[kimmy456]

Сделала как вы просили, вот лог:

ComboFix 09-03-14.01 — VanHieu 2009-03-27 18:14:17.3 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.495.213 [GMT 3:00]
Running from: c:documents and settingsVanHieuMy DocumentsDownloadsComboFix.exe
Command switches used :: c:documents and settingsVanHieuDesktopCFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
— REDUCED FUNCTIONALITY MODE —

FILE ::
C:q0dhfjf.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:q0dhfjf.exe
c:windowssystem32nmdfgds0.dll
c:windowssystem32nmdfgds1.dll
c:windowssystem32nmdfgds2.dll
c:windowssystem32olhrwef.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-27 18:11 . 2009-03-08 21:12 d

---

C:32788R22FWJFW
2009-03-26 10:53 . 2009-03-26 10:53 d—hs—- C:FOUND.008
2009-03-23 21:24 . 2009-03-23 21:23 109,692 -r-hs—- C:em8tqm.cmd
2009-03-22 14:45 . 2009-03-22 14:45 d

---

c:documents and settingsVanHieuApplication DataBroad Intelligence
2009-03-22 01:04 . 2009-03-23 21:23 109,692 -r-hs—- C:jm3cx96.bat
2009-03-22 01:03 . 2009-03-19 19:08 111,242 -r-hs—- C:gyn.cmd
2009-03-21 23:12 . 2009-03-22 01:00 457,121,082 —a

---

C:Boys.Over.Flowers.E18.KOR.090309.HDTV.XviD-Ental.svi
2009-03-21 19:29 . 2009-03-21 19:29 d—hs—- C:FOUND.007
2009-03-21 17:04 . 2009-03-21 17:04 d

---

c:program filesDirectVobSub
2009-03-21 16:27 . 2005-08-25 22:10 9,804 —a

---

c:windowssystemvdremote.dll
2009-03-21 16:27 . 2005-08-25 22:09 7,244 —a

---

c:windowssystemvdsvrlnk.dll
2009-03-18 07:27 . 2009-03-23 23:12 65 —a

---

c:windowsFISHUI.INI
2009-03-17 22:06 . 2009-03-17 22:06 d

---

c:program filesMediaCoder
2009-03-16 18:21 . 2009-03-16 18:21 d

---

c:program filesK-Lite Codec Pack
2009-03-16 18:21 . 2008-09-24 21:41 839,680 —a

---

c:windowssystem32lameACM.acm
2009-03-16 18:21 . 2008-12-07 21:08 795,648 —a

---

c:windowssystem32xvidcore.dll
2009-03-16 18:21 . 2008-11-06 19:33 684,032 —a

---

c:windowssystem32divx.dll
2009-03-16 18:21 . 2004-01-25 19:18 217,088 —a

---

c:windowssystem32yv12vfw.dll
2009-03-16 18:21 . 2008-12-07 21:08 130,048 —a

---

c:windowssystem32xvidvfw.dll
2009-03-16 18:21 . 2007-09-21 03:52 118,784 —a

---

c:windowssystem32ac3acm.acm
2009-03-16 18:21 . 2009-02-09 21:56 67,584 —a

---

c:windowssystem32ff_vfw.dll
2009-03-16 18:21 . 2007-07-10 19:10 547 —a

---

c:windowssystem32ff_vfw.dll.manifest
2009-03-16 18:21 . 2008-10-03 15:30 414 —a

---

c:windowssystem32lame_acm.xml
2009-03-16 17:37 . 2009-03-16 17:37 d

---

c:documents and settingsVanHieuApplication DataDataCast
2009-03-16 12:47 . 2009-03-16 12:47 d

---

c:documents and settingsLocalServiceApplication DataSACore
2009-03-16 12:44 . 2009-03-16 12:44 d

---

c:documents and settingsAll UsersApplication DataSiteAdvisor
2009-03-16 12:43 . 2009-03-16 12:43 d

---

c:program filesMcAfee
2009-03-16 12:43 . 2009-03-16 12:44 d

---

c:program filesCommon FilesMcAfee
2009-03-16 12:43 . 2009-03-16 12:43 d

---

c:documents and settingsAll UsersApplication DataMcAfee
2009-03-16 12:29 . 2009-03-17 12:59 111,435 -r-hs—- C:luk1ylq.com
2009-03-16 12:16 . 2009-03-16 12:16 577,024 —a

---

c:windowssystem32dllcacheuser32.dll
2009-03-16 12:14 . 2009-03-16 12:14 d

---

c:windowsERUNT
2009-03-16 12:07 . 2008-11-06 02:03 d

---

C:SDFix
2009-03-16 12:05 . 2009-03-16 12:06 d

---

c:program filesNT Registry Optimizer
2009-03-16 12:04 . 2009-03-16 12:04 d

---

c:program filesERUNT
2009-03-16 11:58 . 2009-03-16 11:58 d

---

c:program filesCCleaner
2009-03-16 08:32 . 2009-03-16 08:32 d

---

C:_OTMoveIt
2009-03-15 10:34 . 2009-03-15 10:34 d

---

c:documents and settingsVanHieuApplication DataWinPatrol
2009-03-15 10:20 . 2009-03-15 10:20 d

---

c:program filesBillP Studios
2009-03-13 07:54 . 2009-03-13 07:54 d

---

C:rsit
2009-03-13 07:54 . 2009-03-13 07:54 d

---

c:program filestrend micro
2009-03-11 20:08 . 2009-03-11 20:08 d

---

c:documents and settingsVanHieuApplication DataMalwarebytes
2009-03-11 20:08 . 2009-02-11 10:19 15,504 —a

---

c:windowssystem32driversmbam.sys
2009-03-11 20:07 . 2009-03-11 20:07 d

---

c:program filesMalwarebytes’ Anti-Malware
2009-03-11 20:07 . 2009-03-11 20:07 d

---

c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 20:07 . 2009-02-11 10:19 38,496 —a

---

c:windowssystem32driversmbamswissarmy.sys
2009-03-11 19:25 . 2009-03-11 19:25 d

---

C:VundoFix Backups
2009-03-11 12:05 . 2009-03-11 12:05 d—hs—- C:FOUND.006
2009-03-09 21:14 . 2009-03-09 21:14 d

---

c:documents and settingsVanHieuApplication DataSamsung
2009-03-09 16:09 . 2009-03-09 16:09 d

---

c:program filesTVAnts
2009-03-07 23:56 . 2006-05-03 22:53 174,592 —a

---

c:windowssystem32framedyn.dll
2009-03-07 23:55 . 2009-03-07 23:55 d

---

c:windowssystem32Samsung_USB_Drivers
2009-03-07 23:55 . 2005-08-30 01:49 94,000 —a

---

c:windowssystem32driversssm_mdm.sys
2009-03-07 23:55 . 2005-08-30 01:47 58,320 —a

---

c:windowssystem32driversssm_bus.sys
2009-03-07 23:55 . 2005-08-30 01:49 8,336 —a

---

c:windowssystem32driversssm_mdfl.sys
2009-03-07 23:55 . 2005-08-30 01:49 6,176 —a

---

c:windowssystem32driversssm_cmnt.sys
2009-03-07 23:55 . 2005-08-30 01:49 6,176 —a

---

c:windowssystem32driversssm_cm.sys
2009-03-07 23:55 . 2005-08-30 01:47 5,840 —a

---

c:windowssystem32driversssm_whnt.sys
2009-03-07 23:55 . 2005-08-30 01:47 5,840 —a

---

c:windowssystem32driversssm_wh.sys
2009-03-07 23:54 . 2006-07-24 16:05 5,632 —a

---

c:windowssystem32driversStarOpen.sys
2009-03-07 23:54 . 2005-08-28 20:51 766 —a

---

c:windowssystem32Uninstall.ico
2009-03-07 23:15 . 2009-03-07 23:15 d

---

c:program filesHelaBasa
2009-03-07 20:14 . 2001-11-12 13:30 827,156 —a

---

c:windowssystem32sheadg.ttf
2009-03-07 19:53 . 2009-03-07 19:53 d

---

c:program filesKorean HakGyo
2009-03-07 19:46 . 2009-03-07 19:46 d

---

c:documents and settingsAll UsersApplication DataTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

---

c:program filesTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

---

c:program filesCommon FilesTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

---

c:documents and settingsVanHieuApplication DataTavultesoft
2009-03-07 18:01 . 2009-03-07 18:01 d

---

c:program filesAgilingua
2009-03-07 18:00 . 2009-03-07 18:00 d

---

c:windowsFlash Card Factory
2009-03-07 18:00 . 2009-03-07 18:00 d

---

c:program filesFlash Card Factory
2009-03-07 16:53 . 2004-09-14 14:53 13,323 —a

---

c:windowsXPE_MUIService Pack 1 KoreanEULA.rtf
2009-03-07 16:52 . 2004-10-01 12:35 13,260 —a

---

c:windowsXPE_MUIService Pack 2 KoreanEULA.rtf
2009-03-07 16:27 . 2009-03-07 16:25 13,463,552 —a

---

c:windowssystem32dllcachehwxjpn.dll
2009-03-07 16:22 . 2009-03-07 16:22 d

---

c:windowsSxsCaPendDel
2009-03-07 15:19 . 2009-03-07 15:19 50 —a

---

c:windowsMegaManager.INI
2009-03-06 15:41 . 2009-03-07 16:06 180,258 —a

---

c:windowssystem32dllcachec_20000.nls
2009-03-06 15:41 . 2009-03-07 16:06 180,258 —a

---

c:windowssystem32c_20000.nls
2009-03-06 15:41 . 2009-03-07 15:30 162,850 —a

---

c:windowssystem32dllcachec_10001.nls
2009-03-06 15:41 . 2009-03-07 15:30 162,850 —a

---

c:windowssystem32c_10001.nls
2009-03-06 15:41 . 2009-03-07 16:10 57,398 —a

---

c:windowssystem32dllcacheimjpdadm.exe
2009-03-06 13:11 . 2009-03-06 13:11 d

---

c:windowssystem321049
2009-03-06 13:11 . 2001-12-05 04:00 65,536 —a

---

c:windowssystem32WMErrRUS.dll
2009-03-06 13:11 . 2001-12-05 04:00 36,388 —a

---

c:windowsWMPrfRUS.prx
2009-03-06 12:49 . 2004-10-01 13:35 13,260 —a

---

c:windowsXPE_MUIService Pack 2 RussianEULA.rtf
2009-03-06 12:35 . 2004-09-15 15:15 12,757 —a

---

c:windowsXPE_SP2EULA.rtf
2009-03-06 08:12 . 2009-03-06 08:12 d

---

c:program filesMicrosoft SQL Server
2009-03-06 08:12 . 2002-12-17 16:23 33,340

---

c:windowssystem32dbmsqlgc.dll
2009-03-06 08:12 . 2002-10-20 14:05 24,576

---

c:windowssystem32dbmsgnet.dll
2009-03-06 01:31 . 2009-03-06 01:31 d

---

c:program filesWindows Embedded
2009-03-05 22:01 . 2009-03-05 22:01 d

---

c:windowsServicePackFiles
2009-03-05 22:00 . 2004-07-17 11:40 19,528 —a

---

c:windows000001_.tmp
2009-03-05 22:00 . 2004-08-03 22:42 15,872 —a

---

c:windowssystem32spupdsvc.exe
2009-03-03 15:25 . 2009-03-03 15:26 d

---

c:documents and settingsVanHieuApplication DataDivX
2009-03-03 15:23 . 2008-11-06 19:37 129,784

---

c:windowssystem32pxafs.dll
2009-03-03 15:23 . 2008-11-06 19:37 120,056

---

c:windowssystem32pxcpyi64.exe
2009-03-03 15:23 . 2008-11-06 19:37 118,520

---

c:windowssystem32pxinsi64.exe
2009-03-03 15:23 . 2008-11-06 19:37 9,464

---

c:windowssystem32driverscdralw2k.sys
2009-03-03 15:23 . 2008-11-06 19:37 9,336

---

c:windowssystem32driverscdr4_xp.sys
2009-03-02 09:52 . 2009-03-02 09:52 d

---

c:program filesAimersoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 13:25 10,129,408 —-a-w c:windowssystem32dllcachehwxkor.dll
2009-03-07 13:25 10,096,640 —-a-w c:windowssystem32dllcachehwxcht.dll
2009-03-07 13:23 44,032 —-a-w c:windowssystem32dllcacheimekrmig.exe
2009-03-07 13:23 311,359 —-a-w c:windowssystem32dllcacheimepadsv.exe
2009-03-07 13:23 143,422 —-a-w c:windowssystem32dllcachesoftkey.dll
2009-03-07 13:23 102,463 —-a-w c:windowssystem32dllcacheimepadsm.dll
2009-03-07 13:18 471,102 —-a-w c:windowssystem32dllcacheimskdic.dll
2009-03-07 13:17 70,656 —-a-w c:windowssystem32korwbrkr.dll
2009-03-07 13:17 70,656 —-a-w c:windowssystem32dllcachekorwbrkr.dll
2009-03-07 12:58 1,677,824 —-a-w c:windowssystem32dllcachechsbrkr.dll
2009-03-07 12:58 1,677,824 —-a-w c:windowssystem32chsbrkr.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0804.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0412.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0411.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0404.dll
2009-03-07 12:44 838,144 —-a-w c:windowssystem32dllcachechtbrkr.dll
2009-03-07 12:44 838,144 —-a-w c:windowssystem32chtbrkr.dll
2009-03-07 12:21 47,360 —-a-w c:documents and settingsVanHieuApplication Datapcouffin.sys
2009-03-07 11:53 36,927 —-a-w c:windowssystem32dllcachepadrs411.dll
2009-03-07 11:53 36,864 —-a-w c:windowssystem32dllcachehanjadic.dll
2009-03-07 11:53 229,439 —-a-w c:windowssystem32dllcachemultibox.dll
2009-03-07 11:53 14,336 —-a-w c:windowssystem32dllcachepadrs412.dll
2009-03-06 15:42 59,904 —-a-w c:windowssystem32dllcacheimkrinst.exe
2009-03-06 13:27 315,452 —-a-w c:windowssystem32dllcacheimskf.dll
2009-03-06 13:25 45,109 —-a-w c:windowssystem32dllcacheimjpuex.exe
2009-03-06 13:24 98,304 —-a-w c:windowssystem32msir3jp.dll
2009-03-06 13:24 98,304 —-a-w c:windowssystem32dllcachemsir3jp.dll
2009-02-23 10:49

---

d

---

w c:documents and settingsVanHieuApplication Datavlc
2009-02-23 10:48

---

d

---

w c:program filesVideoLAN
2009-02-22 16:53

---

d

---

w c:program filesOnline TV Player 4
2009-02-20 16:33

---

d

---

w c:program filesURUSoft
2009-02-11 17:03

---

d

---

w c:program filesGenieSoft
2009-02-10 19:17

---

d

---

w c:program filesVSTPlugins
2009-02-10 19:17

---

d

---

w c:documents and settingsVanHieuApplication DataGenieSoft
2009-02-09 21:40

---

d

---

w c:program filesCommon FilesSkype
2009-02-09 21:39

---

d

---

r c:program filesSkype
2009-01-31 12:10

---

d

---

w c:documents and settingsVanHieuApplication Datacom.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-01-31 12:09

---

d

---

w c:program filesCommon FilesAdobe AIR
2009-01-30 15:40

---

d

---

w c:documents and settingsVanHieuApplication Dataled
2009-01-30 15:39 98,304 —-a-w c:windowssystem32CmdLineExt.dll
2009-01-30 15:39

---

d—h—r c:documents and settingsVanHieuApplication DataSecuROM
2009-01-30 15:39

---

d

---

w c:program filesIDM
2009-01-03 14:57 410,984 —-a-w c:windowssystem32deploytk.dll
2006-08-15 17:42 3,408 —-a-w c:windowsinfInfo.vbs
.

((((((((((((((((((((((((((((( SnapShot_2009-03-21_19.49.16.00 )))))))))))))))))))))))))))))))))))))))))
.
— 2009-03-16 17:00:46 9,662 —-a-r c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}ARPPRODUCTICON.exe
+ 2009-03-21 18:02:20 9,662 —-a-r c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}ARPPRODUCTICON.exe
— 2009-03-16 17:01:40 16,564 —-a-w c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}emodio.dat
+ 2009-03-21 18:03:32 16,564 —-a-w c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}emodio.dat
+ 2009-03-27 15:18:04 16,384 —-a-w c:windowsTempPerflib_Perfdata_198.dat
+ 2009-03-27 15:17:56 16,384 —-a-w c:windowsTempPerflib_Perfdata_7bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«STYLEXP»=»c:program filesTGTSoftStyleXPStyleXP.exe» [2005-07-21 1359872]
«UniKey»=»c:program filesUnikey 3.6UniKeyNT.exe» [2003-01-29 77824]
«Messenger (Yahoo!)»=»c:program filesYahoo!MessengerYahooMessenger.exe» [2008-11-05 4347120]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-04 1667584]
«BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2008-12-19 342848]
«Google Update»=»c:documents and settingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-11-05 133104]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-01-29 23975720]
«LDM»=»c:program filesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe» [BU]
«cdoosoft»=»c:windowssystem32olhrwef.exe» [BU]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«igfxtray»=»c:windowssystem32igfxtray.exe» [2005-09-20 94208]
«igfxhkcmd»=»c:windowssystem32hkcmd.exe» [2005-09-20 77824]
«igfxpers»=»c:windowssystem32igfxpers.exe» [2005-09-20 114688]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-07-13 98304]
«LVCOMSX»=»c:windowssystem32LVCOMSX.EXE» [2004-02-25 221184]
«LogitechVideoRepair»=»c:program filesLogitechVideoISStart.exe» [2004-02-25 454656]
«LogitechVideoTray»=»c:program filesLogitechVideoLogiTray.exe» [2004-02-25 212992]
«dla»=»c:windowssystem32dlatfswctrl.exe» [2002-05-09 102455]
«DVDBitSet»=»c:program filesHP CD-DVDUmbrellaDVDBitSet.exe» [2002-05-01 200704]
«HPCDTray»=»c:program filesHP CD-DVDUmbrellahpcdtray.exe» [2001-10-17 69632]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2008-09-18 185896]
«hpppta»=»c:program filesHewlett-PackardHP PrecisionScanPrecisionScan Prohpppta.exe» [2000-06-02 86016]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-01-03 136600]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«IMJPMIG8.1″=»c:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-03 208952]
«MSPY2002″=»c:windowssystem32IMEPINTLGNTImScInst.exe» [2004-08-03 59392]
«PHIME2002ASync»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-03 455168]
«PHIME2002A»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-03 455168]
«WinPatrol Russian v.2″=»c:program filesBillP StudiosWinPatrolwinpatrol.exe» [2007-08-06 292152]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-04 15360]

c:documents and settingsVanHieuStart MenuProgramsStartup
PowerReg Scheduler.exe [2008-08-30 225280]

c:documents and settingsAll UsersStart MenuProgramsStartup
Logitech Desktop Messenger.lnk — c:program filesLogitechDesktop Messenger8876480ProgramLDMConf.exe [2008-08-29 169472]
RAMASST.lnk — c:windowssystem32RAMASST.exe [2008-10-16 155648]
Service Manager.lnk — c:program filesMicrosoft SQL Server80ToolsBinnsqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.enc»= ITIG726.acm

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmtd2002Svr]
—a

---

2002-10-05 13:05 544768 c:program filesmtd2002mtdserver.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSTYLEXP]
—a

---

2005-07-21 05:57 1359872 c:program filesTGTSoftStyleXPStyleXP.exe

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\mtd2002\mtdserver.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe»=
«c:\Program Files\DNA\btdna.exe»=
«c:\Program Files\BitTorrent\bittorrent.exe»=
«c:\WINDOWS\System32\muzapp.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\TVAnts\Tvants.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

R1 hpcd2k;hpcd2k;c:windowssystem32drivershpcd2k.sys [2008-08-30 4421]
R2 Rbspxe;Remote Boot Service;c:windowsSystem32svchost.exe -k RBS [2004-08-04 14336]
R2 TFTPD;Trivial File Transfer Protocol;c:program filesWindows EmbeddedRemote Boot Servicetftpd.exe [2004-08-31 19484]
S3 CrystalSysInfo;CrystalSysInfo;c:program filesMediaCoderSysInfo.sys [2007-09-25 15152]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesMcAfeeSiteAdvisorMcSACore.exe [2009-03-16 210216]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
rbs REG_MULTI_SZ rbspxe
.
.

---

Supplementary Scan

---

.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{FB5A1911-A111-12d3-BB8E-12C04F845654} — mailto:VanHieu_vl@Yahoo.com?Subject=More Information
FF — ProfilePath — c:documents and settingsVanHieuApplication DataMozillaFirefoxProfilesj773li6y.default
FF — prefs.js: browser.search.defaulturl — hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF — prefs.js: keyword.URL — hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF — component: c:program filesMcAfeeSiteAdvisorcomponentsMcFFPlg.dll
FF — component: c:program filesMozilla Firefoxextensionsbrowserhighlighter@ebay.comcomponentsShim.dll
FF — plugin: c:documents and settingsVanHieuLocal SettingsApplication DataGoogleUpdate1.2.141.5npGoogleOneClick7.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 18:17:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERSS-1-5-21-1993962763-764733703-1060284298-1003SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
«??»=hex:23,6a,bf,8f,ee,b3,c5,69,86,d9,bd,36,27,ad,7f,42,82,61,4d,05,d1,82,4d,
ae,c6,7c,c4,7a,5e,21,8c,e5,06,5a,cf,9b,f3,68,32,92,9c,01,63,a9,0f,2d,a8,87,
«??»=hex:b0,81,a3,68,c9,0a,cb,e9,a3,aa,a5,71,02,e1,3d,32
.

---

Other Running Processes

---

.
c:windowsSYSTEM32DVDRAMSV.EXE
c:program filesJAVAJRE6BINJQS.EXE
c:windowsSYSTEM32WDFMGR.EXE
c:program filesLOGITECHVIDEOFXSVR2.EXE
c:windowsSYSTEM32WSCNTFY.EXE
.
**************************************************************************
.
Completion time: 2009-03-27 18:20:31 — machine was rebooted
ComboFix-quarantined-files.txt 2009-03-27 15:20:28
ComboFix3.txt 2009-03-16 05:20:22
ComboFix2.txt 2009-03-21 16:50:42

Pre-Run: 1 975 730 176 bytes free
Post-Run: 2,033,221,632 байт свободно

298

[kimmy456]

Здравствуйте! У Меня компьютер стал нормально работать! Спасибо вам огромное!!!
Вот лог ComboFix̉:
ComboFix 09-03-14.01 — VanHieu 2009-03-21 19:40:34.2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.495.30 [GMT 3:00]
Running from: c:documents and settingsVanHieuMy DocumentsDownloadsComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:0w.com
C:2u.com
C:gyn.cmd
C:jm3cx96.bat
c:program filesBkav2006
c:program filesBkav2006Bkav2006.exe
c:program filesBkav2006ContextMenu.dll
c:program filesBkav2006Helpbkav.css
c:program filesBkav2006Helpchitiet.htm
c:program filesBkav2006Helpchitiete.htm
c:program filesBkav2006HelpHelpBanquyen.htm
c:program filesBkav2006HelpHelpbtg.htm
c:program filesBkav2006HelpHelpdiet.htm
c:program filesBkav2006HelpHelpGth.htm
c:program filesBkav2006HelpHelpLiqu.htm
c:program filesBkav2006HelpHelpLiveUpdate.htm
c:program filesBkav2006HelpHelpnhki.htm
c:program filesBkav2006HelpHelpnhl.htm
c:program filesBkav2006HelpHelpOpt.htm
c:program filesBkav2006HelpHelpVrls.htm
c:program filesBkav2006Helpimagesarrow.gif
c:program filesBkav2006HelpimagesDangKy.gif
C:uxkl0apt.bat
c:windowsFontsVn.Fon
c:windowssystem32BkavAuto.vxd
c:windowssystem32driversBkavAuto.sys
c:windowssystem32driversSysLib.sys
c:windowssystem32gasretyw0.dll
c:windowssystem32kamsoft.exe
c:windowssystem32nmdfgds0.dll
c:windowssystem32nmdfgds1.dll
c:windowssystem32olhrwef.exe
c:windowssystem32pthreadGC2.dll
D:0w.com
D:2u.com
D:gyn.cmd
D:jm3cx96.bat
D:uxkl0apt.bat
E:0w.com
E:2u.com
E:gyn.cmd
E:jm3cx96.bat
E:uxkl0apt.bat

.
((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))
.

2009-03-21 19:29 . 2009-03-21 19:29 d—hs—- C:FOUND.007
2009-03-21 17:04 . 2009-03-21 17:04 d

---

c:program filesDirectVobSub
2009-03-21 16:27 . 2005-08-25 22:10 9,804 —a

---

c:windowssystemvdremote.dll
2009-03-21 16:27 . 2005-08-25 22:09 7,244 —a

---

c:windowssystemvdsvrlnk.dll
2009-03-19 05:02 . 2009-03-19 05:01 110,053 -r-hs—- C:q0dhfjf.exe
2009-03-18 07:27 . 2009-03-19 22:05 65 —a

---

c:windowsFISHUI.INI
2009-03-17 22:06 . 2009-03-17 22:06 d

---

c:program filesMediaCoder
2009-03-16 18:21 . 2009-03-16 18:21 d

---

c:program filesK-Lite Codec Pack
2009-03-16 18:21 . 2008-09-24 21:41 839,680 —a

---

c:windowssystem32lameACM.acm
2009-03-16 18:21 . 2008-12-07 21:08 795,648 —a

---

c:windowssystem32xvidcore.dll
2009-03-16 18:21 . 2008-11-06 19:33 684,032 —a

---

c:windowssystem32divx.dll
2009-03-16 18:21 . 2004-01-25 19:18 217,088 —a

---

c:windowssystem32yv12vfw.dll
2009-03-16 18:21 . 2008-12-07 21:08 130,048 —a

---

c:windowssystem32xvidvfw.dll
2009-03-16 18:21 . 2007-09-21 03:52 118,784 —a

---

c:windowssystem32ac3acm.acm
2009-03-16 18:21 . 2009-02-09 21:56 67,584 —a

---

c:windowssystem32ff_vfw.dll
2009-03-16 18:21 . 2007-07-10 19:10 547 —a

---

c:windowssystem32ff_vfw.dll.manifest
2009-03-16 18:21 . 2008-10-03 15:30 414 —a

---

c:windowssystem32lame_acm.xml
2009-03-16 17:37 . 2009-03-16 17:37 d

---

c:documents and settingsVanHieuApplication DataDataCast
2009-03-16 12:47 . 2009-03-16 12:47 d

---

c:documents and settingsLocalServiceApplication DataSACore
2009-03-16 12:44 . 2009-03-16 12:44 d

---

c:documents and settingsAll UsersApplication DataSiteAdvisor
2009-03-16 12:43 . 2009-03-16 12:43 d

---

c:program filesMcAfee
2009-03-16 12:43 . 2009-03-16 12:44 d

---

c:program filesCommon FilesMcAfee
2009-03-16 12:43 . 2009-03-16 12:43 d

---

c:documents and settingsAll UsersApplication DataMcAfee
2009-03-16 12:29 . 2009-03-17 12:59 111,435 -r-hs—- C:luk1ylq.com
2009-03-16 12:16 . 2009-03-16 12:16 577,024 —a

---

c:windowssystem32dllcacheuser32.dll
2009-03-16 12:14 . 2009-03-16 12:14 d

---

c:windowsERUNT
2009-03-16 12:07 . 2008-11-06 02:03 d

---

C:SDFix
2009-03-16 12:05 . 2009-03-16 12:06 d

---

c:program filesNT Registry Optimizer
2009-03-16 12:04 . 2009-03-16 12:04 d

---

c:program filesERUNT
2009-03-16 11:58 . 2009-03-16 11:58 d

---

c:program filesCCleaner
2009-03-16 08:32 . 2009-03-16 08:32 d

---

C:_OTMoveIt
2009-03-15 10:34 . 2009-03-15 10:34 d

---

c:documents and settingsVanHieuApplication DataWinPatrol
2009-03-15 10:20 . 2009-03-15 10:20 d

---

c:program filesBillP Studios
2009-03-13 07:54 . 2009-03-13 07:54 d

---

C:rsit
2009-03-13 07:54 . 2009-03-13 07:54 d

---

c:program filestrend micro
2009-03-11 20:08 . 2009-03-11 20:08 d

---

c:documents and settingsVanHieuApplication DataMalwarebytes
2009-03-11 20:08 . 2009-02-11 10:19 15,504 —a

---

c:windowssystem32driversmbam.sys
2009-03-11 20:07 . 2009-03-11 20:07 d

---

c:program filesMalwarebytes’ Anti-Malware
2009-03-11 20:07 . 2009-03-11 20:07 d

---

c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 20:07 . 2009-02-11 10:19 38,496 —a

---

c:windowssystem32driversmbamswissarmy.sys
2009-03-11 19:25 . 2009-03-11 19:25 d

---

C:VundoFix Backups
2009-03-11 12:05 . 2009-03-11 12:05 d—hs—- C:FOUND.006
2009-03-09 21:14 . 2009-03-09 21:14 d

---

c:documents and settingsVanHieuApplication DataSamsung
2009-03-09 16:09 . 2009-03-09 16:09 d

---

c:program filesTVAnts
2009-03-07 23:56 . 2006-05-03 22:53 174,592 —a

---

c:windowssystem32framedyn.dll
2009-03-07 23:55 . 2009-03-07 23:55 d

---

c:windowssystem32Samsung_USB_Drivers
2009-03-07 23:55 . 2005-08-30 01:49 94,000 —a

---

c:windowssystem32driversssm_mdm.sys
2009-03-07 23:55 . 2005-08-30 01:47 58,320 —a

---

c:windowssystem32driversssm_bus.sys
2009-03-07 23:55 . 2005-08-30 01:49 8,336 —a

---

c:windowssystem32driversssm_mdfl.sys
2009-03-07 23:55 . 2005-08-30 01:49 6,176 —a

---

c:windowssystem32driversssm_cmnt.sys
2009-03-07 23:55 . 2005-08-30 01:49 6,176 —a

---

c:windowssystem32driversssm_cm.sys
2009-03-07 23:55 . 2005-08-30 01:47 5,840 —a

---

c:windowssystem32driversssm_whnt.sys
2009-03-07 23:55 . 2005-08-30 01:47 5,840 —a

---

c:windowssystem32driversssm_wh.sys
2009-03-07 23:54 . 2006-07-24 16:05 5,632 —a

---

c:windowssystem32driversStarOpen.sys
2009-03-07 23:54 . 2005-08-28 20:51 766 —a

---

c:windowssystem32Uninstall.ico
2009-03-07 23:15 . 2009-03-07 23:15 d

---

c:program filesHelaBasa
2009-03-07 20:14 . 2001-11-12 13:30 827,156 —a

---

c:windowssystem32sheadg.ttf
2009-03-07 19:53 . 2009-03-07 19:53 d

---

c:program filesKorean HakGyo
2009-03-07 19:46 . 2009-03-07 19:46 d

---

c:documents and settingsAll UsersApplication DataTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

---

c:program filesTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

---

c:program filesCommon FilesTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

---

c:documents and settingsVanHieuApplication DataTavultesoft
2009-03-07 18:01 . 2009-03-07 18:01 d

---

c:program filesAgilingua
2009-03-07 18:00 . 2009-03-07 18:00 d

---

c:windowsFlash Card Factory
2009-03-07 18:00 . 2009-03-07 18:00 d

---

c:program filesFlash Card Factory
2009-03-07 16:53 . 2004-09-14 14:53 13,323 —a

---

c:windowsXPE_MUIService Pack 1 KoreanEULA.rtf
2009-03-07 16:52 . 2004-10-01 12:35 13,260 —a

---

c:windowsXPE_MUIService Pack 2 KoreanEULA.rtf
2009-03-07 16:27 . 2009-03-07 16:25 13,463,552 —a

---

c:windowssystem32dllcachehwxjpn.dll
2009-03-07 16:22 . 2009-03-07 16:22 d

---

c:windowsSxsCaPendDel
2009-03-07 15:19 . 2009-03-07 15:19 50 —a

---

c:windowsMegaManager.INI
2009-03-06 15:41 . 2009-03-07 16:06 180,258 —a

---

c:windowssystem32dllcachec_20000.nls
2009-03-06 15:41 . 2009-03-07 16:06 180,258 —a

---

c:windowssystem32c_20000.nls
2009-03-06 15:41 . 2009-03-07 15:30 162,850 —a

---

c:windowssystem32dllcachec_10001.nls
2009-03-06 15:41 . 2009-03-07 15:30 162,850 —a

---

c:windowssystem32c_10001.nls
2009-03-06 15:41 . 2009-03-07 16:10 57,398 —a

---

c:windowssystem32dllcacheimjpdadm.exe
2009-03-06 13:11 . 2009-03-06 13:11 d

---

c:windowssystem321049
2009-03-06 13:11 . 2001-12-05 04:00 65,536 —a

---

c:windowssystem32WMErrRUS.dll
2009-03-06 13:11 . 2001-12-05 04:00 36,388 —a

---

c:windowsWMPrfRUS.prx
2009-03-06 12:49 . 2004-10-01 13:35 13,260 —a

---

c:windowsXPE_MUIService Pack 2 RussianEULA.rtf
2009-03-06 12:35 . 2004-09-15 15:15 12,757 —a

---

c:windowsXPE_SP2EULA.rtf
2009-03-06 08:12 . 2009-03-06 08:12 d

---

c:program filesMicrosoft SQL Server
2009-03-06 08:12 . 2002-12-17 16:23 33,340

---

c:windowssystem32dbmsqlgc.dll
2009-03-06 08:12 . 2002-10-20 14:05 24,576

---

c:windowssystem32dbmsgnet.dll
2009-03-06 01:31 . 2009-03-06 01:31 d

---

c:program filesWindows Embedded
2009-03-05 22:01 . 2009-03-05 22:01 d

---

c:windowsServicePackFiles
2009-03-05 22:00 . 2004-07-17 11:40 19,528 —a

---

c:windows000001_.tmp
2009-03-05 22:00 . 2004-08-03 22:42 15,872 —a

---

c:windowssystem32spupdsvc.exe
2009-03-03 15:25 . 2009-03-03 15:26 d

---

c:documents and settingsVanHieuApplication DataDivX
2009-03-03 15:23 . 2008-11-06 19:37 129,784

---

c:windowssystem32pxafs.dll
2009-03-03 15:23 . 2008-11-06 19:37 120,056

---

c:windowssystem32pxcpyi64.exe
2009-03-03 15:23 . 2008-11-06 19:37 118,520

---

c:windowssystem32pxinsi64.exe
2009-03-03 15:23 . 2008-11-06 19:37 9,464

---

c:windowssystem32driverscdralw2k.sys
2009-03-03 15:23 . 2008-11-06 19:37 9,336

---

c:windowssystem32driverscdr4_xp.sys
2009-03-02 09:52 . 2009-03-02 09:52 d

---

c:program filesAimersoft
2009-02-25 03:29 . 2009-02-25 03:29 d—hs—- C:FOUND.005
2009-02-23 13:49 . 2009-02-23 13:49 d

---

c:documents and settingsVanHieuApplication Datavlc
2009-02-23 13:48 . 2009-02-23 13:48 d

---

c:program filesVideoLAN
2009-02-22 22:24 . 1998-01-23 12:55 305,152 —a

---

c:windowsIsUn0419.exe
2009-02-22 22:08 . 2004-06-04 18:33 314,368 —a

---

c:windowsIsUninstR.Exe
2009-02-22 21:56 . 2009-02-22 21:56 d

---

c:documents and settingsVanHieuWINDOWS
2009-02-22 19:53 . 2009-02-22 19:53 d

---

c:program filesOnline TV Player 4
2009-02-22 19:53 . 2009-02-22 19:53 10 —a

---

c:windowssystem32810429tv4-test.jun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 13:25 10,129,408 —-a-w c:windowssystem32dllcachehwxkor.dll
2009-03-07 13:25 10,096,640 —-a-w c:windowssystem32dllcachehwxcht.dll
2009-03-07 13:23 44,032 —-a-w c:windowssystem32dllcacheimekrmig.exe
2009-03-07 13:23 311,359 —-a-w c:windowssystem32dllcacheimepadsv.exe
2009-03-07 13:23 143,422 —-a-w c:windowssystem32dllcachesoftkey.dll
2009-03-07 13:23 102,463 —-a-w c:windowssystem32dllcacheimepadsm.dll
2009-03-07 13:18 471,102 —-a-w c:windowssystem32dllcacheimskdic.dll
2009-03-07 13:17 70,656 —-a-w c:windowssystem32korwbrkr.dll
2009-03-07 13:17 70,656 —-a-w c:windowssystem32dllcachekorwbrkr.dll
2009-03-07 12:58 1,677,824 —-a-w c:windowssystem32dllcachechsbrkr.dll
2009-03-07 12:58 1,677,824 —-a-w c:windowssystem32chsbrkr.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0804.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0412.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0411.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0404.dll
2009-03-07 12:44 838,144 —-a-w c:windowssystem32dllcachechtbrkr.dll
2009-03-07 12:44 838,144 —-a-w c:windowssystem32chtbrkr.dll
2009-03-07 12:21 47,360 —-a-w c:documents and settingsVanHieuApplication Datapcouffin.sys
2009-03-07 11:53 36,927 —-a-w c:windowssystem32dllcachepadrs411.dll
2009-03-07 11:53 36,864 —-a-w c:windowssystem32dllcachehanjadic.dll
2009-03-07 11:53 229,439 —-a-w c:windowssystem32dllcachemultibox.dll
2009-03-07 11:53 14,336 —-a-w c:windowssystem32dllcachepadrs412.dll
2009-03-06 15:42 59,904 —-a-w c:windowssystem32dllcacheimkrinst.exe
2009-03-06 13:27 315,452 —-a-w c:windowssystem32dllcacheimskf.dll
2009-03-06 13:25 45,109 —-a-w c:windowssystem32dllcacheimjpuex.exe
2009-03-06 13:24 98,304 —-a-w c:windowssystem32msir3jp.dll
2009-03-06 13:24 98,304 —-a-w c:windowssystem32dllcachemsir3jp.dll
2009-02-20 16:33

---

d

---

w c:program filesURUSoft
2009-02-11 17:03

---

d

---

w c:program filesGenieSoft
2009-02-10 19:17

---

d

---

w c:program filesVSTPlugins
2009-02-10 19:17

---

d

---

w c:documents and settingsVanHieuApplication DataGenieSoft
2009-02-09 21:40

---

d

---

w c:program filesCommon FilesSkype
2009-02-09 21:39

---

d

---

r c:program filesSkype
2009-01-31 12:10

---

d

---

w c:documents and settingsVanHieuApplication Datacom.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-01-31 12:09

---

d

---

w c:program filesCommon FilesAdobe AIR
2009-01-30 15:40

---

d

---

w c:documents and settingsVanHieuApplication Dataled
2009-01-30 15:39 98,304 —-a-w c:windowssystem32CmdLineExt.dll
2009-01-30 15:39

---

d—h—r c:documents and settingsVanHieuApplication DataSecuROM
2009-01-30 15:39

---

d

---

w c:program filesIDM
2009-01-22 17:44

---

d

---

w c:program filesOpera 10 Preview
2009-01-03 14:57 410,984 —-a-w c:windowssystem32deploytk.dll
2006-08-15 17:42 3,408 —-a-w c:windowsinfInfo.vbs
.

((((((((((((((((((((((((((((( SnapShot@2009-03-16_ 8.18.46.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 09:02:28 163,328 —-a-w c:windowsERDNT16.03.2009ERDNT.EXE
+ 2009-03-16 09:05:40 5,656,576 —-a-w c:windowsERDNT16.03.2009Users00000001ntuser.dat
+ 2009-03-16 09:05:40 278,528 —-a-w c:windowsERDNT16.03.2009Users00000002UsrClass.dat
+ 2005-10-20 09:02:28 163,328 —-a-w c:windowsERDNTAutoBackup16.03.2009ERDNT.EXE
+ 2009-03-16 09:29:18 5,439,488 —-a-w c:windowsERDNTAutoBackup16.03.2009Users00000001ntuser.dat
+ 2009-03-16 09:29:18 274,432 —-a-w c:windowsERDNTAutoBackup16.03.2009Users00000002UsrClass.dat
+ 2008-08-07 12:27:04 163,328 —-a-w c:windowsERUNTSDFIXERDNT.EXE
+ 2009-03-16 09:15:08 5,435,392 —-a-w c:windowsERUNTSDFIXUsers00000001ntuser.dat
+ 2009-03-16 09:15:08 274,432 —-a-w c:windowsERUNTSDFIXUsers00000002UsrClass.dat
+ 2008-08-07 12:27:04 163,328 —-a-w c:windowsERUNTSDFIX_First_RunERDNT.EXE
+ 2009-03-16 09:14:58 5,435,392 —-a-w c:windowsERUNTSDFIX_First_RunUsers00000001ntuser.dat
+ 2009-03-16 09:14:58 274,432 —-a-w c:windowsERUNTSDFIX_First_RunUsers00000002UsrClass.dat
+ 2009-03-16 17:00:46 9,662 —-a-r c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}ARPPRODUCTICON.exe
+ 2009-03-16 17:01:40 16,564 —-a-w c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}emodio.dat
— 2009-03-08 05:18:18 328,296 —-a-w c:windowssystem32FNTCACHE.DAT
+ 2009-03-16 14:30:14 328,296 —-a-w c:windowssystem32FNTCACHE.DAT
— 2007-12-14 14:19:56 118,784

---

w c:windowssystem32MaDRM.dll
+ 2008-09-17 09:36:18 118,784 —-a-w c:windowssystem32MaDRM.dll
— 2007-12-14 14:19:56 40,960

---

w c:windowssystem32MAMACExtract.dll
+ 2008-09-17 09:36:18 40,960 —-a-w c:windowssystem32MAMACExtract.dll
— 2007-12-14 14:19:56 135,168

---

w c:windowssystem32muzaf1.dll
+ 2008-09-17 09:36:18 135,168 —-a-w c:windowssystem32muzaf1.dll
— 2007-12-14 14:19:56 471,040

---

w c:windowssystem32muzapp.dll
+ 2008-09-17 09:36:20 483,328 —-a-w c:windowssystem32muzapp.dll
— 2008-02-22 07:44:28 172,776 —-a-w c:windowssystem32muzapp.exe
+ 2008-09-17 09:36:18 167,936 —-a-w c:windowssystem32muzapp.exe
— 2007-12-14 14:19:56 200,704

---

w c:windowssystem32muzwmts.dll
+ 2008-09-17 09:36:20 200,704 —-a-w c:windowssystem32muzwmts.dll
— 2007-12-14 14:19:56 45,056

---

w c:windowssystem32Ogg.dll
+ 2008-09-17 09:36:20 45,056 —-a-w c:windowssystem32Ogg.dll
— 2007-12-14 14:19:56 237,568

---

w c:windowssystem32OggDS.dll
+ 2008-09-17 09:36:20 237,568 —-a-w c:windowssystem32OggDS.dll
— 2009-03-06 10:22:34 60,510 —-a-w c:windowssystem32perfc009.dat
+ 2009-03-17 18:36:12 60,510 —-a-w c:windowssystem32perfc009.dat
— 2009-03-06 10:22:34 398,748 —-a-w c:windowssystem32perfh009.dat
+ 2009-03-17 18:36:14 398,748 —-a-w c:windowssystem32perfh009.dat
— 2007-12-14 14:19:56 110,592

---

w c:windowssystem32tg_dump.dll
+ 2008-09-17 09:36:20 110,592 —-a-w c:windowssystem32tg_dump.dll
— 2007-12-14 14:19:56 110,592

---

w c:windowssystem32TG_DUMP0708.DLL
+ 2008-09-17 09:36:20 110,592 —-a-w c:windowssystem32TG_DUMP0708.DLL
— 2004-11-01 10:13:28 245,408 —-a-w c:windowssystem32unicows.dll
+ 2008-09-17 09:36:22 258,352 —-a-w c:windowssystem32unicows.dll
— 2007-12-14 14:19:56 188,416

---

w c:windowssystem32vorbis.dll
+ 2008-09-17 09:36:20 188,416 —-a-w c:windowssystem32vorbis.dll
— 2007-12-14 14:19:58 921,600

---

w c:windowssystem32vorbisenc.dll
+ 2008-09-17 09:36:22 921,600 —-a-w c:windowssystem32vorbisenc.dll
+ 2009-03-21 16:46:54 16,384 —-a-w c:windowsTempPerflib_Perfdata_17c.dat
+ 2009-03-21 16:47:20 16,384 —-a-w c:windowsTempPerflib_Perfdata_d64.dat
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«STYLEXP»=»c:program filesTGTSoftStyleXPStyleXP.exe» [2005-07-21 1359872]
«UniKey»=»c:program filesUnikey 3.6UniKeyNT.exe» [2003-01-29 77824]
«Messenger (Yahoo!)»=»c:program filesYahoo!MessengerYahooMessenger.exe» [2008-11-05 4347120]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-04 1667584]
«BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2008-12-19 342848]
«Google Update»=»c:documents and settingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-11-05 133104]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-01-29 23975720]
«LDM»=»c:program filesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe» [BU]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«igfxtray»=»c:windowssystem32igfxtray.exe» [2005-09-20 94208]
«igfxhkcmd»=»c:windowssystem32hkcmd.exe» [2005-09-20 77824]
«igfxpers»=»c:windowssystem32igfxpers.exe» [2005-09-20 114688]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-07-13 98304]
«LVCOMSX»=»c:windowssystem32LVCOMSX.EXE» [2004-02-25 221184]
«LogitechVideoRepair»=»c:program filesLogitechVideoISStart.exe» [2004-02-25 454656]
«LogitechVideoTray»=»c:program filesLogitechVideoLogiTray.exe» [2004-02-25 212992]
«dla»=»c:windowssystem32dlatfswctrl.exe» [2002-05-09 102455]
«DVDBitSet»=»c:program filesHP CD-DVDUmbrellaDVDBitSet.exe» [2002-05-01 200704]
«HPCDTray»=»c:program filesHP CD-DVDUmbrellahpcdtray.exe» [2001-10-17 69632]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2008-09-18 185896]
«hpppta»=»c:program filesHewlett-PackardHP PrecisionScanPrecisionScan Prohpppta.exe» [2000-06-02 86016]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-01-03 136600]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«IMJPMIG8.1″=»c:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-03 208952]
«MSPY2002″=»c:windowssystem32IMEPINTLGNTImScInst.exe» [2004-08-03 59392]
«PHIME2002ASync»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-03 455168]
«PHIME2002A»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-03 455168]
«WinPatrol Russian v.2″=»c:program filesBillP StudiosWinPatrolwinpatrol.exe» [2007-08-06 292152]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-04 15360]

c:documents and settingsVanHieuStart MenuProgramsStartup
PowerReg Scheduler.exe [2008-08-30 225280]

c:documents and settingsAll UsersStart MenuProgramsStartup
Logitech Desktop Messenger.lnk — c:program filesLogitechDesktop Messenger8876480ProgramLDMConf.exe [2008-08-29 169472]
RAMASST.lnk — c:windowssystem32RAMASST.exe [2008-10-16 155648]
Service Manager.lnk — c:program filesMicrosoft SQL Server80ToolsBinnsqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.enc»= ITIG726.acm

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmtd2002Svr]
—a

---

2002-10-05 13:05 544768 c:program filesmtd2002mtdserver.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSTYLEXP]
—a

---

2005-07-21 05:57 1359872 c:program filesTGTSoftStyleXPStyleXP.exe

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\mtd2002\mtdserver.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe»=
«c:\Program Files\DNA\btdna.exe»=
«c:\Program Files\BitTorrent\bittorrent.exe»=
«c:\WINDOWS\System32\muzapp.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\TVAnts\Tvants.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

R1 hpcd2k;hpcd2k;c:windowssystem32drivershpcd2k.sys [2008-08-30 4421]
R2 Rbspxe;Remote Boot Service;c:windowsSystem32svchost.exe -k RBS [2004-08-04 14336]
R2 TFTPD;Trivial File Transfer Protocol;c:program filesWindows EmbeddedRemote Boot Servicetftpd.exe [2004-08-31 19484]
S3 CrystalSysInfo;CrystalSysInfo;c:program filesMediaCoderSysInfo.sys [2009-03-17 15152]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesMcAfeeSiteAdvisorMcSACore.exe [2009-03-16 210216]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
rbs REG_MULTI_SZ rbspxe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1d9d5ad0-1433-11de-8c2b-00080d046837}]
ShellAutoRuncommand — G:2u.com
ShellexploreCommand — G:2u.com
ShellopenCommand — G:2u.com
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-cdoosoft — c:windowssystem32olhrwef.exe

.

---

Supplementary Scan

---

.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{FB5A1911-A111-12d3-BB8E-12C04F845654} — mailto:VanHieu_vl@Yahoo.com?Subject=More Information
TCP: {24F87B78-2B3A-4A7E-B707-28AA5E8723EE} = 194.67.160.3,194.67.161.1
FF — ProfilePath — c:documents and settingsVanHieuApplication DataMozillaFirefoxProfilesj773li6y.default
FF — prefs.js: browser.search.defaulturl — hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF — prefs.js: keyword.URL — hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF — component: c:program filesMcAfeeSiteAdvisorcomponentsMcFFPlg.dll
FF — component: c:program filesMozilla Firefoxextensionsbrowserhighlighter@ebay.comcomponentsShim.dll
FF — plugin: c:documents and settingsVanHieuLocal SettingsApplication DataGoogleUpdate1.2.141.5npGoogleOneClick7.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 19:47:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERSS-1-5-21-1993962763-764733703-1060284298-1003SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
«??»=hex:23,6a,bf,8f,ee,b3,c5,69,86,d9,bd,36,27,ad,7f,42,82,61,4d,05,d1,82,4d,
ae,c6,7c,c4,7a,5e,21,8c,e5,06,5a,cf,9b,f3,68,32,92,9c,01,63,a9,0f,2d,a8,87,
«??»=hex:b0,81,a3,68,c9,0a,cb,e9,a3,aa,a5,71,02,e1,3d,32
.

---

Other Running Processes

---

.
c:windowsSYSTEM32DVDRAMSV.EXE
c:program filesJAVAJRE6BINJQS.EXE
c:windowsSYSTEM32WDFMGR.EXE
c:program filesLogitechVideoFxSvr2.exe
c:windowssystem32wscntfy.exe
c:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Completion time: 2009-03-21 19:50:39 — machine was rebooted
ComboFix-quarantined-files.txt 2009-03-21 16:50:36
ComboFix2.txt 2009-03-16 05:20:22

Pre-Run: 1 495 629 824 bytes free
Post-Run: 1,522,171,904 байт свободно

382

[kimmy456]

Я зашла в C:_OTMoveItMovedFiles и не смогла найти лог.
Вот только RSIT лог:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by VanHieu at 2009-03-16 08:28:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (25%) free of 19 GB
Total RAM: 495 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:32, on 16.03.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32conime.exe
C:WINDOWSsystem32DVDRAMSV.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows EmbeddedRemote Boot Servicetftpd.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesHP CD-DVDUmbrellahpcdtray.exe
C:Program FilesSamsungSamsung Media Studio 5SMSTray.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesWebMoney Agentwmagent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesDNAbtdna.exe
C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:WINDOWSsystem32RAMASST.exe
C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSexplorer.exe
C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Documents and SettingsVanHieuMy DocumentsDownloadsRSIT.exe
C:Program Filestrend microVanHieu.exe

R3 — URLSearchHook: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll (file missing)
O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Yahoo! IE Services Button — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL (file missing)
O3 — Toolbar: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll (file missing)
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL (file missing)
O4 — HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 — HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 — HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 — HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 — HKLM..Run: [DVDBitSet] «C:Program FilesHP CD-DVDUmbrellaDVDBitSet.exe» /NOUI
O4 — HKLM..Run: [HPCDTray] «C:Program FilesHP CD-DVDUmbrellahpcdtray.exe»
O4 — HKLM..Run: [SMSTray] C:Program FilesSamsungSamsung Media Studio 5SMSTray.exe
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [hpppta] C:Program FilesHewlett-PackardHP PrecisionScanPrecisionScan Prohpppta.exe /ICON
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [IMJPMIG8.1] «C:WINDOWSIMEimjp8_1IMJPMIG.EXE» /Spoil /RemAdvDef /Migration32
O4 — HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 — HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 — HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 — HKLM..Run: [WinPatrol Russian v.2] C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
O4 — HKCU..Run: [STYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe -Hide
O4 — HKCU..Run: [UniKey] C:Program FilesUnikey 3.6UniKeyNT.exe
O4 — HKCU..Run: [Messenger (Yahoo!)] «C:Program FilesYahoo!MessengerYahooMessenger.exe» -quiet
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesDNAbtdna.exe»
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: PowerReg Scheduler.exe
O4 — Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 — Global Startup: RAMASST.lnk = C:WINDOWSsystem32RAMASST.exe
O4 — Global Startup: Service Manager.lnk = C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Yahoo! Services — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: More Information — {FB5A1911-A111-12d3-BB8E-12C04F845654} — mailto:VanHieu_vl@Yahoo.com?Subject=More Information (file missing)
O9 — Extra ‘Tools’ menuitem: More Information — {FB5A1911-A111-12d3-BB8E-12C04F845654} — mailto:VanHieu_vl@Yahoo.com?Subject=More Information (file missing)
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{24F87B78-2B3A-4A7E-B707-28AA5E8723EE}: NameServer = 194.67.160.3,194.67.161.1
O17 — HKLMSystemCS1ServicesTcpip..{24F87B78-2B3A-4A7E-B707-28AA5E8723EE}: NameServer = 194.67.160.3,194.67.161.1
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Filter: text/xml; charset=iso-8859-1 — {32F66A26-7614-11D4-BD11-00104BD3F987} — C:Program FilesDesign ScienceMathPlayerMathMLMimer.dll
O18 — Filter: text/xml; charset=utf-8 — {32F66A26-7614-11D4-BD11-00104BD3F987} — C:Program FilesDesign ScienceMathPlayerMathMLMimer.dll
O23 — Service: DVD-RAM_Service — Matsushita Electric Industrial Co., Ltd. — C:WINDOWSsystem32DVDRAMSV.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: StyleXPService — Unknown owner — C:Program FilesTGTSoftStyleXPStyleXPService.exe

—
End of file — 8474 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-09-18 308856]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button — C:Program FilesYahoo!Commonyiesrvc.dll [2007-12-13 222448]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-01-03 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-01-03 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-01-03 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:Program FilesAskTBarbar1.binASKTBAR.DLL []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQ Toolbar — C:PROGRA~1ICQTOO~1toolbaru.dll []
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:Program FilesAskTBarbar1.binASKTBAR.DLL []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«igfxtray»=C:WINDOWSsystem32igfxtray.exe [2005-09-20 94208]
«igfxhkcmd»=C:WINDOWSsystem32hkcmd.exe [2005-09-20 77824]
«igfxpers»=C:WINDOWSsystem32igfxpers.exe [2005-09-20 114688]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-07-13 98304]
«LVCOMSX»=C:WINDOWSsystem32LVCOMSX.EXE [2004-02-25 221184]
«LogitechVideoRepair»=C:Program FilesLogitechVideoISStart.exe [2004-02-25 454656]
«LogitechVideoTray»=C:Program FilesLogitechVideoLogiTray.exe [2004-02-25 212992]
«dla»=C:WINDOWSsystem32dlatfswctrl.exe [2002-05-09 102455]
«DVDBitSet»=C:Program FilesHP CD-DVDUmbrellaDVDBitSet.exe [2002-05-01 200704]
«HPCDTray»=C:Program FilesHP CD-DVDUmbrellahpcdtray.exe [2001-10-17 69632]
«SMSTray»=C:Program FilesSamsungSamsung Media Studio 5SMSTray.exe [2007-12-14 132624]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-09-18 185896]
«hpppta»=C:Program FilesHewlett-PackardHP PrecisionScanPrecisionScan Prohpppta.exe [2000-06-02 86016]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-01-03 136600]
«wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2008-10-01 209376]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«IMJPMIG8.1″=C:WINDOWSIMEimjp8_1IMJPMIG.EXE [2004-08-03 208952]
«MSPY2002″=C:WINDOWSsystem32IMEPINTLGNTImScInst.exe [2004-08-03 59392]
«PHIME2002ASync»=C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE [2004-08-03 455168]
«PHIME2002A»=C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE [2004-08-03 455168]
«WinPatrol Russian v.2″=C:Program FilesBillP StudiosWinPatrolwinpatrol.exe [2007-08-06 292152]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«STYLEXP»=C:Program FilesTGTSoftStyleXPStyleXP.exe [2005-07-21 1359872]
«UniKey»=C:Program FilesUnikey 3.6UniKeyNT.exe [2003-01-29 77824]
«Messenger (Yahoo!)»=C:Program FilesYahoo!MessengerYahooMessenger.exe [2008-11-05 4347120]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-04 1667584]
«BitTorrent DNA»=C:Program FilesDNAbtdna.exe [2008-12-19 342848]
«Google Update»=C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-11-05 133104]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2009-01-29 23975720]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmtd2002Svr]
C:Program Filesmtd2002mtdserver.exe [2002-10-05 544768]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSTYLEXP]
C:Program FilesTGTSoftStyleXPStyleXP.exe [2005-07-21 1359872]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Logitech Desktop Messenger.lnk — C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
RAMASST.lnk — C:WINDOWSsystem32RAMASST.exe
Service Manager.lnk — C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe

C:Documents and SettingsVanHieuStart MenuProgramsStartup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program Filesmtd2002mtdserver.exe»=»C:Program Filesmtd2002mtdserver.exe:*:Disabled:mtdServer»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesYahoo!MessengerYahooMessenger.exe»=»C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger»
«C:Program FilesDNAbtdna.exe»=»C:Program FilesDNAbtdna.exe:*:Enabled:DNA»
«C:Program FilesBitTorrentbittorrent.exe»=»C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent»
«C:WINDOWSSystem32muzapp.exe»=»C:WINDOWSSystem32muzapp.exe:*:Enabled:MUZ AOD APP player»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesTVAntsTvants.exe»=»C:Program FilesTVAntsTvants.exe:*:Enabled:TVAnts»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-03-16 08:20:20 —-A—- C:ComboFix.txt
2009-03-16 08:05:28 —-A—- C:WINDOWSzip.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSVFIND.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSSWXCACLS.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSSWSC.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSSWREG.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSsed.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSgrep.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSfdsv.exe
2009-03-16 08:04:39 —-D—- C:32788R22FWJFW
2009-03-15 10:34:52 —-D—- C:Documents and SettingsVanHieuApplication DataWinPatrol
2009-03-15 10:29:30 —-A—- C:WINDOWSNIRCMD.exe
2009-03-15 10:29:23 —-D—- C:WINDOWSERDNT
2009-03-15 10:28:53 —-D—- C:Qoobox
2009-03-15 10:20:09 —-D—- C:Program FilesBillP Studios
2009-03-15 10:00:26 —-D—- C:_OTMoveIt
2009-03-13 07:54:50 —-D—- C:Program Filestrend micro
2009-03-13 07:54:48 —-D—- C:rsit
2009-03-11 20:08:27 —-D—- C:Documents and SettingsVanHieuApplication DataMalwarebytes
2009-03-11 20:07:56 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-11 20:07:56 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-11 19:25:17 —-D—- C:VundoFix Backups
2009-03-11 19:25:17 —-A—- C:VundoFix.txt
2009-03-11 12:05:38 —-SHD—- C:FOUND.006
2009-03-09 21:14:13 —-D—- C:Documents and SettingsVanHieuApplication DataSamsung
2009-03-09 16:09:02 —-D—- C:Program FilesTVAnts
2009-03-07 23:56:23 —-A—- C:WINDOWSsystem32framedyn.dll
2009-03-07 23:55:17 —-D—- C:WINDOWSsystem32Samsung_USB_Drivers
2009-03-07 23:15:20 —-D—- C:Program FilesHelaBasa
2009-03-07 19:53:29 —-D—- C:Program FilesKorean HakGyo
2009-03-07 19:46:38 —-D—- C:Documents and SettingsAll UsersApplication DataTavultesoft
2009-03-07 19:12:39 —-D—- C:Documents and SettingsVanHieuApplication DataTavultesoft
2009-03-07 19:12:29 —-D—- C:Program FilesCommon FilesTavultesoft
2009-03-07 19:12:05 —-D—- C:Program FilesTavultesoft
2009-03-07 18:01:23 —-A—- C:memory.txt
2009-03-07 18:01:20 —-D—- C:Program FilesAgilingua
2009-03-07 18:00:38 —-D—- C:WINDOWSFlash Card Factory
2009-03-07 18:00:38 —-D—- C:Program FilesFlash Card Factory
2009-03-07 18:00:29 —-A—- C:WINDOWSFlash Card Factory Setup Log.txt
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32msir3jp.dll
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32korwbrkr.dll
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32chtbrkr.dll
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32chsbrkr.dll
2009-03-07 16:28:02 —-A—- C:WINDOWSsystem32c_g18030.dll
2009-03-07 16:28:01 —-A—- C:WINDOWSsystem32kbd101a.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdnecNT.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdnecAT.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdnec95.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdlk41j.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdlk41a.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdibm02.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdax2.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbd106n.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbd101.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32f3ahvoas.dll
2009-03-07 16:22:53 —-D—- C:WINDOWSSxsCaPendDel
2009-03-07 15:19:22 —-A—- C:WINDOWSMegaManager.INI
2009-03-06 19:40:24 —-A—- C:WINDOWSsystem32c_is2022.dll
2009-03-06 13:11:10 —-A—- C:WINDOWSsystem32WMErrRUS.dll
2009-03-06 13:11:09 —-D—- C:WINDOWSsystem321049
2009-03-06 13:10:05 —-HD—- C:WINDOWS$NtUninstallKB841625_RUS$
2009-03-06 13:08:17 —-HD—- C:WINDOWS$NtUninstallKB841625_KOR$
2009-03-06 08:12:26 —-N—- C:WINDOWSsystem32dbmsqlgc.dll
2009-03-06 08:12:26 —-N—- C:WINDOWSsystem32dbmsgnet.dll
2009-03-06 08:12:09 —-D—- C:Program FilesMicrosoft SQL Server
2009-03-06 01:31:23 —-D—- C:Program FilesWindows Embedded
2009-03-05 22:07:59 —-D—- C:WINDOWSPrefetch
2009-03-05 22:05:46 —-A—- C:WINDOWSsetuplog.txt
2009-03-05 22:04:55 —-N—- C:WINDOWSsystem32smtpapi.dll
2009-03-05 22:04:55 —-N—- C:WINDOWSsystem32rwnh.dll
2009-03-05 22:04:55 —-N—- C:WINDOWSsystem32comsdupd.exe
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ativvaxx.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ativtmxx.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati3duag.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati3d1ag.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati2dvag.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati2dvaa.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati2cqag.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32slgen.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32slextspk.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32slcoinst.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32s3gnb.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32nv4_disp.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32mtxparhd.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32mdmxsdk.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32hsfcisp2.dll
2009-03-05 22:04:47 —-N—- C:WINDOWSsystem32slserv.exe
2009-03-05 22:04:47 —-N—- C:WINDOWSsystem32slrundll.exe
2009-03-05 22:04:47 —-N—- C:WINDOWSslrundll.exe
2009-03-05 22:04:41 —-A—- C:WINDOWSsystem32uniime.dll
2009-03-05 22:04:41 —-A—- C:WINDOWSsystem32imjp81k.dll
2009-03-05 22:01:48 —-D—- C:WINDOWSServicePackFiles
2009-03-05 22:01:02 —-N—- C:WINDOWSsystem32spmsg.dll
2009-03-05 22:00:56 —-A—- C:WINDOWS00001_.tmp
2009-03-05 22:00:33 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-03-03 15:25:58 —-D—- C:Documents and SettingsVanHieuApplication DataDivX
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxinsi64.exe
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxinsa64.exe
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxcpyi64.exe
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxcpya64.exe
2009-03-03 15:23:55 —-N—- C:WINDOWSsystem32pxsfs.dll
2009-03-03 15:23:55 —-N—- C:WINDOWSsystem32pxafs.dll
2009-03-02 09:52:11 —-D—- C:Program FilesAimersoft
2009-02-25 03:29:12 —-SHD—- C:FOUND.005
2009-02-23 13:49:34 —-D—- C:Documents and SettingsVanHieuApplication Datavlc
2009-02-23 13:48:42 —-D—- C:Program FilesVideoLAN
2009-02-22 22:24:36 —-A—- C:WINDOWSIsUn0419.exe
2009-02-22 22:08:19 —-A—- C:WINDOWSIsUninstR.Exe
2009-02-22 19:53:56 —-D—- C:Program FilesOnline TV Player 4
2009-02-20 20:00:46 —-A—- C:WINDOWSSubCreator.INI
2009-02-20 19:33:30 —-D—- C:Program FilesURUSoft
2009-02-20 06:34:56 —-SHD—- C:FOUND.004
2009-02-17 21:29:28 —-SHD—- C:FOUND.003
2009-02-17 21:20:34 —-SHD—- C:FOUND.002

======List of files/folders modified in the last 1 months======

2009-03-16 08:16:40 —-A—- C:WINDOWSsystem.ini
2009-03-16 08:07:04 —-A—- C:WINDOWSSchedLgU.Txt
2009-03-15 10:35:56 —-A—- C:WINDOWSntbtlog.txt
2009-03-14 23:07:14 —-A—- C:WINDOWSNeroDigital.ini
2009-03-12 08:18:18 —-A—- C:WINDOWSwinamp.ini
2009-03-07 16:43:46 —-A—- C:WINDOWSimsins.BAK
2009-03-06 13:22:34 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-05 22:08:40 —-A—- C:WINDOWSOEWABLog.txt
2009-03-05 22:08:34 —-A—- C:WINDOWSwin.ini
2009-03-05 22:05:48 —-RASH—- C:boot.ini
2009-02-28 18:42:32 —-A—- C:WINDOWSavisplitter.INI
2009-02-27 08:25:52 —-A—- C:Log.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FsVga;FsVga; C:WINDOWSsystem32DRIVERSfsvga.sys [2004-08-04 12160]
R1 hpcd2k;hpcd2k; C:WINDOWSsystem32drivershpcd2k.sys [2000-10-23 4421]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 meiudf;meiudf; C:WINDOWSSystem32Driversmeiudf.sys [2003-01-31 90416]
R1 sscdbhk5;sscdbhk5; C:WINDOWSsystem32driverssscdbhk5.sys [2002-01-28 5589]
R1 ssrtln;ssrtln; C:WINDOWSsystem32driversssrtln.sys [2002-01-28 22963]
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R1 StyleXPHelper;StyleXPHelper; ??C:Program FilesTGTSoftStyleXPStyleXPHelper.exe []
R2 drvnddm;drvnddm; C:WINDOWSsystem32driversdrvnddm.sys [2002-02-12 40096]
R2 tfsnboio;tfsnboio; C:WINDOWSsystem32dlatfsnboio.sys [2002-05-09 23607]
R2 tfsncofs;tfsncofs; C:WINDOWSsystem32dlatfsncofs.sys [2002-05-09 34743]
R2 tfsndrct;tfsndrct; C:WINDOWSsystem32dlatfsndrct.sys [2002-05-09 4119]
R2 tfsndres;tfsndres; C:WINDOWSsystem32dlatfsndres.sys [2002-05-09 2203]
R2 tfsnifs;tfsnifs; C:WINDOWSsystem32dlatfsnifs.sys [2002-05-09 52790]
R2 tfsnopio;tfsnopio; C:WINDOWSsystem32dlatfsnopio.sys [2002-05-09 13847]
R2 tfsnpool;tfsnpool; C:WINDOWSsystem32dlatfsnpool.sys [2002-05-09 6327]
R2 tfsnudf;tfsnudf; C:WINDOWSsystem32dlatfsnudf.sys [2002-05-09 88758]
R2 tfsnudfa;tfsnudfa; C:WINDOWSsystem32dlatfsnudfa.sys [2002-05-09 94679]
R3 ac97intc;Intel(r) 82801DB/DBM Audio Driver Service (WDM); C:WINDOWSsystem32driversac97ich4.sys [2006-02-21 107776]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-03 14080]
R3 E100B;Intel(R) PRO Network Connection Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2006-10-31 165760]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2002-03-08 13780]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 P3;Intel PentiumIII Processor Driver; C:WINDOWSsystem32DRIVERSp3.sys [2004-08-04 42496]
S3 atimpab;atimpab; C:WINDOWSsystem32DRIVERSatimpab.sys [2001-08-17 289664]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 cwcspud;Crystal SoundFusion(tm) Driver; C:WINDOWSsystem32driverscwcspud.sys [2001-08-17 111872]
S3 cwcwdm;Crystal SoundFusion(tm) WDM Driver; C:WINDOWSsystem32driverscwcwdm.sys [2001-08-17 93952]
S3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 NSCIRDA;NSC Infrared Device Driver; C:WINDOWSsystem32DRIVERSnscirda.sys [2004-08-03 28672]
S3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2009-01-17 47360]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:WINDOWSsystem32DRIVERSCamDrL21.sys [2004-02-14 244096]
S3 Rasirda;WAN Miniport (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:WINDOWSsystem32DRIVERSTwoTrack.sys [2001-08-17 11520]
S3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DVD-RAM_Service;DVD-RAM_Service; C:WINDOWSsystem32DVDRAMSV.exe [2003-03-13 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-01-03 152984]
R2 Rbspxe;Remote Boot Service; C:WINDOWSSystem32svchost.exe [2004-08-04 14336]
R2 TFTPD;Trivial File Transfer Protocol; C:Program FilesWindows EmbeddedRemote Boot Servicetftpd.exe [2004-08-31 19484]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
S2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32atievxx.exe [2001-08-17 37376]
S2 StyleXPService;StyleXPService; C:Program FilesTGTSoftStyleXPStyleXPService.exe [2005-07-07 344064]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2003-02-20 32768]
S3 MSSQLSERVER;MSSQLSERVER; C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlagent.EXE [2002-12-17 311872]

---

EOF

---

[Автор]

Сообщения