• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало › Поймал троян
Adguard
 

Поймал троян

Удаление вирусов и троянов. Защита компьютера. › Помощь в удалении вирусов, троянов, рекламы и других зловредов › Поймал троян

  • This topic has 15 ответов, 2 участника, and was last updated 14 years, 9 months назад by Helper.
Просмотр 15 сообщений - с 1 по 15 (из 16 всего)
1 2 →
  • Автор
    Сообщения
  • 9 августа, 2010 в 10:09 дп #18543
    gull
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    Поймал вот эту гадость tcpmonui6.dll ничем не убирается, что посоветуете.

    [listComboFix 10-08-08.01 — Administrator 08/08/2010 21:55:55.1.2 — x86
    Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.3325.2780 [GMT -4:00]
    Running from: c:documents and settingsAdministratorMy DocumentsComboFix.exe
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:windowssystem32system.dat

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
    .

    2010-08-09 01:30 . 2010-08-09 01:30

    d

    w- c:documents and settingsAdministratorApplication DataUniblue
    2010-08-09 01:30 . 2010-08-09 01:30

    d

    w- c:program filesUniblue
    2010-08-09 01:06 . 2010-08-09 01:06 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.510000001400002iNOTEPAD.EXE
    2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000005c00003iSschk.exe
    2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5400000a0500002iepid2d6.exe
    2010-08-09 01:04 . 2010-07-26 23:13 3683248 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%AppData%Simply Super SoftwareTrojan Removerepid2d6.exe
    2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000022200002iRmvtrjan.exe
    2010-08-09 00:58 . 2010-08-09 00:58 715152 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan Removertrunins.exe
    2010-08-09 00:58 . 2010-08-09 00:58 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.51000000500002iREGSVR32.EXE
    2010-08-09 00:58 . 2010-08-09 00:58 484304 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverTrshlex.dll
    2010-08-09 00:58 . 2010-08-09 00:58 1167808 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverTrjscan.exe
    2010-08-09 00:57 . 2010-08-09 00:57 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002ibpe591b.exe
    2010-08-09 00:57 . 2010-08-09 00:57 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000001bf00002iRMVTRJAN.EXE
    2010-08-09 00:56 . 2010-08-09 00:56 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000016c00002itrupd.exe
    2010-08-09 00:55 . 2010-08-09 00:55 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002irky37ec.exe
    2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000001200003iSschk.exe
    2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002ippxfa02.exe
    2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002iquse179.exe
    2010-08-09 00:53 . 2010-08-09 00:53

    d

    w- c:documents and settingsAdministratorApplication DataThinstall
    2010-08-09 00:41 . 2010-08-09 00:41

    d

    w- C:VundoFix Backups
    2010-08-09 00:12 . 2010-08-09 00:12

    d

    w- c:documents and settingsAdministratorDoctorWeb
    2010-08-08 23:58 . 2010-08-08 23:58

    d

    w- c:program filesEnigma Software Group
    2010-08-08 23:58 . 2010-08-09 00:11

    d

    w- c:windows95431C66CF9A4913BFFF6050785AFB65.TMP
    2010-08-08 22:40 . 2010-08-08 22:40

    d

    w- c:documents and settingsAdministratorApplication DataMalwarebytes
    2010-08-08 22:40 . 2010-04-29 19:39 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
    2010-08-08 22:40 . 2010-08-08 22:40

    d

    w- c:program filesMalwarebytes’ Anti-Malware
    2010-08-08 22:40 . 2010-08-08 22:40

    d

    w- c:documents and settingsAll UsersApplication DataMalwarebytes
    2010-08-08 22:40 . 2010-04-29 19:39 20952 —-a-w- c:windowssystem32driversmbam.sys
    2010-08-08 22:37 . 2010-08-08 23:39

    d

    w- c:documents and settingsAll UsersApplication DataSTOPzilla!
    2010-08-08 19:59 . 2010-08-08 19:59 52736 —sha-r- c:windowssystem32tcpmonui6.dll
    2010-08-05 01:31 . 2010-08-05 01:31

    d

    w- c:program filesCommon FilesJava
    2010-08-05 01:31 . 2010-08-05 01:31 61440 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0424488892a-161dee86-ndecora-sse.dll
    2010-08-05 01:31 . 2010-08-05 01:31 503808 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-nmsvcp71.dll
    2010-08-05 01:31 . 2010-08-05 01:31 499712 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-njmc.dll
    2010-08-05 01:31 . 2010-08-05 01:31 348160 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-nmsvcr71.dll
    2010-08-05 01:31 . 2010-08-05 01:31 12800 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0424488892a-161dee86-ndecora-d3d.dll
    2010-07-29 22:46 . 2010-08-09 01:58

    d

    w- c:documents and settingsAdministratorApplication DataDNA
    2010-07-29 22:46 . 2010-08-09 01:08

    d

    w- c:program filesDNA
    2010-07-29 22:46 . 2010-07-29 22:46

    d

    w- c:documents and settingsAdministratorLocal SettingsApplication DataDNA
    2010-07-22 21:35 . 2010-07-22 21:35

    d

    w- c:program filesCommon FilesSkype
    2010-07-18 12:09 . 2010-07-18 12:09

    d

    w- C:found.000
    2010-07-14 09:38 . 2010-06-14 14:31 744448 -c—-w- c:windowssystem32dllcachehelpsvc.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-09 01:08 . 2009-10-26 21:49 0 —-a-w- c:windowssystem32driverslvuvc.hs
    2010-08-09 01:08 . 2009-10-26 21:47 0 —-a-w- c:windowssystem32driverslogiflt.iad
    2010-08-09 00:58 . 2007-11-28 19:26 373680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverSschk.exe
    2010-08-08 23:58 . 2009-10-24 12:46

    d

    w- c:program filesCommon FilesWise Installation Wizard
    2010-08-08 23:47 . 2009-10-24 22:05

    d

    w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
    2010-08-08 23:05 . 2010-08-08 22:56 1968 —-a-w- c:windowssystem32driverskgpcpy.cfg
    2010-08-08 18:14 . 2009-10-27 23:34

    d

    w- c:documents and settingsAdministratorApplication DataSkype
    2010-08-08 13:00 . 2009-10-27 23:51

    d

    w- c:documents and settingsAdministratorApplication DataskypePM
    2010-08-05 01:30 . 2009-10-27 15:58

    d

    w- c:program filesJava
    2010-07-29 22:31 . 2010-01-12 22:26

    d

    w- c:documents and settingsAdministratorApplication DatauTorrent
    2010-07-28 23:38 . 2009-12-25 02:14

    d

    w- c:documents and settingsAdministratorApplication DataDownload Manager
    2010-07-28 22:56 . 2009-10-24 14:24

    d

    w- c:documents and settingsAdministratorApplication DataAIMP
    2010-07-22 21:35 . 2009-10-27 23:33

    d

    r- c:program filesSkype
    2010-07-22 21:34 . 2009-10-27 23:33

    d

    w- c:documents and settingsAll UsersApplication DataSkype
    2010-07-17 09:00 . 2010-05-04 20:45 423656 —-a-w- c:windowssystem32deployJava1.dll
    2010-07-04 22:04 . 2010-07-04 22:03

    d

    w- c:program filesGamblerJBeta
    2010-07-04 21:58 . 2010-07-04 21:58

    d

    w- c:program filesGamblerJ
    2010-06-30 17:11 . 2009-10-27 15:02

    d

    w- c:program filesICQ6.5
    2010-06-29 01:04 . 2010-05-05 01:48

    d

    w- c:documents and settingsAll UsersApplication DataDivX
    2010-06-22 21:55 . 2010-06-22 21:55 501936 —-a-w- c:documents and settingsAll UsersApplication DataGoogleGoogle ToolbarUpdategtb8C.tmp.exe
    2010-06-14 14:31 . 2009-10-24 12:38 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
    2010-06-06 13:44 . 2010-05-05 01:52 57344 —-a-w- c:documents and settingsAll UsersApplication DataDivXRunAsUserRUNASUSERPROCESS.dll
    2010-06-06 13:30 . 2010-06-06 13:30 56765 —-a-w- c:documents and settingsAll UsersApplication DataDivXDivXPlusShortcutsUninstaller.exe
    2010-06-06 13:30 . 2010-06-06 13:30 53600 —-a-w- c:documents and settingsAll UsersApplication DataDivXUpdateUninstaller.exe
    2010-06-06 13:30 . 2010-06-06 13:30 54128 —-a-w- c:documents and settingsAll UsersApplication DataDivXConverterUninstaller.exe
    2010-06-06 13:30 . 2010-06-06 13:30 54644 —-a-w- c:documents and settingsAll UsersApplication DataDivXTranscodeEngineUninstaller.exe
    2010-06-06 13:30 . 2010-06-06 13:30 54101 —-a-w- c:documents and settingsAll UsersApplication DataDivXMPEG2PluginUninstaller.exe
    2010-06-06 13:27 . 2010-05-05 01:52 1062184 —-a-w- c:documents and settingsAll UsersApplication DataDivXSetupResource.dll
    2010-06-06 13:27 . 2010-05-05 01:52 895256 —-a-w- c:documents and settingsAll UsersApplication DataDivXSetupDivXSetup.exe
    2010-05-29 22:33 . 2010-01-01 00:04 5 —-a-w- c:windowssystem32SySMP3CutJoin.dat
    2010-05-27 22:17 . 2010-05-27 22:17 503808 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-nmsvcp71.dll
    2010-05-27 22:17 . 2010-05-27 22:17 499712 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-njmc.dll
    2010-05-27 22:17 . 2010-05-27 22:17 348160 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-nmsvcr71.dll
    2010-05-27 22:16 . 2010-05-27 22:16 61440 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0505535ab32-4e3d76d7-ndecora-sse.dll
    2010-05-27 22:16 . 2010-05-27 22:16 12800 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0505535ab32-4e3d76d7-ndecora-d3d.dll
    2010-05-15 00:56 . 2007-11-28 19:26 1303472 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverRmvtrjan.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
    «{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

    [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

    [HKEY_LOCAL_MACHINE~Browser Helper Objects{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
    2010-04-29 10:51 2515552 —-a-w- c:program filesRadio_WtbRad0.dll

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    «{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

    [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

    [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
    «{B4EFB02B-CD4A-44B9-B5D9-AA486CDFFAB6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

    [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    «swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-10-24 39408]
    «SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2009-01-26 2144088]
    «BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2010-07-29 323392]
    «RegistryBooster»=»c:program filesUniblueRegistryBoosterlauncher.exe» [2010-07-27 67456]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    «BtTray»=»c:program filesIVT CorporationBlueSoleilBtTray.exe» [2009-02-27 278016]
    «IntelliPoint»=»c:program filesMicrosoft IntelliPointipoint.exe» [2009-11-11 1468256]
    «RTHDCPL»=»RTHDCPL.EXE» [2010-03-26 19522592]
    «SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-05-14 248552]
    «egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
    «NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2010-03-16 13670504]

    c:documents and settingsAll UsersStart MenuProgramsStartup
    hp psc 1000 series.lnk — c:program filesHewlett-PackardDigital Imagingbinhpohmr08.exe [2003-4-6 147456]
    hpoddt01.exe.lnk — c:program filesHewlett-PackardDigital Imagingbinhpotdd01.exe [2003-4-6 28672]

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
    «EnableFirewall»= 0 (0x0)

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
    «%windir%\system32\sessmgr.exe»=
    «%windir%\Network Diagnostic\xpnetdiag.exe»=
    «c:\Program Files\BitComet\BitComet.exe»=
    «c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe»=
    «c:\Program Files\ICQ6.5\ICQ.exe»=
    «c:\Program Files\Orbitdownloader\orbitdm.exe»=
    «c:\Program Files\Orbitdownloader\orbitnet.exe»=
    «c:\Program Files\uTorrent\uTorrent.exe»=
    «c:\Program Files\Logitech\Logitech Vid\Vid.exe»=
    «c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
    «c:\Program Files\DNA\btdna.exe»=
    «c:\Program Files\Skype\Phone\Skype.exe»=

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
    «11901:TCP»= 11901:TCP:BitComet 11901 TCP
    «11901:UDP»= 11901:UDP:BitComet 11901 UDP
    «8080:TCP»= 8080:TCP:BitComet 8080 TCP
    «8080:UDP»= 8080:UDP:BitComet 8080 UDP
    «14974:TCP»= 14974:TCP:BitComet 14974 TCP
    «14974:UDP»= 14974:UDP:BitComet 14974 UDP

    R0 BtHidBus;Bluetooth HID Bus Service;c:windowssystem32driversBtHidBus.sys [1/7/2009 11:39 PM 20744]
    R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [7/1/2008 9:04 AM 34312]
    R1 oreans32;oreans32;c:windowssystem32driversoreans32.sys [1/15/2010 11:58 PM 33824]
    R2 BsMobileCS;BsMobileCS;c:program filesIVT CorporationBlueSoleilBsMobileCS.exe [2/27/2009 4:40 PM 143467]
    R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [12/21/2007 8:21 AM 468224]
    R3 btnetBUs;Bluetooth PAN Bus Service;c:windowssystem32driversbtnetBus.sys [12/7/2008 12:44 PM 30088]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:windowssystem32driversIvtBtBus.sys [7/2/2008 2:58 PM 26248]
    S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [1/29/2010 1:39 AM 135664]
    S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [1/24/2010 6:20 PM 1691480]
    S3 esgiguard;esgiguard;\??\c:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys —> \c:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
    .
    Contents of the ‘Scheduled Tasks’ folder

    2010-01-26 c:windowsTasksFRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8256593230.job
    — c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-06 04:52]

    2010-08-08 c:windowsTasksFRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8262872861.job
    — c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-06 04:52]

    2010-08-09 c:windowsTasksGoogleUpdateTaskMachineCore.job
    — c:program filesGoogleUpdateGoogleUpdate.exe [2010-01-29 05:39]

    2010-08-09 c:windowsTasksGoogleUpdateTaskMachineUA.job
    — c:program filesGoogleUpdateGoogleUpdate.exe [2010-01-29 05:39]

    2010-08-09 c:windowsTasksOGALogon.job
    — c:windowssystem32OGAEXEC.exe [2009-08-03 20:07]

    2010-08-09 c:windowsTasksRegistryBooster.job
    — c:program filesUniblueRegistryBoosterrbmonitor.exe [2010-08-09 15:11]
    .
    .

    Supplementary Scan

    .
    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyOverride =
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Download by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/201
    IE: &Grab video by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/204
    IE: Do&wnload selected by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/203
    IE: Down&load all by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/202
    IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
    IE: Отправить как сообщение(&M)… — c:program filesIVT CorporationBlueSoleilTransSendIEtssms.htm
    IE: Отправка посредством Bluetooth — c:program filesIVT CorporationBlueSoleilTransSendIEtsinfo.htm
    DPF: {5D2CF9D0-113A-476B-986F-288B54571614} — hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php
    DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} — hxxp://iptv.kartina.tv/install/VLC%20TV%20Player.cab
    FF — ProfilePath — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfilesnahd6ha2.default
    FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
    FF — plugin: c:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
    FF — plugin: c:program filesJavajre6binnew_pluginnpdeployJava1.dll
    FF — plugin: c:program filesKartina.TVVLCnpvlc.dll
    FF — plugin: c:program filesMozilla FirefoxpluginsnpdeployJava1.dll
    FF — plugin: c:program filesVirtual Earth 3DnpVE3D.dll
    FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

    —- FIREFOX POLICIES —-
    c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
    c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
    c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
    c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
    .
    — — — — ORPHANS REMOVED — — — —

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} — (no file)
    HKLM-Run-LogitechCommunicationsManager — c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe
    HKLM-Run-LogitechQuickCamRibbon — c:program filesLogitechQuickCamQuickcam.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-08 21:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .

    LOCKED REGISTRY KEYS


    [HKEY_USERSS-1-5-21-725345543-1580436667-839522115-500SoftwareMicrosoftInternet ExplorerUser Preferences]
    @Denied: (2) (Administrator)
    «88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,58,ae,b6,d6,19,20,44,8a,96,4d,
    «2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,58,ae,b6,d6,19,20,44,8a,96,4d,
    .
    Completion time: 2010-08-08 22:00:06
    ComboFix-quarantined-files.txt 2010-08-09 02:00

    Pre-Run: 220,765,835,264 bytes free
    Post-Run: 220,785,418,240 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
    [operating systems]
    c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional» /noexecute=optin /fastdetect

    — — End Of File — — 07D0729D6F58C5148231741A782175C1
    ][/list]

    9 августа, 2010 в 10:32 дп #30677
    Helper
    Participant
    • Темы:19
    • Сообщений:712
    • ☆☆☆☆☆

    Здравствуйте.Для начала:
    c:windowssystem32tcpmonui6.dll
    Проверьте на virustotal.com
    Если он уже проверялся, повторите анализ сейчас.Ссылку на результаты анализа предоставьте.
    Логи RSIT подготовьте еще:
    viewtopic.php?f=3&t=2
    P.S.Вас никто не просил делать лог комбофикс.

    9 августа, 2010 в 10:26 пп #30678
    gull
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    P.S.Вас никто не просил делать лог комбофикс

    Виноват, погорячился .
    Проверить файл на сайте http://www.virustotal.com, не получается, его не видно.Его видно только в Тотал командере и Спайботе, но не удаляется. Я и узнал про него когда стали сами открываться окна в эксплоере, но безобидные, не порно, ну включил Спайбот он и показал его, перечитал всё, что нашёл в инете, а так-же перебробовал все советы, ни чего не вышло. Пытался сделать рестор системы, фиг вам, называется, нету точек для возврата.

      Logfile of random’s system information tool 1.08 (written by random/random)
      Run by Administrator at 2010-08-09 17:55:19
      Microsoft Windows XP Professional Service Pack 3
      System drive C: has 211 GB (69%) free of 305 GB
      Total RAM: 3325 MB (76% free)

      Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 5:55:26 PM, on 8/9/2010
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:WINDOWSSystem32smss.exe
      C:WINDOWSsystem32winlogon.exe
      C:WINDOWSsystem32services.exe
      C:WINDOWSsystem32lsass.exe
      C:WINDOWSsystem32nvsvc32.exe
      C:WINDOWSsystem32svchost.exe
      C:WINDOWSSystem32svchost.exe
      C:WINDOWSsystem32spoolsv.exe
      C:WINDOWSExplorer.EXE
      C:Program FilesIVT CorporationBlueSoleilBtTray.exe
      C:Program FilesMicrosoft IntelliPointipoint.exe
      C:WINDOWSRTHDCPL.EXE
      C:Program FilesESETESET NOD32 Antivirusegui.exe
      C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
      C:Program FilesSpybot — Search & DestroyTeaTimer.exe
      C:Program FilesDNAbtdna.exe
      C:WINDOWSsystem32ctfmon.exe
      C:Program FilesHewlett-PackardDigital Imagingbinhpohmr08.exe
      C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
      C:Program FilesHewlett-PackardDigital Imagingbinhpoevm08.exe
      C:Program FilesIVT CorporationBlueSoleilBlueSoleilCS.exe
      C:Program FilesIVT CorporationBlueSoleilBsMobileCS.exe
      C:Program FilesESETESET NOD32 Antivirusekrn.exe
      C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
      C:WINDOWSsystem32svchost.exe
      C:Program FilesIVT CorporationBlueSoleilBsHelpCS.exe
      C:Program FilesHewlett-PackardDigital ImagingBinhpoSTS08.exe
      C:WINDOWSsystem32wscntfy.exe
      C:Program FilestotalcmdTOTALCMD.EXE
      C:Program FilesInternet Exploreriexplore.exe
      C:Program FilesInternet Exploreriexplore.exe
      C:Program FilesInternet Exploreriexplore.exe
      C:Program FilesInternet Exploreriexplore.exe
      C:Documents and SettingsAdministratorMy DocumentsRSIT.exe
      C:Program Filestrend microAdministrator.exe

      R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.com/
      R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R3 — URLSearchHook: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRad0.dll
      O2 — BHO: btorbit.com — {000123B4-9B42-4900-B3F7-F4B073EFC214} — C:Program FilesOrbitdownloaderorbitcth.dll
      O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
      O2 — BHO: BitComet ClickCapture — {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} — C:Program FilesBitComettoolsBitCometBHO_1.1.7.4.dll
      O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
      O2 — BHO: SkypeIEPluginBHO — {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
      O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.5.5126.1836swg.dll
      O2 — BHO: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRad0.dll
      O2 — BHO: (no name) — {DBC80044-A445-435b-BC74-9C25C1C588A9} — (no file)
      O2 — BHO: (no name) — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — (no file)
      O3 — Toolbar: Radio W Toolbar — {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — C:Program FilesRadio_WtbRad0.dll
      O3 — Toolbar: Google Toolbar — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
      O4 — HKLM..Run: [BtTray] «C:Program FilesIVT CorporationBlueSoleilBtTray.exe»
      O4 — HKLM..Run: [IntelliPoint] «c:Program FilesMicrosoft IntelliPointipoint.exe»
      O4 — HKLM..Run: [RTHDCPL] RTHDCPL.EXE
      O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
      O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
      O4 — HKLM..Run: [LogitechCommunicationsManager] «C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe»
      O4 — HKLM..Run: [LogitechQuickCamRibbon] «C:Program FilesLogitechQuickCamQuickcam.exe» /hide
      O4 — HKCU..Run: [swg] «C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe»
      O4 — HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot — Search & DestroyTeaTimer.exe
      O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesDNAbtdna.exe»
      O4 — HKCU..Run: [RegistryBooster] «C:Program FilesUniblueRegistryBoosterlauncher.exe» delay 20000
      O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
      O4 — HKCU..Run: [ICQUpdater] «C:DOCUME~1ADMINI~1LOCALS~1TempIcqUpdater.exe» -update 2740 «C:PROGRA~1ICQ6.5updates» «C:PROGRA~1ICQ6.5» «C:PROGRA~1ICQ6.5ICQ.exe noupdater=1» /autorun
      O4 — HKCU..RunOnce: [SpybotDeletingB6209] command.com /c del «C:WINDOWSsystem32tcpmonui6.dll»
      O4 — Global Startup: hp psc 1000 series.lnk = ?
      O4 — Global Startup: hpoddt01.exe.lnk = ?
      O8 — Extra context menu item: &Download by Orbit — res://C:Program FilesOrbitdownloaderorbitmxt.dll/201
      O8 — Extra context menu item: &Grab video by Orbit — res://C:Program FilesOrbitdownloaderorbitmxt.dll/204
      O8 — Extra context menu item: Do&wnload selected by Orbit — res://C:Program FilesOrbitdownloaderorbitmxt.dll/203
      O8 — Extra context menu item: Down&load all by Orbit — res://C:Program FilesOrbitdownloaderorbitmxt.dll/202
      O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
      O8 — Extra context menu item: Отправить как сообщение(&M)… — C:Program FilesIVT CorporationBlueSoleilTransSendIEtssms.htm
      O8 — Extra context menu item: Отправка посредством Bluetooth — C:Program FilesIVT CorporationBlueSoleilTransSendIEtsinfo.htm
      O9 — Extra button: BitComet Search — {461CC20B-FB6E-4f16-8FE8-C29359DB100E} — C:Program FilesBitComettoolsBitCometBHO_1.1.7.4.dll
      O9 — Extra button: Skype add-on for Internet Explorer — {898EA8C8-E7FF-479B-8935-AEC46303B9E5} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
      O9 — Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer — {898EA8C8-E7FF-479B-8935-AEC46303B9E5} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
      O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
      O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
      O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
      O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
      O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6.5ICQ.exe
      O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
      O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
      O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
      O16 — DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) — http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
      O16 — DPF: {5D2CF9D0-113A-476B-986F-288B54571614} (DevalVR Control) — http://www.devalvr.com/instalacion/plugin/devalvrplugin.php
      O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256395213015
      O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262382275707
      O16 — DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} —
      O16 — DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} (VideoLAN VLC ActiveX Plugin v2) — http://iptv.kartina.tv/install/VLC%20TV%20Player.cab
      O16 — DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) — http://ax.emsisoft.com/asquared.cab
      O16 — DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} —
      O16 — DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} —
      O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O18 — Protocol: skype-ie-addon-data — {91774881-D725-4E58-B298-07617B9B86A8} — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
      O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
      O22 — SharedTaskScheduler: Browseui preloader — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSsystem32browseui.dll
      O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSsystem32browseui.dll
      O23 — Service: BlueSoleilCS — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBlueSoleilCS.exe
      O23 — Service: BsHelpCS — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBsHelpCS.exe
      O23 — Service: BsMobileCS — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBsMobileCS.exe
      O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
      O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
      O23 — Service: Google Update Service (gupdate) (gupdate) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
      O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
      O23 — Service: Process Monitor (LVPrcSrv) — Logitech Inc. — C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
      O23 — Service: NVIDIA Display Driver Service (nvsvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
      O23 — Service: PEVSystemStart — Unknown owner — C:ComboFixPEV.cfxxe
      O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe

      —
      End of file — 10310 bytes

      ======Scheduled tasks folder======

      C:WINDOWStasksFRU Task #Hewlett-Packard#hp psc 1200 series#1256593230.job
      C:WINDOWStasksFRU Task #Hewlett-Packard#hp psc 1200 series#1262872861.job
      C:WINDOWStasksGoogleUpdateTaskMachineCore.job
      C:WINDOWStasksGoogleUpdateTaskMachineUA.job
      C:WINDOWStasksOGALogon.job

      ======Registry dump======

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{000123B4-9B42-4900-B3F7-F4B073EFC214}]
      Octh Class — C:Program FilesOrbitdownloaderorbitcth.dll [2009-10-14 179472]

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
      BitComet Helper — C:Program FilesBitComettoolsBitCometBHO_1.1.7.4.dll [2007-07-04 513336]

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
      Google Toolbar Helper — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2010-07-13 278192]

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
      Skype add-on for Internet Explorer — C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll [2010-02-08 804136]

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
      Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.5.5126.1836swg.dll [2010-05-28 814648]

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
      Radio W Toolbar — C:Program FilesRadio_WtbRad0.dll [2010-04-29 2515552]

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
      {b4efb02b-cd4a-44b9-b5d9-aa486cdffab6} — Radio W Toolbar — C:Program FilesRadio_WtbRad0.dll [2010-04-29 2515552]
      {2318C2B1-4965-11d4-9B18-009027A5CD4F} — Google Toolbar — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll [2010-07-13 278192]

      [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
      «BtTray»=C:Program FilesIVT CorporationBlueSoleilBtTray.exe [2009-02-27 278016]
      «IntelliPoint»=c:Program FilesMicrosoft IntelliPointipoint.exe [2009-11-11 1468256]
      «RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2010-03-26 19522592]
      «egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
      «NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2010-03-16 13670504]
      «LogitechCommunicationsManager»=C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe []
      «LogitechQuickCamRibbon»=C:Program FilesLogitechQuickCamQuickcam.exe /hide []

      [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
      «swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-10-24 39408]
      «SpybotSD TeaTimer»=C:Program FilesSpybot — Search & DestroyTeaTimer.exe [2009-01-26 2144088]
      «BitTorrent DNA»=C:Program FilesDNAbtdna.exe [2010-07-29 323392]
      «RegistryBooster»=C:Program FilesUniblueRegistryBoosterlauncher.exe delay 20000 []
      «ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
      «ICQUpdater»=C:DOCUME~1ADMINI~1LOCALS~1TempIcqUpdater.exe -update 2740 C:PROGRA~1ICQ6.5updates C:PROGRA~1ICQ6.5 C:PROGRA~1ICQ6.5ICQ.exe noupdater=1 /autorun []

      [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
      «SpybotDeletingB6209″=command.com /c del C:WINDOWSsystem32tcpmonui6.dll []

      C:Documents and SettingsAll UsersStart MenuProgramsStartup
      hp psc 1000 series.lnk — C:Program FilesHewlett-PackardDigital Imagingbinhpohmr08.exe
      hpoddt01.exe.lnk — C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
      C:WINDOWSsystem32WgaLogon.dll [2009-03-10 239496]

      [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]

      [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]

      [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]

      [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]

      [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
      «dontdisplaylastusername»=0
      «legalnoticecaption»=
      «legalnoticetext»=
      «shutdownwithoutlogon»=1
      «undockwithoutlogon»=1

      [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
      «NoDriveTypeAutoRun»=145

      [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
      «HonorAutoRunSetting»=1
      «NoDriveAutoRun»=67108863
      «NoDriveTypeAutoRun»=323
      «NoDrives»=0

      [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
      «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
      «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
      «C:Program FilesBitCometBitComet.exe»=»C:Program FilesBitCometBitComet.exe:*:Enabled:BitComet — a BitTorrent Client»
      «C:Program FilesIVT CorporationBlueSoleilBlueSoleilCS.exe»=»C:Program FilesIVT CorporationBlueSoleilBlueSoleilCS.exe:*:Enabled:BlueSoleilCS»
      «C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»
      «C:Program FilesOrbitdownloaderorbitdm.exe»=»C:Program FilesOrbitdownloaderorbitdm.exe:*:Enabled:Orbit»
      «C:Program FilesOrbitdownloaderorbitnet.exe»=»C:Program FilesOrbitdownloaderorbitnet.exe:*:Enabled:Orbit»
      «C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
      «C:Program FilesLogitechLogitech VidVid.exe»=»C:Program FilesLogitechLogitech VidVid.exe:*:Enabled:Logitech Vid»
      «C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
      «C:Program FilesDNAbtdna.exe»=»C:Program FilesDNAbtdna.exe:*:Enabled:DNA»
      «C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

      [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
      «%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
      «%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

      ======List of files/folders created in the last 1 months======

      2010-08-09 17:55:19 —-D—- C:rsit
      2010-08-09 17:55:19 —-D—- C:Program Filestrend micro
      2010-08-08 23:11:50 —-A—- C:WINDOWSntbtlog.txt
      2010-08-08 22:59:10 —-D—- C:WINDOWStemp
      2010-08-08 22:53:09 —-SD—- C:ComboFix
      2010-08-08 22:05:02 —-SHD—- C:RECYCLER
      2010-08-08 21:55:28 —-A—- C:Boot.bak
      2010-08-08 21:55:23 —-RASHD—- C:cmdcons
      2010-08-08 21:54:36 —-A—- C:WINDOWSzip.exe
      2010-08-08 21:54:36 —-A—- C:WINDOWSSWXCACLS.exe
      2010-08-08 21:54:36 —-A—- C:WINDOWSSWSC.exe
      2010-08-08 21:54:36 —-A—- C:WINDOWSSWREG.exe
      2010-08-08 21:54:36 —-A—- C:WINDOWSsed.exe
      2010-08-08 21:54:36 —-A—- C:WINDOWSPEV.exe
      2010-08-08 21:54:36 —-A—- C:WINDOWSNIRCMD.exe
      2010-08-08 21:54:36 —-A—- C:WINDOWSMBR.exe
      2010-08-08 21:54:36 —-A—- C:WINDOWSgrep.exe
      2010-08-08 21:54:32 —-D—- C:WINDOWSERDNT
      2010-08-08 21:54:04 —-D—- C:Qoobox
      2010-08-08 21:30:15 —-D—- C:Documents and SettingsAdministratorApplication DataUniblue
      2010-08-08 20:53:13 —-D—- C:Documents and SettingsAdministratorApplication DataThinstall
      2010-08-08 20:41:14 —-D—- C:VundoFix Backups
      2010-08-08 20:41:14 —-A—- C:VundoFix.txt
      2010-08-08 19:58:44 —-D—- C:Program FilesEnigma Software Group
      2010-08-08 19:58:29 —-D—- C:WINDOWS95431C66CF9A4913BFFF6050785AFB65.TMP
      2010-08-08 18:40:20 —-D—- C:Documents and SettingsAdministratorApplication DataMalwarebytes
      2010-08-08 18:40:06 —-A—- C:WINDOWSsystem32driversmbamswissarmy.sys
      2010-08-08 18:40:05 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
      2010-08-08 18:40:05 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
      2010-08-08 18:40:05 —-A—- C:WINDOWSsystem32driversmbam.sys
      2010-08-08 18:37:01 —-D—- C:Documents and SettingsAll UsersApplication DataSTOPzilla!
      2010-08-08 16:40:52 —-A—- C:WINDOWSwininit.ini
      2010-08-08 15:59:07 —-RASH—- C:WINDOWSsystem32tcpmonui6.dll
      2010-08-04 21:31:07 —-D—- C:Program FilesCommon FilesJava
      2010-08-03 06:03:28 —-HDC—- C:WINDOWS$NtUninstallKB2286198$
      2010-07-29 18:46:26 —-D—- C:Program FilesDNA
      2010-07-29 18:46:26 —-D—- C:Documents and SettingsAdministratorApplication DataDNA
      2010-07-22 17:35:01 —-D—- C:Program FilesCommon FilesSkype
      2010-07-18 08:09:37 —-D—- C:found.000
      2010-07-14 06:01:22 —-HDC—- C:WINDOWS$NtUninstallKB2229593$

      ======List of files/folders modified in the last 1 months======

      2010-08-09 17:55:24 —-D—- C:WINDOWSPrefetch
      2010-08-09 17:55:19 —-RD—- C:Program Files
      2010-08-09 17:46:28 —-A—- C:WINDOWSwincmd.ini
      2010-08-09 17:42:50 —-A—- C:WINDOWSsystem32LOCALSERVICE.INI
      2010-08-09 17:42:46 —-A—- C:WINDOWSsystem32bscs.ini
      2010-08-09 06:10:15 —-A—- C:WINDOWSSchedLgU.Txt
      2010-08-09 05:45:09 —-D—- C:Documents and SettingsAdministratorApplication DataSkype
      2010-08-09 05:44:47 —-D—- C:Documents and SettingsAdministratorApplication DataskypePM
      2010-08-08 23:11:50 —-D—- C:WINDOWS
      2010-08-08 22:58:37 —-D—- C:WINDOWSsystem32
      2010-08-08 22:58:27 —-D—- C:WINDOWSsystem32drivers
      2010-08-08 22:58:27 —-D—- C:WINDOWSAppPatch
      2010-08-08 22:58:25 —-D—- C:Program FilesCommon Files
      2010-08-08 22:53:31 —-D—- C:WINDOWSsystem32CatRoot2
      2010-08-08 22:50:11 —-D—- C:WINDOWSDebug
      2010-08-08 22:16:06 —-SD—- C:WINDOWSTasks
      2010-08-08 22:07:02 —-D—- C:Documents and SettingsAll UsersApplication DataSpybot — Search & Destroy
      2010-08-08 22:04:09 —-SHD—- C:WINDOWSInstaller
      2010-08-08 21:58:48 —-A—- C:WINDOWSsystem.ini
      2010-08-08 21:58:43 —-D—- C:WINDOWSsystem32driversetc
      2010-08-08 21:55:28 —-RASH—- C:boot.ini
      2010-08-08 20:45:44 —-SD—- C:WINDOWSDownloaded Program Files
      2010-08-08 20:11:42 —-SD—- C:Documents and SettingsAdministratorApplication DataMicrosoft
      2010-08-08 19:58:28 —-D—- C:Program FilesCommon FilesWise Installation Wizard
      2010-08-08 18:37:04 —-D—- C:WINDOWSWinSxS
      2010-08-08 17:18:59 —-SHD—- C:System Volume Information
      2010-08-08 17:18:59 —-D—- C:WINDOWSsystem32Restore
      2010-08-08 15:05:09 —-D—- C:Program FilesMozilla Firefox
      2010-08-05 19:35:43 —-D—- C:Downloads
      2010-08-03 06:03:38 —-HD—- C:WINDOWSinf
      2010-08-03 06:03:31 —-RSHDC—- C:WINDOWSsystem32dllcache
      2010-08-03 05:46:59 —-HD—- C:WINDOWS$hf_mig$
      2010-07-29 18:31:20 —-D—- C:Documents and SettingsAdministratorApplication DatauTorrent
      2010-07-28 19:38:48 —-D—- C:Documents and SettingsAdministratorApplication DataDownload Manager
      2010-07-28 18:56:01 —-D—- C:Documents and SettingsAdministratorApplication DataAIMP
      2010-07-27 02:30:35 —-A—- C:WINDOWSsystem32shell32.dll
      2010-07-25 19:34:01 —-A—- C:WINDOWSsystem32SHORTCUT.INI
      2010-07-25 19:34:00 —-A—- C:WINDOWSsystem32REMOTEDEVICE.INI
      2010-07-25 19:33:18 —-A—- C:WINDOWSsystem32LOCALDEVICE.INI
      2010-07-25 08:51:56 —-D—- C:WINDOWSMinidump
      2010-07-22 17:35:01 —-RD—- C:Program FilesSkype
      2010-07-22 17:34:58 —-D—- C:Documents and SettingsAll UsersApplication DataSkype
      2010-07-17 05:00:04 —-A—- C:WINDOWSsystem32deployJava1.dll
      2010-07-14 06:00:59 —-D—- C:Program FilesCommon FilesMicrosoft Shared

      ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R0 BtHidBus;Bluetooth HID Bus Service; C:WINDOWSSystem32DriversBtHidBus.sys [2009-01-07 20744]
      R0 PxHelp20;PxHelp20; C:WINDOWSSystem32DriversPxHelp20.sys [2009-09-25 43528]
      R1 AFS2K;AFS2k; C:WINDOWSsystem32driversAFS2K.sys [2004-10-07 35840]
      R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
      R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
      R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-14 36352]
      R1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14592]
      R1 oreans32;oreans32; ??C:WINDOWSsystem32driversoreans32.sys []
      R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
      R3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2008-12-07 14088]
      R3 btnetBUs;Bluetooth PAN Bus Service; C:WINDOWSSystem32DriversbtnetBus.sys [2008-12-07 30088]
      R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
      R3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
      R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2010-03-26 5883936]
      R3 IvtBtBUs;IVT Bluetooth Bus Service; C:WINDOWSSystem32DriversIvtBtBus.sys [2008-07-02 26248]
      R3 LVPr2Mon;LVPr2Mon Driver; C:WINDOWSsystem32DriversLVPr2Mon.sys [2009-10-07 25752]
      R3 LVRS;Logitech RightSound Filter Driver; C:WINDOWSsystem32DRIVERSlvrs.sys [2009-10-07 266008]
      R3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32DRIVERSLVUSBSta.sys [2007-10-11 41752]
      R3 LVUVC;QuickCam Communicate Deluxe(UVC); C:WINDOWSsystem32DRIVERSlvuvc.sys [2009-10-07 6756632]
      R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
      R3 NuidFltr;NUID filter driver; C:WINDOWSsystem32DRIVERSNuidFltr.sys [2009-05-09 14736]
      R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2010-03-16 10232352]
      R3 Point32;Microsoft IntelliPoint Filter Driver; C:WINDOWSsystem32DRIVERSpoint32.sys [2009-11-11 27744]
      R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2004-08-04 5888]
      R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2010-03-08 220112]
      R3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-14 60032]
      R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
      R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-14 20608]
      R3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2008-01-21 14856]
      R3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2009-01-08 31880]
      R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2006-11-02 492000]
      S3 Ambfilt;Ambfilt; C:WINDOWSsystem32driversAmbfilt.sys [2009-11-18 1691480]
      S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys [2009-01-03 39304]
      S3 BTNetFilter;Bluetooth Network Filter; ??C:Program FilesIVT CorporationBlueSoleilDeviceWin2kBTNetFilter.sys []
      S3 catchme;catchme; ??C:DOCUME~1ADMINI~1LOCALS~1Tempcatchme.sys []
      S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]
      S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
      S3 FilterService;UVC Filter Service; C:WINDOWSsystem32DRIVERSlvuvcflt.sys [2009-10-07 23832]
      S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2003-03-09 51024]
      S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2003-03-09 16080]
      S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2003-03-09 21456]
      S3 lvpopflt;Logitech POP Suppression Filter; C:WINDOWSsystem32DRIVERSlvpopflt.sys [2007-10-11 1920920]
      S3 Monfilt;Monfilt; C:WINDOWSsystem32driversMonfilt.sys [2009-11-18 1395800]
      S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]
      S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]
      S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]
      S3 NPPTNT2;NPPTNT2; ??C:WINDOWSsystem32npptNT2.sys []
      S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]
      S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]
      S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-14 25856]
      S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-14 15104]
      S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
      S3 usbvideo;USB Video Device (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2008-04-14 121984]
      S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]

      ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R2 BlueSoleilCS;BlueSoleilCS; C:Program FilesIVT CorporationBlueSoleilBlueSoleilCS.exe [2009-02-27 850432]
      R2 BsMobileCS;BsMobileCS; C:Program FilesIVT CorporationBlueSoleilBsMobileCS.exe [2009-02-27 143467]
      R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2007-12-21 468224]
      R2 LVPrcSrv;Process Monitor; C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe [2009-10-07 154136]
      R2 nvsvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2010-03-16 154216]
      R3 BsHelpCS;BsHelpCS; C:Program FilesIVT CorporationBlueSoleilBsHelpCS.exe [2009-02-27 98407]
      S2 gupdate;Google Update Service (gupdate); C:Program FilesGoogleUpdateGoogleUpdate.exe [2010-01-29 135664]
      S2 PEVSystemStart;PEVSystemStart; C:ComboFixPEV.cfxxe [2010-04-26 256512]
      S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
      S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
      S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
      S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
      S3 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-10-24 182768]
      S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
      S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
      S3 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2003-03-09 65795]
      S3 usprserv;User Privilege Service; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
      S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]

      EOF

      info.txt logfile of random’s system information tool 1.08 2010-08-09 17:55:34

      ======Uninstall list======

      —>C:Documents and SettingsAll UsersApplication DataDivXDivX7DivX ConverterDivXConverterUninstall.exe /CONVERTER
      —>MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
      —>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
      µTorrent—>»C:Program FilesuTorrentuTorrent.exe» /UNINSTALL
      Absolute Video to Audio Converter 2.8.5—>»C:Program FilesAbsolute Video to Audio Converterunins000.exe»
      Adobe AIR—>c:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
      Adobe AIR—>MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
      Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
      Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
      AIMP2—>C:Program FilesAIMP2Uninstall.exe
      Allok Video Joiner 3.2.0807—>»C:Program FilesAllok Video Joinerunins000.exe»
      Allok Video to MP4 Converter 4.2.0709—>»C:Program FilesAllok Video to MP4 Converterunins000.exe»
      Auto Gordian Knot 2.55—>C:Program FilesAutoGKuninst.exe
      AviSynth 2.5—>»C:Program FilesAviSynth 2.5Uninstall.exe»
      Bing Maps 3D—>MsiExec.exe /I{2D87E961-577B-492B-AD54-1368680FB9A7}
      BitComet 0.91—>C:Program FilesBitCometuninst.exe
      Bluesoleil 6.4.249.0—>MsiExec.exe /X{C0A871F9-D580-4404-9A69-A02CF3078C87}
      CCleaner—>»C:Program FilesCCleaneruninst.exe»
      Compatibility Pack for the 2007 Office system—>MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
      DevalVR plugin for Internet Explorer (remove)—>C:Program FilesDevalVRinstalldevalvr.exe /u
      DivX Converter—>C:Documents and SettingsAll UsersApplication DataDivXDivX7DivX ConverterDivXConverterUninstall.exe /CONVERTER
      DivX Player—>C:Documents and SettingsAll UsersApplication DataDivXDivX7DivX PlayerDivXPlayerUninstall.exe /PLAYER
      DivX Plus DirectShow Filters—>C:Documents and SettingsAll UsersApplication DataDivXDivX7DivX Plus DirectShow FiltersDivXDSFiltersUninstall.exe /DSFILTERS
      DivX Setup—>C:Documents and SettingsAll UsersApplication DataDivXSetupDivXSetup.exe /uninstall /bundleGroupId divx.com
      DivX Web Player—>C:Documents and SettingsAll UsersApplication DataDivXDivX7DivX Web PlayerDivXWebPlayerUninstall.exe /PLUGIN
      Driver Checker v2.7.4—>»C:Program FilesDriver Checkerunins000.exe»
      Driver Genius Professional Edition—>»C:Program FilesDriver-SoftDriverGeniusunins000.exe»
      Ease Audio Converter 1.30—>»C:Program FileseasetechAudioConverterunins000.exe»
      ESET NOD32 Antivirus—>MsiExec.exe /I{3407FD83-0A2F-475E-BE94-34F1FA342C84}
      EZ Screen Recorder 4.10—>»C:Program FilesinfallsoftEZ Screen Recorderunins000.exe»
      GOM Player—>»C:Program FilesGRETECHGomPlayerUninstall.exe»
      Google Earth Plug-in—>MsiExec.exe /X{961034C0-58DF-11DF-97FD-005056806466}
      Google Toolbar for Internet Explorer—>»C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarManager_223E2B8E7BAD9544.exe» /uninstall
      Google Toolbar for Internet Explorer—>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
      Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
      High Definition Audio Driver Package — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
      Hotfix for Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
      Hotfix for Windows XP (KB961118)—>»C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe»
      Hotfix for Windows XP (KB970653-v3)—>»C:WINDOWS$NtUninstallKB970653-v3$spuninstspuninst.exe»
      Hotfix for Windows XP (KB976098-v2)—>»C:WINDOWS$NtUninstallKB976098-v2$spuninstspuninst.exe»
      Hotfix for Windows XP (KB979306)—>»C:WINDOWS$NtUninstallKB979306$spuninstspuninst.exe»
      Hotfix for Windows XP (KB981793)—>»C:WINDOWS$NtUninstallKB981793$spuninstspuninst.exe»
      HP Memories Disc—>MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
      HP Photo and Imaging 2.0 — All-in-One Drivers—>MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
      HP Photo and Imaging 2.0 — All-in-One—>MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
      HP Photo and Imaging 2.0 — hp psc 1200 series—>C:Program FilesHewlett-PackardDigital Imaging{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}Setuphpzscr01.exe -datfile hposcr02.dat -forcereboot
      hp psc 1200 series—>MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
      hp psc 1200 series—>rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series
      ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
      K-Lite Codec Pack 5.7.0 (Basic)—>»C:Program FilesK-Lite Codec Packunins000.exe»
      Logitech Vid—>MsiExec.exe /I{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}
      Logitech Webcam Software—>MsiExec.exe /I{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}
      Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
      Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
      Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
      Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
      Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
      Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
      Microsoft Office Professional Edition 2003—>MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
      Microsoft Silverlight—>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
      Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
      Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
      Mozilla Firefox (3.5.10)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
      MP3 Cutter Joiner 2.20—>»C:Program FilesAudioToolsFactoryMP3 Cutter Joinerunins000.exe»
      Nero 8 Micro v8.0.3.0—>»C:Program FilesNerounins000.exe»
      NVIDIA Display Control Panel—>C:Program FilesNVIDIA CorporationUninstallnvuninst.exe DisplayControlPanel
      NVIDIA Drivers—>C:Program FilesNVIDIA CorporationUninstallnvuninst.exe UninstallGUI
      NVIDIA nView Desktop Manager—>C:Program FilesNVIDIA CorporationnViewnViewSetup.exe -uninstall
      NVIDIA PhysX—>MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
      OGA Notifier 2.0.0048.0—>MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
      Orbit Downloader—>»C:Program FilesOrbitdownloaderunins000.exe»
      Radio_W Toolbar—>C:PROGRA~1Radio_WUNWISE.EXE /U C:PROGRA~1Radio_WINSTALL.LOG
      Real Alternative 1.9.0—>»C:Program FilesReal Alternativeunins000.exe»
      REALTEK GbE & FE Ethernet PCI-E NIC Driver—>C:Program FilesInstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}setup.exe -runfromtemp -removeonly
      Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x9 -removeonly
      Security Update for CAPICOM (KB931906)—>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
      Security Update for CAPICOM (KB931906)—>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
      Security Update for Windows Internet Explorer 8 (KB971961)—>»C:WINDOWSie8updatesKB971961-IE8spuninstspuninst.exe»
      Security Update for Windows Internet Explorer 8 (KB974455)—>»C:WINDOWSie8updatesKB974455-IE8spuninstspuninst.exe»
      Security Update for Windows Internet Explorer 8 (KB976325)—>»C:WINDOWSie8updatesKB976325-IE8spuninstspuninst.exe»
      Security Update for Windows Internet Explorer 8 (KB978207)—>»C:WINDOWSie8updatesKB978207-IE8spuninstspuninst.exe»
      Security Update for Windows Internet Explorer 8 (KB981332)—>»C:WINDOWSie8updatesKB981332-IE8spuninstspuninst.exe»
      Security Update for Windows Internet Explorer 8 (KB982381)—>»C:WINDOWSie8updatesKB982381-IE8spuninstspuninst.exe»
      Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
      Security Update for Windows Media Player (KB954155)—>»C:WINDOWS$NtUninstallKB954155_WM9$spuninstspuninst.exe»
      Security Update for Windows Media Player (KB968816)—>»C:WINDOWS$NtUninstallKB968816_WM9$spuninstspuninst.exe»
      Security Update for Windows Media Player (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9$spuninstspuninst.exe»
      Security Update for Windows Media Player (KB978695)—>»C:WINDOWS$NtUninstallKB978695_WM9$spuninstspuninst.exe»
      Security Update for Windows Media Player (KB979402)—>»C:WINDOWS$NtUninstallKB979402_WM9$spuninstspuninst.exe»
      Security Update for Windows XP (KB2229593)—>»C:WINDOWS$NtUninstallKB2229593$spuninstspuninst.exe»
      Security Update for Windows XP (KB2286198)—>»C:WINDOWS$NtUninstallKB2286198$spuninstspuninst.exe»
      Security Update for Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
      Security Update for Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
      Security Update for Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
      Security Update for Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
      Security Update for Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
      Security Update for Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
      Security Update for Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
      Security Update for Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
      Security Update for Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
      Security Update for Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
      Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
      Security Update for Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
      Security Update for Windows XP (KB956744)—>»C:WINDOWS$NtUninstallKB956744$spuninstspuninst.exe»
      Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
      Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
      Security Update for Windows XP (KB956844)—>»C:WINDOWS$NtUninstallKB956844$spuninstspuninst.exe»
      Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
      Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
      Security Update for Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
      Security Update for Windows XP (KB958869)—>»C:WINDOWS$NtUninstallKB958869$spuninstspuninst.exe»
      Security Update for Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
      Security Update for Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
      Security Update for Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
      Security Update for Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
      Security Update for Windows XP (KB961371-v2)—>»C:WINDOWS$NtUninstallKB961371-v2$spuninstspuninst.exe»
      Security Update for Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
      Security Update for Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
      Security Update for Windows XP (KB969059)—>»C:WINDOWS$NtUninstallKB969059$spuninstspuninst.exe»
      Security Update for Windows XP (KB969947)—>»C:WINDOWS$NtUninstallKB969947$spuninstspuninst.exe»
      Security Update for Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
      Security Update for Windows XP (KB970430)—>»C:WINDOWS$NtUninstallKB970430$spuninstspuninst.exe»
      Security Update for Windows XP (KB971468)—>»C:WINDOWS$NtUninstallKB971468$spuninstspuninst.exe»
      Security Update for Windows XP (KB971486)—>»C:WINDOWS$NtUninstallKB971486$spuninstspuninst.exe»
      Security Update for Windows XP (KB971557)—>»C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe»
      Security Update for Windows XP (KB971633)—>»C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe»
      Security Update for Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
      Security Update for Windows XP (KB971961)—>»C:WINDOWS$NtUninstallKB971961$spuninstspuninst.exe»
      Security Update for Windows XP (KB972270)—>»C:WINDOWS$NtUninstallKB972270$spuninstspuninst.exe»
      Security Update for Windows XP (KB973354)—>»C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe»
      Security Update for Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
      Security Update for Windows XP (KB973525)—>»C:WINDOWS$NtUninstallKB973525$spuninstspuninst.exe»
      Security Update for Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
      Security Update for Windows XP (KB973904)—>»C:WINDOWS$NtUninstallKB973904$spuninstspuninst.exe»
      Security Update for Windows XP (KB974112)—>»C:WINDOWS$NtUninstallKB974112$spuninstspuninst.exe»
      Security Update for Windows XP (KB974318)—>»C:WINDOWS$NtUninstallKB974318$spuninstspuninst.exe»
      Security Update for Windows XP (KB974392)—>»C:WINDOWS$NtUninstallKB974392$spuninstspuninst.exe»
      Security Update for Windows XP (KB974455)—>»C:WINDOWS$NtUninstallKB974455$spuninstspuninst.exe»
      Security Update for Windows XP (KB974571)—>»C:WINDOWS$NtUninstallKB974571$spuninstspuninst.exe»
      Security Update for Windows XP (KB975025)—>»C:WINDOWS$NtUninstallKB975025$spuninstspuninst.exe»
      Security Update for Windows XP (KB975467)—>»C:WINDOWS$NtUninstallKB975467$spuninstspuninst.exe»
      Security Update for Windows XP (KB975560)—>»C:WINDOWS$NtUninstallKB975560$spuninstspuninst.exe»
      Security Update for Windows XP (KB975561)—>»C:WINDOWS$NtUninstallKB975561$spuninstspuninst.exe»
      Security Update for Windows XP (KB975562)—>»C:WINDOWS$NtUninstallKB975562$spuninstspuninst.exe»
      Security Update for Windows XP (KB975713)—>»C:WINDOWS$NtUninstallKB975713$spuninstspuninst.exe»
      Security Update for Windows XP (KB977165)—>»C:WINDOWS$NtUninstallKB977165$spuninstspuninst.exe»
      Security Update for Windows XP (KB977816)—>»C:WINDOWS$NtUninstallKB977816$spuninstspuninst.exe»
      Security Update for Windows XP (KB977914)—>»C:WINDOWS$NtUninstallKB977914$spuninstspuninst.exe»
      Security Update for Windows XP (KB978037)—>»C:WINDOWS$NtUninstallKB978037$spuninstspuninst.exe»
      Security Update for Windows XP (KB978251)—>»C:WINDOWS$NtUninstallKB978251$spuninstspuninst.exe»
      Security Update for Windows XP (KB978262)—>»C:WINDOWS$NtUninstallKB978262$spuninstspuninst.exe»
      Security Update for Windows XP (KB978338)—>»C:WINDOWS$NtUninstallKB978338$spuninstspuninst.exe»
      Security Update for Windows XP (KB978542)—>»C:WINDOWS$NtUninstallKB978542$spuninstspuninst.exe»
      Security Update for Windows XP (KB978601)—>»C:WINDOWS$NtUninstallKB978601$spuninstspuninst.exe»
      Security Update for Windows XP (KB978706)—>»C:WINDOWS$NtUninstallKB978706$spuninstspuninst.exe»
      Security Update for Windows XP (KB979309)—>»C:WINDOWS$NtUninstallKB979309$spuninstspuninst.exe»
      Security Update for Windows XP (KB979482)—>»C:WINDOWS$NtUninstallKB979482$spuninstspuninst.exe»
      Security Update for Windows XP (KB979559)—>»C:WINDOWS$NtUninstallKB979559$spuninstspuninst.exe»
      Security Update for Windows XP (KB979683)—>»C:WINDOWS$NtUninstallKB979683$spuninstspuninst.exe»
      Security Update for Windows XP (KB980195)—>»C:WINDOWS$NtUninstallKB980195$spuninstspuninst.exe»
      Security Update for Windows XP (KB980218)—>»C:WINDOWS$NtUninstallKB980218$spuninstspuninst.exe»
      Security Update for Windows XP (KB980232)—>»C:WINDOWS$NtUninstallKB980232$spuninstspuninst.exe»
      Skype Toolbars—>MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
      Skype™ 4.2—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
      Spybot — Search & Destroy—>»C:Program FilesSpybot — Search & Destroyunins000.exe»
      System Requirements Lab—>C:Program FilesSystemRequirementsLabUninstall.exe
      Total Commander (Remove or Repair)—>C:Program Filestotalcmdtcuninst.exe
      Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
      Update for Windows Internet Explorer 8 (KB973874)—>»C:WINDOWSie8updatesKB973874-IE8spuninstspuninst.exe»
      Update for Windows Internet Explorer 8 (KB976662)—>»C:WINDOWSie8updatesKB976662-IE8spuninstspuninst.exe»
      Update for Windows Internet Explorer 8 (KB976749)—>»C:WINDOWSie8updatesKB976749-IE8spuninstspuninst.exe»
      Update for Windows Internet Explorer 8 (KB980182)—>»C:WINDOWSie8updatesKB980182-IE8spuninstspuninst.exe»
      Update for Windows XP (KB898461)—>»C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe»
      Update for Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
      Update for Windows XP (KB955759)—>»C:WINDOWS$NtUninstallKB955759$spuninstspuninst.exe»
      Update for Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
      Update for Windows XP (KB968389)—>»C:WINDOWS$NtUninstallKB968389$spuninstspuninst.exe»
      Update for Windows XP (KB971737)—>»C:WINDOWS$NtUninstallKB971737$spuninstspuninst.exe»
      Update for Windows XP (KB973687)—>»C:WINDOWS$NtUninstallKB973687$spuninstspuninst.exe»
      Update for Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
      VC80CRTRedist — 8.0.50727.4053—>MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
      VirtualDubMod 1.5.10.2—>C:Program FilesVirtualDubModuninstall.exe
      VLC TV Player—>MsiExec.exe /I{4937160D-9A3B-429C-A82E-645116A4EB17}
      VobSub v2.23 (Remove Only)—>»C:Program FilesGabestVobSubuninstall.exe»
      VSO Image Resizer 1.1.16—>»C:Program FilesVSOImage Resizerunins000.exe»
      Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
      Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
      XviD MPEG4 Video Codec (remove only)—>»C:Program FilesXviDxvid-uninstall.exe»
      Гамблер (remove only)—>»C:Program FilesGamblerJuninstall.exe»
      Гамблер-бета (remove only)—>»C:Program FilesGamblerJBetauninstall.exe»
      Пакет драйвера Logitech Webcam Software—>»C:Program FilesCommon FilesLogiShrdLogiDriverStorelvdrivers12.10.1110LgDrvInst.exe» -remove -instdir»C:Program FilesCommon FilesLogiShrdLogiDriverStorelvdrivers» -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey»lvdrivers_12.10″ /clone_wait /hide_progress

      ======Security center information======

      AV: ESET NOD32 Antivirus 3.0

      ======System event log======

      Computer Name: MIKE
      Event Code: 7
      Message: The device, DeviceHarddisk0D, has a bad block.

      Record Number: 33906
      Source Name: Disk
      Time Written: 20100731223715.000000-240
      Event Type: error
      User:

      Computer Name: MIKE
      Event Code: 7
      Message: The device, DeviceHarddisk0D, has a bad block.

      Record Number: 33905
      Source Name: Disk
      Time Written: 20100731223654.000000-240
      Event Type: error
      User:

      Computer Name: MIKE
      Event Code: 7
      Message: The device, DeviceHarddisk0D, has a bad block.

      Record Number: 33904
      Source Name: Disk
      Time Written: 20100731223632.000000-240
      Event Type: error
      User:

      Computer Name: MIKE
      Event Code: 7
      Message: The device, DeviceHarddisk0D, has a bad block.

      Record Number: 33903
      Source Name: Disk
      Time Written: 20100731223611.000000-240
      Event Type: error
      User:

      Computer Name: MIKE
      Event Code: 7
      Message: The device, DeviceHarddisk0D, has a bad block.

      Record Number: 33902
      Source Name: Disk
      Time Written: 20100731223548.000000-240
      Event Type: error
      User:

      =====Application event log=====

      Computer Name: MIKE
      Event Code: 1000
      Message: Faulting application javaw.exe, version 6.0.200.2, faulting module java.dll, version 6.0.200.2, fault address 0x00005875.

      Record Number: 395
      Source Name: Application Error
      Time Written: 20100513121435.000000-240
      Event Type: error
      User:

      Computer Name: MIKE
      Event Code: 1002
      Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

      Record Number: 365
      Source Name: Application Hang
      Time Written: 20100512164516.000000-240
      Event Type: error
      User:

      Computer Name: MIKE
      Event Code: 1002
      Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

      Record Number: 238
      Source Name: Application Hang
      Time Written: 20100507191910.000000-240
      Event Type: error
      User:

      Computer Name: MIKE
      Event Code: 1000
      Message: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

      Record Number: 53
      Source Name: Application Error
      Time Written: 20100429205326.000000-240
      Event Type: error
      User:

      Computer Name: MIKE
      Event Code: 1002
      Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

      Record Number: 28
      Source Name: Application Hang
      Time Written: 20100428172355.000000-240
      Event Type: error
      User:

      ======Environment variables======

      «ComSpec»=%SystemRoot%system32cmd.exe
      «Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32wbem;C:Program FilesCommon FilesDivX Shared;C:Program FilesIVT CorporationBlueSoleilMobile
      «windir»=%SystemRoot%
      «FP_NO_HOST_CHECK»=NO
      «OS»=Windows_NT
      «PROCESSOR_ARCHITECTURE»=x86
      «PROCESSOR_LEVEL»=6
      «PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 11, GenuineIntel
      «PROCESSOR_REVISION»=0f0b
      «NUMBER_OF_PROCESSORS»=2
      «PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      «TEMP»=%SystemRoot%TEMP
      «TMP»=%SystemRoot%TEMP

      EOF

    10 августа, 2010 в 10:54 дп #30680
    Helper
    Participant
    • Темы:19
    • Сообщений:712
    • ☆☆☆☆☆

    Скопируйте текст ниже в блокнот и сохраните как файл с названием CFScript.txt на рабочий стол.


    
KillAll::
    

    
File::
    
C:DOCUME~1ADMINI~1LOCALS~1TempIcqUpdater.exe
    
c:windowssystem32tcpmonui6.dll
    

    
Driver::
    

    
Folder::
    

    
Registry::
    
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    
"ICQUpdater"=-
    

    
FileLook::
    

    
DirLook::

    После сохранения переместите CFScript.txt на пиктограмму ComboFix.exe.

    Когда сохранится новый отчет ComboFix, ComboFix.txt прикрепите к сообщению.

    10 августа, 2010 в 10:09 пп #30679
    gull
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    Сделал. Этот файл «tcpmonui6.dll » исчез. Только вот у компа до этого стали разные глюки появляться и они не исчезли, но я готов к худшему, переустановке.

      ComboFix 10-08-08.01 — Administrator 08/10/2010 17:54:06.3.2 — x86
      Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.3325.2719 [GMT -4:00]
      Running from: c:documents and settingsAdministratorMy DocumentsComboFix.exe
      Command switches used :: c:documents and settingsAdministratorDesktopCFScript.txt.txt
      AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
      * Resident AV is active

      FILE ::
      «c:docume~1ADMINI~1LOCALS~1TempIcqUpdater.exe»
      «c:windowssystem32tcpmonui6.dll»
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:windowssystem32tcpmonui6.dll

      .
      ((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
      .

      2010-08-10 21:54 . 2010-08-10 21:54

      d

      w- c:documents and settingsAdministratorLocal SettingsApplication DataESET
      2010-08-10 09:29 . 2010-08-10 09:29

      d

      w- c:documents and settingsAdministratorLocal SettingsApplication DataGoogle
      2010-08-10 09:29 . 2010-08-10 09:29

      d

      w- c:documents and settingsAdministratorLocal SettingsApplication Databluesoleil
      2010-08-10 09:29 . 2010-08-10 09:29

      d

      w- c:documents and settingsAdministratorLocal SettingsApplication DataDNA
      2010-08-10 02:52 . 2010-08-10 02:52

      d

      w- c:documents and settingsAdministratorLocal SettingsApplication DataConduit
      2010-08-10 02:50 . 2010-08-10 02:50

      d

      w- c:program filesXenocode
      2010-08-10 02:50 . 2010-08-10 02:51

      d

      w- c:documents and settingsAdministratorImpostazioni locali
      2010-08-10 02:50 . 2010-08-10 02:50

      d

      w- c:windowsXSxS
      2010-08-09 21:55 . 2010-08-09 21:55

      d

      w- C:rsit
      2010-08-09 21:55 . 2010-08-09 21:55

      d

      w- c:program filestrend micro
      2010-08-09 01:30 . 2010-08-09 01:30

      d

      w- c:documents and settingsAdministratorApplication DataUniblue
      2010-08-09 01:06 . 2010-08-09 01:06 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.510000001400002iNOTEPAD.EXE
      2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000005c00003iSschk.exe
      2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5400000a0500002iepid2d6.exe
      2010-08-09 01:04 . 2010-07-26 23:13 3683248 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%AppData%Simply Super SoftwareTrojan Removerepid2d6.exe
      2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000022200002iRmvtrjan.exe
      2010-08-09 00:58 . 2010-08-09 00:58 715152 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan Removertrunins.exe
      2010-08-09 00:58 . 2010-08-09 00:58 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.51000000500002iREGSVR32.EXE
      2010-08-09 00:58 . 2010-08-09 00:58 484304 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverTrshlex.dll
      2010-08-09 00:58 . 2010-08-09 00:58 1167808 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverTrjscan.exe
      2010-08-09 00:57 . 2010-08-09 00:57 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002ibpe591b.exe
      2010-08-09 00:57 . 2010-08-09 00:57 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000001bf00002iRMVTRJAN.EXE
      2010-08-09 00:56 . 2010-08-09 00:56 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000016c00002itrupd.exe
      2010-08-09 00:55 . 2010-08-09 00:55 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002irky37ec.exe
      2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000001200003iSschk.exe
      2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002ippxfa02.exe
      2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002iquse179.exe
      2010-08-09 00:53 . 2010-08-09 00:53

      d

      w- c:documents and settingsAdministratorApplication DataThinstall
      2010-08-09 00:41 . 2010-08-09 00:41

      d

      w- C:VundoFix Backups
      2010-08-09 00:12 . 2010-08-09 00:12

      d

      w- c:documents and settingsAdministratorDoctorWeb
      2010-08-08 23:58 . 2010-08-08 23:58

      d

      w- c:program filesEnigma Software Group
      2010-08-08 23:58 . 2010-08-09 00:11

      d

      w- c:windows95431C66CF9A4913BFFF6050785AFB65.TMP
      2010-08-08 22:40 . 2010-08-08 22:40

      d

      w- c:documents and settingsAdministratorApplication DataMalwarebytes
      2010-08-08 22:40 . 2010-04-29 19:39 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
      2010-08-08 22:40 . 2010-08-08 22:40

      d

      w- c:program filesMalwarebytes’ Anti-Malware
      2010-08-08 22:40 . 2010-08-08 22:40

      d

      w- c:documents and settingsAll UsersApplication DataMalwarebytes
      2010-08-08 22:40 . 2010-04-29 19:39 20952 —-a-w- c:windowssystem32driversmbam.sys
      2010-08-08 22:37 . 2010-08-08 23:39

      d

      w- c:documents and settingsAll UsersApplication DataSTOPzilla!
      2010-08-05 01:31 . 2010-08-05 01:31

      d

      w- c:program filesCommon FilesJava
      2010-08-05 01:31 . 2010-08-05 01:31 61440 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0424488892a-161dee86-ndecora-sse.dll
      2010-08-05 01:31 . 2010-08-05 01:31 503808 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-nmsvcp71.dll
      2010-08-05 01:31 . 2010-08-05 01:31 499712 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-njmc.dll
      2010-08-05 01:31 . 2010-08-05 01:31 348160 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-nmsvcr71.dll
      2010-08-05 01:31 . 2010-08-05 01:31 12800 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0424488892a-161dee86-ndecora-d3d.dll
      2010-07-29 22:46 . 2010-08-10 21:58

      d

      w- c:program filesDNA
      2010-07-29 22:46 . 2010-08-10 21:58

      d

      w- c:documents and settingsAdministratorApplication DataDNA
      2010-07-22 21:35 . 2010-07-22 21:35

      d

      w- c:program filesCommon FilesSkype
      2010-07-18 12:09 . 2010-07-18 12:09

      d

      w- C:found.000
      2010-07-14 09:38 . 2010-06-14 14:31 744448 -c—-w- c:windowssystem32dllcachehelpsvc.exe

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-08-10 21:58 . 2009-10-26 21:49 0 —-a-w- c:windowssystem32driverslvuvc.hs
      2010-08-10 21:58 . 2009-10-26 21:47 0 —-a-w- c:windowssystem32driverslogiflt.iad
      2010-08-10 02:36 . 2009-10-27 23:34

      d

      w- c:documents and settingsAdministratorApplication DataSkype
      2010-08-09 22:37 . 2009-10-27 23:51

      d

      w- c:documents and settingsAdministratorApplication DataskypePM
      2010-08-09 22:34 . 2009-10-24 22:05

      d

      w- c:program filesSpybot — Search & Destroy
      2010-08-09 02:07 . 2009-10-24 22:05

      d

      w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
      2010-08-09 00:58 . 2007-11-28 19:26 373680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverSschk.exe
      2010-08-08 23:58 . 2009-10-24 12:46

      d

      w- c:program filesCommon FilesWise Installation Wizard
      2010-08-08 23:05 . 2010-08-08 22:56 1968 —-a-w- c:windowssystem32driverskgpcpy.cfg
      2010-07-29 22:31 . 2010-01-12 22:26

      d

      w- c:documents and settingsAdministratorApplication DatauTorrent
      2010-07-28 23:38 . 2009-12-25 02:14

      d

      w- c:documents and settingsAdministratorApplication DataDownload Manager
      2010-07-28 22:56 . 2009-10-24 14:24

      d

      w- c:documents and settingsAdministratorApplication DataAIMP
      2010-07-22 21:35 . 2009-10-27 23:33

      d

      r- c:program filesSkype
      2010-07-22 21:34 . 2009-10-27 23:33

      d

      w- c:documents and settingsAll UsersApplication DataSkype
      2010-07-04 22:04 . 2010-07-04 22:03

      d

      w- c:program filesGamblerJBeta
      2010-07-04 21:58 . 2010-07-04 21:58

      d

      w- c:program filesGamblerJ
      2010-06-30 17:11 . 2009-10-27 15:02

      d

      w- c:program filesICQ6.5
      2010-06-29 01:04 . 2010-05-05 01:48

      d

      w- c:documents and settingsAll UsersApplication DataDivX
      2010-06-22 21:55 . 2010-06-22 21:55 501936 —-a-w- c:documents and settingsAll UsersApplication DataGoogleGoogle ToolbarUpdategtb8C.tmp.exe
      2010-06-14 14:31 . 2009-10-24 12:38 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
      2010-06-06 13:44 . 2010-05-05 01:52 57344 —-a-w- c:documents and settingsAll UsersApplication DataDivXRunAsUserRUNASUSERPROCESS.dll
      2010-06-06 13:30 . 2010-06-06 13:30 56765 —-a-w- c:documents and settingsAll UsersApplication DataDivXDivXPlusShortcutsUninstaller.exe
      2010-06-06 13:30 . 2010-06-06 13:30 53600 —-a-w- c:documents and settingsAll UsersApplication DataDivXUpdateUninstaller.exe
      2010-06-06 13:30 . 2010-06-06 13:30 54128 —-a-w- c:documents and settingsAll UsersApplication DataDivXConverterUninstaller.exe
      2010-06-06 13:30 . 2010-06-06 13:30 54644 —-a-w- c:documents and settingsAll UsersApplication DataDivXTranscodeEngineUninstaller.exe
      2010-06-06 13:30 . 2010-06-06 13:30 54101 —-a-w- c:documents and settingsAll UsersApplication DataDivXMPEG2PluginUninstaller.exe
      2010-06-06 13:27 . 2010-05-05 01:52 1062184 —-a-w- c:documents and settingsAll UsersApplication DataDivXSetupResource.dll
      2010-06-06 13:27 . 2010-05-05 01:52 895256 —-a-w- c:documents and settingsAll UsersApplication DataDivXSetupDivXSetup.exe
      2010-05-29 22:33 . 2010-01-01 00:04 5 —-a-w- c:windowssystem32SySMP3CutJoin.dat
      2010-05-27 22:17 . 2010-05-27 22:17 503808 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-nmsvcp71.dll
      2010-05-27 22:17 . 2010-05-27 22:17 499712 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-njmc.dll
      2010-05-27 22:17 . 2010-05-27 22:17 348160 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-nmsvcr71.dll
      2010-05-27 22:16 . 2010-05-27 22:16 61440 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0505535ab32-4e3d76d7-ndecora-sse.dll
      2010-05-27 22:16 . 2010-05-27 22:16 12800 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0505535ab32-4e3d76d7-ndecora-d3d.dll
      2010-05-15 00:56 . 2007-11-28 19:26 1303472 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverRmvtrjan.exe
      .

      ((((((((((((((((((((((((((((( SnapShot@2010-08-09_01.58.48 )))))))))))))))))))))))))))))))))))))))))
      .
      — 2001-08-17 22:36 . 2004-08-04 12:00 55296 c:windowssystem32dvdplay.exe
      + 2001-08-17 22:36 . 2001-08-18 02:36 55296 c:windowssystem32dvdplay.exe
      + 2009-10-24 12:37 . 2008-04-14 09:42 11776 c:windowssystem32dllcachexolehlp.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 50176 c:windowssystem32dllcachexmlprovi.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 30720 c:windowssystem32dllcachexcopy.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 91648 c:windowssystem32dllcachexactsrv.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 17408 c:windowssystem32dllcachewinshfhc.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 12288 c:windowssystem32dllcachetracert.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 73216 c:windowssystem32dllcachetlntsvr.exe
      + 2004-08-04 12:00 . 2009-06-12 12:31 80896 c:windowssystem32dllcachetlntsess.exe
      — 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:windowssystem32dllcachetlntsess.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 61440 c:windowssystem32dllcachetlntadmn.exe
      — 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:windowssystem32dllcachetelnet.exe
      + 2004-08-04 12:00 . 2009-06-12 12:31 76288 c:windowssystem32dllcachetelnet.exe
      + 2009-10-24 13:57 . 2008-04-14 09:41 37376 c:windowssystem32dllcachel2store.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 61440 c:windowssystem32dllcachekmsvc.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 20480 c:windowssystem32dllcacheencapi.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 26624 c:windowssystem32dllcacheefsadu.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 33792 c:windowssystem32dllcacheeapsvc.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 59392 c:windowssystem32dllcacheeapqec.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 94208 c:windowssystem32dllcacheeappgnui.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 17920 c:windowssystem32dllcachedvdupgrd.exe
      + 2001-08-17 22:36 . 2001-08-18 02:36 55296 c:windowssystem32dllcachedvdplay.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 10752 c:windowssystem32dllcachedumprep.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 19456 c:windowssystem32dllcachedswave.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 51200 c:windowssystem32dllcachedssec.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 92672 c:windowssystem32dllcachedskquota.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 71680 c:windowssystem32dllcachedsdmoprp.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 16384 c:windowssystem32dllcacheds32gt.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 17920 c:windowssystem32dllcachedpnsvr.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 60928 c:windowssystem32dllcachedpnhupnp.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 35328 c:windowssystem32dllcachedpnhpast.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 23552 c:windowssystem32dllcachedpmodemx.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 29696 c:windowssystem32dllcachedplaysvr.exe
      + 2009-10-24 13:57 . 2008-04-14 09:41 56320 c:windowssystem32dllcachedot3msm.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 39936 c:windowssystem32dllcachedot3clnt.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 57856 c:windowssystem32dllcachedot3cfg.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 48128 c:windowssystem32dllcachedocprop2.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 39424 c:windowssystem32dllcachedfrgsnap.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 82944 c:windowssystem32dllcachedfrgfat.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 25088 c:windowssystem32dllcachedefrag.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 30208 c:windowssystem32dllcacheddeshare.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 64512 c:windowssystem32dllcachecryptnet.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 53760 c:windowssystem32dllcachecryptext.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 74752 c:windowssystem32dllcachecryptdlg.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 12800 c:windowssystem32dllcachecredssp.dll
      — 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:windowssystem32dllcachecorpol.dll
      + 2004-08-04 12:00 . 2009-03-08 08:33 18944 c:windowssystem32dllcachecorpol.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 27648 c:windowssystem32dllcacheconime.exe
      + 2009-10-24 12:37 . 2008-04-14 09:41 97792 c:windowssystem32dllcachecomrepl.dll
      + 2009-10-24 12:37 . 2008-04-14 09:41 28160 c:windowssystem32dllcachecomaddin.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 39424 c:windowssystem32dllcachecmutil.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 63488 c:windowssystem32dllcachecmstp.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 13312 c:windowssystem32dllcachecmsetacl.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 39936 c:windowssystem32dllcachecmmon32.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 25600 c:windowssystem32dllcachecmdl32.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 15872 c:windowssystem32dllcachecmcfg32.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 33280 c:windowssystem32dllcacheclipsrv.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 64000 c:windowssystem32dllcachecleanmgr.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 56832 c:windowssystem32dllcachecipher.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 69120 c:windowssystem32dllcacheciodm.dll
      + 2009-10-24 12:37 . 2008-04-14 09:41 38912 c:windowssystem32dllcachecfgbkend.dll
      + 2009-10-24 12:37 . 2008-04-14 09:41 85504 c:windowssystem32dllcachecatsrvps.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 50688 c:windowssystem32dllcachecamocx.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 19968 c:windowssystem32dllcachecacls.exe
      — 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:windowssystem32dllcachecabview.dll
      + 2004-08-04 12:00 . 2010-01-13 14:01 86016 c:windowssystem32dllcachecabview.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 50688 c:windowssystem32dllcachebtpanui.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 30208 c:windowssystem32dllcachebthserv.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 20992 c:windowssystem32dllcachebthci.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 78336 c:windowssystem32dllcachebrowsewm.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 71680 c:windowssystem32dllcacheblastcln.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 17408 c:windowssystem32dllcachebidispl.dll
      — 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:windowssystem32dllcacheavifil32.dll
      + 2004-08-04 12:00 . 2009-11-27 16:07 84992 c:windowssystem32dllcacheavifil32.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 11264 c:windowssystem32dllcacheautolfn.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 14336 c:windowssystem32dllcacheauditusr.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 12288 c:windowssystem32dllcacheattrib.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 30208 c:windowssystem32dllcacheatmlib.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 11264 c:windowssystem32dllcacheatmadm.exe
      + 2009-10-24 13:57 . 2008-04-14 09:41 32768 c:windowssystem32dllcacheativtmxx.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 25088 c:windowssystem32dllcacheat.exe
      — 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:windowssystem32dllcacheasycfilt.dll
      + 2004-08-04 12:00 . 2010-03-05 14:37 65536 c:windowssystem32dllcacheasycfilt.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 32768 c:windowssystem32dllcacheasr_pfu.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 30208 c:windowssystem32dllcacheasr_fmt.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 70656 c:windowssystem32dllcacheamstream.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 17408 c:windowssystem32dllcachealrsvc.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 98304 c:windowssystem32dllcacheahui.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 68096 c:windowssystem32dllcacheadsmsext.dll
      + 2004-08-04 12:00 . 2009-03-08 08:32 72704 c:windowssystem32dllcacheadmparse.dll
      — 2009-03-08 08:32 . 2009-03-08 08:32 72704 c:windowssystem32dllcacheadmparse.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 7168 c:windowssystem32dllcachetlntsvrp.dll
      + 2004-08-04 12:00 . 2008-04-14 04:01 7424 c:windowssystem32dllcachekd1394.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 7168 c:windowssystem32dllcachekbdukx.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 7680 c:windowssystem32dllcachekbdsmsno.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 7680 c:windowssystem32dllcachekbdsmsfi.dll
      + 2009-10-24 13:57 . 2008-04-14 09:39 6144 c:windowssystem32dllcachekbdpash.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 7168 c:windowssystem32dllcachekbdno1.dll
      + 2009-10-24 13:57 . 2008-04-14 09:39 6144 c:windowssystem32dllcachekbdnepr.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 6144 c:windowssystem32dllcachekbdmlt48.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 6144 c:windowssystem32dllcachekbdmlt47.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 5632 c:windowssystem32dllcachekbdmaori.dll
      + 2009-10-24 13:57 . 2008-04-14 09:39 6144 c:windowssystem32dllcachekbdiultn.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 6656 c:windowssystem32dllcachekbdinmal.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 6144 c:windowssystem32dllcachekbdinben.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 6144 c:windowssystem32dllcachekbdinbe1.dll
      + 2004-08-04 12:00 . 2008-04-14 02:39 4096 c:windowssystem32dllcachedsprpres.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 3072 c:windowssystem32dllcachedpnlobby.dll
      + 2004-08-04 12:00 . 2008-04-14 09:39 3072 c:windowssystem32dllcachedpnaddr.dll
      + 2009-10-24 12:37 . 2008-04-14 09:42 6144 c:windowssystem32dllcachedcomcnfg.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 8192 c:windowssystem32dllcached3d8thk.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 5632 c:windowssystem32dllcachecisvc.exe
      + 2009-10-24 13:57 . 2008-04-14 09:41 7168 c:windowssystem32dllcachebitsprx4.dll
      + 2009-10-24 12:39 . 2008-04-14 09:41 7168 c:windowssystem32dllcachebitsprx3.dll
      + 2009-10-24 12:39 . 2008-04-14 09:41 8192 c:windowssystem32dllcachebitsprx2.dll
      + 2009-10-24 08:31 . 2008-04-14 09:41 8704 c:windowssystem32dllcachebatt.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 4096 c:windowssystem32dllcacheactmovie.exe
      + 2010-08-10 21:58 . 2009-10-07 06:47 109080 c:windowstemplogishrdLVPrcInj01.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 338432 c:windowssystem32dllcachezipfldr.dll
      + 2009-10-24 13:57 . 2008-04-14 03:09 689152 c:windowssystem32dllcachexpsp3res.dll
      + 2004-08-04 12:00 . 2008-04-14 03:09 187392 c:windowssystem32dllcachexpsp1res.dll
      + 2004-08-04 12:00 . 2008-04-14 03:09 438784 c:windowssystem32dllcachexpob2res.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 129024 c:windowssystem32dllcachexmlprov.dll
      + 2009-10-24 12:39 . 2008-04-14 09:42 183296 c:windowssystem32dllcachewuaueng1.dll
      + 2009-10-24 12:39 . 2008-04-14 09:42 165888 c:windowssystem32dllcachewuauclt1.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 756224 c:windowssystem32dllcachewinntbbu.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 259584 c:windowssystem32dllcachetracerpt.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 347136 c:windowssystem32dllcachetourstrt.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 358400 c:windowssystem32dllcachetermmgr.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 150528 c:windowssystem32dllcachekeymgr.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 186880 c:windowssystem32dllcacheencdec.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 183296 c:windowssystem32dllcacheels.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 180224 c:windowssystem32dllcacheeapphost.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 184832 c:windowssystem32dllcacheeapp3hst.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 619008 c:windowssystem32dllcachedx7vb.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 180224 c:windowssystem32dllcachedwwin.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 113152 c:windowssystem32dllcachedsuiext.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 239104 c:windowssystem32dllcachedsquery.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 142848 c:windowssystem32dllcachedsprop.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 155648 c:windowssystem32dllcachedskquoui.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 181248 c:windowssystem32dllcachedsdmo.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 375296 c:windowssystem32dllcachedpnet.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 229888 c:windowssystem32dllcachedplayx.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 102912 c:windowssystem32dllcachedpcdll.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 650752 c:windowssystem32dllcachedot3ui.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 132096 c:windowssystem32dllcachedot3svc.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 124416 c:windowssystem32dllcachedfrgui.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 105472 c:windowssystem32dllcachedfrgntfs.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 282624 c:windowssystem32dllcachedevmgr.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 110592 c:windowssystem32dllcachedbnetlib.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 824320 c:windowssystem32dllcached3dim700.dll
      — 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:windowssystem32dllcachecscript.exe
      + 2004-08-04 12:00 . 2008-05-07 09:07 135168 c:windowssystem32dllcachecscript.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 357888 c:windowssystem32dllcacheconfmsp.dll
      + 2009-10-24 12:37 . 2008-04-14 09:41 539648 c:windowssystem32dllcachecomuid.dll
      + 2009-10-24 12:37 . 2008-04-14 09:41 167424 c:windowssystem32dllcachecomsnap.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 229376 c:windowssystem32dllcachecompstui.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 252928 c:windowssystem32dllcachecompatui.dll
      + 2009-10-24 12:37 . 2008-04-14 09:41 185344 c:windowssystem32dllcachecmprops.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 344064 c:windowssystem32dllcachecmdial32.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 389120 c:windowssystem32dllcachecmd.exe
      + 2009-10-24 12:37 . 2008-04-14 09:42 102912 c:windowssystem32dllcacheclipbrd.exe
      + 2009-10-24 12:37 . 2008-04-14 09:41 110592 c:windowssystem32dllcacheclbcatex.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 148480 c:windowssystem32dllcachecic.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 457728 c:windowssystem32dllcachecertmgr.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 151040 c:windowssystem32dllcachecdfview.dll
      + 2009-10-24 12:37 . 2008-04-14 09:41 625664 c:windowssystem32dllcachecatsrvut.dll
      + 2009-10-24 12:37 . 2008-04-14 09:41 226304 c:windowssystem32dllcachecatsrv.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 150016 c:windowssystem32dllcachecapesnpn.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 142848 c:windowssystem32dllcachebootcfg.exe
      + 2009-10-24 13:57 . 2008-04-14 09:41 233472 c:windowssystem32dllcacheazroles.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 580608 c:windowssystem32dllcacheautofmt.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 602624 c:windowssystem32dllcacheautoconv.exe
      + 2004-08-04 12:00 . 2008-04-14 09:42 588800 c:windowssystem32dllcacheautochk.exe
      + 2009-10-24 13:57 . 2008-04-14 09:41 516768 c:windowssystem32dllcacheativvaxx.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 870784 c:windowssystem32dllcacheati3d1ag.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 201728 c:windowssystem32dllcacheati2dvag.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 377984 c:windowssystem32dllcacheati2dvaa.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 229376 c:windowssystem32dllcacheati2cqag.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 295936 c:windowssystem32dllcacheappmgr.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 167936 c:windowssystem32dllcacheappmgmts.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 123392 c:windowssystem32dllcacheadsnw.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 263680 c:windowssystem32dllcacheadsnt.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 175616 c:windowssystem32dllcacheadsldp.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 115712 c:windowssystem32dllcacheaclui.dll
      + 2009-10-24 12:37 . 2008-04-14 09:42 184320 c:windowssystem32dllcacheaccwiz.exe
      + 2009-10-24 13:57 . 2008-04-14 09:41 136192 c:windowssystem32dllcacheaaclient.dll
      — 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:windowssystem32dllcache6to4svc.dll
      + 2004-08-04 12:00 . 2010-02-12 04:33 100864 c:windowssystem32dllcache6to4svc.dll
      + 2004-08-04 12:00 . 2008-04-14 09:42 1298432 c:windowssystem32dllcachedxdiag.exe
      + 2004-08-04 12:00 . 2008-04-14 09:41 1227264 c:windowssystem32dllcachedx8vb.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 1293824 c:windowssystem32dllcachedsound3d.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 1054208 c:windowssystem32dllcachedanim.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 1689088 c:windowssystem32dllcached3d9.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 1179648 c:windowssystem32dllcached3d8.dll
      + 2004-08-04 12:00 . 2008-04-14 09:41 2091520 c:windowssystem32dllcachecdosys.dll
      + 2009-10-24 13:57 . 2008-04-14 09:41 1888992 c:windowssystem32dllcacheati3duag.dll
      .
      — Snapshot reset to current date —
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
      «{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

      [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

      [HKEY_LOCAL_MACHINE~Browser Helper Objects{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
      2010-04-29 10:51 2515552 —-a-w- c:program filesRadio_WtbRad0.dll

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
      «{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

      [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

      [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
      «{B4EFB02B-CD4A-44B9-B5D9-AA486CDFFAB6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

      [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

      [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
      «swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-10-24 39408]
      «SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2009-03-05 2260480]
      «BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2010-07-29 323392]
      «ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
      «BtTray»=»c:program filesIVT CorporationBlueSoleilBtTray.exe» [2009-02-27 278016]
      «IntelliPoint»=»c:program filesMicrosoft IntelliPointipoint.exe» [2009-11-11 1468256]
      «RTHDCPL»=»RTHDCPL.EXE» [2010-03-26 19522592]
      «egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
      «NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2010-03-16 13670504]
      «LogitechCommunicationsManager»=»c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe» [BU]
      «LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [BU]

      c:documents and settingsAll UsersStart MenuProgramsStartup
      hp psc 1000 series.lnk — c:program filesHewlett-PackardDigital Imagingbinhpohmr08.exe [2003-4-6 147456]
      hpoddt01.exe.lnk — c:program filesHewlett-PackardDigital Imagingbinhpotdd01.exe [2003-4-6 28672]

      [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
      «EnableFirewall»= 0 (0x0)

      [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
      «%windir%\system32\sessmgr.exe»=
      «%windir%\Network Diagnostic\xpnetdiag.exe»=
      «c:\Program Files\BitComet\BitComet.exe»=
      «c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe»=
      «c:\Program Files\ICQ6.5\ICQ.exe»=
      «c:\Program Files\Orbitdownloader\orbitdm.exe»=
      «c:\Program Files\Orbitdownloader\orbitnet.exe»=
      «c:\Program Files\uTorrent\uTorrent.exe»=
      «c:\Program Files\Logitech\Logitech Vid\Vid.exe»=
      «c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
      «c:\Program Files\DNA\btdna.exe»=
      «c:\Program Files\Skype\Phone\Skype.exe»=

      [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
      «11901:TCP»= 11901:TCP:BitComet 11901 TCP
      «11901:UDP»= 11901:UDP:BitComet 11901 UDP
      «8080:TCP»= 8080:TCP:BitComet 8080 TCP
      «8080:UDP»= 8080:UDP:BitComet 8080 UDP
      «14974:TCP»= 14974:TCP:BitComet 14974 TCP
      «14974:UDP»= 14974:UDP:BitComet 14974 UDP

      R0 BtHidBus;Bluetooth HID Bus Service;c:windowssystem32driversBtHidBus.sys [1/7/2009 11:39 PM 20744]
      R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [7/1/2008 9:04 AM 34312]
      R1 oreans32;oreans32;c:windowssystem32driversoreans32.sys [1/15/2010 11:58 PM 33824]
      R2 BsMobileCS;BsMobileCS;c:program filesIVT CorporationBlueSoleilBsMobileCS.exe [2/27/2009 4:40 PM 143467]
      R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [12/21/2007 8:21 AM 468224]
      R3 btnetBUs;Bluetooth PAN Bus Service;c:windowssystem32driversbtnetBus.sys [12/7/2008 12:44 PM 30088]
      R3 IvtBtBUs;IVT Bluetooth Bus Service;c:windowssystem32driversIvtBtBus.sys [7/2/2008 2:58 PM 26248]
      S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [1/29/2010 1:39 AM 135664]
      S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [1/24/2010 6:20 PM 1691480]
      S3 esgiguard;esgiguard;\??\c:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys —> \c:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
      .
      Contents of the ‘Scheduled Tasks’ folder

      2010-01-26 c:windowsTasksFRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8256593230.job
      — c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-06 04:52]

      2010-08-08 c:windowsTasksFRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8262872861.job
      — c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-06 04:52]

      2010-08-10 c:windowsTasksGoogleUpdateTaskMachineCore.job
      — c:program filesGoogleUpdateGoogleUpdate.exe [2010-01-29 05:39]

      2010-08-10 c:windowsTasksGoogleUpdateTaskMachineUA.job
      — c:program filesGoogleUpdateGoogleUpdate.exe [2010-01-29 05:39]

      2010-08-10 c:windowsTasksOGALogon.job
      — c:windowssystem32OGAEXEC.exe [2009-08-03 20:07]
      .
      .

      Supplementary Scan

      .
      uStart Page = hxxp://google.com/
      uSearch Page = hxxp://www.google.com
      uSearch Bar = hxxp://www.google.com/ie
      uInternet Settings,ProxyOverride =
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      mSearchAssistant = hxxp://www.google.com/ie
      IE: &Download by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/201
      IE: &Grab video by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/204
      IE: Do&wnload selected by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/203
      IE: Down&load all by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/202
      IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
      IE: Отправить как сообщение(&M)… — c:program filesIVT CorporationBlueSoleilTransSendIEtssms.htm
      IE: Отправка посредством Bluetooth — c:program filesIVT CorporationBlueSoleilTransSendIEtsinfo.htm
      DPF: {5D2CF9D0-113A-476B-986F-288B54571614} — hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php
      DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} — hxxp://iptv.kartina.tv/install/VLC%20TV%20Player.cab
      DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
      FF — ProfilePath — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfilesnahd6ha2.default
      FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

      —- FIREFOX POLICIES —-
      c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
      c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
      c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
      c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
      .
      — — — — ORPHANS REMOVED — — — —

      WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} — (no file)
      HKCU-Run-RegistryBooster — c:program filesUniblueRegistryBoosterlauncher.exe
      HKCU-Run-ICQUpdater — c:docume~1ADMINI~1LOCALS~1TempIcqUpdater.exe
      HKCU-RunOnce-SpybotDeletingB6209 — command.com

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-08-10 17:58
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes …

      scanning hidden autostart entries …

      scanning hidden files …

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .

      LOCKED REGISTRY KEYS


      [HKEY_USERSS-1-5-21-725345543-1580436667-839522115-500SoftwareMicrosoftInternet ExplorerUser Preferences]
      @Denied: (2) (Administrator)
      «88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,58,ae,b6,d6,19,20,44,8a,96,4d,
      «2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,58,ae,b6,d6,19,20,44,8a,96,4d,
      .

      DLLs Loaded Under Running Processes


      — — — — — — — > ‘explorer.exe'(4212)
      c:windowssystem32WININET.dll
      c:windowsTEMPlogishrdLVPrcInj01.dll
      c:windowssystem32ieframe.dll
      c:windowssystem32webcheck.dll
      .

      Other Running Processes

      .
      c:windowssystem32nvsvc32.exe
      c:program filesIVT CorporationBlueSoleilBlueSoleilCS.exe
      c:windowsRTHDCPL.EXE
      c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
      c:program filesHewlett-PackardDigital Imagingbinhpoevm08.exe
      c:program filesIVT CorporationBlueSoleilBsHelpCS.exe
      c:program filesHewlett-PackardDigital ImagingBinhpoSTS08.exe
      c:windowssystem32wscntfy.exe
      .
      **************************************************************************
      .
      Completion time: 2010-08-10 18:01:49 — machine was rebooted
      ComboFix-quarantined-files.txt 2010-08-10 22:01
      ComboFix2.txt 2010-08-09 02:00

      Pre-Run: 224,938,172,416 bytes free
      Post-Run: 224,931,762,176 bytes free

      — — End Of File — — 72528230665C137A5D597AFB957C58D3

    11 августа, 2010 в 4:12 пп #30681
    Helper
    Participant
    • Темы:19
    • Сообщений:712
    • ☆☆☆☆☆

    Не торопитесь 😉
    Скопируйте текст ниже в блокнот и сохраните как файл с названием CFScript.txt на рабочий стол.


    
KillAll::
    

    
File::
    
c:windowssystem32driverslvuvc.hs
    
c:windowssystem32driverslogiflt.iad
    

    
Driver::
    

    
Folder::
    

    
Registry::
    

    
FileLook::
    
c:windowssystem32driverskgpcpy.cfg
    
c:windowsTEMPlogishrdLVPrcInj01.dll
    

    
DirLook::

    После сохранения переместите CFScript.txt на пиктограмму ComboFix.exe.

    Когда сохранится новый отчет ComboFix, ComboFix.txt прикрепите к сообщению.

    11 августа, 2010 в 9:45 пп #30683
    gull
    Participant
    • Темы:1
    • Сообщений:8
    • ☆
      ComboFix 10-08-11.04 — Administrator 08/11/2010 17:29:50.4.2 — x86
      Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.3325.2793 [GMT -4:00]
      Running from: c:documents and settingsAdministratorMy DocumentsComboFix.exe
      Command switches used :: c:documents and settingsAdministratorDesktopCFScript.txt
      AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

      FILE ::
      «c:windowssystem32driverslogiflt.iad»
      «c:windowssystem32driverslvuvc.hs»
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:windowssystem32driverslogiflt.iad
      c:windowssystem32driverslvuvc.hs

      .
      ((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
      .

      2010-08-10 21:54 . 2010-08-10 21:54

      d

      w- c:documents and settingsAdministratorLocal SettingsApplication DataESET
      2010-08-10 09:29 . 2010-08-10 09:29

      d

      w- c:documents and settingsAdministratorLocal SettingsApplication DataGoogle
      2010-08-10 09:29 . 2010-08-10 09:29

      d

      w- c:documents and settingsAdministratorLocal SettingsApplication Databluesoleil
      2010-08-10 09:29 . 2010-08-10 09:29

      d

      w- c:documents and settingsAdministratorLocal SettingsApplication DataDNA
      2010-08-10 02:52 . 2010-08-10 02:52

      d

      w- c:documents and settingsAdministratorLocal SettingsApplication DataConduit
      2010-08-10 02:50 . 2010-08-10 02:50

      d

      w- c:program filesXenocode
      2010-08-10 02:50 . 2010-08-10 02:51

      d

      w- c:documents and settingsAdministratorImpostazioni locali
      2010-08-10 02:50 . 2010-08-10 02:50

      d

      w- c:windowsXSxS
      2010-08-09 21:55 . 2010-08-09 21:55

      d

      w- C:rsit
      2010-08-09 21:55 . 2010-08-09 21:55

      d

      w- c:program filestrend micro
      2010-08-09 01:30 . 2010-08-09 01:30

      d

      w- c:documents and settingsAdministratorApplication DataUniblue
      2010-08-09 01:06 . 2010-08-09 01:06 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.510000001400002iNOTEPAD.EXE
      2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000005c00003iSschk.exe
      2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5400000a0500002iepid2d6.exe
      2010-08-09 01:04 . 2010-07-26 23:13 3683248 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%AppData%Simply Super SoftwareTrojan Removerepid2d6.exe
      2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000022200002iRmvtrjan.exe
      2010-08-09 00:58 . 2010-08-09 00:58 715152 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan Removertrunins.exe
      2010-08-09 00:58 . 2010-08-09 00:58 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.51000000500002iREGSVR32.EXE
      2010-08-09 00:58 . 2010-08-09 00:58 484304 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverTrshlex.dll
      2010-08-09 00:58 . 2010-08-09 00:58 1167808 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverTrjscan.exe
      2010-08-09 00:57 . 2010-08-09 00:57 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002ibpe591b.exe
      2010-08-09 00:57 . 2010-08-09 00:57 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000001bf00002iRMVTRJAN.EXE
      2010-08-09 00:56 . 2010-08-09 00:56 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000016c00002itrupd.exe
      2010-08-09 00:55 . 2010-08-09 00:55 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002irky37ec.exe
      2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000001200003iSschk.exe
      2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002ippxfa02.exe
      2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002iquse179.exe
      2010-08-09 00:53 . 2010-08-09 00:53

      d

      w- c:documents and settingsAdministratorApplication DataThinstall
      2010-08-09 00:41 . 2010-08-09 00:41

      d

      w- C:VundoFix Backups
      2010-08-09 00:12 . 2010-08-09 00:12

      d

      w- c:documents and settingsAdministratorDoctorWeb
      2010-08-08 23:58 . 2010-08-08 23:58

      d

      w- c:program filesEnigma Software Group
      2010-08-08 23:58 . 2010-08-09 00:11

      d

      w- c:windows95431C66CF9A4913BFFF6050785AFB65.TMP
      2010-08-08 22:40 . 2010-08-08 22:40

      d

      w- c:documents and settingsAdministratorApplication DataMalwarebytes
      2010-08-08 22:40 . 2010-04-29 19:39 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
      2010-08-08 22:40 . 2010-08-08 22:40

      d

      w- c:program filesMalwarebytes’ Anti-Malware
      2010-08-08 22:40 . 2010-08-08 22:40

      d

      w- c:documents and settingsAll UsersApplication DataMalwarebytes
      2010-08-08 22:40 . 2010-04-29 19:39 20952 —-a-w- c:windowssystem32driversmbam.sys
      2010-08-08 22:37 . 2010-08-08 23:39

      d

      w- c:documents and settingsAll UsersApplication DataSTOPzilla!
      2010-08-05 01:31 . 2010-08-05 01:31

      d

      w- c:program filesCommon FilesJava
      2010-08-05 01:31 . 2010-08-05 01:31 61440 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0424488892a-161dee86-ndecora-sse.dll
      2010-08-05 01:31 . 2010-08-05 01:31 503808 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-nmsvcp71.dll
      2010-08-05 01:31 . 2010-08-05 01:31 499712 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-njmc.dll
      2010-08-05 01:31 . 2010-08-05 01:31 348160 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-nmsvcr71.dll
      2010-08-05 01:31 . 2010-08-05 01:31 12800 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0424488892a-161dee86-ndecora-d3d.dll
      2010-07-29 22:46 . 2010-08-11 21:34

      d

      w- c:program filesDNA
      2010-07-29 22:46 . 2010-08-11 21:34

      d

      w- c:documents and settingsAdministratorApplication DataDNA
      2010-07-22 21:35 . 2010-07-22 21:35

      d

      w- c:program filesCommon FilesSkype
      2010-07-18 12:09 . 2010-07-18 12:09

      d

      w- C:found.000
      2010-07-14 09:38 . 2010-06-14 14:31 744448 -c—-w- c:windowssystem32dllcachehelpsvc.exe

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-08-11 10:02 . 2009-10-27 23:34

      d

      w- c:documents and settingsAdministratorApplication DataSkype
      2010-08-11 09:59 . 2009-10-27 23:51

      d

      w- c:documents and settingsAdministratorApplication DataskypePM
      2010-08-11 00:37 . 2009-10-24 22:05

      d

      w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
      2010-08-09 22:34 . 2009-10-24 22:05

      d

      w- c:program filesSpybot — Search & Destroy
      2010-08-09 00:58 . 2007-11-28 19:26 373680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverSschk.exe
      2010-08-08 23:58 . 2009-10-24 12:46

      d

      w- c:program filesCommon FilesWise Installation Wizard
      2010-08-08 23:05 . 2010-08-08 22:56 1968 —-a-w- c:windowssystem32driverskgpcpy.cfg
      2010-07-29 22:31 . 2010-01-12 22:26

      d

      w- c:documents and settingsAdministratorApplication DatauTorrent
      2010-07-28 23:38 . 2009-12-25 02:14

      d

      w- c:documents and settingsAdministratorApplication DataDownload Manager
      2010-07-28 22:56 . 2009-10-24 14:24

      d

      w- c:documents and settingsAdministratorApplication DataAIMP
      2010-07-22 21:35 . 2009-10-27 23:33

      d

      r- c:program filesSkype
      2010-07-22 21:34 . 2009-10-27 23:33

      d

      w- c:documents and settingsAll UsersApplication DataSkype
      2010-07-04 22:04 . 2010-07-04 22:03

      d

      w- c:program filesGamblerJBeta
      2010-07-04 21:58 . 2010-07-04 21:58

      d

      w- c:program filesGamblerJ
      2010-06-30 17:11 . 2009-10-27 15:02

      d

      w- c:program filesICQ6.5
      2010-06-29 01:04 . 2010-05-05 01:48

      d

      w- c:documents and settingsAll UsersApplication DataDivX
      2010-06-22 21:55 . 2010-06-22 21:55 501936 —-a-w- c:documents and settingsAll UsersApplication DataGoogleGoogle ToolbarUpdategtb8C.tmp.exe
      2010-06-14 14:31 . 2009-10-24 12:38 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
      2010-06-06 13:44 . 2010-05-05 01:52 57344 —-a-w- c:documents and settingsAll UsersApplication DataDivXRunAsUserRUNASUSERPROCESS.dll
      2010-06-06 13:30 . 2010-06-06 13:30 56765 —-a-w- c:documents and settingsAll UsersApplication DataDivXDivXPlusShortcutsUninstaller.exe
      2010-06-06 13:30 . 2010-06-06 13:30 53600 —-a-w- c:documents and settingsAll UsersApplication DataDivXUpdateUninstaller.exe
      2010-06-06 13:30 . 2010-06-06 13:30 54128 —-a-w- c:documents and settingsAll UsersApplication DataDivXConverterUninstaller.exe
      2010-06-06 13:30 . 2010-06-06 13:30 54644 —-a-w- c:documents and settingsAll UsersApplication DataDivXTranscodeEngineUninstaller.exe
      2010-06-06 13:30 . 2010-06-06 13:30 54101 —-a-w- c:documents and settingsAll UsersApplication DataDivXMPEG2PluginUninstaller.exe
      2010-06-06 13:27 . 2010-05-05 01:52 1062184 —-a-w- c:documents and settingsAll UsersApplication DataDivXSetupResource.dll
      2010-06-06 13:27 . 2010-05-05 01:52 895256 —-a-w- c:documents and settingsAll UsersApplication DataDivXSetupDivXSetup.exe
      2010-05-29 22:33 . 2010-01-01 00:04 5 —-a-w- c:windowssystem32SySMP3CutJoin.dat
      2010-05-27 22:17 . 2010-05-27 22:17 503808 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-nmsvcp71.dll
      2010-05-27 22:17 . 2010-05-27 22:17 499712 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-njmc.dll
      2010-05-27 22:17 . 2010-05-27 22:17 348160 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-nmsvcr71.dll
      2010-05-27 22:16 . 2010-05-27 22:16 61440 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0505535ab32-4e3d76d7-ndecora-sse.dll
      2010-05-27 22:16 . 2010-05-27 22:16 12800 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0505535ab32-4e3d76d7-ndecora-d3d.dll
      2010-05-15 00:56 . 2007-11-28 19:26 1303472 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverRmvtrjan.exe
      .

      (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
      .

      — c:windowssystem32driverskgpcpy.cfg —
      Company:

      File Description:

      File Version:

      Product Name:

      Copyright:

      Original Filename:

      File size: 1968
      Created time: 2010-08-08 22:56
      Modified time: 2010-08-08 23:05
      MD5: D5F37F7D637DFFEE8798BEA15239E089
      SHA1: 6123D72742C01FED8D859FD1139867A6E5432D6B

      — c:windowsTEMPlogishrdLVPrcInj01.dll —
      Company: Logitech Inc.
      File Description: Camera Helper Library.
      File Version: 12.10.1110.0
      Product Name: Logitech Webcam Software
      Copyright: (c) 1996-2009 Logitech. All rights reserved.
      Original Filename: LVPrcInj.dll
      File size: 109080
      Created time: 2010-08-11 21:17
      Modified time: 2009-10-07 06:47
      MD5: A25A46E0813B36797D7F31234764E17A
      SHA1: 94FAFCF7721D930DBDD8BA9ACF54A6C6FC6497ED

      ((((((((((((((((((((((((((((( SnapShot_2010-08-10_21.58.27 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2010-08-11 21:34 . 2009-10-07 06:47 109080 c:windowstemplogishrdLVPrcInj01.dll
      — 2010-08-10 21:58 . 2009-10-07 06:47 109080 c:windowstemplogishrdLVPrcInj01.dll
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
      «{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

      [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

      [HKEY_LOCAL_MACHINE~Browser Helper Objects{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
      2010-04-29 10:51 2515552 —-a-w- c:program filesRadio_WtbRad0.dll

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
      «{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

      [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

      [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
      «{B4EFB02B-CD4A-44B9-B5D9-AA486CDFFAB6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

      [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

      [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
      «swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-10-24 39408]
      «SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2009-03-05 2260480]
      «BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2010-07-29 323392]
      «ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
      «ICQUpdater»=»c:docume~1ADMINI~1LOCALS~1TempIcqUpdater.exe» [BU]

      [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
      «SpybotDeletingB6209″=»command.com» [BU]

      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
      «BtTray»=»c:program filesIVT CorporationBlueSoleilBtTray.exe» [2009-02-27 278016]
      «IntelliPoint»=»c:program filesMicrosoft IntelliPointipoint.exe» [2009-11-11 1468256]
      «RTHDCPL»=»RTHDCPL.EXE» [2010-03-26 19522592]
      «egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
      «NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2010-03-16 13670504]
      «LogitechCommunicationsManager»=»c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe» [BU]
      «LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [BU]

      c:documents and settingsAll UsersStart MenuProgramsStartup
      hp psc 1000 series.lnk — c:program filesHewlett-PackardDigital Imagingbinhpohmr08.exe [2003-4-6 147456]
      hpoddt01.exe.lnk — c:program filesHewlett-PackardDigital Imagingbinhpotdd01.exe [2003-4-6 28672]

      [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
      «EnableFirewall»= 0 (0x0)

      [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
      «%windir%\system32\sessmgr.exe»=
      «%windir%\Network Diagnostic\xpnetdiag.exe»=
      «c:\Program Files\BitComet\BitComet.exe»=
      «c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe»=
      «c:\Program Files\ICQ6.5\ICQ.exe»=
      «c:\Program Files\Orbitdownloader\orbitdm.exe»=
      «c:\Program Files\Orbitdownloader\orbitnet.exe»=
      «c:\Program Files\uTorrent\uTorrent.exe»=
      «c:\Program Files\Logitech\Logitech Vid\Vid.exe»=
      «c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
      «c:\Program Files\DNA\btdna.exe»=
      «c:\Program Files\Skype\Phone\Skype.exe»=

      [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
      «11901:TCP»= 11901:TCP:BitComet 11901 TCP
      «11901:UDP»= 11901:UDP:BitComet 11901 UDP
      «8080:TCP»= 8080:TCP:BitComet 8080 TCP
      «8080:UDP»= 8080:UDP:BitComet 8080 UDP
      «14974:TCP»= 14974:TCP:BitComet 14974 TCP
      «14974:UDP»= 14974:UDP:BitComet 14974 UDP
      «3389:TCP»= 3389:TCP:@xpsp2res.dll,-22009

      R0 BtHidBus;Bluetooth HID Bus Service;c:windowssystem32driversBtHidBus.sys [1/7/2009 11:39 PM 20744]
      R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [7/1/2008 9:04 AM 34312]
      R1 oreans32;oreans32;c:windowssystem32driversoreans32.sys [1/15/2010 11:58 PM 33824]
      R2 BsMobileCS;BsMobileCS;c:program filesIVT CorporationBlueSoleilBsMobileCS.exe [2/27/2009 4:40 PM 143467]
      R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [12/21/2007 8:21 AM 468224]
      R3 btnetBUs;Bluetooth PAN Bus Service;c:windowssystem32driversbtnetBus.sys [12/7/2008 12:44 PM 30088]
      R3 IvtBtBUs;IVT Bluetooth Bus Service;c:windowssystem32driversIvtBtBus.sys [7/2/2008 2:58 PM 26248]
      S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [1/29/2010 1:39 AM 135664]
      S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [1/24/2010 6:20 PM 1691480]
      S3 esgiguard;esgiguard;\??\c:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys —> \c:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
      .
      Contents of the ‘Scheduled Tasks’ folder

      2010-01-26 c:windowsTasksFRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8256593230.job
      — c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-06 04:52]

      2010-08-08 c:windowsTasksFRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8262872861.job
      — c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-06 04:52]

      2010-08-11 c:windowsTasksGoogleUpdateTaskMachineCore.job
      — c:program filesGoogleUpdateGoogleUpdate.exe [2010-01-29 05:39]

      2010-08-11 c:windowsTasksGoogleUpdateTaskMachineUA.job
      — c:program filesGoogleUpdateGoogleUpdate.exe [2010-01-29 05:39]

      2010-08-11 c:windowsTasksOGALogon.job
      — c:windowssystem32OGAEXEC.exe [2009-08-03 20:07]
      .
      .

      Supplementary Scan

      .
      uStart Page = hxxp://google.com/
      uSearch Page = hxxp://www.google.com
      uSearch Bar = hxxp://www.google.com/ie
      uInternet Settings,ProxyOverride =
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      mSearchAssistant = hxxp://www.google.com/ie
      IE: &Download by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/201
      IE: &Grab video by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/204
      IE: Do&wnload selected by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/203
      IE: Down&load all by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/202
      IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
      IE: Отправить как сообщение(&M)… — c:program filesIVT CorporationBlueSoleilTransSendIEtssms.htm
      IE: Отправка посредством Bluetooth — c:program filesIVT CorporationBlueSoleilTransSendIEtsinfo.htm
      DPF: {5D2CF9D0-113A-476B-986F-288B54571614} — hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php
      DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} — hxxp://iptv.kartina.tv/install/VLC%20TV%20Player.cab
      DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
      FF — ProfilePath — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfilesnahd6ha2.default
      FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

      —- FIREFOX POLICIES —-
      c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
      c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
      c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
      c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
      .
      — — — — ORPHANS REMOVED — — — —

      WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} — (no file)

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-08-11 17:34
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes …

      scanning hidden autostart entries …

      scanning hidden files …

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .

      LOCKED REGISTRY KEYS


      [HKEY_USERSS-1-5-21-725345543-1580436667-839522115-500SoftwareMicrosoftInternet ExplorerUser Preferences]
      @Denied: (2) (Administrator)
      «88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,58,ae,b6,d6,19,20,44,8a,96,4d,
      «2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
      d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,58,ae,b6,d6,19,20,44,8a,96,4d,
      .

      DLLs Loaded Under Running Processes


      — — — — — — — > ‘explorer.exe'(2592)
      c:windowssystem32WININET.dll
      c:windowsTEMPlogishrdLVPrcInj01.dll
      c:windowssystem32ieframe.dll
      c:windowssystem32webcheck.dll
      .

      Other Running Processes

      .
      c:windowssystem32nvsvc32.exe
      c:program filesIVT CorporationBlueSoleilBlueSoleilCS.exe
      c:windowsRTHDCPL.EXE
      c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
      c:program filesHewlett-PackardDigital Imagingbinhpoevm08.exe
      c:program filesIVT CorporationBlueSoleilBsHelpCS.exe
      c:program filesHewlett-PackardDigital ImagingBinhpoSTS08.exe
      c:windowssystem32wscntfy.exe
      .
      **************************************************************************
      .
      Completion time: 2010-08-11 17:37:56 — machine was rebooted
      ComboFix-quarantined-files.txt 2010-08-11 21:37
      ComboFix2.txt 2010-08-10 22:01
      ComboFix3.txt 2010-08-09 02:00

      Pre-Run: 225,189,548,032 bytes free
      Post-Run: 225,179,303,936 bytes free

      — — End Of File — — B176C11A1BB0985D74A2F50E175E0EB1

    12 августа, 2010 в 2:25 пп #30682
    Helper
    Participant
    • Темы:19
    • Сообщений:712
    • ☆☆☆☆☆

    Скопируйте текст ниже в блокнот и сохраните как файл с названием CFScript.txt на рабочий стол.


    
KillAll::
    

    
File::
    
c:docume~1ADMINI~1LOCALS~1TempIcqUpdater.exe
    

    
Driver::
    

    
Folder::
    
c:docume~1ADMINI~1LOCALS~1Temp
    

    
Registry::
    
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    
"ICQUpdater"=-
    

    
FileLook::
    

    
DirLook::

    После сохранения переместите CFScript.txt на пиктограмму ComboFix.exe.

    Когда сохранится новый отчет ComboFix, ComboFix.txt прикрепите к сообщению.

    c:documents and settingsAdministratorLocal SettingsApplication Databluesoleil
    c:documents and settingsAdministratorLocal SettingsApplication DataDNA
    c:documents and settingsAdministratorLocal SettingsApplication DataConduit
    c:program filesXenocode
    c:documents and settingsAdministratorImpostazioni locali
    c:windowsXSxS
    c:documents and settingsAdministratorApplication DataUniblue
    c:windowssystem32driverskgpcpy.cfg
    Известно вам это все?

    12 августа, 2010 в 9:04 пп #30676
    gull
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    Ну у Блютуза, это нужный вирус 😀 Ну про всех я ,простой чайник, знать не могу….а вот этот

      c:windowstemplogishrdLVPrcInj01.dll

    не удаляется

    [listComboFix 10-08-12.02 — Administrator 08/12/2010 16:44:47.5.2 — x86
    Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.3325.2738 [GMT -4:00]
    Running from: c:documents and settingsAdministratorMy DocumentsComboFix.exe
    Command switches used :: c:documents and settingsAdministratorDesktopCFScript.txt
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    * Resident AV is active

    FILE ::
    «c:docume~1ADMINI~1LOCALS~1TempIcqUpdater.exe»
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:docume~1ADMINI~1LOCALS~1Temp
    c:docume~1ADMINI~1LOCALS~1Temp4153031819174781.tmp
    c:docume~1ADMINI~1LOCALS~1Temp41530318191852109.tmp
    c:docume~1ADMINI~1LOCALS~1Temp415303181932085078.tmp
    c:docume~1ADMINI~1LOCALS~1TempArabic.bin
    c:docume~1ADMINI~1LOCALS~1TempCzech.bin
    c:docume~1ADMINI~1LOCALS~1TempDanish.bin
    c:docume~1ADMINI~1LOCALS~1TempDutch.bin
    c:docume~1ADMINI~1LOCALS~1TempEnglish.bin
    c:docume~1ADMINI~1LOCALS~1TempFinnish.bin
    c:docume~1ADMINI~1LOCALS~1TempFrench.bin
    c:docume~1ADMINI~1LOCALS~1TempGerman.bin
    c:docume~1ADMINI~1LOCALS~1TempGreek.bin
    c:docume~1ADMINI~1LOCALS~1TempHebrew.bin
    c:docume~1ADMINI~1LOCALS~1TempHungarian.bin
    c:docume~1ADMINI~1LOCALS~1TempItalian.bin
    c:docume~1ADMINI~1LOCALS~1TempJapanese.bin
    c:docume~1ADMINI~1LOCALS~1TempKorean.bin
    c:docume~1ADMINI~1LOCALS~1TempLithuanian.bin
    c:docume~1ADMINI~1LOCALS~1TempNorwegian.bin
    c:docume~1ADMINI~1LOCALS~1TempPolish.bin
    c:docume~1ADMINI~1LOCALS~1TempPortuguese(Brazil).bin
    c:docume~1ADMINI~1LOCALS~1TempPortuguese.bin
    c:docume~1ADMINI~1LOCALS~1TempRussian.bin
    c:docume~1ADMINI~1LOCALS~1TempSimChin.bin
    c:docume~1ADMINI~1LOCALS~1TempSlovak.bin
    c:docume~1ADMINI~1LOCALS~1TempSlovenian.bin
    c:docume~1ADMINI~1LOCALS~1TempSpanish.bin
    c:docume~1ADMINI~1LOCALS~1TempSWEDISH.bin
    c:docume~1ADMINI~1LOCALS~1TempThai.bin
    c:docume~1ADMINI~1LOCALS~1TempTradChin.bin
    c:docume~1ADMINI~1LOCALS~1TempTurkish.bin

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
    .

    2010-08-12 20:20 . 2010-08-12 20:20

    d

    w- c:documents and settingsAdministratorLocal SettingsApplication DataGHISLER
    2010-08-11 22:31 . 2010-08-11 22:31 2560 —-a-w- c:windowssystem32bitcometres.dll
    2010-08-10 21:54 . 2010-08-10 21:54

    d

    w- c:documents and settingsAdministratorLocal SettingsApplication DataESET
    2010-08-10 09:29 . 2010-08-10 09:29

    d

    w- c:documents and settingsAdministratorLocal SettingsApplication DataGoogle
    2010-08-10 09:29 . 2010-08-10 09:29

    d

    w- c:documents and settingsAdministratorLocal SettingsApplication Databluesoleil
    2010-08-10 09:29 . 2010-08-10 09:29

    d

    w- c:documents and settingsAdministratorLocal SettingsApplication DataDNA
    2010-08-10 02:52 . 2010-08-10 02:52

    d

    w- c:documents and settingsAdministratorLocal SettingsApplication DataConduit
    2010-08-10 02:50 . 2010-08-10 02:50

    d

    w- c:program filesXenocode
    2010-08-10 02:50 . 2010-08-10 02:51

    d

    w- c:documents and settingsAdministratorImpostazioni locali
    2010-08-10 02:50 . 2010-08-10 02:50

    d

    w- c:windowsXSxS
    2010-08-09 21:55 . 2010-08-09 21:55

    d

    w- C:rsit
    2010-08-09 21:55 . 2010-08-09 21:55

    d

    w- c:program filestrend micro
    2010-08-09 01:30 . 2010-08-09 01:30

    d

    w- c:documents and settingsAdministratorApplication DataUniblue
    2010-08-09 01:06 . 2010-08-09 01:06 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.510000001400002iNOTEPAD.EXE
    2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000005c00003iSschk.exe
    2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5400000a0500002iepid2d6.exe
    2010-08-09 01:04 . 2010-07-26 23:13 3683248 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%AppData%Simply Super SoftwareTrojan Removerepid2d6.exe
    2010-08-09 01:04 . 2010-08-09 01:04 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000022200002iRmvtrjan.exe
    2010-08-09 00:58 . 2010-08-09 00:58 715152 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan Removertrunins.exe
    2010-08-09 00:58 . 2010-08-09 00:58 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.51000000500002iREGSVR32.EXE
    2010-08-09 00:58 . 2010-08-09 00:58 484304 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverTrshlex.dll
    2010-08-09 00:58 . 2010-08-09 00:58 1167808 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverTrjscan.exe
    2010-08-09 00:57 . 2010-08-09 00:57 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002ibpe591b.exe
    2010-08-09 00:57 . 2010-08-09 00:57 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000001bf00002iRMVTRJAN.EXE
    2010-08-09 00:56 . 2010-08-09 00:56 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000016c00002itrupd.exe
    2010-08-09 00:55 . 2010-08-09 00:55 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002irky37ec.exe
    2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.54000001200003iSschk.exe
    2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002ippxfa02.exe
    2010-08-09 00:53 . 2010-08-09 00:53 7680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.540000072b00002iquse179.exe
    2010-08-09 00:53 . 2010-08-09 00:53

    d

    w- c:documents and settingsAdministratorApplication DataThinstall
    2010-08-09 00:41 . 2010-08-09 00:41

    d

    w- C:VundoFix Backups
    2010-08-09 00:12 . 2010-08-09 00:12

    d

    w- c:documents and settingsAdministratorDoctorWeb
    2010-08-08 23:58 . 2010-08-08 23:58

    d

    w- c:program filesEnigma Software Group
    2010-08-08 23:58 . 2010-08-09 00:11

    d

    w- c:windows95431C66CF9A4913BFFF6050785AFB65.TMP
    2010-08-08 22:40 . 2010-08-08 22:40

    d

    w- c:documents and settingsAdministratorApplication DataMalwarebytes
    2010-08-08 22:40 . 2010-04-29 19:39 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
    2010-08-08 22:40 . 2010-08-08 22:40

    d

    w- c:program filesMalwarebytes’ Anti-Malware
    2010-08-08 22:40 . 2010-08-08 22:40

    d

    w- c:documents and settingsAll UsersApplication DataMalwarebytes
    2010-08-08 22:40 . 2010-04-29 19:39 20952 —-a-w- c:windowssystem32driversmbam.sys
    2010-08-08 22:37 . 2010-08-08 23:39

    d

    w- c:documents and settingsAll UsersApplication DataSTOPzilla!
    2010-08-05 01:31 . 2010-08-05 01:31

    d

    w- c:program filesCommon FilesJava
    2010-08-05 01:31 . 2010-08-05 01:31 61440 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0424488892a-161dee86-ndecora-sse.dll
    2010-08-05 01:31 . 2010-08-05 01:31 503808 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-nmsvcp71.dll
    2010-08-05 01:31 . 2010-08-05 01:31 499712 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-njmc.dll
    2010-08-05 01:31 . 2010-08-05 01:31 348160 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.047ec4bf04-75dec727-nmsvcr71.dll
    2010-08-05 01:31 . 2010-08-05 01:31 12800 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0424488892a-161dee86-ndecora-d3d.dll
    2010-07-29 22:46 . 2010-08-12 20:49

    d

    w- c:program filesDNA
    2010-07-29 22:46 . 2010-08-12 20:49

    d

    w- c:documents and settingsAdministratorApplication DataDNA
    2010-07-22 21:35 . 2010-07-22 21:35

    d

    w- c:program filesCommon FilesSkype
    2010-07-18 12:09 . 2010-07-18 12:09

    d

    w- C:found.000
    2010-07-14 09:38 . 2010-06-14 14:31 744448 -c—-w- c:windowssystem32dllcachehelpsvc.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-12 20:49 . 2010-08-12 00:45 0 —-a-w- c:windowssystem32driverslvuvc.hs
    2010-08-12 20:49 . 2010-08-12 00:45 0 —-a-w- c:windowssystem32driverslogiflt.iad
    2010-08-12 10:13 . 2010-01-12 22:26

    d

    w- c:documents and settingsAdministratorApplication DatauTorrent
    2010-08-12 09:47 . 2009-10-27 23:34

    d

    w- c:documents and settingsAdministratorApplication DataSkype
    2010-08-12 09:46 . 2009-10-27 23:51

    d

    w- c:documents and settingsAdministratorApplication DataskypePM
    2010-08-11 21:39 . 2009-10-24 22:05

    d

    w- c:documents and settingsAll UsersApplication DataSpybot — Search & Destroy
    2010-08-09 22:34 . 2009-10-24 22:05

    d

    w- c:program filesSpybot — Search & Destroy
    2010-08-09 00:58 . 2007-11-28 19:26 373680 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverSschk.exe
    2010-08-08 23:58 . 2009-10-24 12:46

    d

    w- c:program filesCommon FilesWise Installation Wizard
    2010-08-08 23:05 . 2010-08-08 22:56 1968 —-a-w- c:windowssystem32driverskgpcpy.cfg
    2010-07-28 23:38 . 2009-12-25 02:14

    d

    w- c:documents and settingsAdministratorApplication DataDownload Manager
    2010-07-28 22:56 . 2009-10-24 14:24

    d

    w- c:documents and settingsAdministratorApplication DataAIMP
    2010-07-22 21:35 . 2009-10-27 23:33

    d

    r- c:program filesSkype
    2010-07-22 21:34 . 2009-10-27 23:33

    d

    w- c:documents and settingsAll UsersApplication DataSkype
    2010-07-04 22:04 . 2010-07-04 22:03

    d

    w- c:program filesGamblerJBeta
    2010-07-04 21:58 . 2010-07-04 21:58

    d

    w- c:program filesGamblerJ
    2010-06-30 17:11 . 2009-10-27 15:02

    d

    w- c:program filesICQ6.5
    2010-06-29 01:04 . 2010-05-05 01:48

    d

    w- c:documents and settingsAll UsersApplication DataDivX
    2010-06-22 21:55 . 2010-06-22 21:55 501936 —-a-w- c:documents and settingsAll UsersApplication DataGoogleGoogle ToolbarUpdategtb8C.tmp.exe
    2010-06-14 14:31 . 2009-10-24 12:38 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
    2010-06-06 13:44 . 2010-05-05 01:52 57344 —-a-w- c:documents and settingsAll UsersApplication DataDivXRunAsUserRUNASUSERPROCESS.dll
    2010-06-06 13:30 . 2010-06-06 13:30 56765 —-a-w- c:documents and settingsAll UsersApplication DataDivXDivXPlusShortcutsUninstaller.exe
    2010-06-06 13:30 . 2010-06-06 13:30 53600 —-a-w- c:documents and settingsAll UsersApplication DataDivXUpdateUninstaller.exe
    2010-06-06 13:30 . 2010-06-06 13:30 54128 —-a-w- c:documents and settingsAll UsersApplication DataDivXConverterUninstaller.exe
    2010-06-06 13:30 . 2010-06-06 13:30 54644 —-a-w- c:documents and settingsAll UsersApplication DataDivXTranscodeEngineUninstaller.exe
    2010-06-06 13:30 . 2010-06-06 13:30 54101 —-a-w- c:documents and settingsAll UsersApplication DataDivXMPEG2PluginUninstaller.exe
    2010-06-06 13:27 . 2010-05-05 01:52 1062184 —-a-w- c:documents and settingsAll UsersApplication DataDivXSetupResource.dll
    2010-06-06 13:27 . 2010-05-05 01:52 895256 —-a-w- c:documents and settingsAll UsersApplication DataDivXSetupDivXSetup.exe
    2010-05-29 22:33 . 2010-01-01 00:04 5 —-a-w- c:windowssystem32SySMP3CutJoin.dat
    2010-05-27 22:17 . 2010-05-27 22:17 503808 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-nmsvcp71.dll
    2010-05-27 22:17 . 2010-05-27 22:17 499712 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-njmc.dll
    2010-05-27 22:17 . 2010-05-27 22:17 348160 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-2301fd92-nmsvcr71.dll
    2010-05-27 22:16 . 2010-05-27 22:16 61440 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0505535ab32-4e3d76d7-ndecora-sse.dll
    2010-05-27 22:16 . 2010-05-27 22:16 12800 —-a-w- c:documents and settingsAdministratorApplication DataSunJavaDeploymentSystemCache6.0505535ab32-4e3d76d7-ndecora-d3d.dll
    2010-05-15 00:56 . 2007-11-28 19:26 1303472 —-a-w- c:documents and settingsAdministratorApplication DataThinstallTrojan Remover 6.6.5%ProgramFilesDir%Trojan RemoverRmvtrjan.exe
    .

    ((((((((((((((((((((((((((((( SnapShot_2010-08-10_21.58.27 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-08-12 20:49 . 2009-10-07 06:47 109080 c:windowstemplogishrdLVPrcInj01.dll
    — 2010-08-10 21:58 . 2009-10-07 06:47 109080 c:windowstemplogishrdLVPrcInj01.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
    «{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

    [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

    [HKEY_LOCAL_MACHINE~Browser Helper Objects{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]
    2010-04-29 10:51 2515552 —-a-w- c:program filesRadio_WtbRad0.dll

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
    «{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

    [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

    [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
    «{B4EFB02B-CD4A-44B9-B5D9-AA486CDFFAB6}»= «c:program filesRadio_WtbRad0.dll» [2010-04-29 2515552]

    [HKEY_CLASSES_ROOTclsid{b4efb02b-cd4a-44b9-b5d9-aa486cdffab6}]

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    «swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-10-24 39408]
    «SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2009-03-05 2260480]
    «BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2010-07-29 323392]
    «ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
    «ICQUpdater»=»c:docume~1ADMINI~1LOCALS~1TempIcqUpdater.exe» [BU]

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
    «SpybotDeletingB6209″=»command.com» [BU]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    «BtTray»=»c:program filesIVT CorporationBlueSoleilBtTray.exe» [2009-02-27 278016]
    «IntelliPoint»=»c:program filesMicrosoft IntelliPointipoint.exe» [2009-11-11 1468256]
    «RTHDCPL»=»RTHDCPL.EXE» [2010-03-26 19522592]
    «egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
    «NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2010-03-16 13670504]
    «LogitechCommunicationsManager»=»c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe» [BU]
    «LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [BU]

    c:documents and settingsAll UsersStart MenuProgramsStartup
    hp psc 1000 series.lnk — c:program filesHewlett-PackardDigital Imagingbinhpohmr08.exe [2003-4-6 147456]
    hpoddt01.exe.lnk — c:program filesHewlett-PackardDigital Imagingbinhpotdd01.exe [2003-4-6 28672]

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
    «EnableFirewall»= 0 (0x0)

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
    «%windir%\system32\sessmgr.exe»=
    «%windir%\Network Diagnostic\xpnetdiag.exe»=
    «c:\Program Files\BitComet\BitComet.exe»=
    «c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe»=
    «c:\Program Files\ICQ6.5\ICQ.exe»=
    «c:\Program Files\Orbitdownloader\orbitdm.exe»=
    «c:\Program Files\Orbitdownloader\orbitnet.exe»=
    «c:\Program Files\uTorrent\uTorrent.exe»=
    «c:\Program Files\Logitech\Logitech Vid\Vid.exe»=
    «c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
    «c:\Program Files\DNA\btdna.exe»=
    «c:\Program Files\Skype\Phone\Skype.exe»=

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
    «11901:TCP»= 11901:TCP:BitComet 11901 TCP
    «11901:UDP»= 11901:UDP:BitComet 11901 UDP
    «8080:TCP»= 8080:TCP:BitComet 8080 TCP
    «8080:UDP»= 8080:UDP:BitComet 8080 UDP
    «14974:TCP»= 14974:TCP:BitComet 14974 TCP
    «14974:UDP»= 14974:UDP:BitComet 14974 UDP
    «3389:TCP»= 3389:TCP:@xpsp2res.dll,-22009

    R0 BtHidBus;Bluetooth HID Bus Service;c:windowssystem32driversBtHidBus.sys [1/7/2009 11:39 PM 20744]
    R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [7/1/2008 9:04 AM 34312]
    R1 oreans32;oreans32;c:windowssystem32driversoreans32.sys [1/15/2010 11:58 PM 33824]
    R2 BsMobileCS;BsMobileCS;c:program filesIVT CorporationBlueSoleilBsMobileCS.exe [2/27/2009 4:40 PM 143467]
    R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [12/21/2007 8:21 AM 468224]
    R3 btnetBUs;Bluetooth PAN Bus Service;c:windowssystem32driversbtnetBus.sys [12/7/2008 12:44 PM 30088]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:windowssystem32driversIvtBtBus.sys [7/2/2008 2:58 PM 26248]
    S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [1/29/2010 1:39 AM 135664]
    S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [1/24/2010 6:20 PM 1691480]
    S3 esgiguard;esgiguard;\??\c:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys —> \c:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
    .
    Contents of the ‘Scheduled Tasks’ folder

    2010-01-26 c:windowsTasksFRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8256593230.job
    — c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-06 04:52]

    2010-08-08 c:windowsTasksFRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8262872861.job
    — c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-06 04:52]

    2010-08-12 c:windowsTasksGoogleUpdateTaskMachineCore.job
    — c:program filesGoogleUpdateGoogleUpdate.exe [2010-01-29 05:39]

    2010-08-12 c:windowsTasksGoogleUpdateTaskMachineUA.job
    — c:program filesGoogleUpdateGoogleUpdate.exe [2010-01-29 05:39]

    2010-08-12 c:windowsTasksOGALogon.job
    — c:windowssystem32OGAEXEC.exe [2009-08-03 20:07]
    .
    .

    Supplementary Scan

    .
    uStart Page = hxxp://google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride =
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: &Download by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/201
    IE: &Grab video by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/204
    IE: Do&wnload selected by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/203
    IE: Down&load all by Orbit — c:program filesOrbitdownloaderorbitmxt.dll/202
    IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
    IE: Отправить как сообщение(&M)… — c:program filesIVT CorporationBlueSoleilTransSendIEtssms.htm
    IE: Отправка посредством Bluetooth — c:program filesIVT CorporationBlueSoleilTransSendIEtsinfo.htm
    DPF: {5D2CF9D0-113A-476B-986F-288B54571614} — hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php
    DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} — hxxp://iptv.kartina.tv/install/VLC%20TV%20Player.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF — ProfilePath — c:documents and settingsAdministratorApplication DataMozillaFirefoxProfilesnahd6ha2.default
    FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

    —- FIREFOX POLICIES —-
    c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
    c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
    c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
    c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
    .
    — — — — ORPHANS REMOVED — — — —

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} — (no file)

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-12 16:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .

    LOCKED REGISTRY KEYS


    [HKEY_USERSS-1-5-21-725345543-1580436667-839522115-500SoftwareMicrosoftInternet ExplorerUser Preferences]
    @Denied: (2) (Administrator)
    «88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,58,ae,b6,d6,19,20,44,8a,96,4d,
    «2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,58,ae,b6,d6,19,20,44,8a,96,4d,
    .

    DLLs Loaded Under Running Processes


    — — — — — — — > ‘explorer.exe'(6724)
    c:windowssystem32WININET.dll
    c:windowsTEMPlogishrdLVPrcInj01.dll
    c:windowssystem32ieframe.dll
    c:windowssystem32webcheck.dll
    .

    Other Running Processes

    .
    c:windowssystem32nvsvc32.exe
    c:windowsRTHDCPL.EXE
    c:program filesIVT CorporationBlueSoleilBlueSoleilCS.exe
    c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
    c:program filesHewlett-PackardDigital Imagingbinhpoevm08.exe
    c:program filesIVT CorporationBlueSoleilBsHelpCS.exe
    c:program filesHewlett-PackardDigital ImagingBinhpoSTS08.exe
    c:windowssystem32wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-08-12 16:53:05 — machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-12 20:53
    ComboFix2.txt 2010-08-11 21:37
    ComboFix3.txt 2010-08-10 22:01
    ComboFix4.txt 2010-08-09 02:00

    Pre-Run: 220,614,316,032 bytes free
    Post-Run: 220,627,263,488 bytes free

    — — End Of File — — 9CFA94E6887AF3E430889CAAD54B2F87
    ][/list]

    13 августа, 2010 в 10:03 дп #30684
    Helper
    Participant
    • Темы:19
    • Сообщений:712
    • ☆☆☆☆☆

    c:docume~1ADMINI~1LOCALS~1TempIcqUpdater.exe
    Сможете проверить этот файл на http://www.virustotal.com/ru
    И выложить ссылку на результаты.

    13 августа, 2010 в 11:06 дп #30685
    gull
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    Его там не видно

    13 августа, 2010 в 11:59 дп #30686
    Helper
    Participant
    • Темы:19
    • Сообщений:712
    • ☆☆☆☆☆

    Скачайте IceSword.
    http://mail.ustc.edu.cn/~jfpan/download/IceSword122en.zip
    Отключите антивирус/фаервол.
    Отключитесь от интернета, дабы не заразится.
    Запустите программу.
    Внизу слева выберите меню File.
    Появится аналог проводника. Найдите в нем файл:


    
c:docume~1ADMINI~1LOCALS~1TempIcqUpdater.exe

    Нажмите по нему правой кнопкой мыши и выберите Copy to.
    Выберите папку, куда Вы хотите скопировать файл и перед сохранением внизу измените расширение на vir.Проверьте сохранился ли файл.Затем опять выберите этот файл и нажмите по нему правой кнопкой мыши и выберите Force delete.После этого сохраненный файл отправьте на почтовый ящик:
    Anti-Spyware2010@yandex.ru
    Далее запустите ComboFix еще раз и полученный новый лог вставьте сюда. 🙂

    13 августа, 2010 в 9:25 пп #30687
    gull
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    Его и там, не видно. Большое спасибо за содействие, подошли выходные и я лучше переустановлю систему, а то уже глюков много и после всех этих чисток, многие проги не работают. Ещё раз спасибо.

    14 августа, 2010 в 4:47 пп #30688
    Helper
    Participant
    • Темы:19
    • Сообщений:712
    • ☆☆☆☆☆

    Можете папку запаковать:
    C:Qoobox
    Anti-Spyware2010@yandex.ru
    И отправить мне на почтовый ящик?(пожалуйста) 🙄
    А какие проблемы еще остались?

    15 августа, 2010 в 12:52 пп #30689
    gull
    Participant
    • Темы:1
    • Сообщений:8
    • ☆

    ОООО….Так переустановил уже. Да разных глюков с десяток было и то это которые я заметил. Успел этот враг по-хулиганить. Спасибо ещё раз за помощь.

  • Автор
    Сообщения
Просмотр 15 сообщений - с 1 по 15 (из 16 всего)
1 2 →
  • Для ответа в этой теме необходимо авторизоваться.
Войти

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Последние темы

  • Странность в Malwebytes опубликовано Artem225
    5 years, 6 months назад
  • SUSPICIOUS.FakedMBR.1 что делать, помогите!!! опубликовано White
    5 years, 7 months назад
  • Помогите пожалуйста вирус замучил. опубликовано dimazons1233211
    5 years, 9 months назад
  • Замучила реклама опубликовано Данила Беспятов
    5 years, 10 months назад
  • Замучила реклама опубликовано Марк
    5 years, 7 months назад
  • Вирус S1.video.ru.net опубликовано ludovik
    6 years назад
  • Чертов Safe Finder!!!! опубликовано kosta savo
    5 years, 9 months назад
  • ESET блокирует неизвестный сайт , вход на который не осуществлялся. опубликовано trollhamaren
    6 years, 1 month назад

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)