Созданные ответы форума
-
Сообщения
-
ComboFix 09-05-23.04 — Hebrew 05/24/2009 22:19.3 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1251.7.1033.18.511.274 [GMT 3:00]
Running from: c:documents and settingsHebrewDesktopComboFix.exe
Command switches used :: c:documents and settingsHebrewDesktopwinxpsp1_en_pro_bf.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.2009-05-17 11:58 . 2009-05-17 11:58 57344 —-a-w c:documents and settingsHebrewApplication DataSunJavaDeploymentcache6.0505b902232-2ce5eec1-nDecora-SSE.dll
2009-05-17 11:58 . 2009-05-17 11:58 24064 —-a-w c:documents and settingsHebrewApplication DataSunJavaDeploymentcache6.0154e09eacf-63cdda0f-nDecora-D3D.dll
2009-05-17 11:58 . 2009-05-17 11:58 315392 —-a-w c:documents and settingsHebrewApplication DataSunJavaDeploymentcache6.0626baea4fe-332b64ea-njogl.dll
2009-05-17 11:58 . 2009-05-17 11:58 20480 —-a-w c:documents and settingsHebrewApplication DataSunJavaDeploymentcache6.0626baea4fe-332b64ea-njogl_awt.dll
2009-05-17 11:58 . 2009-05-17 11:58 114688 —-a-w c:documents and settingsHebrewApplication DataSunJavaDeploymentcache6.0626baea4fe-332b64ea-njogl_cg.dll
2009-05-17 11:58 . 2009-05-17 11:58 20480 —-a-w c:documents and settingsHebrewApplication DataSunJavaDeploymentcache6.0454f710eed-1f57c2f3-ngluegen-rt.dll
2009-05-17 11:58 . 2009-05-17 11:58 499712 —-a-w c:documents and settingsHebrewApplication DataSunJavaDeploymentcache6.033258cea61-2707d683-nmsvcp71.dll
2009-05-17 11:58 . 2009-05-17 11:58 499712 —-a-w c:documents and settingsHebrewApplication DataSunJavaDeploymentcache6.033258cea61-2707d683-njmc.dll
2009-05-17 11:58 . 2009-05-17 11:58 348160 —-a-w c:documents and settingsHebrewApplication DataSunJavaDeploymentcache6.033258cea61-2707d683-nmsvcr71.dll
2009-05-15 05:11 . 2009-05-15 05:11
d
w C:rsit
2009-05-14 18:20 . 2009-05-14 18:20
d
w C:builds
2009-05-09 19:38 . 2009-05-14 18:18
d
w c:program filesIEAK6
2009-05-09 11:59 . 2009-05-09 11:59
d
w c:windowsФайлы установки Windows Update
2009-05-06 20:47 . 2009-05-06 20:47
d
w c:program filesSIW
2009-05-06 19:31 . 2009-05-06 19:31
d
w c:windowssystem32CatRoot_bak
2009-05-06 15:26 . 2004-08-04 07:56 221184 —-a-w c:windowssystem32wmpns.dll
2009-05-03 14:53 . 2009-05-03 14:53
d
w c:program filesLavalys
2009-05-03 11:58 . 2009-05-03 11:58
d
w c:documents and settingsLocalServiceLocal SettingsApplication DataESET
2009-05-02 16:04 . 2009-05-02 16:28
d
w c:documents and settingsHebrewLocal SettingsApplication DataAskToolbar
2009-05-02 08:41 . 2009-05-02 08:41
d
w c:documents and settingsHebrewLocal SettingsApplication DataESET
2009-05-02 08:21 . 2009-05-02 08:21
d
w c:program filesESET
2009-05-02 08:21 . 2009-05-02 08:21
d
w c:documents and settingsAll UsersApplication DataESET
2009-05-01 19:51 . 2009-05-01 19:51
d
w c:program filesAsk.com
2009-04-30 17:15 . 2009-04-30 17:15
d
w c:windowsSun
2009-04-30 17:04 . 2009-04-30 17:04 410984 —-a-w c:windowssystem32deploytk.dll
2009-04-30 17:03 . 2009-04-30 17:03
d
w c:program filesJava.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 19:23 . 2009-05-06 16:59 471326 —-a-w c:windowssystem32PerfStringBackup.TMP
2009-05-09 08:52 . 2009-04-19 18:27
d
w c:program filesMPC HomeCinema
2009-05-09 08:51 . 2007-11-14 14:50
d
w c:program filesICQToolbar
2009-05-09 08:51 . 2004-08-02 21:35
d
w c:program filesrondo — Games
2009-05-09 08:51 . 2009-04-17 16:57
d
w c:program filesCDBurnerXP
2009-05-09 08:51 . 2004-08-02 22:50
d
w c:program filesGoldfish Aquarium Screensaver
2009-05-09 08:51 . 2004-08-02 22:46
d
w c:program filesDivX
2009-05-06 15:28 . 2004-08-02 21:22 240263 —-a-w c:windowsPCHealthHelpCtrOfflineCacheindex.dat
2009-05-02 09:08 . 2006-08-01 10:46
d
w c:program filesCommon FilesAhead
2009-05-02 08:12 . 2004-08-02 22:01
d
w c:program filesCommon FilesSymantec Shared
2009-05-02 08:12 . 2004-08-02 22:01
d
w c:program filesSymantec
2009-05-02 08:12 . 2004-08-02 22:01
d
w c:documents and settingsAll UsersApplication DataSymantec
2009-05-02 08:12 . 2007-07-10 07:06
d
w c:program filesSymantec AntiVirus
2009-04-21 17:33 . 2007-07-11 01:09 79832 —-a-w c:documents and settingsHebrewLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-04-19 18:18 . 2009-04-19 18:15
d
w c:program filesThe KMPlayer
2009-04-19 17:55 . 2009-04-19 17:55
d
w c:program filesK-Lite Codec Pack
2009-04-19 15:56 . 2004-08-02 22:56
d
w c:program filesCyberLink
2009-04-19 15:56 . 2004-08-02 22:56
d—h—w c:program filesInstallShield Installation Information
2009-04-17 16:58 . 2009-04-17 16:58
d
w c:documents and settingsHebrewApplication DataCanneverbe_Limited
2009-04-09 12:21 . 2009-04-09 12:21 94360 —-a-w c:windowssystem32driversepfwtdir.sys
2009-04-09 12:18 . 2009-04-09 12:18 107256 —-a-w c:windowssystem32driversehdrv.sys
2009-04-09 12:10 . 2009-04-09 12:10 113960 —-a-w c:windowssystem32driverseamon.sys
2009-03-28 11:59 . 2009-03-28 11:57
d
w c:documents and settingsHebrewApplication DataMSN6
2009-03-28 11:57 . 2009-03-28 11:57
d
w c:documents and settingsAll UsersApplication DataMSN6
2009-03-16 13:08 . 2009-03-16 13:08 245760 —-a-w c:windowsctfxmon.dll
2009-03-02 18:10 . 2009-04-19 17:55 67584 —-a-w c:windowssystem32ff_vfw.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{67aa0145-a051-4660-a910-22da3bab1fa5}]
2008-05-12 06:18 1470488 —-a-w c:program filesfindercoiltbfin1.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 16:50 809864 —-a-w c:program filesAsk.comGenericAskToolbar.dll[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2002-08-20 1511453]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2007-04-03 165784]
«ctfmon.exe»=»c:windowsSystem32ctfmon.exe» [2002-08-29 13312][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvMediaCenter»=»c:windowsSystem32NvMcTray.dll» [2004-03-24 46080]
«USRpdA»=»c:windowsSYSTEM32USRmlnkA.exe» [2001-08-23 77891]
«NvCplDaemon»=»c:windowsSystem32NvCpl.dll» [2004-03-24 3309568]
«%FP%Barak013 L2TP fts.exe»=»c:program filesBarak013Barak013_L2TPfts.exe» [2004-01-07 77312]
«PinnacleDriverCheck»=»c:windowssystem32PSDrvCheck.exe» [2003-12-04 406016]
«THOffice»=»c:program filesTHOfficeTHOffice.exe» [2003-01-18 176128]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-04-30 148888]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2009-04-09 2029640]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2003-12-18 64512]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-03-24 782336][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2002-08-29 13312]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2007-03-13 39264][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [4/9/2009 3:18 PM 107256]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [4/9/2009 3:21 PM 94360]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe [4/9/2009 3:19 PM 731840]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);c:windowsSystem32DRIVERSATINTTXX.sys —> c:windowsSystem32DRIVERSATINTTXX.sys [?]
.
Contents of the ‘Scheduled Tasks’ folder2009-05-24 c:windowsTasksScheduled Update for Ask Toolbar.job
— c:program filesAsk.comUpdateTask.exe [2009-04-02 16:50]
.
— — — — ORPHANS REMOVED — — — —Notify-NavLogon — (no file)
SafeBoot-procexp90.Sys.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.il/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:801;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} — %SystemRoot%webrelated.htm
Trusted Zone: aol.comfree
TCP: {3944AA6F-F372-47E8-8E2A-D2ED4D61C062} = 194.90.1.5
DPF: DirectAnimation Java Classes — file://c:windowsJavaclassesdajava.cab
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
FF — ProfilePath — c:documents and settingsHebrewApplication DataMozillaFirefoxProfiles997di54e.default
FF — prefs.js: browser.search.selectedEngine — Ask.com
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=47185
FF — prefs.js: keyword.URL — hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=CPUID&o=14654&locale=en_US&q=
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 22:23
Windows 5.1.2600 Service Pack 1 NTFSscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
THOffice = c:program filesTHOfficeTHOffice.exe??nRun???uscanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1417001333-492894223-854245398-1004SoftwareMicrosoft M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*Recent File List]
«File1″=»c:\WINDOWS\system32\devmgmt.msc»
«File2″=»c:\WINDOWS\system32\compmgmt.msc»[HKEY_USERSS-1-5-21-1417001333-492894223-854245398-1004SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
«??»=hex:c4,ae,7d,61,d4,85,6a,d5,98,e0,81,1c,24,c8,72,e6,0b,3a,f3,08,f9,fe,54,
50,37,3a,a7,c2,05,05,2b,78,37,23,e1,8b,80,d6,8d,89,c1,7a,6d,a8,b0,1a,16,dd,
«??»=hex:59,bc,6f,2e,1e,b7,df,fe,88,24,d3,ad,1e,bf,2d,63[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«cd042efbbd7f7af1647644e76e06692b»=hex:c8,28,51,af,b0,29,a3,98,f2,aa,67,c8,16,
7c,94,e0,2e,e8,e1,00,eb,16,2b,de,65,87,e9,0c,1b,b9,c8,7d,e2,63,26,f1,3f,c8,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«bca643cdc5c2726b20d2ecedcc62c59b»=hex:46,47,15,b0,92,4b,c7,ef,0c,7a,d7,8a,08,
2e,9f,29,46,47,15,b0,92,4b,c7,ef,00,3c,19,aa,91,d3,31,b8,6a,9c,d6,61,af,45,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{684373FB-9CD8-4e47-B990-5A4466C16034}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2c81e34222e8052573023a60d06dd016″=hex:25,da,ec,7e,55,20,c9,26,14,3a,84,95,d3,
85,50,2f,7a,45,05,fd,91,e8,6f,31,69,dc,9d,5d,55,64,98,98,ff,7c,85,e0,43,d4,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2582ae41fb52324423be06337561aa48″=hex:86,8c,21,01,be,91,eb,e7,d1,09,1d,75,3a,
f1,98,21,6b,65,49,6a,7e,99,74,f7,37,61,61,27,48,51,58,6c,86,8c,21,01,be,91,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«caaeda5fd7a9ed7697d9686d4b818472″=hex:cd,44,cd,b9,a6,33,6c,cd,04,06,06,d8,64,
cf,90,c6,e9,02,6c,fa,fb,1d,47,57,ed,e3,ff,d0,fc,09,8f,d9,f5,1d,4d,73,a8,13,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«a4a1bcf2cc2b8bc3716b74b2b4522f5d»=hex:b0,18,ed,a7,3f,8d,37,a4,9e,8e,d5,17,d0,
a0,15,f7,50,93,e5,ab,ec,6a,4e,ab,9f,cc,52,be,e3,ba,38,0c,df,20,58,62,78,6b,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«4d370831d2c43cd13623e232fed27b7b»=hex:97,20,4e,9a,c7,f1,35,ee,2c,35,ae,61,24,
84,13,9f,97,20,4e,9a,c7,f1,35,ee,a2,de,8c,18,30,c5,2d,24,fb,a7,78,e6,12,2f,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1d68fe701cdea33e477eb204b76f993d»=hex:01,3a,48,fc,e8,04,4a,f1,06,51,3b,0d,bc,
35,9a,79,aa,52,c6,00,84,3c,26,64,95,13,d2,d8,f0,19,1f,3c,01,3a,48,fc,e8,04,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1fac81b91d8e3c5aa4b0a51804d844a3″=hex:f6,0f,4e,58,98,5b,89,c9,c3,28,47,20,b4,
7a,9f,11,b2,46,9a,e2,1b,fe,1b,94,8e,fc,cc,49,e4,e8,24,62,f6,0f,4e,58,98,5b,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«f5f62a6129303efb32fbe080bb27835b»=hex:b1,cd,45,5a,a8,c4,f8,b9,de,08,bd,66,99,
ed,98,b2,37,a4,aa,c3,a6,15,56,0a,ea,31,57,ae,92,3d,88,43,3d,ce,ea,26,2d,45,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«fd4e2e1a3940b94dceb5a6a021f2e3c6″=hex:f8,31,0f,a9,5f,a0,ec,fb,95,70,a3,e6,70,
0a,50,68,f8,31,0f,a9,5f,a0,ec,fb,9c,8c,b6,a8,ea,ed,ff,a3,2a,b7,cc,b5,b9,7f,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«8a8aec57dd6508a385616fbc86791ec2″=hex:fa,ea,66,7f,d4,3b,6b,70,d4,e8,79,dc,5a,
ad,3b,b4,05,73,21,dd,54,d8,4a,c5,20,98,80,19,dc,63,21,93,6c,43,2d,1e,aa,22,
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(580)
c:windowsSystem32ODBC32.dll
c:windowsWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03comctl32.dll
c:windowsSystem32msctfime.ime— — — — — — — > ‘lsass.exe'(636)
c:windowsWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03comctl32.dll
c:windowsSystem32dssenh.dll— — — — — — — > ‘explorer.exe'(3508)
c:windowsWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03comctl32.dll
c:windowsSystem32msctfime.ime
c:windowsSystem32msi.dll
c:windowsIMESPGRMR.DLL
c:program filesCommon FilesMicrosoft SharedINKSKCHUI.DLL
.
Other Running Processes
.
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesCDBurnerXPNMSAccessU.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-05-24 22:25 — machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 19:25Pre-Run: 6,861,819,904 bytes free
Post-Run: 6,800,338,944 bytes free239
После успешного удаления троянов и вирусов, за что я тебе VALERI безмерно благодарна,Internet Explorer не подымается,не устанавливается и не удаляется,чесно я полная профанка в компьютерах, но он нужен в более менее рабочем состоянии,без звука я как нибудь перебьюсь. Вот новый лог,может что то подскажешь.
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Hebrew at 2009-05-15 08:11:28
Microsoft Windows XP Professional Service Pack 1
System drive C: has 7 GB (35%) free of 20 GB
Total RAM: 511 MB (30% free)HijackThis download failed
======Scheduled tasks folder======
C:WINDOWStasksScheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-10-26 440384][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2007-09-13 1312040][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{67aa0145-a051-4660-a910-22da3bab1fa5}]
findercoil Toolbar — C:Program Filesfindercoiltbfin1.dll [2008-05-12 1470488][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2007-09-07 2403392][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{af69de43-7d58-4638-b6fa-ce66b5ad205d}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-10-25 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask.com Toolbar — C:Program FilesAsk.comGenericAskToolbar.dll [2009-04-02 809864][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-04-30 35840][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-04-30 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8E718888-423F-11D2-876E-00A0C9082467} — &???? — C:WINDOWSsystem32msdxm.ocx [2002-08-29 842268][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512]
«NvMediaCenter»=C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080]
«USRpdA»=C:WINDOWSSYSTEM32USRmlnkA.exe [2001-08-23 77891]
«NvCplDaemon»=C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568]
«nwiz»=nwiz.exe /install []
«%FP%Barak013 L2TP fts.exe»=C:Program FilesBarak013Barak013_L2TPfts.exe [2004-01-07 77312]
«PinnacleDriverCheck»=C:WINDOWSsystem32PSDrvCheck.exe [2003-12-04 406016]
«THOffice»=C:Program FilesTHOfficeTHOffice.exe [2003-01-18 176128]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-04-30 148888]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2009-04-09 2029640][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2002-08-20 1511453]
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2007-04-04 165784]
«ctfmon.exe»=C:WINDOWSSystem32ctfmon.exe [2002-08-29 13312][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregccApp]
C:Program FilesCommon FilesSymantec SharedccApp.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDElbyCDFL]
C:Program FilesElaborate BytesCloneCDElbyCheck.exe /L ElbyCDFL [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2002-08-20 1511453][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPRONoMgr.exe]
C:Program FilesIntelNCSPROSetPRONoMgr.exe [2003-03-11 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampWinampa.exe [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau
«notification packages»=
scecli[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
======List of files/folders created in the last 1 months======
2009-05-15 08:11:28 —-D—- C:rsit
2009-05-14 21:20:04 —-D—- C:builds
2009-05-09 22:38:32 —-D—- C:Program FilesIEAK6
2009-05-09 14:59:35 —-D—- C:WINDOWSФайлы установки Windows Update
2009-05-06 23:47:25 —-D—- C:Program FilesSIW
2009-05-06 23:37:52 —-SHD—- C:Config.Msi
2009-05-06 22:31:54 —-D—- C:WINDOWSSystem32CatRoot_bak
2009-05-06 19:59:02 —-A—- C:WINDOWSSystem32PerfStringBackup.TMP
2009-05-06 19:51:28 —-D—- C:WINDOWSPrefetch
2009-05-06 18:26:33 —-A—- C:WINDOWSSystem32wmpns.dll
2009-05-03 17:53:20 —-D—- C:Program FilesLavalys
2009-05-02 11:21:32 —-D—- C:Program FilesESET
2009-05-02 11:21:32 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2009-05-01 22:51:20 —-D—- C:Program FilesAsk.com
2009-04-30 20:15:53 —-D—- C:WINDOWSSun
2009-04-30 20:04:17 —-A—- C:WINDOWSSystem32javaws.exe
2009-04-30 20:04:17 —-A—- C:WINDOWSSystem32javaw.exe
2009-04-30 20:04:17 —-A—- C:WINDOWSSystem32java.exe
2009-04-30 20:04:17 —-A—- C:WINDOWSSystem32deploytk.dll
2009-04-30 20:03:57 —-D—- C:Program FilesJava
2009-04-29 22:29:46 —-D—- C:Documents and SettingsHebrewApplication DataSun
2009-04-29 13:49:58 —-SHD—- C:RECYCLER
2009-04-29 10:37:43 —-D—- C:WINDOWStemp
2009-04-25 22:18:19 —-A—- C:Boot.bak
2009-04-25 22:18:15 —-RASHD—- C:cmdcons
2009-04-25 22:13:46 —-D—- C:WINDOWSERDNT
2009-04-19 21:27:29 —-D—- C:Program FilesMPC HomeCinema
2009-04-19 21:15:07 —-D—- C:Program FilesThe KMPlayer
2009-04-19 20:55:48 —-A—- C:WINDOWSSystem32unrar.dll
2009-04-19 20:55:46 —-A—- C:WINDOWSSystem32yv12vfw.dll
2009-04-19 20:55:46 —-A—- C:WINDOWSSystem32xvidvfw.dll
2009-04-19 20:55:46 —-A—- C:WINDOWSSystem32xvidcore.dll
2009-04-19 20:55:44 —-A—- C:WINDOWSSystem32qt-dx331.dll
2009-04-19 20:55:44 —-A—- C:WINDOWSSystem32dpl100.dll
2009-04-19 20:55:44 —-A—- C:WINDOWSSystem32divx.dll
2009-04-19 20:55:42 —-A—- C:WINDOWSSystem32ff_vfw.dll.manifest
2009-04-19 20:55:42 —-A—- C:WINDOWSSystem32ff_vfw.dll
2009-04-19 20:55:41 —-D—- C:Program FilesK-Lite Codec Pack
2009-04-17 19:58:14 —-D—- C:Documents and SettingsHebrewApplication DataCanneverbe_Limited
2009-04-17 19:57:57 —-D—- C:Program FilesCDBurnerXP======List of files/folders modified in the last 1 months======
2009-05-15 07:54:47 —-D—- C:WINDOWS
2009-05-15 07:47:01 —-D—- C:Program FilesMozilla Firefox
2009-05-15 07:43:55 —-D—- C:WINDOWSDebug
2009-05-14 21:25:00 —-N—- C:WINDOWSSchedLgU.Txt
2009-05-14 21:18:22 —-HD—- C:WINDOWSinf
2009-05-14 21:18:17 —-D—- C:WINDOWSSystem32CatRoot2
2009-05-14 21:18:16 —-RD—- C:Program Files
2009-05-09 14:59:37 —-D—- C:WINDOWSsystem32
2009-05-09 14:59:37 —-D—- C:WINDOWSCursors
2009-05-09 11:51:59 —-D—- C:Program FilesMovie Maker
2009-05-09 11:51:59 —-D—- C:Program FilesMessenger
2009-05-09 11:51:54 —-D—- C:Program FilesWindows Media Player
2009-05-09 11:51:54 —-D—- C:Program Filesrondo — Games
2009-05-09 11:51:54 —-D—- C:Program FilesICQToolbar
2009-05-09 11:51:53 —-D—- C:Program FilesGoldfish Aquarium Screensaver
2009-05-09 11:51:53 —-D—- C:Program FilesDivX
2009-05-06 23:38:04 —-SHD—- C:WINDOWSInstaller
2009-05-06 23:37:55 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-05-06 23:37:53 —-SD—- C:WINDOWSTasks
2009-05-06 23:10:30 —-D—- C:WINDOWSSystem32drivers
2009-05-06 23:02:05 —-SHD—- C:System Volume Information
2009-05-06 23:02:05 —-D—- C:WINDOWSSystem32Restore
2009-05-06 19:51:05 —-D—- C:WINDOWSSystem32wbem
2009-05-06 19:51:04 —-D—- C:WINDOWSSystem32Setup
2009-05-06 19:50:50 —-RSD—- C:WINDOWSFonts
2009-05-06 19:50:50 —-D—- C:WINDOWSime
2009-05-06 19:50:50 —-D—- C:WINDOWSAppPatch
2009-05-06 18:36:45 —-D—- C:WINDOWSSystem32CatRoot
2009-05-06 18:35:40 —-D—- C:WINDOWSWinSxS
2009-05-06 18:35:37 —-RD—- C:WINDOWSWeb
2009-05-06 18:35:33 —-D—- C:WINDOWSSystem32usmt
2009-05-06 18:35:28 —-D—- C:WINDOWSSystem32oobe
2009-05-06 18:35:25 —-D—- C:WINDOWSSystem32npp
2009-05-06 18:35:23 —-RSHDC—- C:WINDOWSSystem32dllcache
2009-05-06 18:33:45 —-D—- C:WINDOWSSystem32Com
2009-05-06 18:32:29 —-D—- C:WINDOWSsystem
2009-05-06 18:32:28 —-D—- C:WINDOWSsrchasst
2009-05-06 18:32:27 —-D—- C:WINDOWSmui
2009-05-06 18:32:27 —-D—- C:WINDOWSmsagent
2009-05-06 18:31:59 —-D—- C:WINDOWSHelp
2009-05-06 18:31:53 —-D—- C:Program FilesWindows NT
2009-05-06 18:31:52 —-D—- C:Program FilesOutlook Express
2009-05-06 18:31:51 —-D—- C:Program FilesNetMeeting
2009-05-06 18:31:47 —-D—- C:Program FilesInternet Explorer
2009-05-06 18:31:45 —-D—- C:Program FilesCommon FilesSystem
2009-05-06 18:31:19 —-RASH—- C:NTDETECT.COM
2009-05-06 18:31:11 —-D—- C:WINDOWSSystem32inetsrv
2009-05-06 18:28:04 —-D—- C:WINDOWSpeernet
2009-05-06 18:28:04 —-D—- C:WINDOWSMedia
2009-05-06 18:26:28 —-A—- C:WINDOWSSystem32PerfStringBackup.INI
2009-05-02 12:08:13 —-D—- C:Program FilesCommon FilesAhead
2009-05-02 11:12:18 —-D—- C:Program FilesSymantec
2009-05-02 11:12:18 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-05-02 11:12:15 —-D—- C:Documents and SettingsAll UsersApplication DataSymantec
2009-05-02 11:12:14 —-D—- C:Program FilesSymantec AntiVirus
2009-04-29 10:35:34 —-A—- C:WINDOWSsystem.ini
2009-04-29 10:31:05 —-D—- C:WINDOWSSystem32config
2009-04-29 10:30:19 —-D—- C:Program FilesCommon Files
2009-04-25 22:18:19 —-RASH—- C:boot.ini
2009-04-19 18:56:43 —-D—- C:Program FilesCyberLink
2009-04-19 18:56:41 —-HD—- C:Program FilesInstallShield Installation Information======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-04-09 107256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2009-04-09 94360]
R1 SiSkp;SiSkp; C:WINDOWSSystem32DRIVERSsrvkp.sys [2004-09-02 12928]
R2 Aspi32;Aspi32; C:WINDOWSSystem32driversAspi32.sys [2002-07-17 16877]
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-04-09 113960]
R2 IOSLINK;IOSLINK; ??C:WINDOWSsystem32driversIosLink.sys []
R2 irda;IrDA Protocol; C:WINDOWSSystem32DRIVERSirda.sys [2001-08-17 55296]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2001-08-23 84864]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-08-23 55936]
R2 SetupNT;SetupNT; C:WINDOWSsystem32SetupNT.sys [2000-10-25 3000]
R3 ASAPIW2k;ASAPIW2K; C:WINDOWSsystem32driversASAPIW2k.sys [2003-12-04 11264]
R3 irsir;Microsoft Serial Infrared Driver; C:WINDOWSSystem32DRIVERSirsir.sys [2001-08-17 18688]
R3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2004-03-24 1895648]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2002-08-29 156544]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2004-08-03 9856]
R3 Rasirda;WAN Miniport (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSRTL8139.SYS [2001-08-17 23070]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2002-08-29 19328]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2002-08-29 51968]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2002-08-29 19328]
S1 AmdK7;AMD K7 Processor Driver; C:WINDOWSSystem32DRIVERSamdk7.sys [2002-08-29 32512]
S1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys []
S2 ElbyCDIO;ElbyCDIO Driver; C:WINDOWSSystem32DriversElbyCDIO.sys []
S2 npkcrypt;npkcrypt; ??C:Documents and SettingsHebrewDesktopmaple storynpkcrypt.sys []
S3 61883;61883 Unit Device; C:WINDOWSsystem32DRIVERS61883.sys [2004-08-04 48128]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2003-10-04 401152]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2003-12-18 639836]
S3 Arp1394;1394 ARP Client Protocol; C:WINDOWSSystem32DRIVERSarp1394.sys [2002-08-29 57344]
S3 ati2mtag;ati2mtag; C:WINDOWSSystem32DRIVERSati2mtag.sys []
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinrvxx.sys []
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatintuxx.sys []
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinraxx.sys []
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinxsxx.sys []
S3 Avc;AVC Device; C:WINDOWSsystem32DRIVERSavc.sys [2004-08-04 38912]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2003-02-17 16384]
S3 cmuda;C-Media WDM Audio Interface; C:WINDOWSsystem32driverscmuda.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2003-03-04 145408]
S3 ElbyCDFL;ElbyCDFL; C:WINDOWSSystem32DriversElbyCDFL.sys []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:WINDOWSsystem32driverses1371mp.sys [2001-08-17 40704]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 HCF_MSFT;HCF_MSFT; C:WINDOWSSystem32DRIVERSHCF_MSFT.sys [2001-08-17 907456]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 MSDV;Microsoft DV Camera and VCR; C:WINDOWSSystem32DRIVERSmsdv.sys [2003-02-17 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2002-12-12 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinmdxx.sys []
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2003-02-17 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2003-02-17 10112]
S3 NIC1394;1394 Net Driver; C:WINDOWSSystem32DRIVERSnic1394.sys [2002-08-29 57984]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:WINDOWSsystem32DRIVERSse2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:WINDOWSsystem32DRIVERSse2Eunic.sys [2006-11-10 90800]
S3 SiS315;SiS315; C:WINDOWSSystem32DRIVERSsisgrp.sys [2004-09-03 229888]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:WINDOWSSystem32DRIVERSsisnic.sys [2001-08-17 31232]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2003-02-17 10880]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:WINDOWSsystem32DRIVERSsscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:WINDOWSsystem32DRIVERSsscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:WINDOWSsystem32DRIVERSsscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2003-02-17 14976]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation); C:WINDOWSsystem32DRIVERSATINTTXX.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbohci.sys [2002-08-29 15744]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2002-08-29 21760]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver; C:WINDOWSsystem32DRIVERSUSRpdA.sys [2001-08-17 113762]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2003-02-17 18688]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:WINDOWSSystem32DRIVERSyukonwxp.sys [2003-12-23 174464]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2009-04-09 731840]
R2 Irmon;Infrared Monitor; C:WINDOWSSystem32svchost.exe [2001-08-23 12800]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-04-30 152984]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NMSAccessU;NMSAccessU; C:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSSystem32nvsvc32.exe [2004-03-24 110659]
R2 NWCWorkstation;Client Service for NetWare; C:WINDOWSsystem32svchost.exe [2001-08-23 12800]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2009-04-09 20680]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-09-07 138168]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE []
S3 NetSvc;Intel NCS NetService; C:Program FilesIntelNCSSyncNetSvc.exe [2003-03-03 143360]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
EOF
Valeri,помоги не образованной,пожалуста.
Мне как то по быстрому,удалось войти в панель управления и я побыстрому удалила microsoft silverlight 2,комп заработал нормально,но руки у меня ведь кривые и от счястья,что зашла вдобавок удалили и Service Pack 2,так у меня только Service Pack 1 сейчас,Internet Explorer не подымается и ни один новый не устанавливается,а как сделать update Windows я без понятия, через Firefox у меня не получается. ПОМОГИ.Valeri спасай, снова пишу от подруги, хотела сделать как ты советовал
1. Обновите ваши программы.
Зайдите на сайт update.microsoft.com и обновите Windows. Рекомендую установить Service Pack 3.
зашла в Windows update, предложили установить microsoft silverlight 2, я дура нажала,установила не знаю что, и меня замкнуло, ммышь весит и я немогу ничего сделать,перезагрузка не помогает,прошу помоги 😆Symantek удалила, и установила Eset NOD32 Antivirus (32-bit) 4.0.314,просканировала и он тут же откопал 390 объектов,зверь,пока довольна,поживём увидим.
ОТЧЕТ О ПРОВЕРКЕ KASPERSKY ONLINE SCANNER 7.0
30 Апрель 2009 г.
Операционная система: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Версия Kaspersky Online Scanner: 7.0.26.13
Последнее обновление баз: Thursday, April 30, 2009 14:21:50
Количество записей в базах: 2111323
Параметры проверки
проверять, используя следующие базы расширенные
Проверять архивы да
Проверять почтовые базы да
Область проверки Мой компьютер
A:
C:
E:
F:
Статистика проверки
Проверено объектов 64998
Обнаружено угроз 26
Обнаружено зараженных объектов 159
Обнаружено подозрительных объектов 0
Время проверки 01:21:08Имя файла Имя угрозы Количество угроз
C:Documents and SettingsAll UsersApplication DataMicrosoftMedia Indexsvchos.exe Зараженный: Packed.Win32.Tdss.f 1
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkinstall.exe Зараженный: Packed.Win32.Tdss.f 1
C:Documents and SettingsAll UsersApplication DataMicrosoftwin.exe Зараженный: Packed.Win32.Tdss.f 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000148FE2B10.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000248FE2CDA.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000348FE2CF9.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000448FE2D9D.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000548FE2FFA.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000648FE325A.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000748FE34B9.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000848FE3718.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000948FE3976.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000A48FE3BD4.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000B48FE3E3A.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000C48FE40AF.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000D48FE4338.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000E48FE45B1.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0000F48FE4839.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0001048FE4AED.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0001148FE4D5E.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0001248FE4FD2.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0001348FE5243.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0001448FE54BA.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0001548FE573F.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0001648FE59E1.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0001748FE5C79.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0001848FE5F0C.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B0001948FE6171.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B4000148FE552D.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0B4000248FE553A.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine118000149FB9BD0.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine154000149FFA076.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine19C000149FF8AD5.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine1AC000149EE0932.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine1AC000249EE0945.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine1AC000349EE0B34.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine1AC000449EE0D9A.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine1E8000149E9CFF9.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine1E8000249E9D007.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine24C00004ADCCDBF.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine29800014AFB255B.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine29800024AFB257E.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine2980003.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine2A000014AEB9DDF.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine2BC00014AFD8F31.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine2E800014AEB8CA2.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine2E800024AEB91AE.VBN Зараженный: Trojan-Downloader.Win32.Agent.nhf 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine2E800034AEB91BD.VBN Зараженный: Trojan.Win32.Shutdowner.em 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C00004BFFC4E5.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C0002.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C0003.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C0004.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C0005.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C0006.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C0007.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C0008.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C0009.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C000A.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C000B.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C000C.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C000D.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C000E.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C000F.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine31C0010.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine33400014BFE4F5C.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine33400024BFE4F93.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine33400034BFE5207.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine39C000047DC2A95.VBN Зараженный: Trojan-Downloader.JS.Agent.kd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine39C000147DC2AB6.VBN Зараженный: Trojan-Downloader.JS.Agent.kd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine46000004CFCF580.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine4FC0000.VBN Зараженный: Trojan-Downloader.Win32.Agent.vsh 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine4FC00024CFC6379.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine4FC00034CFC65AD.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine55000014DDDEE83.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine55000024DDDEE9B.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine55000034DDDEEAF.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine55000044DDDF0A1.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine55000054DDDF583.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine5DC00014DFCDC87.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine5FC00014DFCE067.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine63000014EF08812.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine63800014EFE26C6.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine63800034EFDEBAF.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine65800014EFA0F44.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine67400014EFDFE05.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine68000014EF1981B.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine76000014FF98E6B.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine888000148EF20E7.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine8A4000148FCFB73.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine8A4000248FCFBB0.VBN Зараженный: Trojan-Downloader.Win32.Mutant.bnp 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine8A4000348FCFBCE.VBN Зараженный: Trojan-Downloader.Win32.Mutant.aim 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine8A4000448FD239A.VBN Зараженный: Trojan-Downloader.Win32.Obfuscated.dro 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine8FC000148FDF915.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineAF400014AFD0D10.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineAF400024AFD0D1D.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineAF400034AFD1474.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineAF400044AFD171A.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineB5800014BFA1A30.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineB5800024BFA1A3E.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineB6400004BFCCEA5.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineB8800014BEE272C.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineBA40006.VBN Зараженный: Trojan.Win32.Obfuscated.en 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineBA40007.VBN Зараженный: Trojan.Win32.Obfuscated.en 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineBF000004BF1011A.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineC6000014CFE0DAC.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineCA000014CE3241D.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineCA000024CE32428.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineCA800014CFE0C59.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineD2000004F7BBA34.VBN Зараженный: Trojan-Downloader.JS.Agent.kd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineDA000004DE1024E.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineDA400004DFCCC84.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineDCC00014DEF95E6.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineDEC00014DEF5720.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineDEC00024DEF5735.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineDEC00034DEF5ABA.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineDEC00044DEF5FB1.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineDEC00054DEF6250.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineDEC00064DEF68A6.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineE340001.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineE340002.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineE340003.VBN Зараженный: Trojan-Dropper.Win32.Agent.wys 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineE5800014EDF78B3.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineE8000004FD693B2.VBN Зараженный: Trojan-Downloader.JS.Agent.kd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineE8000014FD693D1.VBN Зараженный: Trojan-Downloader.JS.Agent.kd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineF6800004FED033E.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineF6800024FED037B.VBN Зараженный: Trojan.Win32.FraudPack.ijv 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineF6800034FED0396.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineF6800044FED05A2.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineF6800054FED07DD.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineF6800064FED0A83.VBN Зараженный: Trojan.Win32.KillAV.agz 1
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5QuarantineFD000004FF28109.VBN Зараженный: Rootkit.Win32.Protector.bd 1
C:Documents and SettingsHebrewDesktopPHOTOSHOP CS2 CRAK 2008.rar Зараженный: Rootkit.Win32.Agent.eii 1
C:Documents and SettingsHebrewDoctorWebQuarantineA0033409.exe Зараженный: not-a-virus:AdWare.Win32.Shopper.q 1
C:Documents and SettingsHebrewDoctorWebQuarantineA2787907.EXE Зараженный: not-a-virus:AdWare.Win32.Shopper.l 1
C:Documents and SettingsHebrewDoctorWebQuarantineA2787909.exe Зараженный: not-a-virus:AdWare.Win32.Shopper.l 1
C:Documents and SettingsHebrewDoctorWebQuarantineSecured IE — Installer.exe Зараженный: not-a-virus:AdWare.Win32.Shopper.q 1
C:Program FilesAshampooAshampoo Burning Studio 7burningstudio.exe Зараженный: Packed.Win32.Tdss.f 1
C:Program FilesTrend MicroHijackThisbackupsbackup-20090321-210645-166.dll Зараженный: Trojan.Win32.Monder.blif 1
C:Program FilesTrend MicroHijackThisbackupsbackup-20090321-210859-937.dll Зараженный: Trojan.Win32.Monder.blif 1
C:Program FilesTrend MicroHijackThisbackupsbackup-20090321-211411-709.dll Зараженный: Trojan.Win32.Monder.blif 1
C:Program FilesTrend MicroHijackThisbackupsbackup-20090321-212535-249.dll Зараженный: Trojan.Win32.Monder.blif 1
C:QooboxQuarantineCWINDOWSsystem32daluwimo.exe.vir Зараженный: Trojan.Win32.AntiAV.aug 1
C:QooboxQuarantineCWINDOWSsystem32jorukiyi.dll.vir Зараженный: Trojan-Spy.Win32.Agent.amgi 1
C:WINDOWSsystem32gorumiba.bak Зараженный: Trojan.Win32.Monder.blif 1
C:WINDOWSsystem32khfCuRlL.dll Зараженный: Trojan.Win32.Monderb.ackd 1
C:WINDOWSsystem32urqOIyaw.dll.vir Зараженный: Trojan.Win32.Monder.ahzl 1
C:_OTMoveItMovedFiles4142009_113922WINDOWSsystem32bhixzi.dll Зараженный: Packed.Win32.Krap.o 1
C:_OTMoveItMovedFiles4142009_113922WINDOWSsystem32jefytqxo.dll Зараженный: Trojan.Win32.Monder.bdri 1
C:_OTMoveItMovedFiles4142009_113922WINDOWSsystem32mgscotpb.dll Зараженный: Packed.Win32.Krap.o 1
C:_OTMoveItMovedFiles4142009_113922WINDOWSsystem32ptyipk.dll Зараженный: Packed.Win32.Krap.o 1
C:_OTMoveItMovedFiles4142009_113922WINDOWSsystem32rmictllv.dll Зараженный: Packed.Win32.Krap.o 1
C:_OTMoveItMovedFiles4212009_203004WINDOWSsystem32fokivilo.exe Зараженный: Trojan-Downloader.Win32.FraudLoad.vnjh 1
C:_OTMoveItMovedFiles4212009_203004WINDOWSsystem32jawepuwa.dll Зараженный: Trojan.Win32.Monder.blif 1
C:_OTMoveItMovedFiles4212009_203004WINDOWSsystem32nomajuzu.exe Зараженный: Trojan-Downloader.Win32.FraudLoad.vnjh 1
C:_OTMoveItMovedFiles4212009_203004WINDOWSsystem32sovowuyi.dll Зараженный: Trojan.Win32.Monder.byqu 1
C:_OTMoveItMovedFiles4212009_203004WINDOWSsystem32vekukedu.dll Зараженный: Trojan.Win32.Monder.byqu 1
C:_OTMoveItMovedFiles4212009_203004WINDOWSsystem32wesokaru.exe Зараженный: Trojan-Downloader.Win32.FraudLoad.vnjh 1
F:System Volume Information_restore{445ACD47-31C5-4C57-A35F-895F07A04928}RP1284A2761176.exe Зараженный: not-a-virus:Porn-Tool.Win32.Agent.gn 1
F:SinemaGameEmyleXincomingPHOTOSHOP CS2 CRAK 2008.rar Зараженный: Rootkit.Win32.Agent.eii 1
Выбранная область проверена.
Всё классно, но мой Symantek не работает, то есть не включается и звука нет?ComboFix 09-04-28.02 — Hebrew 04/29/2009 10:29.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.511.224 [GMT 3:00]
Running from: c:documents and settingsHebrewDesktopComboFix.exe
Command switches used :: c:documents and settingsHebrewDesktopCFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
..
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_NWSAPAGENT
Service_ati6jnxx
Service_NwSapAgent((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.2009-04-19 18:27 . 2009-04-19 18:27
d
w c:program filesMPC HomeCinema
2009-04-19 18:15 . 2009-04-19 18:18
d
w c:program filesThe KMPlayer
2009-04-19 17:55 . 2008-09-16 19:23 168448 —-a-w c:windowssystem32unrar.dll
2009-04-19 17:55 . 2004-01-25 16:18 217088 —-a-w c:windowssystem32yv12vfw.dll
2009-04-19 17:55 . 2008-12-07 18:08 795648 —-a-w c:windowssystem32xvidcore.dll
2009-04-19 17:55 . 2008-12-07 18:08 130048 —-a-w c:windowssystem32xvidvfw.dll
2009-04-19 17:55 . 2008-12-11 00:33 86016 —-a-w c:windowssystem32dpl100.dll
2009-04-19 17:55 . 2008-11-06 16:37 3596288 —-a-w c:windowssystem32qt-dx331.dll
2009-04-19 17:55 . 2008-11-06 16:33 684032 —-a-w c:windowssystem32divx.dll
2009-04-19 17:55 . 2009-03-02 18:10 67584 —-a-w c:windowssystem32ff_vfw.dll
2009-04-19 17:55 . 2009-04-19 17:55
d
w c:program filesK-Lite Codec Pack
2009-04-17 16:58 . 2009-04-17 16:58
d
w c:documents and settingsHebrewApplication DataCanneverbe_Limited
2009-04-17 16:57 . 2009-04-17 16:57
d
w c:program filesCDBurnerXP
2009-04-14 08:39 . 2009-04-14 08:39
d
w C:_OTMoveIt
2009-04-12 09:33 . 2009-04-12 09:33
d
w C:rsit
2009-04-04 19:36 . 2009-04-04 19:36
d
w C:VundoFix Backups
2009-04-02 09:26 . 2009-04-02 09:26
d
w c:documents and settingsNetworkServiceLocal SettingsApplication DataPCHealth
2009-03-30 18:10 . 2009-03-30 18:10
d
w c:program filesWindows Defender.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 17:33 . 2007-07-11 01:09 79832 —-a-w c:documents and settingsHebrewLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-04-19 15:56 . 2004-08-02 22:56
d
w c:program filesCyberLink
2009-04-19 15:56 . 2004-08-02 22:56
d—h—w c:program filesInstallShield Installation Information
2009-04-19 15:55 . 2004-08-02 22:46
d
w c:program filesDivX
2009-03-31 17:26 . 2007-07-10 07:06
d
w c:program filesSymantec AntiVirus
2009-03-31 16:54 . 2004-08-02 22:01
d
w c:program filesSymantec
2009-03-25 18:06 . 2008-11-01 12:04
d
w c:program filesMalwarebytes’ Anti-Malware
2009-03-24 17:53 . 2004-08-02 22:35
d
w c:program filesCommon FilesACD Systems
2009-03-16 13:08 . 2009-03-16 13:08 245760 —-a-w c:windowsctfxmon.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{67aa0145-a051-4660-a910-22da3bab1fa5}]
2008-05-12 06:18 1470488 —-a-w c:program filesfindercoiltbfin1.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{67aa0145-a051-4660-a910-22da3bab1fa5}»= «c:program filesfindercoiltbfin1.dll» [2008-05-12 1470488][HKEY_CLASSES_ROOTclsid{67aa0145-a051-4660-a910-22da3bab1fa5}]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{67AA0145-A051-4660-A910-22DA3BAB1FA5}»= «c:program filesfindercoiltbfin1.dll» [2008-05-12 1470488][HKEY_CLASSES_ROOTclsid{67aa0145-a051-4660-a910-22da3bab1fa5}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-10-13 1694208]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2007-04-03 165784]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvMediaCenter»=»c:windowsSystem32NvMcTray.dll» [2004-03-24 46080]
«ccApp»=»c:program filesCommon FilesSymantec SharedccApp.exe» [2006-07-19 52896]
«vptray»=»c:progra~1SYMANT~1VPTray.exe» [2006-09-27 125168]
«USRpdA»=»c:windowsSYSTEM32USRmlnkA.exe» [2001-08-23 77891]
«NvCplDaemon»=»c:windowsSystem32NvCpl.dll» [2004-03-24 3309568]
«%FP%Barak013 L2TP fts.exe»=»c:program filesBarak013Barak013_L2TPfts.exe» [2004-01-07 77312]
«PinnacleDriverCheck»=»c:windowssystem32PSDrvCheck.exe» [2003-12-04 406016]
«THOffice»=»c:program filesTHOfficeTHOffice.exe» [2003-01-18 176128]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2003-12-18 64512]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-03-24 782336][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2007-03-13 39264][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=R3 SavRoam;SavRoam;c:program filesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
R3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);c:windowssystem32DRIVERSATINTTXX.sys [2004-08-04 13824]
S2 WinDefend;Windows Defender;c:program filesWindows DefenderMsMpEng.exe [2006-11-03 13592]
S3 EraserUtilDrvI7;EraserUtilDrvI7;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilDrvI7.sys [2008-09-17 99376].
Contents of the ‘Scheduled Tasks’ folder2009-04-29 c:windowsTasksMP Scheduled Scan.job
— c:program filesWindows DefenderMpCmdRun.exe [2006-11-03 16:20]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.il/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mStart Page = hxxp://www.vmule.com/2008home.htm
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:801;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
Trusted Zone: aol.comfree
TCP: {3944AA6F-F372-47E8-8E2A-D2ED4D61C062} = 194.90.1.5
DPF: DirectAnimation Java Classes — file://c:windowsJavaclassesdajava.cab
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
FF — ProfilePath — c:documents and settingsHebrewApplication DataMozillaFirefoxProfiles997di54e.default
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=47185
FF — prefs.js: keyword.URL — hxxp://yandex.ru/yandsearch?stype=first&clid=41139&yasoft=barff&text=
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 10:35
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
THOffice = c:program filesTHOfficeTHOffice.exe??nRun???uscanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1417001333-492894223-854245398-1004SoftwareMicrosoft M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*Recent File List]
«File1″=»c:\WINDOWS\system32\devmgmt.msc»
«File2″=»c:\WINDOWS\system32\compmgmt.msc»[HKEY_USERSS-1-5-21-1417001333-492894223-854245398-1004SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
«??»=hex:c4,ae,7d,61,d4,85,6a,d5,98,e0,81,1c,24,c8,72,e6,0b,3a,f3,08,f9,fe,54,
50,37,3a,a7,c2,05,05,2b,78,37,23,e1,8b,80,d6,8d,89,c1,7a,6d,a8,b0,1a,16,dd,
«??»=hex:59,bc,6f,2e,1e,b7,df,fe,88,24,d3,ad,1e,bf,2d,63[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«cd042efbbd7f7af1647644e76e06692b»=hex:c8,28,51,af,b0,29,a3,98,f2,aa,67,c8,16,
7c,94,e0,2e,e8,e1,00,eb,16,2b,de,65,87,e9,0c,1b,b9,c8,7d,e2,63,26,f1,3f,c8,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«bca643cdc5c2726b20d2ecedcc62c59b»=hex:46,47,15,b0,92,4b,c7,ef,0c,7a,d7,8a,08,
2e,9f,29,46,47,15,b0,92,4b,c7,ef,00,3c,19,aa,91,d3,31,b8,6a,9c,d6,61,af,45,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{684373FB-9CD8-4e47-B990-5A4466C16034}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2c81e34222e8052573023a60d06dd016″=hex:25,da,ec,7e,55,20,c9,26,14,3a,84,95,d3,
85,50,2f,7a,45,05,fd,91,e8,6f,31,69,dc,9d,5d,55,64,98,98,ff,7c,85,e0,43,d4,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2582ae41fb52324423be06337561aa48″=hex:86,8c,21,01,be,91,eb,e7,d1,09,1d,75,3a,
f1,98,21,6b,65,49,6a,7e,99,74,f7,37,61,61,27,48,51,58,6c,86,8c,21,01,be,91,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«caaeda5fd7a9ed7697d9686d4b818472″=hex:cd,44,cd,b9,a6,33,6c,cd,04,06,06,d8,64,
cf,90,c6,e9,02,6c,fa,fb,1d,47,57,ed,e3,ff,d0,fc,09,8f,d9,f5,1d,4d,73,a8,13,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«a4a1bcf2cc2b8bc3716b74b2b4522f5d»=hex:b0,18,ed,a7,3f,8d,37,a4,9e,8e,d5,17,d0,
a0,15,f7,50,93,e5,ab,ec,6a,4e,ab,9f,cc,52,be,e3,ba,38,0c,df,20,58,62,78,6b,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«4d370831d2c43cd13623e232fed27b7b»=hex:97,20,4e,9a,c7,f1,35,ee,2c,35,ae,61,24,
84,13,9f,97,20,4e,9a,c7,f1,35,ee,a2,de,8c,18,30,c5,2d,24,fb,a7,78,e6,12,2f,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1d68fe701cdea33e477eb204b76f993d»=hex:01,3a,48,fc,e8,04,4a,f1,06,51,3b,0d,bc,
35,9a,79,aa,52,c6,00,84,3c,26,64,95,13,d2,d8,f0,19,1f,3c,01,3a,48,fc,e8,04,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1fac81b91d8e3c5aa4b0a51804d844a3″=hex:f6,0f,4e,58,98,5b,89,c9,c3,28,47,20,b4,
7a,9f,11,b2,46,9a,e2,1b,fe,1b,94,8e,fc,cc,49,e4,e8,24,62,f6,0f,4e,58,98,5b,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«f5f62a6129303efb32fbe080bb27835b»=hex:b1,cd,45,5a,a8,c4,f8,b9,de,08,bd,66,99,
ed,98,b2,37,a4,aa,c3,a6,15,56,0a,ea,31,57,ae,92,3d,88,43,3d,ce,ea,26,2d,45,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«fd4e2e1a3940b94dceb5a6a021f2e3c6″=hex:f8,31,0f,a9,5f,a0,ec,fb,95,70,a3,e6,70,
0a,50,68,f8,31,0f,a9,5f,a0,ec,fb,9c,8c,b6,a8,ea,ed,ff,a3,2a,b7,cc,b5,b9,7f,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«8a8aec57dd6508a385616fbc86791ec2″=hex:fa,ea,66,7f,d4,3b,6b,70,d4,e8,79,dc,5a,
ad,3b,b4,05,73,21,dd,54,d8,4a,c5,20,98,80,19,dc,63,21,93,6c,43,2d,1e,aa,22,
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(2292)
c:windowssystem32msi.dll
c:windowsIMESPGRMR.DLL
c:program filesCommon FilesMicrosoft SharedINKSKCHUI.DLL
.
Other Running Processes
.
c:program filesCommon FilesSymantec SharedccSetMgr.exe
c:program filesCommon FilesSymantec SharedccEvtMgr.exe
c:program filesSymantec AntiVirusDefWatch.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesCDBurnerXPNMSAccessU.exe
c:windowssystem32nvsvc32.exe
c:program filesSymantec AntiVirusRtvscan.exe
c:windowssystem32wdfmgr.exe
c:windowssystem32wscntfy.exe
c:program filesSymantec AntiVirusDoScan.exe
.
**************************************************************************
.
Completion time: 2009-04-29 10:37 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 07:37
ComboFix2.txt 2009-04-25 19:28Pre-Run: 7,064,961,024 bytes free
Post-Run: 7,058,321,408 bytes free224
ComboFix 09-04-25.A1 — Hebrew 04/25/2009 22:19.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.511.279 [GMT 3:00]
Running from: c:documents and settingsHebrewDesktopComboFix.exe
Command switches used :: c:documents and settingsHebrewDesktopWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsAll UsersApplication DataMicrosoftMedia IndexDrivers
c:documents and settingsAll UsersApplication DataMicrosoftMedia IndexDriversc.cgm
c:documents and settingsAll UsersApplication DataMicrosoftMedia IndexDrivershdddriver.dll
c:documents and settingsAll UsersApplication DataMicrosoftMedia IndexDriverskzekwfccag.dll
c:windowssystem3216565329141.dll
c:windowssystem32aeagxgxc.ini
c:windowssystem32ajtajoll.ini
c:windowssystem32aovrmhjl.ini
c:windowssystem32aqjatfct.ini
c:windowssystem32aqxidjqa.ini
c:windowssystem32auaxbnkv.ini
c:windowssystem32aujoofjm.ini
c:windowssystem32aunbmkeh.ini
c:windowssystem32auruxhcw.ini
c:windowssystem32avmsefnt.ini
c:windowssystem32awbuodiu.ini
c:windowssystem32aygitece.ini
c:windowssystem32bckfqbke.ini
c:windowssystem32bddweqwr.ini
c:windowssystem32bfspoxfj.ini
c:windowssystem32bhlopyuk.ini
c:windowssystem32bitxvcva.ini
c:windowssystem32bjdgwkmc.ini
c:windowssystem32bklrfdeo.ini
c:windowssystem32blihfoab.ini
c:windowssystem32bmquvjpv.ini
c:windowssystem32boelrvhw.ini
c:windowssystem32bpbkvocu.ini
c:windowssystem32bplkbutb.ini
c:windowssystem32brurrptd.ini
c:windowssystem32bucggxey.ini
c:windowssystem32bvimawtf.ini
c:windowssystem32bybiyjbe.ini
c:windowssystem32byikylah.ini
c:windowssystem32bywcbscu.ini
c:windowssystem32catertwd.ini
c:windowssystem32ceowwsqb.ini
c:windowssystem32chcyadkq.ini
c:windowssystem32cnbuhnta.ini
c:windowssystem32coolrhcn.ini
c:windowssystem32cqueqckh.ini
c:windowssystem32csgjchpf.ini
c:windowssystem32cusstojw.ini
c:windowssystem32cviumwgo.ini
c:windowssystem32cwioplni.ini
c:windowssystem32cwxajlyr.ini
c:windowssystem32daluwimo.exe
c:windowssystem32daxqsybo.ini
c:windowssystem32dbtbsprs.ini
c:windowssystem32dcnguqmg.ini
c:windowssystem32ddmitggk.ini
c:windowssystem32decerhtv.ini
c:windowssystem32dejkaome.ini
c:windowssystem32deoikpoi.ini
c:windowssystem32dktixkbg.ini
c:windowssystem32dliorlyf.ini
c:windowssystem32dqqolell.ini
c:windowssystem32drysrasq.ini
c:windowssystem32dtgyaqnf.ini
c:windowssystem32dvlrflor.ini
c:windowssystem32dxmrbbru.ini
c:windowssystem32ebtfeqfl.ini
c:windowssystem32efvnoray.ini
c:windowssystem32efysievj.ini
c:windowssystem32eidkwthl.ini
c:windowssystem32ejpsagtr.ini
c:windowssystem32ejucegry.ini
c:windowssystem32enpfstpc.ini
c:windowssystem32erbmqdbp.ini
c:windowssystem32fanwomfy.ini
c:windowssystem32fbhfdbxx.ini
c:windowssystem32fbkjiqge.ini
c:windowssystem32fdjftnjh.ini
c:windowssystem32fdpdsphg.ini
c:windowssystem32fdshwrqw.ini
c:windowssystem32feylabhm.ini
c:windowssystem32fhmbtsqh.ini
c:windowssystem32filawuzo.dll
c:windowssystem32fiogurbw.ini
c:windowssystem32fiuirdgb.ini
c:windowssystem32fjvyhdao.ini
c:windowssystem32fmituigw.ini
c:windowssystem32foogvlxo.ini
c:windowssystem32fqusnjmi.ini
c:windowssystem32frjogokg.ini
c:windowssystem32fujayagi.dll
c:windowssystem32fwbipnje.ini
c:windowssystem32fxxyosbp.ini
c:windowssystem32fyeagedu.ini
c:windowssystem32gadjxiln.ini
c:windowssystem32glcjlvcr.ini
c:windowssystem32gldqjsrl.ini
c:windowssystem32gmciirxm.ini
c:windowssystem32gndovajb.ini
c:windowssystem32goocecqe.ini
c:windowssystem32graiattk.ini
c:windowssystem32gtmraspu.ini
c:windowssystem32gudlbbhh.ini
c:windowssystem32guxkelps.ini
c:windowssystem32gvwnddng.ini
c:windowssystem32gydptggs.ini
c:windowssystem32hcndxsad.ini
c:windowssystem32hcxqugrh.ini
c:windowssystem32hdsxjgqv.ini
c:windowssystem32heruhozu.dll
c:windowssystem32hgjksfwv.ini
c:windowssystem32hjtysatn.ini
c:windowssystem32homjjklr.ini
c:windowssystem32hsdmqthm.ini
c:windowssystem32hsyhnlfa.ini
c:windowssystem32iegennlq.ini
c:windowssystem32ieprrpux.ini
c:windowssystem32ihtjsukm.ini
c:windowssystem32iixvwnoc.ini
c:windowssystem32imbhoyuw.ini
c:windowssystem32imjawtlx.ini
c:windowssystem32imyssaxg.ini
c:windowssystem32iqaoxjro.ini
c:windowssystem32iuwgudxm.ini
c:windowssystem32ivwmbigx.ini
c:windowssystem32iwbixwdp.ini
c:windowssystem32iwpssvkw.ini
c:windowssystem32iytqyypn.ini
c:windowssystem32jahrxnci.ini
c:windowssystem32jbkokmxo.ini
c:windowssystem32jblsnita.ini
c:windowssystem32jbysvgbd.ini
c:windowssystem32jchxtrst.ini
c:windowssystem32jcynujbv.ini
c:windowssystem32jewwwort.ini
c:windowssystem32jfdrfhsh.ini
c:windowssystem32jhfvhwjt.ini
c:windowssystem32jojynpud.ini
c:windowssystem32jolgokrf.ini
c:windowssystem32jorukiyi.dll
c:windowssystem32jqlhjirx.ini
c:windowssystem32jrfdgwmw.ini
c:windowssystem32jsthcvka.ini
c:windowssystem32jtmxeppk.ini
c:windowssystem32jvjfjspa.ini
c:windowssystem32jvliwagu.ini
c:windowssystem32jxbdkbfk.ini
c:windowssystem32jxcesrbi.ini
c:windowssystem32jyrgqykp.ini
c:windowssystem32kbcocyau.ini
c:windowssystem32kbjjccrx.ini
c:windowssystem32khyqhffo.ini
c:windowssystem32kkixdiri.ini
c:windowssystem32kkvpjbtw.ini
c:windowssystem32klctyatb.ini
c:windowssystem32kozezupo.dll
c:windowssystem32kqrwnhkj.ini
c:windowssystem32kvkcyhiv.ini
c:windowssystem32kvmdjroi.ini
c:windowssystem32lbsabelf.ini
c:windowssystem32lcdhyybv.ini
c:windowssystem32lcrjimdw.ini
c:windowssystem32lcwxrlgq.ini
c:windowssystem32lddvjsve.ini
c:windowssystem32ldplwvme.ini
c:windowssystem32lebapide.dll
c:windowssystem32lecaiqkr.ini
c:windowssystem32lejnshxn.ini
c:windowssystem32ljbdftxv.ini
c:windowssystem32ljgpclhp.ini
c:windowssystem32lnddfojy.ini
c:windowssystem32lnxcmepy.ini
c:windowssystem32lodivoyo.dll
c:windowssystem32lomqidjl.ini
c:windowssystem32lqmwdroc.ini
c:windowssystem32lqudamrd.ini
c:windowssystem32lrnpjxap.ini
c:windowssystem32lucwntph.ini
c:windowssystem32lywkejpu.ini
c:windowssystem32mbevrbql.ini
c:windowssystem32mdocoxhk.ini
c:windowssystem32meatekan.ini
c:windowssystem32mfdatkqq.ini
c:windowssystem32midnoiiq.ini
c:windowssystem32mjhcvvqw.ini
c:windowssystem32mjuqwyto.ini
c:windowssystem32mkpdnclm.ini
c:windowssystem32mmemhxut.ini
c:windowssystem32mniqowei.ini
c:windowssystem32mooeiksn.ini
c:windowssystem32mvlyhsib.ini
c:windowssystem32mvnqggmg.ini
c:windowssystem32narnuoba.ini
c:windowssystem32ncppoabs.ini
c:windowssystem32nevigapi.dll
c:windowssystem32nfdqfysi.ini
c:windowssystem32ngwglsbm.ini
c:windowssystem32nifudoju.dll
c:windowssystem32niwurosy.ini
c:windowssystem32njnmbsvn.ini
c:windowssystem32nourctfv.ini
c:windowssystem32nqocmdwp.ini
c:windowssystem32nqrtbfbg.ini
c:windowssystem32nrtjpybf.ini
c:windowssystem32nsosdswv.ini
c:windowssystem32nvfttrtc.ini
c:windowssystem32nvxdsbhw.ini
c:windowssystem32nwsookfo.ini
c:windowssystem32ocbjwxtq.ini
c:windowssystem32ocdcjgls.ini
c:windowssystem32oeuflsco.ini
c:windowssystem32ojnukuny.ini
c:windowssystem32ojtbpkqj.ini
c:windowssystem32omnjwetn.ini
c:windowssystem32onmcomce.ini
c:windowssystem32ontkuyoj.ini
c:windowssystem32opauywei.ini
c:windowssystem32oqsakmbm.ini
c:windowssystem32oracvcyy.ini
c:windowssystem32osyiqecv.ini
c:windowssystem32ovohbthb.ini
c:windowssystem32owbdveoo.ini
c:windowssystem32pajngetg.ini
c:windowssystem32pbmuisqo.ini
c:windowssystem32pbqkdryv.ini
c:windowssystem32pbuxdtsc.ini
c:windowssystem32pdssmctg.ini
c:windowssystem32pdsuhlsk.ini
c:windowssystem32perqoouo.ini
c:windowssystem32pferrjpq.ini
c:windowssystem32phhpwamv.ini
c:windowssystem32plrrhdet.ini
c:windowssystem32pmeoebtm.ini
c:windowssystem32pmyumadg.ini
c:windowssystem32pnvdbhrm.ini
c:windowssystem32ppvnwphd.ini
c:windowssystem32prsifcen.ini
c:windowssystem32psiplpjv.ini
c:windowssystem32psobrehx.ini
c:windowssystem32ptgopcdl.ini
c:windowssystem32pthreadGC2.dll
c:windowssystem32pupvdtyu.ini
c:windowssystem32puqhirdl.ini
c:windowssystem32puyekebi.dll
c:windowssystem32qdyhlfnf.ini
c:windowssystem32qgokckuj.ini
c:windowssystem32qgspnqgj.ini
c:windowssystem32qguwidhi.ini
c:windowssystem32qiaggojy.ini
c:windowssystem32qjrfvwyy.ini
c:windowssystem32qmyjpjxu.ini
c:windowssystem32qsloxkjs.ini
c:windowssystem32rencbnsg.ini
c:windowssystem32reokmfli.ini
c:windowssystem32rfookurp.ini
c:windowssystem32rfpkibfp.ini
c:windowssystem32rjisvlir.ini
c:windowssystem32rllugkwd.ini
c:windowssystem32rloaqpfg.ini
c:windowssystem32rootgjmg.ini
c:windowssystem32roxfsgxh.ini
c:windowssystem32rrkorwaa.ini
c:windowssystem32rsaodeut.ini
c:windowssystem32rsjsimvd.ini
c:windowssystem32rsljhdex.ini
c:windowssystem32rssayctv.ini
c:windowssystem32rtbxegvs.ini
c:windowssystem32ruvtbpmg.ini
c:windowssystem32rvhhavkn.ini
c:windowssystem32rydoaobp.ini
c:windowssystem32samadehi.dll
c:windowssystem32sanxumja.ini
c:windowssystem32satevowa.dll
c:windowssystem32sawjbngu.ini
c:windowssystem32saxcqelu.ini
c:windowssystem32sbapafiq.ini
c:windowssystem32sgedwuxb.ini
c:windowssystem32sgvssrrt.ini
c:windowssystem32skurqstg.ini
c:windowssystem32slmqpsgc.ini
c:windowssystem32smqwnmdc.ini
c:windowssystem32sofodowi.dll
c:windowssystem32styftxuq.ini
c:windowssystem32svjucuhp.ini
c:windowssystem32teoxxoky.ini
c:windowssystem32tggkjdvb.ini
c:windowssystem32tijgsknk.ini
c:windowssystem32tjsshqdl.ini
c:windowssystem32ttobwebi.ini
c:windowssystem32turoglrx.ini
c:windowssystem32txqrhajh.ini
c:windowssystem32ublbckex.ini
c:windowssystem32ucaidstm.ini
c:windowssystem32udkvctcl.ini
c:windowssystem32ugccqcdq.ini
c:windowssystem32ukoovisd.ini
c:windowssystem32ukqouned.ini
c:windowssystem32umpvjtor.ini
c:windowssystem32uniqamkh.ini
c:windowssystem32upcjaniy.ini
c:windowssystem32uplpeuwo.ini
c:windowssystem32uthiglvu.ini
c:windowssystem32uyignwbl.ini
c:windowssystem32vdgwfcio.ini
c:windowssystem32vflednuy.ini
c:windowssystem32vgdenxct.ini
c:windowssystem32vhkyhhtm.ini
c:windowssystem32vibgixtx.ini
c:windowssystem32vmokdcbo.ini
c:windowssystem32vopjmqfr.ini
c:windowssystem32vvojmtla.ini
c:windowssystem32vvovapwt.ini
c:windowssystem32vwyiyaie.ini
c:windowssystem32wacpjwms.ini
c:windowssystem32wayIOqru.ini
c:windowssystem32wayIOqru.ini2
c:windowssystem32wcbtspan.ini
c:windowssystem32wcfpaudp.ini
c:windowssystem32wcludyax.ini
c:windowssystem32wkewhaqe.ini
c:windowssystem32wmaiiqem.ini
c:windowssystem32woivmnfp.ini
c:windowssystem32wonizaki.dll
c:windowssystem32wqruykmv.ini
c:windowssystem32wqveglng.ini
c:windowssystem32wspcrsdy.ini
c:windowssystem32wsvikpbj.ini
c:windowssystem32wvvtform.ini
c:windowssystem32xdksntfb.ini
c:windowssystem32xgbofwgd.ini
c:windowssystem32xhajouru.ini
c:windowssystem32xmuyhtof.ini
c:windowssystem32xqquxssv.ini
c:windowssystem32xrwixpqp.ini
c:windowssystem32xsopjcfm.ini
c:windowssystem32xtafewxw.ini
c:windowssystem32xtutovgu.ini
c:windowssystem32xuwafdoo.ini
c:windowssystem32ygkvaqfw.ini
c:windowssystem32yhbecwxk.ini
c:windowssystem32ymedmiuf.ini
c:windowssystem32ymhtrpdk.ini
c:windowssystem32yndonbfb.ini
c:windowssystem32ynqlhiwx.ini
c:windowssystem32yobijowu.dll
c:windowssystem32ythoqtdp.ini
c:windowssystem32yuxdaexf.ini
c:windowssystem32ywiqjxww.ini
c:windowssystem32ywllqewv.ini
c:windowssystem32yxxltsnj.ini
c:windowssystem32yyefurkr.ini
c:windowssystem32zifutoro.dll
c:windowssystem32zuyahoba.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_ASC3550P
Legacy_fci
Legacy_ICF((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.2009-04-19 18:27 . 2009-04-19 18:27
d
w c:program filesMPC HomeCinema
2009-04-19 18:15 . 2009-04-19 18:18
d
w c:program filesThe KMPlayer
2009-04-19 16:12 . 2009-04-19 16:12 7680 —sha-w c:windowsThumbs.db
2009-04-17 16:58 . 2009-04-17 16:58
d
w c:documents and settingsHebrewApplication DataCanneverbe_Limited
2009-04-17 16:57 . 2009-04-17 16:57
d
w c:program filesCDBurnerXP
2009-04-14 08:39 . 2009-04-14 08:39
d
w C:_OTMoveIt
2009-04-12 09:33 . 2009-04-12 09:33
d
w C:rsit
2009-04-04 19:36 . 2009-04-04 19:36
d
w C:VundoFix Backups
2009-04-02 09:26 . 2009-04-02 09:26
d
w c:documents and settingsNetworkServiceLocal SettingsApplication DataPCHealth
2009-03-30 18:10 . 2009-03-30 18:10
d
w c:program filesWindows Defender
2009-03-28 11:57 . 2009-03-28 11:59
d
w c:documents and settingsHebrewApplication DataMSN6
2009-03-28 11:57 . 2009-03-28 11:57
d
w c:documents and settingsAll UsersApplication DataMSN6.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 17:33 . 2007-07-11 01:09 79832 —-a-w c:documents and settingsHebrewLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-04-19 17:55 . 2009-04-19 17:55
d
w c:program filesK-Lite Codec Pack
2009-04-19 15:56 . 2004-08-02 22:56
d
w c:program filesCyberLink
2009-04-19 15:56 . 2004-08-02 22:56
d—h—w c:program filesInstallShield Installation Information
2009-04-19 15:55 . 2004-08-02 22:46
d
w c:program filesDivX
2009-04-04 19:54 . 2009-04-04 19:36 272 —-a-w C:VundoFix.txt
2009-03-31 17:26 . 2007-07-10 07:06
d
w c:program filesSymantec AntiVirus
2009-03-31 16:54 . 2004-08-02 22:01
d
w c:program filesSymantec
2009-03-25 18:06 . 2008-11-01 12:04
d
w c:program filesMalwarebytes’ Anti-Malware
2009-03-24 17:53 . 2004-08-02 22:35
d
w c:program filesCommon FilesACD Systems
2009-03-24 17:46 . 2007-08-08 20:19
d
w c:documents and settingsHebrewApplication DatauTorrent
2009-03-24 17:09 . 2009-03-24 17:09
d
w c:documents and settingsHebrewApplication DataYandex
2009-03-21 20:05 . 2009-03-21 20:05 157130 —-a-w C:dwshield.log
2009-03-20 19:19 . 2009-03-20 19:15 441
w C:Win32.Worm.Downladup.Gen.log
2009-03-20 11:03 . 2007-11-10 11:17
d
w c:documents and settingsHebrewApplication DataSkype
2009-03-16 13:08 . 2009-03-16 13:08 245760 —-a-w c:windowsctfxmon.dll
2009-03-02 18:10 . 2009-04-19 17:55 67584 —-a-w c:windowssystem32ff_vfw.dll
2007-09-13 12:12 . 2007-09-13 12:12 129 —-a-w c:documents and settingsHebrewLocal SettingsApplication Datafusioncache.dat
2007-08-08 15:07 . 2007-08-08 15:07 68872 —-a-w c:documents and settingsEnglish.COMPUTERLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2007-08-08 15:01 . 2007-08-08 15:01 68872 —-a-w c:documents and settingsRussian.COMPUTERLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2007-07-11 01:12 . 2007-07-11 01:12 68872 —-a-w c:documents and settingsRussianLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2004-10-28 12:42 . 2004-10-28 12:42 69256 —-a-w c:documents and settingsEnglishLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE~Browser Helper Objects{67aa0145-a051-4660-a910-22da3bab1fa5}]
2008-05-12 06:18 1470488 —-a-w c:program filesfindercoiltbfin1.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{67aa0145-a051-4660-a910-22da3bab1fa5}»= «c:program filesfindercoiltbfin1.dll» [2008-05-12 1470488][HKEY_CLASSES_ROOTclsid{67aa0145-a051-4660-a910-22da3bab1fa5}]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{67AA0145-A051-4660-A910-22DA3BAB1FA5}»= «c:program filesfindercoiltbfin1.dll» [2008-05-12 1470488][HKEY_CLASSES_ROOTclsid{67aa0145-a051-4660-a910-22da3bab1fa5}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-10-13 1694208]
«DAEMON Tools»=»c:program filesDAEMON Toolsdaemon.exe» [2007-04-03 165784]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvMediaCenter»=»c:windowsSystem32NvMcTray.dll» [2004-03-24 46080]
«ccApp»=»c:program filesCommon FilesSymantec SharedccApp.exe» [2006-07-19 52896]
«vptray»=»c:progra~1SYMANT~1VPTray.exe» [2006-09-27 125168]
«USRpdA»=»c:windowsSYSTEM32USRmlnkA.exe» [2001-08-23 77891]
«NvCplDaemon»=»c:windowsSystem32NvCpl.dll» [2004-03-24 3309568]
«%FP%Barak013 L2TP fts.exe»=»c:program filesBarak013Barak013_L2TPfts.exe» [2004-01-07 77312]
«PinnacleDriverCheck»=»c:windowssystem32PSDrvCheck.exe» [2003-12-04 406016]
«THOffice»=»c:program filesTHOfficeTHOffice.exe» [2003-01-18 176128]
«SoundMan»=»SOUNDMAN.EXE» — c:windowsSOUNDMAN.EXE [2003-12-18 64512]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2004-03-24 782336][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]
«DWQueuedReporting»=»c:progra~1COMMON~1MICROS~1DWdwtrig20.exe» [2007-03-13 39264][HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=R0 ati6jnxx;ati6jnxx; [x]
R3 SavRoam;SavRoam;c:program filesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
R3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);c:windowssystem32DRIVERSATINTTXX.sys [2004-08-04 13824]
S2 NwSapAgent;SAP Agent;c:windowssystem32svchost.exe [2008-11-01 14336]
S2 WinDefend;Windows Defender;c:program filesWindows DefenderMsMpEng.exe [2006-11-03 13592]
S3 EraserUtilDrvI7;EraserUtilDrvI7;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilDrvI7.sys [2008-09-17 99376].
Contents of the ‘Scheduled Tasks’ folder2009-04-25 c:windowsTasksMP Scheduled Scan.job
— c:program filesWindows DefenderMpCmdRun.exe [2006-11-03 16:20]
.
— — — — ORPHANS REMOVED — — — —WebBrowser-{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} — (no file)
HKCU-Run-ctfxmon.exe — c:windowsctfxmon.exe
HKLM-Run-ctfxmon.exe — c:windowsctfxmon.exe
HKLM-Run-CPMbbb72e7b — c:windowssystem32kohuhoro.dll
HKU-Default-Run-ALUAlert — c:program filesSymantecLiveUpdateALUNotify.exe
HKU-Default-Run-ctfxmon.exe — c:windowsctfxmon.exe.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.il/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mStart Page = hxxp://www.vmule.com/2008home.htm
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:801;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
Trusted Zone: aol.comfree
TCP: {3944AA6F-F372-47E8-8E2A-D2ED4D61C062} = 194.90.1.5
DPF: DirectAnimation Java Classes — file://c:windowsJavaclassesdajava.cab
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
FF — ProfilePath — c:documents and settingsHebrewApplication DataMozillaFirefoxProfiles997di54e.default
FF — prefs.js: browser.startup.homepage — hxxp://www.yandex.ru/?clid=47185
FF — prefs.js: keyword.URL — hxxp://yandex.ru/yandsearch?stype=first&clid=41139&yasoft=barff&text=
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 22:26
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
THOffice = c:program filesTHOfficeTHOffice.exe??nRun???uscanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-1417001333-492894223-854245398-1004SoftwareMicrosoft M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*Recent File List]
«File1″=»c:\WINDOWS\system32\devmgmt.msc»
«File2″=»c:\WINDOWS\system32\compmgmt.msc»[HKEY_USERSS-1-5-21-1417001333-492894223-854245398-1004SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
«??»=hex:c4,ae,7d,61,d4,85,6a,d5,98,e0,81,1c,24,c8,72,e6,0b,3a,f3,08,f9,fe,54,
50,37,3a,a7,c2,05,05,2b,78,37,23,e1,8b,80,d6,8d,89,c1,7a,6d,a8,b0,1a,16,dd,
«??»=hex:59,bc,6f,2e,1e,b7,df,fe,88,24,d3,ad,1e,bf,2d,63[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«cd042efbbd7f7af1647644e76e06692b»=hex:c8,28,51,af,b0,29,a3,98,f2,aa,67,c8,16,
7c,94,e0,2e,e8,e1,00,eb,16,2b,de,65,87,e9,0c,1b,b9,c8,7d,e2,63,26,f1,3f,c8,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«bca643cdc5c2726b20d2ecedcc62c59b»=hex:46,47,15,b0,92,4b,c7,ef,0c,7a,d7,8a,08,
2e,9f,29,46,47,15,b0,92,4b,c7,ef,00,3c,19,aa,91,d3,31,b8,6a,9c,d6,61,af,45,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{684373FB-9CD8-4e47-B990-5A4466C16034}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2c81e34222e8052573023a60d06dd016″=hex:25,da,ec,7e,55,20,c9,26,14,3a,84,95,d3,
85,50,2f,7a,45,05,fd,91,e8,6f,31,69,dc,9d,5d,55,64,98,98,ff,7c,85,e0,43,d4,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«2582ae41fb52324423be06337561aa48″=hex:86,8c,21,01,be,91,eb,e7,d1,09,1d,75,3a,
f1,98,21,6b,65,49,6a,7e,99,74,f7,37,61,61,27,48,51,58,6c,86,8c,21,01,be,91,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«caaeda5fd7a9ed7697d9686d4b818472″=hex:cd,44,cd,b9,a6,33,6c,cd,04,06,06,d8,64,
cf,90,c6,e9,02,6c,fa,fb,1d,47,57,ed,e3,ff,d0,fc,09,8f,d9,f5,1d,4d,73,a8,13,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«a4a1bcf2cc2b8bc3716b74b2b4522f5d»=hex:b0,18,ed,a7,3f,8d,37,a4,9e,8e,d5,17,d0,
a0,15,f7,50,93,e5,ab,ec,6a,4e,ab,9f,cc,52,be,e3,ba,38,0c,df,20,58,62,78,6b,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«4d370831d2c43cd13623e232fed27b7b»=hex:97,20,4e,9a,c7,f1,35,ee,2c,35,ae,61,24,
84,13,9f,97,20,4e,9a,c7,f1,35,ee,a2,de,8c,18,30,c5,2d,24,fb,a7,78,e6,12,2f,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1d68fe701cdea33e477eb204b76f993d»=hex:01,3a,48,fc,e8,04,4a,f1,06,51,3b,0d,bc,
35,9a,79,aa,52,c6,00,84,3c,26,64,95,13,d2,d8,f0,19,1f,3c,01,3a,48,fc,e8,04,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«1fac81b91d8e3c5aa4b0a51804d844a3″=hex:f6,0f,4e,58,98,5b,89,c9,c3,28,47,20,b4,
7a,9f,11,b2,46,9a,e2,1b,fe,1b,94,8e,fc,cc,49,e4,e8,24,62,f6,0f,4e,58,98,5b,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«f5f62a6129303efb32fbe080bb27835b»=hex:b1,cd,45,5a,a8,c4,f8,b9,de,08,bd,66,99,
ed,98,b2,37,a4,aa,c3,a6,15,56,0a,ea,31,57,ae,92,3d,88,43,3d,ce,ea,26,2d,45,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«fd4e2e1a3940b94dceb5a6a021f2e3c6″=hex:f8,31,0f,a9,5f,a0,ec,fb,95,70,a3,e6,70,
0a,50,68,f8,31,0f,a9,5f,a0,ec,fb,9c,8c,b6,a8,ea,ed,ff,a3,2a,b7,cc,b5,b9,7f,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}InprocServer32*]
«ThreadingModel»=»Apartment»
@=»c:\WINDOWS\system32\OLE32.DLL»
«8a8aec57dd6508a385616fbc86791ec2″=hex:fa,ea,66,7f,d4,3b,6b,70,d4,e8,79,dc,5a,
ad,3b,b4,05,73,21,dd,54,d8,4a,c5,20,98,80,19,dc,63,21,93,6c,43,2d,1e,aa,22,
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(3992)
c:windowssystem32msi.dll
c:windowsIMESPGRMR.DLL
c:program filesCommon FilesMicrosoft SharedINKSKCHUI.DLL
.
Other Running Processes
.
c:program filesCommon FilesSymantec SharedccSetMgr.exe
c:program filesCommon FilesSymantec SharedccEvtMgr.exe
c:program filesSymantec AntiVirusDefWatch.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:program filesCDBurnerXPNMSAccessU.exe
c:windowssystem32nvsvc32.exe
c:program filesSymantec AntiVirusRtvscan.exe
c:windowssystem32wdfmgr.exe
c:windowssystem32wscntfy.exe
c:program filesSymantec AntiVirusDoScan.exe
.
**************************************************************************
.
Completion time: 2009-04-25 22:28 — machine was rebooted
ComboFix-quarantined-files.txt 2009-04-25 19:28Pre-Run: 6,864,474,112 bytes free
Post-Run: 7,187,795,968 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional» /fastdetect /NoExecute=OptIn594
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Hebrew at 2009-04-23 20:37:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (34%) free of 20 GB
Total RAM: 511 MB (43% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:59 PM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesCDBurnerXPNMSAccessU.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:Program FilesBarak013Barak013_L2TPfts.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSymantec AntiVirusDoScan.exe
C:Documents and SettingsHebrewDesktopRSIT.exe
C:Program FilesTrend MicroHijackThisHebrew.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.il/
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.vmule.com/2008home.htm
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=localhost:801;
R3 — URLSearchHook: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {af69de43-7d58-4638-b6fa-ce66b5ad205d} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O3 — Toolbar: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 — HKLM..Run: [USRpdA] C:WINDOWSSYSTEM32USRmlnkA.exe RunServices Device3cpipe-USRpdA
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [%FP%Barak013 L2TP fts.exe] «C:Program FilesBarak013Barak013_L2TPfts.exe»
O4 — HKLM..Run: [PinnacleDriverCheck] C:WINDOWSsystem32PSDrvCheck.exe -CheckReg
O4 — HKLM..Run: [THOffice] C:Program FilesTHOfficeTHOffice.exe
O4 — HKLM..Run: [Windows Defender] «C:Program FilesWindows DefenderMSASCui.exe» -hide
O4 — HKLM..Run: [ctfxmon.exe] C:WINDOWSctfxmon.exe
O4 — HKLM..Run: [CPMbbb72e7b] Rundll32.exe «C:WINDOWSsystem32kohuhoro.dll»,a
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [DAEMON Tools] «C:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [ctfxmon.exe] C:WINDOWSctfxmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [begihedero] Rundll32.exe «C:WINDOWSsystem32tutepega.dll»,s (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — F:icqICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — F:icqICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1085153876706
O16 — DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} — http://download.divx.com/player/DivXBrowserPlugin.cab
O17 — HKLMSystemCCSServicesTcpip..{3944AA6F-F372-47E8-8E2A-D2ED4D61C062}: NameServer = 194.90.1.5
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 — AppInit_DLLs: c:windowssystem32seyayewi.dll c:windowssystem32kohuhoro.dll
O21 — SSODL: SSODL — {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} — c:windowssystem32kohuhoro.dll (file missing)
O22 — SharedTaskScheduler: STS — {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} — c:windowssystem32kohuhoro.dll (file missing)
O23 — Service: Automatic LiveUpdate Scheduler — Unknown owner — C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing)
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 — Service: Symantec AntiVirus Definition Watcher (DefWatch) — Symantec Corporation — C:Program FilesSymantec AntiVirusDefWatch.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: LiveUpdate — Unknown owner — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE (file missing)
O23 — Service: Intel NCS NetService (NetSvc) — Intel(R) Corporation — C:Program FilesIntelNCSSyncNetSvc.exe
O23 — Service: NMIndexingService — Unknown owner — C:Program FilesCommon FilesNeroLibNMIndexingService.exe (file missing)
O23 — Service: NMSAccessU — Unknown owner — C:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSSystem32nvsvc32.exe
O23 — Service: SAVRoam (SavRoam) — symantec — C:Program FilesSymantec AntiVirusSavRoam.exe
O23 — Service: Symantec Network Drivers Service (SNDSrvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 — Service: Symantec SPBBCSvc (SPBBCSvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 — Service: Symantec AntiVirus — Symantec Corporation — C:Program FilesSymantec AntiVirusRtvscan.exe—
End of file — 8101 bytes======Scheduled tasks folder======
C:WINDOWStasksMP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-10-26 440384][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2007-09-13 1312040][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{67aa0145-a051-4660-a910-22da3bab1fa5}]
findercoil Toolbar — C:Program Filesfindercoiltbfin1.dll [2008-05-12 1470488][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2007-09-07 2403392][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{af69de43-7d58-4638-b6fa-ce66b5ad205d}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-10-25 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{67aa0145-a051-4660-a910-22da3bab1fa5} — findercoil Toolbar — C:Program Filesfindercoiltbfin1.dll [2008-05-12 1470488][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512]
«NvMediaCenter»=C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896]
«vptray»=C:PROGRA~1SYMANT~1VPTray.exe [2006-09-27 125168]
«USRpdA»=C:WINDOWSSYSTEM32USRmlnkA.exe [2001-08-23 77891]
«NvCplDaemon»=C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568]
«nwiz»=nwiz.exe /install []
«%FP%Barak013 L2TP fts.exe»=C:Program FilesBarak013Barak013_L2TPfts.exe [2004-01-07 77312]
«PinnacleDriverCheck»=C:WINDOWSsystem32PSDrvCheck.exe [2003-12-04 406016]
«THOffice»=C:Program FilesTHOfficeTHOffice.exe [2003-01-18 176128]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2006-11-03 866584]
«ctfxmon.exe»=C:WINDOWSctfxmon.exe []
«CPMbbb72e7b»=C:WINDOWSsystem32kohuhoro.dll,a [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2007-04-04 165784]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«ctfxmon.exe»=C:WINDOWSctfxmon.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregccApp]
C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDElbyCDFL]
C:Program FilesElaborate BytesCloneCDElbyCheck.exe /L ElbyCDFL [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPRONoMgr.exe]
C:Program FilesIntelNCSPROSetPRONoMgr.exe [2003-03-11 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampWinampa.exe [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=»c:windowssystem32seyayewi.dll c:windowssystem32kohuhoro.dll»[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
C:WINDOWSsystem32NavLogon.dll [2006-09-27 43760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
SSODL — {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} — c:windowssystem32kohuhoro.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorerSharedTaskScheduler]
STS — {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} — c:windowssystem32kohuhoro.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}»=C:PROGRA~1WINDOW~4MpShHook.dll [2006-11-03 83224][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinDefend]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«NoDispScrSavPage»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=91000000[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:WINDOWSsystem32winlogon.exe»=»C:WINDOWSsystem32winlogon.exe:*:Enabled:winlogon»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-04-21 19:56:53 —-A—- C:WINDOWSsystem3216565329141.dll
2009-04-19 21:27:29 —-D—- C:Program FilesMPC HomeCinema
2009-04-19 21:15:07 —-D—- C:Program FilesThe KMPlayer
2009-04-19 20:55:48 —-A—- C:WINDOWSsystem32unrar.dll
2009-04-19 20:55:46 —-A—- C:WINDOWSsystem32yv12vfw.dll
2009-04-19 20:55:46 —-A—- C:WINDOWSsystem32xvidvfw.dll
2009-04-19 20:55:46 —-A—- C:WINDOWSsystem32xvidcore.dll
2009-04-19 20:55:44 —-A—- C:WINDOWSsystem32qt-dx331.dll
2009-04-19 20:55:44 —-A—- C:WINDOWSsystem32dpl100.dll
2009-04-19 20:55:44 —-A—- C:WINDOWSsystem32divx.dll
2009-04-19 20:55:42 —-A—- C:WINDOWSsystem32ff_vfw.dll.manifest
2009-04-19 20:55:42 —-A—- C:WINDOWSsystem32ff_vfw.dll
2009-04-19 20:55:41 —-D—- C:Program FilesK-Lite Codec Pack
2009-04-19 20:55:41 —-A—- C:WINDOWSsystem32pthreadGC2.dll
2009-04-17 19:58:14 —-D—- C:Documents and SettingsHebrewApplication DataCanneverbe_Limited
2009-04-17 19:57:57 —-D—- C:Program FilesCDBurnerXP
2009-04-14 11:39:22 —-D—- C:_OTMoveIt
2009-04-12 12:33:29 —-D—- C:rsit
2009-04-04 22:36:04 —-D—- C:VundoFix Backups
2009-04-04 22:36:04 —-A—- C:VundoFix.txt
2009-03-30 21:10:06 —-D—- C:Program FilesWindows Defender
2009-03-28 14:57:23 —-D—- C:Documents and SettingsHebrewApplication DataMSN6
2009-03-28 14:57:23 —-D—- C:Documents and SettingsAll UsersApplication DataMSN6
2009-03-24 20:09:52 —-D—- C:Documents and SettingsHebrewApplication DataYandex
2009-03-24 20:08:48 —-D—- C:Program FilesMozilla Firefox======List of files/folders modified in the last 1 months======
2009-04-23 20:37:23 —-D—- C:WINDOWSTemp
2009-04-22 21:39:19 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-22 19:22:45 —-D—- C:WINDOWSPrefetch
2009-04-22 15:12:47 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-22 15:12:45 —-SD—- C:WINDOWSTasks
2009-04-21 20:33:46 —-D—- C:WINDOWS
2009-04-21 20:30:07 —-RD—- C:Program Files
2009-04-21 20:30:07 —-D—- C:WINDOWSsystem32
2009-04-19 21:29:44 —-A—- C:WINDOWSNeroDigital.ini
2009-04-19 18:56:43 —-D—- C:Program FilesCyberLink
2009-04-19 18:56:41 —-HD—- C:Program FilesInstallShield Installation Information
2009-04-19 18:55:31 —-D—- C:Program FilesDivX
2009-04-15 18:16:11 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-04-15 18:16:01 —-D—- C:WINDOWSsystem32drivers
2009-04-15 18:08:26 —-D—- C:WINDOWSHelp
2009-04-10 09:56:00 —-D—- C:WINDOWSsystem32Restore
2009-04-10 09:52:41 —-SHD—- C:System Volume Information
2009-03-31 20:26:47 —-D—- C:Program FilesSymantec AntiVirus
2009-03-31 19:54:06 —-D—- C:Program FilesSymantec
2009-03-30 21:10:15 —-SHD—- C:WINDOWSInstaller
2009-03-30 21:10:07 —-HD—- C:WINDOWSinf
2009-03-30 21:10:06 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-03-27 12:30:10 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-27 12:28:07 —-ASH—- C:WINDOWSsystem32puyekebi.dll
2009-03-27 12:28:07 —-ASH—- C:WINDOWSsystem32daluwimo.exe
2009-03-26 16:01:56 —-ASH—- C:WINDOWSsystem32heruhozu.dll
2009-03-26 16:01:56 —-ASH—- C:WINDOWSsystem32filawuzo.dll
2009-03-25 21:06:03 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-24 21:02:00 —-D—- C:WINDOWSsystem
2009-03-24 20:53:34 —-D—- C:Program FilesCommon FilesACD Systems
2009-03-24 20:46:55 —-D—- C:Documents and SettingsHebrewApplication DatauTorrent
2009-03-24 20:09:09 —-D—- C:Documents and SettingsHebrewApplication DataMozilla======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 SAVRTPEL;SAVRTPEL; ??C:Program FilesSymantec AntiVirusSavrtpel.sys []
R1 SiSkp;SiSkp; C:WINDOWSSystem32DRIVERSsrvkp.sys [2004-09-02 12928]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [2002-07-17 16877]
R2 IOSLINK;IOSLINK; ??C:WINDOWSsystem32driversIosLink.sys []
R2 irda;IrDA Protocol; C:WINDOWSSystem32DRIVERSirda.sys [2004-08-04 87424]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-08-23 55936]
R2 SetupNT;SetupNT; C:WINDOWSsystem32SetupNT.sys [2000-10-25 3000]
R3 ASAPIW2k;ASAPIW2K; C:WINDOWSsystem32driversASAPIW2k.sys [2003-12-04 11264]
R3 irsir;Microsoft Serial Infrared Driver; C:WINDOWSSystem32DRIVERSirsir.sys [2001-08-17 18688]
R3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2004-03-24 1895648]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2006-10-13 163584]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2004-08-03 9856]
R3 Rasirda;WAN Miniport (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-04 20480]
S1 AmdK7;AMD K7 Processor Driver; C:WINDOWSSystem32DRIVERSamdk7.sys [2004-08-04 37376]
S1 SAVRT;SAVRT; ??C:Program FilesSymantec AntiVirussavrt.sys []
S1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2006-08-07 195776]
S2 ElbyCDIO;ElbyCDIO Driver; C:WINDOWSSystem32DriversElbyCDIO.sys []
S2 npkcrypt;npkcrypt; ??C:Documents and SettingsHebrewDesktopmaple storynpkcrypt.sys []
S3 61883;61883 Unit Device; C:WINDOWSsystem32DRIVERS61883.sys [2004-08-04 48128]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2003-10-04 401152]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2003-12-18 639836]
S3 Arp1394;1394 ARP Client Protocol; C:WINDOWSSystem32DRIVERSarp1394.sys [2004-08-04 60800]
S3 ati2mtag;ati2mtag; C:WINDOWSSystem32DRIVERSati2mtag.sys [2004-08-04 701440]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinrvxx.sys [2004-08-04 104960]
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatintuxx.sys [2004-08-04 73216]
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinraxx.sys [2004-08-04 52224]
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinxsxx.sys [2004-08-04 63488]
S3 Avc;AVC Device; C:WINDOWSsystem32DRIVERSavc.sys [2004-08-04 38912]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:WINDOWSsystem32driverscmuda.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2003-03-04 145408]
S3 ElbyCDFL;ElbyCDFL; C:WINDOWSSystem32DriversElbyCDFL.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilDrvI7.sys []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:WINDOWSsystem32driverses1371mp.sys [2001-08-17 40704]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 HCF_MSFT;HCF_MSFT; C:WINDOWSSystem32DRIVERSHCF_MSFT.sys [2001-08-17 907456]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 MSDV;Microsoft DV Camera and VCR; C:WINDOWSSystem32DRIVERSmsdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120080926.003naveng.sys []
S3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120080926.003navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:WINDOWSSystem32DRIVERSnic1394.sys [2004-08-04 61824]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:WINDOWSsystem32DRIVERSse2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:WINDOWSsystem32DRIVERSse2Eunic.sys [2006-11-10 90800]
S3 SiS315;SiS315; C:WINDOWSSystem32DRIVERSsisgrp.sys [2004-09-03 229888]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:WINDOWSSystem32DRIVERSsisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:WINDOWSsystem32DRIVERSsscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:WINDOWSsystem32DRIVERSsscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:WINDOWSsystem32DRIVERSsscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2006-08-07 24768]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation); C:WINDOWSsystem32DRIVERSATINTTXX.sys [2004-08-04 13824]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbohci.sys [2004-08-04 17024]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver; C:WINDOWSsystem32DRIVERSUSRpdA.sys [2001-08-17 113762]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:WINDOWSSystem32DRIVERSyukonwxp.sys [2003-12-23 174464]
S4 sr;System Restore Filter Driver; C:WINDOWSC:WINDOWSsystem32DRIVERSsr.sys []
S4 ws2ifsl;????? ????? ?? ??? ????? Windows Socket 2.0 Non-IFS; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:Program FilesSymantec AntiVirusDefWatch.exe [2006-09-27 31472]
R2 Irmon;Infrared Monitor; C:WINDOWSSystem32svchost.exe [2008-11-01 14336]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NMSAccessU;NMSAccessU; C:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSSystem32nvsvc32.exe [2004-03-24 110659]
R2 NWCWorkstation;Client Service for NetWare; C:WINDOWSsystem32svchost.exe [2008-11-01 14336]
R2 NwSapAgent;SAP Agent; C:WINDOWSsystem32svchost.exe [2008-11-01 14336]
R2 Symantec AntiVirus;Symantec AntiVirus; C:Program FilesSymantec AntiVirusRtvscan.exe [2006-09-27 1813232]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R2 WinDefend;Windows Defender; C:Program FilesWindows DefenderMsMpEng.exe [2006-11-03 13592]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-09-07 138168]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE []
S3 NetSvc;Intel NCS NetService; C:Program FilesIntelNCSSyncNetSvc.exe [2003-03-03 143360]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:Program FilesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe [2006-08-07 214720]
S3 SPBBCSvc;Symantec SPBBCSvc; C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe [2006-04-11 1160848]
EOF
Насчёт звука я не помню в какой момент он исчез, так же антивирус Semantek antivirus не включается,может его стоит удалить,он мне честно надоел,и поставить другой?Тяжко, но всё сделала как ты просил.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\ctfxmon.exe deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\ctfxmon.exe deleted successfully.
========== FILES ==========
C:WINDOWStaskssajeubch.job moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32sovowuyi.dll
C:WINDOWSsystem32sovowuyi.dll NOT unregistered.
C:WINDOWSsystem32sovowuyi.dll moved successfully.
C:WINDOWSsystem32fokivilo.exe moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32vekukedu.dll
C:WINDOWSsystem32vekukedu.dll NOT unregistered.
C:WINDOWSsystem32vekukedu.dll moved successfully.
C:WINDOWSsystem32busoguze.dll.vir moved successfully.
C:WINDOWSsystem32wesokaru.exe moved successfully.
C:WINDOWSsystem32nomajuzu.exe moved successfully.
File/Folder C:WINDOWSsystem32sovowuyi.dll not found.
File/Folder C:WINDOWSsystem32fokivilo.exe not found.
File/Folder C:WINDOWSsystem32vekukedu.dll not found.
File/Folder C:WINDOWSsystem32busoguze.dll.vir not found.
File/Folder C:WINDOWSsystem32wesokaru.exe not found.
File/Folder C:WINDOWSsystem32nomajuzu.exe not found.
DllUnregisterServer procedure not found in C:WINDOWSsystem32suwumuwo.dll
C:WINDOWSsystem32suwumuwo.dll NOT unregistered.
C:WINDOWSsystem32suwumuwo.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32seyayewi.dll
C:WINDOWSsystem32seyayewi.dll NOT unregistered.
C:WINDOWSsystem32seyayewi.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32powirimu.dll
C:WINDOWSsystem32powirimu.dll NOT unregistered.
C:WINDOWSsystem32powirimu.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32lilofati.dll
C:WINDOWSsystem32lilofati.dll NOT unregistered.
C:WINDOWSsystem32lilofati.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32kujonage.dll
C:WINDOWSsystem32kujonage.dll NOT unregistered.
C:WINDOWSsystem32kujonage.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32rumerubo.dll
C:WINDOWSsystem32rumerubo.dll NOT unregistered.
C:WINDOWSsystem32rumerubo.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32jawepuwa.dll
C:WINDOWSsystem32jawepuwa.dll NOT unregistered.
C:WINDOWSsystem32jawepuwa.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32kohuhoro.dll
C:WINDOWSsystem32kohuhoro.dll NOT unregistered.
C:WINDOWSsystem32kohuhoro.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32fedozuta.dll
C:WINDOWSsystem32fedozuta.dll NOT unregistered.
C:WINDOWSsystem32fedozuta.dll moved successfully.
C:Program FilesAntiSpyware Pro moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32yoletepu.dll
C:WINDOWSsystem32yoletepu.dll NOT unregistered.
C:WINDOWSsystem32yoletepu.dll moved successfully.
File move failed. C:WINDOWSctfxmon.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:DOCUME~1HebrewLOCALS~1Tempetilqs_conMNxfjaOM3Dfx9sgXm scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaulturlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 04212009_203004
Files moved on Reboot…
C:WINDOWSctfxmon.exe moved successfully.
File C:DOCUME~1HebrewLOCALS~1Tempetilqs_conMNxfjaOM3Dfx9sgXm not found!
C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_001_ moved successfully.
C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_002_ moved successfully.
C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_003_ moved successfully.
C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaultCache_CACHE_MAP_ moved successfully.
C:Documents and SettingsHebrewLocal SettingsApplication DataMozillaFirefoxProfiles997di54e.defaulturlclassifier3.sqlite moved successfully.
Кстати у меня звук на колонках исчез, может подскажешь как востановить.Mozilla — заработала!!!!!!!!!
Спосибо.
А теперь о деле,вот лог.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========ServiceDriver 4656df52 deleted successfully.
ServiceDriver c10606f7 deleted successfully.
ServiceDriver pjstrvst deleted successfully.
ServiceDriver XDva028 deleted successfully.
ServiceDriver XDva039 deleted successfully.
ServiceDriver XDva041 deleted successfully.
ServiceDriver XDva042 deleted successfully.
ServiceDriver XDva120 deleted successfully.
ServiceDriver XDva170 deleted successfully.
ServiceDriver usprserv deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5401f76f-c658-4494-874f-2776064a814f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\malwaredef deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\ctfxmon.exe deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\ctfxmon.exe deleted successfully.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\loader deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows\»AppInit_DLLS»|»» /E : value set successfully!
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\DriversLoad deleted successfully.
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\HardwareDrivers deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa\»Notification Packages»|hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1sxxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati1xcxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2fjxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati2jnxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati3koxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4ptxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4txxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5ejxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati5koxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6dixx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati6jnxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati7wbxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8aexx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati8wcxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinfj61.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1sxxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati1xcxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2fjxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati2jnxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati3koxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4ptxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati4txxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5ejxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati5koxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6dixx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati6jnxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati7wbxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8aexx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkati8wcxx.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinfj61.sys\ deleted successfully.
========== FILES ==========
C:WINDOWSsystem32snuhrp.bak moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32yqfqra.dll
C:WINDOWSsystem32yqfqra.dll NOT unregistered.
C:WINDOWSsystem32yqfqra.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32qrbbrt.dll
C:WINDOWSsystem32qrbbrt.dll NOT unregistered.
C:WINDOWSsystem32qrbbrt.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32anrjsc.dll
C:WINDOWSsystem32anrjsc.dll NOT unregistered.
C:WINDOWSsystem32anrjsc.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32xkutum.dll
C:WINDOWSsystem32xkutum.dll NOT unregistered.
C:WINDOWSsystem32xkutum.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32ouppvs.dll
C:WINDOWSsystem32ouppvs.dll NOT unregistered.
C:WINDOWSsystem32ouppvs.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32seipvj.dll
C:WINDOWSsystem32seipvj.dll NOT unregistered.
C:WINDOWSsystem32seipvj.dll moved successfully.
C:WINDOWSsystem32wcenter.exe moved successfully.
C:Program FilesMalware Defender 2009quarantine moved successfully.
C:Program FilesMalware Defender 2009 moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32jtqbis.dll
C:WINDOWSsystem32jtqbis.dll NOT unregistered.
C:WINDOWSsystem32jtqbis.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32mqzeoh.dll
C:WINDOWSsystem32mqzeoh.dll NOT unregistered.
C:WINDOWSsystem32mqzeoh.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32dgnjjl.dll
C:WINDOWSsystem32dgnjjl.dll NOT unregistered.
C:WINDOWSsystem32dgnjjl.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32mufbhb.dll
C:WINDOWSsystem32mufbhb.dll NOT unregistered.
C:WINDOWSsystem32mufbhb.dll moved successfully.
C:WINDOWSsystem32unadezuf.ini moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32agukws.dll
C:WINDOWSsystem32agukws.dll NOT unregistered.
C:WINDOWSsystem32agukws.dll moved successfully.
C:WINDOWSsystem32idipunus.ini moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32cblmwb.dll
C:WINDOWSsystem32cblmwb.dll NOT unregistered.
C:WINDOWSsystem32cblmwb.dll moved successfully.
File move failed. C:WINDOWSctfxmon.exe scheduled to be moved on reboot.
LoadLibrary failed for C:WINDOWSctfxmon.dll
C:WINDOWSctfxmon.dll NOT unregistered.
File move failed. C:WINDOWSctfxmon.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:WINDOWSsystem32jefytqxo.dll
C:WINDOWSsystem32jefytqxo.dll NOT unregistered.
C:WINDOWSsystem32jefytqxo.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32bhixzi.dll
C:WINDOWSsystem32bhixzi.dll NOT unregistered.
C:WINDOWSsystem32bhixzi.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32mgscotpb.dll
C:WINDOWSsystem32mgscotpb.dll NOT unregistered.
C:WINDOWSsystem32mgscotpb.dll moved successfully.
Folder move failed. C:Program FilesAntiSpyware Pro scheduled to be moved on reboot.
C:WINDOWSsystem32xgqejufi.ini moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32ptyipk.dll
C:WINDOWSsystem32ptyipk.dll NOT unregistered.
C:WINDOWSsystem32ptyipk.dll moved successfully.
DllUnregisterServer procedure not found in C:WINDOWSsystem32rmictllv.dll
C:WINDOWSsystem32rmictllv.dll NOT unregistered.
C:WINDOWSsystem32rmictllv.dll moved successfully.
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworksvchost.exe moved successfully.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:Documents and SettingsHebrewLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
User’s Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.11.0 log created on 04142009_113922
Files moved on Reboot…
File C:Program FilesMalware Defender 2009quarantine not found!
File C:Program FilesMalware Defender 2009 not found!
File C:DOCUME~1HebrewLOCALS~1Temp~DF7B5B.tmp not found!
File C:DOCUME~1HebrewLOCALS~1Temp~DF8926.tmp not found!Logfile of random’s system information tool 1.06 (written by random/random)
Run by Hebrew at 2009-04-19 19:29:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (34%) free of 20 GB
Total RAM: 511 MB (20% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:38 PM, on 4/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:Program FilesBarak013Barak013_L2TPfts.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesCDBurnerXPNMSAccessU.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32rundll32.exe
C:Documents and SettingsHebrewDesktopRSIT.exe
C:Program FilesTrend MicroHijackThisHebrew.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.il/
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.vmule.com/2008home.htm
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=localhost:801;
R3 — URLSearchHook: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
R3 — URLSearchHook: Yahoo! Toolbar — {EF99BD32-C1FB-11D2-892F-0090271D4F88} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: Yahoo! Toolbar Helper — {02478D38-C3F9-4EFB-9B51-7695ECA05670} — C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
O2 — BHO: Google Toolbar Helper — {AA58ED58-01DD-4d91-8333-CF10577473F7} — c:program filesgooglegoogletoolbar1.dll
O2 — BHO: Google Toolbar Notifier BHO — {af69de43-7d58-4638-b6fa-ce66b5ad205d} — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O3 — Toolbar: findercoil Toolbar — {67aa0145-a051-4660-a910-22da3bab1fa5} — C:Program Filesfindercoiltbfin1.dll
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 — HKLM..Run: [USRpdA] C:WINDOWSSYSTEM32USRmlnkA.exe RunServices Device3cpipe-USRpdA
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [nwiz] nwiz.exe /install
O4 — HKLM..Run: [%FP%Barak013 L2TP fts.exe] «C:Program FilesBarak013Barak013_L2TPfts.exe»
O4 — HKLM..Run: [PinnacleDriverCheck] C:WINDOWSsystem32PSDrvCheck.exe -CheckReg
O4 — HKLM..Run: [THOffice] C:Program FilesTHOfficeTHOffice.exe
O4 — HKLM..Run: [Windows Defender] «C:Program FilesWindows DefenderMSASCui.exe» -hide
O4 — HKLM..Run: [ctfxmon.exe] C:WINDOWSctfxmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [DAEMON Tools] «C:Program FilesDAEMON Toolsdaemon.exe» -lang 1033
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [ctfxmon.exe] C:WINDOWSctfxmon.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-19..Run: [begihedero] Rundll32.exe «C:WINDOWSsystem32tutepega.dll»,s (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User ‘Default user’)
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — F:icqICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — F:icqICQ6ICQ.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O10 — Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 — Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1085153876706
O16 — DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} — http://download.divx.com/player/DivXBrowserPlugin.cab
O17 — HKLMSystemCCSServicesTcpip..{3944AA6F-F372-47E8-8E2A-D2ED4D61C062}: NameServer = 194.90.1.5
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Automatic LiveUpdate Scheduler — Unknown owner — C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing)
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 — Service: Symantec AntiVirus Definition Watcher (DefWatch) — Symantec Corporation — C:Program FilesSymantec AntiVirusDefWatch.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: LiveUpdate — Unknown owner — C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE (file missing)
O23 — Service: Intel NCS NetService (NetSvc) — Intel(R) Corporation — C:Program FilesIntelNCSSyncNetSvc.exe
O23 — Service: NMIndexingService — Unknown owner — C:Program FilesCommon FilesNeroLibNMIndexingService.exe (file missing)
O23 — Service: NMSAccessU — Unknown owner — C:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSSystem32nvsvc32.exe
O23 — Service: SAVRoam (SavRoam) — symantec — C:Program FilesSymantec AntiVirusSavRoam.exe
O23 — Service: Symantec Network Drivers Service (SNDSrvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 — Service: Symantec SPBBCSvc (SPBBCSvc) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 — Service: Symantec AntiVirus — Symantec Corporation — C:Program FilesSymantec AntiVirusRtvscan.exe—
End of file — 7729 bytes======Scheduled tasks folder======
C:WINDOWStasksMP Scheduled Scan.job
C:WINDOWStaskssajeubch.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper — C:Program FilesYahoo!CompanionInstallscpnyt.dll [2006-10-26 440384][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx [2001-03-02 37808][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2007-09-13 1312040][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{67aa0145-a051-4660-a910-22da3bab1fa5}]
findercoil Toolbar — C:Program Filesfindercoiltbfin1.dll [2008-05-12 1470488][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper — c:program filesgooglegoogletoolbar1.dll [2007-09-07 2403392][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{af69de43-7d58-4638-b6fa-ce66b5ad205d}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-10-25 737776][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{67aa0145-a051-4660-a910-22da3bab1fa5} — findercoil Toolbar — C:Program Filesfindercoiltbfin1.dll [2008-05-12 1470488][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512]
«NvMediaCenter»=C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896]
«vptray»=C:PROGRA~1SYMANT~1VPTray.exe [2006-09-27 125168]
«USRpdA»=C:WINDOWSSYSTEM32USRmlnkA.exe [2001-08-23 77891]
«NvCplDaemon»=C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568]
«nwiz»=nwiz.exe /install []
«%FP%Barak013 L2TP fts.exe»=C:Program FilesBarak013Barak013_L2TPfts.exe [2004-01-07 77312]
«PinnacleDriverCheck»=C:WINDOWSsystem32PSDrvCheck.exe [2003-12-04 406016]
«THOffice»=C:Program FilesTHOfficeTHOffice.exe [2003-01-18 176128]
«Windows Defender»=C:Program FilesWindows DefenderMSASCui.exe [2006-11-03 866584]
«ctfxmon.exe»=C:WINDOWSctfxmon.exe [2009-03-16 53248][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]
«DAEMON Tools»=C:Program FilesDAEMON Toolsdaemon.exe [2007-04-04 165784]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«ctfxmon.exe»=C:WINDOWSctfxmon.exe [2009-03-16 53248][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregccApp]
C:Program FilesCommon FilesSymantec SharedccApp.exe [2006-07-19 52896][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDElbyCDFL]
C:Program FilesElaborate BytesCloneCDElbyCheck.exe /L ElbyCDFL [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSSystem32NvCpl.dll [2004-03-24 3309568][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSSystem32NvMcTray.dll [2004-03-24 46080][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install [][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPRONoMgr.exe]
C:Program FilesIntelNCSPROSetPRONoMgr.exe [2003-03-11 86016][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2003-12-18 64512][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampWinampa.exe [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyNavLogon]
C:WINDOWSsystem32NavLogon.dll [2006-09-27 43760][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}»=C:PROGRA~1WINDOW~4MpShHook.dll [2006-11-03 83224][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
nwprovau
C:WINDOWSsystem32urqOIyaw[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWinDefend]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«NoDispScrSavPage»=0[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=91000000[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:WINDOWSsystem32winlogon.exe»=»C:WINDOWSsystem32winlogon.exe:*:Enabled:winlogon»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»======List of files/folders created in the last 1 months======
2009-04-19 18:46:47 —-A—- C:WINDOWSsystem3215464723541.dll
2009-04-17 19:58:14 —-D—- C:Documents and SettingsHebrewApplication DataCanneverbe_Limited
2009-04-17 19:57:57 —-D—- C:Program FilesCDBurnerXP
2009-04-14 11:39:22 —-D—- C:_OTMoveIt
2009-04-12 12:33:29 —-D—- C:rsit
2009-04-04 22:36:04 —-D—- C:VundoFix Backups
2009-04-04 22:36:04 —-A—- C:VundoFix.txt
2009-03-30 21:10:06 —-D—- C:Program FilesWindows Defender
2009-03-28 14:57:23 —-D—- C:Documents and SettingsHebrewApplication DataMSN6
2009-03-28 14:57:23 —-D—- C:Documents and SettingsAll UsersApplication DataMSN6
2009-03-24 20:09:52 —-D—- C:Documents and SettingsHebrewApplication DataYandex
2009-03-24 20:08:48 —-D—- C:Program FilesMozilla Firefox======List of files/folders modified in the last 1 months======
2009-04-19 19:12:52 —-D—- C:WINDOWS
2009-04-19 19:12:52 —-A—- C:WINDOWSNeroDigital.ini
2009-04-19 19:09:53 —-D—- C:WINDOWSTemp
2009-04-19 18:57:24 —-RD—- C:Program Files
2009-04-19 18:57:18 —-D—- C:WINDOWSPrefetch
2009-04-19 18:56:43 —-D—- C:Program FilesCyberLink
2009-04-19 18:56:41 —-HD—- C:Program FilesInstallShield Installation Information
2009-04-19 18:56:03 —-D—- C:WINDOWSsystem32
2009-04-19 18:55:31 —-D—- C:Program FilesDivX
2009-04-19 18:49:28 —-SD—- C:WINDOWSTasks
2009-04-19 18:47:05 —-D—- C:WINDOWSsystem32CatRoot2
2009-04-18 22:26:35 —-A—- C:WINDOWSSchedLgU.Txt
2009-04-15 18:16:11 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-04-15 18:16:01 —-D—- C:WINDOWSsystem32drivers
2009-04-15 18:08:26 —-D—- C:WINDOWSHelp
2009-04-10 09:56:00 —-D—- C:WINDOWSsystem32Restore
2009-04-10 09:52:41 —-SHD—- C:System Volume Information
2009-03-31 20:26:47 —-D—- C:Program FilesSymantec AntiVirus
2009-03-31 19:54:06 —-D—- C:Program FilesSymantec
2009-03-30 21:10:15 —-SHD—- C:WINDOWSInstaller
2009-03-30 21:10:07 —-HD—- C:WINDOWSinf
2009-03-30 21:10:06 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-03-29 20:05:08 —-ASH—- C:WINDOWSsystem32sovowuyi.dll
2009-03-29 20:05:08 —-ASH—- C:WINDOWSsystem32fokivilo.exe
2009-03-28 21:41:16 —-ASH—- C:WINDOWSsystem32vekukedu.dll
2009-03-28 21:41:15 —-ASH—- C:WINDOWSsystem32busoguze.dll.vir
2009-03-28 21:41:14 —-ASH—- C:WINDOWSsystem32wesokaru.exe
2009-03-28 09:40:50 —-ASH—- C:WINDOWSsystem32nomajuzu.exe
2009-03-27 12:30:10 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-27 12:28:07 —-ASH—- C:WINDOWSsystem32puyekebi.dll
2009-03-27 12:28:07 —-ASH—- C:WINDOWSsystem32daluwimo.exe
2009-03-26 16:01:56 —-ASH—- C:WINDOWSsystem32heruhozu.dll
2009-03-26 16:01:56 —-ASH—- C:WINDOWSsystem32filawuzo.dll
2009-03-25 21:06:03 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-25 15:53:09 —-ASH—- C:WINDOWSsystem32suwumuwo.dll
2009-03-24 21:02:00 —-D—- C:WINDOWSsystem
2009-03-24 20:53:34 —-D—- C:Program FilesCommon FilesACD Systems
2009-03-24 20:46:55 —-D—- C:Documents and SettingsHebrewApplication DatauTorrent
2009-03-24 20:09:09 —-D—- C:Documents and SettingsHebrewApplication DataMozilla
2009-03-24 18:49:22 —-ASH—- C:WINDOWSsystem32seyayewi.dll
2009-03-24 18:49:20 —-ASH—- C:WINDOWSsystem32powirimu.dll
2009-03-23 20:44:38 —-ASH—- C:WINDOWSsystem32lilofati.dll
2009-03-22 19:02:31 —-ASH—- C:WINDOWSsystem32kozezupo.dll
2009-03-22 19:02:25 —-ASH—- C:WINDOWSsystem32kujonage.dll
2009-03-21 21:54:29 —-D—- C:Temp
2009-03-21 11:29:51 —-ASH—- C:WINDOWSsystem32rumerubo.dll
2009-03-21 11:29:50 —-ASH—- C:WINDOWSsystem32wonizaki.dll
2009-03-21 11:24:01 —-ASH—- C:WINDOWSsystem32jawepuwa.dll
2009-03-21 11:23:59 —-ASH—- C:WINDOWSsystem32kohuhoro.dll
2009-03-21 11:23:59 —-ASH—- C:WINDOWSsystem32fedozuta.dll
2009-03-20 22:21:04 —-D—- C:Program FilesAntiSpyware Pro
2009-03-20 20:57:20 —-D—- C:WINDOWSsystem32config
2009-03-20 14:03:29 —-D—- C:Documents and SettingsHebrewApplication DataSkype
2009-03-20 13:27:53 —-ASH—- C:WINDOWSsystem32yoletepu.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 SAVRTPEL;SAVRTPEL; ??C:Program FilesSymantec AntiVirusSavrtpel.sys []
R1 SiSkp;SiSkp; C:WINDOWSSystem32DRIVERSsrvkp.sys [2004-09-02 12928]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [2002-07-17 16877]
R2 IOSLINK;IOSLINK; ??C:WINDOWSsystem32driversIosLink.sys []
R2 irda;IrDA Protocol; C:WINDOWSSystem32DRIVERSirda.sys [2004-08-04 87424]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2001-08-23 55936]
R2 SetupNT;SetupNT; C:WINDOWSsystem32SetupNT.sys [2000-10-25 3000]
R3 ASAPIW2k;ASAPIW2K; C:WINDOWSsystem32driversASAPIW2k.sys [2003-12-04 11264]
R3 irsir;Microsoft Serial Infrared Driver; C:WINDOWSSystem32DRIVERSirsir.sys [2001-08-17 18688]
R3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2004-03-24 1895648]
R3 NWRDR;NetWare Rdr; C:WINDOWSsystem32DRIVERSnwrdr.sys [2006-10-13 163584]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2004-08-03 9856]
R3 Rasirda;WAN Miniport (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-04 20480]
S1 AmdK7;AMD K7 Processor Driver; C:WINDOWSSystem32DRIVERSamdk7.sys [2004-08-04 37376]
S1 SAVRT;SAVRT; ??C:Program FilesSymantec AntiVirussavrt.sys []
S1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2006-08-07 195776]
S2 ElbyCDIO;ElbyCDIO Driver; C:WINDOWSSystem32DriversElbyCDIO.sys []
S2 npkcrypt;npkcrypt; ??C:Documents and SettingsHebrewDesktopmaple storynpkcrypt.sys []
S3 61883;61883 Unit Device; C:WINDOWSsystem32DRIVERS61883.sys [2004-08-04 48128]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2003-10-04 401152]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2003-12-18 639836]
S3 Arp1394;1394 ARP Client Protocol; C:WINDOWSSystem32DRIVERSarp1394.sys [2004-08-04 60800]
S3 ati2mtag;ati2mtag; C:WINDOWSSystem32DRIVERSati2mtag.sys [2004-08-04 701440]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinrvxx.sys [2004-08-04 104960]
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatintuxx.sys [2004-08-04 73216]
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinraxx.sys [2004-08-04 52224]
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinxsxx.sys [2004-08-04 63488]
S3 Avc;AVC Device; C:WINDOWSsystem32DRIVERSavc.sys [2004-08-04 38912]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:WINDOWSsystem32driverscmuda.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2003-03-04 145408]
S3 ElbyCDFL;ElbyCDFL; C:WINDOWSSystem32DriversElbyCDFL.sys []
S3 EraserUtilDrvI7;EraserUtilDrvI7; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilDrvI7.sys []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:WINDOWSsystem32driverses1371mp.sys [2001-08-17 40704]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 HCF_MSFT;HCF_MSFT; C:WINDOWSSystem32DRIVERSHCF_MSFT.sys [2001-08-17 907456]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 MSDV;Microsoft DV Camera and VCR; C:WINDOWSSystem32DRIVERSmsdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:WINDOWSsystem32DRIVERSatinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120080926.003naveng.sys []
S3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120080926.003navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:WINDOWSSystem32DRIVERSnic1394.sys [2004-08-04 61824]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:WINDOWSsystem32DRIVERSse2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:WINDOWSsystem32DRIVERSse2Eunic.sys [2006-11-10 90800]
S3 SiS315;SiS315; C:WINDOWSSystem32DRIVERSsisgrp.sys [2004-09-03 229888]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:WINDOWSSystem32DRIVERSsisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:WINDOWSsystem32DRIVERSsscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:WINDOWSsystem32DRIVERSsscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:WINDOWSsystem32DRIVERSsscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2006-08-07 24768]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation); C:WINDOWSsystem32DRIVERSATINTTXX.sys [2004-08-04 13824]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbohci.sys [2004-08-04 17024]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver; C:WINDOWSsystem32DRIVERSUSRpdA.sys [2001-08-17 113762]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:WINDOWSSystem32DRIVERSyukonwxp.sys [2003-12-23 174464]
S4 sr;System Restore Filter Driver; C:WINDOWSC:WINDOWSsystem32DRIVERSsr.sys []
S4 ws2ifsl;????? ????? ?? ??? ????? Windows Socket 2.0 Non-IFS; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:Program FilesSymantec AntiVirusDefWatch.exe [2006-09-27 31472]
R2 Irmon;Infrared Monitor; C:WINDOWSSystem32svchost.exe [2008-11-01 14336]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NMSAccessU;NMSAccessU; C:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSSystem32nvsvc32.exe [2004-03-24 110659]
R2 NWCWorkstation;Client Service for NetWare; C:WINDOWSsystem32svchost.exe [2008-11-01 14336]
R2 NwSapAgent;SAP Agent; C:WINDOWSsystem32svchost.exe [2008-11-01 14336]
R2 Symantec AntiVirus;Symantec AntiVirus; C:Program FilesSymantec AntiVirusRtvscan.exe [2006-09-27 1813232]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
R2 WinDefend;Windows Defender; C:Program FilesWindows DefenderMsMpEng.exe [2006-11-03 13592]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-09-07 138168]
S3 LiveUpdate;LiveUpdate; C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE []
S3 NetSvc;Intel NCS NetService; C:Program FilesIntelNCSSyncNetSvc.exe [2003-03-03 143360]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesNeroLibNMIndexingService.exe []
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:Program FilesSymantec AntiVirusSavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe [2006-08-07 214720]
S3 SPBBCSvc;Symantec SPBBCSvc; C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe [2006-04-11 1160848]
EOF
Кстати программа EMule у меня как нестранно работает, я проверяла ,а вот Mozilla показывает Проски — сервер отказывается принимать соединения,
прошу помогите, у меня все работы в универститете через интернет,подруга меня уже видить не может ей тоже заниматься надо.
Заранее благодарим.
