• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало › Re: Re: видимо поймал…
Adguard
 

Re: Re: видимо поймал…

Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › видимо поймал… › Re: Re: видимо поймал…

19 февраля, 2009 в 7:38 пп #21950
Аноним
Гость
  • Темы:532
  • Сообщений:1553
  • ☆☆☆☆☆

Все сделал, вот лог

ComboFix 09-02-18.01 — alex 2009-02-19 13:20:37.2 — NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.7.1033.18.2046.835 [GMT -6:00]
Running from: c:usersalexDesktopComboFix.exe
Command switches used :: c:usersalexDesktopCFScript.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
* Created a new restore point

FILE ::c:usersalex newAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupis-1JRS0.lnk
c:usersalex newDesktopVirus Removal Tool1is-1JRS0startup.exe
c:windowsSystem32drivers48215497.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:usersalex newAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupis-1JRS0.lnk
c:windowsSystem32drivers48215497.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

Legacy_IS-1JRS0DRV

Service_is-1JRS0drv

((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-19 00:56 . 2009-02-19 00:57

d

c:usersalexAppDataRoamingdvdcss
2009-02-19 00:44 . 2009-02-19 00:50 d

c:usersalexAppDataRoamingvlc
2009-02-19 00:39 . 2009-02-19 00:39 d

c:program filesVideoLAN
2009-02-19 00:22 . 2009-02-19 00:22 d

c:program fileseMule
2009-02-19 00:19 . 2008-02-28 13:26 1,414,440 —a

c:windowsSystem32ShellManager310E2D762.dll
2009-02-19 00:19 . 2008-02-28 13:01 774,144 —a

c:windowsSystem32NEROINSTAEC43759.DB
2009-02-18 13:57 . 2009-02-18 23:43 d

c:usersalexAppDataRoamingNeverball
2009-02-18 13:32 . 2009-02-18 13:47 d

c:program filesICQ6.5
2009-02-18 13:28 . 2009-02-18 13:30 d

c:usersAll UsersYahoo! Companion
2009-02-18 13:28 . 2009-02-18 13:30 d

c:programdataYahoo! Companion
2009-02-18 13:12 . 2009-02-18 13:14 d

c:usersalex newAppDataRoamingICQ
2009-02-18 11:40 . 2009-02-18 11:41 28,124 —a

c:usersalex newAppDataRoamingnvModes.dat
2009-02-18 09:38 . 2009-02-18 09:38 d

c:usersalex newAppDataRoamingSkype
2009-02-18 08:15 . 2009-02-18 11:04 d

c:usersalex newAppDataRoamingNeverball
2009-02-18 08:13 . 2009-02-18 11:04 d

c:program filesNeverball
2009-02-18 07:56 . 2009-02-18 11:42 d

c:usersalex newDoctorWeb
2009-02-18 03:35 . 2008-12-04 22:32 428,544 —a

c:windowsSystem32EncDec.dll
2009-02-18 03:35 . 2008-12-04 22:32 293,376 —a

c:windowsSystem32psisdecd.dll
2009-02-18 03:35 . 2008-12-04 22:31 217,088 —a

c:windowsSystem32psisrndr.ax
2009-02-18 03:35 . 2008-12-04 22:31 177,664 —a

c:windowsSystem32mpg2splt.ax
2009-02-18 03:35 . 2008-12-04 22:31 80,896 —a

c:windowsSystem32MSNP.ax
2009-02-18 01:59 . 2009-02-18 01:59 d

c:program filesAlwil Software
2009-02-18 01:59 . 2009-02-05 15:06 51,792 —a

c:windowsSystem32driversaswMonFlt.sys
2009-02-18 00:38 . 2009-02-18 00:38 d

c:usersAll UsersMalwarebytes
2009-02-18 00:38 . 2009-02-18 00:38 d

c:usersalex newAppDataRoamingMalwarebytes
2009-02-18 00:38 . 2009-02-18 00:38 d

c:programdataMalwarebytes
2009-02-18 00:38 . 2009-02-18 00:38 d

c:program filesMalwarebytes’ Anti-Malware
2009-02-18 00:38 . 2009-02-11 10:19 38,496 —a

c:windowsSystem32driversmbamswissarmy.sys
2009-02-18 00:38 . 2009-02-11 10:19 15,504 —a

c:windowsSystem32driversmbam.sys
2009-02-17 12:04 . 2009-02-17 12:04 d

c:usersalex newAppDataRoamingPC Tools
2009-02-17 12:04 . 2009-02-17 12:04 d

c:program filesSpyware Doctor
2009-02-17 12:04 . 2008-06-02 15:19 29,576 —a

c:windowsSystem32driverskcom.sys
2009-02-17 12:03 . 2009-02-17 12:10 d

c:program filesNorton Security Scan
2009-02-17 12:02 . 2009-02-19 01:09 d

c:usersAll UsersGoogle Updater
2009-02-17 12:02 . 2009-02-19 01:09 d

c:programdataGoogle Updater
2009-02-17 12:02 . 2009-02-17 12:02 d

c:program filesGoogle
2009-02-17 11:36 . 2009-02-18 00:33 d

c:usersalex new.housecall6.6
2009-02-17 11:35 . 2009-02-17 11:35 d

c:windowsSun
2009-02-16 23:59 . 2009-02-17 00:54 d

c:windowsSystem32configsystemprofileDoctorWeb
2009-02-16 20:45 . 2009-02-16 20:45 d

c:usersAll UsersKaspersky Lab Setup Files
2009-02-16 20:45 . 2009-02-16 20:45 d

c:programdataKaspersky Lab Setup Files
2009-02-16 04:09 . 2009-02-16 04:09 d

c:usersalex newAppDataRoamingNero
2009-02-16 03:42 . 2009-02-16 03:42 160 —a

c:windowsSystem32sh_wi.bak
2009-02-16 03:07 . 2009-02-16 03:14 d

c:windowsBDOSCAN8
2009-02-16 03:05 . 2009-02-16 03:06 d

c:usersAll UsersSITEguard
2009-02-16 03:05 . 2009-02-16 03:06 d

c:programdataSITEguard
2009-02-16 03:01 . 2009-02-16 03:32 d

c:usersAll UsersSTOPzilla!
2009-02-16 03:01 . 2009-02-16 03:32 d

c:programdataSTOPzilla!
2009-02-16 03:01 . 2009-02-16 03:01 d

c:program filesCommon FilesiS3
2009-02-16 02:11 . 2009-02-18 01:25 d—h

c:usersalex newAppDataRoamingdrivers
2009-02-16 02:06 . 2009-02-16 02:06 d

c:program filesEnigma Software Group
2009-02-15 23:51 . 2009-02-18 01:01 d

c:program filesFighters
2009-02-15 17:17 . 2009-02-19 13:28 254,996,512 —ahs—- c:windowsSystem32driversfidbox.dat
2009-02-15 17:17 . 2009-02-19 13:28 2,990,360 —ahs—- c:windowsSystem32driversfidbox.idx
2009-02-15 16:39 . 2009-02-15 16:39 d

C:rsit
2009-02-15 16:39 . 2009-02-16 03:45 d

c:program filestrend micro
2009-02-15 14:34 . 2009-02-18 01:25 d—h

c:usersJaneAppDataRoamingdrivers
2009-02-15 11:58 . 2009-02-15 11:58 d

c:windowsSystem32Kaspersky Lab
2009-02-15 11:58 . 2009-02-16 20:49 d

c:usersAll UsersKaspersky Lab
2009-02-15 11:58 . 2009-02-16 20:49 d

c:programdataKaspersky Lab
2009-02-15 02:15 . 2009-02-15 02:15 d

c:usersAll UsersWindowsSearch
2009-02-15 02:15 . 2009-02-15 02:15 d

c:programdataWindowsSearch
2009-02-15 00:58 . 2009-02-17 12:13 350,141,608 —a

c:windowsMEMORY.DMP
2009-02-15 00:50 . 2009-02-15 00:50 d

c:usersalex newAppDataRoamingYandex
2009-02-14 15:01 . 2009-02-14 15:01 d

c:usersalex newAppDataRoamingYahoo!
2009-02-14 14:58 . 2009-02-14 14:58 70,104 —a

c:windowsSystem32GDIPFONTCACHEV1.DAT
2009-02-14 14:57 . 2009-02-14 14:57 dr

c:usersalex newVideos
2009-02-14 14:57 . 2009-02-14 14:57 dr

c:usersalex newSearches
2009-02-14 14:57 . 2009-02-14 14:57 dr

c:usersalex newSaved Games
2009-02-14 14:57 . 2009-02-14 14:57 dr

c:usersalex newPictures
2009-02-14 14:57 . 2009-02-14 14:57 dr

c:usersalex newMusic
2009-02-14 14:57 . 2009-02-14 14:57 dr

c:usersalex newLinks
2009-02-14 14:57 . 2009-02-18 13:10 dr

c:usersalex newDownloads
2009-02-14 14:57 . 2009-02-14 14:57 dr

c:usersalex newDocuments
2009-02-14 14:57 . 2009-02-14 14:57 dr

c:usersalex newContacts
2009-02-14 14:57 . 2006-11-02 06:37 d

c:usersalex newAppDataRoamingMedia Center Programs
2009-02-14 14:57 . 2009-02-14 14:57 d

c:usersalex newAppDataRoamingLeadertech
2009-02-14 14:57 . 2009-02-14 14:57 d

c:usersalex newAppDataRoamingAcer
2009-02-14 14:57 . 2009-02-14 14:57 d—h

c:usersalex newAppData
2009-02-14 14:57 . 2009-02-18 07:56 d

c:usersalex new
2009-02-14 14:26 . 2009-02-19 13:30 0

c:windowsSystem32Ikeext.etl
2009-02-14 14:16 . 2009-02-18 01:25 d—h

c:usersalexAppDataRoamingdrivers
2009-02-12 16:15 . 2009-02-12 16:15 d

c:usersalexAppDataRoamingTemplate
2009-02-12 14:57 . 2009-02-12 14:57 0 —a

c:usersalexAppDataRoamingwklnhst.dat
2009-02-10 19:59 . 2009-01-14 21:36 1,383,424 —a

c:windowsSystem32mshtml.tlb
2009-02-10 19:59 . 2009-01-15 00:11 827,392 —a

c:windowsSystem32wininet.dll
2009-02-07 17:30 . 2009-02-07 17:30 d

c:program filesMakayama Interactive
2009-02-05 18:47 . 2009-02-05 18:47 d

c:program filesKwyshell
2009-02-05 05:04 . 2009-02-19 08:55 d

c:usersalexdwhelper
2009-02-05 04:58 . 2009-02-05 04:58 d

c:program filesFLVPlayer
2009-02-05 04:53 . 2009-02-19 12:58 d

c:usersalexAppDataRoamingAny Video Converter
2009-02-05 04:53 . 2009-02-05 04:53 d

c:program filesAny Video Converter
2009-02-04 13:46 . 2008-09-16 13:23 168,448 —a

c:windowsSystem32unrar.dll
2009-02-04 13:45 . 2009-02-04 13:45 d

c:program filesK-Lite Codec Pack
2009-02-04 13:45 . 2008-09-24 12:41 839,680 —a

c:windowsSystem32lameACM.acm
2009-02-04 13:45 . 2008-11-06 10:33 684,032 —a

c:windowsSystem32divx.dll
2009-02-04 13:45 . 2004-01-25 10:18 217,088 —a

c:windowsSystem32yv12vfw.dll
2009-02-04 13:45 . 2007-09-20 18:52 118,784 —a

c:windowsSystem32ac3acm.acm
2009-02-04 13:45 . 2008-12-08 05:53 57,344 —a

c:windowsSystem32ff_vfw.dll
2009-02-04 13:45 . 2007-07-10 10:10 547 —a

c:windowsSystem32ff_vfw.dll.manifest
2009-02-04 13:45 . 2008-10-03 06:30 414 —a

c:windowsSystem32lame_acm.xml
2009-01-30 14:55 . 2009-01-30 14:55 d

c:program filesImTOO
2009-01-24 16:09 . 2009-01-27 13:41 d

C:Need4Video files
2009-01-24 16:06 . 2009-01-24 16:06 54,156 —ah

c:windowsQTFont.qfn
2009-01-24 16:06 . 2009-01-24 16:06 1,409 —a

c:windowsQTFont.for
2009-01-19 15:13 . 2009-01-19 15:34 23 —a

c:windowssettings.ini
2009-01-19 15:12 . 2009-01-21 05:31 d

c:program filesWhiteSmoke

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 06:22

d

w c:programdataeMule
2009-02-19 06:20

d

w c:programdataNero
2009-02-19 06:20

d

w c:program filesNero
2009-02-19 06:20

d

w c:program filesCommon FilesNero
2009-02-19 06:15

d

w c:program filesCommon FilesSymantec Shared
2009-02-18 19:28

d

w c:program filesYahoo!
2009-02-18 19:27

d

w c:programdataYahoo!
2009-02-18 19:12

d—h—w c:program filesInstallShield Installation Information
2009-02-17 18:09

d—a-w c:programdataTEMP
2009-02-17 01:42

d

w c:programdataSymantec
2009-02-11 09:00

d

w c:program filesWindows Mail
2009-02-04 19:44

d

w c:program filesDivX
2009-01-17 01:32

d

w c:usersalexAppDataRoamingSkype
2009-01-16 22:00

d

w c:usersalexAppDataRoamingskypePM
2008-12-31 18:36

d

w c:programdataForge of Games
2008-12-30 20:34 103,144 —-a-w c:usersalexAppDataRoamingnvModes.dat
2008-12-26 21:46 532,480 —-a-w c:windowsSystem32FLIQLO.scr
2008-12-26 21:02

d

w c:usersalexAppDataRoamingIrfanView
2008-12-11 00:33 86,016 —-a-w c:windowsSystem32dpl100.dll
2008-12-07 18:08 795,648 —-a-w c:windowsSystem32xvidcore.dll
2008-12-07 18:08 130,048 —-a-w c:windowsSystem32xvidvfw.dll
2008-11-21 21:46 200,704 —-a-w c:windowsSystem32ssldivx.dll
2008-11-21 21:46 1,044,480 —-a-w c:windowsSystem32libdivx.dll
2008-07-06 04:21 56 —ha-w c:usersAll Usersezsidmv.dat
2008-07-06 04:21 56 —ha-w c:programdataezsidmv.dat
2008-06-27 03:52 183,728 —-a-w c:usersJaneAppDataRoamingnvModes.dat
2008-06-02 17:14 174 —sha-w c:program filesdesktop.ini
2008-10-07 21:35 16,384 —sha-w c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
2008-10-07 21:35 32,768 —sha-w c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
2008-10-07 21:35 16,384 —sha-w c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat
2008-05-16 00:26 16,384 —sha-w c:windowsServiceProfilesNetworkServiceAppDataLocalTempCookiesindex.dat
2008-05-16 00:26 16,384 —sha-w c:windowsServiceProfilesNetworkServiceAppDataLocalTempHistoryHistory.IE5index.dat
2008-05-16 00:26 32,768 —sha-w c:windowsServiceProfilesNetworkServiceAppDataLocalTempTemporary Internet FilesContent.IE5index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-18_ 1.32.51.39 )))))))))))))))))))))))))))))))))))))))))
.
— 2008-08-05 09:51:30 4,046,848 —-a-w c:windowsassemblyGAC_MSILehshell6.0.6000.0__31bf3856ad364e35ehshell.dll
+ 2008-12-05 04:34:22 4,046,848 —-a-w c:windowsassemblyGAC_MSILehshell6.0.6000.0__31bf3856ad364e35ehshell.dll
— 2008-08-05 09:51:56 1,957,888 —-a-w c:windowsassemblyGAC_MSILMicrosoft.MediaCenter.UI6.0.6000.0__31bf3856ad364e35Microsoft.MediaCenter.UI.dll
+ 2008-12-05 04:35:09 1,957,888 —-a-w c:windowsassemblyGAC_MSILMicrosoft.MediaCenter.UI6.0.6000.0__31bf3856ad364e35Microsoft.MediaCenter.UI.dll
+ 2009-02-19 09:04:26 2,428,928 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32ehepgc1ab30f112302fa6323a95cecc89dc9aehepg.ni.dll
+ 2009-02-19 09:05:03 44,544 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32ehExtCOMa02d78dcbbf544263a04749e55c5fdabehExtCOM.ni.dll
+ 2009-02-19 09:05:04 270,336 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32ehExtHosta72c61ab3969229d0f1c459ebf9501c0ehExtHost.ni.exe
— 2008-06-02 17:22:52 839,680 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32ehiVidCtlf14b581820693d30efb00f6c2753ff1aehiVidCtl.ni.dll
+ 2009-02-19 09:05:07 839,680 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32ehiVidCtlf14b581820693d30efb00f6c2753ff1aehiVidCtl.ni.dll
+ 2009-02-19 09:04:48 1,949,696 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32ehRecObjd10fec414da0055401439e541854cc60ehRecObj.ni.dll
+ 2009-02-19 09:04:42 12,742,656 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32ehshelleef6673d152e39bb107fc610087fb8faehshell.ni.dll
+ 2009-02-19 09:04:23 737,280 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32mcstore958daa7a855f3752729a090627ba2863mcstore.ni.dll
+ 2009-02-19 09:05:13 274,432 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32mcupdate6c4c85eb9116e04eb42b5ed3497a95a1mcupdate.ni.exe
+ 2009-02-19 09:04:21 618,496 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.MediaCent#049436785868ef1f876091c1791c2855Microsoft.MediaCenter.ni.dll
+ 2009-02-19 09:04:20 253,952 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.MediaCent#5964fedd528c09a5a5adc846a00528dbMicrosoft.MediaCenter.Shell.ni.dll
+ 2009-02-19 09:04:27 704,512 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.MediaCent#c9cf0ad1ef75155a40d98951dff749f1Microsoft.MediaCenter.Sports.ni.dll
+ 2009-02-19 09:04:19 5,861,376 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32Microsoft.MediaCent#de8c782f449f1c52badf9a7c8984eec6Microsoft.MediaCenter.UI.ni.dll
— 2008-06-02 17:22:34 44,544 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32stdole07c3757edda55c714c4e69a94be4e35estdole.ni.dll
+ 2009-02-19 09:05:17 44,544 —-a-w c:windowsassemblyNativeImages_v2.0.50727_32stdole07c3757edda55c714c4e69a94be4e35estdole.ni.dll
— 2008-01-19 07:36:08 180,224 —-a-w c:windowsehomecbva.dll
+ 2008-12-05 04:32:35 180,224 —-a-w c:windowsehomecbva.dll
— 2008-08-05 09:49:54 373,248 —-a-w c:windowsehomeehglid.dll
+ 2008-12-05 04:32:30 373,248 —-a-w c:windowsehomeehglid.dll
— 2008-08-05 09:49:54 105,472 —-a-w c:windowsehomeehPresenter.dll
+ 2008-12-05 04:32:30 105,472 —-a-w c:windowsehomeehPresenter.dll
— 2008-08-05 09:49:54 254,464 —-a-w c:windowsehomeehReplay.dll
+ 2008-12-05 04:32:30 254,464 —-a-w c:windowsehomeehReplay.dll
— 2008-08-05 09:51:30 4,046,848 —-a-w c:windowsehomeehshell.dll
+ 2008-12-05 04:34:22 4,046,848 —-a-w c:windowsehomeehshell.dll
— 2008-08-06 03:27:39 18,944 —-a-w c:windowsehomeehtrace.dll
+ 2008-12-05 04:29:53 18,944 —-a-w c:windowsehomeehtrace.dll
— 2008-08-05 09:49:54 522,240 —-a-w c:windowsehomeehui.dll
+ 2008-12-05 04:32:30 522,240 —-a-w c:windowsehomeehui.dll
— 2006-11-02 12:35:30 254,464 —-a-w c:windowsehomeehvid.exe
+ 2008-12-05 04:31:42 253,952 —-a-w c:windowsehomeehvid.exe
— 2008-08-05 09:49:28 173,056 —-a-w c:windowsehomeMcrMgr.exe
+ 2008-12-05 04:32:03 173,056 —-a-w c:windowsehomeMcrMgr.exe
— 2008-01-19 07:34:44 1,384,960 —-a-w c:windowsehomeMcx2Filter.dll
+ 2008-12-05 04:32:31 1,384,960 —-a-w c:windowsehomeMcx2Filter.dll
— 2008-08-05 09:51:56 1,957,888 —-a-w c:windowsehomeMicrosoft.MediaCenter.UI.dll
+ 2008-12-05 04:35:09 1,957,888 —-a-w c:windowsehomeMicrosoft.MediaCenter.UI.dll
+ 2009-02-19 19:19:46 6,402,048 —-a-w c:windowsERDNTHiv-backupSCHEMA.DAT
+ 2009-02-19 19:26:45 6,402,048 —-a-w c:windowsERDNTsubsSCHEMA.DAT
— 2009-02-18 07:29:43 262,144 —sha-w c:windowsServiceProfilesLocalServiceNTUSER.DAT
+ 2009-02-19 19:30:52 262,144 —sha-w c:windowsServiceProfilesLocalServiceNTUSER.DAT
— 2009-02-14 19:10:44 16,384 —sha-w c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2009-02-19 19:11:49 16,384 —sha-w c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
— 2009-02-14 19:10:44 32,768 —sha-w c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
+ 2009-02-19 19:11:49 32,768 —sha-w c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2009-02-14 19:10:44 16,384 —sha-w c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2009-02-19 19:11:49 16,384 —sha-w c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat
— 2009-02-18 07:29:43 262,144 —sha-w c:windowsServiceProfilesNetworkServiceNTUSER.DAT
+ 2009-02-19 19:30:51 262,144 —sha-w c:windowsServiceProfilesNetworkServiceNTUSER.DAT
+ 2009-02-19 19:30:51 262,144 —ha-w c:windowsServiceProfilesNetworkServicentuser.dat.LOG1
+ 2009-02-05 21:11:35 1,256,296 —-a-w c:windowsSystem32aswBoot.exe
+ 2009-02-05 21:04:45 97,480 —-a-w c:windowsSystem32AvastSS.scr
— 2009-02-18 07:13:32 32,768 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2009-02-19 19:09:12 32,768 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
— 2009-02-18 07:13:32 49,152 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
+ 2009-02-19 19:09:12 49,152 —sha-w c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
— 2009-02-18 07:13:32 16,384 —sha-w c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2009-02-19 19:09:12 16,384 —sha-w c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
— 2009-02-18 07:19:55 262,144 —-a-w c:windowsSystem32configsystemprofilentuser.dat
+ 2009-02-19 19:19:59 262,144 —-a-w c:windowsSystem32configsystemprofilentuser.dat
+ 2009-02-05 21:07:12 20,560 —-a-w c:windowsSystem32driversaswFsBlk.sys
+ 2009-02-05 21:06:10 23,152 —-a-w c:windowsSystem32driversaswRdr.sys
+ 2009-02-05 21:07:23 114,768 —-a-w c:windowsSystem32driversaswSP.sys
+ 2009-02-05 21:06:20 51,376 —-a-w c:windowsSystem32driversaswTdi.sys
+ 2008-10-05 03:16:26 235,936 —-a-r c:windowsSystem32MacromedFlashFlashUtil10a.exe
— 2008-04-30 00:49:08 74,137 —-a-w c:windowsSystem32MacromedFlashuninstall_activeX.exe
+ 2009-02-18 19:28:21 88,590 —-a-w c:windowsSystem32MacromedFlashuninstall_activeX.exe
— 2009-02-18 07:04:23 101,250 —-a-w c:windowsSystem32perfc009.dat
+ 2009-02-19 15:24:05 101,250 —-a-w c:windowsSystem32perfc009.dat
— 2009-02-18 07:04:23 587,178 —-a-w c:windowsSystem32perfh009.dat
+ 2009-02-19 15:24:05 587,178 —-a-w c:windowsSystem32perfh009.dat
— 2009-02-14 20:21:26 6,553,600 —-a-w c:windowsSystem32SMIStoreMachineSCHEMA.DAT
+ 2009-02-19 19:26:45 6,402,048 —-a-w c:windowsSystem32SMIStoreMachineSCHEMA.DAT
— 2009-02-18 06:58:43 4,674 —-a-w c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-3643566502-870319019-1950998503-1002_UserData.bin
+ 2009-02-18 18:58:46 5,410 —-a-w c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-3643566502-870319019-1950998503-1002_UserData.bin
— 2009-02-18 06:58:43 83,460 —-a-w c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
+ 2009-02-18 18:58:46 83,728 —-a-w c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
— 2009-02-18 06:54:41 6,856 —-a-w c:windowsSystem32WDIERCQueuedResolutions.dat
+ 2009-02-18 18:54:10 6,856 —-a-w c:windowsSystem32WDIERCQueuedResolutions.dat
— 2009-02-18 06:58:37 68,318 —-a-w c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-18 18:58:44 68,358 —-a-w c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
— 2009-02-11 09:00:58 168,245,217 —-a-w c:windowswinsxsManifestCache6.0.6001.18000_001c50b5_blobs.bin
+ 2009-02-18 09:34:19 169,386,247 —-a-w c:windowswinsxsManifestCache6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-05 04:30:48 864,256 —-a-w c:windowswinsxsmsil_ehepg_31bf3856ad364e35_6.0.6000.16784_none_d96a7db6d1ff1f37ehepg.dll
+ 2008-12-05 04:30:11 864,256 —-a-w c:windowswinsxsmsil_ehepg_31bf3856ad364e35_6.0.6000.20969_none_da0ebdb1eb0802f9ehepg.dll
+ 2008-12-05 04:30:50 135,168 —-a-w c:windowswinsxsmsil_ehexthost_31bf3856ad364e35_6.0.6000.16784_none_bcaffa6cc1ee8282ehexthost.exe
+ 2008-12-05 04:30:14 135,168 —-a-w c:windowswinsxsmsil_ehexthost_31bf3856ad364e35_6.0.6000.20969_none_bd543a67daf76644ehexthost.exe
+ 2008-12-05 04:30:53 77,824 —-a-w c:windowswinsxsmsil_ehiextens_31bf3856ad364e35_6.0.6000.16784_none_fb93015109f3e077ehiExtens.dll
+ 2008-12-05 04:30:16 77,824 —-a-w c:windowswinsxsmsil_ehiextens_31bf3856ad364e35_6.0.6000.20969_none_fc37414c22fcc439ehiExtens.dll
+ 2008-12-05 04:30:59 4,374,528 —-a-w c:windowswinsxsmsil_ehshell_31bf3856ad364e35_6.0.6000.16784_none_895d98f744b2ad89ehshell.dll
+ 2008-12-05 04:30:24 4,382,720 —-a-w c:windowswinsxsmsil_ehshell_31bf3856ad364e35_6.0.6000.20969_none_8a01d8f25dbb914behshell.dll
+ 2008-12-05 04:34:22 4,046,848 —-a-w c:windowswinsxsmsil_ehshell_31bf3856ad364e35_6.0.6001.18177_none_8b51a86741ce6e8eehshell.dll
+ 2008-12-05 04:36:00 4,046,848 —-a-w c:windowswinsxsmsil_ehshell_31bf3856ad364e35_6.0.6001.22322_none_8c0c55425ac80117ehshell.dll
+ 2008-12-05 04:31:24 1,196,032 —-a-w c:windowswinsxsmsil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16784_none_4e5b3cae98f7241fMicrosoft.MediaCenter.Shell.dll
+ 2008-12-05 04:30:50 1,269,760 —-a-w c:windowswinsxsmsil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20969_none_4eff7ca9b20007e1Microsoft.MediaCenter.Shell.dll
+ 2008-12-05 04:31:25 2,342,912 —-a-w c:windowswinsxsmsil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16784_none_30e98b5e5a4b2139Microsoft.MediaCenter.UI.dll
+ 2008-12-05 04:30:52 2,351,104 —-a-w c:windowswinsxsmsil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20969_none_318dcb59735404fbMicrosoft.MediaCenter.UI.dll
+ 2008-12-05 04:35:09 1,957,888 —-a-w c:windowswinsxsmsil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18177_none_32dd9ace5766e23eMicrosoft.MediaCenter.UI.dll
+ 2008-12-05 04:36:44 1,957,888 —-a-w c:windowswinsxsmsil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22322_none_339847a9706074c7Microsoft.MediaCenter.UI.dll
+ 2008-12-05 04:31:23 217,088 —-a-w c:windowswinsxsmsil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16784_none_2344e451cf638d4fMicrosoft.MediaCenter.dll
+ 2008-12-05 04:30:50 217,088 —-a-w c:windowswinsxsmsil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20969_none_23e9244ce86c7111Microsoft.MediaCenter.dll
+ 2008-12-05 04:29:53 1,384,960 —-a-w c:windowswinsxsx86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.16784_none_33d62fd51c82c373Mcx2Filter.dll
+ 2008-12-05 04:26:48 1,384,960 —-a-w c:windowswinsxsx86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.20969_none_347a6fd0358ba735Mcx2Filter.dll
+ 2008-12-05 04:32:31 1,384,960 —-a-w c:windowswinsxsx86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.18177_none_35ca3f45199e8478Mcx2Filter.dll
+ 2008-12-05 04:34:07 1,384,960 —-a-w c:windowswinsxsx86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.22322_none_3684ec2032981701Mcx2Filter.dll
+ 2008-12-05 04:29:52 180,224 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.16784_none_cbeae909ccde0eebcbva.dll
+ 2008-12-05 04:25:16 180,224 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.20969_none_cc8f2904e5e6f2adcbva.dll
+ 2008-12-05 04:32:35 180,224 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.18177_none_cddef879c9f9cff0cbva.dll
+ 2008-12-05 04:34:10 180,224 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.22322_none_ce99a554e2f36279cbva.dll
+ 2008-12-05 04:29:53 252,416 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16784_none_127ebd1ba2c97ee7ehReplay.dll
+ 2008-12-05 04:25:50 254,464 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20969_none_1322fd16bbd262a9ehReplay.dll
+ 2008-12-05 04:32:30 254,464 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18177_none_1472cc8b9fe53fecehReplay.dll
+ 2008-12-05 04:34:05 254,464 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22322_none_152d7966b8ded275ehReplay.dll
+ 2008-12-05 04:29:53 6,656 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16784_none_31f12d71dd10e345McrMgr.dll
+ 2008-12-05 04:29:27 173,056 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16784_none_31f12d71dd10e345McrMgr.exe
+ 2008-12-05 04:26:44 6,656 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20969_none_32956d6cf619c707McrMgr.dll
+ 2008-12-05 03:58:02 173,056 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20969_none_32956d6cf619c707McrMgr.exe
+ 2008-01-19 07:34:44 6,656 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18177_none_33e53ce1da2ca44aMcrMgr.dll
+ 2008-12-05 04:32:03 173,056 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18177_none_33e53ce1da2ca44aMcrMgr.exe
+ 2008-12-05 04:34:07 6,656 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22322_none_349fe9bcf32636d3McrMgr.dll
+ 2008-12-05 04:33:34 173,056 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22322_none_349fe9bcf32636d3McrMgr.exe
+ 2008-12-05 04:29:53 21,504 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16784_none_2da4fc298558bab5ehdebug.dll
+ 2008-12-05 04:25:49 21,504 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20969_none_2e493c249e619e77ehdebug.dll
+ 2008-12-05 04:29:53 372,224 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16784_none_2d031f816d38bf90ehglid.dll
+ 2008-12-05 04:25:50 372,736 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20969_none_2da75f7c8641a352ehglid.dll
+ 2008-12-05 04:32:30 373,248 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18177_none_2ef72ef16a548095ehglid.dll
+ 2008-12-05 04:34:05 373,248 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22322_none_2fb1dbcc834e131eehglid.dll
+ 2008-12-05 04:29:53 105,472 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16784_none_248fdca06510d584ehPresenter.dll
+ 2008-12-05 04:25:50 105,472 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20969_none_25341c9b7e19b946ehPresenter.dll
+ 2008-12-05 04:32:30 105,472 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18177_none_2683ec10622c9689ehPresenter.dll
+ 2008-12-05 04:34:05 105,472 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22322_none_273e98eb7b262912ehPresenter.dll
+ 2008-12-05 04:24:46 10,094,080 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16784_none_4fd348fd538edd36ehres.dll
+ 2008-12-05 04:25:52 10,103,808 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20969_none_507788f86c97c0f8ehres.dll
+ 2008-12-05 04:29:53 18,944 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16784_none_36840e2916f6a04behtrace.dll
+ 2008-12-05 04:25:53 18,944 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20969_none_37284e242fff840dehtrace.dll
+ 2008-12-05 04:29:53 517,120 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16784_none_cc8b6153cc7e7350ehui.dll
+ 2008-12-05 04:25:55 521,728 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20969_none_cd2fa14ee5875712ehui.dll
+ 2008-12-05 04:32:30 522,240 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18177_none_ce7f70c3c99a3455ehui.dll
+ 2008-12-05 04:34:05 522,240 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22322_none_cf3a1d9ee293c6deehui.dll
+ 2008-12-05 04:29:53 1,497,600 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16784_none_39d2538a2e5427f2ehuihlp.dll
+ 2008-12-05 04:25:57 1,498,112 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20969_none_3a769385475d0bb4ehuihlp.dll
+ 2008-12-05 04:29:20 253,952 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.16784_none_4930035357d2652dehvid.exe
+ 2008-12-05 02:33:52 253,952 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.20969_none_49d4434e70db48efehvid.exe
+ 2008-12-05 04:31:42 253,952 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.18177_none_4b2412c354ee2632ehvid.exe
+ 2008-12-05 04:33:17 253,952 —-a-w c:windowswinsxsx86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.22322_none_4bdebf9e6de7b8bbehvid.exe
+ 2008-12-05 04:29:53 1,244,672 —-a-w c:windowswinsxsx86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16784_none_3cf1ae45629adadamcmde.dll
+ 2008-12-05 04:26:44 1,244,672 —-a-w c:windowswinsxsx86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20969_none_3d95ee407ba3be9cmcmde.dll
+ 2008-12-05 04:29:53 428,032 —-a-w c:windowswinsxsx86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16784_none_de3f5b78917d51ecEncDec.dll
+ 2008-12-05 04:25:58 428,032 —-a-w c:windowswinsxsx86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20969_none_dee39b73aa8635aeEncDec.dll
+ 2008-12-05 04:32:35 428,544 —-a-w c:windowswinsxsx86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18177_none_e0336ae88e9912f1EncDec.dll
+ 2008-12-05 04:34:10 428,544 —-a-w c:windowswinsxsx86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22322_none_e0ee17c3a792a57aEncDec.dll
+ 2008-12-05 04:29:56 292,352 —-a-w c:windowswinsxsx86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16784_none_d9c47d325a265597psisdecd.dll
+ 2008-12-05 04:28:37 292,352 —-a-w c:windowswinsxsx86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20969_none_da68bd2d732f3959psisdecd.dll
+ 2008-12-05 04:32:36 293,376 —-a-w c:windowswinsxsx86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18177_none_dbb88ca25742169cpsisdecd.dll
+ 2008-12-05 04:34:10 293,376 —-a-w c:windowswinsxsx86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22322_none_dc73397d703ba925psisdecd.dll
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Sidebar»=»c:program filesWindows Sidebarsidebar.exe» [2008-01-19 1233920]
«AdobeUpdater»=»c:program filesCommon FilesAdobeUpdater5AdobeUpdater.exe» [2009-02-18 2356088]
«Messenger (Yahoo!)»=»c:progra~1Yahoo!MESSEN~1YahooMessenger.exe» [2009-02-04 4363504]
«ICQ»=»c:progra~1ICQ6.5ICQ.exe» [2008-11-30 172792]
«Acer Tour Reminder»=»» [BU]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«eDataSecurity Loader»=»c:acerEmpowering TechnologyeDataSecurityeDSloader.exe» [2007-04-25 457216]
«eAudio»=»c:acerEmpowering TechnologyeAudioeAudio.exe» [2007-08-31 1286144]
«LManager»=»c:progra~1LAUNCH~1QtZgAcer.EXE» [2008-01-02 707080]
«PlayMovie»=»c:program filesAcer Arcade DeluxePlay MoviePMVService.exe» [2007-12-05 200704]
«Acer Product Registration»=»c:program filesAcer RegistrationACE1.exe» [2007-09-07 3387392]
«Acer Assist Launcher»=»c:program filesAcer Assistlauncher.exe» [2007-02-02 1261568]
«Acer Tour Reminder»=»c:acerAcerTourReminder.exe» [2007-08-01 151552]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2008-01-11 39792]
«NvSvc»=»c:windowssystem32nvsvc.dll» [2007-12-14 86016]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-12-14 8501792]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-12-14 81920]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 12Lvagent.exe» [2007-03-24 194080]
«PLFSet»=»c:windowsPLFSet.dll» [2007-04-25 45056]
«ISTray»=»c:program filesSpyware DoctorpctsTray.exe» [2009-02-18 1166216]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-02-05 81000]
«RtHDVCpl»=»RtHDVCpl.exe» [2007-12-14 c:windowsRtHDVCpl.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«Acer Tour Reminder»=»c:acerAcerTourReminder.exe» [2007-08-01 151552]

c:usersJaneAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
OneNote 2007 Screen Clipper and Launcher.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632]

c:usersalexAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
OneNote 2007 Screen Clipper and Launcher.lnk — c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2006-10-26 98632]
wkcalrem.LNK — c:program filesCommon Filesmicrosoft sharedWorks SharedWkCalRem.exe [2005-08-18 21504]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
Acer VCM.lnk — c:program filesAcerAcer VCMAcerVCM.exe [2008-04-28 1216512]
Empowering Technology Launcher.lnk — c:acerEmpowering TechnologyeAPLauncher.exe [2007-12-18 535336]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
«EnableUIADesktopToggle»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UacDisableNotify»=dword:00000001
«InternetSettingsDisableNotify»=dword:00000001
«AutoUpdateDisableNotify»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-3643566502-870319019-1950998503-1001]
«EnableNotificationsRef»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
«{AF665330-CB5E-44E9-966C-A956F77BE7F9}»= c:program filesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:Acer Arcade Deluxe
«{C3432620-CF0A-4C34-B94E-DCFBFE405D1C}»= c:program filesAcer Arcade DeluxeVideoMagicianVideoMagician.exe:VideoMagician
«{BEF5B974-3178-442C-89C2-7EE0B1F4CA9F}»= c:program filesAcer Arcade DeluxeHomeMediaHomeMedia.exe:HomeMedia
«{EB435A7A-031E-47C9-AC08-26EBF795F484}»= c:program filesAcer Arcade DeluxeDV WizardDV Wizard.exe:DV Wizard
«{A5E7ADEB-655C-41BF-B532-DC4014EB853C}»= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{FF761DED-5389-41AD-A7C3-CFE64887C705}»= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
«{06337468-E8AE-4641-8A75-05EC67F86159}»= c:program filesAcer Arcade DeluxeDVDivineDVDivine.exe:DVDivine
«{2FECA69A-85C1-4BFB-8C1D-E82A1BB5B943}»= c:program filesAcer Arcade DeluxePlay MoviePlayMovie.exe:Play Movie
«{93073FED-3688-4436-BC04-46755531B613}»= c:program filesAcer Arcade DeluxePlay MoviePMVService.exe:Play Movie Resident Program
«{EFAF3F03-0DC9-464F-BB01-25E87991968C}»= c:program filesAcerAcer VCMVC.exe:Acer VCM
«{507EB5C6-C9ED-44F4-9788-E2D76D38D830}»= UDP:c:program filesYahoo!MessengerYahooMessenger.exe:Yahoo! Messenger
«{A4312B40-6B43-4EA4-AAD4-F51634757E9C}»= TCP:c:program filesYahoo!MessengerYahooMessenger.exe:Yahoo! Messenger
«{E0648073-97DE-466E-8775-D8B651666878}»= UDP:c:program filesYahoo!MessengerYServer.exe:Yahoo! FT Server
«{DBB862A3-705F-4220-9311-59C884F8B71A}»= TCP:c:program filesYahoo!MessengerYServer.exe:Yahoo! FT Server
«{44FCEBC2-CC8C-4476-9745-01F49132BE9C}»= UDP:c:program filesLexmark 2400 Serieslxcrmon.exe:Device Monitor
«{73F788DF-AEAF-40DC-B06B-E7BA03D5AB78}»= TCP:c:program filesLexmark 2400 Serieslxcrmon.exe:Device Monitor
«{9BC69FC6-7AAF-4022-AAB9-C762158E7ECB}»= UDP:c:program filesLexmark 2400 SeriesLXCRaiox.exe:All In One Center
«{3C919FD4-0136-47CA-A416-EFB1C6469B6A}»= TCP:c:program filesLexmark 2400 SeriesLXCRaiox.exe:All In One Center
«{36A406CE-F6C7-4171-90F0-9FC9818E9F9E}»= UDP:c:windowsSystem32lxcrcoms.exe:2400 Series Server
«{E7EB283A-D9E4-47A2-91C8-D7D3C3FDFC5F}»= TCP:c:windowsSystem32lxcrcoms.exe:2400 Series Server
«{EBD9A93C-A07F-4660-885F-8C0F5A356154}»= UDP:c:program filesPoivY.comPoivYPoivY.exe:PoivY
«{3B0F4AB1-D037-4245-BA3F-9FD7FEE21577}»= TCP:c:program filesPoivY.comPoivYPoivY.exe:PoivY
«{3D4806A3-7805-4C22-ABD7-00B30C8CDC75}»= c:program filesSkypePhoneSkype.exe:Skype
«{6DBFC2DB-6E08-45C3-B6A1-AE1A49B16A67}»= UDP:c:windowsSystem32lxcrcoms.exe:Lexmark Communications System
«{39A5AFD2-0D1D-4424-91B7-2AF54A583581}»= TCP:c:windowsSystem32lxcrcoms.exe:Lexmark Communications System
«{C1286F3A-5E01-4F34-8F28-CCAAC18968B1}»= UDP:c:program filesYahoo!MessengerYahooMessenger.exe:Yahoo! Messenger
«{ABAC8721-FE22-46D3-A481-4EA0D82A9FB0}»= TCP:c:program filesYahoo!MessengerYahooMessenger.exe:Yahoo! Messenger
«TCP Query User{00D405B6-8A04-4C6D-80E6-AEF5EA8739EA}c:\program files\emule\emule.exe»= UDP:c:program filesemuleemule.exe:eMule
«UDP Query User{E039DCA2-945B-4008-8283-DA7D6EDB9D7C}c:\program files\emule\emule.exe»= TCP:c:program filesemuleemule.exe:eMule

R1 aswSP;avast! Self Protection;c:windowsSystem32driversaswSP.sys [2009-02-18 114768]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:program filesAcer Arcade DeluxePlay Movie000.fcl [2008-04-28 17:21:41 41456]
R2 aswFsBlk;aswFsBlk;c:windowsSystem32driversaswFsBlk.sys [2009-02-18 20560]
R2 aswMonFlt;aswMonFlt;c:windowsSystem32driversaswMonFlt.sys [2009-02-18 51792]
R2 RS_Service;Raw Socket Service;c:program filesAcerAcer VCMRS_Service.exe [2008-04-28 233472]
R2 VirtualDrive;VirtualDrive;d:program filesAll Imagevdd-x86.sys [2008-06-12 10752]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0;c:windowsSystem32driversb57nd60x.sys [2007-12-18 179712]
R3 winbondcir;Winbond IR Transceiver;c:windowsSystem32driverswinbondcir.sys [2007-12-18 43008]
S3 A310;AVerMedia A310 DVB-T;c:windowsSystem32driversAVerA310USB.sys [2007-12-18 26368]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:windowsSystem32driversAVerA310Cap.sys [2007-12-18 42240]
S4 SPIDERNT;SpIDer Guard for Windows;c:progra~1DrWebspidernt.exe —> c:progra~1DrWebspidernt.exe [?]

— Other Services/Drivers In Memory —

*Deregistered* — sptd
.
Contents of the ‘Scheduled Tasks’ folder

2009-02-19 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-02-17 12:02]

2009-02-17 c:windowsTasksNorton Security Scan.job
— c:program filesNorton Security ScanNss.exe [2007-09-18 23:42]

2009-02-19 c:windowsTasksUser_Feed_Synchronization-{42C748F1-26A6-4848-BBB9-3A6236DE7C73}.job
— c:windowssystem32msfeedssync.exe [2008-01-19 01:33]

2009-02-18 c:windowsTasksUser_Feed_Synchronization-{883639CB-4FDF-4C7C-98F0-31670E7D1765}.job
— c:windowssystem32msfeedssync.exe [2008-01-19 01:33]
.
— — — — ORPHANS REMOVED — — — —

HKLM-Run-NBKeyScan — c:program filesNeroNero8Nero BackItUpNBKeyScan.exe

.

Supplementary Scan

.
uStart Page = http://www.yandex.ru/
mStart Page = hxxp://en.ca.acer.yahoo.com
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
LSP: c:windowssystem32DRWEBSP.DLL
TCP: {AC53EBCE-CA45-45B4-92CC-97BFB8B64A64} = 142.161.130.154 142.161.2.154
FF — ProfilePath — c:usersalex newAppDataRoamingMozillaFirefoxProfilesqrek2kgn.default
FF — component: c:program filesMozilla Firefoxextensions{B13721C7-F507-4982-B2E5-502A71474FED}componentsNPComponent.dll
FF — plugin: c:program filesGoogleGoogle Updater2.4.1487.6512npCIDetect13.dll
FF — plugin: c:program filesJavajre1.5.0_03binNPJava11.dll
FF — plugin: c:program filesJavajre1.5.0_03binNPJava12.dll
FF — plugin: c:program filesJavajre1.5.0_03binNPJava13.dll
FF — plugin: c:program filesJavajre1.5.0_03binNPJava14.dll
FF — plugin: c:program filesJavajre1.5.0_03binNPJava32.dll
FF — plugin: c:program filesJavajre1.5.0_03binNPJPI150_03.dll
FF — plugin: c:program filesJavajre1.5.0_03binNPOJI610.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 13:30:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes


— — — — — — — > ‘Explorer.exe'(5432)
c:windowssystem32MsnChatHook.dll
c:windowssystem32ShowErrMsg.dll
c:windowssystem32sysenv.dll
c:windowssystem32BatchCrypto.dll
c:windowssystem32CryptoAPI.dll
c:windowssystem32keyManager.dll
.

Other Running Processes

.
c:windowsSystem32audiodg.exe
c:program filesAlwil SoftwareAvast4aswUpdSv.exe
c:program filesAlwil SoftwareAvast4ashServ.exe
c:acerEmpowering TechnologyeDataSecurityeDSService.exe
c:acerEmpowering TechnologyeLockServiceeLockServ.exe
c:acerEmpowering TechnologyeNeteNet Service.exe
c:program filesCommon FilesLightScribeLSSrvc.exe
c:windowsSystem32lxcrcoms.exe
c:acerMobility CenterMobilityService.exe
c:program filesCyberLinkShared FilesRichVideo.exe
c:windowsSystem32driversXAudio.exe
c:acerEmpowering TechnologyeRecoveryeRecoveryService.exe
c:acerEmpowering TechnologyeSettingsServicecapuserv.exe
c:acerEmpowering TechnologyePowerePowerSvc.exe
c:windowsSystem32wbemunsecapp.exe
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
c:windowsSystem32conime.exe
c:usersALEXNE~1AppDataLocalTempRtkBtMnt.exe
c:program filesLaunch ManagerQtZgAcer.EXE
c:windowsSystem32rundll32.exe
c:program filesAlwil SoftwareAvast4ashDisp.exe
c:windowsSystem32rundll32.exe
c:program filesICQ6.5ICQ.exe
c:acerEmpowering TechnologyeNeteNMTray.exe
c:acerEmpowering TechnologyePowerePower_DMC.exe
c:acerEmpowering TechnologyAcer.Empowering.Framework.Supervisor.exe
c:acerEmpowering TechnologyeRecoveryeRAgent.exe
c:program filesAcerAcer VCMacp2HID.exe
c:program filesYahoo!MessengerYmsgr_tray.exe
c:windowsSystem32dllhost.exe
.
**************************************************************************
.
Completion time: 2009-02-19 13:35:57 — machine was rebooted [alex new]
ComboFix-quarantined-files.txt 2009-02-19 19:35:53
ComboFix2.txt 2009-02-18 07:35:54

Pre-Run: 66,024,681,472 bytes free
Post-Run: 65,984,430,080 bytes free

520 — E O F — 2009-02-19 09:02:06

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Важные инструкции

Какой лучший антивирус ? Как выбрать антивирус ?
Удалить вирус, всплывающие окна и рекламу в Mac OS X
Как удалить всплывающие окна
Как запустить компьютер в безопасном режиме (Safe Mode)
Удалить всплывающие окна, рекламу, уведомления в Chrome

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)