PUSHD «C:32788R22FWJFW»
SET «Comspec=C:windowssystem32cmd.execf»
IF NOT EXIST C:windowssystem32cmd.exe GOTO Not_NT
VER 1>OsVer
GREP.cfxxe -F «5.1.2» OsVer 1>XP.mac
IF 0 == 0 GOTO NT
SET «Ver_CF=09-09-07.05»
IF NOT EXIST NircmdB.exe COPY /Y Nircmd.cfxxe NircmdB.exe
╤ъюяшЁютрэю Їрщыют: 1.
PEV UZIP Licensepv_5_2_2.zip .
MOVE /Y PV.exe PV.cfxxe
IF NOT EXIST PEV.cfxxe COPY /Y PEV.exe PEV.cfxxe
╤ъюяшЁютрэю Їрщыют: 1.
GREP.cfxxe -isq «ProductType.*WinNT» WinNT00 || GOTO Not_NT
SED «/^PATH=/I!d; s///; s/x22//g» Oripath 1>OriPath00
PEV -rtf -s+901 .OriPath00 && (
SED -r «s/x22//g; s/(.{900}).*/1/; s/;[^;]*$//» OriPath00 1>OriPath01
FOR /F «TOKENS=*» %G IN (OriPath01) DO @SET «PATH=C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;%G»
)
IF NOT EXIST OriPath01 FOR /F «TOKENS=*» %G IN (OriPath00) DO SET «PATH=C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;%G»
SET «PATH=C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:ComboFix;C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:Program FilesMozilla Firefox;C:windowssystem32;C:windows;C:windowssystem32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC»
Killing ‘runonce.exe’
Killing ‘grpconv.exe’
Killing ‘procmon.exe’
Killing ‘ANDRE.EXE’
Killing ‘TOLO.exe’
Killing ‘Merlin.scr’
Killing ‘jalang.exe’
Killing ‘jalangkung.exe’
Killing ‘jantungan.exe’
Killing ‘DOSEN.exe’
Killing ‘C3W3K4MPUS.exe’
pv: No matching processes found
PEV -rtf —c:##5# .* and { License.exe or 32788R22FWJFW.exe or OsVer.exe or WinNT.exe or N_.exe } 1>temp00 && (
PV -o%f * 1>temp01
PEV -tf -t!o —files:temp01 —c:##5#b#f# 1>temp02
GREP -Fif temp00 temp02 1>temp03
SED «/.* /!d; s///» temp03 1>temp04
SED «:a; $!N; s/n/x22 x22/; ta; s/.*/x22&x22/» temp04 1>temp05
FOR /F «TOKENS=*» %G IN (temp05) DO @NIRCMD KILLPROCESS %G
)
Текущая кодовая страница: 1251
═х єфрхЄё эрщЄш C:32788R22FWJFWAbortB
CALL :MDCheck
═х єфрхЄё эрщЄш C:32788R22FWJFWmd5sum00.pif
PEV -rtf -md54C31434B834B14D226AEA1A0A5C172C4 .md5sum.pif || CALL :MDFaiL ChkSum_Fail
.md5sum.pif
PEV -tf —files:files.pif —c:##5#b#f# 1>mdCheck00.dat
GREP -vs «^!MD5:» mdCheck00.dat 1>mdCheck0a.dat
GREP -Fvf md5sum.pif mdCheck0a.dat 1>mdCheck01.dat && CALL :MDFaiL
GOTO :EOF
=============================================
ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsAdminApplication Data
cdrom=E:
cfExt=cfxxe
CFLDR=32788R22FWJFW
Chksum=4C31434B834B14D226AEA1A0A5C172C4
CLIENTNAME=Console
Command switches used=Command switches used
CommonProgramFiles=C:Program FilesCommon Files
Completion time=Completion time
COMPUTERNAME=MICROSOF-5C7FE7
ComSpec=C:windowssystem32cmd.execf
Connecting to=Connecting to
Connecting to ComboFix servers=Connecting to ComboFix servers
ControlSet=ControlSet001
Cryptography Services Error=Cryptography Services Error
CS000=HKEY_LOCAL_MACHINEsystemControlSet001Services
Disclaimer=The following websites are not in any way affiliated to ComboFix:~n~n http://www.combofix.org/~n http://www.combofixdownload.com/~n~nIf you have purchased anything from them, I suggest you instruct your~nfinanciers to cancel the transaction.~n~n
~n~nA guide on proper ComboFix usage may be found at:~nhttp://www.bleepingcomputer.com/combofix/how-to-use-combofix~n~nComboFix is meant for private use. It should never be used in an~nunsupervised environment. If infections are found, it will automatically~nreboot the machine to complete the removal process. Please ensure all~nopened windows are closed before proceeding.~n~nThis software is provided ‘as is’, without warranty of any kind. All~nimplied warranties are expressly disclaimed. If you do not agree to the~nabove terms, please click No to exit» «DISCLAIMER OF WARRANTY ON SOFTWARE.
DLLs Loaded Under Running Processes=DLLs Loaded Under Running Processes
Drivers/Services=Drivers/Services
Fail2Delete=failed to delete
File Associations=File Associations
File Replicators=File Replicators
FileName=ComboFix
FilePath=D:Program Files
Files Infected — Patched=Files Infected — Patched
FIREFOX POLICIES=FIREFOX POLICIES
FP_NO_HOST_CHECK=NO
hidden files=hidden files
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsAdmin
is infected=is infected
is missing=is missing
KMD=CF15211.exe
Line1=Please wait.
Line10=ComboFix has detected the presence of rootkit activity and needs to reboot the machine~nKindly note down on paper, the name of each file. We may need it later~n~n%~G» «Rootkit !!
Line10A=ComboFix has detected the presence of rootkit activity and needs to reboot the machine» «Rootkit !!
Line11=Scanning for infected files . . .
Line12=This typically doesn’t take more than 10 minutes
Line13=However, scan times for badly infected machines may easily double
Line14=%G …… driver unloaded successfully.
Line15=Rootkit driver %G is still present. A rootkit scan is required
Line16=ComboFix has changed your clock settings.
Line17=Do not change it back. It shall be restored later
Line18=ComboFix encountered a terminal error!! Please upload this file — C:ComboFix_error.dat
Line19=to: http://www.bleepingcomputer.com/submit-malware.php?channel=4
Line2=ComboFix is preparing to run.
Line20=Preparing Log Report.
Line21=Do not run any programs until ComboFix has finished
Line22=No new files created in this timespan
Line23=*Note* empty entries ^& legit default entries are not shown
Line24=Contents of the ‘Scheduled Tasks’ folder
Line25=Almost done . . This window will close in a short while
Line26=Please wait a few seconds for the report log to pop up
Line27=ComboFix’s log shall be located at C:COMBOFIX.TXT
Line28=Rebooting Windows . . . Please wait
Line29=Please allow ComboFix to reboot the machine.
Line3=You need Administrative privileges to run this tool» «Not Admin !!
Line30=Overlay aborted … Please run ComboFix once more
Line31=Date Error: ~%CurrDate.yyyy-MM-dd%~n~nCheck your settings» «DATE ERROR
Line32=C:windowssystem32HAL.DLL is missing !!~n~nIt’s IMPORTANT that you DO NOT reboot/shutdown the machine~n~nPost to the forums for immediate help. Do not click OK until further instructed» «CRITICAL WARNING !!
Line33=ComboFix needs to submit malware files for further analysis.~n~nPlease ensure that you’re connected to the internet before clicking OK» «Submit Files for further analysis
Line34=Submit malware to Bleeping Computer for analysis.
Line35=Copy/Paste the filepath below into the box above and click Send.
Line36=Infected copy of %~1 was found and disinfected
Line36A=Restored copy from — %~2
Line37=%~1 . . . is infected!!
Line38=((((((((((((((((((((((((( Files Created from %thirty% to %dateX% )))))))))))))))))))))))))))))))
Line39=(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
Line4=C:windowsregedit.exe is missing~n~nCopy one from another machine» «Terminal Error — Missing file
Line40=Webserver appears to be temporarily inaccessible.~nFor your convenience, ComboFix created a submissions form located at:~n~n* C:CF-Submit.htm~n~nPlease use that to manually upload it later. » «Upload Failed!!
Line41=((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
Line42=((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
Line43=Deleting Files:
Line43A=Deleting Folders:
Line44=- REDUCED FUNCTIONALITY MODE —
Line45=SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
Line46=scanning hidden processes …
Line47=scanning hidden autostart entries …
Line48=scanning hidden files …
Line49=— Snapshot reset to current date —
Line5=Current date is ~%CurrDate.yyyy-MM-dd%. ComboFix has expired~n~nClick ‘Yes’ to run in REDUCED FUNCTIONALITY mode~n~nClick ‘No’ to exit» «Version_%ver_CF%
Line50=ComboFix is uninstalled» «Info
Line51=Will only install the Recovery Console for Windows XP
Line52=Boot Partition cannot be enumerated correctly
Line53=%BootDir%Boot.ini is not correctly formated
Line54=This machine already has the Recovery Console installed.~n~nAborting operations
Line55=Please click ‘YES’ in the End User License Agreement (EULA) dialog that follows …» «Installing the Recovery Console
Line56=Installation file — %~G — cannot be found
Line57=You didn’t select YES~n~nInstallation is aborted
Line58=Contents of %BootDir%cmdcons are not in order.~n~nPlease disable your security programs before trying again
Line59=Congratulations!!! The Microsoft Recovery Console was successfully installed.~n~nOn each restart of the machine, a black screen will offer you the option to boot into recovery console mode.~nFor normal use, just ignore the black screen. Windows shall boot normally in 2 seconds~n~nClick ‘Yes’ to continue scanning for malware» «Info
Line6=Were you trying to run CFScript?~n~nThe name, CFScript appears to be incorrectly spelt» «CFScript Name Error
Line60=Click ‘Yes’ to continue scanning for malware~n~nClick ‘No’ to exit» «What’s next ?
Line62=There’s a newer version of ComboFix available.~n~nWould you like to update ComboFix?» «Update
Line63=— WARNING !! —~n~nA critical update is required.~n~nComboFix shall now update itself.~n~n— WARNING !! —» «Mandatory Update
Line64=Failed to download updated copy.~n~nWill continue with existing copy» «Failed Download
Line65=ComboFix shall now restart» «Updated
Line66=Interference detected~n~nPlease perform a Rootkit Scan» «Abort!
Line67=You cannot rename ComboFix as %FileName%~n~nPlease use another name, preferbaly made up of alphanumeric characters
Line68=%cd% not in expected location~n~n Inform sUBs now!!
Line69=ComboFix effected repairs on missing C:windowssystem32hal.dll
Line7=Attempting to create a new System Restore point
Line70=This machine does not have the ‘Microsoft Windows recovery console’ installed~n~nWithout it, ComboFix shall not attempt the fixing of some serious infections.~n~nClick ‘Yes’ to have ComboFix download/install it.~n~nNOTE: this requires an active internet connection.» «Microsoft Windows Recovery Console
Line71=Click ‘Yes’ if this is a WINDOWS XP *HOME EDITION* machine» «XP Home Edition
Line72=Failed to download required files. Aborting … ~n~nShall continue scanning for malware
Line73=Internal error! Failed to enumerate download path. ~n~nAborting … Shall continue scanning for malware
Line74=You do not appear to be connected to the internet. Kindly connect before clicking ‘OK’
Line75=The following files were trying to attach to ComboFix. They shall be disabled~nKindly note down on paper, the name of each file. We may need it later~n~n%~G» «Parasites found !!
Line76=ComboFix has detected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and intrusion prevention programs are known to interfere~nwith ComboFix’s running. This may lead to unpredictable results or~npossible machine damage.~n~nPlease disable these scanners before clicking ‘OK’.» «Warning !!
Line77=%G~n~nThe above real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kindly note that this is at your own risk» «Warning !!
Line78=%~1 was missing
Line79=%~1 . . . is missing!!
Line8=Rich text formats (RTF) are unacceptable !!~n~nPlease save CFScript commands as a textfile, using Notepad.exe» «ERROR — Script format is incorrect
Line80=!! ALERT !! It is NOT SAFE to continue!~n~nThe contents of the ComboFix package has been compromised.~nPlease download a fresh copy from:~n~nhttp://www.bleepingcomputer.com/combofix/how-to-use-combofix~n~nNote: You may be infected with a file patching virus ‘Virut'» «Error
Line81=ComboFix’s script appears tampered. It is not safe to continue.~nComboFix shall now exit. Please inform the forum helper that’s aiding~nyou. Unless further instructed to do so, do not run ComboFix again.» «Failed Verification
Line82=Webserver appears to be temporarily inaccessible.~nFor your convenience, a zipped file has been created at:~n~nC:CFCollect.zip~n~nPlease upload the file to BleepingComputer~n~nDo not forget to fill in the ‘Comments’ section» «Upload Failed!!
Line83=NETSVCS REQUIRES REPAIRS — current entries shown
Line84=http://download.bleepingcomputer.com/sUBs/ComboFix.exe~nhttp://www.forospyware.com/sUBs/ComboFix.exe~n~nComboFix.exe may be downloaded from any of the above sites. If you~nhave downloaded from some other site, there’s a likely chance that it~nmay be tainted. For peace of mind, I suggest that you delete the current~ncopy and get a fresh one.» «Caution
Line85=Manual Fix is required for restoring CommonStartup
Line9=Rootkit driver %G is present. … attempting disinfection
Line90=ComboFix needs to perform a deeper scan
Line91=This should not take more than 10-15 minutes
Line92=Infected HTML files detected.
Line93=ComboFix will now attempt to disinfect
Line94=This is going to take some time
Line95=Disinfection complete !!! … continuing Log Report preparation
Line96=Recovery in Progress . . .
Line97=WARNING !! Do not manually reboot the machine yourself
LOCKED REGISTRY KEYS=LOCKED REGISTRY KEYS
LOGONSERVER=\MICROSOF-5C7FE7
machine was rebooted=machine was rebooted
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:Documents and SettingsAdminApplication DataMozillaFirefoxCrash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:Program FilesMozilla Firefoxfirefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:Program FilesMozilla Firefoxcrashreporter-override.ini
not completed=not completed
NUMBER_OF_PROCESSORS=2
ORPHANS REMOVED=ORPHANS REMOVED
OS=Windows_NT
Other Running Processes=Other Running Processes
Other Services/Drivers In Memory=Other Services/Drivers In Memory
Path=C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:ComboFix;C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:Program FilesMozilla Firefox;C:windowssystem32;C:windows;C:windowssystem32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC
PATHEXT=.cfxxe;.cfxxe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
Possible infected sites=Possible infected sites
Post-Run=Post-Run
Pre-Run=Pre-Run
Previous Run=Previous Run
PROCESS=PROCESS
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=C:Program Files
PROMPT=$
Qrntn=C:QooboxQuarantine
RecoveryConsole=WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Resident AV is active=Resident AV is active
RestorePoint= * Created a new restore point
RKEY_=hklmsoftwaremicrosoftwindows ntcurrentversionwindows
Running from=Running from
scan completed successfully=scan completed successfully
SESSIONNAME=Console
sfxcmd=»D:Program FilesComboFix.exe»
sfxname=D:Program FilesComboFix.exe
Stage=Completed Stage_
Supplementary Scan=Supplementary Scan
SYSTEM=C:windowssystem32
SystemDrive=C:
SystemRoot=C:windows
Test=C:QooboxTest
The following files were disabled during the run=The following files were disabled during the run
Upload was successful=Upload was successful
Uploading files to server=Uploading files to server
USERDOMAIN=MICROSOF-5C7FE7
USERNAME=Admin
USERPROFILE=C:Documents and SettingsAdmin
Ver_CF=09-09-07.05
windir=C:windows
=============================================
IF NOT DEFINED sfxname GOTO END
GREP -F temp01 && CALL :Aux
GREP -Fi «C:windowssystem32userinit.exe» Userinit00 || (SWREG ADD «hklmsoftwaremicrosoftwindows ntcurrentversionwinlogon» /v Userinit /d «C:windowssystem32userinit.exe,» )
Userinit REG_SZ C:windowssystem32userinit.exe,
SET SfxCmd 1>SET00
SED -r «/SfxCmd=/I!d; s///; s/s*$//; s/^(x22[^x22]*x22|[^x22]S*) +//; s/^x22*D:\Program Files\ComboFix.exex22*//I; s/^([^x22]S*)/@SET SfxCmd=x221x22/; s/^(x22.*)/@SET SfxCmd=1/» SET00 1>sfx.cmd
DEL /A/F SET00
ATTRIB +R «D:Program FilesComboFix.exe»
CALL sfx.cmd
CALL AV.cmd
SET /a AVCount+=1
NIRCMD EXEC HIDE PV -d9000 -kf CSCRIPT.EXE
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
PV -kf CSCRIPT.exe PV.*
Killing ‘CSCRIPT.exe’
Killing ‘PV.*’
IF NOT EXIST AvBlack00 GREP -Fisf AVBlack resident.txt 1>AvBlack00 && (
SED -r «s/x22//g; s/.*) //; s/.*({.{8}-.{4}-.{4}-.{4}-.{12}}).*/1/» AvBlack00 1>AvBlack01
FOR /F «TOKENS=*» %G IN (AvBlack01) DO @CSCRIPT.EXE //NOLOGO //E:VBSCRIPT //T:5 wmi_rem.vbs «%~G»
NIRCMD EXEC HIDE PV -d6000 -kf CSCRIPT.EXE
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
PV -kf CSCRIPT.exe PV.*
)
GREP -Fivf AVWhite resident.txt | GREP -E «^(AV|SP): .*enabled* (» 1>AVChk && (
SED -r «s/^AV:/antivirus: /; s/^SP:/antispyware: /; s/ *(On-access scanning |)enabled*.*//» AVChk | SED «:a; $!N;s/n/~n/;ta» 1>AVChkB
NIRCMD LOOP 2 80 BEEP 3000 200
IF 1 LEQ 1 FOR /F «TOKENS=*» %G IN (AVChkB) DO @NIRCMD INFOBOX «ComboFix has detected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and intrusion prevention programs are known to interfere~nwith ComboFix’s running. This may lead to unpredictable results or~npossible machine damage.~n~nPlease disable these scanners before clicking ‘OK’.» «Warning !!» «» && GOTO Av-check
IF 1 GTR 1 FOR /F «TOKENS=*» %G IN (AVChkB) DO @NIRCMD INFOBOX «%G~n~nThe above real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kindly note that this is at your own risk» «Warning !!» «»
)
DEL /A/F/Q AVChk? AvWhite AvBlack AvBlack0?
SET AVCount=
IF EXIST vista.mac CALL :Vista
GREP -Fx «REGEDIT4» Fin.dat || (
ECHO.1>»tdsstdss»
PEV -rtf «tdsstdss» || (
ECHO.1>wtf_tdssserv
CALL c.bat
GOTO END
)
GOTO AbortD
)
REGEDIT4
IF /I «C:32788R22FWJFW» NEQ «C:32788R22FWJFW» GOTO Abort
IF EXIST «32788R22FWJFW32788R22FWJFW.log» DEL /A/F «32788R22FWJFW32788R22FWJFW.log»
COPY /Y /B «C:windowssystem32cmd.execf» «C:windowssystem32CF15211.exe»
╤ъюяшЁютрэю Їрщыют: 1.
SET «COMSPEC=C:windowssystem32CF15211.exe»
FOR /F «TOKENS=*» %G IN («D:Program FilesComboFix.exe») DO (
SET «FileName=%~NG»
SET «FilePath=%~DPG»
)
(
SET «FileName=ComboFix»
SET «FilePath=D:Program Files»
)
SET FileName 1>FileName
GREP -ix «FileName=[-[:alnum:]@.]*» FileName || GOTO AbortB
FileName=ComboFix
DIR /AD/B C:* 1>DirName00
GREP -ivx ComboFix DirName00 1>DirName01
GREP -Fisqx «ComboFix» DirName01 && CALL :NameChk
IF EXIST DirName0? DEL /A/F/Q DirName0?
IF EXIST Oldsfxname00 DEL /A/F Oldsfxname00
IF EXIST «ComboFix» (
SWXCACLS «ComboFix» /RESET /Q
RD /S/Q «ComboFix»
IF EXIST «ComboFix» (
PV -kf *.cfxxe
RD /S/Q «ComboFix»
)
IF EXIST «ComboFix» (
HANDLE «C:ComboFix» 1>temp00
SED -R «/.* pid: (d*) +(S*):.*/I!d;s//@ECHO.y|Handle -c 2 -p 1/» temp00 1>temp00.bat
CALL temp00.bat
DEL /A/F temp00.bat temp00
RD /S/Q «ComboFix»
)
)
IF EXIST «ComboFix» RD /S/Q «ComboFix»
IF EXIST «ComboFix» GOTO :EOF
PEV UZIP «Licensestreamtools.zip» License && MOVE /Y LicenseSF.exe 1>N_3477 2>&1
GREP -Eisq «=./u.$» sfx.cmd && IF EXIST MsName.bat (ECHO.@SET SfxCmd= 1>sfx.cmd ) ELSE echo..1>ItsBeenPhun
DEL /A/F prep.done MsName.bat
CD ..
(
ECHO.MD «ComboFix»
ECHO.ATTRIB -H -S «32788R22FWJFW*»
ECHO.MOVE /y «32788R22FWJFW*» «ComboFix»
ECHO.RD /S/Q «32788R22FWJFW»
IF EXIST «32788R22FWJFW.0.tmp» ECHO.RD /S/Q «32788R22FWJFW.0.tmp»
IF EXIST «C:32788R22FWJFWItsBeenPhun» ECHO.NIRCMD EXEC2 HIDE «C:ComboFix» «C:windowssystem32CF15211.exe» /c c.bat
IF NOT EXIST «C:32788R22FWJFWItsBeenPhun» ECHO.START «.» /d»C:ComboFix» «C:windowssystem32CF15211.exe» /k c.bat
ECHO.PV -kf cmd.exe cmd.execf
ECHO.DEL /A/F C:Start_.cmd
) 1>Start_.cmd
SET «PATH=C:ComboFix;C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:ComboFix;C:32788R22FWJFW;C:windowssystem32;C:windows;C:windowssystem32wbem;C:Program FilesMozilla Firefox;C:windowssystem32;C:windows;C:windowssystem32wbem;C:PROGRAM FILESPC CONNECTIVITY SOLUTION;C:PROGRAM FILESATI TECHNOLOGIESATI.ACECORE-STATIC»
HIDEC «C:windowssystem32CF15211.exe» /F:OFF /D /C C:Start_.cmd
NIRCMD WAIT 2000
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-09-08 14:33:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (22%) free of 15 GB
Total RAM: 2046 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:54, on 08.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:windowsSystem32smss.exe
C:windowssystem32winlogon.exe
C:windowssystem32services.exe
C:windowssystem32lsass.exe
C:windowssystem32svchost.exe
C:windowsSystem32svchost.exe
C:windowssystem32svchost.exe
C:windowssystem32spoolsv.exe
D:6A00~1acs.exe
C:windowsExplorer.EXE
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:windowsSystem32svchost.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
C:windowssystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:Program FilesSpyware Terminatorsp_rsser.exe
D:програмыCpuIdlecpuidle.exe
D:СофтWinampwinampa.exe
D:6A00~1op_mon.exe
C:windowssystem32ctfmon.exe
C:windowssystem32svchost.exe
C:Program FilesMozilla Firefoxfirefox.exe
D:СофтRSIT.exe
C:Program Filestrend microAdmin.exe
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ссылки
R3 — URLSearchHook: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — C:Program Filesfree-downloads.nettbfre1.dll
O2 — BHO: SnagIt Toolbar Loader — {00C6482D-C502-44C8-8409-FCE54AD9C208} — C:Program FilesTechSmithSnagIt 8SnagItBHO.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: VMN Toolbar Astro Gemini — {A057A204-BACC-4D26-8287-79A187E26987} — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL
O2 — BHO: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — C:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: SnagIt — {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll
O3 — Toolbar: free-downloads.net Toolbar — {ecdee021-0d17-467f-a1ff-c7a115230949} — C:Program Filesfree-downloads.nettbfre1.dll
O3 — Toolbar: VMN Toolbar Astro Gemini — {A057A204-BACC-4D26-8287-79A187E26987} — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:windowssystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [CpuIdle] D:програмыCpuIdlecpuidle.exe
O4 — HKLM..Run: [WinampAgent] D:СофтWinampwinampa.exe
O4 — HKLM..Run: [OutpostMonitor] «D:6A00~1op_mon.exe» /tray /noservice
O4 — HKLM..Run: [OutpostFeedBack] «D:установкиfeedback.exe» /dump:os_startup
O4 — HKCU..Run: [ctfmon.exe] C:windowssystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] C:Program FilesMessengermsmsgs.exe /background
O4 — HKUSS-1-5-18..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_011] regsvr32 /s /n /i:u shell32 (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%System32rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFcustom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Быстрая настройка Outpost Firewall Pro — {44627E97-789B-40d4-B5C2-58BD171129A1} — D:установкиie_bar.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:windowsNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:windowsNetwork Diagnosticxpnetdiag.exe
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 — HKLMSystemCCSServicesTcpip..{36ECF653-D146-4851-ADD2-21DACAF6DB34}: NameServer = 194.79.63.1 194.79.63.1
O17 — HKLMSystemCCSServicesTcpip..{87F13F3F-BE9B-4061-B87E-FB3E44377E90}: NameServer = 192.168.59.1
O18 — Protocol: soloresinternetrusengnum — {1B7043A7-84E1-443A-804F-20A75728892C} — (no file)
O23 — Service: Agnitum Client Security Service (acssrv) — Agnitum Ltd. — D:6A00~1acs.exe
O23 — Service: ESET Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Журнал событий (Eventlog) — Корпорация Майкрософт — C:windowssystem32services.exe
O23 — Service: Служба COM записи компакт-дисков IMAPI (ImapiService) — Корпорация Майкрософт — C:windowssystem32imapi.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: NBService — Unknown owner — C:Program FilesNeroNero 7Nero BackItUpNBService.exe (file missing)
O23 — Service: Nero BackItUp Scheduler 4.0 — Nero AG — C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:windowssystem32nvsvc32.exe
O23 — Service: Plug and Play (PlugPlay) — Корпорация Майкрософт — C:windowssystem32services.exe
O23 — Service: PnkBstrA — Unknown owner — C:WINDOWSsystem32PnkBstrA.exe
O23 — Service: 9th Company Drivers Auto Removal (pr2aqfjb) (pr2aqfjb) — Noviy Disk — C:windowssystem32pr2aqfjb.exe
O23 — Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) — Корпорация Майкрософт — C:WINDOWSsystem32sessmgr.exe
O23 — Service: Cyberlink RichVideo Service(CRVS) (RichVideo) — Unknown owner — C:Program FilesCyberLinkShared filesRichVideo.exe
O23 — Service: Radmin Server V3 (RServer3) — Unknown owner — C:WINDOWSsystem32rserver30RServer3.exe (file missing)
O23 — Service: Смарт-карты (SCardSvr) — Корпорация Майкрософт — C:windowsSystem32SCardSvr.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Spyware Terminator Realtime Shield Service (sp_rssrv) — Crawler.com — C:Program FilesSpyware Terminatorsp_rsser.exe
O23 — Service: StarWind iSCSI Service (StarWindService) — Unknown owner — D:Alcohol 52StarWindStarWindService.exe (file missing)
O23 — Service: StarWind AE Service (StarWindServiceAE) — Unknown owner — D:програмыалкогольAlcohol 120StarWindStarWindServiceAE.exe (file missing)
O23 — Service: Журналы и оповещения производительности (SysmonLog) — Корпорация Майкрософт — C:windowssystem32smlogsvc.exe
O23 — Service: Теневое копирование тома (VSS) — Корпорация Майкрософт — C:windowsSystem32vssvc.exe
O23 — Service: Адаптер производительности WMI (WmiApSrv) — Корпорация Майкрософт — C:WINDOWSsystem32wbemwmiapsrv.exe
—
End of file — 8113 bytes
======Scheduled tasks folder======
C:windowstasksNeroLiveEpgUpdate-MICROSOF-5C7FE7_Admin.job
C:windowstasksUser_Feed_Synchronization-{0CEC74DE-9A99-4037-86AC-4CD3BFEBFC08}.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader — C:Program FilesTechSmithSnagIt 8SnagItBHO.dll [2007-05-01 63048]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A057A204-BACC-4D26-8287-79A187E26987}]
VMN Toolbar Astro Gemini — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL [2009-04-15 1950656]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-07-15 2215960]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} — SnagIt — C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll [2007-05-01 161352]
{ecdee021-0d17-467f-a1ff-c7a115230949} — free-downloads.net Toolbar — C:Program Filesfree-downloads.nettbfre1.dll [2009-07-15 2215960]
{A057A204-BACC-4D26-8287-79A187E26987} — VMN Toolbar Astro Gemini — C:PROGRA~1VMNTOO~1VMNTOO~1.DLL [2009-04-15 1950656]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=C:windowssystem32NvCpl.dll [2008-05-03 13529088]
«CpuIdle»=D:програмыCpuIdlecpuidle.exe [2009-08-27 824832]
«WinampAgent»=D:СофтWinampwinampa.exe [2009-04-10 37888]
«OutpostMonitor»=D:6A00~1op_mon.exe [2009-07-24 1259336]
«OutpostFeedBack»=D:установкиfeedback.exe [2009-07-24 436552]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:windowssystem32ctfmon.exe [2007-12-21 30208]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe /background []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:windowssystem32WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2007-06-18 133632]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=
:windowssystem32srr
scecli
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoSharedDocuments»=1
«NoThumbnailCache»=1
«NoSMConfigurePrograms»=1
«NoStartMenuPinnedList»=0
«NoStartMenuMFUprogramsList»=0
«NoUserNameInStartMenu»=0
«NoStartMenuSubFolders»=0
«NoCommonGroups»=0
«NoPrinterTabs»=0
«NoDeletePrinter»=0
«NoAddPrinter»=0
«NoPrinters»=0
«NoFavoritesMenu»=0
«NoDrives»=0
«NoChangeAnimation»=0
«NoChangeKeyboardNavigationIndicators»=0
«EnableShellExecuteHooks»=1
«NoInstrumentation»=1
«NoDriveAutoRun»=67108863
«NoActiveDesktop»=0
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesFlylinkDC++FlylinkDC.exe»=»C:Program FilesFlylinkDC++FlylinkDC.exe:*:Enabled:FlylinkDC++»
«C:Program FilesCommFortCommFort.exe»=»C:Program FilesCommFortCommFort.exe:*:Enabled:CommFort»
«C:Program FilesWindows Media Playerwmplayer.exe»=»C:Program FilesWindows Media Playerwmplayer.exe:*:Enabled:Windows Media Player»
«C:Program FilesGolden FTP Server ProGFTPpro.exe»=»C:Program FilesGolden FTP Server ProGFTPpro.exe:*:Enabled:Easy to use FTP server for Windows.»
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
======List of files/folders created in the last 1 months======
2009-09-08 14:17:59 —-SDC—- C:ComboFix
2009-09-08 14:17:59 —-A—- C:windowssystem32CF15211.exe
2009-09-08 14:16:35 —-A—- C:windowssystem32CF18577.exe
2009-09-07 11:08:10 —-A—- C:windowssystem32CF27163.exe
2009-09-07 11:01:45 —-A—- C:windowsNIRCMD.exe
2009-09-07 11:01:44 —-A—- C:windowszip.exe
2009-09-07 11:01:44 —-A—- C:windowsSWXCACLS.exe
2009-09-07 11:01:44 —-A—- C:windowsSWSC.exe
2009-09-07 11:01:44 —-A—- C:windowsSWREG.exe
2009-09-07 11:01:44 —-A—- C:windowssed.exe
2009-09-07 11:01:44 —-A—- C:windowsgrep.exe
2009-09-07 11:01:37 —-A—- C:windowssystem32CF20409.exe
2009-09-07 11:01:26 —-DC—- C:Qoobox
2009-09-07 11:01:26 —-AC—- C:Bug.txt
2009-09-03 12:29:35 —-HDC—- C:windows$NtUninstallKB946026$
2009-09-03 12:29:20 —-HDC—- C:windows$NtUninstallKB945553$
2009-09-03 12:29:04 —-HDC—- C:windows$NtUninstallKB950749$
2009-09-03 12:28:57 —-HDC—- C:windows$NtUninstallKB943055$
2009-09-03 10:05:54 —-DC—- C:tmp
2009-09-02 14:07:54 —-DC—- C:Documents and SettingsAdminApplication DataHelp
2009-09-02 13:01:37 —-D—- C:windowssystem32Filt
2009-09-02 13:00:11 —-D—- C:Documents and SettingsAll UsersApplication DataAgnitum
2009-09-02 12:43:28 —-DC—- C:Documents and SettingsAdminApplication DataESET
2009-09-01 09:26:03 —-A—- C:windowsMY1.INI
2009-09-01 09:26:03 —-A—- C:windowsMY.INI
2009-08-30 19:58:24 —-DC—- C:rsit
2009-08-30 19:37:26 —-D—- C:windowsPrefetch
2009-08-30 19:12:54 —-N—- C:windowssystem32qmgr.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32userinit.exe
2009-08-30 19:12:36 —-N—- C:windowssystem32services.exe
2009-08-30 19:12:36 —-N—- C:windowssystem32rasauto.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32oleaut32.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32msgsvc.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32kernel32.dll
2009-08-30 19:12:36 —-N—- C:windowssystem32comctl32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32wkssvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32win32spl.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32untfs.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ulib.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32tcpmonui.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32syssetup.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32srvsvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32smss.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32setupapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32sessmgr.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32schannel.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32scardsvr.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32savedump.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32samsrv.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32samlib.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rshx32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rastapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rasman.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rasdlg.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32rasapi32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32printui.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32perfctrs.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32olecnv32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32nwprovau.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ntvdm.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32ntprint.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ntlsapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ntdll.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32nslookup.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32msv1_0.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32mgmtapi.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32lsasrv.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32locator.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32localspl.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32lmhsvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32imagehlp.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32ftp.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32format.com
2009-08-30 19:12:36 —-A—- C:windowssystem32dhcpcsvc.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32csrsrv.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32comdlg32.dll
2009-08-30 19:12:36 —-A—- C:windowssystem32cmd.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32cacls.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32autoconv.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32autochk.exe
2009-08-30 19:12:36 —-A—- C:windowssystem32advapi32.dll
2009-08-30 19:12:32 —-N—- C:windowssystem32ntoskrnl.exe
2009-08-30 19:12:32 —-N—- C:windowssystem32ntkrnlpa.exe
2009-08-30 19:12:32 —-A—- C:windowssystem32hal.dll
2009-08-30 19:12:32 —-A—- C:windowssystem32asfsipc.dll
2009-08-30 11:44:36 —-N—- C:windowssystem32_004444_.tmp.dll
2009-08-30 11:44:36 —-N—- C:windowssystem32_004439_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004438_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004437_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004436_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004435_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004432_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004431_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004430_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004429_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004427_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004425_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004424_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004422_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004421_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004417_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004416_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004413_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004410_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004409_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004408_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004401_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004396_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004388_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004387_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004383_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004382_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004380_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004344_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004340_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004337_.tmp.dll
2009-08-30 11:44:35 —-N—- C:windowssystem32_004336_.tmp.dll
2009-08-30 11:39:37 —-HDC—- C:windows$NtUninstallKB970653-v3$
2009-08-28 11:39:32 —-DC—- C:Documents and SettingsAdminApplication DataWinamp
2009-08-27 09:15:45 —-D—- C:Program FilesMessenger
2009-08-27 09:15:34 —-D—- C:windowsl2schemas
2009-08-27 09:08:49 —-N—- C:windowssystem32_004412_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004407_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004406_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004405_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004404_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004403_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004400_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004399_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004398_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004397_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004395_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004393_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004392_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004390_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004389_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004385_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004384_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004381_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004379_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004378_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004376_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004374_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004373_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004360_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004358_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004352_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004351_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004350_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004333_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004328_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004327_.tmp.dll
2009-08-27 09:08:49 —-N—- C:windowssystem32_004326_.tmp.dll
2009-08-27 09:01:11 —-HDC—- C:windows$NtUninstallKB961118$
2009-08-26 10:19:43 —-DC—- C:Documents and SettingsAdminApplication DataWeather Pulse
2009-08-25 15:49:47 —-D—- C:windowssystem32CatRoot_bak
2009-08-25 15:49:29 —-A—- C:windowssystem32SET33E.tmp
2009-08-23 17:04:09 —-D—- C:windowsSxsCaPendDel
2009-08-22 15:28:10 —-SHDC—- C:RECYCLER
2009-08-22 14:27:43 —-D—- C:windowstemp
2009-08-22 14:12:05 —-A—- C:windowsPEV.exe
2009-08-22 14:12:01 —-D—- C:windowsERDNT
2009-08-21 11:50:21 —-DC—- C:Documents and SettingsAdminApplication DataWinRAR
2009-08-20 14:10:48 —-D—- C:Program Filestrend micro
2009-08-20 13:12:33 —-D—- C:windowssystem32appmgmt
2009-08-20 13:11:51 —-DC—- C:Documents and SettingsAdminApplication DataAdobe
2009-08-20 09:39:52 —-DC—- C:Documents and SettingsAdminApplication DataEmailNotifier
2009-08-18 10:00:19 —-A—- C:windowssystem32LogFile.txt
2009-08-15 08:35:40 —-DC—- C:Documents and SettingsAdminApplication DataMacromedia
2009-08-13 12:42:02 —-DC—- C:Documents and SettingsAdminApplication DataPC Suite
2009-08-13 09:23:58 —-D—- C:Program FilesESET
2009-08-13 09:23:58 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2009-08-12 20:35:30 —-HDC—- C:windows$NtUninstallKB960859$
2009-08-12 20:35:26 —-HDC—- C:windows$NtUninstallKB971657$
2009-08-12 20:35:22 —-HDC—- C:windows$NtUninstallKB971557$
2009-08-12 20:35:17 —-D—- C:windowsServicePackFiles
2009-08-12 20:35:15 —-HDC—- C:windows$NtUninstallKB956744$
2009-08-12 20:35:11 —-HDC—- C:windows$NtUninstallKB973869$
2009-08-12 20:35:02 —-HDC—- C:windows$NtUninstallKB973540_WM9L$
2009-08-12 20:34:53 —-HDC—- C:windows$NtUninstallKB973507$
2009-08-12 20:34:48 —-HDC—- C:windows$NtUninstallKB973354$
2009-08-12 20:34:15 —-HDC—- C:windows$NtUninstallKB973815$
2009-08-12 20:34:10 —-HDC—- C:windows$NtUninstallKB971032$
2009-08-12 20:34:02 —-HDC—- C:windows$NtUninstallKB968389$
2009-08-11 15:53:45 —-A—- C:windowsWININIT.INI
2009-08-11 15:48:21 —-D—- C:Documents and SettingsAll UsersApplication DataSony Corporation
2009-08-11 11:28:08 —-D—- C:Program FilesWinamp
======List of files/folders modified in the last 1 months======
2009-09-08 14:25:25 —-D—- C:Program FilesMozilla Firefox
2009-09-08 14:18:15 —-A—- C:windowsSchedLgU.Txt
2009-09-08 14:18:00 —-D—- C:windowssystem32
2009-09-08 14:16:31 —-D—- C:windowssystem32CatRoot2
2009-09-07 11:01:45 —-D—- C:WINDOWS
2009-09-03 15:06:01 —-D—- C:windowsMicrosoft.NET
2009-09-03 12:50:42 —-HD—- C:windowsinf
2009-09-03 12:29:37 —-SHDC—- C:windowssystem32dllcache
2009-09-03 12:29:37 —-D—- C:windowssystem32drivers
2009-09-03 12:29:30 —-SHD—- C:windowsInstaller
2009-09-03 12:29:22 —-A—- C:windowsimsins.BAK
2009-09-03 12:29:12 —-D—- C:windowsWinSxS
2009-09-03 10:06:00 —-A—- C:windowsNeroDigital.ini
2009-09-02 15:18:02 —-SDC—- C:Documents and SettingsAdminApplication DataMicrosoft
2009-09-02 15:07:09 —-HD—- C:windows$hf_mig$
2009-09-02 14:40:40 —-D—- C:windowssystem32config
2009-09-02 14:40:06 —-DC—- C:Documents and SettingsAdminApplication DataVMNTOOLBAR
2009-09-01 17:38:05 —-D—- C:Program Files
2009-09-01 17:38:02 —-SD—- C:windowsDownloaded Program Files
2009-09-01 16:55:22 —-D—- C:windowssystem32CatRoot
2009-09-01 15:51:10 —-D—- C:windowsSoftwareDistribution
2009-09-01 09:31:43 —-A—- C:windowssystem32PerfStringBackup.INI
2009-09-01 09:23:09 —-A—- C:windowssystem32Agate.ini
2009-09-01 09:21:04 —-A—- C:windowssystem32unins000.exe
2009-08-30 19:45:23 —-D—- C:windowssystem32wbem
2009-08-30 19:45:23 —-D—- C:windowsRegistration
2009-08-30 19:44:49 —-D—- C:windowssystem32Restore
2009-08-30 19:38:05 —-SHD—- C:System Volume Information
2009-08-30 19:37:12 —-SD—- C:windowsFonts
2009-08-30 19:37:12 —-D—- C:windowssystem32Setup
2009-08-30 19:37:12 —-D—- C:windowsAppPatch
2009-08-30 19:36:17 —-D—- C:windowssecurity
2009-08-30 19:24:49 —-D—- C:windowssystem32usmt
2009-08-30 19:24:47 —-D—- C:windowssystem32ru
2009-08-30 19:24:47 —-D—- C:windowssystem32oobe
2009-08-30 19:24:46 —-D—- C:windowssystem32npp
2009-08-30 19:24:00 —-D—- C:windowssystem32Com
2009-08-30 19:24:00 —-D—- C:windowssystem32bits
2009-08-30 19:22:54 —-D—- C:windowssystem
2009-08-30 19:22:54 —-D—- C:windowssrchasst
2009-08-30 19:22:54 —-D—- C:windowsPeerNet
2009-08-30 19:22:53 —-D—- C:windowsnetwork diagnostic
2009-08-30 19:22:53 —-D—- C:windowsmsagent
2009-08-30 19:22:42 —-D—- C:windowsime
2009-08-30 19:22:42 —-D—- C:windowsHelp
2009-08-30 19:22:38 —-D—- C:Program FilesWindows NT
2009-08-30 19:22:38 —-D—- C:Program FilesWindows Media Player
2009-08-30 19:22:38 —-D—- C:Program FilesOutlook Express
2009-08-30 19:22:38 —-D—- C:Program FilesMovie Maker
2009-08-30 19:22:35 —-D—- C:Program FilesCommon FilesSystem
2009-08-30 19:22:09 —-D—- C:windowssystem32inetsrv
2009-08-30 19:21:58 —-D—- C:windowsehome
2009-08-30 19:21:56 —-SD—- C:windowsTasks
2009-08-30 19:20:15 —-D—- C:windowssystem32ru-ru
2009-08-26 09:17:34 —-SD—- C:windowsassembly
2009-08-23 17:05:29 —-D—- C:windowssystem32XPSViewer
2009-08-23 17:05:27 —-D—- C:windowssystem32en-us
2009-08-23 17:02:43 —-D—- C:Program FilesInternet Explorer
2009-08-22 14:27:42 —-AC—- C:Log.txt
2009-08-22 14:25:22 —-AC—- C:windowssystem.ini
2009-08-22 14:23:10 —-D—- C:Program FilesCommon Files
2009-08-21 16:14:20 —-D—- C:Program FilesFlylinkDC++
2009-08-21 15:17:32 —-A—- C:windowssystem32CmdLineExt.dll
2009-08-20 16:07:41 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-08-20 13:31:34 —-D—- C:Program FilesUltraISO
2009-08-20 13:10:43 —-DC—- C:Documents and SettingsAdminApplication DataMozilla
2009-08-20 10:01:13 —-D—- C:windowssystem32spool
2009-08-20 08:55:10 —-D—- C:Documents and SettingsAll UsersApplication DataEmailNotifier
2009-08-20 08:55:03 —-HD—- C:windowssystem32GroupPolicy
2009-08-20 08:55:03 —-D—- C:windowssystem32mui
2009-08-20 08:55:03 —-D—- C:windowssystem32Macromed
2009-08-20 08:55:03 —-D—- C:windowspchealth
2009-08-20 08:55:02 —-HD—- C:Program FilesInstallShield Installation Information
2009-08-20 08:55:02 —-D—- C:Program FilesTotal Commander
2009-08-20 08:55:02 —-D—- C:Program FilesRealtek
2009-08-20 08:55:02 —-D—- C:Program FilesQIP
2009-08-20 08:55:02 —-D—- C:Program FilesMaxthon2
2009-08-20 08:55:02 —-D—- C:Program FilesCommon FilesAdobe
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataSolo9RusEngNum
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataPC Suite
2009-08-20 08:55:02 —-D—- C:Documents and SettingsAll UsersApplication DataAlawarWrapper
2009-08-19 20:11:55 —-D—- C:Program FilesuTorrent
2009-08-19 07:19:06 —-D—- C:windowssystem32rserver30
2009-08-14 10:48:01 —-D—- C:Program FilesUninstall Tool
2009-08-14 10:13:47 —-D—- C:Program FilesNero
2009-08-13 09:57:09 —-D—- C:windowsI386
2009-08-12 10:59:18 —-DC—- C:windowssystem32DRVSTORE
2009-08-12 10:23:01 —-D—- C:Program FilesSoundSpectrum
2009-08-11 10:23:42 —-D—- C:windowsMinidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Драйвер AMD процессора; C:windowssystem32DRIVERSAmdK8.sys [2006-06-18 43520]
R1 cpuidlep;CpuIdle Pro System Driver; C:windowssystem32driverscpuidlep.sys [2009-08-27 4484]
R1 ehdrv;ehdrv; C:windowssystem32DRIVERSehdrv.sys [2009-02-06 106208]
R1 epfwtdi;epfwtdi; C:windowssystem32DRIVERSepfwtdi.sys [2009-02-06 56280]
R1 raddrvv3;raddrvv3; ??C:WINDOWSsystem32rserver30raddrvv3.sys []
R1 SandBox;SandBox; ??C:windowssystem32driversSandBox.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; ??C:WINDOWSsystem32driverssp_rsdrv2.sys []
R2 atksgt;atksgt; C:windowssystem32DRIVERSatksgt.sys [2008-11-06 278728]
R2 epfw;epfw; C:windowssystem32DRIVERSepfw.sys [2009-02-06 130952]
R2 lirsgt;lirsgt; C:windowssystem32DRIVERSlirsgt.sys [2008-11-06 25416]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:windowssystem32DRIVERSrspndr.sys [2006-12-04 62336]
R2 TBPanel;TBPanel; C:windowssystem32driversTBPanel.sys [2007-03-16 12256]
R3 afw;Agnitum firewall driver; C:windowssystem32DRIVERSafw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:windowssystem32driversafwcore.sys [2009-07-13 256792]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:windowssystem32DRIVERSHDAudBus.sys [2005-12-26 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:windowssystem32driversRtkHDAud.sys [2007-05-10 4419584]
R3 mirrorv3;mirrorv3; C:windowssystem32DRIVERSrminiv3.sys [2006-11-01 3328]
R3 nv;nv; C:windowssystem32DRIVERSnv4_mini.sys [2008-05-03 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:windowssystem32DRIVERSRtnicxp.sys [2006-12-14 85120]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:windowssystem32DRIVERSusbehci.sys [2007-12-21 30208]
R3 usbhub;USB2 концентратор; C:windowssystem32DRIVERSusbhub.sys [2007-12-21 59392]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:windowssystem32DRIVERSusbohci.sys [2007-12-21 17152]
S3 a26ked65;a26ked65; C:windowssystem32driversa26ked65.sys []
S3 ao8ol9dk;ao8ol9dk; C:windowssystem32driversao8ol9dk.sys []
S3 ASWFilt;ASWFilt; ??C:windowssystem32FiltASWFilt.dll []
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 dtscsi;dtscsi; C:windowsSystem32Driversdtscsi.sys [2009-02-22 223128]
S3 eamon;eamon; C:windowssystem32DRIVERSeamon.sys [2009-02-06 113448]
S3 Epfwndis;Eset Personal Firewall; C:windowssystem32DRIVERSEpfwndis.sys [2009-02-06 33096]
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 nmwcd;Nokia USB Phone Parent; C:windowssystem32driversnmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:windowssystem32driversnmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:windowssystem32driversnmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:windowssystem32driversnmwcdcm.sys [2007-02-22 12288]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:windowssystem32DRIVERSusbccgp.sys [2007-12-21 31616]
S3 usbscan;Драйвер USB-сканера; C:windowssystem32DRIVERSusbscan.sys [2007-12-21 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:windowssystem32DRIVERSUSBSTOR.SYS [2007-12-21 26496]
S3 vaxscsi;vaxscsi; C:windowsSystem32Driversvaxscsi.sys [2009-03-31 223128]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:windowssystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:windowssystem32driversIntelIde.sys []
S4 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:windowsSystem32driversws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 acssrv;Agnitum Client Security Service; D:6A00~1acs.exe [2009-07-24 1312584]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-02-06 727720]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe [2008-09-24 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:windowssystem32nvsvc32.exe [2008-05-03 159812]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-05-03 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared filesRichVideo.exe [2005-08-08 167936]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:Program FilesSpyware Terminatorsp_rsser.exe [2009-03-05 540672]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media Playerwmpnetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:windowssystem32svchost.exe [2004-08-18 14336]
S2 pr2aqfjb;9th Company Drivers Auto Removal (pr2aqfjb); C:windowssystem32pr2aqfjb.exe [2008-03-13 415096]
S2 RServer3;Radmin Server V3; C:WINDOWSsystem32rserver30RServer3.exe /service []
S2 StarWindService;StarWind iSCSI Service; D:Alcohol 52StarWindStarWindService.exe []
S2 StarWindServiceAE;StarWind AE Service; D:програмыалкогольAlcohol 120StarWindStarWindServiceAE.exe []
S3 aspnet_state;Служба состояний ASP.NET; C:windowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:windowsMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:windowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe []
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2007-03-26 292864]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:windowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-03-26 267824]
EOF
