Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › Подозрение что подцепил вирус.
- This topic has 2 ответа, 1 участник, and was last updated 14 years, 2 months назад by yevi.
-
АвторСообщения
-
6 марта, 2010 в 11:28 пп #18111
Уже 2 дня не могу подключится к windows update
(Internet Explorer cannot display the webpage)ESET NOD 32 Antivirus 4.0.437 не подключается к серверам обновления.
(A error occurred while downloading update files – хотя он даже и не начинал качать)Internet Explorer 8 иногда запускается без всяких меню и адрес- баров (только белая рамка)
Только что проверил:не заходит на сайты с антивирусами!
Логи:info.txt logfile of random’s system information tool 1.06 2010-03-07 01:19:27
======Uninstall list======
—>C:Program FilesNeroNero8\nerouninstallUNNERO.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
µTorrent—>»C:Program FilesuTorrentuTorrent.exe» /UNINSTALL
ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
Acrobat.com—>C:Program FilesCommon FilesAdobe AIRVersions1.0Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com—>MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 9—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11—>C:WINDOWSsystem32adobeSHOCKW~1UNWISE.EXE C:WINDOWSsystem32AdobeSHOCKW~1Install.log
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advertising Center—>MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Aptana Studio 2.0—>C:Program FilesAptanaAptana Studio 2.0uninstall.exe
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Babylon—>C:Program FilesBabylonBabylon-ProUtilsuninstbb.exe
Blaze HDTV Deluxe 4.0—>»C:Program FilesBlazeVideoBlaze HDTV Deluxe 4.0unins000.exe»
BlazeDTV 6.0—>»C:Program FilesBlazeVideoBlazeDTV 6.0unins000.exe»
BS.Player PRO—>»C:Program FilesWebtehBSplayerProuninstall.exe»
Data Access Objects (DAO) 3.5—>C:Program FilesCommon FilesMicrosoft SharedDAORemove.EXE C:WINDOWSUNINST.EXE -fC:PROGRA~1COMMON~1MICROS~1DAODeIsL2.isu
DebugBar v5.3 for Internet Explorer (remove only)—>»C:Program FilesCore ServicesDebugBaruninstall.exe»
Derive 6 Trial Edition—>C:Program FilesTI EducationDerive 6 Trial Editionunwise.exe C:PROGRA~1TIEDUC~1DERIVE~1INSTALL.LOG
DevExpress 2009.3 Components—>C:Program FilesDevExpress 2009.3DXperience-9.3.2.exe /SKIPVERIFY
Diskeeper 2009 Pro Premier—>MsiExec.exe /X{593D4F8A-5F11-4901-A74A-6E7971E45790}
DolbyFiles—>MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
Dream Aquarium 1.214—>rundll32.exe advpack,LaunchINFSection C:WINDOWSINFdream.inf,Uninstall
DVBViewer Pro—>»C:Program FilesDVBViewerunins000.exe»
DWGeditor—>MsiExec.exe /X{56DCD20A-E558-4396-AF59-14D15AA737BB}
Enterprise Library 4.1 — October 2008—>MsiExec.exe /I{45528AEA-4883-413E-ABB5-471AA26C20D8}
FlashFXP v3—>»C:Program FilesFlashFXPUninstall.exe» «C:Program FilesFlashFXPinstall.log» -u
FlashGet 1.9.6.1073—>C:Program FilesFlashGetuninst.exe
foobar2000 v0.9.6.8—>»C:Program Filesfoobar2000foobar2000uninstall.exe» _?=C:Program Filesfoobar2000foobar2000
Foxit PDF Editor—>C:Program FilesFoxit SoftwarePDF Editoruninstall.exe
Foxit Reader—>C:Program FilesFoxit SoftwareFoxit ReaderUninstall.exe
Garena—>C:Program FilesGarenauninst.exe
Google Earth—>MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
HiJackThis—>MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft Visual Studio 2007 Tools for Applications — ENU (KB946040)—>C:WINDOWSsystem32msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft Visual Studio 2007 Tools for Applications — ENU (KB946308)—>C:WINDOWSsystem32msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft Visual Studio 2007 Tools for Applications — ENU (KB946344)—>C:WINDOWSsystem32msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft Visual Studio 2007 Tools for Applications — ENU (KB947540)—>C:WINDOWSsystem32msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft Visual Studio 2007 Tools for Applications — ENU (KB947789)—>C:WINDOWSsystem32msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft Visual Studio Team System 2008 Team Suite — ENU (KB952241)—>C:WINDOWSsystem32msiexec.exe /package {80C06CCD-7D07-3DB6-86CD-B57B3F0614D8} /uninstall {DC93B23E-0882-46A9-B45F-3B6F279EFB39} /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft Visual Studio Team System 2008 Team Suite — ENU (KB971091)—>C:WINDOWSsystem32msiexec.exe /package {80C06CCD-7D07-3DB6-86CD-B57B3F0614D8} /uninstall {06694B0F-B778-4E13-B841-4FF9CC81D0C5} /qb+ REBOOTPROMPT=»»
Hotfix for Office (KB950278)—>msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FED55BA1-5A70-44B4-8EB1-E72274AED780}
Hotfix for Office (KB950278)—>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FED55BA1-5A70-44B4-8EB1-E72274AED780}
Hotfix for Windows Internet Explorer 7 (KB947864)—>»C:WINDOWSie7updatesKB947864-IE7spuninstspuninst.exe»
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows Media Player 11 (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Hotfix for Windows XP (KB942288-v3)—>»C:WINDOWS$NtUninstallKB942288-v3$spuninstspuninst.exe»
Hotfix for Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Hotfix for Windows XP (KB961118)—>»C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe»
HttpWatch Professional 6.1.41—>C:Program FilesHttpWatchuninstall.exe
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
IntelliJ IDEA 8.0.1—>C:Program FilesJetBrainsIntelliJ IDEA 8.0.1binUninstall.exe
Java(TM) 6 Update 13—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Development Kit 6 Update 6—>MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
K-Lite Codec Pack 5.6.1 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
MATLAB R2008a—>C:Program FilesMATLABR2008auninstalluninstall.exe C:Program FilesMATLABR2008a
Menu Templates — Starter Kit—>MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft ASP.NET MVC 1.0—>MsiExec.exe /X{A4394612-D02F-11DC-9BFF-D18556D89593}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Device Emulator version 3.0 — ENU—>MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2008—>C:Program FilesCommon FilesMicrosoft SharedHelp 9Microsoft Document Explorer 2008install.exe
Microsoft Document Explorer 2008—>MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7—>»C:WINDOWS$NtUninstallWdf01007$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office 2003 Web Components—>MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007—>MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-0015-040D-0000-0000000FF1CE}
Microsoft Office Access MUI (Russian) 2007—>MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007—>MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007—>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007—>MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-0016-040D-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007—>MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007—>MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007—>MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007—>MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-0114-040D-0000-0000000FF1CE}
Microsoft Office IME (Chinese (Simplified)) 2007—>MsiExec.exe /X{90120000-0028-0804-0000-0000000FF1CE}
Microsoft Office IME (Chinese (Traditional)) 2007—>MsiExec.exe /X{90120000-0028-0404-0000-0000000FF1CE}
Microsoft Office IME (Japanese) 2007—>MsiExec.exe /X{90120000-0028-0411-0000-0000000FF1CE}
Microsoft Office IME (Korean) 2007—>MsiExec.exe /X{90120000-0028-0412-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007—>MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-0044-040D-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007—>MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 — Hebrew עברית—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall OMUI.HE-IL /dll OSETUP.DLL
Microsoft Office Language Pack 2007 — Russian/???????—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall OMUI.RU-RU /dll OSETUP.DLL
Microsoft Office O MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-0100-040D-0000-0000000FF1CE}
Microsoft Office O MUI (Russian) 2007—>MsiExec.exe /X{90120000-0100-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007—>MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-00A1-040D-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007—>MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007—>MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-001A-040D-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007—>MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007—>MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-0018-040D-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007—>MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007—>MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Basque) 2007—>MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Bulgarian) 2007—>MsiExec.exe /X{90120000-001F-0402-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007—>MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (Chinese (Simplified)) 2007—>MsiExec.exe /X{90120000-001F-0804-0000-0000000FF1CE}
Microsoft Office Proof (Chinese (Traditional)) 2007—>MsiExec.exe /X{90120000-001F-0404-0000-0000000FF1CE}
Microsoft Office Proof (Croatian) 2007—>MsiExec.exe /X{90120000-001F-041A-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007—>MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (Danish) 2007—>MsiExec.exe /X{90120000-001F-0406-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007—>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Estonian) 2007—>MsiExec.exe /X{90120000-001F-0425-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007—>MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007—>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007—>MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007—>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Greek) 2007—>MsiExec.exe /X{90120000-001F-0408-0000-0000000FF1CE}
Microsoft Office Proof (Gujarati) 2007—>MsiExec.exe /X{90120000-001F-0447-0000-0000000FF1CE}
Microsoft Office Proof (Hebrew) 2007—>MsiExec.exe /X{90120000-001F-040D-0000-0000000FF1CE}
Microsoft Office Proof (Hindi) 2007—>MsiExec.exe /X{90120000-001F-0439-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007—>MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007—>MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proof (Japanese) 2007—>MsiExec.exe /X{90120000-001F-0411-0000-0000000FF1CE}
Microsoft Office Proof (Kannada) 2007—>MsiExec.exe /X{90120000-001F-044B-0000-0000000FF1CE}
Microsoft Office Proof (Korean) 2007—>MsiExec.exe /X{90120000-001F-0412-0000-0000000FF1CE}
Microsoft Office Proof (Latvian) 2007—>MsiExec.exe /X{90120000-001F-0426-0000-0000000FF1CE}
Microsoft Office Proof (Lithuanian) 2007—>MsiExec.exe /X{90120000-001F-0427-0000-0000000FF1CE}
Microsoft Office Proof (Marathi) 2007—>MsiExec.exe /X{90120000-001F-044E-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Bokm?l)) 2007—>MsiExec.exe /X{90120000-001F-0414-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Nynorsk)) 2007—>MsiExec.exe /X{90120000-001F-0814-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007—>MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007—>MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Portugal)) 2007—>MsiExec.exe /X{90120000-001F-0816-0000-0000000FF1CE}
Microsoft Office Proof (Punjabi) 2007—>MsiExec.exe /X{90120000-001F-0446-0000-0000000FF1CE}
Microsoft Office Proof (Romanian) 2007—>MsiExec.exe /X{90120000-001F-0418-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007—>MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Serbian (Latin)) 2007—>MsiExec.exe /X{90120000-001F-081A-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007—>MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proof (Slovenian) 2007—>MsiExec.exe /X{90120000-001F-0424-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007—>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007—>MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proof (Tamil) 2007—>MsiExec.exe /X{90120000-001F-0449-0000-0000000FF1CE}
Microsoft Office Proof (Telugu) 2007—>MsiExec.exe /X{90120000-001F-044A-0000-0000000FF1CE}
Microsoft Office Proof (Thai) 2007—>MsiExec.exe /X{90120000-001F-041E-0000-0000000FF1CE}
Microsoft Office Proof (Turkish) 2007—>MsiExec.exe /X{90120000-001F-041F-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007—>MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proof (Urdu) 2007—>MsiExec.exe /X{90120000-001F-0420-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007—>MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Hebrew) 2007—>MsiExec.exe /X{90120000-002C-040D-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007—>MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Proofing Kit 2007—>MsiExec.exe /X{91120000-0103-0000-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
Microsoft Office Proofing Tools 2007 Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
Microsoft Office Proofing Tools 2007 Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
Microsoft Office Proofing Tools 2007 Service Pack 1 (SP1)—>msiexec /package {90120000-001F-040D-0000-0000000FF1CE} /uninstall {5159E1AC-E76D-4654-9C02-F1D519420853}
Microsoft Office Proofing Tools 2007 Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {D7CE14BC-96D9-41C5-822D-F5B1C2C35AA2}
Microsoft Office Proofing Tools 2007 Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {D7CE14BC-96D9-41C5-822D-F5B1C2C35AA2}
Microsoft Office Proofing Tools Kit 2007—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall PROOFKIT /dll PSETUP.DLL
Microsoft Office ProofMUI (English) 2007—>MsiExec.exe /X{90120000-0048-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007—>MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-0019-040D-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007—>MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007—>MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-006E-040D-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007—>MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007—>MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-0017-040D-0000-0000000FF1CE}
Microsoft Office SharePoint Designer MUI (Russian) 2007—>MsiExec.exe /X{90120000-0017-0419-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007—>MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007—>MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007—>MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-001B-040D-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007—>MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office X MUI (Hebrew) 2007—>MsiExec.exe /X{90120000-0101-040D-0000-0000000FF1CE}
Microsoft Office X MUI (Russian) 2007—>MsiExec.exe /X{90120000-0101-0419-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs—>MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Script Debugger—>RunDll32 advpack.dll,LaunchINFSection C:Program FilesMicrosoft Script DebuggerScrptDbg.inf, Uninstall.NT
Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Client Tools—>MsiExec.exe /I{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}
Microsoft SQL Server 2008 Client Tools—>MsiExec.exe /I{60D46DEE-5221-47AA-B978-BA25C5D9F560}
Microsoft SQL Server 2008 Common Files—>MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files—>MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services—>MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services—>MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared—>MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Full text search—>MsiExec.exe /I{06A7EA72-0F00-4D53-A81C-A5D925711141}
Microsoft SQL Server 2008 Management Studio—>MsiExec.exe /I{2020045B-8DCF-4449-8D5C-EB5BA37440F1}
Microsoft SQL Server 2008 Policies—>MsiExec.exe /I{01C5A10F-AD9B-405B-853A-6659841A1242}
Microsoft SQL Server 2008 Setup Support Files (English)—>MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5}
Microsoft SQL Server 2008—>»C:Program FilesMicrosoft SQL Server100Setup BootstrapReleasex86SetupARP.exe» /x86
Microsoft SQL Server 2008—>»C:Program FilesMicrosoft SQL Server100Setup BootstrapReleasex86SetupARP.exe» /X86
Microsoft SQL Server Compact 3.5 SP1 Query Tools English—>MsiExec.exe /I{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}
Microsoft SQL Server VSS Writer—>MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio 2005 Tools for Applications — ENU—>MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC}
Microsoft Visual Studio Team System 2008 Team Suite — ENU Service Pack 1 (KB945140)—>C:WINDOWSsystem32msiexec.exe /package {80C06CCD-7D07-3DB6-86CD-B57B3F0614D8} /uninstall {8CA89076-2A6D-42C3-AA24-F203C9E5DBF3} /qb+ REBOOTPROMPT=»»
Microsoft Visual Studio Team System 2008 Team Suite — ENU—>C:Program FilesMicrosoft Visual Studio 9.0Microsoft Visual Studio Team System 2008 Team Suite — ENUsetup.exe
Microsoft Visual Studio Tools for Applications 2.0 — ENU—>MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}
Microsoft Visual Studio Web Authoring Component—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools — enu—>MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries—>MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense—>MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools—>MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Minilyrics(remove only)—>»C:Program FilesMinilyricsuninst-ml.exe»
mIRC—>C:Program FilesmIRCuninstall.exe _?=C:Program FilesmIRC
Mozilla Firefox (3.5.8)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSDN Library for Visual Studio 2008 — ENU—>C:Program FilesMSDNMSDN9.0MSDN Library for Visual Studio 2008 — ENUsetup.exe
MSDN Library for Visual Studio 2008 — ENU—>MsiExec.exe /X{3A762A82-618D-3CAA-B847-D074ABFA0B2E}
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT—>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)—>MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 9 Trial—>C:Program FilesCommon FilesNeroNero ProductInstaller 4SetupX.exe REMOVESERIALNUMBER=»8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL»
Nero ControlCenter—>MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero DiscSpeed—>MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero Rescue Agent—>MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 6.5.1—>»C:Program FilesNetBeans 6.5.1uninstall.exe»
Nokia Connectivity Cable Driver—>MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia PC Suite—>C:Documents and SettingsAll Users.WINDOWSApplication DataInstallations{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}Nokia_PC_Suite_7_1_18_0_eng_us_web.exe
Nokia PC Suite—>MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Nokia Software Updater—>MsiExec.exe /X{7169FA93-66C2-43BD-86E0-CD332A686B29}
NSS (remove only)—>C:Program FilesNSSuninstall.exe
NVIDIA Drivers—>C:WINDOWSsystem32NVUNINST.EXE UninstallGUI
NVIDIA nForce Drivers—>C:WINDOWSsystem32nvuninst.exe Uninstall C:WINDOWSsystem32NVU001.nvu,NVIDIA nForce Drivers
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoView 360—>MsiExec.exe /I{736D2DAD-3D87-4CAA-8646-83D238AD68E0}
ProgDVB—>C:Program FilesProgDVBuninstall.exe
ProxySwitcher Standard—>»C:Program FilesProxy Switcher Standardunins000.exe»
PRS-500 USB driver—>MsiExec.exe /X{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}
QT Lite 2.5.1—>»C:Program FilesQT Liteunins000.exe»
QuickTest Professional—>MsiExec.exe /I{4CC41272-6AA9-4946-ABA6-61C05A40DE80}
Real Alternative 1.9.0—>»C:Program FilesReal Alternativeunins000.exe»
Security Update for Windows Internet Explorer 7 (KB938127-v2)—>»C:WINDOWSie7updatesKB938127-v2-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB956390)—>»C:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB960714)—>»C:WINDOWSie7updatesKB960714-IE7spuninstspuninst.exe»
Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Security Update for Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Security Update for Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Security Update for Windows XP (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Security Update for Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Security Update for Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Security Update for Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Security Update for Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Security Update for Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Security Update for Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Security Update for Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Security Update for Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Security Update for Windows XP (KB953155)—>»C:WINDOWS$NtUninstallKB953155$spuninstspuninst.exe»
Security Update for Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Security Update for Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Security Update for Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Security Update for Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Security Update for Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Security Update for Windows XP (KB956744)—>»C:WINDOWS$NtUninstallKB956744$spuninstspuninst.exe»
Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Security Update for Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Security Update for Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Security Update for Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Security Update for Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
Security Update for Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Security Update for Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Security Update for Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Security Update for Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
Security Update for Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Security Update for Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Security Update for Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
Security Update for Windows XP (KB970483)—>»C:WINDOWS$NtUninstallKB970483$spuninstspuninst.exe»
Security Update for Windows XP (KB971557)—>»C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe»
Security Update for Windows XP (KB971633)—>»C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe»
Security Update for Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
Security Update for Windows XP (KB973346)—>»C:WINDOWS$NtUninstallKB973346$spuninstspuninst.exe»
Security Update for Windows XP (KB973354)—>»C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe»
Security Update for Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
Security Update for Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
Segoe UI—>MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SolidWorks 2010 SP0—>»C:WINDOWSSolidWorksIM_20100-40000-1100-200sldimsldIM.exe» /remove «C:WINDOWSSolidWorksIM_20100-40000-1100-200sldimsldIM_installed.xml»
SolidWorks 2010 SP0—>MsiExec.exe /X{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}
SolidWorks eDrawings 2010—>MsiExec.exe /I{1959101B-E34C-4266-8915-20F23B5BCF43}
SolidWorks Explorer 2010 SP0—>MsiExec.exe /I{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}
SolidWorks Flow Simulation 2010 SP0—>MsiExec.exe /I{15041B8B-AC63-41DF-91D2-2118CE39E8D9}
SolSuite 2008 v8.10—>»C:Program FilesSolSuiteunins000.exe»
SopCast 3.0.3—>C:Program FilesSopCastuninst.exe
SQL Server System CLR Types—>MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Total Commander (Remove or Repair)—>C:Program Filestotalcmdtcuninst.exe
TVAnts 1.0—>C:PROGRA~1TVAntsUNWISE.EXE C:PROGRA~1TVAntsINSTALL.LOG
TVUPlayer 2.4.7.2—>C:Program FilesTVUPlayeruninst.exe
Update for Microsoft Visual Studio Web Authoring Component (KB945140)—>msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {F9DE79A2-9049-4589-9787-815147371581}
Update for Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Update for Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Update for Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Update for Windows XP (KB961503)—>»C:WINDOWS$NtUninstallKB961503$spuninstspuninst.exe»
Update for Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
Update for Windows XP (KB968389)—>»C:WINDOWS$NtUninstallKB968389$spuninstspuninst.exe»
Update for Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Visual C++ 2008 IA64 Runtime — (v9.0.30729)—>MsiExec.exe /X{22E23C71-C27A-3F30-8849-BB6129E50679}
Visual C++ 2008 IA64 Runtime — v9.0.30729.01—>C:WINDOWSsystem32msiexec.exe /x {22E23C71-C27A-3F30-8849-BB6129E50679} /qb+ REBOOTPROMPT=»»
Visual C++ 2008 x64 Runtime — (v9.0.30729)—>MsiExec.exe /X{0DF3AE91-E533-3960-8516-B23737F8B7A2}
Visual C++ 2008 x64 Runtime — v9.0.30729.01—>C:WINDOWSsystem32msiexec.exe /x {0DF3AE91-E533-3960-8516-B23737F8B7A2} /qb+ REBOOTPROMPT=»»
VLC media player 1.0.5—>C:Program FilesVideoLANVLCuninstall.exe
VP Suite 4.1—>C:Program FilesVP Suite 4.1uninstall.exe
Warkeys 1.14.1.0b—>C:Program FilesWarkeysuninst.exe
Winamp—>»C:Program FilesWinampUninstWA.exe»
WinDjView 1.0.3—>C:Program FilesWinDjViewuninstall.exe
Windows Driver Package — Nokia Modem (10/27/2008 3.9)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870nokia_bluetooth.inf
Windows Driver Package — Nokia Modem (10/27/2008 7.01.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6nokbtmdm.inf
Windows Driver Package — Nokia pccsmcfd (08/22/2008 7.0.0.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294pccsmcfd.inf
Windows Driver Package — Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)—>rundll32.exe C:PROGRA~1DIFX15B7F172FC21855DDIFxAppA.dll, DIFxARPUninstallDriverPackage C:WINDOWSsystem32DRVSTOREPRSUSB_0200B6D60DA90847167AFB40E87ADFDB0591D0A1PRSUSB.inf
Windows Installer Clean Up—>MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Live Communications Platform—>MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials—>C:Program FilesWindows LiveInstallerwlarp.exe
Windows Live Essentials—>MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger—>MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows Media Player Firefox Plugin—>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows PowerShell(TM) 1.0 MUI pack—>»C:WINDOWS$NtUninstallKB926141$spuninstspuninst.exe»
Windows PowerShell(TM) 1.0—>»C:WINDOWS$NtUninstallKB926139-v2$spuninstspuninst.exe»
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
WinPcap 4.1.1—>C:Program FilesWinPcapuninstall.exe
WinRAR archiver—>C:Program FilesWinRARuninstall.exe
WM Capture—>C:Program FilesWMCapUninstal.exe
WM Recorder 12.1—>C:Program FilesWMR11Uninstal.exe
WM Recorder 14—>C:Program FilesWMR14Uninstal.exe
ֱוסןכאעםי ךמםעוםע FieryAds—>C:Documents and SettingsYevi.YEVApplication DataFieryAdsFieryAdsUninstall.exe
ִמסעףן ך ףסכמגםמ בוסןכאעםמלף ךמםעוםעף CMedia—>C:Documents and SettingsYevi.YEVApplication DataCMediaUninstall.exe======Hosts File======
127.0.0.1 clients.babylon.co.il
127.0.0.1 applian.securesites.com
127.0.0.1 dvbviewer.com
127.0.0.1 http://www.dvbviewer.com
127.0.0.1 server1.dvbviewer.com
127.0.0.1 http://www.dvbviewer.info
127.0.0.1 unison.walla.co.il
62.90.166.178 unisonpilot.walla.co.il
127.0.0.1 local.unisonplay.com======Security center information======
AV: ESET NOD32 Antivirus 4.0
======System event log======
Computer Name: YEV
Event Code: 45062
Message: CRT invalid display typeRecord Number: 4135
Source Name: ati2mtag
Time Written: 20100127125938.000000+120
Event Type: error
User:Computer Name: YEV
Event Code: 45062
Message: CRT invalid display typeRecord Number: 4134
Source Name: ati2mtag
Time Written: 20100127125934.000000+120
Event Type: error
User:Computer Name: YEV
Event Code: 45062
Message: CRT invalid display typeRecord Number: 4133
Source Name: ati2mtag
Time Written: 20100127125524.000000+120
Event Type: error
User:Computer Name: YEV
Event Code: 45062
Message: CRT invalid display typeRecord Number: 4128
Source Name: ati2mtag
Time Written: 20100127125326.000000+120
Event Type: error
User:Computer Name: YEV
Event Code: 45062
Message: CRT invalid display typeRecord Number: 4127
Source Name: ati2mtag
Time Written: 20100127125317.000000+120
Event Type: error
User:=====Application event log=====
Computer Name: YEV
Event Code: 1
Message: One or more templates do not match any installed project packages.Record Number: 31095
Source Name: Visual Studio — VsTemplate
Time Written: 20100228141000.000000+120
Event Type: warning
User:Computer Name: YEV
Event Code: 0
Message:
Record Number: 31094
Source Name: devenv
Time Written: 20100228140921.000000+120
Event Type: error
User:Computer Name: YEV
Event Code: 102
Message: IISADMIN service found that account IUSR_YEV is disabled. Some IIS functions can fail for this reason.For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
Record Number: 31042
Source Name: IISADMIN
Time Written: 20100228101200.000000+120
Event Type: error
User:Computer Name: YEV
Event Code: 102
Message: IISADMIN service found that account IWAM_YEV is disabled. Some IIS functions can fail for this reason.For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
Record Number: 31041
Source Name: IISADMIN
Time Written: 20100228101200.000000+120
Event Type: error
User:Computer Name: YEV
Event Code: 1517
Message: Windows saved user YEVYevi registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 31038
Source Name: Userenv
Time Written: 20100228084925.000000+120
Event Type: warning
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«FP_NO_HOST_CHECK»=NO
«NUMBER_OF_PROCESSORS»=1
«OS»=Windows_NT
«Path»=C:Program FilesPC Connectivity Solution;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesATI TechnologiesATI.ACECore-Static;C:Program FilesMATLABR2008abin;C:Program FilesMATLABR2008abinwin32;C:PROGRA~1DISKEE~1DISKEE~1;C:cygwinbin;C:Program FilesMicrosoft SQL Server100ToolsBinn;C:Program FilesMicrosoft SQL Server100DTSBinn;C:Program FilesMicrosoft SQL Server100ToolsBinnVSShellCommon7IDE;C:WINDOWSsystem32WindowsPowerShellv1.0
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
«PROCESSOR_LEVEL»=15
«PROCESSOR_REVISION»=0c00
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«windir»=%SystemRoot%
«VS90COMNTOOLS»=C:Program FilesMicrosoft Visual Studio 9.0Common7Tools
EOF
6 марта, 2010 в 11:28 пп #28941Logfile of random’s system information tool 1.06 (written by random/random)
Run by Yevi at 2010-03-07 01:19:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (48%) free of 114 GB
Total RAM: 1023 MB (38% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:19:25, on 07/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32crypserv.exe
C:Program FilesDiskeeper CorporationDiskeeperDkService.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:WINDOWSsystem32inetsrvinetinfo.exe
C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnfdlauncher.exe
C:Program FilesSolidWorks CorpSolidWorks Flow SimulationbinCFWStandAloneSlv.exe
C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft IntelliPointipoint.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32sstray.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMicrosoft IntelliPointdpupdchk.exe
C:WINDOWSsystem32notepad.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32mdm.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMozilla Firefoxfirefox.exe
D:12RSIT.exe
C:Program Filestrend microYevi.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
F2 — REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32b992af1a.exe,\?globalrootsystemrootsystem32XCB5UIY.exe,
O1 — Hosts: 62.90.166.178 unisonpilot.walla.co.il
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: flashget urlcatch — {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} — C:Program FilesFlashGetjccatch.dll
O2 — BHO: BHOManager Class — {474264BC-9571-47C1-85B9-780F756DC9CE} — C:WINDOWSsystem32BHOManager.dll
O2 — BHO: (no name) — {5C255C8A-E604-49b4-9D64-90988571CECB} — (no file)
O2 — BHO: DebugBar BHO — {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} — C:Program FilesCore ServicesDebugBarDebugInfoBar.dll
O2 — BHO: ִמסעףן ך ןכאעםמלף ךמםעוםעף FieryAds v2.0.2 — {6D125299-C2A9-4DBC-BEC3-6F7124E39A41} — C:DOCUME~1Yevi.YEVAPPLIC~1FieryAdsFieryAds.dll (file missing)
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:PROGRA~1MICROS~3Office12GRA8E1~1.DLL
O2 — BHO: Babylon IE plugin — {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} — C:Program FilesBabylonBabylon-ProUtilsBabylonIEPI.dll
O2 — BHO: Aptana Debugger — {B8ADD4EA-ADE3-4DEB-A957-9BBD17D6D0C8} — C:Documents and SettingsYevi.YEVMy DocumentsAptana Studio Workspace.metadata.pluginscom.aptana.ide.debug.core.dllAptanaDebugger.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: FlashGet GetFlash Class — {F156768E-81EF-470C-9057-481BA8380DBA} — C:Program FilesFlashGetgetflash.dll
O2 — BHO: HttpWatch Professional — {F1F69322-008F-4895-B2BF-AD194219825A} — C:Program FilesHttpWatchhttpwatchscpro.dll
O3 — Toolbar: DebugBar — {3E1201F4-1707-409F-BB45-A5F192381DA0} — C:Program FilesCore ServicesDebugBarDebugToolBar.dll
O3 — Toolbar: Aptana Debugger — {F348E1B0-CBFE-47C3-81B4-9F44B3B5A618} — C:Documents and SettingsYevi.YEVMy DocumentsAptana Studio Workspace.metadata.pluginscom.aptana.ide.debug.core.dllAptanaDebugger.dll
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe»
O4 — HKLM..Run: [IntelliPoint] «C:Program FilesMicrosoft IntelliPointipoint.exe»
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [nForce Tray Options] sstray.exe /r
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [GrooveMonitor] «C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe»
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [mspaint] «C:WINDOWSsystem32Paint.exe» -autocheck
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsYevi.YEVLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O8 — Extra context menu item: &Download All with FlashGet — C:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: &Download with FlashGet — C:Program FilesFlashGetjc_link.htm
O8 — Extra context menu item: Translate this web page with Babylon — res://C:Program FilesBabylonBabylon-ProUtilsBabylonIEPI.dll/ActionTU.htm
O8 — Extra context menu item: Translate with Babylon — res://C:Program FilesBabylonBabylon-ProUtilsBabylonIEPI.dll/Action.htm
O9 — Extra button: Send to OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: S&end to OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 — Extra button: HttpWatch Professional — {D103E85B-5D67-42c1-8C83-F01079DBAB26} — C:Program FilesHttpWatchhttpwatchpro.dll
O9 — Extra ‘Tools’ menuitem: HttpWatch Professional — {D103E85B-5D67-42c1-8C83-F01079DBAB26} — C:Program FilesHttpWatchhttpwatchpro.dll
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — C:Program FilesFlashGetFlashGet.exe
O9 — Extra ‘Tools’ menuitem: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — C:Program FilesFlashGetFlashGet.exe
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
O9 — Extra button: Translate this web page with Babylon — {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} — C:Program FilesBabylonBabylon-ProUtilsBabylonIEPI.dll
O9 — Extra ‘Tools’ menuitem: Translate this web page with Babylon — {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} — C:Program FilesBabylonBabylon-ProUtilsBabylonIEPI.dll
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229527514718
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267915318953
O16 — DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} (LauncherV1 Class) — http://chat-basic.nana.co.il/Cabs/launcher.cab
O16 — DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) — http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 — DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) — http://www.tapuz.co.il/irc/main/launcher.cab
O16 — DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) — http://irc.nana10.co.il/Cabs/launcher39.cab
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:PROGRA~1MICROS~3Office12GR99D3~1.DLL
O18 — Protocol: HTLFP — {03B7A5D4-96B0-4316-95F8-072D326A58F1} — ielpview.dll (file missing)
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: vfsp — {E4CB5121-E242-11D4-8ED6-00010219EB22} — VFSProtocol.dll (file missing)
O23 — Service: Lavasoft Ad-Aware Service (aawservice) — Lavasoft — C:Program FilesLavasoftAd-Awareaawservice.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: Canon Camera Access Library 8 (CCALib8) — Unknown owner — C:Program FilesCanonCALCALMAIN.exe (file missing)
O23 — Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) — Dassault Syst?mes SolidWorks Corp. — C:Program FilesSolidWorks CorpSolidWorksswSchedulerDTSCoordinatorService.exe
O23 — Service: Crypkey License — CrypKey (Canada) Ltd. — C:WINDOWSSYSTEM32crypserv.exe
O23 — Service: Diskeeper — Diskeeper Corporation — C:Program FilesDiskeeper CorporationDiskeeperDkService.exe
O23 — Service: ESET HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: FLEXnet Licensing Service — Acresso Software Inc. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: Remote Solver for Flow Simulation 2010 — Mentor Graphics Corporation — C:Program FilesSolidWorks CorpSolidWorks Flow SimulationbinCFWStandAloneSlv.exe
O23 — Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) — CACE Technologies, Inc. — C:Program FilesWinPcaprpcapd.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: SolidWorks Licensing Service — SolidWorks — C:Program FilesCommon FilesSolidWorks SharedServiceSolidWorksLicensing.exe—
End of file — 11328 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-1547161642-616249376-725345543-1003Core.job
C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-1547161642-616249376-725345543-1003UA.job
C:WINDOWStasksUser_Feed_Synchronization-{6F9C4480-70AB-420B-BE43-14341FEEB630}.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl — C:Program FilesFlashGetjccatch.dll [2007-08-06 94308][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{474264BC-9571-47C1-85B9-780F756DC9CE}]
BHOManager Class — C:WINDOWSsystem32BHOManager.dll [2009-01-01 144768][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{69FC0024-10EB-480A-BBF2-3BF4E78E17B1}]
DebugBar BHO — C:Program FilesCore ServicesDebugBarDebugInfoBar.dll [2009-07-21 1120256][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D125299-C2A9-4DBC-BEC3-6F7124E39A41}]
ִמסעףן ך ןכאעםמלף ךמםעוםעף FieryAds v2.0.2 — C:DOCUME~1Yevi.YEVAPPLIC~1FieryAdsFieryAds.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper — C:PROGRA~1MICROS~3Office12GRA8E1~1.DLL [2006-10-27 2210608][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin — C:Program FilesBabylonBabylon-ProUtilsBabylonIEPI.dll [2009-07-07 252816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B8ADD4EA-ADE3-4DEB-A957-9BBD17D6D0C8}]
Aptana Debugger — C:Documents and SettingsYevi.YEVMy DocumentsAptana Studio Workspace.metadata.pluginscom.aptana.ide.debug.core.dllAptanaDebugger.dll [2010-02-13 520192][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-03-09 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class — C:Program FilesFlashGetgetflash.dll [2007-05-18 163840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F1F69322-008F-4895-B2BF-AD194219825A}]
HttpWatch Professional — C:Program FilesHttpWatchhttpwatchscpro.dll [2009-06-30 287472][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{3E1201F4-1707-409F-BB45-A5F192381DA0} — DebugBar — C:Program FilesCore ServicesDebugBarDebugToolBar.dll [2009-07-21 742400]
{F348E1B0-CBFE-47C3-81B4-9F44B3B5A618} — Aptana Debugger — C:Documents and SettingsYevi.YEVMy DocumentsAptana Studio Workspace.metadata.pluginscom.aptana.ide.debug.core.dllAptanaDebugger.dll [2010-02-13 520192][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe []
«IntelliPoint»=C:Program FilesMicrosoft IntelliPointipoint.exe [2007-08-31 1037736]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2005-06-20 77824]
«nForce Tray Options»=sstray.exe /r []
«BluetoothAuthenticationAgent»=bthprops.cpl,,BluetoothAuthenticationAgent []
«GrooveMonitor»=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2009-05-14 2029640]
«mspaint»=C:WINDOWSsystem32Paint.exe -autocheck [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«Google Update»=C:Documents and SettingsYevi.YEVLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-01-25 135664][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregARC]
C:Documents and SettingsYevi.YEVMy DocumentsSystemsvchost.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBabylon Client]
C:Program FilesBabylonBabylon-ProBabylon.exe [2009-07-20 3706768][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe [2007-09-20 202024][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor]
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2006-10-27 31016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmspaint]
C:WINDOWSsystem32Paint.exe -autocheck [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBKeyScan]
C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesNeroLibNeroCheck.exe [2007-03-01 153136][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNitro PDF Printer Monitor]
C:Program FilesNitro PDFProfessionalNitroPDFPrinterMonitor.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2008-12-03 1205760][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program FilesJavajre6binjusched.exe [2009-03-09 148888][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregw3dr.exe]
C:gamesWarcraft IIIw3dr.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Yevi.YEV^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:PROGRA~1MICROS~3Office12ONENOTEM.EXE [2006-10-26 98632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Yevi.YEV^Start Menu^Programs^Startup^Warkeys Update.lnk]
C:PROGRA~1WarkeysAUTOWA~1AUTOHO~1AUTOHO~1.EXE [2009-05-03 244736][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-03-29 126976][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2009-03-10 239496][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{B5A7F190-DDA6-4420-B3BA-52453494E6CD}»=C:PROGRA~1MICROS~3Office12GRA8E1~1.DLL [2006-10-27 2210608]
«{A5949E07-8536-4625-A3D0-2DD83F559990}»=C:WINDOWSsystem32ShellHook.dll [2009-01-01 147456][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«EnableShellExecuteHooks»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:USDownloaderUSDownloader.exe»=»C:USDownloaderUSDownloader.exe:*:Enabled:Universal Share Downloader»
«C:Program FilesmIRCmirc.exe»=»C:Program FilesmIRCmirc.exe:*:Enabled:mIRC»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesAzureusAzureus.exe»=»C:Program FilesAzureusAzureus.exe:*:Enabled:Azureus»
«C:Program FilesFlashGetflashget.exe»=»C:Program FilesFlashGetflashget.exe:*:Enabled:Flashget»
«C:Program FilesOPNET EDU9.1.Asyspc_intel_win32binitguru.exe»=»C:Program FilesOPNET EDU9.1.Asyspc_intel_win32binitguru.exe:*:Enabled:OPNET 9.1.A»
«C:Program FilesJetBrainsIntelliJ IDEA 7.0.3binidea.exe»=»C:Program FilesJetBrainsIntelliJ IDEA 7.0.3binidea.exe:*:Disabled:idea»
«C:Program FilesTVAntsTvants.exe»=»C:Program FilesTVAntsTvants.exe:*:Enabled:TVAnts»
«C:Program FilesSopCastadvSopAdver.exe»=»C:Program FilesSopCastadvSopAdver.exe:*:Enabled:SopCast Adver»
«C:Program FilesSopCastSopCast.exe»=»C:Program FilesSopCastSopCast.exe:*:Enabled:SopCast Main Application»
«C:Program FilesJavajdk1.6.0_06binjava.exe»=»C:Program FilesJavajdk1.6.0_06binjava.exe:*:Enabled:Java(TM) Platform SE binary»
«C:Program FilesVideoLANVLCvlc.exe»=»C:Program FilesVideoLANVLCvlc.exe:*:Enabled:VLC media player»
«C:Program FilesMozilla Firefoxfirefox.exe»=»C:Program FilesMozilla Firefoxfirefox.exe:*:Enabled:Firefox»
«C:Program FilesJavajre1.6.0_06binjava.exe»=»C:Program FilesJavajre1.6.0_06binjava.exe:*:Enabled:Java(TM) Platform SE binary»
«C:Program FilesTVUPlayerTVUPlayer.exe»=»C:Program FilesTVUPlayerTVUPlayer.exe:*:Enabled:TVUPlayer Component»
«C:WINDOWSsystem32fxsclnt.exe»=»C:WINDOWSsystem32fxsclnt.exe:*:Enabled:Microsoft Fax Console»
«D:GamesNeverwinter Nights 2nwn2main.exe»=»D:GamesNeverwinter Nights 2nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main»
«D:GamesNeverwinter Nights 2nwn2main_amdxp.exe»=»D:GamesNeverwinter Nights 2nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD»
«D:GamesNeverwinter Nights 2nwupdate.exe»=»D:GamesNeverwinter Nights 2nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater»
«D:GamesNeverwinter Nights 2nwn2server.exe»=»D:GamesNeverwinter Nights 2nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server»
«C:Program FilesJetBrainsIntelliJ IDEA 8.0.1binidea.exe»=»C:Program FilesJetBrainsIntelliJ IDEA 8.0.1binidea.exe:*:Disabled:idea»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe»=»C:Program FilesNokiaNokia Software Updaternsu_ui_client.exe:*:Enabled:Nokia Software Updater»
«C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe»=»C:Program FilesCommon FilesNokiaService LayerAnsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process «
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:WINDOWSsystem32dpvsetup.exe»=»C:WINDOWSsystem32dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test»
«C:WINDOWSsystem32rundll32.exe»=»C:WINDOWSsystem32rundll32.exe:*:Enabled:Run a DLL as an App»
«C:Program FilesMicrosoft Visual Studio 9.0Common7IDEdevenv.exe»=»C:Program FilesMicrosoft Visual Studio 9.0Common7IDEdevenv.exe:LocalSubNet:Enabled:Microsoft Visual Studio»
«D:DownloadsMisc1_www.1st-hacks.com__ultimate_garena_v1.4Garena.exe»=»D:DownloadsMisc1_www.1st-hacks.com__ultimate_garena_v1.4Garena.exe:*:Enabled:Garena»
«D:DownloadsMisc1CrushDie_Garena_v.3.0aGarena.exe»=»D:DownloadsMisc1CrushDie_Garena_v.3.0aGarena.exe:*:Enabled:Garena»
«C:Program FilesInternet Exploreriexplore.exe»=»C:Program FilesInternet Exploreriexplore.exe:*:Enabled:Internet Explorer»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE»=»C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove»
«C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE»=»C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote»
«C:GamesWarcraft IIIWar3.exe»=»C:GamesWarcraft IIIWar3.exe:*:Enabled:Warcraft III»
«C:Program FilesGarenaGarena.exe»=»C:Program FilesGarenaGarena.exe:*:Enabled:Garena»
«D:DownloadsMisc1[www.1st-hacks.com] ultimate garena v1.3.1 by DarkusGarena.exe»=»D:DownloadsMisc1[www.1st-hacks.com] ultimate garena v1.3.1 by DarkusGarena.exe:*:Enabled:Garena»
«D:Downloadswinlirc-0.6.5winlirc.exe»=»D:Downloadswinlirc-0.6.5winlirc.exe:*:Enabled:winlirc»
«C:Program FilesJavajre6binjavaw.exe»=»C:Program FilesJavajre6binjavaw.exe:*:Enabled:Java(TM) Platform SE binary»
«C:Program FilesJavajre6binjava.exe»=»C:Program FilesJavajre6binjava.exe:*:Enabled:Java(TM) Platform SE binary»
«C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe»=»C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe:*:Enabled:Media Player Classic — Homecinema»
«C:Program FilesGarenaGarena.Owned.exe»=»C:Program FilesGarenaGarena.Owned.exe:*:Enabled:Garena»
«D:DownloadsMisc1TyranOGarenaGarena.exe»=»D:DownloadsMisc1TyranOGarenaGarena.exe:*:Enabled:Garena»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:Program FilesHPQuickTest ProfessionalbinAQTRmtAgent.exe»=»C:Program FilesHPQuickTest ProfessionalbinAQTRmtAgent.exe:*:Enabled:HP Service Test Remote Agent»
«C:Program FilesRayVRayVRayV.exe»=»C:Program FilesRayVRayVRayV.exe:*:Enabled:RayV»
«C:Program FilesRayVRayVRayV.dll»=»C:Program FilesRayVRayVRayV.dll:*:Enabled:RayV»
«D:Program FilesUnisonPlayUniFS.exe»=»D:Program FilesUnisonPlayUniFS.exe:*:Enabled:UniFS Media — UniFS.exe»
«C:Program FilesFlashFXPFlashFXP.exe»=»C:Program FilesFlashFXPFlashFXP.exe:*:Enabled:FlashFXP v3»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesProxy Switcher StandardProxySwitcher.exe»=»C:Program FilesProxy Switcher StandardProxySwitcher.exe:*:Enabled:Proxy Switcher»
«C:Program FilesAptanaAptana Studio 2.0AptanaStudio.exe»=»C:Program FilesAptanaAptana Studio 2.0AptanaStudio.exe:*:Enabled:AptanaStudio»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«D:u992u992.exe»=»D:u992u992.exe:*:Enabled:u992»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesZoomText 9.1Zt.exe»=»C:Program FilesZoomText 9.1Zt.exe:LocalSubNet:Enabled:ZoomText 9.1»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesFlashFXPFlashFXP.exe»=»C:Program FilesFlashFXPFlashFXP.exe:*:Enabled:FlashFXP v3»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{59a15423-bfac-11de-a5e5-001986003b19}]
shellAutoRuncommand — H:WindowsbineblSetup.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9079208e-a725-11dd-a460-000fea4bcef8}]
shellAutoRuncommand — G:LaunchU3.exe -a[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{b75476de-23ee-11dd-8f6e-000fea4bcef8}]
shellAutoRuncommand — G:LaunchU3.exe -a[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{bc242504-2358-11dd-948b-806d6172696f}]
shellAutoRuncommand — E:O12_RU-HE.EXE======List of files/folders created in the last 1 months======
2010-03-07 01:19:10 —-D—- C:rsit
2010-03-07 01:19:10 —-D—- C:Program Filestrend micro
2010-03-07 00:25:16 —-D—- C:Program FilesTrendMicro
2010-03-07 00:01:10 —-HDC—- C:WINDOWSie8
2010-03-06 01:38:43 —-A—- C:Program FilesCommon Fileskeylog.txt
2010-03-06 01:01:26 —-D—- C:Program FilesCommon Fileswm
2010-03-04 11:11:23 —-D—- C:Program FilesMicrosoft Enterprise Library 4.1 — October 2008
2010-02-14 23:25:03 —-D—- C:Program FilesuTorrent
2010-02-14 23:23:08 —-D—- C:Documents and SettingsYevi.YEVApplication DatauTorrent
2010-02-09 12:25:21 —-D—- C:Documents and SettingsYevi.YEVApplication Datavlc
2010-02-09 10:44:48 —-A—- C:WINDOWSsystem32unrar.dll
2010-02-09 10:44:30 —-A—- C:WINDOWSavisplitter.ini
2010-02-09 10:43:22 —-A—- C:WINDOWSsystem32yv12vfw.dll
2010-02-09 10:43:03 —-A—- C:WINDOWSsystem32xvidcore.dll
2010-02-09 10:43:02 —-A—- C:WINDOWSsystem32xvidvfw.dll
2010-02-09 10:41:55 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2010-02-09 10:41:52 —-A—- C:WINDOWSsystem32ff_vfw.dll======List of files/folders modified in the last 1 months======
2010-03-07 01:19:18 —-D—- C:WINDOWSTemp
2010-03-07 01:19:10 —-RAD—- C:Program Files
2010-03-07 01:07:11 —-D—- C:Program FilesMozilla Firefox
2010-03-07 01:04:08 —-D—- C:WINDOWSsystem32inetsrv
2010-03-07 01:04:07 —-D—- C:WINDOWS
2010-03-07 01:02:51 —-A—- C:WINDOWSSchedLgU.Txt
2010-03-07 01:02:49 —-D—- C:WINDOWSsystem32CatRoot2
2010-03-07 00:42:06 —-SD—- C:WINDOWSDownloaded Program Files
2010-03-07 00:42:06 —-D—- C:WINDOWSsystem32
2010-03-07 00:25:20 —-SHD—- C:WINDOWSInstaller
2010-03-07 00:25:20 —-SHD—- C:Config.Msi
2010-03-07 00:18:28 —-D—- C:WINDOWSnetwork diagnostic
2010-03-07 00:10:16 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-03-07 00:10:16 —-HD—- C:WINDOWSinf
2010-03-07 00:10:16 —-D—- C:WINDOWSsystem32en-US
2010-03-07 00:10:16 —-D—- C:WINDOWSMedia
2010-03-07 00:10:16 —-D—- C:WINDOWSHelp
2010-03-07 00:10:16 —-D—- C:Program FilesInternet Explorer
2010-03-06 23:52:48 —-D—- C:WINDOWSPrefetch
2010-03-06 23:49:45 —-A—- C:WINDOWSimsins.BAK
2010-03-06 23:42:25 —-D—- C:Program FilesMicrosoft
2010-03-06 23:36:30 —-D—- C:Program FilesFlashGet
2010-03-06 23:36:26 —-D—- C:USDownloader
2010-03-06 23:19:18 —-D—- C:Program FilesmIRC
2010-03-06 21:27:23 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataBabylon
2010-03-06 01:38:43 —-AD—- C:Program FilesCommon Files
2010-03-06 00:05:25 —-D—- C:Program FilesGarena
2010-03-04 11:22:35 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataMicrosoft Help
2010-03-03 19:21:11 —-A—- C:WINDOWSNeroDigital.ini
2010-03-02 13:31:20 —-D—- C:Documents and SettingsYevi.YEVApplication DataICQ
2010-03-01 16:47:46 —-D—- C:Program FilesMinilyrics
2010-02-25 19:18:42 —-D—- C:Documents and SettingsYevi.YEVApplication DataWinamp
2010-02-22 17:48:17 —-D—- C:Downloads
2010-02-16 13:51:11 —-D—- C:Program FilesMicrosoft Silverlight
2010-02-14 23:19:51 —-D—- C:Program FilesAzureus
2010-02-14 23:19:23 —-D—- C:Documents and SettingsYevi.YEVApplication DataAzureus
2010-02-10 18:17:00 —-D—- C:Program FilesICQ6.5
2010-02-09 10:47:14 —-D—- C:Program FilesK-Lite Codec Pack
2010-02-09 10:36:12 —-D—- C:Documents and SettingsYevi.YEVApplication DataBSplayer PRO======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2005-03-09 38400]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-05-14 94360]
R1 NetworkX;NetworkX; C:WINDOWSsystem32ckldrv.sys [2006-01-10 31846]
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-05-14 114472]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2004-08-04 11868]
R2 NPF;NetGroup Packet Filter Driver; C:WINDOWSsystem32driversnpf.sys [2009-10-20 50704]
R2 paldrv;paldrv; ??C:WINDOWSsystem32pal_drv.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-06-20 2324480]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-03-29 2873856]
R3 BthEnum;Bluetooth Request Block Driver; C:WINDOWSsystem32DRIVERSBthEnum.sys [2008-04-13 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2008-04-13 101120]
R3 BTHUSB;Bluetooth Radio USB Driver; C:WINDOWSSystem32DriversBTHUSB.sys [2008-04-13 18944]
R3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:WINDOWSsystem32DRIVERSHSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:WINDOWSsystem32DRIVERSHSFBS2S2.sys [2004-08-04 220032]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2005-01-13 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2005-01-13 12928]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:WINDOWSsystem32DRIVERSpoint32.sys [2007-08-21 21760]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2008-04-13 59136]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSFCXTS2.sys [2004-08-04 685056]
S3 acbfobix;acbfobix; C:WINDOWSsystem32driversacbfobix.sys []
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:WINDOWSsystem32DRIVERSbthmodem.sys [2008-04-13 37888]
S3 BTHPORT;Bluetooth Port Driver; C:WINDOWSSystem32DriversBTHport.sys [2008-06-13 272128]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 ce6230;Intel CE6230 Standalone USB Driver; C:WINDOWSsystem32DRIVERSCE6230StandaloneDriver.sys [2007-04-27 44800]
S3 ce6230BDACAP;Realfine CE6230 BDA Driver; C:WINDOWSsystem32DRIVERSCE6230BDA.sys [2007-04-27 19328]
S3 CE9500;CE9500.Sys driver; C:WINDOWSSystem32Driversce9500.sys []
S3 GarenaPEngine;GarenaPEngine; ??C:DOCUME~1Yevi.YEVLOCALS~1TempSEX54E1.tmp []
S3 MPE;BDA MPE Filter; C:WINDOWSsystem32DRIVERSMPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:WINDOWSsystem32DRIVERSNMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:WINDOWSsystem32driversccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:WINDOWSsystem32driversccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:WINDOWSsystem32driversnmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:WINDOWSsystem32driversnmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2008-08-26 18816]
S3 pcidrv;pcidrv; ??C:Program FilesuICEdevicespcidrv.sys []
S3 PRODIGY;PRODIGY; C:WINDOWSSystem32DriversPRODIGY.SYS [2006-08-29 32377]
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8029.SYS [2001-08-17 19017]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:WINDOWSsystem32DRIVERSusbser_lowerflt.sys [2009-02-09 7808]
S3 USBHIDIR;USBHIDIR; C:WINDOWSsystem32driversusbhidir.sys [2003-04-17 7717]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:WINDOWSsystem32driversusbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:WINDOWSsystem32DRIVERSusbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 utqwnzm2;AVZ Kernel Driver; ??C:WINDOWSsystem32Driversutqwnzm2.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:WINDOWSSystem32Driverswdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 RsFx0102;RsFx0102 Driver; C:WINDOWSsystem32DRIVERSRsFx0102.sys [2008-07-10 242712]
S4 sr;System Restore Filter Driver; C:WINDOWSsystem32DRIVERSsr.sys [2008-04-13 73472]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-03-29 536576]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 Crypkey License;Crypkey License; C:WINDOWSsystem32crypserv.exe [2007-03-15 122880]
R2 Diskeeper;Diskeeper; C:Program FilesDiskeeper CorporationDiskeeperDkService.exe [2008-11-22 1333016]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-05-14 731840]
R2 IISADMIN;IIS Admin; C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-14 15360]
R2 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER); C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnfdlauncher.exe [2008-07-10 31256]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010; C:Program FilesSolidWorks CorpSolidWorks Flow SimulationbinCFWStandAloneSlv.exe [2009-09-11 144680]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-14 15360]
R2 SQLWriter;SQL Server VSS Writer; C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe [2008-07-10 98840]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-03-28 593920]
S2 CCALib8;Canon Camera Access Library 8; C:Program FilesCanonCALCALMAIN.exe []
S3 aawservice;Lavasoft Ad-Aware Service; C:Program FilesLavasoftAd-Awareaawservice.exe [2008-10-20 611664]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:Program FilesSolidWorks CorpSolidWorksswSchedulerDTSCoordinatorService.exe [2009-10-15 87336]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-05-14 20680]
S3 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2008-04-14 267776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2009-12-25 867080]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2006-10-27 65824]
S3 MSSQLSERVER;SQL Server (MSSQLSERVER); C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnsqlservr.exe [2008-07-10 40999448]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:Program FilesWinPcaprpcapd.exe [2009-10-20 117264]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-11-11 620544]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:Program FilesCommon FilesSolidWorks SharedServiceSolidWorksLicensing.exe [2009-12-25 79360]
S3 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:Program FilesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnSQLAGENT.EXE [2008-07-10 369688]
S3 W3SVC;World Wide Web Publishing; C:WINDOWSsystem32inetsrvinetinfo.exe [2008-04-14 15360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S4 gupdate1c98af5be02e090;Google Update Service (gupdate1c98af5be02e090); C:Program FilesGoogleUpdateGoogleUpdate.exe /svc []
S4 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-02-09 182768]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:Program FilesMicrosoft SQL Server100SharedSQLADHLP.EXE [2008-07-10 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:Program FilesMicrosoft Visual Studio 8Common7IDERemote Debuggerx86msvsmon.exe [2005-09-23 2799808]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:Program FilesMicrosoft Visual Studio 9.0Common7IDERemote Debuggerx86msvsmon.exe [2008-07-29 3201024]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe [2008-07-10 258072]
EOF
7 марта, 2010 в 8:55 дп #28942Не выдержал и запустил Combofix, но не помогло.
Вот лог:ComboFix 10-03-06.06 — Yevi 03/07/2010 9:42.1.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.398 [GMT 2:00]
Running from: d:12ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsYevi.YEVApplication DataCMediaCMedia.dat
c:documents and settingsYevi.YEVApplication DataCMediaFeed.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed1.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed10.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed11.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed12.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed13.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed14.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed15.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed2.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed3.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed4.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed5.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed6.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed7.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed8.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeed9.jpg
c:documents and settingsYevi.YEVApplication DataCMediaFeedfeed.xml
c:documents and settingsYevi.YEVApplication DataCMediag.fla
c:documents and settingsYevi.YEVApplication DataCMediaUninstall.exe
c:documents and settingsYevi.YEVApplication DataFieryAds
c:documents and settingsYevi.YEVApplication DataFieryAdsFieryAdsUninstall.exe
c:program filesCommon Fileskeylog.txt
c:program filesINSTALL.LOG
c:recyclerS-1-5-21-1343024091-329068152-725345543-1003
c:recyclerS-1-5-21-725345543-746137067-839522115-1003
c:windowsDownloaded Program Fileslauncher.ocx
c:windowsEventSystem.log
c:windowssystem32Cache
c:windowssystem32logs
c:windowssystem32logsAd-Aware event.log
c:windowssystem32sstray.exe
c:windowssystem32twain_32.dll
c:windowssystem32vb40032.dll.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.2010-03-06 23:19 . 2010-03-06 23:19
d
w- C:rsit
2010-03-06 23:19 . 2010-03-06 23:19
d
w- c:program filestrend micro
2010-03-06 22:25 . 2010-03-06 22:25
d
w- c:program filesTrendMicro
2010-03-06 22:01 . 2010-03-06 22:02
dc-h—w- c:windowsie8
2010-03-05 23:01 . 2010-03-05 23:01
d
w- c:program filesCommon Fileswm
2010-03-05 23:01 . 2010-03-05 23:01
d-sh—w- c:windowssystem32configsystemprofileIETldCache
2010-03-04 09:11 . 2010-03-04 09:11
d
w- c:program filesMicrosoft Enterprise Library 4.1 — October 2008
2010-02-14 21:25 . 2010-03-04 07:55
d
w- c:program filesuTorrent
2010-02-14 21:23 . 2010-03-04 08:55
d
w- c:documents and settingsYevi.YEVApplication DatauTorrent
2010-02-09 10:25 . 2010-03-04 09:19
d
w- c:documents and settingsYevi.YEVApplication Datavlc
2010-02-09 08:44 . 2009-12-12 14:15 178176 —-a-w- c:windowssystem32unrar.dll
2010-02-09 08:43 . 2004-01-25 16:18 217088 —-a-w- c:windowssystem32yv12vfw.dll
2010-02-09 08:43 . 2009-05-29 21:31 881664 —-a-w- c:windowssystem32xvidcore.dll
2010-02-09 08:43 . 2009-05-29 21:37 205824 —-a-w- c:windowssystem32xvidvfw.dll
2010-02-09 08:41 . 2010-01-05 18:00 85504 —-a-w- c:windowssystem32ff_vfw.dll
2010-02-05 11:36 . 2007-03-04 11:55 719872 —-a-w- c:windowssystem32devil.dll
2010-02-05 11:36 . 2007-03-04 11:55 308224 —-a-w- c:windowssystem32avisynth.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 08:02 . 2009-11-11 18:47
d
w- c:documents and settingsYevi.YEVApplication DataCMedia
2010-03-06 23:23 . 2008-12-10 20:59
d
w- c:documents and settingsAll Users.WINDOWSApplication DataBabylon
2010-03-06 22:25 . 2010-03-06 22:25 388096 —-a-r- c:documents and settingsYevi.YEVApplication DataMicrosoftInstaller{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}HiJackThis.exe
2010-03-06 21:42 . 2009-05-22 08:01
d
w- c:program filesMicrosoft
2010-03-06 21:36 . 2005-06-19 19:00
d
w- c:program filesFlashGet
2010-03-06 21:19 . 2005-02-11 22:45
d
w- c:program filesmIRC
2010-03-05 22:05 . 2009-11-05 17:49
d
w- c:program filesGarena
2010-03-04 09:22 . 2008-05-16 14:04
d
w- c:documents and settingsAll Users.WINDOWSApplication DataMicrosoft Help
2010-03-02 11:31 . 2008-05-16 17:56
d
w- c:documents and settingsYevi.YEVApplication DataICQ
2010-03-01 14:47 . 2010-01-11 12:37
d
w- c:program filesMinilyrics
2010-02-25 17:18 . 2010-01-08 13:01
d
w- c:documents and settingsYevi.YEVApplication DataWinamp
2010-02-22 17:51 . 2009-09-08 12:05 10238 —-a-w- c:documents and settingsAll Users.WINDOWSApplication DataBlazeVideoBlazeDTV 6.0blazedvd.dll
2010-02-16 11:51 . 2008-04-28 16:56
d
w- c:program filesMicrosoft Silverlight
2010-02-14 21:19 . 2005-02-11 15:35
d
w- c:program filesAzureus
2010-02-14 21:19 . 2008-05-17 08:06
d
w- c:documents and settingsYevi.YEVApplication DataAzureus
2010-02-10 16:17 . 2009-03-10 08:54
d
w- c:program filesICQ6.5
2010-02-09 08:47 . 2009-04-20 08:20
d
w- c:program filesK-Lite Codec Pack
2010-02-09 08:36 . 2008-05-16 13:58
d
w- c:documents and settingsYevi.YEVApplication DataBSplayer PRO
2010-02-06 15:03 . 2005-02-11 18:09
d
w- c:program filesWinamp
2010-02-05 11:45 . 2010-01-18 22:09
d
w- c:program filesWMR14
2010-01-30 16:00 . 2008-05-16 14:16 112320 —-a-w- c:documents and settingsYevi.YEVLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-01-29 16:52 . 2010-01-28 16:52
d
w- c:program filesAptana
2010-01-29 10:58 . 2008-05-30 09:51
d
w- c:documents and settingsYevi.YEVApplication DataSkype
2010-01-26 13:20 . 2010-01-13 09:24
d
w- c:program filesFoxit Software
2010-01-24 23:50 . 2009-10-14 23:24 480688 —-a-w- c:documents and settingsLocalService.NT AUTHORITY.000Local SettingsApplication DataFontCache3.0.0.0.dat
2010-01-24 11:22 . 2010-01-24 11:22
d
w- c:program filesMicrosoft ASP.NET
2010-01-24 10:38 . 2010-01-24 10:36
d
w- c:program filesDevExpress 2009.3
2010-01-23 15:51 . 2010-01-23 15:51
d
w- c:documents and settingsLocalService.NT AUTHORITY.000Application DataFoxit Software
2010-01-18 22:13 . 2007-11-24 21:16
d
w- c:program filesWinPcap
2010-01-13 09:25 . 2010-01-13 09:25
d
w- c:documents and settingsYevi.YEVApplication DataFoxit
2009-12-09 11:35 . 2008-12-29 11:40 18368 —-a-w- c:documents and settingsAll Users.WINDOWSApplication DataMicrosoftVSA9.01033ResourceCache.dll
2009-12-09 11:35 . 2008-12-29 11:40 1309760 —-a-w- c:documents and settingsAll Users.WINDOWSApplication DataMicrosoftVisualStudio9.01033ResourceCache.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Google Update»=»c:documents and settingsYevi.YEVLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2010-01-25 135664][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IntelliPoint»=»c:program filesMicrosoft IntelliPointipoint.exe» [2007-08-31 1037736]
«SoundMan»=»SOUNDMAN.EXE» [2005-06-20 77824]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-14 110592]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-05-14 2029640][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«EnableShellExecuteHooks»= 1 (0x1)[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«EnableShellExecuteHooks»= 1 (0x1)[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{A5949E07-8536-4625-A3D0-2DD83F559990}»= «c:windowssystem32ShellHook.dll» [2009-01-01 147456][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *autocheck lsdelete[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@=»Service»[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKLM~startupfolderC:^Documents and Settings^Yevi.YEV^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:documents and settingsYevi.YEVStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk
backup=c:windowspssOneNote 2007 Screen Clipper and Launcher.lnkStartup[HKLM~startupfolderC:^Documents and Settings^Yevi.YEV^Start Menu^Programs^Startup^Warkeys Update.lnk]
path=c:documents and settingsYevi.YEVStart MenuProgramsStartupWarkeys Update.lnk
backup=c:windowspssWarkeys Update.lnkStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2008-06-12 00:38 34672 —-a-w- c:program filesAdobeReader 9.0Readerreader_sl.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBabylon Client]
2009-07-20 17:42 3706768 —-a-w- c:program filesBabylonBabylon-ProBabylon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 13:35 202024 —-a-w- c:program filesCommon FilesNeroLibNMBgMonitor.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor]
2006-10-26 22:47 31016 —-a-w- c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2007-03-01 13:57 153136 —-a-w- c:program filesCommon FilesNeroLibNeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
2008-12-03 10:47 1205760 —-a-w- c:program filesNokiaNokia PC Suite 7PCSuite.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2009-03-09 03:19 148888 —-a-w- c:program filesJavajre6binjusched.exe[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\USDownloader\USDownloader.exe»=
«c:\Program Files\mIRC\mirc.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Azureus\Azureus.exe»=
«c:\Program Files\FlashGet\flashget.exe»=
«c:\Program Files\TVAnts\Tvants.exe»=
«c:\Program Files\SopCast\adv\SopAdver.exe»=
«c:\Program Files\SopCast\SopCast.exe»=
«c:\Program Files\Java\jdk1.6.0_06\bin\java.exe»=
«c:\Program Files\VideoLAN\VLC\vlc.exe»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\Program Files\Java\jre1.6.0_06\bin\java.exe»=
«c:\Program Files\TVUPlayer\TVUPlayer.exe»=
«c:\WINDOWS\system32\fxsclnt.exe»=
«c:\Program Files\JetBrains\IntelliJ IDEA 8.0.1\bin\idea.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe»=
«c:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe»=
«c:\Program Files\Windows Live\Messenger\wlcsdk.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Games\Warcraft III\War3.exe»=
«c:\Program Files\Garena\Garena.exe»=
«c:\Program Files\Java\jre6\bin\javaw.exe»=
«c:\Program Files\Java\jre6\bin\java.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\HP\QuickTest Professional\bin\AQTRmtAgent.exe»=
«c:\Program Files\FlashFXP\FlashFXP.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe»=
«c:\Program Files\Aptana\Aptana Studio 2.0\AptanaStudio.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«d:\u992\u992.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«135:TCP»= 135:TCP:DCOM
«4129:TCP»= 4129:TCPR1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [14/05/2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [14/05/2009 15:49 94360]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [14/05/2009 15:47 731840]
R2 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:program filesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnfdlauncher.exe [10/07/2008 01:15 31256]
R2 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [20/10/2009 20:19 50704]
R2 paldrv;paldrv;c:windowssystem32pal_drv.sys [11/11/2009 17:09 11107]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:program filesSolidWorks CorpSolidWorks Flow SimulationbinCFWStandAloneSlv.exe [11/09/2009 19:46 144680]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [29/06/2008 21:32 685816]
S3 ce6230;Intel CE6230 Standalone USB Driver;c:windowssystem32driversCE6230StandaloneDriver.sys [26/07/2009 13:09 44800]
S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:windowssystem32driversCE6230BDA.sys [26/07/2009 13:09 19328]
S3 CE9500;CE9500.Sys driver;c:windowssystem32Driversce9500.sys —> c:windowssystem32Driversce9500.sys [?]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:program filesSolidWorks CorpSolidWorksswSchedulerDTSCoordinatorService.exe [15/10/2009 06:51 87336]
S3 GarenaPEngine;GarenaPEngine;??c:docume~1Yevi.YEVLOCALS~1TempSEX54E1.tmp —> c:docume~1Yevi.YEVLOCALS~1TempSEX54E1.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [09/05/2009 23:21 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [09/05/2009 23:21 8320]
S3 PRODIGY;PRODIGY;c:windowssystem32driversprodigy.sys [18/04/2009 15:19 32377]
S3 USBHIDIR;USBHIDIR;c:windowssystem32driversusbhidir.sys [03/09/2009 21:44 7717]
S3 utqwnzm2;AVZ Kernel Driver;c:windowssystem32driversutqwnzm2.sys [23/01/2009 23:22 7168]
S4 gupdate1c98af5be02e090;Google Update Service (gupdate1c98af5be02e090);»c:program filesGoogleUpdateGoogleUpdate.exe» /svc —> c:program filesGoogleUpdateGoogleUpdate.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:program filesMicrosoft SQL Server100Sharedsqladhlp.exe [10/07/2008 11:49 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:program filesMicrosoft Visual Studio 8Common7IDERemote Debuggerx86msvsmon.exe [23/09/2005 07:01 2799808]
S4 RsFx0102;RsFx0102 Driver;c:windowssystem32driversRsFx0102.sys [10/07/2008 02:49 242712]
.
Contents of the ‘Scheduled Tasks’ folder2010-03-06 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1547161642-616249376-725345543-1003Core.job
— c:documents and settingsYevi.YEVLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-01-25 08:38]2010-03-06 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1547161642-616249376-725345543-1003UA.job
— c:documents and settingsYevi.YEVLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-01-25 08:38]2010-03-06 c:windowsTasksUser_Feed_Synchronization-{6F9C4480-70AB-420B-BE43-14341FEEB630}.job
— c:windowssystem32msfeedssync.exe [2007-08-13 02:31]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet — c:program filesFlashGetjc_all.htm
IE: &Download with FlashGet — c:program filesFlashGetjc_link.htm
IE: Translate this web page with Babylon — c:program filesBabylonBabylon-ProUtilsBabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon — c:program filesBabylonBabylon-ProUtilsBabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} — res://c:program filesBabylonBabylon-ProUtilsBabylonIEPI.dll/ActionTU.htm
DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} — hxxp://chat-basic.nana.co.il/Cabs/launcher.cab
DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} — hxxp://www.tapuz.co.il/irc/main/launcher.cab
DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} — hxxp://irc.nana10.co.il/Cabs/launcher39.cab
FF — ProfilePath — c:documents and settingsYevi.YEVApplication DataMozillaFirefoxProfilesxunb2o1k.yev
FF — prefs.js: browser.search.selectedEngine — IMDb
FF — prefs.js: browser.startup.homepage — about:blank
FF — component: c:documents and settingsYevi.YEVApplication DataMozillaFirefoxProfilesxunb2o1k.yevextensions{34ea1c70-42cc-42c5-aa29-ec58b95a343e}componentsFFAlert.dll
FF — component: c:program filesHttpWatchFirefoxcomponentshttpwatchproff.dll
FF — plugin: c:documents and settingsYevi.YEVApplication DataMozillaFirefoxProfilesxunb2o1k.yevextensionsmoveplayer@movenetworks.complatformWINNT_x86-msvcpluginsnpmnqmp07076007.dll
FF — plugin: c:documents and settingsYevi.YEVLocal SettingsApplication DataGoogleUpdate1.2.183.17npGoogleOneClick8.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
FF — plugin: c:program filesMozilla FirefoxpluginsNPAdbESD.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpdjvu.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpmozax.dll
FF — plugin: c:program filesMozilla FirefoxpluginsNPTURNMED.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpunagi2.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
— — — — ORPHANS REMOVED — — — —ShellIconOverlayIdentifiers-{6B830884-20E3-4AB6-B672-2629F0F72071} — (no file)
HKLM-Run-StartCCC — c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe
HKLM-Run-nForce Tray Options — sstray.exe
HKLM-Run-mspaint — c:windowssystem32Paint.exe
MSConfigStartUp-ARC — c:documents and settingsYevi.YEVMy DocumentsSystemsvchost.exe
MSConfigStartUp-mspaint — c:windowssystem32Paint.exe
MSConfigStartUp-NBKeyScan — c:program filesNeroNero8Nero BackItUpNBKeyScan.exe
MSConfigStartUp-Nitro PDF Printer Monitor — c:program filesNitro PDFProfessionalNitroPDFPrinterMonitor.exe
MSConfigStartUp-w3dr — c:gamesWarcraft IIIw3dr.exe
AddRemove-CMedia — c:documents and settingsYevi.YEVApplication DataCMediaUninstall.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 — c:program filesCommon FilesAdobe AIRVersions1.0Adobe AIR Application Installer.exe
AddRemove-WM Recorder 12.1 — c:program filesWMR11Uninstal.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 10:03
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesGarenaPEngine]
«ImagePath»=»??c:docume~1Yevi.YEVLOCALS~1TempSEX54E1.tmp»
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1547161642-616249376-725345543-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(836)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2010-03-07 10:15:43
ComboFix-quarantined-files.txt 2010-03-07 08:15Pre-Run: 57,319,014,400 bytes free
Post-Run: 58,734,678,016 bytes free— — End Of File — — A9AA0712391F72681574EFC877EEB781
-
АвторСообщения
- Для ответа в этой теме необходимо авторизоваться.