Logfile of random's system information tool 1.07 (written by random/random)
Run by Администратор at 2011-01-18 17:48:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (63%) free of 55 GB
Total RAM: 1524 MB (76% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-09-11 18717696]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-26 1122304]
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208]
"snp2uvc"=C:\WINDOWS\vsnp2uvc.exe []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 223768]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 244248]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-09-26 211480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2009-01-06 111104]
"LClock"=C:\Program Files\LClock\lclock.exe [2004-09-20 139264]
"VistaIcon"=C:\Program Files\VistaDriveIcon\VistaDrv.exe [2009-01-07 132096]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-11-23 1250304]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]
"SERVICEHENTECH"=C:\rEdNuht\sEliF\ReDNuHt.exe []

C:\Documents and Settings\Администратор\Главное меню\Программы\Автозагрузка
Punto Switcher.lnk - C:\Program Files\Yandex\Punto Switcher\punto.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-06-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\sejo\kalac.exe"="D:\sejo\kalac.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe"="C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe:*:Enabled:ipsec"
"C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe"="C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\igfxtray.exe"="C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\cuxu.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\cuxu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\sfrdm.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\sfrdm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\w2e90c6.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\w2e90c6.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\vwwova.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\vwwova.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winhbpx.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winhbpx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\nntu.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\nntu.exe:*:Enabled:ipsec"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winowbbyw.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winowbbyw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winyalcwf.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winyalcwf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\w7f347.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\w7f347.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winvhrdq.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winvhrdq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\windfhf.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\windfhf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\hijtan.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\hijtan.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winxipv.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winxipv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winavaybe.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winavaybe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winpkyqyr.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winpkyqyr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winhvhj.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winhvhj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\nxrn.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\nxrn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winntef.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winntef.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\gbidg.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\gbidg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\wingfuo.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\wingfuo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\ratgx.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\ratgx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winfbvjt.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winfbvjt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winhbpibe.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winhbpibe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\wagxdr.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\wagxdr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winvxxxv.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winvxxxv.exe:*:Enabled:ipsec"
"C:\WINDOWS\PLFSetL.exe"="C:\WINDOWS\PLFSetL.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\igfxpers.exe"="C:\WINDOWS\system32\igfxpers.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\wineyac.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\wineyac.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\kxlog.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\kxlog.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\iliqmh.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\iliqmh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\w77b19.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\w77b19.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\csdt.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\csdt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winaihcyq.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winaihcyq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\vxacf.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\vxacf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winaavhcu.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winaavhcu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\lgue.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\lgue.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\oery.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\oery.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\plnq.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\plnq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\ijea.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\ijea.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\jmoqs.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\jmoqs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\htgq.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\htgq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\hvwo.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\hvwo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winnxvud.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winnxvud.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\skprul.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\skprul.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\lwot.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\lwot.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\exqsv.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\exqsv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winobitsh.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winobitsh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\heghqr.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\heghqr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\jfffyj.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\jfffyj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\mpafk.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\mpafk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winfqmg.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winfqmg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winqnqwc.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winqnqwc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winajpipb.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winajpipb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winbrioy.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winbrioy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winpbfdh.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winpbfdh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winomxs.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winomxs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\w7b469.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\w7b469.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winlqwhfl.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winlqwhfl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winafhyor.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winafhyor.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\flygvm.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\flygvm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\w80122.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\w80122.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\njwf.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\njwf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winiysaje.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winiysaje.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winuqswk.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winuqswk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winwtjo.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winwtjo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winwpxo.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winwpxo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winukeqkr.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winukeqkr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winewan.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winewan.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\msndm.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\msndm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\mguqde.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\mguqde.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\jdgny.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\jdgny.exe:*:Enabled:ipsec"
"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"="C:\Program Files\PC Connectivity Solution\ServiceLayer.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\hkcmd.exe"="C:\WINDOWS\system32\hkcmd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\prwn.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\prwn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\windwbkv.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\windwbkv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\w67d4ee.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\w67d4ee.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\lxire.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\lxire.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winqgexs.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winqgexs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\xfwbh.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\xfwbh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winmjsreu.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winmjsreu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\obafa.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\obafa.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winekesb.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winekesb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\seyvx.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\seyvx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winhxswhy.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winhxswhy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winpnctk.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winpnctk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\iwfaj.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\iwfaj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winkpxrh.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winkpxrh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\wingrnug.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\wingrnug.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\w85eb3.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\w85eb3.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\winwubk.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\winwubk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\wingbhu.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\wingbhu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\9335~1\LOCALS~1\Temp\jcccll.exe"="C:\DOCUME~1\9335~1\LOCALS~1\Temp\jcccll.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a7441b2-0364-11df-b2a8-001e68b16324}]
shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fd629e8-0449-11df-b2a9-001e68b16324}]
shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f08dec-c5b3-11df-b362-0022690d7f0e}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f08ded-c5b3-11df-b362-0022690d7f0e}]
shell\AutoRun\command - G:\autorun.js
shell\explore\command - WScript.exe .\autorun.js
shell\open\command - WScript.exe .\autorun.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{484834d5-e59e-11df-b395-0022690d7f0e}]
shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48483772-e59e-11df-b395-0022690d7f0e}]
shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51ab65ba-d176-11df-b373-0022690d7f0e}]
shell\AuToplay\command - D:\mkljsx.pif
shell\AutoRun\command - D:\mkljsx.pif
shell\eXplorE\command - D:\mkljsx.pif
shell\opEn\command - D:\mkljsx.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51ab6788-d176-11df-b373-0022690d7f0e}]
shell\AutoRun\command - D:\LAUSGANG///alzamalo.exe
shell\explore\command - D:\LAUSGANG///alzamalo.exe
shell\open\command - D:\LAUSGANG///alzamalo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6387c1a7-1fc9-11e0-b3c3-0022690d7f0e}]
shell\AutoRun\command - D:\rEdNuht\sEliF\ReDNuHt.exe
shell\open\command - D:\rEdNuht\sEliF\ReDNuHt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a3c867c-d964-11de-b278-0022690d7f0e}]
shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a3c867d-d964-11de-b278-0022690d7f0e}]
shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ef753e4-fae3-11df-b3b6-0022690d7f0e}]
shell\AutoRun\command - D:\rEdNuht\sEliF\ReDNuHt.exe
shell\open\command - D:\rEdNuht\sEliF\ReDNuHt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82cd757a-c969-11df-b366-0022690d7f0e}]
shell\AUTOpLAY\command - D:\ifonim.pif
shell\AutoRun\command - D:\ifonim.pif
shell\explorE\command - D:\ifonim.pif
shell\opEN\command - D:\ifonim.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9fe2b6-de94-11df-b38b-0022690d7f0e}]
shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9fe2c3-de94-11df-b38b-0022690d7f0e}]
shell\AutoplaY\command - D:\nrrn.exe
shell\AutoRun\command - D:\nrrn.exe
shell\expLorE\command - D:\nrrn.exe
shell\open\command - D:\nrrn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c609ed7a-d9e6-11de-b27e-001e68b16324}]
shell\AutoRun\command - F:\rEdNuht\sEliF\ReDNuHt.exe
shell\open\command - F:\rEdNuht\sEliF\ReDNuHt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca1dc28c-a468-11df-b340-0022690d7f0e}]
shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca1dc6a9-a468-11df-b340-0022690d7f0e}]
shell\AutoRun\command - F:\sejo\\\kalac.exe
shell\explore\command - F:\sejo\\kalac.exe
shell\open\command - F:\sejo\\\kalac.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8be8cb2-2c1e-11df-b2df-0022690d7f0e}]
shell\AutoRun\command - F1\X1\trx.exe
shell\open\command - F1\X1\trx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c16752-d46a-11df-b37c-0022690d7f0e}]
shell\AutoPlAy\command - D:\wqlpu.pif
shell\AutoRun\command - D:\wqlpu.pif
shell\EXPLORe\command - D:\wqlpu.pif
shell\opeN\command - D:\wqlpu.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e603f532-e024-11de-b282-001e68b16324}]
shell\AutoRun\command - CHK\diske.exe
shell\open\command - CHK\diske.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5428a38-c59e-11df-b361-0022690d7f0e}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5428a3f-c59e-11df-b361-0022690d7f0e}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5428a40-c59e-11df-b361-0022690d7f0e}]
shell\AutoRun\command - G:\autorun.js
shell\explore\command - WScript.exe .\autorun.js
shell\open\command - WScript.exe .\autorun.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5428b97-c59e-11df-b361-0022690d7f0e}]
shell\AutoRun\command - F:\AutoRun.exe


======File associations======

.js - edit - 
.js - open - 
.vbs - edit - 
.vbs - open - 

======List of files/folders created in the last 3 months======

2011-01-18 17:49:00 ----D---- C:\Program Files\trend micro
2011-01-18 17:48:59 ----D---- C:\rsit
2011-01-18 13:26:41 ----SHD---- C:\Config.Msi
2011-01-14 23:37:56 ----D---- C:\Documents and Settings\Администратор\Application Data\Opera
2011-01-14 23:37:49 ----D---- C:\Program Files\Opera
2010-12-06 23:28:58 ----D---- C:\Program Files\ICQ6Toolbar
2010-12-06 23:28:57 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2010-12-06 23:28:56 ----D---- C:\Documents and Settings\Администратор\Application Data\Mozilla
2010-12-06 23:28:45 ----D---- C:\Documents and Settings\Администратор\Application Data\ICQ
2010-12-06 23:28:10 ----D---- C:\Program Files\ICQ6.5
2010-11-15 21:59:33 ----D---- C:\Program Files\7-Zip
2010-11-15 21:49:06 ----RSHD---- C:\rEdNuht
2010-11-09 00:55:01 ----A---- C:\WINDOWS\Applian FLV Player Uninstall Log.txt

======List of files/folders modified in the last 3 months======

2011-01-18 17:49:00 ----AD---- C:\Program Files
2011-01-18 17:48:00 ----D---- C:\WINDOWS\system32
2011-01-18 17:48:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-01-18 17:44:54 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-18 17:44:51 ----D---- C:\WINDOWS\system32\drivers
2011-01-18 15:10:15 ----A---- C:\WINDOWS\system.ini
2011-01-18 13:28:39 ----D---- C:\WINDOWS
2011-01-18 13:27:04 ----HD---- C:\WINDOWS\inf
2011-01-18 13:27:03 ----D---- C:\WINDOWS\Temp
2011-01-18 13:26:36 ----SHD---- C:\WINDOWS\Installer
2010-12-06 23:28:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-20 00:28:35 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-16 00:42:29 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-11-02 18:28:25 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Драйвер Intel процессора; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40704]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-10-11 62848]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-05-20 1312576]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-09-11 5911552]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-07-01 108800]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-25 225024]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 концентратор; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Драйвер клавиатуры HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-15 14720]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 amsint32;amsint32; \??\C:\WINDOWS\system32\drivers\msmni.sys []
S3 CCDECODE;Closed Caption декодер; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hidusb;Драйвер класса HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-10-12 100736]
S3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Драйвер мыши HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232]
S3 sffdisk;Драйвер класса SFF Storage; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-15 11904]
S3 sffp_sd;Драйвер протокола SFF Storage для SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-15 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]
S3 usbscan;Драйвер USB-сканера; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 usbvideo;USB-видеоустройство (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext кодек; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-06-30 104960]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-06-30 104960]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-06-30 104960]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 QDLService;Qualcomm Gobi Download Service; C:\QUALCOMM\QDLService\QDLService.exe [2008-08-06 345336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]

-----------------EOF-----------------