- This topic has 5 ответов, 2 участника, and was last updated 16 years, 3 months назад by
.
-
Сообщения
-
День добрый!
Помогите решить проблему.Суть проблемы: вход в интернет блокирует Antivirus 2009. Пытался удалить его программами Anti-Malware и ComboFix. Сам шпион вроде удалился, но вот видать какие то остатки от него всё таки остались и где то засели. При входе в интернет через ИЕ всё блокируется.
Мои логи ниже.Заранее спасибо!
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Aleksei Zdanov at 2009-01-10 16:56:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (10%) free of 76 GB
Total RAM: 502 MB (40% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:25, on 10.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAheadInCDInCDsrv.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Premiumsched.exe
C:Program FilesAviraAntiVir PersonalEdition Premiumavguard.exe
C:Program FilesCommon FilesAutodata Limited SharedServiceADCDLicSvc.exe
C:Program FilesAviraAntiVir PersonalEdition Premiumavesvc.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAviraAntiVir PersonalEdition Premiumavmailc.exe
C:Program FilesAviraAntiVir PersonalEdition PremiumAVWEBGRD.EXE
C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
C:Program FilesApoint2KApoint.exe
C:Program FilesJavajre1.6.0_05binjusched.exe
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesHPQQuick Launch ButtonsEabServr.exe
C:Program FilesAheadInCDInCD.exe
C:Program FilesHpHP Software UpdateHPWuSchd2.exe
C:Program FilesAviraAntiVir PersonalEdition Premiumavgnt.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesApoint2KApntex.exe
C:PROGRA~1MUSICM~1MUSICM~2MMDiag.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmim.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
C:Program FilesHPQSHAREDHPQWMI.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsAleksei ZdanovDesktopRSIT.exe
C:Program Filestrend microAleksei Zdanov.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://rus.delfi.ee/?l=t
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.hp.com/
O1 — Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 — Hosts: 127.255.255.255 http://www.alcohol-soft.com
O1 — Hosts: 127.255.255.255 images.alcohol-soft.com
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 — BHO: &Research — {0B014B81-4E12-46F9-806F-55867AF8FD3C} — C:WINDOWSsystem32winsystems.dll
O2 — BHO: SSVHelper Class — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre1.6.0_05binssv.dll
O4 — HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
O4 — HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre1.6.0_05binjusched.exe»
O4 — HKLM..Run: [hpWirelessAssistant] C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
O4 — HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [LSBWatcher] c:hpdrivershplsbwatcherlsburnwatcher.exe
O4 — HKLM..Run: [eabconfg.cpl] C:Program FilesHPQQuick Launch ButtonsEabServr.exe /Start
O4 — HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 — HKLM..Run: [Adobe Photo Downloader] «C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe»
O4 — HKLM..Run: [MimBoot] C:PROGRA~1MUSICM~1MUSICM~2mimboot.exe
O4 — HKLM..Run: [EstEID AIP switch] «C:Program FilesIT ArendusID-kaartaipswitch.exe» 1
O4 — HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 — HKLM..Run: [HP Software Update] C:Program FilesHpHP Software UpdateHPWuSchd2.exe
O4 — HKLM..Run: [avgnt] «C:Program FilesAviraAntiVir PersonalEdition Premiumavgnt.exe» /min
O4 — HKCU..Run: [NBJ] «C:Program FilesAheadNero BackItUpNBJ.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [avp] C:RECYCLERS-1-5-21-2488087221-3455871120-381771710-6048hdav.exe
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUSS-1-5-18..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O4 — Global Startup: QuickTV.lnk = C:Program FilesAVerTVQuickTV.exe
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O9 — Extra button: (no name) — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_05binssv.dll
O9 — Extra ‘Tools’ menuitem: Sun Java Console — {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — C:Program FilesJavajre1.6.0_05binssv.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O14 — IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 — DPF: {096DCF31-53FA-4BA6-A729-D85D29FC0D70} (Detect Class) — https://installer.id.ee/IDInstaller.cab
O16 — DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) — http://gw.tallinnlv.ee:11082/activex/AxisCamControl.cab
O16 — DPF: {E8EB147D-ABEF-4228-A603-AAA845D1B2C1} (esteidTool Class) — http://www.sk.ee/id-kontroll/20070223.cab
O18 — Protocol: bw+0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw+0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw-0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw-0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw00 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw00s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw10 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw10s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw20 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw20s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw30 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw30s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw40 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw40s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw50 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw50s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw60 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw60s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw70 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw70s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw80 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw80s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw90 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bw90s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwa0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwa0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwb0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwb0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwc0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwc0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwd0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwd0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwe0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwe0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwf0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwf0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — C:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O18 — Protocol: bwg0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwg0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwh0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwh0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwi0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwi0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwj0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwj0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwk0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwk0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwl0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwl0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwm0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwm0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwn0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwn0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwo0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwo0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwp0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwp0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwq0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwq0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwr0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwr0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bws0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bws0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwt0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwt0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwu0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwu0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwv0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwv0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bww0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bww0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwx0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwx0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwy0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwy0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwz0 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: bwz0s — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: offline-8876480 — {59EEDCC5-33D2-4426-90FB-F739C3B87D07} — C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol-8876480.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — Winlogon Notify: urqPiHax — C:WINDOWSSYSTEM32urqPiHax.dll
O23 — Service: Lavasoft Ad-Aware Service (aawservice) — Lavasoft — C:Program FilesLavasoftAd-Awareaawservice.exe
O23 — Service: Avira AntiVir Premium MailGuard (AntiVirMailService) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Premiumavmailc.exe
O23 — Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Premiumsched.exe
O23 — Service: Avira AntiVir Premium Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Premiumavguard.exe
O23 — Service: Avira AntiVir Premium WebGuard (antivirwebservice) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition PremiumAVWEBGRD.EXE
O23 — Service: Autodata Limited License Service — Autodata Limited — C:Program FilesCommon FilesAutodata Limited SharedServiceADCDLicSvc.exe
O23 — Service: Automatic LiveUpdate Scheduler — Unknown owner — C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing)
O23 — Service: Avira AntiVir Premium MailGuard helper service (AVEService) — Avira GmbH — C:Program FilesAviraAntiVir PersonalEdition Premiumavesvc.exe
O23 — Service: HP WMI Interface (hpqwmi) — Hewlett-Packard Development Company, L.P. — C:Program FilesHPQSHAREDHPQWMI.exe
O23 — Service: InCD Helper (InCDsrv) — Ahead Software AG — C:Program FilesAheadInCDInCDsrv.exe
O23 — Service: InCD Helper (read only) (InCDsrvR) — Ahead Software AG — C:Program FilesAheadInCDInCDsrv.exe
O23 — Service: iPod Service (iPodService) — Apple Computer, Inc. — C:Program FilesiPodbiniPodService.exe
O23 — Service: LightScribeService Direct Disc Labeling Service (LightScribeService) — Hewlett-Packard Company — C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 — Service: LiveUpdate — Unknown owner — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE (file missing)
O23 — Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) — CACE Technologies — C:Program FilesWinPcaprpcapd.exe
O23 — Service: ServiceLayer — Nokia. — C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 — Service: Symantec Network Drivers Service (SNDSrvc) — Analog Devices, Inc. — (no file)
O23 — Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) — Analog Devices, Inc. — C:Program FilesAnalog DevicesSoundMAXSMAgent.exe—
End of file — 21387 bytes======Scheduled tasks folder======
C:WINDOWStasksgeqrsixy.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll [2003-11-03 54248][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0B014B81-4E12-46F9-806F-55867AF8FD3C}]
&Research — C:WINDOWSsystem32winsystems.dll [2004-08-04 309760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class — C:Program FilesJavajre1.6.0_05binssv.dll [2008-02-22 509328][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe [2004-10-14 1388544]
«Apoint»=C:Program FilesApoint2KApoint.exe [2005-02-08 159744]
«SunJavaUpdateSched»=C:Program FilesJavajre1.6.0_05binjusched.exe [2008-02-22 144784]
«hpWirelessAssistant»=C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe [2005-05-04 794624]
«iTunesHelper»=C:Program FilesiTunesiTunesHelper.exe [2004-10-13 278528]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2005-08-09 98304]
«LSBWatcher»=c:hpdrivershplsbwatcherlsburnwatcher.exe [2004-10-14 253952]
«eabconfg.cpl»=C:Program FilesHPQQuick Launch ButtonsEabServr.exe [2004-12-03 290816]
«InCD»=C:Program FilesAheadInCDInCD.exe [2004-08-27 1450096]
«Adobe Photo Downloader»=C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe [2005-06-06 57344]
«MimBoot»=C:PROGRA~1MUSICM~1MUSICM~2mimboot.exe [2006-01-19 11776]
«EstEID AIP switch»=C:Program FilesIT ArendusID-kaartaipswitch.exe [2007-02-22 45984]
«PCSuiteTrayApplication»=C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe [2006-11-28 222720]
«HP Software Update»=C:Program FilesHpHP Software UpdateHPWuSchd2.exe [2007-05-08 54840]
«avgnt»=C:Program FilesAviraAntiVir PersonalEdition Premiumavgnt.exe [2008-06-12 266497][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«NBJ»=C:Program FilesAheadNero BackItUpNBJ.exe [2004-09-22 1871872]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«avp»=C:RECYCLERS-1-5-21-2488087221-3455871120-381771710-6048hdav.exe [2009-01-10 90112]C:Documents and SettingsAll UsersStart MenuProgramsStartup
Logitech SetPoint.lnk — C:Program FilesLogitechSetPointSetPoint.exe
QuickTV.lnk — C:Program FilesAVerTVQuickTV.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxsrvc.dll [2005-02-08 348160][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2007-06-28 206088][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyurqPiHax]
C:WINDOWSsystem32urqPiHax.dll [2009-01-10 37376][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
UPnPMonitor — {e57ce738-33e8-4c51-8354-bb4de9d215d1} — C:WINDOWSsystem32upnpui.dll [2008-04-14 239616]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}»=C:WINDOWSsystem32urqPiHax.dll [2009-01-10 37376][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaawservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesiTunesiTunes.exe»=»C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes»
«C:Program FilesMessengermsmsgs.exe»=»C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9b418c23-8596-11dc-a51c-00166f3bb8a7}]
shellAutoRuncommand — G:RECYCLERusbv.exe
shellopencommand — G:RECYCLERusbv.exe======List of files/folders created in the last 1 months======
2009-01-10 16:56:13 —-D—- C:Program Filestrend micro
2009-01-10 16:56:12 —-D—- C:rsit
2009-01-10 16:56:06 —-A—- C:WINDOWSsystem32urqPiHax.dll
2009-01-10 16:55:42 —-RSHD—- C:RECYCLER
2009-01-10 16:47:24 —-D—- C:ComboFix
2009-01-10 16:40:31 —-D—- C:WINDOWStemp
2009-01-10 16:40:27 —-A—- C:ComboFix.txt
2009-01-10 16:33:57 —-D—- C:WINDOWSERDNT
2009-01-10 13:45:43 —-D—- C:Program FilesLavasoft
2009-01-10 13:45:41 —-D—- C:Documents and SettingsAll UsersApplication DataLavasoft
2009-01-10 13:43:54 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-01-10 13:39:38 —-D—- C:Program FilesAdvanced Spyware Remover
2009-01-10 12:01:41 —-D—- C:Documents and SettingsAleksei ZdanovApplication DataAvira
2009-01-10 11:56:35 —-A—- C:WINDOWSsystem32avsda.dll
2009-01-10 11:56:34 —-D—- C:Program FilesAvira
2009-01-10 11:56:34 —-D—- C:Documents and SettingsAll UsersApplication DataAvira
2009-01-10 11:22:41 —-D—- C:Documents and SettingsAleksei ZdanovApplication DataMozilla
2009-01-10 11:22:23 —-D—- C:Program FilesMozilla Firefox
2009-01-10 00:50:39 —-D—- C:Documents and SettingsAleksei ZdanovApplication DataPCToolsFirewallPlus
2009-01-10 00:49:31 —-D—- C:Documents and SettingsAleksei ZdanovApplication DataPCToolsSpamMonitorPlus
2009-01-10 00:38:11 —-D—- C:Program FilesCommon FilesPC Tools
2009-01-10 00:38:05 —-D—- C:Documents and SettingsAll UsersApplication DataPC Tools
2009-01-09 23:43:13 —-D—- C:Documents and SettingsAleksei ZdanovApplication DataMalwarebytes
2009-01-09 23:43:01 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-01-09 23:43:00 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-01-09 23:40:42 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-01-09 21:29:06 —-D—- C:Program FilesKaspersky Lab
2009-01-09 21:29:06 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-01-08 20:59:23 —-ASH—- C:WINDOWSsystem32oeaufdpl.tmp
2009-01-07 11:21:54 —-A—- C:WINDOWSsystem3265d0848f-.txt
2008-12-17 23:24:59 —-HDC—- C:WINDOWS$NtUninstallKB960714$======List of files/folders modified in the last 1 months======
2009-01-10 16:56:13 —-RD—- C:Program Files
2009-01-10 16:56:06 —-D—- C:WINDOWSsystem32
2009-01-10 16:47:36 —-D—- C:WINDOWS
2009-01-10 16:47:34 —-SHD—- C:System Volume Information
2009-01-10 16:47:12 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-10 16:45:31 —-A—- C:WINDOWSAVerTV.ini
2009-01-10 16:43:35 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-10 16:38:40 —-A—- C:WINDOWSsystem.ini
2009-01-10 16:37:47 —-D—- C:WINDOWSsystem32drivers
2009-01-10 16:37:46 —-D—- C:WINDOWSAppPatch
2009-01-10 16:37:46 —-D—- C:Program FilesCommon Files
2009-01-10 16:36:08 —-D—- C:WINDOWSHelp
2009-01-10 13:47:30 —-SHD—- C:WINDOWSInstaller
2009-01-10 13:47:29 —-HD—- C:Config.Msi
2009-01-10 03:17:00 —-D—- C:WINDOWSnetwork diagnostic
2009-01-10 02:30:58 —-AC—- C:WINDOWSsystem32PerfStringBackup.INI
2009-01-10 02:09:07 —-HD—- C:WINDOWSinf
2009-01-10 02:00:20 —-D—- C:SWSetup
2009-01-10 01:59:50 —-RSHD—- C:WINDOWSsystem32dllcache
2009-01-10 00:39:16 —-D—- C:WINDOWSWinSxS
2009-01-09 23:57:05 —-D—- C:WINDOWSPrefetch
2009-01-09 23:04:16 —-D—- C:WINDOWSsystem32CatRoot
2009-01-09 22:41:30 —-D—- C:Program FilesHewlett-Packard
2009-01-09 22:41:07 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-09 22:19:32 —-D—- C:Program FilesGoogle
2009-01-09 22:19:30 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle
2009-01-09 22:09:06 —-AC—- C:WINDOWSNeroDigital.ini
2009-01-09 21:35:44 —-AC—- C:WINDOWSModemLog_Agere Systems AC’97 Modem.txt
2009-01-09 21:22:11 —-D—- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-01-08 20:57:13 —-D—- C:WINDOWSsystem32config
2009-01-08 20:56:51 —-D—- C:WINDOWSsystem32wbem
2009-01-08 20:56:50 —-D—- C:WINDOWSRegistration
2009-01-07 11:16:17 —-SD—- C:WINDOWSTasks
2009-01-06 21:58:44 —-D—- C:Documents and SettingsAleksei ZdanovApplication DataAdobeUM
2009-01-02 14:32:30 —-A—- C:WINDOWSNwMillnm.INI
2008-12-21 23:05:05 —-D—- C:WINDOWSMinidump
2008-12-21 12:36:28 —-D—- C:Temp
2008-12-20 23:31:11 —-D—- C:Documents and SettingsAleksei ZdanovApplication DataSkype
2008-12-20 22:04:46 —-D—- C:Documents and SettingsAleksei ZdanovApplication DataskypePM
2008-12-17 23:24:04 —-HD—- C:WINDOWS$hf_mig$
2008-12-12 19:01:00 —-A—- C:WINDOWSsystem32mshtml.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; ??C:Program FilesAviraAntiVir PersonalEdition Premiumavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2008-10-30 75072]
R1 eabfiltr;EABFiltr; ??C:WINDOWSsystem32driversEABFiltr.sys []
R1 InCDPass;InCDPass; C:WINDOWSSystem32DRIVERSInCDPass.sys [2004-08-27 28672]
R1 incdrm;InCD Reader; C:WINDOWSsystem32driversincdrm.sys [2004-08-27 27648]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2007-03-01 28352]
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2007-03-28 266552]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:WINDOWSsystem32DRIVERSwmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-04 12032]
R2 Hardlock;Hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSsystem32driversHaspnt.sys []
R3 aeaudio;aeaudio; C:WINDOWSsystem32driversaeaudio.sys [2004-10-06 129280]
R3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2005-04-13 1066278]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:WINDOWSsystem32DRIVERSApfiltr.sys [2005-01-31 109319]
R3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; ??C:Program FilesAviraAntiVir PersonalEdition Premiumavgntflt.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR CDRom Filter; C:WINDOWSSYSTEM32DRIVERSGEARAspiWDM.sys [2004-09-14 13872]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSialmnt5.sys [2005-02-08 804572]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2007-04-04 24344]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLHidKE.Sys [2005-03-10 24704]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:WINDOWSSystem32DriversLHidUsbK.Sys [2005-03-10 36480]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:WINDOWSsystem32DRIVERSLMouKE.Sys [2005-03-10 69504]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2008-04-13 79232]
R3 senfilt;senfilt; C:WINDOWSsystem32driverssenfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:WINDOWSsystem32driverssmwdm.sys [2004-09-01 259648]
R3 tifm21;tifm21; C:WINDOWSsystem32driverstifm21.sys [2005-04-04 160768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 vaxscsi;vaxscsi; C:WINDOWSSystem32Driversvaxscsi.sys [2007-05-10 223128]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:WINDOWSsystem32DRIVERSw29n51.sys [2005-06-20 3281408]
R4 InCDfs;InCD File System; C:WINDOWSsystem32driversInCDfs.sys [2004-08-27 92928]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:WINDOWSsystem32DRIVERSAVerBDA3x.sys [2007-03-01 1175936]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:WINDOWSsystem32DRIVERSbcmwl5.sys [2005-05-10 371712]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2005-06-02 56648]
S3 Cap7134;Cap7134 Capture; C:WINDOWSsystem32DRIVERSCap7134.sys [2007-04-08 347072]
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; ??C:WINDOWSsystem32driverseabusb.sys []
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 KLIF;KLIF; ??C:WINDOWSsystem32driversklif.sys []
S3 MidiSyn;MidiSyn; C:WINDOWSsystem32driversMidiSyn.sys [2002-09-20 235100]
S3 MPE;BDA MPE Filter; C:WINDOWSsystem32DRIVERSMPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:WINDOWSsystem32DRIVERSNMnt.sys [2008-04-13 40320]
S3 Nokia USB Generic;Nokia USB Generic; C:WINDOWSsystem32driversnmwcdc.sys [2006-10-10 9216]
S3 Nokia USB Modem;Nokia USB Modem; C:WINDOWSsystem32driversnmwcdcm.sys [2006-10-10 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:WINDOWSsystem32driversnmwcd.sys [2006-10-10 138240]
S3 Nokia USB Port;Nokia USB Port; C:WINDOWSsystem32driversnmwcdcj.sys [2006-10-10 12800]
S3 NPF;NetGroup Packet Filter Driver; C:WINDOWSsystem32driversnpf.sys [2005-08-02 32512]
S3 PhTVTune;Cap7134 TVTuner; C:WINDOWSsystem32DRIVERSPhTVTune.sys [2007-04-08 45760]
S3 Rasirda;WAN Miniport (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtlnicxp.sys [2005-03-04 74496]
S3 SFilter;PCTools Driver; C:WINDOWSsystem32DRIVERSpctfw.sys [2008-07-17 93952]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:WINDOWSsystem32DRIVERSsmcirda.sys [2001-08-17 35913]
S3 sonypvs1;Sony Digital Imaging Video2; C:WINDOWSsystem32DRIVERSsonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:WINDOWSSystem32DriversSYMDNS.SYS [2007-03-28 11480]
S3 SymEvent;SymEvent; ??C:Program FilesSymantecSYMEVENT.SYS []
S3 SYMFW;SYMFW; C:WINDOWSSystem32DriversSYMFW.SYS [2007-03-28 171928]
S3 SYMIDS;SYMIDS; C:WINDOWSSystem32DriversSYMIDS.SYS [2007-03-28 37016]
S3 SYMNDIS;SYMNDIS; C:WINDOWSSystem32DriversSYMNDIS.SYS [2007-03-28 47192]
S3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2007-03-28 18904]
S3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
S3 USBCCID;USB Smart Card reader; C:WINDOWSsystem32DRIVERSusbccid.sys [2005-05-13 28672]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-15 82688]
S3 ZSMC302;TRUTION Web Camera; C:WINDOWSSystem32Driversusbvm302.sys [2004-02-13 90214]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:Program FilesLavasoftAd-Awareaawservice.exe [2009-01-10 611664]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard; C:Program FilesAviraAntiVir PersonalEdition Premiumavmailc.exe [2009-01-10 164097]
R2 AntiVirScheduler;Avira AntiVir Premium Scheduler; C:Program FilesAviraAntiVir PersonalEdition Premiumsched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Premium Guard; C:Program FilesAviraAntiVir PersonalEdition Premiumavguard.exe [2008-10-15 151297]
R2 antivirwebservice;Avira AntiVir Premium WebGuard; C:Program FilesAviraAntiVir PersonalEdition PremiumAVWEBGRD.EXE [2008-06-12 258305]
R2 Autodata Limited License Service;Autodata Limited License Service; C:Program FilesCommon FilesAutodata Limited SharedServiceADCDLicSvc.exe [2006-08-01 72704]
R2 AVEService;Avira AntiVir Premium MailGuard helper service; C:Program FilesAviraAntiVir PersonalEdition Premiumavesvc.exe [2008-05-09 41217]
R2 InCDsrv;InCD Helper; C:Program FilesAheadInCDInCDsrv.exe [2004-08-27 1192050]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:Program FilesCommon FilesLightScribeLSSrvc.exe [2005-06-21 53248]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:Program FilesAnalog DevicesSoundMAXSMAgent.exe [2002-09-20 45056]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R3 hpqwmi;HP WMI Interface; C:Program FilesHPQSHAREDHPQWMI.exe [2005-03-04 98304]
R3 iPodService;iPod Service; C:Program FilesiPodbiniPodService.exe [2004-10-13 327680]
R3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2006-11-06 210432]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe []
S2 InCDsrvR;InCD Helper (read only); C:Program FilesAheadInCDInCDsrv.exe [2004-08-27 1192050]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE []
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:Program FilesWinPcaprpcapd.exe [2005-08-02 86016]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
EOF
info.txt logfile of random’s system information tool 1.05 2009-01-10 16:56:28
======Uninstall list======
«Петька 5. Конец игры»—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{1B1C202B-6178-4F7C-BC49-7DC70FACA251}setup.exe» -l0x19
—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
—>C:WINDOWSNuNInst.exe /UNINSTALL
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
—>C:WINDOWSunmrw.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNNMP.exe /UNINSTALL
—>C:WINDOWSUNNVEContent.exe /UNINSTALL
—>MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Ad-Aware—>MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 6.0.1—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe® Photoshop® Album Starter Edition 3.0—>MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced Spyware Remover Free Edition—>»C:Program FilesAdvanced Spyware Removerunins000.exe»
afly’s dts/ac3 decodec—>»C:WINDOWSsystem32undts.exe»
Agere Systems AC’97 Modem—>agrsmdel
ALLDATA for Windows—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{73090A5A-E0C0-4E0B-A320-E183877061A5}SETUP.EXE» -l0x9 -uninst -removeonly
ALPS Touch Pad Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}setup.exe» UNINSTALL
AVerMedia A868 USB ATSC 1.3.0.57—>C:Program FilesAVerMediaAVerMedia A868 USB ATSCuninst.exe
AVerMedia E506 CardBus Hybrid DVB-T 3.5.0.56—>C:Program FilesAVerMediaAVerMedia E506 CardBus Hybrid DVB-Tuninst.exe
AVerTV—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{8DF56C91-281F-4C15-B954-F45FDC919568} /l1033
Avira AntiVir Premium—>C:Program FilesAviraAntiVir PersonalEdition PremiumSETUP.EXE /REMOVE
AVS Audio Tools version 4.1—>»C:Program FilesAVSMediaAudioToolsunins000.exe»
DAO 3.5 Installation—>C:WINDOWSIsUn0407.exe -f»C:Program FilesCommon FilesMICROSOFT SHAREDDAODAO350.isu» -c»C:Program FilesCommon FilesMICROSOFT SHAREDDAO_UNODBC.DLL»
DigiDoc Client—>MsiExec.exe /I{ADB77783-0845-46EC-B23E-9C689A193099}
Google Планета Земля—>MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows Media Player 11 (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Hotfix for Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
hp deskjet 3325 series (Только удалить)—>C:Program Fileshp deskjet 3320 serieshpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3320 -huninstall
HP Help and Support—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}setup.exe» -l0x9 -removeonly
HP Update—>MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP Wireless Assistant 1.01 B2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}setup.exe» -l0x9 hpquninst
HP_User_Guides_0005—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{29F3E29B-4B0F-4485-9A48-1A48F3F47247}setup.exe» -l0x9 -removeonly
ICQ6—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
ID-kaardi tarkvara Firefoxile v0.8.3—>»C:Program FilesIdeelaboridCardunins000.exe»
ID-kaart—>MsiExec.exe /I{28EF6DD0-D02D-46BF-92D0-221707C072DD}
ImgBurn (Remove Only)—>»C:Program FilesImgBurnuninstall.exe»
Intel(R) Graphics Media Accelerator Driver for Mobile—>RUNDLL32.EXE C:WINDOWSsystem32ialmrem.dll,UninstallW2KIGfx2ID PCIVEN_8086&DEV_2792 PCIVEN_8086&DEV_2592
InterVideo FilterSDK—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A15ED800-19FF-11D5-AF7F-0050BA1191E9}setup.exe» REMOVEALL
InterVideo WinDVD—>»C:Program FilesInstallShield Installation Information{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}setup.exe» REMOVEALL
iTunes—>C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 Update 4—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 3—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Logitech Desktop Messenger—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}SETUP.exe» -l0x9 UNINSTALL -removeonly
Logitech SetPoint—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}setup.exe» -l0x19 -removeonly
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
MANN-FILTER version 3.5—>»C:Program FilesMANN-FILTERunins000.exe»
Microsoft .NET Framework 1.1 Hotfix (KB928366)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Office Professional Edition 2003—>MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Works—>MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.1)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MSN—>C:Program FilesMSNMsnInstallermsninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)—>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musicmatch® Jukebox—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{85D3CC30-8859-481A-9654-FD9B74310BEF}setup.exe» -l0x9 -uninst
Nero Suite—>C:Program FilesCommon FilesAheadUninstallsetup.exe /uninstall
Nokia Connectivity Cable Driver—>MsiExec.exe /X{3BFFC6B8-4EC0-4240-858C-998FD4077983}
Nokia PC Suite—>MsiExec.exe /I{02091327-B124-4216-9D71-58C0E24F5392}
Norton Internet Security—>MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security—>MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
OLYMPUS CAMEDIA Master 4.2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{30BB4D60-81DB-11D5-BB77-00400536ABAC}setup.exe» CAMEDIA Master 4.2
OnDemand5—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5F7DFDFA-27B3-4E06-BCDE-B371424C0032}setup.exe» -l0x9
PC Connectivity Solution—>MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
Quick Launch Buttons 5.10 B5—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{CEB326EC-8F40-47B2-BA22-BB092565D66F}setup.exe» -l0x9 -uninst
QuickTime—>C:WINDOWSunvise32qt.exe C:WINDOWSsystem32QuickTimeUninstall.log
Radio Decoder—>C:WINDOWSiun6002.exe «C:Program FilesRadio Decoderirunin.ini»
Russian — Swedish Dictionary v.3.0—>C:PROGRA~1RUSSIA~1UNWISE.EXE C:PROGRA~1RUSSIA~1INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458)—>»C:WINDOWS$NtUninstallKB898458$spuninstspuninst.exe»
Security Update for Step By Step Interactive Training (KB923723)—>»C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe»
Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB911565)—>»C:WINDOWS$NtUninstallKB911565$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB917734)—>»C:WINDOWS$NtUninstallKB917734_WMP10$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP10$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Security Update for Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Security Update for Windows XP (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Security Update for Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Security Update for Windows XP (KB950759)—>»C:WINDOWS$NtUninstallKB950759$spuninstspuninst.exe»
Security Update for Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Security Update for Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Security Update for Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Security Update for Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Security Update for Windows XP (KB951376)—>»C:WINDOWS$NtUninstallKB951376$spuninstspuninst.exe»
Security Update for Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Security Update for Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Security Update for Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Security Update for Windows XP (KB953838)—>»C:WINDOWS$NtUninstallKB953838$spuninstspuninst.exe»
Security Update for Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
Security Update for Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Security Update for Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Security Update for Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Security Update for Windows XP (KB956390)—>»C:WINDOWS$NtUninstallKB956390$spuninstspuninst.exe»
Security Update for Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Security Update for Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Security Update for Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Security Update for Windows XP (KB958215)—>»C:WINDOWS$NtUninstallKB958215$spuninstspuninst.exe»
Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Security Update for Windows XP (KB960714)—>»C:WINDOWS$NtUninstallKB960714$spuninstspuninst.exe»
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Audio Module—>MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module—>MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module—>MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler—>MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus—>MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager—>MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony USB Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}Setup.exe» UNINSTALL
SoundMAX—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�0Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe» -l0x9 -removeonly
TV Player Classic 5.4—>»C:Program FilesTVPlayerClassicunins000.exe»
Update for Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Update for Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Update for Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Windows Driver Package — Microsoft (USBCCID) SmartCardReader (05/17/2005 5.2.3790.2444)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997MSI2BD.tmp /u C:WINDOWSsystem32DRVSTOREusbccid_33B1DF4EF8E805EC7EC23B15C0FD4B5226A31BFDusbccid.inf
Windows Driver Package — Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8pccswpddriver.inf
Windows Driver Package — Nokia Modem (11/03/2006 6.82.0.1)—>C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567nokbtmdm.inf
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
WinPcap 3.1—>C:Program FilesWinPcapuninstall.exe
WM Recorder 11.0—>C:Program FilesWMR11Uninstal.exe
Антивирус Касперского 7.0—>MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Книга Перемен—>»C:Program FilesПростые решенияЕгипетский ОракулUnInstall_20132.exe»
Эпоха Империй—>C:Program FilesMicrosoft GamesAge of EmpiresUninstal.exe /uninstall======Hosts File======
127.255.255.255 serial.alcohol-soft.com
127.255.255.255 http://www.alcohol-soft.com
127.255.255.255 images.alcohol-soft.com======Security center information======
AV: Avira AntiVir PersonalEdition (disabled)
AV: Norton Internet Security (outdated)
FW: Norton Internet SecuritySystem event log
Computer Name: HP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166F3BB8A7. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.Record Number: 69251
Source Name: Dhcp
Time Written: 20090109082711.000000+120
Event Type: warning
User:Computer Name: HP
Event Code: 4201
Message: The system detected that network adapter DEVICETCPIP_{8AC0A8AE-2F8B-4ED6-95D9-69390995116D} was connected to the network,
and has initiated normal operation over the network adapter.Record Number: 69250
Source Name: Tcpip
Time Written: 20090109082709.000000+120
Event Type: information
User:Computer Name: HP
Event Code: 4201
Message: The system detected that network adapter DEVICETCPIP_{8AC0A8AE-2F8B-4ED6-95D9-69390995116D} was connected to the network,
and has initiated normal operation over the network adapter.Record Number: 69249
Source Name: Tcpip
Time Written: 20090109082704.000000+120
Event Type: information
User:Computer Name: HP
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.0.100 on the
Network Card with network address 00166F3BB8A7.Record Number: 69248
Source Name: Dhcp
Time Written: 20090109082701.000000+120
Event Type: error
User:Computer Name: HP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166F3BB8A7. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.Record Number: 69247
Source Name: Dhcp
Time Written: 20090109082701.000000+120
Event Type: warning
User:Application event log
Computer Name: HP
Event Code: 1
Message:
Record Number: 2859
Source Name: ccSetMgr
Time Written: 20080203111035.000000+120
Event Type: information
User: NT AUTHORITYSYSTEMComputer Name: HP
Event Code: 0
Message:
Record Number: 2858
Source Name: SPBBCSvc
Time Written: 20080203111035.000000+120
Event Type: information
User:Computer Name: HP
Event Code: 26
Message:
Record Number: 2857
Source Name: SNDSrvc
Time Written: 20080203111035.000000+120
Event Type: information
User: NT AUTHORITYSYSTEMComputer Name: HP
Event Code: 26
Message:
Record Number: 2856
Source Name: ISService
Time Written: 20080203111035.000000+120
Event Type: information
User: NT AUTHORITYSYSTEMComputer Name: HP
Event Code: 26
Message:
Record Number: 2855
Source Name: ccSetMgr
Time Written: 20080203111035.000000+120
Event Type: information
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%systemroot%system32;%systemroot%;%systemroot%system32wbem;C:Program FilesPC Connectivity Solution
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 13 Stepping 8, GenuineIntel
«PROCESSOR_REVISION»=0d08
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«SonicCentral»=C:Program FilesCommon FilesSonic SharedSonic Central
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Вижу по логу, у вас есть установленный Combofix, используем его для лечения.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:Registry::
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0B014B81-4E12-46F9-806F-55867AF8FD3C}]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"avp"=-
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyurqPiHax]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
File::
C:WINDOWStasksgeqrsixy.job
C:WINDOWSsystem32winsystems.dll
C:RECYCLERS-1-5-21-2488087221-3455871120-381771710-6048hdav.exe
C:WINDOWSsystem32urqPiHax.dllЗапишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.
Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
- Для ответа в этой теме необходимо авторизоваться.
