- This topic has 5 ответов, 2 участника, and was last updated 15 years, 10 months назад by
.
-
Сообщения
-
Помогите, пожалуйста, избавиться от вируса. В последнее время компьютер стал медленно работать. Проверил на нличие вирусов ESET Online Scanner. Обнаружил win32/Kryptik. В поисковике набрал: Как бороться, попал на этот сайт. Прочитал, как избавиться от трояна. Установил ComboFix, сделал все по похожему описанию. Возможно удалил что-то, но залезть ни на один сайт толком не могу, все по прежнему тормозит.
Если кто может помочь мне в этой проблеме, помогите, пожалуйста….Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-12-22 20:23:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (5%) free of 70 GB
Total RAM: 1407 MB (46% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:37, on 22.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:Program FilesHPQIAMbinasghost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Documents and SettingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesuTorrentutorrent.exe
C:Игры от NevoSoftNevoDRMrun.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:WINDOWSsystem32IFXSPMGT.exe
C:WINDOWSsystem32IFXTCS.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32IoctlSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesProtectToolsEmbedded Security SoftwarePSDrt.exe
C:PROGRA~1HPQSharedHPQTOA~1.EXE
C:WINDOWSSystem32svchost.exe
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsUser.YOUR-4105E587B6DesktopRSIT.exe
C:Program Filestrend microUser.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — (no file)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (file missing)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: DriveLetterAccess — {5CA3D70E-1895-11CF-8E15-001234567890} — C:WINDOWSSystem32DLADLASHX_W.DLL
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: HP Credential Manager for ProtectTools — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — C:Program FilesHPQIAMBinItIeAddIN.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACECLIStart.exe»
O4 — HKLM..Run: [hpWirelessAssistant] C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
O4 — HKLM..Run: [SynTPStart] C:Program FilesSynapticsSynTPSynTPStart.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [combofix] «C:ComboFixCF6174.cfxxe» /c «C:ComboFixC.bat»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [NevoDRM] «C:Игры от NevoSoftNevoDRMNevoDRM.exe»
O4 — HKCU..Run: [Skype] «C:Documents and SettingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — Startup: uTorrent.lnk = C:Program FilesuTorrentutorrent.exe
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Webalta — Добавить в Анти-Баннер — C:Program FilesWebaltaextentionsWebalta_antiban.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: (no name) — Cmdmapping — (no file) (HKCU)
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O14 — IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) — http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172425633296
O16 — DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) — http://download.eset.com/special/eos/OnlineScanner.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: GoToAssist — C:Program FilesCitrixGoToAssist599G2AWinLogon.dll
O20 — Winlogon Notify: OneCard — C:Program FilesHPQIAMBinAsWlnPkg.dll
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Symantec Lic NetConnect service (CLTNetCnService) — Unknown owner — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (file missing)
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: GoToAssist — Citrix Online, a division of Citrix Systems, Inc. — C:Program FilesCitrixGoToAssist599g2aservice.exe
O23 — Service: hpqwmiex — Hewlett-Packard Development Company, L.P. — C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 — Service: Security Platform Management Service (IFXSpMgtSrv) — Infineon Technologies AG — C:WINDOWSsystem32IFXSPMGT.exe
O23 — Service: Trusted Platform Core Service (IFXTCS) — Infineon Technologies AG — C:WINDOWSsystem32IFXTCS.exe
O23 — Service: LexBce Server (LexBceS) — Lexmark International, Inc. — C:WINDOWSsystem32LEXBCES.EXE
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: PC Angel (PCA) — SoftThinks — C:WINDOWSSMINSTPCAngel.exe
O23 — Service: PLFlash DeviceIoControl Service — Prolific Technology Inc. — C:WINDOWSsystem32IoctlSvc.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: PsViatau (PTsup5) — Trident Software — C:Program FilesTrident SoftwarePragmaptsup5.exe—
End of file — 8883 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksBugDoctorUser.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess — C:WINDOWSSystem32DLADLASHX_W.DLL [2005-08-31 110652][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools — C:Program FilesHPQIAMBinItIeAddIN.dll [2005-03-03 50688][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«ATICCC»=C:Program FilesATI TechnologiesATI.ACECLIStart.exe [2006-05-10 90112]
«hpWirelessAssistant»=C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe [2006-03-28 454656]
«SynTPStart»=C:Program FilesSynapticsSynTPSynTPStart.exe [2007-09-14 102400]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-10-24 1451264]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-05-27 413696]
«combofix»=C:ComboFixCF6174.cfxxe /c C:ComboFixC.bat []
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«NevoDRM»=C:Игры от NevoSoftNevoDRMNevoDRM.exe [2008-12-11 41984][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Skype»=C:Documents and SettingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe [2007-12-07 21686568]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe [2008-02-28 1828136]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2009-09-04 935288][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-10-03 35696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAppleSyncNotifier]
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe [2008-07-22 116040][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCognizanceTS]
C:PROGRA~1HPQIAMBinAsTsVcc.dll [2003-12-22 17920][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCpqset]
C:Program FilesHewlett-PackardDefault Settingscpqset.exe [2006-04-21 40960][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools]
C:Program FilesDAEMON Toolsdaemon.exe [2006-11-12 157592][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDLA]
C:WINDOWSSystem32DLADLACTRLW.EXE [2005-08-31 122940][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFineReader7NewsReaderPro]
C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe [2003-08-20 278528][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
C:Program FilesHpHP Software UpdateHPWuSchd2.exe [2007-05-08 54840][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2008-07-30 289064][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesNeroLibNeroCheck.exe [2008-02-28 570664][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNevoDRM]
C:Program FilesИгры от NevoSoftNevoDRMNevoDRM.exe [2008-07-29 201728][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPragma]
C:PROGRA~1TRIDEN~1Pragmapragma.exe [2008-11-03 408872][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPragma5]
C:Program FilesTrident SoftwarePragmaprestart.exe [2008-11-03 44328][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPTHOSTTR]
C:Program FilesHPQHP ProtectTools Security ManagerPTHOSTTR.EXE [2006-02-14 122880][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQlbCtrl]
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe [2006-03-23 131072][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeQTTask.exe [2008-05-27 413696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRecguard]
C:WINDOWSSminstRecguard.exe [2005-12-21 1187840][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregReminder]
C:WINDOWSCreatorRemind_XP.exe [2006-03-10 806912][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregScheduler]
C:WINDOWSSMINSTScheduler.exe [2006-02-15 892928][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAX]
C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2005-05-07 716800][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 925696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynTPEnh]
C:Program FilesSynapticsSynTPSynTPEnh.exe [2007-09-14 1015808][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-09-03 185896][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWatchDog]
C:Program FilesInterVideoDVD CheckDVDCheck.exe [2006-03-31 184320][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMPNSCFG]
C:Program FilesWindows Media PlayerWMPNSCFG.exe [2006-10-18 204288][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:PROGRA~1AdobeREADER~1.0ReaderREADER~1.EXE [2009-10-03 35696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:PROGRA~1AdobeREADER~1.0ReaderADOBEC~1.EXE [2009-02-27 542096][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
C:PROGRA~1INTERV~1DVDCHE~1DVDCheck.exe [2006-03-31 184320][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^ICON 225 USB Connect.lnk]
C:PROGRA~1OrangeICON22~1ICON22~1.EXE /noshow [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«LightScribeService»=2
«kavsvc»=2
«iPod Service»=3
«IDriverT»=3
«Bonjour Service»=2
«Apple Mobile Device»=2
«wuauserv»=2
«wscsvc»=2
«WMPNetworkSvc»=2
«WebaltaController»=2
«SharedAccess»=2
«PersonalSecureDriveService»=2
«Netlogon»=3
«lanmanserver»=2
«helpsvc»=2
«GtDetectSc»=2C:Documents and SettingsUser.YOUR-4105E587B6Start MenuProgramsStartup
uTorrent.lnk — C:Program FilesuTorrentutorrent.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-04-27 61440][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyGoToAssist]
C:Program FilesCitrixGoToAssist599G2AWinLogon.dll [2009-11-16 13672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyIfxWlxEN]
C:WINDOWSsystem32IfxWlxEN.dll [2006-03-03 434176][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyOneCard]
C:Program FilesHPQIAMBinAsWlnPkg.dll [2005-07-25 40960][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-02-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkGoToAssist]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:WINDOWSSMINSTScheduler.exe»=»C:WINDOWSSMINSTScheduler.exe:*:Enabled:Scheduler «
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesRealRealPlayerrealplay.exe»=»C:Program FilesRealRealPlayerrealplay.exe:*:Enabled:RealPlayer»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesSuper Internet TVOnlineTV.exe»=»C:Program FilesSuper Internet TVOnlineTV.exe:*:Enabled:Super Internet TV»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«C:Program FilesHpDigital Imagingbinhpqtra08.exe»=»C:Program FilesHpDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe»
«C:Program FilesHpDigital Imagingbinhpqste08.exe»=»C:Program FilesHpDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:Program FilesHpDigital Imagingbinhpofxm08.exe»=»C:Program FilesHpDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe»
«C:Program FilesHpDigital Imagingbinhposfx08.exe»=»C:Program FilesHpDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe»
«C:Program FilesHpDigital Imagingbinhposid01.exe»=»C:Program FilesHpDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:Program FilesHpDigital Imagingbinhpqscnvw.exe»=»C:Program FilesHpDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe»
«C:Program FilesHpDigital Imagingbinhpqkygrp.exe»=»C:Program FilesHpDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:Program FilesHpDigital ImagingbinhpqCopy.exe»=»C:Program FilesHpDigital ImagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe»
«C:Program FilesHpDigital Imagingbinhpfccopy.exe»=»C:Program FilesHpDigital Imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe»
«C:Program FilesHpDigital Imagingbinhpzwiz01.exe»=»C:Program FilesHpDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe»
«C:Program FilesHpDigital ImagingUnloadHpqPhUnl.exe»=»C:Program FilesHpDigital ImagingUnloadHpqPhUnl.exe:*:Enabled:hpqphunl.exe»
«C:Program FilesHpDigital ImagingUnloadHpqDIA.exe»=»C:Program FilesHpDigital ImagingUnloadHpqDIA.exe:*:Enabled:hpqdia.exe»
«C:Program FilesHpDigital Imagingbinhpoews01.exe»=»C:Program FilesHpDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe»
«C:Program FilesHpDigital Imagingbinhpqnrs08.exe»=»C:Program FilesHpDigital Imagingbinhpqnrs08.exe:*:Enabled:hpqnrs08.exe»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Documents and SettingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe»=»C:Documents and SettingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-12-22 19:59:11 —-D—- C:Program Filestrend micro
2009-12-22 19:59:09 —-D—- C:rsit
2009-12-22 16:34:49 —-SHD—- C:RECYCLER
2009-12-22 00:48:20 —-D—- C:WINDOWStemp
2009-12-22 00:48:18 —-A—- C:ComboFix.txt
2009-12-21 23:53:01 —-A—- C:Boot.bak
2009-12-21 23:52:55 —-RASHD—- C:cmdcons
2009-12-21 23:50:02 —-D—- C:WINDOWSERDNT
2009-12-15 11:02:34 —-A—- C:WINDOWSsystem32fjhdyfhsn.bat
2009-12-13 15:04:05 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DataWinamp
2009-12-10 18:57:47 —-HDC—- C:WINDOWS$NtUninstallKB970430$
2009-12-10 18:56:55 —-HDC—- C:WINDOWS$NtUninstallKB974318$
2009-12-10 18:54:59 —-HDC—- C:WINDOWS$NtUninstallKB973904$
2009-12-10 18:54:45 —-HDC—- C:WINDOWS$NtUninstallKB974392$
2009-12-10 18:54:27 —-HDC—- C:WINDOWS$NtUninstallKB971737$
2009-11-25 20:07:01 —-HDC—- C:WINDOWS$NtUninstallKB976098-v2$
2009-11-25 20:06:28 —-HDC—- C:WINDOWS$NtUninstallKB973687$======List of files/folders modified in the last 1 months======
2009-12-22 20:23:08 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DatauTorrent
2009-12-22 20:05:33 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DataSkype
2009-12-22 19:59:37 —-D—- C:WINDOWSPrefetch
2009-12-22 19:59:11 —-D—- C:Program Files
2009-12-22 16:45:09 —-D—- C:WINDOWSnetwork diagnostic
2009-12-22 16:40:19 —-D—- C:Program FilesMozilla Firefox
2009-12-22 16:35:16 —-D—- C:WINDOWS
2009-12-22 16:31:10 —-D—- C:WINDOWSsystem32ias
2009-12-22 16:31:06 —-D—- C:WINDOWSsystem32
2009-12-22 06:51:11 —-A—- C:WINDOWSSchedLgU.Txt
2009-12-22 00:51:18 —-D—- C:Config.Msi
2009-12-22 00:51:17 —-SHD—- C:WINDOWSInstaller
2009-12-22 00:45:46 —-A—- C:WINDOWSsystem.ini
2009-12-22 00:43:26 —-D—- C:WINDOWSsystem32drivers
2009-12-22 00:43:26 —-D—- C:WINDOWSAppPatch
2009-12-22 00:43:25 —-D—- C:Program FilesCommon Files
2009-12-22 00:37:42 —-D—- C:WINDOWSsystem32CatRoot2
2009-12-22 00:26:05 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-12-22 00:19:35 —-D—- C:WINDOWSsystem32config
2009-12-21 23:59:37 —-D—- C:Program FilesWebalta
2009-12-21 23:53:01 —-RASH—- C:boot.ini
2009-12-21 20:55:13 —-A—- C:WINDOWSNeroDigital.ini
2009-12-21 20:16:46 —-SD—- C:WINDOWSDownloaded Program Files
2009-12-21 20:16:41 —-D—- C:Program FilesEset
2009-12-21 19:37:58 —-A—- C:WINDOWSwin.ini
2009-12-20 21:08:28 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DataShopping Blocks
2009-12-20 21:05:44 —-HD—- C:WINDOWSinf
2009-12-20 03:54:40 —-D—- C:Program FilesArtMoney
2009-12-20 01:38:55 —-D—- C:Program FilesBug Doctor
2009-12-18 03:08:11 —-D—- C:Program FilesFlashFXP
2009-12-16 14:36:04 —-D—- C:Program FilesrmDC++
2009-12-15 11:04:20 —-RSHD—- C:WINDOWSsystem32dllcache
2009-12-14 12:50:19 —-D—- C:Program FilesSuper Internet TV
2009-12-14 12:15:55 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-12-13 15:04:46 —-D—- C:Program FilesWinamp
2009-12-12 00:09:32 —-D—- C:Documents and SettingsAll UsersApplication DataSkype
2009-12-10 18:57:00 —-A—- C:WINDOWSimsins.BAK
2009-12-10 18:55:33 —-D—- C:Program FilesInternet Explorer
2009-12-10 18:55:10 —-HD—- C:WINDOWS$hf_mig$
2009-12-08 20:44:10 —-A—- C:WINDOWSLEXSTAT.INI
2009-12-02 13:13:45 —-D—- C:Игры от NevoSoft
2009-12-02 13:11:58 —-D—- C:Program FilesИгры от NevoSoft
2009-12-01 22:06:19 —-A—- C:WINDOWSsystem32MRT.exe
2009-11-26 20:56:13 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DataU3
2009-11-26 20:12:59 —-D—- C:Program FilesiTunes
2009-11-26 20:12:19 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DataApple Computer
2009-11-25 20:42:29 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-11-25 20:33:18 —-D—- C:Program FilesCommon FilesAdobe
2009-11-25 20:05:03 —-D—- C:WINDOWSWinSxS======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-06-19 36864]
R1 DLACDBHM;DLACDBHM; C:WINDOWSSystem32DriversDLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:WINDOWSSystem32DriversDLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:WINDOWSsystem32DRIVERSeabfiltr.sys [2005-09-19 7808]
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-10-24 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-10-24 34824]
R1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-13 14592]
R1 PersonalSecureDrive;PersonalSecureDrive; C:WINDOWSSystem32driverspsd.sys [2005-11-29 36768]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-04-13 8832]
R2 DLABOIOM;DLABOIOM; C:WINDOWSSystem32DLADLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:WINDOWSSystem32DLADLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:WINDOWSSystem32DLADLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:WINDOWSSystem32DLADLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:WINDOWSSystem32DLADLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:WINDOWSSystem32DLADLAUDF_M.SYS [2005-08-31 87036]
R2 DLAUDFAM;DLAUDFAM; C:WINDOWSSystem32DLADLAUDFAM.SYS [2005-08-31 94332]
R2 DRVNDDM;DRVNDDM; C:WINDOWSSystem32DriversDRVNDDM.SYS [2005-08-12 40544]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-10-24 39944]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2006-06-19 12672]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2004-08-04 55936]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2006-05-03 178176]
R3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2005-06-07 152960]
R3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-04-27 1540096]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:WINDOWSsystem32DRIVERSATSwpDrv.sys [2006-03-30 130432]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:WINDOWSsystem32DRIVERSb57xp32.sys [2006-02-09 142720]
R3 BCM43XX;Драйвер сетевого адаптера Broadcom 802.11; C:WINDOWSsystem32DRIVERSbcmwl5.sys [2008-01-03 822272]
R3 btaudio;Bluetooth Audio Device; C:WINDOWSsystem32driversbtaudio.sys [2006-02-15 401664]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2006-02-15 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-02-15 1342570]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2006-02-15 148168]
R3 btwhid;btwhid; C:WINDOWSsystem32DRIVERSbtwhid.sys [2006-02-15 44163]
R3 btwmodem;Bluetooth Modem; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2006-02-15 30189]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-02-16 57096]
R3 CmBatt;Microsoft AC Adapter Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2008-01-29 16168]
R3 HBtnKey;HBtnKey; C:WINDOWSsystem32DRIVERScpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERSHSF_DPV.sys [2006-12-07 988800]
R3 HSFHWAZL;HSFHWAZL; C:WINDOWSsystem32DRIVERSHSFHWAZL.sys [2006-12-07 209536]
R3 IFXTPM;IFXTPM; C:WINDOWSsystem32DRIVERSIFXTPM.SYS [2005-10-21 36352]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2007-09-14 213696]
R3 tifm21;tifm21; C:WINDOWSsystem32driverstifm21.sys [2005-11-30 162560]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSF_CNXT.sys [2006-12-07 730112]
S1 klif;KLIF driver; C:WINDOWSSystem32driversklif.sys []
S1 klmc;KLMC driver; C:WINDOWSSystem32driversklmc.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2008-04-13 31744]
S3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2005-04-30 10804]
S3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys [2005-04-30 11860]
S3 catchme;catchme; ??C:DOCUME~1USER~1.YOULOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; C:WINDOWSsystem32DRIVERSeabusb.sys [2005-09-19 5760]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2006-04-13 21568]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:WINDOWSsystem32DRIVERSk750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSk750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:WINDOWSsystem32DRIVERSk750mdm.sys [2005-02-11 89872]
S3 MREMP50;MREMP50 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 Rasirda;WAN Miniport (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2004-08-04 5888]
S3 sffdisk;SFF Storage Class Driver; C:WINDOWSsystem32DRIVERSsffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:WINDOWSsystem32DRIVERSsffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:WINDOWSsystem32DRIVERSsmcirda.sys [2001-08-17 35913]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2005-03-25 82148]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2007-02-24 639224]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-04 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASChannel;Local Communication Channel; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2006-02-15 258103]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-10-24 468224]
R2 hpqwmiex;hpqwmiex; C:Program FilesHewlett-PackardSharedhpqwmiex.exe [2006-03-16 135168]
R2 IFXSpMgtSrv;Security Platform Management Service; C:WINDOWSsystem32IFXSPMGT.exe [2006-03-03 507904]
R2 IFXTCS;Trusted Platform Core Service; C:WINDOWSsystem32IFXTCS.exe [2006-03-03 741376]
R2 LexBceS;LexBce Server; C:WINDOWSsystem32LEXBCES.EXE [2003-02-25 303104]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2008-02-18 877864]
R2 NwSapAgent;SAP Agent; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:WINDOWSsystem32IoctlSvc.exe [2006-12-19 81920]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2008-02-28 529704]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe /h ccCommon []
S2 PCA;PC Angel; C:WINDOWSSMINSTPCAngel.exe [2006-01-12 294912]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-03 69632]
S2 PTsup5;PsViatau; C:Program FilesTrident SoftwarePragmaptsup5.exe [2008-11-03 81192]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-10-24 19200]
S3 GoToAssist;GoToAssist; C:Program FilesCitrixGoToAssist599g2aservice.exe [2009-11-23 13160]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S4 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2008-07-22 116040]
S4 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-04-27 405504]
S4 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2007-07-24 229376]
S4 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S4 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2008-07-30 532264]
S4 kavsvc;Kaspersky Anti-Virus Service; C:Program FilesKaspersky LabKaspersky Anti-Virus 5.0 for Windows Workstationskavsvc.exe []
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2006-03-24 73728]
S4 PersonalSecureDriveService;Personal Secure Drive Service; C:Program FilesProtectToolsEmbedded Security SoftwarePSDsrvc.EXE [2005-11-29 99872]
S4 WebaltaController;Webalta Controller; C:Program FilesWebaltaWebaltaUpdaterService.exe [2008-11-20 97794]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
EOF
результат сканирования RSIT:
Logfile of random’s system information tool 1.06 (written by random/random)
Run by User at 2009-12-22 20:18:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (5%) free of 70 GB
Total RAM: 1407 MB (45% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:22, on 22.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:Program FilesHPQIAMbinasghost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Documents and SettingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesuTorrentutorrent.exe
C:Игры от NevoSoftNevoDRMrun.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:WINDOWSsystem32IFXSPMGT.exe
C:WINDOWSsystem32IFXTCS.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32IoctlSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesProtectToolsEmbedded Security SoftwarePSDrt.exe
C:PROGRA~1HPQSharedHPQTOA~1.EXE
C:WINDOWSSystem32svchost.exe
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsUser.YOUR-4105E587B6DesktopRSIT.exe
C:Program Filestrend microUser.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — (no file)
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (file missing)
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: DriveLetterAccess — {5CA3D70E-1895-11CF-8E15-001234567890} — C:WINDOWSSystem32DLADLASHX_W.DLL
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_03binssv.dll
O2 — BHO: HP Credential Manager for ProtectTools — {DF21F1DB-80C6-11D3-9483-B03D0EC10000} — C:Program FilesHPQIAMBinItIeAddIN.dll
O3 — Toolbar: Яндекс.Бар — {91397D20-1446-11D4-8AF4-0040CA1127B6} — C:Program FilesYandexYandexBarIEyndbar.dll
O4 — HKLM..Run: [ATICCC] «C:Program FilesATI TechnologiesATI.ACECLIStart.exe»
O4 — HKLM..Run: [hpWirelessAssistant] C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
O4 — HKLM..Run: [SynTPStart] C:Program FilesSynapticsSynTPSynTPStart.exe
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [combofix] «C:ComboFixCF6174.cfxxe» /c «C:ComboFixC.bat»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [NevoDRM] «C:Игры от NevoSoftNevoDRMNevoDRM.exe»
O4 — HKCU..Run: [Skype] «C:Documents and SettingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe» ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — Startup: uTorrent.lnk = C:Program FilesuTorrentutorrent.exe
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 — Extra context menu item: Webalta — Добавить в Анти-Баннер — C:Program FilesWebaltaextentionsWebalta_antiban.htm
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_03binssv.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: (no name) — Cmdmapping — (no file) (HKCU)
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O14 — IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) — http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172425633296
O16 — DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) — http://download.eset.com/special/eos/OnlineScanner.cab
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: GoToAssist — C:Program FilesCitrixGoToAssist599G2AWinLogon.dll
O20 — Winlogon Notify: OneCard — C:Program FilesHPQIAMBinAsWlnPkg.dll
O23 — Service: Bluetooth Service (btwdins) — Broadcom Corporation. — C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 — Service: Symantec Lic NetConnect service (CLTNetCnService) — Unknown owner — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (file missing)
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: GoToAssist — Citrix Online, a division of Citrix Systems, Inc. — C:Program FilesCitrixGoToAssist599g2aservice.exe
O23 — Service: hpqwmiex — Hewlett-Packard Development Company, L.P. — C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 — Service: Security Platform Management Service (IFXSpMgtSrv) — Infineon Technologies AG — C:WINDOWSsystem32IFXSPMGT.exe
O23 — Service: Trusted Platform Core Service (IFXTCS) — Infineon Technologies AG — C:WINDOWSsystem32IFXTCS.exe
O23 — Service: LexBce Server (LexBceS) — Lexmark International, Inc. — C:WINDOWSsystem32LEXBCES.EXE
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 — Service: NMIndexingService — Nero AG — C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 — Service: PC Angel (PCA) — SoftThinks — C:WINDOWSSMINSTPCAngel.exe
O23 — Service: PLFlash DeviceIoControl Service — Prolific Technology Inc. — C:WINDOWSsystem32IoctlSvc.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: PsViatau (PTsup5) — Trident Software — C:Program FilesTrident SoftwarePragmaptsup5.exe—
End of file — 8883 bytes======Scheduled tasks folder======
C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksBugDoctorUser.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess — C:WINDOWSSystem32DLADLASHX_W.DLL [2005-08-31 110652][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools — C:Program FilesHPQIAMBinItIeAddIN.dll [2005-03-03 50688][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«ATICCC»=C:Program FilesATI TechnologiesATI.ACECLIStart.exe [2006-05-10 90112]
«hpWirelessAssistant»=C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe [2006-03-28 454656]
«SynTPStart»=C:Program FilesSynapticsSynTPSynTPStart.exe [2007-09-14 102400]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-10-24 1451264]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-05-27 413696]
«combofix»=C:ComboFixCF6174.cfxxe /c C:ComboFixC.bat []
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«NevoDRM»=C:Игры от NevoSoftNevoDRMNevoDRM.exe [2008-12-11 41984][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«Skype»=C:Documents and SettingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe [2007-12-07 21686568]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe [2008-02-28 1828136]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2009-09-04 935288][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-10-03 35696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAppleSyncNotifier]
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe [2008-07-22 116040][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCognizanceTS]
C:PROGRA~1HPQIAMBinAsTsVcc.dll [2003-12-22 17920][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCpqset]
C:Program FilesHewlett-PackardDefault Settingscpqset.exe [2006-04-21 40960][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools]
C:Program FilesDAEMON Toolsdaemon.exe [2006-11-12 157592][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDLA]
C:WINDOWSSystem32DLADLACTRLW.EXE [2005-08-31 122940][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFineReader7NewsReaderPro]
C:Program FilesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe [2003-08-20 278528][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
C:Program FilesHpHP Software UpdateHPWuSchd2.exe [2007-05-08 54840][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2008-07-30 289064][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesNeroLibNeroCheck.exe [2008-02-28 570664][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNevoDRM]
C:Program FilesИгры от NevoSoftNevoDRMNevoDRM.exe [2008-07-29 201728][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPragma]
C:PROGRA~1TRIDEN~1Pragmapragma.exe [2008-11-03 408872][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPragma5]
C:Program FilesTrident SoftwarePragmaprestart.exe [2008-11-03 44328][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPTHOSTTR]
C:Program FilesHPQHP ProtectTools Security ManagerPTHOSTTR.EXE [2006-02-14 122880][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQlbCtrl]
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe [2006-03-23 131072][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeQTTask.exe [2008-05-27 413696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRecguard]
C:WINDOWSSminstRecguard.exe [2005-12-21 1187840][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregReminder]
C:WINDOWSCreatorRemind_XP.exe [2006-03-10 806912][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregScheduler]
C:WINDOWSSMINSTScheduler.exe [2006-02-15 892928][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAX]
C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2005-05-07 716800][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 925696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynTPEnh]
C:Program FilesSynapticsSynTPSynTPEnh.exe [2007-09-14 1015808][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-09-03 185896][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWatchDog]
C:Program FilesInterVideoDVD CheckDVDCheck.exe [2006-03-31 184320][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMPNSCFG]
C:Program FilesWindows Media PlayerWMPNSCFG.exe [2006-10-18 204288][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:PROGRA~1AdobeREADER~1.0ReaderREADER~1.EXE [2009-10-03 35696][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:PROGRA~1AdobeREADER~1.0ReaderADOBEC~1.EXE [2009-02-27 542096][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
C:PROGRA~1INTERV~1DVDCHE~1DVDCheck.exe [2006-03-31 184320][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^ICON 225 USB Connect.lnk]
C:PROGRA~1OrangeICON22~1ICON22~1.EXE /noshow [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«LightScribeService»=2
«kavsvc»=2
«iPod Service»=3
«IDriverT»=3
«Bonjour Service»=2
«Apple Mobile Device»=2
«wuauserv»=2
«wscsvc»=2
«WMPNetworkSvc»=2
«WebaltaController»=2
«SharedAccess»=2
«PersonalSecureDriveService»=2
«Netlogon»=3
«lanmanserver»=2
«helpsvc»=2
«GtDetectSc»=2C:Documents and SettingsUser.YOUR-4105E587B6Start MenuProgramsStartup
uTorrent.lnk — C:Program FilesuTorrentutorrent.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-04-27 61440][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyGoToAssist]
C:Program FilesCitrixGoToAssist599G2AWinLogon.dll [2009-11-16 13672][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyIfxWlxEN]
C:WINDOWSsystem32IfxWlxEN.dll [2006-03-03 434176][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyOneCard]
C:Program FilesHPQIAMBinAsWlnPkg.dll [2005-07-25 40960][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-02-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkGoToAssist]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:WINDOWSSMINSTScheduler.exe»=»C:WINDOWSSMINSTScheduler.exe:*:Enabled:Scheduler «
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesRealRealPlayerrealplay.exe»=»C:Program FilesRealRealPlayerrealplay.exe:*:Enabled:RealPlayer»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesSuper Internet TVOnlineTV.exe»=»C:Program FilesSuper Internet TVOnlineTV.exe:*:Enabled:Super Internet TV»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«C:Program FilesHpDigital Imagingbinhpqtra08.exe»=»C:Program FilesHpDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe»
«C:Program FilesHpDigital Imagingbinhpqste08.exe»=»C:Program FilesHpDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:Program FilesHpDigital Imagingbinhpofxm08.exe»=»C:Program FilesHpDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe»
«C:Program FilesHpDigital Imagingbinhposfx08.exe»=»C:Program FilesHpDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe»
«C:Program FilesHpDigital Imagingbinhposid01.exe»=»C:Program FilesHpDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:Program FilesHpDigital Imagingbinhpqscnvw.exe»=»C:Program FilesHpDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe»
«C:Program FilesHpDigital Imagingbinhpqkygrp.exe»=»C:Program FilesHpDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:Program FilesHpDigital ImagingbinhpqCopy.exe»=»C:Program FilesHpDigital ImagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe»
«C:Program FilesHpDigital Imagingbinhpfccopy.exe»=»C:Program FilesHpDigital Imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe»
«C:Program FilesHpDigital Imagingbinhpzwiz01.exe»=»C:Program FilesHpDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe»
«C:Program FilesHpDigital ImagingUnloadHpqPhUnl.exe»=»C:Program FilesHpDigital ImagingUnloadHpqPhUnl.exe:*:Enabled:hpqphunl.exe»
«C:Program FilesHpDigital ImagingUnloadHpqDIA.exe»=»C:Program FilesHpDigital ImagingUnloadHpqDIA.exe:*:Enabled:hpqdia.exe»
«C:Program FilesHpDigital Imagingbinhpoews01.exe»=»C:Program FilesHpDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe»
«C:Program FilesHpDigital Imagingbinhpqnrs08.exe»=»C:Program FilesHpDigital Imagingbinhpqnrs08.exe:*:Enabled:hpqnrs08.exe»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»
«C:Documents and SettingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe»=»C:Documents and SettingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»======List of files/folders created in the last 1 months======
2009-12-22 19:59:11 —-D—- C:Program Filestrend micro
2009-12-22 19:59:09 —-D—- C:rsit
2009-12-22 16:34:49 —-SHD—- C:RECYCLER
2009-12-22 00:48:20 —-D—- C:WINDOWStemp
2009-12-22 00:48:18 —-A—- C:ComboFix.txt
2009-12-21 23:53:01 —-A—- C:Boot.bak
2009-12-21 23:52:55 —-RASHD—- C:cmdcons
2009-12-21 23:50:02 —-D—- C:WINDOWSERDNT
2009-12-15 11:02:34 —-A—- C:WINDOWSsystem32fjhdyfhsn.bat
2009-12-13 15:04:05 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DataWinamp
2009-12-10 18:57:47 —-HDC—- C:WINDOWS$NtUninstallKB970430$
2009-12-10 18:56:55 —-HDC—- C:WINDOWS$NtUninstallKB974318$
2009-12-10 18:54:59 —-HDC—- C:WINDOWS$NtUninstallKB973904$
2009-12-10 18:54:45 —-HDC—- C:WINDOWS$NtUninstallKB974392$
2009-12-10 18:54:27 —-HDC—- C:WINDOWS$NtUninstallKB971737$
2009-11-25 20:07:01 —-HDC—- C:WINDOWS$NtUninstallKB976098-v2$
2009-11-25 20:06:28 —-HDC—- C:WINDOWS$NtUninstallKB973687$======List of files/folders modified in the last 1 months======
2009-12-22 20:18:13 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DatauTorrent
2009-12-22 20:05:33 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DataSkype
2009-12-22 19:59:37 —-D—- C:WINDOWSPrefetch
2009-12-22 19:59:11 —-D—- C:Program Files
2009-12-22 16:45:09 —-D—- C:WINDOWSnetwork diagnostic
2009-12-22 16:40:19 —-D—- C:Program FilesMozilla Firefox
2009-12-22 16:35:16 —-D—- C:WINDOWS
2009-12-22 16:31:10 —-D—- C:WINDOWSsystem32ias
2009-12-22 16:31:06 —-D—- C:WINDOWSsystem32
2009-12-22 06:51:11 —-A—- C:WINDOWSSchedLgU.Txt
2009-12-22 00:51:18 —-D—- C:Config.Msi
2009-12-22 00:51:17 —-SHD—- C:WINDOWSInstaller
2009-12-22 00:45:46 —-A—- C:WINDOWSsystem.ini
2009-12-22 00:43:26 —-D—- C:WINDOWSsystem32drivers
2009-12-22 00:43:26 —-D—- C:WINDOWSAppPatch
2009-12-22 00:43:25 —-D—- C:Program FilesCommon Files
2009-12-22 00:37:42 —-D—- C:WINDOWSsystem32CatRoot2
2009-12-22 00:26:05 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-12-22 00:19:35 —-D—- C:WINDOWSsystem32config
2009-12-21 23:59:37 —-D—- C:Program FilesWebalta
2009-12-21 23:53:01 —-RASH—- C:boot.ini
2009-12-21 20:55:13 —-A—- C:WINDOWSNeroDigital.ini
2009-12-21 20:16:46 —-SD—- C:WINDOWSDownloaded Program Files
2009-12-21 20:16:41 —-D—- C:Program FilesEset
2009-12-21 19:37:58 —-A—- C:WINDOWSwin.ini
2009-12-20 21:08:28 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DataShopping Blocks
2009-12-20 21:05:44 —-HD—- C:WINDOWSinf
2009-12-20 03:54:40 —-D—- C:Program FilesArtMoney
2009-12-20 01:38:55 —-D—- C:Program FilesBug Doctor
2009-12-18 03:08:11 —-D—- C:Program FilesFlashFXP
2009-12-16 14:36:04 —-D—- C:Program FilesrmDC++
2009-12-15 11:04:20 —-RSHD—- C:WINDOWSsystem32dllcache
2009-12-14 12:50:19 —-D—- C:Program FilesSuper Internet TV
2009-12-14 12:15:55 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-12-13 15:04:46 —-D—- C:Program FilesWinamp
2009-12-12 00:09:32 —-D—- C:Documents and SettingsAll UsersApplication DataSkype
2009-12-10 18:57:00 —-A—- C:WINDOWSimsins.BAK
2009-12-10 18:55:33 —-D—- C:Program FilesInternet Explorer
2009-12-10 18:55:10 —-HD—- C:WINDOWS$hf_mig$
2009-12-08 20:44:10 —-A—- C:WINDOWSLEXSTAT.INI
2009-12-02 13:13:45 —-D—- C:Игры от NevoSoft
2009-12-02 13:11:58 —-D—- C:Program FilesИгры от NevoSoft
2009-12-01 22:06:19 —-A—- C:WINDOWSsystem32MRT.exe
2009-11-26 20:56:13 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DataU3
2009-11-26 20:12:59 —-D—- C:Program FilesiTunes
2009-11-26 20:12:19 —-D—- C:Documents and SettingsUser.YOUR-4105E587B6Application DataApple Computer
2009-11-25 20:42:29 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-11-25 20:33:18 —-D—- C:Program FilesCommon FilesAdobe
2009-11-25 20:05:03 —-D—- C:WINDOWSWinSxS======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-06-19 36864]
R1 DLACDBHM;DLACDBHM; C:WINDOWSSystem32DriversDLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:WINDOWSSystem32DriversDLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:WINDOWSsystem32DRIVERSeabfiltr.sys [2005-09-19 7808]
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-10-24 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-10-24 34824]
R1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-13 14592]
R1 PersonalSecureDrive;PersonalSecureDrive; C:WINDOWSSystem32driverspsd.sys [2005-11-29 36768]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-04-13 8832]
R2 DLABOIOM;DLABOIOM; C:WINDOWSSystem32DLADLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:WINDOWSSystem32DLADLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:WINDOWSSystem32DLADLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:WINDOWSSystem32DLADLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:WINDOWSSystem32DLADLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:WINDOWSSystem32DLADLAUDF_M.SYS [2005-08-31 87036]
R2 DLAUDFAM;DLAUDFAM; C:WINDOWSSystem32DLADLAUDFAM.SYS [2005-08-31 94332]
R2 DRVNDDM;DRVNDDM; C:WINDOWSSystem32DriversDRVNDDM.SYS [2005-08-12 40544]
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-10-24 39944]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2006-06-19 12672]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2004-08-04 55936]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2006-05-03 178176]
R3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2005-06-07 152960]
R3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-04-27 1540096]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:WINDOWSsystem32DRIVERSATSwpDrv.sys [2006-03-30 130432]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:WINDOWSsystem32DRIVERSb57xp32.sys [2006-02-09 142720]
R3 BCM43XX;Драйвер сетевого адаптера Broadcom 802.11; C:WINDOWSsystem32DRIVERSbcmwl5.sys [2008-01-03 822272]
R3 btaudio;Bluetooth Audio Device; C:WINDOWSsystem32driversbtaudio.sys [2006-02-15 401664]
R3 BTDriver;Драйвер виртуальной связи Bluetooth; C:WINDOWSsystem32DRIVERSbtport.sys [2006-02-15 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-02-15 1342570]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:WINDOWSsystem32DRIVERSbtwdndis.sys [2006-02-15 148168]
R3 btwhid;btwhid; C:WINDOWSsystem32DRIVERSbtwhid.sys [2006-02-15 44163]
R3 btwmodem;Bluetooth Modem; C:WINDOWSsystem32DRIVERSbtwmodem.sys [2006-02-15 30189]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-02-16 57096]
R3 CmBatt;Microsoft AC Adapter Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2008-01-29 16168]
R3 HBtnKey;HBtnKey; C:WINDOWSsystem32DRIVERScpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERSHSF_DPV.sys [2006-12-07 988800]
R3 HSFHWAZL;HSFHWAZL; C:WINDOWSsystem32DRIVERSHSFHWAZL.sys [2006-12-07 209536]
R3 IFXTPM;IFXTPM; C:WINDOWSsystem32DRIVERSIFXTPM.SYS [2005-10-21 36352]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2007-09-14 213696]
R3 tifm21;tifm21; C:WINDOWSsystem32driverstifm21.sys [2005-11-30 162560]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSF_CNXT.sys [2006-12-07 730112]
S1 klif;KLIF driver; C:WINDOWSSystem32driversklif.sys []
S1 klmc;KLMC driver; C:WINDOWSSystem32driversklmc.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:WINDOWSsystem32DRIVERSwceusbsh.sys [2008-04-13 31744]
S3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2005-04-30 10804]
S3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys [2005-04-30 11860]
S3 catchme;catchme; ??C:DOCUME~1USER~1.YOULOCALS~1Tempcatchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; C:WINDOWSsystem32DRIVERSeabusb.sys [2005-09-19 5760]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2006-04-13 21568]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:WINDOWSsystem32DRIVERSk750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSk750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:WINDOWSsystem32DRIVERSk750mdm.sys [2005-02-11 89872]
S3 MREMP50;MREMP50 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 Rasirda;WAN Miniport (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2004-08-04 5888]
S3 sffdisk;SFF Storage Class Driver; C:WINDOWSsystem32DRIVERSsffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:WINDOWSsystem32DRIVERSsffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:WINDOWSsystem32DRIVERSsmcirda.sys [2001-08-17 35913]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2005-03-25 82148]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2007-02-24 639224]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-04 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASChannel;Local Communication Channel; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe [2006-02-15 258103]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-10-24 468224]
R2 hpqwmiex;hpqwmiex; C:Program FilesHewlett-PackardSharedhpqwmiex.exe [2006-03-16 135168]
R2 IFXSpMgtSrv;Security Platform Management Service; C:WINDOWSsystem32IFXSPMGT.exe [2006-03-03 507904]
R2 IFXTCS;Trusted Platform Core Service; C:WINDOWSsystem32IFXTCS.exe [2006-03-03 741376]
R2 LexBceS;LexBce Server; C:WINDOWSsystem32LEXBCES.EXE [2003-02-25 303104]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:Program FilesNeroNero8Nero BackItUpNBService.exe [2008-02-18 877864]
R2 NwSapAgent;SAP Agent; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:WINDOWSsystem32IoctlSvc.exe [2006-12-19 81920]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe [2008-02-28 529704]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe /h ccCommon []
S2 PCA;PC Angel; C:WINDOWSSMINSTPCAngel.exe [2006-01-12 294912]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-03 69632]
S2 PTsup5;PsViatau; C:Program FilesTrident SoftwarePragmaptsup5.exe [2008-11-03 81192]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-10-24 19200]
S3 GoToAssist;GoToAssist; C:Program FilesCitrixGoToAssist599g2aservice.exe [2009-11-23 13160]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S4 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2008-07-22 116040]
S4 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-04-27 405504]
S4 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2007-07-24 229376]
S4 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S4 iPod Service;Сервис iPod; C:Program FilesiPodbiniPodService.exe [2008-07-30 532264]
S4 kavsvc;Kaspersky Anti-Virus Service; C:Program FilesKaspersky LabKaspersky Anti-Virus 5.0 for Windows Workstationskavsvc.exe []
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2006-03-24 73728]
S4 PersonalSecureDriveService;Personal Secure Drive Service; C:Program FilesProtectToolsEmbedded Security SoftwarePSDsrvc.EXE [2005-11-29 99872]
S4 WebaltaController;Webalta Controller; C:Program FilesWebaltaWebaltaUpdaterService.exe [2008-11-20 97794]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
EOF
info.txt logfile of random’s system information tool 1.06 2009-12-22 19:59:45
======Uninstall list======
—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
—>C:Program FilesNeroNero8\nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>MsiExec.exe /I{26DE0F0B-9CF1-4796-A1B5-01B912E35B46}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABBYY FineReader 7.0 Professional Edition—>MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee—>C:PROGRA~1ACDSYS~1ACDSeeUNWISE.EXE C:PROGRA~1ACDSYS~1ACDSeeINSTALL.LOG
Acrobat.com—>msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com—>MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR—>c:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 9.2—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Apple Mobile Device Support—>MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Installer 4.00.B6—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}setup.exe» -l0x9
ArtMoney Pro v7.18—>C:Program FilesArtMoneyuninstall.bat
ArtMoney PRO v7.25—>»C:Program FilesArtMoneyUninstallunins001.exe»
ArtMoney SE v7.27—>»C:Program FilesArtMoneyUninstallunins000.exe»
ATI Catalyst Control Center—>MsiExec.exe /I{F6187F55-C11A-49CC-A901-1F4755B0C063}
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour—>MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 802.11 Wireless LAN Adapter—>»C:Program FilesBroadcomBroadcom 802.11Driverbcmwlu00.exe» verbose /rootkey=»SoftwareBroadcom802.11UninstallInfo» /rootdir=»C:Program FilesBroadcomBroadcom 802.11Driver»
BT Broadband Support Tools—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}Setup.exe»
Bug Doctor 3.0.2.9—>»C:Program FilesBug Doctorunins000.exe»
Compatibility Pack for the 2007 Office system—>MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)—>»C:WINDOWS$NtUninstallKB959772_WM11$spuninstspuninst.exe»
DivX Codec—>C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Converter—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player—>C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player—>C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
DVD-to-AVI 3.00 Build 806—>»C:Program FilesDVD-to-AVIunins000.exe»
ESET NOD32 Antivirus—>MsiExec.exe /I{FBDB29C1-D297-4996-938E-F1590EF6C000}
ESET Online Scanner v3—>C:Program FilesESETESET Online ScannerOnlineScannerUninstaller.exe
GoToAssist Corporate—>C:Program FilesCitrixGoToAssist599G2AUninstaller.exe /uninstall
GoToAssist Corporate—>MsiExec.exe /I{DAB5C521-80B2-48C3-B0DA-326A1B331F55}
HDAUDIO Soft Data Fax Modem with SmartCP—>C:Program FilesCONEXANTCNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033mUIU32m.exe -U -IHPQ0033M.INF
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)—>»C:WINDOWSie7updatesKB947864-IE7spuninstspuninst.exe»
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows Media Player 11 (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Hotfix for Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Hotfix for Windows XP (KB970653-v3)—>»C:WINDOWS$NtUninstallKB970653-v3$spuninstspuninst.exe»
Hotfix for Windows XP (KB976098-v2)—>»C:WINDOWS$NtUninstallKB976098-v2$spuninstspuninst.exe»
HP Backup and Recovery Manager Installer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}setup.exe» -l0x9 -uninst -removeonly
HP BatteryCheck 1.00 A7—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{69DAC00A-7665-4E9B-B441-093D40736429}setup.exe» -l0x9 -removeonly uninst
HP BIOS Configuration for ProtectTools 2.00 G1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{AE052EF7-2640-48D7-8915-69B810D975CB}Setup.exe» -l0x9 biosuninst
HP Credential Manager for ProtectTools—>MsiExec.exe /X{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}
HP Customer Participation Program 7.0—>C:Program FilesHPDigital ImagingExtCapUninstallhpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0—>C:Program FilesHPDigital ImagingDocumentViewerhpzscr01.exe -datfile hpqbud04.dat
HP Embedded Security for ProtectTools—>MsiExec.exe /I{4BA3DDD4-BC91-48B2-8896-7A02C34829D7}
HP Help and Support—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}setup.exe» -l0x9 -removeonly
HP Imaging Device Functions 7.0—>C:Program FilesHPDigital ImagingDeviceManagementhpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology—>MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Notebook Accessories Product Tour—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}setup.exe» -l0x9 -removeonly
HP Photosmart Premier Software 6.5—>C:Program FilesHPDigital Imaginguninstallhpzscr01.exe -datfile hpqscr01.dat
HP ProtectTools Security Manager 2.00 C3—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}Setup.exe» -l0x9 -removeonly hpquninst
HP Quick Launch Buttons 6.00 G2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{34D2AB40-150D-475D-AE32-BD23FB5EE355}setup.exe» -l0x9 -removeonly uninst
HP Solution Center 7.0—>C:Program FilesHPDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat
HP Update—>MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
HP User Guides 0022—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{E05C9D01-CCED-4328-9EE0-0B6893087C6F}setup.exe» -l0x9 -removeonly
HP Wireless Assistant 2.00 F1—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}setup.exe» -l0x9 hpquninst
InterActual Player—>C:Program FilesInterActualInterActual Playerinuninst.exe
InterVideo DVD Check—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5D97A4A7-C274-4B63-86D9-07A33435F505}setup.exe» REMOVEALL
InterVideo WinDVD—>»C:Program FilesInstallShield Installation Information{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}setup.exe» REMOVEALL
iPIX MovieViewer—>C:WINDOWSipUninst.exe C:WINDOWSUnwise.exe /a C:PROGRA~1IPIXIPIXMO~1V360Vwr.log,iPIX movieViewer
iTunes—>MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lexmark Z600 Series—>C:WINDOWSsystem32spooldriversw32x863LXBCUN5C.EXE -dLexmark Z600 Series
Microsoft .NET Framework 1.1 Security Update (KB953297)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM953297M953297Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office 2003 Proofing Tools—>MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Basic Edition 2003—>MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003—>MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0—>»C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe»
Mozilla Firefox (3.5.5)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MP3 Player Utilities 3.68—>MsiExec.exe /I{5DFDB75C-DA8C-45DB-987C-67000BB6C3B9}
MSXML 4.0 SP2 (KB927978)—>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)—>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8—>MsiExec.exe /X{F296739D-AF5C-4426-972A-0DC916D11049}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NevoSoft 7 Artifacts (remove only)—>»C:Program FilesИгры от NevoSoft7 Artifactsuninstall.exe»
NevoSoft Bird Pirates (remove only)—>»C:Program FilesИгры от NevoSoftBird Piratesuninstall.exe»
NevoSoft BuildALot 2 (remove only)—>»C:Игры от NevoSoftBuildALot 2uninstall.exe»
NevoSoft Call of Atlantis (remove only)—>»C:Program FilesИгры от NevoSoftCall of Atlantisuninstall.exe»
NevoSoft Carnival Mania (remove only)—>»C:Игры от NevoSoftCarnival Maniauninstall.exe»
NevoSoft Cassandra Journey (remove only)—>»C:Игры от NevoSoftCassandra Journeyuninstall.exe»
NevoSoft Chameleon Gems (remove only)—>»C:Program FilesИгры от NevoSoftChameleon Gemsuninstall.exe»
NevoSoft ClashNSlash (remove only)—>»C:Program FilesИгры от NevoSoftClashNSlashuninstall.exe»
NevoSoft Cradle Of Persia (remove only)—>»C:Program FilesИгры от NevoSoftCradle Of Persiauninstall.exe»
NevoSoft Curse Of Montezuma (remove only)—>»C:Program FilesИгры от NevoSoftCurse Of Montezumauninstall.exe»
NevoSoft Diamond Drop (remove only)—>»C:Program FilesИгры от NevoSoftDiamond Dropuninstall.exe»
NevoSoft Dolina mechty (remove only)—>»C:Игры от NevoSoftDolina mechtyuninstall.exe»
NevoSoft Dragon (remove only)—>»C:Program FilesИгры от NevoSoftDragonuninstall.exe»
NevoSoft Dreams (remove only)—>»C:Игры от NevoSoftDreamsuninstall.exe»
NevoSoft Eldorado (remove only)—>»C:Program FilesИгры от NevoSoftEldoradouninstall.exe»
NevoSoft Eldorado Quest (remove only)—>»C:Program FilesИгры от NevoSoftEldorado Questuninstall.exe»
NevoSoft Farm Frenzy 2 (remove only)—>»C:Игры от NevoSoftFarm Frenzy 2uninstall.exe»
NevoSoft Farm Frenzy Pizza Party (remove only)—>»C:Игры от NevoSoftFarm Frenzy Pizza Partyuninstall.exe»
NevoSoft FarmCraft 2 (remove only)—>»C:Игры от NevoSoftFarmCraft 2uninstall.exe»
NevoSoft Gem Ball (remove only)—>»C:Program FilesИгры от NevoSoftGem Balluninstall.exe»
NevoSoft Gemsquest (remove only)—>»C:Игры от NevoSoftGemsquestuninstall.exe»
NevoSoft Graveyard Shift (remove only)—>»C:Игры от NevoSoftGraveyard Shiftuninstall.exe»
NevoSoft Green Valley (remove only)—>»C:Игры от NevoSoftGreen Valleyuninstall.exe»
NevoSoft Heroes of Hellas (remove only)—>»C:Program FilesИгры от NevoSoftHeroes of Hellasuninstall.exe»
NevoSoft Hidden Art (remove only)—>»C:Игры от NevoSoftHidden Artuninstall.exe»
NevoSoft Hidden Wonders (remove only)—>»C:Program FilesИгры от NevoSoftHidden Wondersuninstall.exe»
NevoSoft Jewel of Atlantis (remove only)—>»C:Program FilesИгры от NevoSoftJewel of Atlantisuninstall.exe»
NevoSoft Jewelleria (remove only)—>»C:Program FilesИгры от NevoSoftJewelleriauninstall.exe»
NevoSoft Krater (remove only)—>»C:Игры от NevoSoftKrateruninstall.exe»
NevoSoft Leeloos Talent Agency (remove only)—>»C:Игры от NevoSoftLeeloos Talent Agencyuninstall.exe»
NevoSoft Magic Rings (remove only)—>»C:Program FilesMagic Ringsuninstall.exe»
NevoSoft Magicians Handbook (remove only)—>»C:Program FilesИгры от NevoSoftMagicians Handbookuninstall.exe»
NevoSoft MahJong (remove only)—>»C:Program FilesИгры от NevoSoftMahJonguninstall.exe»
NevoSoft Mahjong Match (remove only)—>»C:Program FilesИгры от NevoSoftMahjong Matchuninstall.exe»
NevoSoft Mahjongg Ancient Mayas (remove only)—>»C:Игры от NevoSoftMahjongg Ancient Mayasuninstall.exe»
NevoSoft Mahjongg Artifacts 2 (remove only)—>»C:Program FilesИгры от NevosoftMahjongg Artifacts 2uninstall.exe»
NevoSoft Master Of Defense (remove only)—>»C:Program FilesИгры от NevoSoftMaster Of Defenseuninstall.exe»
NevoSoft Paradise Beach (remove only)—>»C:Игры от NevoSoftParadise Beachuninstall.exe»
NevoSoft Pet Show Craze (remove only)—>»C:Игры от NevoSoftPet Show Crazeuninstall.exe»
NevoSoft Photomania (remove only)—>»C:Игры от NevoSoftPhotomaniauninstall.exe»
NevoSoft Ranch Rush (remove only)—>»C:Игры от NevoSoftRanch Rushuninstall.exe»
NevoSoft Romopolis (remove only)—>»C:Игры от NevoSoftRomopolisuninstall.exe»
NevoSoft Sea Bounty (remove only)—>»C:Program FilesИгры от NevoSoftSea Bountyuninstall.exe»
NevoSoft Secrets of the six seas (remove only)—>»C:Program FilesИгры от NevoSoftSecrets of the six seasuninstall.exe»
NevoSoft Shopping Blocks (remove only)—>»C:Игры от NevoSoftShopping Blocksuninstall.exe»
NevoSoft Sky Aces (remove only)—>»C:Program FilesИгры от NevoSoftSky Acesuninstall.exe»
NevoSoft Snowy Lunch Rush (remove only)—>»C:Program FilesИгры от NevoSoftSnowy Lunch Rushuninstall.exe»
NevoSoft Space Journey (remove only)—>»C:Program FilesИгры от NevoSoftSpace Journeyuninstall.exe»
NevoSoft Space Strike (remove only)—>»C:Program FilesИгры от NevoSoftSpace Strikeuninstall.exe»
NevoSoft Sunshine Acres (remove only)—>»C:Игры от NevoSoftSunshine Acresuninstall.exe»
NevoSoft Supermarket Mania (remove only)—>»C:Игры от NevoSoftSupermarket Maniauninstall.exe»
NevoSoft Tibet Quest (remove only)—>»C:Игры от NevoSoftTibet Questuninstall.exe»
NevoSoft Towers (remove only)—>»C:Program FilesИгры от NevoSoftTowersuninstall.exe»
NevoSoft Tradewinds Caravans (remove only)—>»C:Игры от NevoSoftTradewinds Caravansuninstall.exe»
NevoSoft Tropic Ball Ice Age (remove only)—>»C:Program FilesИгры от NevoSoftTropic Ball Ice Ageuninstall.exe»
NevoSoft Wendys Wellness (remove only)—>»C:Игры от NevoSoftWendys Wellnessuninstall.exe»
NevoSoft Wonderburg (remove only)—>»C:Игры от NevoSoftWonderburguninstall.exe»
NevoSoft World Voyage (remove only)—>»C:Игры от NevoSoftWorld Voyageuninstall.exe»
NevoSoft Zeal (remove only)—>»C:Program FilesИгры от NevoSoftZealuninstall.exe»
OCR Software by I.R.I.S 7.0—>C:Program FilesHPDigital ImagingOCRhpzscr01.exe -datfile hpqbud11.dat
Passware Kit 7.0 Enterprise Edition—>C:PROGRA~1PasswareUNWISE.EXE /U C:PROGRA~1Passwarekit.log
Picture Shifter version 2.1.0—>»C:Program FilesPicture Shifterunins000.exe»
PICVideo Codecs—>C:WINDOWSsystem32UNPICVID2.EXE «PICVideo Codecs Uninstall»
Pragma—>»C:WINDOWSPragma Uninstaller.exe»
QuickTime—>MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine—>MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine—>MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Russian (Phonetic)—>MsiExec.exe /I{FC11767C-BE7C-4757-8BCF-03692E146B04}
Security Update for CAPICOM (KB931906)—>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)—>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)—>»C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB928090)—>»C:WINDOWSie7updatesKB928090-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB931768)—>»C:WINDOWSie7updatesKB931768-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB933566)—>»C:WINDOWSie7updatesKB933566-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB937143)—>»C:WINDOWSie7updatesKB937143-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB938127)—>»C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB939653)—>»C:WINDOWSie7updatesKB939653-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB942615)—>»C:WINDOWSie7updatesKB942615-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB950759)—>»C:WINDOWSie7updatesKB950759-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB953838)—>»C:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB956390)—>»C:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB960714)—>»C:WINDOWSie7updatesKB960714-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB961260)—>»C:WINDOWSie7updatesKB961260-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB963027)—>»C:WINDOWSie7updatesKB963027-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB969897)—>»C:WINDOWSie7updatesKB969897-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 8 (KB969897)—>»C:WINDOWSie8updatesKB969897-IE8spuninstspuninst.exe»
Security Update for Windows Internet Explorer 8 (KB971961)—>»C:WINDOWSie8updatesKB971961-IE8spuninstspuninst.exe»
Security Update for Windows Internet Explorer 8 (KB974455)—>»C:WINDOWSie8updatesKB974455-IE8spuninstspuninst.exe»
Security Update for Windows Internet Explorer 8 (KB976325)—>»C:WINDOWSie8updatesKB976325-IE8spuninstspuninst.exe»
Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB954155)—>»C:WINDOWS$NtUninstallKB954155_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB968816)—>»C:WINDOWS$NtUninstallKB968816_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB917734)—>»C:WINDOWS$NtUninstallKB917734_WMP10$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Security Update for Windows Media Player 9 (KB911565)—>»C:WINDOWS$NtUninstallKB911565$spuninstspuninst.exe»
Security Update for Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Security Update for Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Security Update for Windows XP (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Security Update for Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Security Update for Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Security Update for Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Security Update for Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Security Update for Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Security Update for Windows XP (KB951376)—>»C:WINDOWS$NtUninstallKB951376$spuninstspuninst.exe»
Security Update for Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Security Update for Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Security Update for Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Security Update for Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Security Update for Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
Security Update for Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Security Update for Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Security Update for Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Security Update for Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Security Update for Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Security Update for Windows XP (KB956744)—>»C:WINDOWS$NtUninstallKB956744$spuninstspuninst.exe»
Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Security Update for Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Security Update for Windows XP (KB956844)—>»C:WINDOWS$NtUninstallKB956844$spuninstspuninst.exe»
Security Update for Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Security Update for Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Security Update for Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
Security Update for Windows XP (KB958869)—>»C:WINDOWS$NtUninstallKB958869$spuninstspuninst.exe»
Security Update for Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Security Update for Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Security Update for Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Security Update for Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Security Update for Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
Security Update for Windows XP (KB961371-v2)—>»C:WINDOWS$NtUninstallKB961371-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB961373)—>»C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe»
Security Update for Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Security Update for Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Security Update for Windows XP (KB969059)—>»C:WINDOWS$NtUninstallKB969059$spuninstspuninst.exe»
Security Update for Windows XP (KB969898)—>»C:WINDOWS$NtUninstallKB969898$spuninstspuninst.exe»
Security Update for Windows XP (KB969947)—>»C:WINDOWS$NtUninstallKB969947$spuninstspuninst.exe»
Security Update for Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
Security Update for Windows XP (KB970430)—>»C:WINDOWS$NtUninstallKB970430$spuninstspuninst.exe»
Security Update for Windows XP (KB971486)—>»C:WINDOWS$NtUninstallKB971486$spuninstspuninst.exe»
Security Update for Windows XP (KB971557)—>»C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe»
Security Update for Windows XP (KB971633)—>»C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe»
Security Update for Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
Security Update for Windows XP (KB973354)—>»C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe»
Security Update for Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
Security Update for Windows XP (KB973525)—>»C:WINDOWS$NtUninstallKB973525$spuninstspuninst.exe»
Security Update for Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
Security Update for Windows XP (KB973904)—>»C:WINDOWS$NtUninstallKB973904$spuninstspuninst.exe»
Security Update for Windows XP (KB974112)—>»C:WINDOWS$NtUninstallKB974112$spuninstspuninst.exe»
Security Update for Windows XP (KB974318)—>»C:WINDOWS$NtUninstallKB974318$spuninstspuninst.exe»
Security Update for Windows XP (KB974392)—>»C:WINDOWS$NtUninstallKB974392$spuninstspuninst.exe»
Security Update for Windows XP (KB974571)—>»C:WINDOWS$NtUninstallKB974571$spuninstspuninst.exe»
Security Update for Windows XP (KB975025)—>»C:WINDOWS$NtUninstallKB975025$spuninstspuninst.exe»
Security Update for Windows XP (KB975467)—>»C:WINDOWS$NtUninstallKB975467$spuninstspuninst.exe»
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Audio Module—>MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module—>MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module—>MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic DLA—>MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler—>MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus—>MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager—>MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Ericsson PC Suite—>MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797}
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime100Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}Setup.exe» -l0x9 -removeonly
Spelling Dictionaries Support For Adobe Reader 9—>MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Super Internet TV v7.3—>»C:Program FilesSuper Internet TVunins000.exe»
Super Internet TV v8.0 (Free Edition)—>»C:Program FilesSuper Internet TVunins001.exe»
Synaptics Pointing Device Driver—>rundll32.exe «C:Program FilesSynapticsSynTPSynISDLL.dll»,standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.—>c:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{48CF6549-B45D-4313-9927-EFCCC8A3493F} /l1033
Update for Windows Internet Explorer 8 (KB971930)—>»C:WINDOWSie8updatesKB971930-IE8spuninstspuninst.exe»
Update for Windows Internet Explorer 8 (KB976749)—>»C:WINDOWSie8updatesKB976749-IE8spuninstspuninst.exe»
Update for Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Update for Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Update for Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Update for Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
Update for Windows XP (KB968389)—>»C:WINDOWS$NtUninstallKB968389$spuninstspuninst.exe»
Update for Windows XP (KB971737)—>»C:WINDOWS$NtUninstallKB971737$spuninstspuninst.exe»
Update for Windows XP (KB973687)—>»C:WINDOWS$NtUninstallKB973687$spuninstspuninst.exe»
Update for Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
WAY Home Europe—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D01727B1-9DAF-11D4-8A5B-00500499FAAB}/setup.exe»
Winamp—>»C:Program FilesWinampUninstWA.exe»
Windows Driver Package — Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)—>C:PROGRA~1DIFX7B44739871F4D539FA473F57A832EA4B6A59EF06DPInst.exe /d /u C:WINDOWSsystem32DRVSTOREamdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7amdk8.inf
Windows Internet Explorer 8—>»C:WINDOWSie8spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
WinRAR archiver—>C:Program FilesWinRARuninstall.exe
Сокровища Монтесумы —>C:Program FilesСокровища МонтесумыUninstall.exe
Яндекс.Бар для Internet Explorer 4.0.0—>»C:Program FilesYandexYandexBarIEunins000.exe»======Security center information======
AV: ESET NOD32 Antivirus 3.0
======System event log======
Computer Name: MARKOV
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.Record Number: 2535259
Source Name: Tcpip
Time Written: 20091209202840.000000+120
Event Type: warning
User:Computer Name: MARKOV
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.Record Number: 2535257
Source Name: b57w2k
Time Written: 20091209201715.000000+120
Event Type: warning
User:Computer Name: MARKOV
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.Record Number: 2535255
Source Name: Tcpip
Time Written: 20091209193349.000000+120
Event Type: warning
User:Computer Name: MARKOV
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.Record Number: 2535254
Source Name: Tcpip
Time Written: 20091209180455.000000+120
Event Type: warning
User:Computer Name: MARKOV
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.Record Number: 2535241
Source Name: Tcpip
Time Written: 20091209175057.000000+120
Event Type: warning
User:=====Application event log=====
Computer Name: YOUR-4105E587B6
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.0.3439, faulting module nppl3260.dll, version 6.0.12.46, fault address 0x000054bb.Record Number: 6376
Source Name: Application Error
Time Written: 20090706064333.000000+180
Event Type: error
User:Computer Name: YOUR-4105E587B6
Event Code: 1000
Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.Record Number: 6335
Source Name: Application Error
Time Written: 20090628215901.000000+180
Event Type: error
User:Computer Name: YOUR-4105E587B6
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04225bac.Record Number: 6334
Source Name: Application Error
Time Written: 20090628215851.000000+180
Event Type: error
User:Computer Name: YOUR-4105E587B6
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03cc5bac.Record Number: 6297
Source Name: Application Error
Time Written: 20090626143944.000000+180
Event Type: error
User:Computer Name: YOUR-4105E587B6
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02d45bac.Record Number: 6289
Source Name: Application Error
Time Written: 20090625224854.000000+180
Event Type: error
User:======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%system32wbem;C:Program FilesATI TechnologiesATI.ACE;C:Program FilesHPQIAMbin;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=4802
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«SonicCentral»=C:Program FilesCommon FilesSonic SharedSonic Central
«CLASSPATH»=.;C:Program FilesJavajre1.6.0_03libextQTJava.zip
«QTJAVA»=C:Program FilesJavajre1.6.0_03libextQTJava.zip
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Просканируйте ваш компьютер снова программой Combofix.
Получившийся лог вставьте в ваше следующее сообщение.ComboFix 09-12-21.08 — User 22.12.2009 22:43:28.4.2 — x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.1407.729 [GMT 2:00]
Running from: c:documents and settingsUser.YOUR-4105E587B6DesktopComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.2009-12-22 17:59 . 2009-12-22 18:23
d
w- c:program filestrend micro
2009-12-22 17:59 . 2009-12-22 17:59
d
w- C:rsit
2009-12-15 10:17 . 2009-12-15 10:17
d-sh—w- c:documents and settingsUser.YOUR-4105E587B6IECompatCache
2009-12-15 09:04 . 2009-12-22 20:51 704512 —-a-w- c:windowssystem32driversjqxoeh.sys
2009-12-15 09:02 . 2009-12-15 09:02 190 —-a-w- c:windowssystem32fjhdyfhsn.bat
2009-12-14 10:17 . 2009-12-14 10:17
d
w- c:documents and settingsUser.YOUR-4105E587B6Local SettingsApplication DataSuper Internet TV
2009-12-13 13:04 . 2009-12-13 13:07
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataWinamp
2009-12-03 22:52 . 2009-08-26 13:22 114688 —-a-w- c:documents and settingsUser.YOUR-4105E587B6Application DataMozillaFirefoxProfilesenrkuqxb.defaultextensionsnpfax@microgaming.co.ukplatformWINNT_x86-msvcpluginsnpfax.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 20:52 . 2008-10-13 17:02
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DatauTorrent
2009-12-22 20:52 . 2008-10-10 14:20
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataSkype
2009-12-21 21:59 . 2008-11-17 13:11
d
w- c:program filesWebalta
2009-12-21 18:16 . 2007-02-10 19:21
d
w- c:program filesEset
2009-12-20 19:08 . 2009-09-04 17:58
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataShopping Blocks
2009-12-20 01:54 . 2007-12-16 18:50
d
w- c:program filesArtMoney
2009-12-19 23:38 . 2007-03-19 15:27
d
w- c:program filesBug Doctor
2009-12-18 01:08 . 2007-04-01 16:33
d
w- c:program filesFlashFXP
2009-12-16 12:36 . 2007-02-08 09:47
d
w- c:program filesrmDC++
2009-12-15 09:02 . 2009-12-15 09:02 20 —-a-w- c:windowssystem32configsystemprofileApplication Datafvgqad.dat
2009-12-14 10:50 . 2008-09-03 06:16
d
w- c:program filesSuper Internet TV
2009-12-14 10:15 . 2008-09-03 06:16
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-12-13 13:04 . 2007-02-08 11:23
d
w- c:program filesWinamp
2009-12-11 22:09 . 2007-02-21 18:21
d
w- c:documents and settingsAll UsersApplication DataSkype
2009-12-02 11:11 . 2007-04-23 17:06
d
w- c:program filesИгры от NevoSoft
2009-11-26 18:56 . 2007-10-26 16:47
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataU3
2009-11-26 18:12 . 2008-09-05 11:26
d
w- c:program filesiTunes
2009-11-26 18:12 . 2009-09-01 22:02
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataApple Computer
2009-11-25 18:33 . 2008-08-16 21:23
d
w- c:program filesCommon FilesAdobe
2009-11-20 14:15 . 2009-11-20 14:15 16 —-a-w- c:documents and settingsLocalServiceApplication Datazxcvbd.dat
2009-11-19 17:01 . 2009-11-19 17:01 16 —-a-w- c:windowssystem32configsystemprofileApplication Datazxcvbd.dat
2009-11-17 21:57 . 2009-11-17 21:57
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataABBYY
2009-11-16 22:41 . 2009-11-07 11:55
d
w- c:program filesCommon FilesMotive
2009-11-16 22:39 . 2009-11-06 11:38
d
w- c:documents and settingsAll UsersApplication DataMotive
2009-11-16 22:38 . 2007-02-16 16:30
d
w- c:program filesYahoo!
2009-11-16 12:21 . 2009-11-16 12:21
d
w- c:documents and settingsAll UsersApplication DataCitrix
2009-11-16 12:20 . 2009-11-16 12:20 103784 —-a-w- c:documents and settingsUser.YOUR-4105E587B6GoToAssistDownloadHelper.exe
2009-11-11 15:11 . 2009-11-11 15:11
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataGraveyardShift
2009-11-05 00:04 . 2009-11-05 00:04
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataNevoSoft Games
2009-11-03 22:46 . 2009-11-03 22:45
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataMotive
2009-11-03 22:43 . 2009-11-03 22:43
d
w- c:program filesCitrix
2009-11-03 22:43 . 2006-07-11 05:39
d—h—w- c:program filesInstallShield Installation Information
2009-10-29 07:45 . 2004-08-04 08:00 916480
w- c:windowssystem32wininet.dll
2009-10-21 05:38 . 2004-08-04 08:00 75776 —-a-w- c:windowssystem32strmfilt.dll
2009-10-21 05:38 . 2004-08-04 08:00 25088 —-a-w- c:windowssystem32httpapi.dll
2009-10-20 16:20 . 2004-08-04 08:00 265728 —-a-w- c:windowssystem32drivershttp.sys
2009-10-13 10:30 . 2004-08-04 08:00 270336 —-a-w- c:windowssystem32oakley.dll
2009-10-12 13:38 . 2004-08-04 08:00 149504 —-a-w- c:windowssystem32rastls.dll
2009-10-12 13:38 . 2004-08-04 08:00 79872 —-a-w- c:windowssystem32raschap.dll
2007-02-27 07:06 . 2007-03-18 20:53 12599196 —-a-w- c:program filesgoodOne.rar
2007-11-01 10:43 . 2007-11-01 10:43 56 —sha-w- c:windowsSMINSThpboot.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Skype»=»c:documents and settingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe» [2007-12-07 21686568]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2008-02-28 1828136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«ATICCC»=»c:program filesATI TechnologiesATI.ACECLIStart.exe» [2006-05-10 90112]
«hpWirelessAssistant»=»c:program fileshpqHP Wireless AssistantHP Wireless Assistant.exe» [2006-03-28 454656]
«SynTPStart»=»c:program filesSynapticsSynTPSynTPStart.exe» [2007-09-14 102400]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-10-24 1451264]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-05-27 413696]
«NevoDRM»=»c:игры от nevosoftNevoDRMNevoDRM.exe» [2008-12-11 41984]c:documents and settingsUser.YOUR-4105E587B6Start MenuProgramsStartup
uTorrent.lnk — c:program filesuTorrentutorrent.exe [2008-1-27 289584][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyGoToAssist]
2009-11-16 12:21 13672 —-a-w- c:program filesCitrixGoToAssist599g2awinlogon.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyIfxWlxEN]
2006-03-03 15:08 434176 —-a-w- c:windowssystem32IfxWlxEN.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyOneCard]
2005-07-25 18:41 40960 —-a-w- c:program filesHPQIAMBinAsWlnPkg.dll[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk
backup=c:windowspssAdobe Reader Speed Launch.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupAdobe Reader Synchronizer.lnk
backup=c:windowspssAdobe Reader Synchronizer.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupDVD Check.lnk
backup=c:windowspssDVD Check.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^ICON 225 USB Connect.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupICON 225 USB Connect.lnk
backup=c:windowspssICON 225 USB Connect.lnkCommon Startup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
2009-09-04 10:08 935288 —-a-r- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2009-10-03 02:08 35696 —-a-w- c:program filesAdobeReader 9.0Readerreader_sl.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAppleSyncNotifier]
2008-07-22 17:42 116040 —-a-w- c:program filesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCognizanceTS]
2003-12-22 18:12 17920 —-a-w- c:progra~1HPQIAMBinAsTsVcc.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCpqset]
2006-04-21 16:30 40960 —-a-w- c:program filesHewlett-PackardDefault SettingsCpqset.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools]
2006-11-12 10:48 157592 —-a-w- c:program filesDAEMON Toolsdaemon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDLA]
2005-08-31 12:20 122940 —-a-w- c:windowssystem32DLADLACTRLW.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFineReader7NewsReaderPro]
2003-08-19 22:22 278528 —-a-w- c:program filesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
2007-05-08 14:24 54840 —-a-w- c:program filesHpHP Software UpdatehpwuSchd2.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
2008-07-30 07:47 289064 —-a-w- c:program filesiTunesiTunesHelper.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 00:12 1695232 —-a-w- c:program filesMessengermsmsgs.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2008-02-28 06:59 570664 —-a-w- c:program filesCommon FilesNeroLibNeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNevoDRM]
2008-07-29 11:12 201728 —-a-w- c:program filesИгры от NevoSoftNevoDRMNevoDRM.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPragma]
2008-11-03 12:57 408872 —-a-w- c:progra~1TRIDEN~1Pragmapragma.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPragma5]
2008-11-03 12:57 44328 —-a-w- c:program filesTrident SoftwarePragmaprestart.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPTHOSTTR]
2006-02-14 18:56 122880 —-a-w- c:program filesHPQHP ProtectTools Security Managerpthosttr.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQlbCtrl]
2006-03-23 18:38 131072 —-a-w- c:program filesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2008-05-27 07:50 413696 —-a-w- c:program filesQuickTimeQTTask.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRecguard]
2005-12-20 23:51 1187840 —-a-w- c:windowsSMINSTRecguard.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregReminder]
2006-03-10 00:38 806912 —-a-w- c:windowsCREATORRemind_XP.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregScheduler]
2006-02-15 15:43 892928 —-a-w- c:windowsSMINSTScheduler.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAX]
2005-05-06 22:06 716800 —-a-w- c:program filesAnalog DevicesSoundMAXSMax4.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
2005-05-20 09:11 925696 —-a-w- c:program filesAnalog DevicesCoresmax4pnp.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynTPEnh]
2007-09-14 16:27 1015808 —-a-w- c:program filesSynapticsSynTPSynTPEnh.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
2008-09-03 06:22 185896 —-a-w- c:program filesCommon FilesRealUpdate_OBrealsched.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWatchDog]
2006-03-31 11:58 184320 —-a-w- c:program filesInterVideoDVD CheckDVDCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMPNSCFG]
2006-10-18 18:05 204288
w- c:program filesWindows Media Playerwmpnscfg.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«LightScribeService»=2 (0x2)
«kavsvc»=2 (0x2)
«iPod Service»=3 (0x3)
«IDriverT»=3 (0x3)
«Bonjour Service»=2 (0x2)
«Apple Mobile Device»=2 (0x2)
«wuauserv»=2 (0x2)
«wscsvc»=2 (0x2)
«WMPNetworkSvc»=2 (0x2)
«WebaltaController»=2 (0x2)
«SharedAccess»=2 (0x2)
«PersonalSecureDriveService»=2 (0x2)
«Netlogon»=3 (0x3)
«lanmanserver»=2 (0x2)
«helpsvc»=2 (0x2)
«GtDetectSc»=2 (0x2)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\SMINST\Scheduler.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Real\RealPlayer\realplay.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Super Internet TV\OnlineTV.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hposid01.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe»=
«c:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe»=
«c:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Documents and Settings\User 1\Local Settings\Application Data\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«3389:TCP»= 3389:TCP:@xpsp2res.dll,-22009
«1723:TCP»= 1723:TCP:@xpsp2res.dll,-22015
«1701:UDP»= 1701:UDP:@xpsp2res.dll,-22016
«500:UDP»= 500:UDP:@xpsp2res.dll,-22017R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [24.10.2008 19:53 34824]
R1 PersonalSecureDrive;PersonalSecureDrive;c:windowssystem32driverspsd.sys [29.11.2005 18:56 36768]
R2 ASChannel;Local Communication Channel;c:windowsSystem32svchost.exe -k Cognizance [04.08.2004 10:00 14336]
R2 ekrn;Eset Service;c:program filesEsetESET NOD32 Antivirusekrn.exe [24.10.2008 19:51 468224]
R3 IFXTPM;IFXTPM;c:windowssystem32driversifxtpm.sys [21.10.2005 13:19 36352]
S1 klmc;KLMC driver;c:windowssystem32driversklmc.sys —> c:windowssystem32driversklmc.sys [?]
S2 PTsup5;PsViatau;c:program filesTrident SoftwarePragmaPTsup5.exe [01.07.2008 8:52 81192]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [24.02.2007 18:34 639224]
S4 WebaltaController;Webalta Controller;c:program filesWebaltaWebaltaUpdaterService.exe [20.11.2008 8:27 97794]— Other Services/Drivers In Memory —
*Deregistered* — jqxoeh
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
Cognizance REG_MULTI_SZ ASChannel
.
Supplementary Scan
.
uStart Page = about:blank
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Webalta — Добавить в Анти-Баннер — c:program filesWebaltaextentionsWebalta_antiban.htm
FF — ProfilePath — c:documents and settingsUser.YOUR-4105E587B6Application DataMozillaFirefoxProfilesenrkuqxb.default
FF — prefs.js: browser.search.defaulturl — hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage — hxxp://www.hp.com/
FF — prefs.js: keyword.URL — hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF — plugin: c:documents and settingsUser.YOUR-4105E587B6Application DataMozillaFirefoxProfilesenrkuqxb.defaultextensionsnpfax@microgaming.co.ukplatformWINNT_x86-msvcpluginsnpfax.dll
FF — plugin: c:program filesMozilla FirefoxpluginsnpBTEmailConfig.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 22:51
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet003Servicesjqxoeh]
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(816)
c:windowssystem32Ati2evxx.dll
c:program filesCitrixGoToAssist599G2AWinLogon.dll
c:program filesHPQIAMBinAsWlnPkg.dll
c:windowssystem32IfxWlxEN.dll— — — — — — — > ‘explorer.exe'(2948)
c:windowssystem32WININET.dll
c:program filesHPQIAMBinSFSShell.dll
c:program filesHPQIAMbinItMsg.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2009-12-22 22:54:26
ComboFix-quarantined-files.txt 2009-12-22 20:54
ComboFix2.txt 2009-12-21 22:48Pre-Run: 4 334 157 824 bytes free
Post-Run: 4 414 242 816 bytes freeCurrent=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
— — End Of File — — 6F761362462263115EB8F339B0C8B5E9ComboFix 09-12-21.08 — User 27.12.2009 13:03:42.5.2 — x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.1407.676 [GMT 2:00]
Running from: c:documents and settingsUser.YOUR-4105E587B6DesktopComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.2009-12-25 14:53 . 2009-12-25 14:53
d
w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2009-12-25 14:17 . 2009-11-21 15:51 471552
w- c:windowssystem32dllcacheaclayers.dll
2009-12-22 17:59 . 2009-12-22 18:23
d
w- c:program filestrend micro
2009-12-22 17:59 . 2009-12-22 17:59
d
w- C:rsit
2009-12-15 10:17 . 2009-12-15 10:17
d-sh—w- c:documents and settingsUser.YOUR-4105E587B6IECompatCache
2009-12-15 09:04 . 2009-12-27 11:11 704512 —-a-w- c:windowssystem32driversjqxoeh.sys
2009-12-15 09:02 . 2009-12-15 09:02 190 —-a-w- c:windowssystem32fjhdyfhsn.bat
2009-12-14 10:17 . 2009-12-14 10:17
d
w- c:documents and settingsUser.YOUR-4105E587B6Local SettingsApplication DataSuper Internet TV
2009-12-13 13:04 . 2009-12-13 13:07
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataWinamp
2009-12-03 22:52 . 2009-08-26 13:22 114688 —-a-w- c:documents and settingsUser.YOUR-4105E587B6Application DataMozillaFirefoxProfilesenrkuqxb.defaultextensionsnpfax@microgaming.co.ukplatformWINNT_x86-msvcpluginsnpfax.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 11:12 . 2008-10-13 17:02
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DatauTorrent
2009-12-27 11:11 . 2008-10-10 14:20
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataSkype
2009-12-22 21:15 . 2009-09-04 17:58
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataShopping Blocks
2009-12-21 21:59 . 2008-11-17 13:11
d
w- c:program filesWebalta
2009-12-21 18:16 . 2007-02-10 19:21
d
w- c:program filesEset
2009-12-20 01:54 . 2007-12-16 18:50
d
w- c:program filesArtMoney
2009-12-19 23:38 . 2007-03-19 15:27
d
w- c:program filesBug Doctor
2009-12-18 01:08 . 2007-04-01 16:33
d
w- c:program filesFlashFXP
2009-12-16 12:36 . 2007-02-08 09:47
d
w- c:program filesrmDC++
2009-12-15 09:02 . 2009-12-15 09:02 20 —-a-w- c:windowssystem32configsystemprofileApplication Datafvgqad.dat
2009-12-14 10:50 . 2008-09-03 06:16
d
w- c:program filesSuper Internet TV
2009-12-14 10:15 . 2008-09-03 06:16
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-12-13 13:04 . 2007-02-08 11:23
d
w- c:program filesWinamp
2009-12-11 22:09 . 2007-02-21 18:21
d
w- c:documents and settingsAll UsersApplication DataSkype
2009-12-02 11:11 . 2007-04-23 17:06
d
w- c:program filesИгры от NevoSoft
2009-11-26 18:56 . 2007-10-26 16:47
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataU3
2009-11-26 18:12 . 2008-09-05 11:26
d
w- c:program filesiTunes
2009-11-26 18:12 . 2009-09-01 22:02
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataApple Computer
2009-11-25 18:33 . 2008-08-16 21:23
d
w- c:program filesCommon FilesAdobe
2009-11-21 15:51 . 2004-08-04 08:00 471552 —-a-w- c:windowsAppPatchaclayers.dll
2009-11-20 14:15 . 2009-11-20 14:15 16 —-a-w- c:documents and settingsLocalServiceApplication Datazxcvbd.dat
2009-11-19 17:01 . 2009-11-19 17:01 16 —-a-w- c:windowssystem32configsystemprofileApplication Datazxcvbd.dat
2009-11-17 21:57 . 2009-11-17 21:57
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataABBYY
2009-11-16 22:41 . 2009-11-07 11:55
d
w- c:program filesCommon FilesMotive
2009-11-16 22:39 . 2009-11-06 11:38
d
w- c:documents and settingsAll UsersApplication DataMotive
2009-11-16 22:38 . 2007-02-16 16:30
d
w- c:program filesYahoo!
2009-11-16 12:21 . 2009-11-16 12:21
d
w- c:documents and settingsAll UsersApplication DataCitrix
2009-11-16 12:20 . 2009-11-16 12:20 103784 —-a-w- c:documents and settingsUser.YOUR-4105E587B6GoToAssistDownloadHelper.exe
2009-11-11 15:11 . 2009-11-11 15:11
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataGraveyardShift
2009-11-05 00:04 . 2009-11-05 00:04
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataNevoSoft Games
2009-11-03 22:46 . 2009-11-03 22:45
d
w- c:documents and settingsUser.YOUR-4105E587B6Application DataMotive
2009-11-03 22:43 . 2009-11-03 22:43
d
w- c:program filesCitrix
2009-11-03 22:43 . 2006-07-11 05:39
d—h—w- c:program filesInstallShield Installation Information
2009-10-29 07:45 . 2004-08-04 08:00 916480
w- c:windowssystem32wininet.dll
2009-10-21 05:38 . 2004-08-04 08:00 75776 —-a-w- c:windowssystem32strmfilt.dll
2009-10-21 05:38 . 2004-08-04 08:00 25088 —-a-w- c:windowssystem32httpapi.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 —-a-w- c:documents and settingsAll UsersApplication DataKaspersky Lab Setup FilesKaspersky Internet Security 2010 9.0.0.736Englishsetup.exe
2009-10-20 16:20 . 2004-08-04 08:00 265728 —-a-w- c:windowssystem32drivershttp.sys
2009-10-13 10:30 . 2004-08-04 08:00 270336 —-a-w- c:windowssystem32oakley.dll
2009-10-12 13:38 . 2004-08-04 08:00 149504 —-a-w- c:windowssystem32rastls.dll
2009-10-12 13:38 . 2004-08-04 08:00 79872 —-a-w- c:windowssystem32raschap.dll
2007-02-27 07:06 . 2007-03-18 20:53 12599196 —-a-w- c:program filesgoodOne.rar
2007-11-01 10:43 . 2007-11-01 10:43 56 —sha-w- c:windowsSMINSThpboot.sys
.((((((((((((((((((((((((((((( SnapShot@2009-12-22_20.51.28 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Skype»=»c:documents and settingsUser 1Local SettingsApplication DataSkypePhoneSkype.exe» [2007-12-07 21686568]
«IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe» [2008-02-28 1828136][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«ATICCC»=»c:program filesATI TechnologiesATI.ACECLIStart.exe» [2006-05-10 90112]
«hpWirelessAssistant»=»c:program fileshpqHP Wireless AssistantHP Wireless Assistant.exe» [2006-03-28 454656]
«SynTPStart»=»c:program filesSynapticsSynTPSynTPStart.exe» [2007-09-14 102400]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-10-24 1451264]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-05-27 413696]
«NevoDRM»=»c:игры от nevosoftNevoDRMNevoDRM.exe» [2008-12-11 41984]c:documents and settingsUser.YOUR-4105E587B6Start MenuProgramsStartup
uTorrent.lnk — c:program filesuTorrentutorrent.exe [2008-1-27 289584][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyGoToAssist]
2009-11-16 12:21 13672 —-a-w- c:program filesCitrixGoToAssist599g2awinlogon.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyIfxWlxEN]
2006-03-03 15:08 434176 —-a-w- c:windowssystem32IfxWlxEN.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyOneCard]
2005-07-25 18:41 40960 —-a-w- c:program filesHPQIAMBinAsWlnPkg.dll[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk
backup=c:windowspssAdobe Reader Speed Launch.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupAdobe Reader Synchronizer.lnk
backup=c:windowspssAdobe Reader Synchronizer.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupDVD Check.lnk
backup=c:windowspssDVD Check.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^ICON 225 USB Connect.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupICON 225 USB Connect.lnk
backup=c:windowspssICON 225 USB Connect.lnkCommon Startup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
2009-09-04 10:08 935288 —-a-r- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2009-10-03 02:08 35696 —-a-w- c:program filesAdobeReader 9.0Readerreader_sl.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAppleSyncNotifier]
2008-07-22 17:42 116040 —-a-w- c:program filesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCognizanceTS]
2003-12-22 18:12 17920 —-a-w- c:progra~1HPQIAMBinAsTsVcc.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCpqset]
2006-04-21 16:30 40960 —-a-w- c:program filesHewlett-PackardDefault SettingsCpqset.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools]
2006-11-12 10:48 157592 —-a-w- c:program filesDAEMON Toolsdaemon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDLA]
2005-08-31 12:20 122940 —-a-w- c:windowssystem32DLADLACTRLW.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFineReader7NewsReaderPro]
2003-08-19 22:22 278528 —-a-w- c:program filesABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
2007-05-08 14:24 54840 —-a-w- c:program filesHpHP Software UpdatehpwuSchd2.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
2008-07-30 07:47 289064 —-a-w- c:program filesiTunesiTunesHelper.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 00:12 1695232 —-a-w- c:program filesMessengermsmsgs.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2008-02-28 06:59 570664 —-a-w- c:program filesCommon FilesNeroLibNeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNevoDRM]
2008-07-29 11:12 201728 —-a-w- c:program filesИгры от NevoSoftNevoDRMNevoDRM.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPragma]
2008-11-03 12:57 408872 —-a-w- c:progra~1TRIDEN~1Pragmapragma.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPragma5]
2008-11-03 12:57 44328 —-a-w- c:program filesTrident SoftwarePragmaprestart.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPTHOSTTR]
2006-02-14 18:56 122880 —-a-w- c:program filesHPQHP ProtectTools Security Managerpthosttr.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQlbCtrl]
2006-03-23 18:38 131072 —-a-w- c:program filesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2008-05-27 07:50 413696 —-a-w- c:program filesQuickTimeQTTask.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRecguard]
2005-12-20 23:51 1187840 —-a-w- c:windowsSMINSTRecguard.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregReminder]
2006-03-10 00:38 806912 —-a-w- c:windowsCREATORRemind_XP.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregScheduler]
2006-02-15 15:43 892928 —-a-w- c:windowsSMINSTScheduler.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAX]
2005-05-06 22:06 716800 —-a-w- c:program filesAnalog DevicesSoundMAXSMax4.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
2005-05-20 09:11 925696 —-a-w- c:program filesAnalog DevicesCoresmax4pnp.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynTPEnh]
2007-09-14 16:27 1015808 —-a-w- c:program filesSynapticsSynTPSynTPEnh.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
2008-09-03 06:22 185896 —-a-w- c:program filesCommon FilesRealUpdate_OBrealsched.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWatchDog]
2006-03-31 11:58 184320 —-a-w- c:program filesInterVideoDVD CheckDVDCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMPNSCFG]
2006-10-18 18:05 204288
w- c:program filesWindows Media Playerwmpnscfg.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«LightScribeService»=2 (0x2)
«kavsvc»=2 (0x2)
«iPod Service»=3 (0x3)
«IDriverT»=3 (0x3)
«Bonjour Service»=2 (0x2)
«Apple Mobile Device»=2 (0x2)
«wuauserv»=2 (0x2)
«wscsvc»=2 (0x2)
«WMPNetworkSvc»=2 (0x2)
«WebaltaController»=2 (0x2)
«SharedAccess»=2 (0x2)
«PersonalSecureDriveService»=2 (0x2)
«Netlogon»=3 (0x3)
«lanmanserver»=2 (0x2)
«helpsvc»=2 (0x2)
«GtDetectSc»=2 (0x2)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\WINDOWS\SMINST\Scheduler.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Real\RealPlayer\realplay.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Super Internet TV\OnlineTV.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hposid01.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe»=
«c:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe»=
«c:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe»=
«c:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Documents and Settings\User 1\Local Settings\Application Data\Skype\Phone\Skype.exe»=
«c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«3389:TCP»= 3389:TCP:@xpsp2res.dll,-22009
«1723:TCP»= 1723:TCP:@xpsp2res.dll,-22015
«1701:UDP»= 1701:UDP:@xpsp2res.dll,-22016
«500:UDP»= 500:UDP:@xpsp2res.dll,-22017R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [24.10.2008 19:53 34824]
R1 PersonalSecureDrive;PersonalSecureDrive;c:windowssystem32driverspsd.sys [29.11.2005 18:56 36768]
R2 ASChannel;Local Communication Channel;c:windowsSystem32svchost.exe -k Cognizance [04.08.2004 10:00 14336]
R2 ekrn;Eset Service;c:program filesEsetESET NOD32 Antivirusekrn.exe [24.10.2008 19:51 468224]
R3 IFXTPM;IFXTPM;c:windowssystem32driversifxtpm.sys [21.10.2005 13:19 36352]
S1 klmc;KLMC driver;c:windowssystem32driversklmc.sys —> c:windowssystem32driversklmc.sys [?]
S2 PTsup5;PsViatau;c:program filesTrident SoftwarePragmaPTsup5.exe [01.07.2008 8:52 81192]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [24.02.2007 18:34 639224]
S4 WebaltaController;Webalta Controller;c:program filesWebaltaWebaltaUpdaterService.exe [20.11.2008 8:27 97794]— Other Services/Drivers In Memory —
*Deregistered* — jqxoeh
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
Cognizance REG_MULTI_SZ ASChannel
.
Supplementary Scan
.
uStart Page = about:blank
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Webalta — Добавить в Анти-Баннер — c:program filesWebaltaextentionsWebalta_antiban.htm
FF — ProfilePath — c:documents and settingsUser.YOUR-4105E587B6Application DataMozillaFirefoxProfilesenrkuqxb.default
FF — prefs.js: browser.search.defaulturl — hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF — prefs.js: browser.search.selectedEngine — Яндекс
FF — prefs.js: browser.startup.homepage — hxxp://www.hp.com/
FF — prefs.js: keyword.URL — hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF — plugin: c:documents and settingsUser.YOUR-4105E587B6Application DataMozillaFirefoxProfilesenrkuqxb.defaultextensionsnpfax@microgaming.co.ukplatformWINNT_x86-msvcpluginsnpfax.dll
FF — plugin: c:program filesMozilla FirefoxpluginsnpBTEmailConfig.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 13:11
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet003Servicesjqxoeh]
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(812)
c:windowssystem32Ati2evxx.dll
c:program filesCitrixGoToAssist599G2AWinLogon.dll
c:program filesHPQIAMBinAsWlnPkg.dll
c:windowssystem32IfxWlxEN.dll— — — — — — — > ‘explorer.exe'(3724)
c:windowssystem32WININET.dll
c:program filesHPQIAMBinSFSShell.dll
c:program filesHPQIAMbinItMsg.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2009-12-27 13:14:59
ComboFix-quarantined-files.txt 2009-12-27 11:14
ComboFix2.txt 2009-12-22 20:54
ComboFix3.txt 2009-12-21 22:48Pre-Run: 2 508 275 712 bytes free
Post-Run: 2 483 159 040 bytes freeCurrent=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
— — End Of File — — CCCEF9EFD3E979C5C2BC0933AED9BE0E
- Для ответа в этой теме необходимо авторизоваться.
