\system32\7EWEEOQ2\P001.exe C:\WINDOWS.1\system32\7JP5B2RL\P001.exe C:\WINDOWS.1\system32\7MDKJZP8\P001.exe C:\WINDOWS.1\system32\7P444T1U\P001.exe C:\WINDOWS.1\system32\7ZRPBD3I\P001.exe C:\WINDOWS.1\system32\81QP2I4Q\P001.exe C:\WINDOWS.1\system32\86HMDB6A\P001.exe C:\WINDOWS.1\system32\8BH7YH28\P001.exe C:\WINDOWS.1\system32\8CWL71HI\P001.exe C:\WINDOWS.1\system32\8MSYKXCQ\P001.exe C:\WINDOWS.1\system32\8Z4U6AK5\P001.exe C:\WINDOWS.1\system32\A4XM3NKO\P001.exe C:\WINDOWS.1\system32\ABJTXRZI\P001.exe C:\WINDOWS.1\system32\ABPEZ1L6\P001.exe C:\WINDOWS.1\system32\AO042UDD\P001.exe C:\WINDOWS.1\system32\AYYNY8NU\P001.exe C:\WINDOWS.1\system32\B4QEVNOD\P001.exe C:\WINDOWS.1\system32\BHCKU500\P001.exe C:\WINDOWS.1\system32\BM4CQJ0J\P001.exe C:\WINDOWS.1\system32\BSM5W2S7\P001.exe C:\WINDOWS.1\system32\BSZOUVQ0\P001.exe C:\WINDOWS.1\system32\BYTUFNZA\P001.exe C:\WINDOWS.1\system32\C3C6YYYM\P001.exe C:\WINDOWS.1\system32\CG5DM43O\P001.exe C:\WINDOWS.1\system32\CL0PQHU6\P001.exe C:\WINDOWS.1\system32\CXEUZBBE\P001.exe C:\WINDOWS.1\system32\CXRFR8RJ\P001.exe C:\WINDOWS.1\system32\D2TTU1MN\P001.exe C:\WINDOWS.1\system32\D84YUDY4\P001.exe C:\WINDOWS.1\system32\DEADSIRY\P001.exe C:\WINDOWS.1\system32\DFXQRQZN\P001.exe C:\WINDOWS.1\system32\DQ12TAOB\P001.exe C:\WINDOWS.1\system32\DWA7Z831\P001.exe C:\WINDOWS.1\system32\E1IMRPTL\P001.exe C:\WINDOWS.1\system32\E1P6TZFB\P001.exe C:\WINDOWS.1\system32\E7BDO3U3\P001.exe C:\WINDOWS.1\system32\EJ0O1IJQ\P001.exe C:\WINDOWS.1\system32\EP74SRTW\P001.exe C:\WINDOWS.1\system32\EPTGYVK8\P001.exe C:\WINDOWS.1\system32\EXAQKTZ2\H001.exe C:\WINDOWS.1\system32\FC5JRJLN\P001.exe C:\WINDOWS.1\system32\FD1PX3MW\P001.exe C:\WINDOWS.1\system32\FIHORUX4\P001.exe C:\WINDOWS.1\system32\FJN3AK2L\P001.exe C:\WINDOWS.1\system32\FOAGO7YN\P001.exe C:\WINDOWS.1\system32\FV0OQ74S\P001.exe C:\WINDOWS.1\system32\GG0ICNAB\P001.exe C:\WINDOWS.1\system32\GHBHKT1T\P001.exe C:\WINDOWS.1\system32\GS082223\P001.exe C:\WINDOWS.1\system32\GSS8DF7O\P001.exe C:\WINDOWS.1\system32\GT26LMZ5\P001.exe C:\WINDOWS.1\system32\H2OYJKSA\P001.exe C:\WINDOWS.1\system32\HB6P2GA5\P001.exe C:\WINDOWS.1\system32\HFGPKCQM\P001.exe C:\WINDOWS.1\system32\HSJ6BYEL\P001.exe C:\WINDOWS.1\system32\HYBY7CF3\P001.exe C:\WINDOWS.1\system32\I33Q3QFM\P001.exe C:\WINDOWS.1\system32\I7HQGXTS\P001.exe C:\WINDOWS.1\system32\IL2FALTR\P001.exe C:\WINDOWS.1\system32\IRV66YUA\P001.exe C:\WINDOWS.1\system32\IVPZF5VG\P001.exe C:\WINDOWS.1\system32\J02RW772\P001.exe C:\WINDOWS.1\system32\JEZGBUZ7\P001.exe C:\WINDOWS.1\system32\JKS7780Q\P001.exe C:\WINDOWS.1\system32\JUAZ0U6K\P001.exe C:\WINDOWS.1\system32\JVIZPI1Z\P001.exe C:\WINDOWS.1\system32\JWNY2DVS\P001.exe C:\WINDOWS.1\system32\K0FWT3NQ\P001.exe C:\WINDOWS.1\system32\K0UR6KEN\P001.exe C:\WINDOWS.1\system32\KI68F1I2\P001.exe C:\WINDOWS.1\system32\KJ3FLMJB\P001.exe C:\WINDOWS.1\system32\KNZ0CGJL\P001.exe C:\WINDOWS.1\system32\KQLZ3M18\P001.exe C:\WINDOWS.1\system32\L3WAUWP0\P001.exe C:\WINDOWS.1\system32\LGO0UPND\P001.exe C:\WINDOWS.1\system32\LM8S1FTG\P001.exe C:\WINDOWS.1\system32\LSKRJ5PO\P001.exe C:\WINDOWS.1\system32\LTRR7TJ3\P001.exe C:\WINDOWS.1\system32\M3NIFY3P\P001.exe C:\WINDOWS.1\system32\M3VI4MY4\P001.exe C:\WINDOWS.1\system32\MB8BY84E\P001.exe C:\WINDOWS.1\system32\MF5S2PZV\P001.exe C:\WINDOWS.1\system32\MR1JYSUX\P001.exe C:\WINDOWS.1\system32\MXTBU6VG\P001.exe C:\WINDOWS.1\system32\N72T3Y5C\P001.exe C:\WINDOWS.1\system32\N848RDD2\P001.exe C:\WINDOWS.1\system32\N8C9H07I\P001.exe C:\WINDOWS.1\system32\NFW0OQEL\P001.exe C:\WINDOWS.1\system32\NLYKZ20E\P001.exe C:\WINDOWS.1\system32\NQQCVG0W\P001.exe C:\WINDOWS.1\system32\O1XAXBMS\P001.exe C:\WINDOWS.1\system32\O1ZU48BS\P001.exe C:\WINDOWS.1\system32\O25ANYG8\P001.exe C:\WINDOWS.1\system32\OEVL0D5U\P001.exe C:\WINDOWS.1\system32\OV737UAA\P001.exe C:\WINDOWS.1\system32\PIYKB3PX\P001.exe C:\WINDOWS.1\system32\PJAS5SQ7\P001.exe C:\WINDOWS.1\system32\PORB6HQG\P001.exe C:\WINDOWS.1\system32\POUJCJWB\P001.exe C:\WINDOWS.1\system32\PP2J16RQ\P001.exe C:\WINDOWS.1\system32\PT6A171P\P001.exe C:\WINDOWS.1\system32\Q8ONGZ4J\P001.exe C:\WINDOWS.1\system32\QC2TCQZY\P001.exe C:\WINDOWS.1\system32\QHCJ536N\P001.exe C:\WINDOWS.1\system32\QN3B2I75\P001.exe C:\WINDOWS.1\system32\QUFBJ83E\P001.exe C:\WINDOWS.1\system32\QZZ1YM27\P001.exe C:\WINDOWS.1\system32\R4HLSNAP\P001.exe C:\WINDOWS.1\system32\RINKIH51\P001.exe C:\WINDOWS.1\system32\RN7CP6C3\P001.exe C:\WINDOWS.1\system32\RNGCFU6K\P001.exe C:\WINDOWS.1\system32\RSW2YV8O\P001.exe C:\WINDOWS.1\system32\RTGC6UNJ\P001.exe C:\WINDOWS.1\system32\RYPUVA86\P001.exe C:\WINDOWS.1\system32\S4KTXPHJ\P001.exe C:\WINDOWS.1\system32\SMT3Z5E3\P001.exe C:\WINDOWS.1\system32\SR82UWPD\P001.exe C:\WINDOWS.1\system32\SRGBUATX\P001.exe C:\WINDOWS.1\system32\SW1TRAQV\P001.exe C:\WINDOWS.1\system32\t\P001.exe C:\WINDOWS.1\system32\T11FCGNV\P001.exe C:\WINDOWS.1\system32\T2MLY0WY\P001.exe C:\WINDOWS.1\system32\T7EDUEXH\P001.exe C:\WINDOWS.1\system32\TKA3QISJ\P001.exe C:\WINDOWS.1\system32\TWXTWYT5\P001.exe C:\WINDOWS.1\system32\UE63RSYZ\P001.exe C:\WINDOWS.1\system32\UKZVN5ZI\P001.exe C:\WINDOWS.1\system32\UPSNKJ00\P001.exe C:\WINDOWS.1\system32\V634S14F\P001.exe C:\WINDOWS.1\system32\VDQCM5J8\P001.exe C:\WINDOWS.1\system32\VDWWOG5X\P001.exe C:\WINDOWS.1\system32\VE1C65BE\P001.exe C:\WINDOWS.1\system32\VJPOLT6G\P001.exe C:\WINDOWS.1\system32\VVEUFOFT\P001.exe C:\WINDOWS.1\system32\W015TCBV\P001.exe C:\WINDOWS.1\system32\W0ULR1O6\P001.exe C:\WINDOWS.1\system32\WA4M0XLM\P001.exe C:\WINDOWS.1\system32\WI63YKSL\P001.exe C:\WINDOWS.1\system32\WJJ3JKKR\P001.exe C:\WINDOWS.1\system32\WOEFNVA8\P001.exe C:\WINDOWS.1\system32\WU56J8BR\P001.exe C:\WINDOWS.1\system32\XH6GTTJZ\P001.exe C:\WINDOWS.1\system32\XHV3FK1G\P001.exe C:\WINDOWS.1\system32\XT26OXE1\P001.exe C:\WINDOWS.1\system32\XY6LM25V\P001.exe C:\WINDOWS.1\system32\XZJL62W0\P001.exe C:\WINDOWS.1\system32\XZUYLBFK\P001.exe C:\WINDOWS.1\system32\YBCHJRJV\P001.exe C:\WINDOWS.1\system32\YBGHE2GL\P001.exe C:\WINDOWS.1\system32\YCT6KR8R\P001.exe C:\WINDOWS.1\system32\YG72ALI4\P001.exe C:\WINDOWS.1\system32\YGJ2UKAB\P001.exe C:\WINDOWS.1\system32\YH38G4KE\P001.exe C:\WINDOWS.1\system32\YYGQONOT\P001.exe C:\WINDOWS.1\system32\YYVL22EQ\P001.exe C:\WINDOWS.1\system32\Z2YJCTXT\P001.exe C:\WINDOWS.1\system32\Z48IK0PC\P001.exe C:\WINDOWS.1\system32\Z8RB87YC\P001.exe C:\WINDOWS.1\system32\ZSLREKOP\P001.exe C:\WINDOWS.1\system32\ZXKLI2MK\P001.exe C:\WINDOWS.1\system32\ZYEJBYP7\P001.exe . ----- BITS: Possible infected sites ----- hxxp://81.95.145.234 C:\WINDOWS.1\system32\mpnotify.exe . . . is infected!! C:\WINDOWS.1\system32\Com\comrereg.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SFC -------\Service_sfc ((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 ))))))))))))))))))))))))))))))) . 2010-07-14 20:52:41 . 2010-07-14 20:52:41 -------- d-----w- C:\Documents and Settings\Maxim\Application Data\DAEMON Tools Pro 2010-07-14 20:52:41 . 2010-07-14 20:52:41 -------- d-----w- C:\Documents and Settings\Maxim\Application Data\DAEMON Tools 2010-07-14 20:41:22 . 2010-07-14 20:41:22 -------- d-----w- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite 2010-07-14 20:40:36 . 2010-07-14 20:40:39 -------- d-----w- C:\Program Files\DAEMON Tools 2010-07-14 20:32:54 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\6RM22NOS 2010-07-14 20:31:16 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\6M647WDJ 2010-07-14 20:29:41 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\6GEDCJC0 2010-07-14 20:28:04 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\5MJ4SW3P 2010-07-14 20:26:28 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\546MKEZA 2010-07-14 20:24:53 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\5NU4DWVU 2010-07-14 20:23:18 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\4H1DGIUC 2010-07-14 20:21:42 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\4ZQV70QW 2010-07-14 20:20:38 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\4CELEGRJ 2010-07-14 20:19:03 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\45LUI2Q0 2010-07-14 20:17:28 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\3O8CAKML 2010-07-14 20:15:53 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\3JGLE6L2 2010-07-14 20:14:17 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\31425OHO 2010-07-14 20:12:41 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\2VCB8BG5 2010-07-14 20:11:06 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\2EZT1SCQ 2010-07-14 20:09:30 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\27614FB7 2010-07-14 20:07:54 . 2010-07-14 21:25:22 -------- d-----w- C:\WINDOWS.1\system32\1QVKWW6S 2010-07-14 20:06:19 . 2010-07-14 21:25:22 -------- d-----w- C:\WINDOWS.1\system32\1K2S0J5A 2010-07-14 20:04:44 . 2010-07-14 21:25:22 -------- d-----w- C:\WINDOWS.1\system32\1FA0344R 2010-07-14 20:03:09 . 2010-07-14 21:25:22 -------- d-----w- C:\WINDOWS.1\system32\08IA6R38 2010-07-14 20:01:34 . 2010-07-14 21:25:22 -------- d-----w- C:\WINDOWS.1\system32\0R5RZ8ZT 2010-07-14 20:00:30 . 2010-07-14 21:25:22 -------- d-----w- C:\WINDOWS.1\system32\0RARULWJ 2010-07-14 19:58:53 . 2010-07-14 21:25:12 -------- d-----w- C:\WINDOWS.1\system32\ZYEJBYP7 2010-07-14 19:57:18 . 2010-07-14 21:25:12 -------- d-----w- C:\WINDOWS.1\system32\ZSLREKOP 2010-07-14 19:56:14 . 2010-07-14 21:25:12 -------- d-----w- C:\WINDOWS.1\system32\Z48IK0PC 2010-07-14 19:54:39 . 2010-07-14 21:25:12 -------- d-----w- C:\WINDOWS.1\system32\YYGQONOT 2010-07-14 19:53:04 . 2010-07-14 21:25:12 -------- d-----w- C:\WINDOWS.1\system32\YH38G4KE 2010-07-14 19:51:29 . 2010-07-14 21:25:12 -------- d-----w- C:\WINDOWS.1\system32\YBCHJRJV 2010-07-14 19:50:25 . 2010-07-14 21:25:12 -------- d-----w- C:\WINDOWS.1\system32\YBGHE2GL 2010-07-14 19:48:50 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\XH6GTTJZ 2010-07-14 19:47:15 . 2010-07-14 21:25:12 -------- d-----w- C:\WINDOWS.1\system32\XZUYLBFK 2010-07-14 19:45:40 . 2010-07-14 21:25:12 -------- d-----w- C:\WINDOWS.1\system32\XT26OXE1 2010-07-14 19:44:36 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\WU56J8BR 2010-07-14 19:43:01 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\WOEFNVA8 2010-07-14 19:41:57 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\W015TCBV 2010-07-14 19:40:22 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\VJPOLT6G 2010-07-14 19:38:47 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\VDWWOG5X 2010-07-14 19:37:12 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\V634S14F 2010-07-14 19:35:36 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\UPSNKJ00 2010-07-14 19:34:01 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\UKZVN5ZI 2010-07-14 19:32:26 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\UE63RSYZ 2010-07-14 19:30:50 . 2010-07-14 21:25:14 -------- d-----w- C:\WINDOWS.1\system32\T7EDUEXH 2010-07-14 19:29:15 . 2010-07-14 21:25:14 -------- d-----w- C:\WINDOWS.1\system32\T2MLY0WY 2010-07-14 19:27:40 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\TKA3QISJ 2010-07-14 19:26:36 . 2010-07-14 21:25:13 -------- d-----w- C:\WINDOWS.1\system32\TWXTWYT5 2010-07-14 19:25:33 . 2010-07-14 21:25:14 -------- d-----w- C:\WINDOWS.1\system32\SW1TRAQV 2010-07-14 19:24:03 . 2010-07-14 21:25:14 -------- d-----w- C:\WINDOWS.1\system32\SR82UWPD 2010-07-14 19:22:19 . 2010-07-14 21:25:14 -------- d-----w- C:\WINDOWS.1\system32\SMT3Z5E3 2010-07-14 19:20:44 . 2010-07-14 21:25:14 -------- d-----w- C:\WINDOWS.1\system32\R4HLSNAP 2010-07-14 19:19:09 . 2010-07-14 21:25:14 -------- d-----w- C:\WINDOWS.1\system32\RYPUVA86 2010-07-14 19:17:33 . 2010-07-14 21:25:14 -------- d-----w- C:\WINDOWS.1\system32\RSW2YV8O 2010-07-14 19:15:58 . 2010-07-14 21:25:14 -------- d-----w- C:\WINDOWS.1\system32\QN3B2I75 2010-07-14 19:14:23 . 2010-07-14 21:25:14 -------- d-----w- C:\WINDOWS.1\system32\QHCJ536N 2010-07-14 19:12:48 . 2010-07-14 21:25:14 -------- d-----w- C:\WINDOWS.1\system32\QZZ1YM27 2010-07-14 19:11:13 . 2010-07-14 21:25:15 -------- d-----w- C:\WINDOWS.1\system32\PT6A171P 2010-07-14 19:09:35 . 2010-07-14 21:25:15 -------- d-----w- C:\WINDOWS.1\system32\PORB6HQG 2010-07-14 19:08:02 . 2010-07-14 21:25:15 -------- d-----w- C:\WINDOWS.1\system32\PIYKB3PX 2010-07-14 19:06:21 . 2010-07-14 21:25:15 -------- d-----w- C:\WINDOWS.1\system32\O1ZU48BS 2010-07-14 19:04:46 . 2010-07-14 21:25:15 -------- d-----w- C:\WINDOWS.1\system32\OV737UAA 2010-07-14 19:03:10 . 2010-07-14 21:25:15 -------- d-----w- C:\WINDOWS.1\system32\OEVL0D5U 2010-07-14 19:01:37 . 2010-07-14 21:25:15 -------- d-----w- C:\WINDOWS.1\system32\N72T3Y5C 2010-07-14 18:59:59 . 2010-07-14 21:25:15 -------- d-----w- C:\WINDOWS.1\system32\NQQCVG0W 2010-07-14 18:58:24 . 2010-07-14 21:25:15 -------- d-----w- C:\WINDOWS.1\system32\NLYKZ20E 2010-07-14 18:56:51 . 2010-07-14 21:25:16 -------- d-----w- C:\WINDOWS.1\system32\MF5S2PZV 2010-07-14 18:55:13 . 2010-07-14 21:25:15 -------- d-----w- C:\WINDOWS.1\system32\MXTBU6VG 2010-07-14 18:53:38 . 2010-07-14 21:25:16 -------- d-----w- C:\WINDOWS.1\system32\MR1JYSUX 2010-07-14 18:52:02 . 2010-07-14 21:25:16 -------- d-----w- C:\WINDOWS.1\system32\LM8S1FTG 2010-07-14 18:50:27 . 2010-07-14 21:25:16 -------- d-----w- C:\WINDOWS.1\system32\L3WAUWP0 2010-07-14 18:48:20 . 2010-07-14 21:25:16 -------- d-----w- C:\WINDOWS.1\system32\LGO0UPND 2010-07-14 18:46:35 . 2010-07-14 21:25:16 -------- d-----w- C:\WINDOWS.1\system32\K0FWT3NQ 2010-07-14 18:44:59 . 2010-07-14 21:25:16 -------- d-----w- C:\WINDOWS.1\system32\KJ3FLMJB 2010-07-14 18:43:19 . 2010-07-14 21:25:16 -------- d-----w- C:\WINDOWS.1\system32\KQLZ3M18 2010-07-14 18:41:44 . 2010-07-14 21:25:16 -------- d-----w- C:\WINDOWS.1\system32\JKS7780Q 2010-07-14 18:40:08 . 2010-07-14 21:25:16 -------- d-----w- C:\WINDOWS.1\system32\JEZGBUZ7 2010-07-14 18:38:33 . 2010-07-14 21:25:16 -------- d-----w- C:\WINDOWS.1\system32\JWNY2DVS 2010-07-14 18:36:58 . 2010-07-14 21:25:17 -------- d-----w- C:\WINDOWS.1\system32\IRV66YUA 2010-07-14 18:35:23 . 2010-07-14 21:25:17 -------- d-----w- C:\WINDOWS.1\system32\IL2FALTR 2010-07-14 18:33:47 . 2010-07-14 21:25:17 -------- d-----w- C:\WINDOWS.1\system32\I33Q3QFM 2010-07-14 18:32:09 . 2010-07-14 21:25:17 -------- d-----w- C:\WINDOWS.1\system32\HYBY7CF3 2010-07-14 18:30:33 . 2010-07-14 21:25:17 -------- d-----w- C:\WINDOWS.1\system32\HSJ6BYEL 2010-07-14 18:28:58 . 2010-07-14 21:25:17 -------- d-----w- C:\WINDOWS.1\system32\HB6P2GA5 2010-07-14 18:27:21 . 2010-07-14 21:25:17 -------- d-----w- C:\WINDOWS.1\system32\GHBHKT1T 2010-07-14 18:25:14 . 2010-07-14 21:25:17 -------- d-----w- C:\WINDOWS.1\system32\GT26LMZ5 2010-07-14 18:23:39 . 2010-07-14 21:25:17 -------- d-----w- C:\WINDOWS.1\system32\FOAGO7YN 2010-07-14 18:22:03 . 2010-07-14 21:25:17 -------- d-----w- C:\WINDOWS.1\system32\FIHORUX4 2010-07-14 18:20:25 . 2010-07-14 21:25:17 -------- d-----w- C:\WINDOWS.1\system32\FD1PX3MW 2010-07-14 18:18:19 . 2010-07-14 21:25:18 -------- d-----w- C:\WINDOWS.1\system32\EPTGYVK8 2010-07-14 18:16:43 . 2010-07-14 21:25:18 -------- d-----w- C:\WINDOWS.1\system32\EJ0O1IJQ 2010-07-14 18:15:08 . 2010-07-14 21:25:18 -------- d-----w- C:\WINDOWS.1\system32\E1P6TZFB 2010-07-14 18:13:33 . 2010-07-14 21:25:18 -------- d-----w- C:\WINDOWS.1\system32\DWA7Z831 2010-07-14 18:11:57 . 2010-07-14 21:25:18 -------- d-----w- C:\WINDOWS.1\system32\DFXQRQZN 2010-07-14 18:10:19 . 2010-07-14 21:25:18 -------- d-----w- C:\WINDOWS.1\system32\D84YUDY4 2010-07-14 18:08:43 . 2010-07-14 21:25:18 -------- d-----w- C:\WINDOWS.1\system32\C3C6YYYM 2010-07-14 18:07:08 . 2010-07-14 21:25:18 -------- d-----w- C:\WINDOWS.1\system32\CL0PQHU6 2010-07-14 18:05:01 . 2010-07-14 21:25:18 -------- d-----w- C:\WINDOWS.1\system32\CXRFR8RJ 2010-07-14 18:03:26 . 2010-07-14 21:25:18 -------- d-----w- C:\WINDOWS.1\system32\BSZOUVQ0 2010-07-14 18:01:22 . 2010-07-14 21:25:19 -------- d-----w- C:\WINDOWS.1\system32\B4QEVNOD 2010-07-14 17:59:44 . 2010-07-14 21:25:19 -------- d-----w- C:\WINDOWS.1\system32\AYYNY8NU 2010-07-14 17:57:41 . 2010-07-14 21:25:19 -------- d-----w- C:\WINDOWS.1\system32\ABPEZ1L6 2010-07-14 17:56:01 . 2010-07-14 21:25:19 -------- d-----w- C:\WINDOWS.1\system32\A4XM3NKO 2010-07-14 17:54:26 . 2010-07-14 21:25:19 -------- d-----w- C:\WINDOWS.1\system32\8Z4U6AK5 2010-07-14 17:52:22 . 2010-07-14 21:25:19 -------- d-----w- C:\WINDOWS.1\system32\8CWL71HI 2010-07-14 17:50:41 . 2010-07-14 21:25:19 -------- d-----w- C:\WINDOWS.1\system32\86HMDB6A 2010-07-14 17:49:09 . 2010-07-14 21:25:19 -------- d-----w- C:\WINDOWS.1\system32\7P444T1U 2010-07-14 17:47:28 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\7JP5B2RL 2010-07-14 17:45:57 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\7EWEEOQ2 2010-07-14 17:44:17 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\674MHBPK 2010-07-14 17:42:11 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\6KVDI2NX 2010-07-14 17:40:35 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\52KVBKJI 2010-07-14 17:38:28 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\5FBMBDGU 2010-07-14 17:36:52 . 2010-07-14 21:25:20 -------- d-----w- C:\WINDOWS.1\system32\58JUFYGC 2010-07-14 17:35:17 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\43Q2ILFT 2010-07-14 17:33:41 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\4MELB2BE 2010-07-14 17:32:08 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\4GYMGCZ4 2010-07-14 17:30:29 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\3B6UJYYM 2010-07-14 17:28:54 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\34E2NKX3 2010-07-14 17:27:18 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\3ZLCQ6WL 2010-07-14 17:25:43 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\2H8TIOS6 2010-07-14 17:24:05 . 2010-07-14 21:25:21 -------- d-----w- C:\WINDOWS.1\system32\2CTUOXHX 2010-07-14 17:21:58 . 2010-07-14 21:25:22 -------- d-----w- C:\WINDOWS.1\system32\1OLLPPFA 2010-07-14 17:20:23 . 2010-07-14 21:25:22 -------- d-----w- C:\WINDOWS.1\system32\1JSTSCER . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-14 21:33:04 . 2009-09-01 16:05:36 -------- d-----w- C:\Documents and Settings\Maxim\Application Data\Skype 2010-07-14 21:33:01 . 2008-03-08 08:31:05 -------- d-----w- C:\Documents and Settings\Maxim\Application Data\skypePM 2010-07-14 21:25:36 . 2010-02-02 17:22:28 -------- d-----w- C:\Documents and Settings\Maxim\Application Data\CMedia 2010-07-14 21:08:01 . 2010-04-18 13:05:40 -------- d-----w- C:\Program Files\DrWeb 2010-07-14 21:07:55 . 2009-10-08 11:49:12 -------- d-----w- C:\Program Files\FlashGet 2010-07-14 20:30:12 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\24157218.tmp 2010-07-14 20:30:12 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\24157234.tmp 2010-07-14 20:28:37 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\24061296.tmp 2010-07-14 20:28:37 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\24061625.tmp 2010-07-14 20:28:00 . 2007-04-06 14:02:21 -------- d-----w- C:\Documents and Settings\Maxim\Application Data\uTorrent 2010-07-14 20:27:00 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\23967250.tmp 2010-07-14 20:27:00 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\23967281.tmp 2010-07-14 20:25:24 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\23870453.tmp 2010-07-14 20:25:24 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\23870531.tmp 2010-07-14 20:23:51 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\23773578.tmp 2010-07-14 20:23:51 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\23773671.tmp 2010-07-14 20:22:13 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\23680671.tmp 2010-07-14 20:22:13 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\23680765.tmp 2010-07-14 20:21:03 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\23582671.tmp 2010-07-14 20:21:03 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\23582859.tmp 2010-07-14 20:19:30 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\23512890.tmp 2010-07-14 20:19:30 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\23512968.tmp 2010-07-14 20:18:00 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\23420453.tmp 2010-07-14 20:18:00 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\23420500.tmp 2010-07-14 20:16:27 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\23329640.tmp 2010-07-14 20:16:27 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\23330031.tmp 2010-07-14 20:14:47 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\23237234.tmp 2010-07-14 20:14:47 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\23237281.tmp 2010-07-14 20:13:13 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\23137250.tmp 2010-07-14 20:13:13 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\23137343.tmp 2010-07-14 20:11:36 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\23043171.tmp 2010-07-14 20:11:36 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\23043218.tmp 2010-07-14 20:10:00 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\22946125.tmp 2010-07-14 20:10:00 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\22946234.tmp 2010-07-14 20:08:26 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\22849640.tmp 2010-07-14 20:08:26 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\22849703.tmp 2010-07-14 20:06:49 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\22755625.tmp 2010-07-14 20:06:49 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\22755671.tmp 2010-07-14 20:05:15 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\22659437.tmp 2010-07-14 20:05:15 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\22659515.tmp 2010-07-14 20:03:32 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\22564468.tmp 2010-07-14 20:03:32 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\22564593.tmp 2010-07-14 20:02:05 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\22462515.tmp 2010-07-14 20:02:05 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\22462562.tmp 2010-07-14 20:00:51 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\22374500.tmp 2010-07-14 20:00:51 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\22374640.tmp 2010-07-14 19:59:21 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\22300656.tmp 2010-07-14 19:59:21 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\22300718.tmp 2010-07-14 19:57:45 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\22210937.tmp 2010-07-14 19:57:45 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\22211187.tmp 2010-07-14 19:56:38 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\22114703.tmp 2010-07-14 19:56:38 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\22114734.tmp 2010-07-14 19:55:15 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\22048328.tmp 2010-07-14 19:55:15 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\22048390.tmp 2010-07-14 19:53:37 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\21964828.tmp 2010-07-14 19:53:37 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\21964921.tmp 2010-07-14 19:51:56 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\21867078.tmp 2010-07-14 19:51:56 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\21867156.tmp 2010-07-14 19:50:50 . 2010-07-14 10:12:56 86016 --sha-w- C:\WINDOWS.1\21766062.tmp 2010-07-14 19:50:50 . 2010-07-14 10:12:56 20480 --sha-w- C:\WINDOWS.1\21766093.tmp 2010-07-14 14:05:45 . 2006-12-03 18:11:28 717296 ----a-w- C:\WINDOWS.1\system32\drivers\sptd.sys 2010-07-13 10:45:04 . 2010-04-18 13:06:11 81144 ----a-w- C:\WINDOWS.1\system32\drivers\spiderg3.sys 2010-07-09 08:36:38 . 2006-08-15 17:19:18 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Skype 2010-07-08 21:27:05 . 2010-01-09 21:13:36 90031 ----a-w- C:\Program Files\╠╙╟╚╩.m3u 2010-07-08 21:27:04 . 2008-08-18 17:23:03 -------- d-----w- C:\Program Files\Winamp 2010-07-08 21:20:24 . 2010-05-27 13:26:19 -------- d-----w- C:\Program Files\VKMusic 4 2010-07-08 12:33:16 . 2010-04-18 13:06:15 122104 ----a-w- C:\WINDOWS.1\system32\drivers\dwprot.sys 2010-06-26 07:44:39 . 2008-11-01 17:37:55 -------- d-----w- C:\Program Files\Common Files\Java 2010-06-26 07:44:31 . 2010-06-26 07:44:31 503808 ----a-w- C:\Documents and Settings\Maxim\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42a60f77-n\msvcp71.dll 2010-06-26 07:44:31 . 2010-06-26 07:44:31 499712 ----a-w- C:\Documents and Settings\Maxim\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42a60f77-n\jmc.dll 2010-06-26 07:44:31 . 2010-06-26 07:44:31 348160 ----a-w- C:\Documents and Settings\Maxim\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-42a60f77-n\msvcr71.dll 2010-06-26 07:44:27 . 2010-06-26 07:44:27 61440 ----a-w- C:\Documents and Settings\Maxim\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-58d8ae66-n\decora-sse.dll 2010-06-26 07:44:27 . 2010-06-26 07:44:27 12800 ----a-w- C:\Documents and Settings\Maxim\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-58d8ae66-n\decora-d3d.dll 2010-06-26 07:43:18 . 2008-11-01 17:37:57 -------- d-----w- C:\Program Files\Java 2010-06-20 16:13:45 . 2009-12-25 19:26:53 683801 ----a-w- C:\Documents and Settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe 2010-06-20 16:12:43 . 2009-12-25 19:21:12 -------- d-----w- C:\Program Files\Last.fm 2010-06-19 19:00:01 . 2008-02-03 13:15:30 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP 2010-06-19 16:00:57 . 2006-08-28 18:29:54 -------- d-----w- C:\Documents and Settings\Maxim\Application Data\WebMoney 2010-06-19 14:26:51 . 2006-08-28 18:16:53 -------- d-----w- C:\Program Files\WebMoney 2010-06-18 18:22:15 . 2008-09-28 08:40:13 -------- d-----w- C:\Documents and Settings\└э .MAX\Application Data\Winamp 2010-06-18 13:23:50 . 2010-05-19 19:09:33 -------- d-----w- C:\Program Files\RegistryBooster 2010-06-18 13:22:27 . 2010-06-18 12:59:25 5037504 ----a-w- C:\Documents and Settings\Maxim\Application Data\Uniblue\RegistryBooster\_temp\ub.exe 2010-06-11 21:45:01 . 2004-08-03 19:14:42 359808 ----a-w- C:\WINDOWS.1\system32\drivers\TCPIP.SYS 2010-06-03 14:17:09 . 2010-06-03 14:17:09 -------- d-----w- C:\Program Files\TeamViewer 2010-05-27 13:27:03 . 2010-02-02 16:19:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Yandex 2010-05-21 08:44:57 . 2010-05-21 08:44:01 -------- d-----w- C:\Program Files\miranda-IRC 2010-05-20 19:16:45 . 2010-05-20 19:15:37 -------- d-----w- C:\Program Files\FormatFactory 2010-05-19 19:09:44 . 2010-05-19 19:09:44 -------- d-----w- C:\Documents and Settings\Maxim\Application Data\Uniblue 2010-05-19 11:39:06 . 2010-05-19 11:16:14 -------- d-----w- C:\Program Files\The KMPlayer 2010-05-16 12:34:14 . 2007-04-06 14:02:18 -------- d-----w- C:\Program Files\uTorrent 2010-05-12 14:54:02 . 2006-08-15 21:46:50 36792 ----a-w- C:\Documents and Settings\Maxim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-01 17:02:24 . 2010-05-01 17:02:24 95232 ----a-w- C:\Documents and Settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe 2010-05-01 17:02:24 . 2010-05-01 17:02:24 8192 ----a-w- C:\Documents and Settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe 2010-05-01 17:02:24 . 2010-05-01 17:02:24 61440 ----a-w- C:\Documents and Settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2010-05-01 17:02:24 . 2010-05-01 17:02:24 10240 ----a-w- C:\Documents and Settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe 2010-05-01 16:57:50 . 2010-05-01 17:03:02 34864192 ----a-w- C:\Documents and Settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_rus_web.exe 2010-04-18 13:04:46 . 2010-04-18 13:05:59 72184 ----a-w- C:\WINDOWS.1\system32\drivers\DrWebPF.sys 2010-04-18 13:04:46 . 2010-04-18 13:05:57 83064 ----a-w- C:\WINDOWS.1\system32\drivers\drwebaf.sys 2006-08-01 08:32:30 . 2006-08-15 16:37:45 32207 --sha-w- C:\Program Files\Common Files\Y1220OU.exe 2004-08-17 09:04:20 . 2004-08-17 12:04:20 137240 --sha-r- C:\WINDOWS.1\system32\ouvjqep.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "C:\Program Files\Yandex\YandexBarIE\yndbar.dll" [2010-06-01 13:44:04 10336584] [HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "C:\Program Files\Yandex\YandexBarIE\yndbar.dll" [2010-06-01 13:44:04 10336584] [HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 18:31:39 1372160] "Hot Keyboard"="C:\Program Files\Hot Keyboard Pro\HotKeyb.exe" [2007-02-07 19:30:58 996272] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-11-07 10:31:38 21633320] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-12-10 09:02:30 216520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS.1\system32\NvCpl.dll" [2005-02-23 23:32:00 5537792] "ZSSnp211"="C:\WINDOWS.1\ZSSnp211.exe" [2006-08-19 07:37:06 49152] "wmagent.exe"="C:\Program Files\WebMoney Agent\wmagent.exe" [2009-10-19 11:47:30 210400] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 07:43:18 248040] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 16:24:46 32768] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-15 17:34:14 155648] "nwiz"="nwiz.exe" [2005-02-23 23:32:00 1495040] "NvMediaCenter"="C:\WINDOWS.1\system32\NvMcTray.dll" [2005-02-23 23:32:00 86016] "NeroFilterCheck"="C:\WINDOWS.1\system32\NeroCheck.exe" [2001-07-09 07:50:42 155648] "MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 04:09:30 425984] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 11:21:30 61952] "Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-06-29 11:44:34 1990704] "FastUser"="C:\WINDOWS.1\system32\fast.exe" [2001-10-08 08:59:36 49216] "Domino"="C:\WINDOWS.1\Domino.exe" [2006-08-18 12:58:14 49152] "CoolSwitch"="C:\WINDOWS.1\system32\taskswitch.exe" [2001-10-08 08:59:36 45632] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 01:11:06 925696] "SpIDerAgent"="C:\Program Files\DrWeb\SpIDerAgent.exe" [2010-07-08 12:33:33 1252080] "SpIDerMail"="C:\Program Files\DrWeb\spiderml.exe" [2010-06-03 08:55:56 1541360] "SpIDerGate"="C:\Program Files\DrWeb\spidergate.exe" [2010-07-08 12:41:14 2092784] "Dr.Web Firewall"="C:\Program Files\DrWeb\frwl_notify.exe" [2010-03-15 06:03:22 2600200] C:\Documents and Settings\Maxim\Главное меню\Программы\Автозагрузка\ FlashGet.lnk - C:\Program Files\FlashGet\flashget.exe [2007-6-29 1990704] QIP 2005.lnk - C:\Program Files\QIP\qip.exe [2010-4-23 3276288] C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\QIP\\qip.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\icad.exe"= "C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\cadopia.exe"= "C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\installs.exe"= "C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmdown.exe"= "C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmgrd.exe"= "C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmhostid.exe"= "C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmtools.exe"= "C:\\OrCAD\\OrCAD_10.5\\IntelliCAD 4\\LicenseManager\\lmutil.exe"= "C:\\Program Files\\Ventrilo\\Ventrilo.exe"= "C:\\Program Files\\FlashGet\\FlashGet.exe"= "C:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "35096:TCP"= 35096:TCP:SpeechPerformance FilesDocuments "51358:UDP"= 51358:UDP:SpeechPerformance InstallerSetup "44625:TCP"= 44625:TCP:SpeechPerformance ProgramL2S "27864:UDP"= 27864:UDP:SpeechPerformance OfflineSetup "5362:TCP"= 5362:TCP:vuceqxei R0 a347scsi;a347scsi;C:\WINDOWS.1\system32\drivers\a347scsi.sys [17.02.2009 23:41:26 5248] R0 DwProt;DrWeb Protection;C:\WINDOWS.1\system32\drivers\dwprot.sys [18.04.2010 17:06:15 122104] R0 fsbts;fsbts;C:\WINDOWS.1\system32\drivers\fsbts.sys [28.01.2009 20:14:52 26624] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS.1\system32\drivers\sfdrv01a.sys [05.07.2006 16:46:06 63352] R0 SpiderG3;DrWeb file system scanner;C:\WINDOWS.1\system32\drivers\spiderg3.sys [18.04.2010 17:06:11 81144] R1 DRWEBAF;DrWEB Firewall Application Filter;C:\WINDOWS.1\system32\drivers\drwebaf.sys [18.04.2010 17:05:57 83064] R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS.1\system32\drivers\Msikbd2k.sys [29.12.2008 16:33:11 6656] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [02.11.2007 19:58:38 566560] R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [01.04.2010 20:05:44 1628504] R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [17.03.2009 19:01:38 222456] R2 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);C:\WINDOWS.1\system32\drivers\tcpz-x86d.sys [13.07.2010 19:52:39 23040] R3 DrWebPF;DrWeb Packet Filter Driver;C:\WINDOWS.1\system32\drivers\DrWebPF.sys [18.04.2010 17:05:59 72184] S2 Cadence License Manager;Cadence License Manager;C:\OrCAD\license_manager\lmgrd.exe --> C:\OrCAD\license_manager\lmgrd.exe [?] S2 CADopia License Manager;CADopia License Manager;C:\OrCAD\OrCAD_10.5\INTELL~1\LicenseManager\lmgrd.exe [02.05.2003 1:15:52 609280] S2 fcwlg;Center Config;C:\WINDOWS.1\system32\svchost.exe -k netsvcs [17.08.2004 16:05:08 14336] S2 lmgrd;Flexlm;C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe [02.05.2003 1:15:52 609280] S2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe --> C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [?] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\C:\Documents and Settings\Maxim\Local Settings\Temp\{EC7AFC55-6754-49D8-B22F-A0BDF7E4B5DB}\fsgk.sys --> C:\Documents and Settings\Maxim\Local Settings\Temp\{EC7AFC55-6754-49D8-B22F-A0BDF7E4B5DB}\fsgk.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS.1\system32\GameMon.des -service --> C:\WINDOWS.1\system32\GameMon.des -service [?] S4 a347bus;a347bus;C:\WINDOWS.1\system32\drivers\a347bus.sys [17.02.2009 23:41:26 160640] S4 sptd;sptd;C:\WINDOWS.1\system32\drivers\sptd.sys [03.12.2006 22:11:28 717296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] StpSrv REG_MULTI_SZ StpSrv Socket Tunneling Protocol Service Provide use VPN to connect to the remote computer Secure Socket Tunneling Protocol (SSTP) support. stpasclib.dll Ц  soft.jajaca.com   in.jajaca.com  soft.setheo.com   in.s SopSrv REG_MULTI_SZ SopSrv Socket Protocol Service Provide use VPN to connect to the remote computer Secure Socket Tunneling Protocol (SSTP) support. sopasclib.dll Ц  soft.jajaca.com   in.jajaca.com  soft.setheo.com   in.setheo.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs qyire fcwlg . Contents of the 'Scheduled Tasks' folder 2010-04-18 C:\WINDOWS.1\Tasks\Dr.Web Daily scan.job - C:\Program Files\DrWeb\DrWeb32w.exe [2010-03-18 13:33:42 . 2010-05-20 10:10:09] 2010-07-14 C:\WINDOWS.1\Tasks\Dr.Web Update.job - C:\Program Files\DrWeb\DrWebUpW.exe [2010-04-07 09:59:22 . 2010-07-08 12:33:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yandex.ru/?clid=48577 uDefault_Search_URL = hxxp://search.qip.ru uSearchAssistant = hxxp://search.qip.ru/ie uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip IE: &ICQ Toolbar Search - C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML IE: &╟рърўрЄ№ тёх яЁш яюью∙ш FlashGet - C:\Program Files\FlashGet\jc_all.htm IE: &╟рърўрЄ№ яЁш яюью∙ш FlashGet - C:\Program Files\FlashGet\jc_link.htm IE: &▌ъёяюЁЄ т Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 IE: Assign &hot key - C:\Program Files\Hot Keyboard Pro\IEScript.htm LSP: C:\Program Files\DrWeb\drwebsp.dll DPF: Microsoft XML Parser for Java - file://C:\WINDOWS.1\Java\classes\xmldso.cab DPF: {00000000-0000-0000-0000-FFFFFFFFFFFF} - hxxp://mra.mail.ru/magent.cab DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} - hxxps://w3s.webmoney.ru/WMAcceptor.dll DPF: {FAB8A8E6-219A-4C0A-AD91-BF4AB3947D6B} - hxxp://ipodradio.ru/achat_default.cab FF - ProfilePath - C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\ro7rpa26.default\ FF - prefs.js: browser.startup.homepage - hxxp://game.dozory.ru/cgi-bin/index.cgi FF - prefs.js: keyword.URL - hxxp://yandex.ru/yandsearch?clid=129614&yasoft=barff&text= FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\WINDOWS.1\system32\LiveVision\npLVPlugin.dll . . ------- File Associations ------- . .txt=MECEdit.Document . - - - - ORPHANS REMOVED - - - - ShellIconOverlayIdentifiers-{6B830884-20E3-4AB6-B672-2629F0F72071} - (no file) AddRemove-HijackThis - C:\Documents and Settings\Maxim\╨рсюўшщ ёЄюы\HijackThis.exe