Созданные ответы форума
-
Сообщения
-
Уважаемый Валерий!
Спасибо вам большое! С 16.02.2009 признаков вирусной/троянской активности на моём компьютере не наблюдается.
Думаю, тему можно закрыть.Ещё раз спасибо, всего Вам доброго!
Проявлений вирусной/троянской активности пока нет.
Точнее, последний раз NOD32 «ругнулся» 16 февраля. С тех пор больше сообщений не было.Я полагаю, что это случилось, в конечном итоге, благодаря GMER. Он, конечно, до конца не отработал («валился» в процессе сканирования), но что-то явно изменил. Правда, я запускал ещё пару-тройку онлайновых сканеров: Панду, Касперского и TrendMicro. Панда понравилась за простоту, Касперского запускал несколько раз (всё-таки весьма своеобразная программа!), TrendMicro оставляет ощущение какой-то недоделанности…
Вопрос: как удалить старые ссылки на прежние firewall’ы (они видны в логах ComboFix’а)? Да и прочее неиспользуемое ПО. Вообще-то у меня установлен Auslogics BoostSpeed, там есть функции очистки, но как-то не до конца он очищает.
Заранее спасибо.
RegDelNull ни о чём не спрашивал: отобразил при первом запуске лицензионное соглашение, отработал и вывел «Scan complete.»
Запустил для верности ещё раз. Снова получил «Scan complete.»ComboFix с параметрами запустил (правда, я что-то сразу не просёк, что нужно было сделать _текстовый_ файл, поэтому сделал файл с именем без расширения; думаю, это ни на что не влияет). Он снова скачал обновление (программа регулярно обновляется?). Вот лог:
ComboFix 09-03-06.02 — User 2009-03-07 21:06:15.5 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.1535.712 [GMT 3:00]
Running from: z:remedyComboFixComboFix.exe
Command switches used :: C:CFScript
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated)
FW: Panda Antivirus Platinum 7 *disabled*
FW: PC Tools Firewall Plus *disabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.2009-03-07 20:58 . 2006-11-01 13:06 162,616
C:RegDelNull.exe
2009-03-03 21:57 . 2008-12-11 08:38 159,600 —a
c:windowssystem32driverspctgntdi.sys
2009-03-03 21:57 . 2009-02-23 10:11 130,424 —a
c:windowssystem32driversPCTCore.sys
2009-03-03 21:57 . 2008-12-18 12:16 73,840 —a
c:windowssystem32driversPCTAppEvent.sys
2009-03-03 21:54 . 2008-09-22 12:29 97,408 —a
c:windowssystem32driverspctfw.sys
2009-03-03 21:54 . 2009-01-21 10:38 95,640 —a
c:windowssystem32driverspctplfw.sys
2009-03-02 21:05 . 2009-03-02 21:09 2,933,037 -ra
C:ComboFix.exe
2009-03-01 00:31 . 2009-01-09 22:19 1,089,593
c— c:windowssystem32dllcachentprint.cat
2009-02-27 22:37 . 2009-02-27 22:37d
c:documents and settingsUserWINDOWS
2009-02-27 22:37 . 2009-02-27 22:37d
c:documents and settingsUserWINDOWS
2009-02-23 17:16 . 2009-02-28 12:30d
c:temppmagic
2009-02-22 21:05 . 2009-02-22 21:05 4,444 —a
c:windowssystem32pid.PNF
2009-02-21 22:36 . 2009-02-21 22:36d
c:documents and settingsUserApplication DataImgBurn
2009-02-15 12:50 . 2009-02-15 12:50 72,192 —a
c:windowscadkasdeinst01e.exe
2009-02-14 12:35 . 2009-02-14 12:35d—hs—- c:documents and settingsБэттаPrivacIE
2009-02-14 12:35 . 2009-02-14 12:35d—hs—- c:documents and settingsБэттаPrivacIE
2009-02-14 12:35 . 2009-02-14 12:35d
c:documents and settingsБэттаApplication DataWindows Desktop Search
2009-02-14 12:35 . 2009-02-14 12:35d
c:documents and settingsБэттаApplication DataPCToolsFirewallPlus
2009-02-14 12:34 . 2009-02-14 12:34d—hs—- c:documents and settingsБэттаIETldCache
2009-02-14 12:34 . 2009-02-14 12:34d—hs—- c:documents and settingsБэттаIETldCache
2009-02-13 22:02 . 2009-02-13 22:10 250 —a
c:windowsgmer.ini
2009-02-11 23:52 . 2009-02-11 23:52d
c:windowssystem32XPSViewer
2009-02-11 23:51 . 2009-02-11 23:51d
c:program filesReference Assemblies
2009-02-11 23:51 . 2008-07-06 15:06 1,676,288
c:windowssystem32xpssvcs.dll
2009-02-11 23:51 . 2008-07-06 15:06 1,676,288
c— c:windowssystem32dllcachexpssvcs.dll
2009-02-11 23:51 . 2008-07-06 13:50 597,504
c— c:windowssystem32dllcacheprintfilterpipelinesvc.exe
2009-02-11 23:51 . 2008-07-06 15:06 575,488
c:windowssystem32xpsshhdr.dll
2009-02-11 23:51 . 2008-07-06 15:06 575,488
c— c:windowssystem32dllcachexpsshhdr.dll
2009-02-11 23:51 . 2008-07-06 15:06 117,760
c:windowssystem32prntvpt.dll
2009-02-11 23:51 . 2008-07-06 15:06 89,088
c— c:windowssystem32dllcachefilterpipelineprintproc.dll
2009-02-11 23:01 . 2009-02-11 23:01d
c:temp1
2009-02-11 20:02 . 2009-02-11 20:04d
c:temphsperfdata_Administrator
2009-02-11 19:40 . 2009-02-11 19:40d—hs—- c:documents and settingsAdministratorPrivacIE
2009-02-11 19:40 . 2009-02-11 19:40d—hs—- c:documents and settingsAdministratorIETldCache
2009-02-11 18:41 . 2009-02-11 18:41d
c:tempru-ru
2009-02-11 18:41 . 2009-02-11 18:41d
c:tempen-us
2009-02-11 18:41 . 2009-02-11 18:41d
c:documents and settingsAdministratorApplication DataWindows Desktop Search
2009-02-11 18:40 . 2009-02-11 18:40d
c:tempWPDNSE
2009-02-08 21:50 . 2009-02-08 21:50 210,052 —a
c:windowssystem32SII-TT-0021B.pdf
2009-02-08 17:31 . 2009-03-02 19:30d
c:program filesMicrosoft Silverlight
2009-02-08 17:30 . 2009-02-08 17:30d
c:windowssystem32GroupPolicy
2009-02-08 17:30 . 2009-02-27 22:24d
c:program filesWindows Desktop Search
2009-02-08 17:29 . 2008-03-07 20:02 192,000
c— c:windowssystem32dllcacheofffilt.dll
2009-02-08 17:29 . 2008-03-07 20:02 98,304
c— c:windowssystem32dllcachenlhtml.dll
2009-02-08 17:29 . 2008-03-07 20:02 29,696
c— c:windowssystem32dllcachemimefilt.dll
2009-02-07 23:21 . 2009-02-07 23:21d—hs—- c:documents and settingsUserIETldCache
2009-02-07 23:21 . 2009-02-07 23:21d—hs—- c:documents and settingsUserIETldCache
2009-02-07 22:46 . 2009-02-07 22:46d
c:windowsie8updates
2009-02-07 22:43 . 2009-02-07 22:44d—h-c— c:windowsie8
2009-02-07 22:40 . 2009-01-11 08:00 79,360
c— c:windowssystem32dllcacheiecompat.dll
2009-02-07 20:56 . 2009-02-07 20:56d—hs—- c:documents and settingsUserPrivacIE
2009-02-07 20:56 . 2009-02-07 20:56d—hs—- c:documents and settingsUserPrivacIE
2009-02-07 18:21 . 2009-02-07 18:21d
c:program filesWindows Media Connect 2
2009-02-07 18:08 . 2009-02-07 18:08d
c:windowssystem32LogFiles
2009-02-07 18:08 . 2009-02-07 18:14d
c:windowssystem32driversUMDF
2009-02-07 15:50 . 2009-02-07 15:50d
c:windowssystem32CatRoot_bak
2009-02-07 15:09 . 2008-04-13 22:06 144,384
c:windowssystem32drivershdaudbus.sys
2009-02-07 15:09 . 2008-04-14 00:10 10,240
c:windowssystem32driverssffp_mmc.sys
2009-02-07 15:06 . 2006-12-29 00:31 19,569 —a
c:windows003610_.tmp.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 18:09
d
w c:documents and settingsUserApplication DataDNA
2009-03-07 18:07
d
w c:documents and settingsUserApplication DataSkype
2009-03-07 17:50
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-03-07 17:50
d
w c:documents and settingsUserApplication DataskypePM
2009-03-07 17:49
d
w c:program filesDNA
2009-03-07 02:59
d
w c:documents and settingsUserApplication DataBitTorrent
2009-03-06 20:58
d
w c:program filesSpyware Doctor
2009-03-06 20:41
d
w c:documents and settingsAll UsersApplication DataGoogle Updater
2009-03-03 18:54
d
w c:program filesCommon FilesPC Tools
2009-02-28 08:36
d
w c:program filesD-Link
2009-02-27 18:14
d
w c:program filesGoogle
2009-02-21 21:41
d
w c:documents and settingsUserApplication Datavlc
2009-02-20 20:57
d
w c:documents and settingsUserApplication Datadvdcss
2009-02-11 21:32
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-02-11 20:52
d
w c:program filesMSBuild
2009-02-11 07:19 38,496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-02-11 07:19 15,504 —-a-w c:windowssystem32driversmbam.sys
2009-02-09 17:01
d—h—w c:program filesInstallShield Installation Information
2009-02-07 13:11
d
w c:documents and settingsUserApplication DatauTorrent
2009-02-04 19:28
d
w c:program filesWindows Live Safety Center
2009-02-04 18:59
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-02-02 17:47
d
w c:documents and settingsAll UsersApplication DataMalwarebytes
2009-02-02 17:47
d
w c:documents and settingsUserApplication DataMalwarebytes
2009-02-01 14:30
d
w c:program filesPanda Security
2009-02-01 13:02
d
w c:program filesCodeSaver
2009-02-01 12:32
d
w c:program filesCommon FilesLogiShrd
2009-02-01 12:29
d
w c:program filesLogitech
2009-02-01 12:29
d
w c:documents and settingsAll UsersApplication DataLogishrd
2009-01-31 21:01
d
w c:program filestrend micro
2009-01-31 17:35
d
w c:documents and settingsAdministratorApplication DataAuslogics
2009-01-29 18:22
d
w c:documents and settingsAdministratorApplication DataOpenOffice.org
2009-01-29 17:43
d
w c:documents and settingsAdministratorApplication DataGrabPro
2009-01-29 17:42
d
w c:documents and settingsAdministratorApplication DataOrbit
2009-01-29 17:38
d
w c:documents and settingsAdministratorApplication DataPCToolsFirewallPlus
2009-01-29 17:34
d
w c:documents and settingsUserApplication DataOrbit
2009-01-17 13:39
d
w c:documents and settingsUserApplication DataPCToolsFirewallPlus
2009-01-15 20:34
d
w c:program filesCOMODO
2009-01-15 19:29
d
w c:program filesCommon FilesReal
2009-01-15 04:55
d
w c:documents and settingsБэттаApplication DataOrbit
2009-01-14 23:05 911,872 —-a-w c:windowssystem32wininet.dll
2009-01-14 23:05 43,008 —-a-w c:windowssystem32licmgr10.dll
2009-01-14 23:04 18,944 —-a-w c:windowssystem32corpol.dll
2009-01-14 23:03 72,704 —-a-w c:windowssystem32admparse.dll
2009-01-14 23:03 71,680 —-a-w c:windowssystem32iesetup.dll
2009-01-14 23:03 420,352 —-a-w c:windowssystem32vbscript.dll
2009-01-14 23:01 34,304 —-a-w c:windowssystem32imgutil.dll
2009-01-14 23:00 48,128 —-a-w c:windowssystem32mshtmler.dll
2009-01-14 23:00 45,568 —-a-w c:windowssystem32mshta.exe
2009-01-14 22:50 156,160 —-a-w c:windowssystem32msls31.dll
2009-01-12 21:17
d
w c:program filesKMPlayer
2009-01-12 19:18 68,096 —-a-w c:windowsScUnin.exe
2009-01-11 20:49
d
w c:program filesStarCraft
2009-01-11 20:05
d
w c:documents and settingsUserApplication DataStarDict
2009-01-11 20:04
d
w c:program filesStarDict
2009-01-11 18:03
d
w c:program filesRealtek AC97
2009-01-11 16:54
d
w c:program filesCommon FilesAdobe AIR
2009-01-10 11:02
d
w c:program filesCanon
2009-01-09 11:06
d
w c:program filesMicrosoft Works
2009-01-09 10:52
d
w c:program filesMicrosoft Visual Studio 8
2009-01-09 08:14
d
w c:program filesMicrosoft CAPICOM
2009-01-08 20:59
d
w c:program filesMicrosoft Baseline Security Analyzer 2
2009-01-05 22:33 3,751,995 —-a-w c:windowssystem32GPhotos.scr
2009-01-01 11:33 35,912 —-a-w c:documents and settingsUserApplication DataGDIPFONTCACHEV1.DAT
2008-12-17 06:01 432,664 —-a-w c:windowssystem32LVUI2RC.dll
2008-12-17 06:00 494,104 —-a-w c:windowssystem32LVUI2.dll
2008-12-17 05:55 416,280 —-a-w c:windowssystem32lvcodec2.dll
2008-12-17 05:55 195,096 —-a-w c:windowssystem32lvci11901262.dll
2008-12-17 05:37 29,562 —-a-w c:windowssystem32Repository.reg
2008-12-08 17:04 410,984 —-a-w c:windowssystem32deploytk.dll
2008-12-08 09:53 57,344 —-a-w c:windowssystem32ff_vfw.dll
2008-11-13 12:12 35,912 —-a-w c:documents and settingsБэттаApplication DataGDIPFONTCACHEV1.DAT
2008-02-13 17:45 32,128 —-a-w c:documents and settingsЛизунчикApplication DataGDIPFONTCACHEV1.DAT
2004-02-19 18:31 204 —-a-w c:documents and settingsUserccd4.reg
2004-02-19 18:31 204 —-a-w c:documents and settingsUserccd4.reg
2002-08-29 10:57 834,516 —-a-r c:windowsinfiis.tmp
2006-01-04 17:41 45,056 —-a-w c:program filesmozilla firefoxpluginsUPD62INT.dll
2005-04-16 12:30 56 —sh—r c:windowssystem320875F77CC7.sys
.((((((((((((((((((((((((((((( SnapShot_2009-03-02_21.17.19,75 )))))))))))))))))))))))))))))))))))))))))
.
— 2009-03-02 16:32:20 32,768 —-a-w c:windowssystem32configsystemprofileCookiesindex.dat
+ 2009-03-07 17:50:01 32,768 —-a-w c:windowssystem32configsystemprofileCookiesindex.dat
— 2009-03-02 16:32:20 32,768 —-a-w c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
+ 2009-03-07 17:50:01 32,768 —-a-w c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
— 2009-03-02 16:32:20 49,152 —-a-w c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
+ 2009-03-07 17:50:01 49,152 —-a-w c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
— 2009-03-02 16:37:00 71,904 —-a-w c:windowssystem32perfc009.dat
+ 2009-03-07 17:54:33 71,904 —-a-w c:windowssystem32perfc009.dat
— 2009-03-02 16:37:06 444,028 —-a-w c:windowssystem32perfh009.dat
+ 2009-03-07 17:54:33 444,028 —-a-w c:windowssystem32perfh009.dat
+ 2009-03-07 17:49:57 16,384 —-atw c:windowstempPerflib_Perfdata_ff4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«googletalk»=»c:program filesGoogleGoogle Talkgoogletalk.exe» [2007-01-02 3739648]
«mRouterConfig»=»c:program filesIntuwaveSharedmRouterRuntimemRouterConfig.exe» [2006-03-02 290816]
«Auslogics BoostSpeed 4″=»z:program filesAusLogicsBoostSpeedboostspeed.exe» [2009-01-25 361584]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320]
«IPPON MONITOR»=»z:program filesipponMonitorippmon_0_99_6.exe» [2005-08-07 847360]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2007-11-03 68856]
«BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2009-02-06 342848][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 8.0Lvagent.exe» [2002-12-10 102400]
«NVRTCLK»=»c:windowssystem32NVRTCLKNVRTClk.exe» [2003-12-30 24576]
«PC Suite for Smartphones»=»c:program filesSony EricssonMobile4Application LauncherApplication Launcher.exe» [2007-12-25 548864]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-08-29 61440]
«ZBrowser Launcher»=»z:program filesLogitechiTouchiTouch.exe» [2004-03-18 892928]
«SunJavaUpdateSched»=»z:program filesJavajre6binjusched.exe» [2008-12-08 136600]
«Sunkist2k»=»c:program filesMultimedia Card Readershwicon2k.exe» [2005-02-25 131072]
«LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [2008-12-20 2656528]
«ISTray»=»c:program filesSpyware DoctorpctsTray.exe» [2008-12-21 1168264]
«00PCTFW»=»z:program filesPC ToolsFirewall PlusFirewallGUI.exe» [2009-02-23 2652056]
«Logitech Utility»=»Logi_MwX.Exe» [2003-12-17 c:windowsLOGI_MWX.EXE]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-14 c:windowssystem32bthprops.cpl]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-16 c:windowssoundman.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsAdministratorStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — z:program filesOpenOffice.org 3programquickstart.exe [2009-01-08 384000]c:documents and settingsЊпгиStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — z:program filesOpenOffice.org 3programquickstart.exe [2009-01-08 384000]c:documents and settingsAll UsersStart MenuProgramsStartup
BlueSoleil.lnk — c:program filesIVT CorporationBlueSoleilBlueSoleil.exe [2006-07-16 626176]
Џа®Ја ¬¬ ®Ў®ў«ҐЁ© Google.lnk — c:program filesGoogleGoogle UpdaterGoogleUpdater.exe [2007-11-03 161776][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3radius»= l3codecp.acm
«vidc.I263″= I263_32.drv
«msacm.divxa32″= msaud32_divx.acm[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0smrgdf c:program filesiolosystem mechanic 4[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«CTFMON.EXE»=c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe»
«RegKillElbyCheck»=»c:program filesElaborate BytesDVD Region KillerElbyCheck.exe» /L RegKill
«DAEMON Tools-1033″=»c:program filesD-Toolsdaemon.exe» -lang 1033[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\Google\Google Talk\googletalk.exe»=
«c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe»=
«z:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe»=
«c:\Program Files\DNA\btdna.exe»=
«z:\Program Files\BitTorrent\bittorrent.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2009-02-01 28544]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-07-01 34312]
R1 pctgntdi;pctgntdi;c:windowssystem32driverspctgntdi.sys [2009-03-03 159600]
R1 prodrv04;Star Force copy protection driver v4;c:windowssystem32driversprodrv04.sys [2004-04-16 114496]
R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 ETDrv;ETDrv;c:windowssystem32driversETDrv.sys [2003-12-12 151476]
R2 PCTAppEvent;PCTAppEvent Driver;c:windowssystem32driversPCTAppEvent.sys [2009-03-03 73840]
R2 PGPdisk;PGPdisk;c:windowssystem32driversPGPdisk.sys [2004-12-10 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:windowssystem32driversPGPsdk.sys [2004-12-10 26624]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [2008-03-01 356920]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:windowssystem32driversm4cxw2k3.sys [2007-02-15 250752]
R3 pctplfw;pctplfw;c:windowssystem32driverspctplfw.sys [2009-03-03 95640]
R3 RegKill;RegKill;c:windowssystem32driversRegKill.sys [2002-11-28 6400]
S2 gupdate1c9652ad837e686;Google Update Service (gupdate1c9652ad837e686);c:program filesGoogleUpdateGoogleUpdate.exe [2008-12-23 133104]
S2 SVKP;SVKP; [x]
S3 ACSET;ACS USB Smart Card Reader;c:windowssystem32driversacrusbxp.sys [2006-11-27 25728]
S3 ACSSCR;ACR38 Smart Card Reader;c:windowssystem32driversa38usbxp.sys [2006-03-12 24832]
S3 cxbu0wdm;CardMan 3×21;c:windowssystem32driverscxbu0wdm.sys [2008-01-15 97792]
S3 OracleClientCache80;OracleClientCache80;c:oracleproduct8.0.6BINONRSD80.EXE —> c:oracleproduct8.0.6BINONRSD80.EXE [?]
S3 OracleOracle9iR2ClientCache;OracleOracle9iR2ClientCache;c:oracleproduct9.2.0BINONRSD.EXE —> c:oracleproduct9.2.0BINONRSD.EXE [?]
S3 OracleOracle9iR2HTTPServer;OracleOracle9iR2HTTPServer;»c:oracleproduct9.2.0ApacheApacheapache.exe» —ntservice —> c:oracleproduct9.2.0ApacheApacheapache.exe [?]
S3 OracleOracle9iR2PagingServer;OracleOracle9iR2PagingServer;c:oracleproduct9.2.0/bin/pagntsrv.exe —> c:oracleproduct9.2.0/bin/pagntsrv.exe [?]
S3 OracleOracle9iR2TNSListener;OracleOracle9iR2TNSListener;c:oracleproduct9.2.0BINTNSLSNR —> c:oracleproduct9.2.0BINTNSLSNR [?]
S3 OracleServiceCARBON;OracleServiceCARBON;c:oracleproduct9.2.0binORACLE.EXE CARBON —> c:oracleproduct9.2.0binORACLE.EXE CARBON [?]
S3 pcwe;pcwe;??c:program filesPC Wizard 2005pcwizard.sys —> c:program filesPC Wizard 2005pcwizard.sys [?]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:windowssystem32driversSE31bus.sys [2006-10-15 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:windowssystem32driversSE31mdfl.sys [2006-10-15 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:windowssystem32driversSE31mdm.sys [2006-10-15 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:windowssystem32driversSE31mgmt.sys [2006-10-15 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:windowssystem32driversse31nd5.sys [2006-10-15 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:windowssystem32driversSE31obex.sys [2006-10-15 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:windowssystem32driversse31unic.sys [2006-10-15 90800]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:windowssystem32DRIVERSyk51lagg.sys —> c:windowssystem32DRIVERSyk51lagg.sys [?]
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:windowssystem32driversskvlan.sys [2006-05-17 19328]
S4 Kbisunervpww;Kbisunervpww; [x]— Other Services/Drivers In Memory —
*Deregistered* — mchInjDrv
*Deregistered* — mscgcosd[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e9138ea2-7fdb-11db-8485-028037010300}]
ShellAutoRuncommand — I:umenu.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder2009-03-07 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-02-13 23:34]
.
.
Supplementary Scan
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/201
IE: &Grab video by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/204
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Do&wnload selected by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/203
IE: Down&load all by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/202
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать все при помощи FlashGet — z:program filesFlashGetjc_all.htm
IE: Закачать при помощи Download Master
IE: Закачать при помощи FlashGet — z:program filesFlashGetjc_link.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
Handler: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — z:program filesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
Handler: yandexcd — {e519db43-cff1-11d1-be82-0000c0df45f8} — c:windowsYandexCD.dll
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} — hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.default
FF — prefs.js: browser.search.selectedEngine — Orbit Search (Powered By Google)
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}componentsnstidy.dll
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{cf2812dc-6a7c-4402-b639-4d277dac4c36}componentsschemval.dll
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{cf2812dc-6a7c-4402-b639-4d277dac4c36}componentsxforms.dll
FF — plugin: c:program filesGoogleGoogle Updater2.4.1487.6512npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.141.5npGoogleOneClick7.dll
FF — plugin: z:program filesGooglePicasa3npPicasa3.dll
FF — plugin: z:program filesJavajre6binnew_pluginnpdeploytk.dll
FF — plugin: z:program filesJavajre6binnew_pluginnpjp2.dll
FF — plugin: z:program filesMozillaFirefoxpluginsnpbittorrent.dll—- FIREFOX POLICIES —-
FF — user.js: network.http.max-connections-per-server — 4
FF — user.js: content.max.tokenizing.time — 1500000
FF — user.js: content.notify.interval — 750000
FF — user.js: nglayout.initialpaint.delay — 100
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 21:10:40
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet003ServicesOracleOracle9iR2PagingServer]
«ImagePath»=»c:oracleproduct9.2.0/bin/pagntsrv.exe»[HKEY_LOCAL_MACHINESystemControlSet003ServicesOracleOracle9iR2TNSListener]
«ImagePath»=»c:oracleproduct9.2.0BINTNSLSNR «
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindowsCurrentVersionReinstallШP*]
«DisplayName»=»?13?13″
«DeviceDesc»=»?13?13″
«ProviderName»=»»
«MFG»=»???\»
«ReinstallString»=»c:\WINDOWS\System32\ReinstallBackups\?13\DriverFiles\.INF»
«DeviceInstanceIds»=multi:»nf\cx_08948.inf00″
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(348)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2009-03-07 21:13:07
ComboFix-quarantined-files.txt 2009-03-07 18:13:03
ComboFix2.txt 2009-03-02 18:18:48
ComboFix3.txt 2009-02-10 18:20:44
ComboFix4.txt 2009-02-10 17:23:15
ComboFix5.txt 2009-03-07 18:05:17Pre-Run: 5 798 965 248 bytes free
Post-Run: 5,778,112,512 bytes free362 — E O F — 2009-03-01 09:33:12
Вот последний лог ComboFix
ComboFix 09-03-02.01 — User 2009-03-02 21:11:49.4 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.1535.908 [GMT 3:00]
Running from: C:ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated)
FW: Panda Antivirus Platinum 7 *disabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.2009-03-02 21:05 . 2009-03-02 21:09 2,933,037 -ra
C:ComboFix.exe
2009-03-01 00:31 . 2009-01-09 22:19 1,089,593
c— c:windowssystem32dllcachentprint.cat
2009-02-27 22:37 . 2009-02-27 22:37d
c:documents and settingsUserWINDOWS
2009-02-27 22:37 . 2009-02-27 22:37d
c:documents and settingsUserWINDOWS
2009-02-23 17:16 . 2009-02-28 12:30d
c:temppmagic
2009-02-22 21:05 . 2009-02-22 21:05 4,444 —a
c:windowssystem32pid.PNF
2009-02-21 22:36 . 2009-02-21 22:36d
c:documents and settingsUserApplication DataImgBurn
2009-02-15 12:50 . 2009-02-15 12:50 72,192 —a
c:windowscadkasdeinst01e.exe
2009-02-14 12:35 . 2009-02-14 12:35d—hs—- c:documents and settingsБэттаPrivacIE
2009-02-14 12:35 . 2009-02-14 12:35d—hs—- c:documents and settingsБэттаPrivacIE
2009-02-14 12:35 . 2009-02-14 12:35d
c:documents and settingsБэттаApplication DataWindows Desktop Search
2009-02-14 12:35 . 2009-02-14 12:35d
c:documents and settingsБэттаApplication DataPCToolsFirewallPlus
2009-02-14 12:34 . 2009-02-14 12:34d—hs—- c:documents and settingsБэттаIETldCache
2009-02-14 12:34 . 2009-02-14 12:34d—hs—- c:documents and settingsБэттаIETldCache
2009-02-13 22:02 . 2009-02-13 22:10 250 —a
c:windowsgmer.ini
2009-02-11 23:52 . 2009-02-11 23:52d
c:windowssystem32XPSViewer
2009-02-11 23:51 . 2009-02-11 23:51d
c:program filesReference Assemblies
2009-02-11 23:51 . 2008-07-06 15:06 1,676,288
c:windowssystem32xpssvcs.dll
2009-02-11 23:51 . 2008-07-06 15:06 1,676,288
c— c:windowssystem32dllcachexpssvcs.dll
2009-02-11 23:51 . 2008-07-06 13:50 597,504
c— c:windowssystem32dllcacheprintfilterpipelinesvc.exe
2009-02-11 23:51 . 2008-07-06 15:06 575,488
c:windowssystem32xpsshhdr.dll
2009-02-11 23:51 . 2008-07-06 15:06 575,488
c— c:windowssystem32dllcachexpsshhdr.dll
2009-02-11 23:51 . 2008-07-06 15:06 117,760
c:windowssystem32prntvpt.dll
2009-02-11 23:51 . 2008-07-06 15:06 89,088
c— c:windowssystem32dllcachefilterpipelineprintproc.dll
2009-02-11 23:01 . 2009-02-11 23:01d
c:temp1
2009-02-11 20:02 . 2009-02-11 20:04d
c:temphsperfdata_Administrator
2009-02-11 19:40 . 2009-02-11 19:40d—hs—- c:documents and settingsAdministratorPrivacIE
2009-02-11 19:40 . 2009-02-11 19:40d—hs—- c:documents and settingsAdministratorIETldCache
2009-02-11 18:41 . 2009-02-11 18:41d
c:tempru-ru
2009-02-11 18:41 . 2009-02-11 18:41d
c:tempen-us
2009-02-11 18:41 . 2009-02-11 18:41d
c:documents and settingsAdministratorApplication DataWindows Desktop Search
2009-02-11 18:40 . 2009-02-11 18:40d
c:tempWPDNSE
2009-02-08 21:50 . 2009-02-08 21:50 210,052 —a
c:windowssystem32SII-TT-0021B.pdf
2009-02-08 17:31 . 2009-03-02 19:30d
c:program filesMicrosoft Silverlight
2009-02-08 17:30 . 2009-02-08 17:30d
c:windowssystem32GroupPolicy
2009-02-08 17:30 . 2009-02-27 22:24d
c:program filesWindows Desktop Search
2009-02-08 17:29 . 2008-03-07 20:02 192,000
c— c:windowssystem32dllcacheofffilt.dll
2009-02-08 17:29 . 2008-03-07 20:02 98,304
c— c:windowssystem32dllcachenlhtml.dll
2009-02-08 17:29 . 2008-03-07 20:02 29,696
c— c:windowssystem32dllcachemimefilt.dll
2009-02-07 23:21 . 2009-02-07 23:21d—hs—- c:documents and settingsUserIETldCache
2009-02-07 23:21 . 2009-02-07 23:21d—hs—- c:documents and settingsUserIETldCache
2009-02-07 22:46 . 2009-02-07 22:46d
c:windowsie8updates
2009-02-07 22:43 . 2009-02-07 22:44d—h-c— c:windowsie8
2009-02-07 22:40 . 2009-01-11 08:00 79,360
c— c:windowssystem32dllcacheiecompat.dll
2009-02-07 20:56 . 2009-02-07 20:56d—hs—- c:documents and settingsUserPrivacIE
2009-02-07 20:56 . 2009-02-07 20:56d—hs—- c:documents and settingsUserPrivacIE
2009-02-07 18:21 . 2009-02-07 18:21d
c:program filesWindows Media Connect 2
2009-02-07 18:08 . 2009-02-07 18:08d
c:windowssystem32LogFiles
2009-02-07 18:08 . 2009-02-07 18:14d
c:windowssystem32driversUMDF
2009-02-07 15:50 . 2009-02-07 15:50d
c:windowssystem32CatRoot_bak
2009-02-07 15:09 . 2008-04-13 22:06 144,384
c:windowssystem32drivershdaudbus.sys
2009-02-07 15:09 . 2008-04-14 00:10 10,240
c:windowssystem32driverssffp_mmc.sys
2009-02-07 15:06 . 2006-12-29 00:31 19,569 —a
c:windows003610_.tmp
2009-02-06 22:20 . 2009-03-02 19:35d
c:program filesDNA
2009-02-06 22:20 . 2009-03-02 21:15d
c:documents and settingsUserApplication DataDNA
2009-02-06 22:20 . 2009-03-02 21:10d
c:documents and settingsUserApplication DataBitTorrent
2009-02-06 21:43 . 2009-02-06 21:43d—hs—- c:tempRECYCLER
2009-02-06 21:37 . 2009-03-02 21:16d
c:tempenforcer
2009-02-04 21:59 . 2009-02-04 21:59d
c:windowssystem32Kaspersky Lab
2009-02-04 21:59 . 2009-02-04 21:59d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-02-04 21:42 . 2009-02-04 22:28d
c:program filesWindows Live Safety Center
2009-02-02 20:47 . 2009-02-02 20:47d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-02-02 20:47 . 2009-02-02 20:47d
c:documents and settingsUserApplication DataMalwarebytes
2009-02-02 20:47 . 2009-02-11 10:19 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2009-02-02 20:47 . 2009-02-11 10:19 15,504 —a
c:windowssystem32driversmbam.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 18:10
d
w c:documents and settingsUserApplication DataSkype
2009-03-02 16:57
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-03-02 16:57
d
w c:program filesSpyware Doctor
2009-03-02 16:37
d
w c:documents and settingsUserApplication DataskypePM
2009-03-02 16:32
d
w c:documents and settingsAll UsersApplication DataGoogle Updater
2009-02-28 08:36
d
w c:program filesD-Link
2009-02-27 18:15
d
w c:program filesCommon FilesPC Tools
2009-02-27 18:14
d
w c:program filesGoogle
2009-02-21 21:41
d
w c:documents and settingsUserApplication Datavlc
2009-02-20 20:57
d
w c:documents and settingsUserApplication Datadvdcss
2009-02-11 21:32
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-02-11 20:52
d
w c:program filesMSBuild
2009-02-09 17:01
d—h—w c:program filesInstallShield Installation Information
2009-02-07 13:11
d
w c:documents and settingsUserApplication DatauTorrent
2009-02-01 14:30
d
w c:program filesPanda Security
2009-02-01 13:02
d
w c:program filesCodeSaver
2009-02-01 12:32
d
w c:program filesCommon FilesLogiShrd
2009-02-01 12:29
d
w c:program filesLogitech
2009-02-01 12:29
d
w c:documents and settingsAll UsersApplication DataLogishrd
2009-01-31 21:01
d
w c:program filestrend micro
2009-01-31 17:35
d
w c:documents and settingsAdministratorApplication DataAuslogics
2009-01-29 18:22
d
w c:documents and settingsAdministratorApplication DataOpenOffice.org
2009-01-29 17:43
d
w c:documents and settingsAdministratorApplication DataGrabPro
2009-01-29 17:42
d
w c:documents and settingsAdministratorApplication DataOrbit
2009-01-29 17:38
d
w c:documents and settingsAdministratorApplication DataPCToolsFirewallPlus
2009-01-29 17:34
d
w c:documents and settingsUserApplication DataOrbit
2009-01-17 13:39
d
w c:documents and settingsUserApplication DataPCToolsFirewallPlus
2009-01-15 20:34
d
w c:program filesCOMODO
2009-01-15 19:29
d
w c:program filesCommon FilesReal
2009-01-15 04:55
d
w c:documents and settingsБэттаApplication DataOrbit
2009-01-14 23:05 911,872 —-a-w c:windowssystem32wininet.dll
2009-01-14 23:05 43,008 —-a-w c:windowssystem32licmgr10.dll
2009-01-14 23:04 18,944 —-a-w c:windowssystem32corpol.dll
2009-01-14 23:03 72,704 —-a-w c:windowssystem32admparse.dll
2009-01-14 23:03 71,680 —-a-w c:windowssystem32iesetup.dll
2009-01-14 23:03 420,352 —-a-w c:windowssystem32vbscript.dll
2009-01-14 23:01 34,304 —-a-w c:windowssystem32imgutil.dll
2009-01-14 23:00 48,128 —-a-w c:windowssystem32mshtmler.dll
2009-01-14 23:00 45,568 —-a-w c:windowssystem32mshta.exe
2009-01-14 22:50 156,160 —-a-w c:windowssystem32msls31.dll
2009-01-12 21:17
d
w c:program filesKMPlayer
2009-01-12 19:18 68,096 —-a-w c:windowsScUnin.exe
2009-01-11 20:49
d
w c:program filesStarCraft
2009-01-11 20:05
d
w c:documents and settingsUserApplication DataStarDict
2009-01-11 20:04
d
w c:program filesStarDict
2009-01-11 18:03
d
w c:program filesRealtek AC97
2009-01-11 16:54
d
w c:program filesCommon FilesAdobe AIR
2009-01-10 11:02
d
w c:program filesCanon
2009-01-09 11:06
d
w c:program filesMicrosoft Works
2009-01-09 10:52
d
w c:program filesMicrosoft Visual Studio 8
2009-01-09 08:14
d
w c:program filesMicrosoft CAPICOM
2009-01-08 20:59
d
w c:program filesMicrosoft Baseline Security Analyzer 2
2009-01-06 14:05
d
w c:documents and settingsUserApplication DataCanneverbe_Limited
2009-01-05 22:33 3,751,995 —-a-w c:windowssystem32GPhotos.scr
2009-01-01 11:33 35,912 —-a-w c:documents and settingsUserApplication DataGDIPFONTCACHEV1.DAT
2008-12-17 06:01 432,664 —-a-w c:windowssystem32LVUI2RC.dll
2008-12-17 06:00 494,104 —-a-w c:windowssystem32LVUI2.dll
2008-12-17 05:55 416,280 —-a-w c:windowssystem32lvcodec2.dll
2008-12-17 05:55 195,096 —-a-w c:windowssystem32lvci11901262.dll
2008-12-17 05:37 29,562 —-a-w c:windowssystem32Repository.reg
2008-12-08 17:04 410,984 —-a-w c:windowssystem32deploytk.dll
2008-12-08 09:53 57,344 —-a-w c:windowssystem32ff_vfw.dll
2008-11-13 12:12 35,912 —-a-w c:documents and settingsБэттаApplication DataGDIPFONTCACHEV1.DAT
2008-02-13 17:45 32,128 —-a-w c:documents and settingsЛизунчикApplication DataGDIPFONTCACHEV1.DAT
2004-02-19 18:31 204 —-a-w c:documents and settingsUserccd4.reg
2004-02-19 18:31 204 —-a-w c:documents and settingsUserccd4.reg
2002-08-29 10:57 834,516 —-a-r c:windowsinfiis.tmp
2006-01-04 17:41 45,056 —-a-w c:program filesmozilla firefoxpluginsUPD62INT.dll
2005-04-16 12:30 56 —sh—r c:windowssystem320875F77CC7.sys
.((((((((((((((((((((((((((((( SnapShot_2009-02-10_20.21.14,62 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«googletalk»=»c:program filesGoogleGoogle Talkgoogletalk.exe» [2007-01-02 3739648]
«mRouterConfig»=»c:program filesIntuwaveSharedmRouterRuntimemRouterConfig.exe» [2006-03-02 290816]
«Auslogics BoostSpeed 4″=»z:program filesAusLogicsBoostSpeedboostspeed.exe» [2009-01-25 361584]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320]
«IPPON MONITOR»=»z:program filesipponMonitorippmon_0_99_6.exe» [2005-08-07 847360]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2007-11-03 68856]
«BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2009-02-06 342848][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 8.0Lvagent.exe» [2002-12-10 102400]
«NVRTCLK»=»c:windowssystem32NVRTCLKNVRTClk.exe» [2003-12-30 24576]
«PC Suite for Smartphones»=»c:program filesSony EricssonMobile4Application LauncherApplication Launcher.exe» [2007-12-25 548864]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-08-29 61440]
«ZBrowser Launcher»=»z:program filesLogitechiTouchiTouch.exe» [2004-03-18 892928]
«SunJavaUpdateSched»=»z:program filesJavajre6binjusched.exe» [2008-12-08 136600]
«Sunkist2k»=»c:program filesMultimedia Card Readershwicon2k.exe» [2005-02-25 131072]
«LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [2008-12-20 2656528]
«ISTray»=»c:program filesSpyware DoctorpctsTray.exe» [2008-12-21 1168264]
«Logitech Utility»=»Logi_MwX.Exe» [2003-12-17 c:windowsLOGI_MWX.EXE]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-14 c:windowssystem32bthprops.cpl]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-16 c:windowssoundman.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsAdministratorStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — z:program filesOpenOffice.org 3programquickstart.exe [2009-01-08 384000]c:documents and settings_пгиStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — z:program filesOpenOffice.org 3programquickstart.exe [2009-01-08 384000]c:documents and settingsAll UsersStart MenuProgramsStartup
BlueSoleil.lnk — c:program filesIVT CorporationBlueSoleilBlueSoleil.exe [2006-07-16 626176]
_аR_а ┐┐ RЎ-Rў<_-Ёc Google.lnk - c:program filesGoogleGoogle UpdaterGoogleUpdater.exe [2007-11-03 161776] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3radius»= l3codecp.acm
«vidc.I263″= I263_32.drv
«msacm.divxa32″= msaud32_divx.acm[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0smrgdf c:program filesiolosystem mechanic 4[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«CTFMON.EXE»=c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe»
«RegKillElbyCheck»=»c:program filesElaborate BytesDVD Region KillerElbyCheck.exe» /L RegKill
«DAEMON Tools-1033″=»c:program filesD-Toolsdaemon.exe» -lang 1033[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\Google\Google Talk\googletalk.exe»=
«c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe»=
«z:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe»=
«c:\Program Files\DNA\btdna.exe»=
«z:\Program Files\BitTorrent\bittorrent.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2009-02-01 28544]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-07-01 34312]
R1 prodrv04;Star Force copy protection driver v4;c:windowssystem32driversprodrv04.sys [2004-04-16 114496]
R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 ETDrv;ETDrv;c:windowssystem32driversETDrv.sys [2003-12-12 151476]
R2 PGPdisk;PGPdisk;c:windowssystem32driversPGPdisk.sys [2004-12-10 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:windowssystem32driversPGPsdk.sys [2004-12-10 26624]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [2008-03-01 356920]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:windowssystem32driversm4cxw2k3.sys [2007-02-15 250752]
R3 RegKill;RegKill;c:windowssystem32driversRegKill.sys [2002-11-28 6400]
S2 gupdate1c9652ad837e686;Google Update Service (gupdate1c9652ad837e686);c:program filesGoogleUpdateGoogleUpdate.exe [2008-12-23 133104]
S2 PCTAppEvent;PCTAppEvent Driver;??c:windowssystem32driversPCTAppEvent.sys —> c:windowssystem32driversPCTAppEvent.sys [?]
S2 SVKP;SVKP; [x]
S3 ACSET;ACS USB Smart Card Reader;c:windowssystem32driversacrusbxp.sys [2006-11-27 25728]
S3 ACSSCR;ACR38 Smart Card Reader;c:windowssystem32driversa38usbxp.sys [2006-03-12 24832]
S3 cxbu0wdm;CardMan 3×21;c:windowssystem32driverscxbu0wdm.sys [2008-01-15 97792]
S3 OracleClientCache80;OracleClientCache80;c:oracleproduct8.0.6BINONRSD80.EXE —> c:oracleproduct8.0.6BINONRSD80.EXE [?]
S3 OracleOracle9iR2ClientCache;OracleOracle9iR2ClientCache;c:oracleproduct9.2.0BINONRSD.EXE —> c:oracleproduct9.2.0BINONRSD.EXE [?]
S3 OracleOracle9iR2HTTPServer;OracleOracle9iR2HTTPServer;»c:oracleproduct9.2.0ApacheApacheapache.exe» —ntservice —> c:oracleproduct9.2.0ApacheApacheapache.exe [?]
S3 OracleOracle9iR2PagingServer;OracleOracle9iR2PagingServer;c:oracleproduct9.2.0/bin/pagntsrv.exe —> c:oracleproduct9.2.0/bin/pagntsrv.exe [?]
S3 OracleOracle9iR2TNSListener;OracleOracle9iR2TNSListener;c:oracleproduct9.2.0BINTNSLSNR —> c:oracleproduct9.2.0BINTNSLSNR [?]
S3 OracleServiceCARBON;OracleServiceCARBON;c:oracleproduct9.2.0binORACLE.EXE CARBON —> c:oracleproduct9.2.0binORACLE.EXE CARBON [?]
S3 pcwe;pcwe;??c:program filesPC Wizard 2005pcwizard.sys —> c:program filesPC Wizard 2005pcwizard.sys [?]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:windowssystem32driversSE31bus.sys [2006-10-15 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:windowssystem32driversSE31mdfl.sys [2006-10-15 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:windowssystem32driversSE31mdm.sys [2006-10-15 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:windowssystem32driversSE31mgmt.sys [2006-10-15 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:windowssystem32driversse31nd5.sys [2006-10-15 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:windowssystem32driversSE31obex.sys [2006-10-15 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:windowssystem32driversse31unic.sys [2006-10-15 90800]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:windowssystem32DRIVERSyk51lagg.sys —> c:windowssystem32DRIVERSyk51lagg.sys [?]
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:windowssystem32driversskvlan.sys [2006-05-17 19328]
S4 Kbisunervpww;Kbisunervpww; [x]— Other Services/Drivers In Memory —
*Deregistered* — mchInjDrv
*Deregistered* — mscgcosd[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e9138ea2-7fdb-11db-8485-028037010300}]
ShellAutoRuncommand — I:umenu.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder2009-03-02 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-02-13 23:34]
.
.
Supplementary Scan
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/201
IE: &Grab video by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/204
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Do&wnload selected by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/203
IE: Down&load all by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/202
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать все при помощи FlashGet — z:program filesFlashGetjc_all.htm
IE: Закачать при помощи Download Master
IE: Закачать при помощи FlashGet — z:program filesFlashGetjc_link.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
Handler: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — z:program filesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
Handler: yandexcd — {e519db43-cff1-11d1-be82-0000c0df45f8} — c:windowsYandexCD.dll
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} — hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.default
FF — prefs.js: browser.search.selectedEngine — Orbit Search (Powered By Google)
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}componentsnstidy.dll
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{cf2812dc-6a7c-4402-b639-4d277dac4c36}componentsschemval.dll
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{cf2812dc-6a7c-4402-b639-4d277dac4c36}componentsxforms.dll
FF — plugin: c:program filesGoogleGoogle Updater2.4.1487.6512npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.141.5npGoogleOneClick7.dll
FF — plugin: z:program filesGooglePicasa3npPicasa3.dll
FF — plugin: z:program filesJavajre6binnew_pluginnpdeploytk.dll
FF — plugin: z:program filesJavajre6binnew_pluginnpjp2.dll
FF — plugin: z:program filesMozillaFirefoxpluginsnpbittorrent.dll—- FIREFOX POLICIES —-
FF — user.js: network.http.max-connections-per-server — 4
FF — user.js: content.max.tokenizing.time — 1500000
FF — user.js: content.notify.interval — 750000
FF — user.js: nglayout.initialpaint.delay — 100
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 21:16:03
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet003ServicesOracleOracle9iR2PagingServer]
«ImagePath»=»c:oracleproduct9.2.0/bin/pagntsrv.exe»[HKEY_LOCAL_MACHINESystemControlSet003ServicesOracleOracle9iR2TNSListener]
«ImagePath»=»c:oracleproduct9.2.0BINTNSLSNR «
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{59193459-d9d8-4aff-a163-ba4966d01dad}]
@Denied: (Full) (Everyone)
«Model»=dword:00000070
«Therad»=dword:0000000f[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
«scansk»=hex(0):bf,ba,ee,48,ae,e9,46,33,61,29,c5,eb,88,1c,08,59,7d,c0,e3,34,6c,
d6,c6,5e,d2,e5,ea,d8,a3,39,ae,d2,13,de,1a,4c,3b,57,e2,5c,00,00,00,00,00,00,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
«scansk»=hex(0):9a,35,d3,3a,eb,33,32,14,ff,12,7e,ae,2a,86,a1,41,2e,99,1c,8b,1f,
06,87,c8,36,cb,ce,9b,3a,8c,bc,d9,48,76,67,e1,e2,61,24,1d,00,00,00,00,00,00,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7e89b566-7e6b-40e4-a9ec-e5a10ad6ef84}]
@Denied: (Full) (Everyone)
«Model»=dword:000000ae
«Therad»=dword:0000000f[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindowsCurrentVersionReinstallШP*]
«DisplayName»=»?13?13″
«DeviceDesc»=»?13?13″
«ProviderName»=»»
«MFG»=»???\»
«ReinstallString»=»c:\WINDOWS\System32\ReinstallBackups\?13\DriverFiles\.INF»
«DeviceInstanceIds»=multi:»nf\cx_08948.inf00″
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1376)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2009-03-02 21:18:46
ComboFix-quarantined-files.txt 2009-03-02 18:18:42
ComboFix2.txt 2009-02-10 18:20:44
ComboFix3.txt 2009-02-10 17:23:15
ComboFix4.txt 2009-02-06 18:43:32Pre-Run: 6 029 017 088 bytes free
Post-Run: 6,020,308,992 bytes free1113 — E O F — 2009-03-01 09:33:12
Доброго времени суток!
Уезжал на неделю в командировку, поэтому был небольшой перерыв.
Запустить-то программу GMER я запустил, но вот завершить свою работу она у меня не хочет. Сейчас уже не помню, но кажется вываливается BSOD. В любом случае приложить логи не могу. Однако есть и хорошая новость. За прошедшую неделю использования Windows вирус/троян/руткит себя не проявлял (судя по отсутствию «ругани» NOD32).
Как бы убедиться в том, что можно жить спокойно?
Вот вторая часть лога:
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«googletalk»=»c:program filesGoogleGoogle Talkgoogletalk.exe» [2007-01-02 3739648]
«mRouterConfig»=»c:program filesIntuwaveSharedmRouterRuntimemRouterConfig.exe» [2006-03-02 290816]
«Auslogics BoostSpeed 4″=»z:program filesAusLogicsBoostSpeedboostspeed.exe» [2009-01-25 361584]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320]
«IPPON MONITOR»=»z:program filesipponMonitorippmon_0_99_6.exe» [2005-08-07 847360]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2007-11-03 68856]
«BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2009-02-06 342848][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 8.0Lvagent.exe» [2002-12-10 102400]
«NVRTCLK»=»c:windowssystem32NVRTCLKNVRTClk.exe» [2003-12-30 24576]
«PC Suite for Smartphones»=»c:program filesSony EricssonMobile4Application LauncherApplication Launcher.exe» [2007-12-25 548864]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-08-29 61440]
«ZBrowser Launcher»=»z:program filesLogitechiTouchiTouch.exe» [2004-03-18 892928]
«SunJavaUpdateSched»=»z:program filesJavajre6binjusched.exe» [2008-12-08 136600]
«00PCTFW»=»z:program filesPC ToolsFirewall PlusFirewallGUI.exe» [2009-01-29 2652056]
«Sunkist2k»=»c:program filesMultimedia Card Readershwicon2k.exe» [2005-02-25 131072]
«googletalk»=»c:program filesGoogleGoogle Talkgoogletalk.exe» [2007-01-02 3739648]
«LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [2008-12-20 2656528]
«Logitech Utility»=»Logi_MwX.Exe» [2003-12-17 c:windowsLOGI_MWX.EXE]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-14 c:windowssystem32bthprops.cpl]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-16 c:windowssoundman.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsAdministratorStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — z:program filesOpenOffice.org 3programquickstart.exe [2009-01-08 384000]c:documents and settingsЊпгиStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — z:program filesOpenOffice.org 3programquickstart.exe [2009-01-08 384000]c:documents and settingsAll UsersStart MenuProgramsStartup
BlueSoleil.lnk — c:program filesIVT CorporationBlueSoleilBlueSoleil.exe [2006-07-16 626176]
Windows Search.lnk — c:program filesWindows Desktop SearchWindowsSearch.exe [2008-05-26 123904]
Џа®Ја ¬¬ ®Ў®ў«ҐЁ© Google.lnk — c:program filesGoogleGoogle UpdaterGoogleUpdater.exe [2007-11-03 161264][hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{56F9679E-7826-4C84-81F3-532071A8BCC5}»= «c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll» [2008-05-26 304128][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3radius»= l3codecp.acm
«vidc.I263″= I263_32.drv
«msacm.divxa32″= msaud32_divx.acm[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0smrgdf c:program filesiolosystem mechanic 4[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«CTFMON.EXE»=c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe»
«RegKillElbyCheck»=»c:program filesElaborate BytesDVD Region KillerElbyCheck.exe» /L RegKill
«DAEMON Tools-1033″=»c:program filesD-Toolsdaemon.exe» -lang 1033[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\Google\Google Talk\googletalk.exe»=
«c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe»=
«d:\DOWNLOAD\utorrent-1.8.2.upx.exe»=
«z:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe»=
«c:\Program Files\DNA\btdna.exe»=
«z:\Program Files\BitTorrent\bittorrent.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2009-02-01 28544]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-07-01 34312]
R1 pctgntdi;pctgntdi;c:windowssystem32driverspctgntdi.sys [2009-01-17 159600]
R1 prodrv04;Star Force copy protection driver v4;c:windowssystem32driversprodrv04.sys [2004-04-16 114496]
R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 ETDrv;ETDrv;c:windowssystem32driversETDrv.sys [2003-12-12 151476]
R2 PCTAppEvent;PCTAppEvent Driver;c:windowssystem32driversPCTAppEvent.sys [2009-01-17 73840]
R2 PGPdisk;PGPdisk;c:windowssystem32driversPGPdisk.sys [2004-12-10 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:windowssystem32driversPGPsdk.sys [2004-12-10 26624]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:windowssystem32driversm4cxw2k3.sys [2007-02-15 250752]
R3 pctplfw;pctplfw;c:windowssystem32driverspctplfw.sys [2009-01-17 95640]
R3 RegKill;RegKill;c:windowssystem32driversRegKill.sys [2002-11-28 6400]
S2 gupdate1c9652ad837e686;Google Update Service (gupdate1c9652ad837e686);c:program filesGoogleUpdateGoogleUpdate.exe [2008-12-23 133104]
S2 SVKP;SVKP; [x]
S3 ACSET;ACS USB Smart Card Reader;c:windowssystem32driversacrusbxp.sys [2006-11-27 25728]
S3 ACSSCR;ACR38 Smart Card Reader;c:windowssystem32driversa38usbxp.sys [2006-03-12 24832]
S3 cxbu0wdm;CardMan 3×21;c:windowssystem32driverscxbu0wdm.sys [2008-01-15 97792]
S3 OracleClientCache80;OracleClientCache80;c:oracleproduct8.0.6BINONRSD80.EXE [2002-10-18 101136]
S3 OracleOracle9iR2ClientCache;OracleOracle9iR2ClientCache;c:oracleproduct9.2.0binONRSD.EXE [2002-04-26 242328]
S3 OracleOracle9iR2HTTPServer;OracleOracle9iR2HTTPServer;c:oracleproduct9.2.0ApacheApacheApache.exe [2002-04-18 4096]
S3 OracleOracle9iR2PagingServer;OracleOracle9iR2PagingServer;c:oracleproduct9.2.0binpagntsrv.exe [2002-05-13 49152]
S3 OracleOracle9iR2TNSListener;OracleOracle9iR2TNSListener;c:oracleproduct9.2.0BINTNSLSNR —> c:oracleproduct9.2.0BINTNSLSNR [?]
S3 OracleServiceCARBON;OracleServiceCARBON;c:oracleproduct9.2.0binORACLE.EXE CARBON —> c:oracleproduct9.2.0binORACLE.EXE CARBON [?]
S3 Pantcgmtd;Pantcgmtd;c:windowssystem32driversk600whnt.sys [2005-05-11 5744]
S3 pcwe;pcwe;c:program filesPC Wizard 2005pcwizard.sys [2005-10-16 6528]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [2008-03-01 356920]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:windowssystem32driversSE31bus.sys [2006-10-15 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:windowssystem32driversSE31mdfl.sys [2006-10-15 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:windowssystem32driversSE31mdm.sys [2006-10-15 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:windowssystem32driversSE31mgmt.sys [2006-10-15 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:windowssystem32driversse31nd5.sys [2006-10-15 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:windowssystem32driversSE31obex.sys [2006-10-15 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:windowssystem32driversse31unic.sys [2006-10-15 90800]— Other Services/Drivers In Memory —
*Deregistered* — mchInjDrv
*Deregistered* — mscgcosd[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder2009-02-10 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-12-23 20:06]2009-02-10 c:windowsTasksGoogleUpdateTaskMachine.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-02 20:57]
.
.
Supplementary Scan
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/201
IE: &Grab video by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/204
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Do&wnload selected by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/203
IE: Down&load all by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/202
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать все при помощи FlashGet — z:program filesFlashGetjc_all.htm
IE: Закачать при помощи Download Master
IE: Закачать при помощи FlashGet — z:program filesFlashGetjc_link.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
TCP: {5C8551BA-FDA3-4A35-9A79-EECDEE4F1FA7} = 213.177.96.1,213.177.97.1
Handler: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — z:program filesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
Handler: yandexcd — {e519db43-cff1-11d1-be82-0000c0df45f8} — c:windowsYandexCD.dll
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} — hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.default
FF — prefs.js: browser.search.selectedEngine — Orbit Search (Powered By Google)
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}componentsnstidy.dll
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{cf2812dc-6a7c-4402-b639-4d277dac4c36}componentsschemval.dll
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{cf2812dc-6a7c-4402-b639-4d277dac4c36}componentsxforms.dll
FF — plugin: c:program filesGoogleGoogle Updater2.4.1441.4352npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.141.5npGoogleOneClick7.dll
FF — plugin: z:program filesGooglePicasa3npPicasa3.dll
FF — plugin: z:program filesJavajre6binnew_pluginnpdeploytk.dll
FF — plugin: z:program filesJavajre6binnew_pluginnpjp2.dll
FF — plugin: z:program filesMozillaFirefoxpluginsnpbittorrent.dll—- FIREFOX POLICIES —-
FF — user.js: network.http.max-connections-per-server — 4
FF — user.js: content.max.tokenizing.time — 1500000
FF — user.js: content.notify.interval — 750000
FF — user.js: nglayout.initialpaint.delay — 100
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 20:20:20
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet003ServicesOracleOracle9iR2PagingServer]
«ImagePath»=»c:oracleproduct9.2.0/bin/pagntsrv.exe»[HKEY_LOCAL_MACHINESystemControlSet003ServicesOracleOracle9iR2TNSListener]
«ImagePath»=»c:oracleproduct9.2.0BINTNSLSNR «
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{59193459-d9d8-4aff-a163-ba4966d01dad}]
@Denied: (Full) (Everyone)
«Model»=dword:00000070
«Therad»=dword:0000000f[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
«scansk»=hex(0):bf,ba,ee,48,ae,e9,46,33,61,29,c5,eb,88,1c,08,59,7d,c0,e3,34,6c,
d6,c6,5e,d2,e5,ea,d8,a3,39,ae,d2,13,de,1a,4c,3b,57,e2,5c,00,00,00,00,00,00,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
«scansk»=hex(0):9a,35,d3,3a,eb,33,32,14,ff,12,7e,ae,2a,86,a1,41,2e,99,1c,8b,1f,
06,87,c8,36,cb,ce,9b,3a,8c,bc,d9,48,76,67,e1,e2,61,24,1d,00,00,00,00,00,00,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7e89b566-7e6b-40e4-a9ec-e5a10ad6ef84}]
@Denied: (Full) (Everyone)
«Model»=dword:000000ae
«Therad»=dword:0000000f[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindowsCurrentVersionReinstallШP*]
«DisplayName»=»?13?13″
«DeviceDesc»=»?13?13″
«ProviderName»=»»
«MFG»=»???\»
«ReinstallString»=»c:\WINDOWS\System32\ReinstallBackups\?13\DriverFiles\.INF»
«DeviceInstanceIds»=multi:»nf\cx_08948.inf00″
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(152)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2009-02-10 20:23:13
ComboFix-quarantined-files.txt 2009-02-10 17:22:50
ComboFix2.txt 2009-02-06 18:43:32Pre-Run: 4 345 622 528 bytes free
Post-Run: 4,358,844,416 bytes free7372 — E O F —
Запустил ComboFix снова, он нашёл обновления. Вот первая часть лога:
ComboFix 09-02-08.02 — User 2009-02-10 20:16:25.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.1535.982 [GMT 3:00]
Running from: d:downloadComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated)
FW: Panda Antivirus Platinum 7 *disabled*
FW: PC Tools Firewall Plus *disabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32biubhwjc.ini
c:windowssystem32qeatrkpp.ini
c:windowssystem32rwqbvxwn.ini
c:windowssystem32wigboxty.ini.
((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.2009-02-08 21:50 . 2009-02-08 21:50 210,052 —a
c:windowssystem32SII-TT-0021B.pdf
2009-02-08 17:31 . 2009-02-08 17:31d
c:program filesMicrosoft Silverlight
2009-02-08 17:31 . 2009-02-08 17:31d
c:documents and settingsUserApplication DataWindows Desktop Search
2009-02-08 17:30 . 2009-02-08 17:30d
c:windowssystem32GroupPolicy
2009-02-08 17:30 . 2009-02-08 17:30d
c:program filesWindows Desktop Search
2009-02-08 17:29 . 2008-03-07 20:02 192,000
c— c:windowssystem32dllcacheofffilt.dll
2009-02-08 17:29 . 2008-03-07 20:02 98,304
c— c:windowssystem32dllcachenlhtml.dll
2009-02-08 17:29 . 2008-03-07 20:02 29,696
c— c:windowssystem32dllcachemimefilt.dll
2009-02-07 23:21 . 2009-02-07 23:21d—hs—- c:documents and settingsUserIETldCache
2009-02-07 23:21 . 2009-02-07 23:21d—hs—- c:documents and settingsUserIETldCache
2009-02-07 22:46 . 2009-02-07 22:46d
c:windowsie8updates
2009-02-07 22:43 . 2009-02-07 22:44d—h-c— c:windowsie8
2009-02-07 22:40 . 2009-01-11 08:00 79,360
c— c:windowssystem32dllcacheiecompat.dll
2009-02-07 20:56 . 2009-02-07 20:56d—hs—- c:documents and settingsUserPrivacIE
2009-02-07 20:56 . 2009-02-07 20:56d—hs—- c:documents and settingsUserPrivacIE
2009-02-07 18:21 . 2009-02-07 18:21d
c:program filesWindows Media Connect 2
2009-02-07 18:08 . 2009-02-07 18:08d
c:windowssystem32LogFiles
2009-02-07 18:08 . 2009-02-07 18:14d
c:windowssystem32driversUMDF
2009-02-07 15:50 . 2009-02-07 15:50d
c:windowssystem32CatRoot_bak
2009-02-07 15:09 . 2008-04-13 22:06 144,384
c:windowssystem32drivershdaudbus.sys
2009-02-07 15:09 . 2008-04-14 00:10 10,240
c:windowssystem32driverssffp_mmc.sys
2009-02-07 15:06 . 2006-12-29 00:31 19,569 —a
c:windows003610_.tmp
2009-02-06 22:20 . 2009-02-10 20:06d
c:program filesDNA
2009-02-06 22:20 . 2009-02-10 20:16d
c:documents and settingsUserApplication DataDNA
2009-02-06 22:20 . 2009-02-10 06:36d
c:documents and settingsUserApplication DataBitTorrent
2009-02-06 21:43 . 2009-02-06 21:43d—hs—- c:tempRECYCLER
2009-02-06 21:37 . 2009-02-10 20:20d
c:tempenforcer
2009-02-04 21:59 . 2009-02-04 21:59d
c:windowssystem32Kaspersky Lab
2009-02-04 21:59 . 2009-02-04 21:59d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-02-04 21:42 . 2009-02-04 22:28d
c:program filesWindows Live Safety Center
2009-02-02 20:47 . 2009-02-02 20:47d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-02-02 20:47 . 2009-02-02 20:47d
c:documents and settingsUserApplication DataMalwarebytes
2009-02-02 20:47 . 2009-01-14 16:11 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2009-02-02 20:47 . 2009-01-14 16:11 15,504 —a
c:windowssystem32driversmbam.sys
2009-02-01 18:36 . 2009-02-06 21:29d—hs—- c:tempSystem Volume Information
2009-02-01 18:17 . 2009-02-01 18:17 50,512 —ah
c:windowssystem32mlfcache.dat
2009-02-01 18:08 . 2009-02-01 18:08d
c:windowssystem32IOSUBSYS
2009-02-01 17:38 . 2008-06-19 16:24 28,544 —a
c:windowssystem32driverspavboot.sys
2009-02-01 17:30 . 2009-02-01 17:30d
c:program filesPanda Security
2009-02-01 16:32 . 2009-02-04 21:40d
c:documents and settingsUser.housecall6.6
2009-02-01 16:32 . 2009-02-04 21:40d
c:documents and settingsUser.housecall6.6
2009-02-01 15:31 . 2008-12-17 08:55 195,096 —a
c:windowssystem32lvci11901262.dll
2009-02-01 15:29 . 2009-02-01 15:29d
c:program filesLogitech
2009-02-01 00:01 . 2009-02-01 16:40d
C:rsit
2009-02-01 00:01 . 2009-02-01 00:01d
c:program filestrend micro
2009-01-31 20:18 . 2009-01-31 20:35d
c:documents and settingsAdministratorApplication DataAuslogics
2009-01-31 18:37 . 2009-01-31 18:37 41,667 —a
C:6l8d.jpg
2009-01-31 18:32 . 2009-01-31 18:32 200,175 —a
C:6.jpg
2009-01-31 18:21 . 2009-01-31 18:21 29,393 —a
C:shark_tale.jpg
2009-01-31 18:19 . 2009-01-31 18:19 69,441 —a
C:shark_tale_ver2.jpg
2009-01-31 18:18 . 2009-01-31 18:18 64,084 —a
C:shark_tale_ver3.jpg
2009-01-31 18:12 . 2009-01-31 18:12 38,317 —a
C:shark_tale_ver4.jpg
2009-01-29 21:22 . 2009-01-29 21:22d
c:documents and settingsAdministratorApplication DataOpenOffice.org
2009-01-29 20:43 . 2009-01-29 20:43d
c:documents and settingsAdministratorApplication DataGrabPro
2009-01-29 20:38 . 2009-01-29 20:38d
c:documents and settingsAdministratorApplication DataPCToolsFirewallPlus
2009-01-29 09:16 . 2007-07-10 22:27 212,240 —a
c:windowssystem32RICHTX32.OCX
2009-01-29 09:16 . 2007-07-10 22:27 40,960 —a
c:windowssystem32SSUBTMR6.DLL
2009-01-28 21:39 . 2007-10-07 11:27 10,752 —a
c:windowssystem32aamd532.dll
2009-01-17 16:39 . 2009-01-17 16:39d
c:documents and settingsUserApplication DataPCToolsFirewallPlus
2009-01-17 16:22 . 2008-06-20 14:51 361,600
c— c:windowssystem32dllcachetcpip.sys
2009-01-17 16:22 . 2008-06-20 20:46 245,248
c— c:windowssystem32dllcachemswsock.dll
2009-01-17 16:22 . 2008-06-20 14:08 225,856
c— c:windowssystem32dllcachetcpip6.sys
2009-01-17 16:22 . 2008-06-20 20:46 147,968
c— c:windowssystem32dllcachednsapi.dll
2009-01-17 16:22 . 2008-08-14 13:04 138,496
c— c:windowssystem32dllcacheafd.sys
2009-01-17 16:14 . 2008-12-11 08:38 159,600 —a
c:windowssystem32driverspctgntdi.sys
2009-01-17 16:14 . 2008-12-11 12:32 132,976 —a
c:windowssystem32driversPCTCore.sys
2009-01-17 16:14 . 2008-12-11 12:32 73,840 —a
c:windowssystem32driversPCTAppEvent.sys
2009-01-17 16:12 . 2009-01-17 16:14d
c:program filesCommon FilesPC Tools
2009-01-17 16:12 . 2008-09-22 12:29 97,408 —a
c:windowssystem32driverspctfw.sys
2009-01-17 16:12 . 2008-12-11 17:01 95,640 —a
c:windowssystem32driverspctplfw.sys
2009-01-17 14:29 . 2008-08-14 13:11 2,189,184
c— c:windowssystem32dllcachentoskrnl.exe
2009-01-17 14:29 . 2008-08-14 13:09 2,145,280
c— c:windowssystem32dllcachentkrnlmp.exe
2009-01-17 14:29 . 2008-08-14 12:33 2,066,048
c— c:windowssystem32dllcachentkrnlpa.exe
2009-01-17 14:29 . 2008-08-14 12:33 2,023,936
c— c:windowssystem32dllcachentkrpamp.exe
2009-01-17 07:11 . 2008-10-24 14:21 455,296
c— c:windowssystem32dllcachemrxsmb.sys
2009-01-17 07:04 . 2008-05-08 17:02 203,136
c— c:windowssystem32dllcachermcast.sys
2009-01-17 00:23 . 2008-09-15 15:12 1,846,400
c— c:windowssystem32dllcachewin32k.sys
2009-01-17 00:22 . 2008-07-07 23:26 253,952
c— c:windowssystem32dllcachees.dll
2009-01-16 01:07 . 2008-12-11 13:57 333,952
c— c:windowssystem32dllcachesrv.sys
2009-01-15 02:22 . 2009-01-15 02:22 1,228,800
c:windowssystem32ieframe.dll.mui
2009-01-15 02:22 . 2009-01-15 02:22 49,152
c:windowssystem32msrating.dll.mui
2009-01-15 02:21 . 2009-01-15 02:21 2,560
c:windowssystem32mshta.exe.mui
2009-01-15 02:19 . 2009-01-15 02:19 81,920
c:windowssystem32iedkcs32.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 10,240
c:windowssystem32advpack.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 4,096
c:windowssystem32ie4uinit.exe.mui
2009-01-15 02:17 . 2009-01-15 02:17 636,264
c— c:windowssystem32dllcacheiexplore.exe
2009-01-15 02:17 . 2009-01-15 02:17 392,040
c— c:windowssystem32dllcacheiedkcs32.dll
2009-01-15 02:06 . 2009-01-15 02:06 1,467,392
c— c:windowssystem32dllcacheinetcpl.cpl
2009-01-15 02:06 . 2009-01-15 02:06 236,544
c— c:windowssystem32dllcachewebcheck.dll
2009-01-15 02:06 . 2009-01-15 02:06 105,984
c— c:windowssystem32dllcacheurl.dll
2009-01-15 02:05 . 2009-01-15 02:05 193,536
c— c:windowssystem32dllcachemsrating.dll
2009-01-15 02:05 . 2009-01-15 02:05 109,056
c— c:windowssystem32dllcacheoccache.dll
2009-01-15 02:05 . 2009-01-15 02:05 43,008
c— c:windowssystem32dllcachelicmgr10.dll
2009-01-15 02:04 . 2009-01-15 02:04 755,200
c— c:windowssystem32dllcacheVGX.dll
2009-01-15 02:04 . 2009-01-15 02:04 25,600
c— c:windowssystem32dllcachejsproxy.dll
2009-01-15 02:04 . 2009-01-15 02:04 18,944
c— c:windowssystem32dllcachecorpol.dll
2009-01-15 02:03 . 2009-01-15 02:03 724,992
c— c:windowssystem32dllcachejscript.dll
2009-01-15 02:03 . 2009-01-15 02:03 420,352
c— c:windowssystem32dllcachevbscript.dll
2009-01-15 02:03 . 2009-01-15 02:03 228,352
c— c:windowssystem32dllcacheieaksie.dll
2009-01-15 02:03 . 2009-01-15 02:03 172,544
c— c:windowssystem32dllcacheie4uinit.exe
2009-01-15 02:03 . 2009-01-15 02:03 128,512
c— c:windowssystem32dllcacheadvpack.dll
2009-01-15 02:03 . 2009-01-15 02:03 125,952
c— c:windowssystem32dllcacheieakeng.dll
2009-01-15 02:03 . 2009-01-15 02:03 94,720
c— c:windowssystem32dllcacheinseng.dll
2009-01-15 02:03 . 2009-01-15 02:03 72,704
c— c:windowssystem32dllcacheadmparse.dll
2009-01-15 02:03 . 2009-01-15 02:03 71,680
c— c:windowssystem32dllcacheiesetup.dll
2009-01-15 02:03 . 2009-01-15 02:03 55,808
c— c:windowssystem32dllcacheiernonce.dll
2009-01-15 02:02 . 2009-01-15 02:02 611,840
c— c:windowssystem32dllcachemstime.dll
2009-01-15 02:01 . 2009-01-15 02:01 348,160
c— c:windowssystem32dllcachedxtmsft.dll
2009-01-15 02:01 . 2009-01-15 02:01 216,064
c— c:windowssystem32dllcachedxtrans.dll
2009-01-15 02:01 . 2009-01-15 02:01 183,808
c— c:windowssystem32dllcacheiepeers.dll
2009-01-15 02:01 . 2009-01-15 02:01 66,560
c— c:windowssystem32dllcachemshtmled.dll
2009-01-15 02:01 . 2009-01-15 02:01 46,592
c— c:windowssystem32dllcachepngfilt.dll
2009-01-15 02:01 . 2009-01-15 02:01 34,304
c— c:windowssystem32dllcacheimgutil.dll
2009-01-15 02:00 . 2009-01-15 02:00 1,639,936
c— c:windowssystem32dllcachemshtml.tlb
2009-01-15 02:00 . 2009-01-15 02:00 66,560
c— c:windowssystem32dllcachetdc.ocx
2009-01-15 02:00 . 2009-01-15 02:00 48,128
c— c:windowssystem32dllcachemshtmler.dll
2009-01-15 02:00 . 2009-01-15 02:00 45,568
c— c:windowssystem32dllcachemshta.exe
2009-01-15 01:53 . 2009-01-15 01:53 68,608
c— c:windowssystem32dllcachehmmapi.dll
2009-01-12 21:15 . 2009-01-12 22:03 21,035 —a
c:windows7xunun.dat
2009-01-12 00:31 . 2009-01-12 22:18 68,096 —a
c:windowsScUnin.exe
2009-01-12 00:31 . 2009-01-12 22:18 33,233 —a
c:windowsscunin.dat
2009-01-12 00:31 . 2009-01-12 22:18 967 —a
c:windowsScUnin.pif
2009-01-11 21:03 . 2009-01-11 21:03d
c:program filesRealtek AC97
2009-01-11 19:58 . 2009-01-11 23:05d
c:documents and settingsUserApplication DataStarDict
2009-01-11 19:54 . 2009-01-11 19:54d
c:program filesCommon FilesAdobe AIR.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 17:11
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-02-10 17:11
d
w c:documents and settingsUserApplication DataSkype
2009-02-10 17:07
d
w c:documents and settingsUserApplication DataskypePM
2009-02-09 20:34
d
w c:documents and settingsAll UsersApplication DataGoogle Updater
2009-02-09 17:38
d
w c:program filesSpyware Doctor
2009-02-09 17:23
d
w c:program filesGoogle
2009-02-09 17:01
d—h—w c:program filesInstallShield Installation Information
2009-02-09 17:00
d
w c:program filesD-Link
2009-02-07 22:32
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-02-07 13:11
d
w c:documents and settingsUserApplication DatauTorrent
2009-02-01 13:02
d
w c:program filesCodeSaver
2009-02-01 12:32
d
w c:program filesCommon FilesLogiShrd
2009-02-01 12:29
d
w c:documents and settingsAll UsersApplication DataLogishrd
2009-01-29 17:42
d
w c:documents and settingsAdministratorApplication DataOrbit
2009-01-29 17:34
d
w c:documents and settingsUserApplication DataOrbit
2009-01-15 20:34
d
w c:program filesCOMODO
2009-01-15 19:29
d
w c:program filesCommon FilesReal
2009-01-15 04:55
d
w c:documents and settingsБэттаApplication DataOrbit
2009-01-14 23:05 911,872 —-a-w c:windowssystem32wininet.dll
2009-01-14 23:05 43,008 —-a-w c:windowssystem32licmgr10.dll
2009-01-14 23:04 18,944 —-a-w c:windowssystem32corpol.dll
2009-01-14 23:03 72,704 —-a-w c:windowssystem32admparse.dll
2009-01-14 23:03 71,680 —-a-w c:windowssystem32iesetup.dll
2009-01-14 23:03 420,352 —-a-w c:windowssystem32vbscript.dll
2009-01-14 23:01 34,304 —-a-w c:windowssystem32imgutil.dll
2009-01-14 23:00 48,128 —-a-w c:windowssystem32mshtmler.dll
2009-01-14 23:00 45,568 —-a-w c:windowssystem32mshta.exe
2009-01-14 22:50 156,160 —-a-w c:windowssystem32msls31.dll
2009-01-12 21:17
d
w c:program filesKMPlayer
2009-01-11 20:49
d
w c:program filesStarCraft
2009-01-11 20:04
d
w c:program filesStarDict
2009-01-10 11:02
d
w c:program filesCanon
2009-01-09 11:06
d
w c:program filesMicrosoft Works
2009-01-09 11:05
d
w c:program filesMSBuild
2009-01-09 10:52
d
w c:program filesMicrosoft Visual Studio 8
2009-01-09 08:14
d
w c:program filesMicrosoft CAPICOM
2009-01-08 20:59
d
w c:program filesMicrosoft Baseline Security Analyzer 2
2009-01-06 14:05
d
w c:documents and settingsUserApplication DataCanneverbe_Limited
2009-01-05 22:33 3,751,995 —-a-w c:windowssystem32GPhotos.scr
2009-01-01 11:33 35,912 —-a-w c:documents and settingsUserApplication DataGDIPFONTCACHEV1.DAT
2008-12-31 08:27
d
w c:program filesCommon FilesLogitech
2008-12-29 04:57
d
w c:program filesSkype
2008-12-27 19:50
d
w c:documents and settingsUserApplication DataWireshark
2008-12-27 14:52
d
w c:documents and settingsUserApplication DataOpenCandy
2008-12-23 20:53
d
w c:program filesFastStone
2008-12-21 11:22 81,288 —-a-w c:windowssystem32driversiksyssec.sys
2008-12-21 11:22 66,952 —-a-w c:windowssystem32driversiksysflt.sys
2008-12-21 11:22 40,840 —-a-w c:windowssystem32driversikfilesec.sys
2008-12-18 17:27
d
w c:documents and settingsUserApplication DataYandex
2008-12-17 21:00
d—h—w c:program filesZero G Registry
2008-12-17 21:00
d
w c:program filesUpsPilot
2008-12-17 06:01 432,664 —-a-w c:windowssystem32LVUI2RC.dll
2008-12-17 06:01 41,752 —-a-w c:windowssystem32driversLVUSBSta.sys
2008-12-17 06:00 768,024 —-a-w c:windowssystem32driverslvrs.sys
2008-12-17 06:00 494,104 —-a-w c:windowssystem32LVUI2.dll
2008-12-17 05:55 416,280 —-a-w c:windowssystem32lvcodec2.dll
2008-12-17 05:53 2,686,104 —-a-w c:windowssystem32driversLV302V32.SYS
2008-12-17 05:53 13,848 —-a-w c:windowssystem32driverslv302af.sys
2008-12-17 05:37 29,562 —-a-w c:windowssystem32Repository.reg
2008-12-16 18:58 25,624 —-a-w c:windowssystem32driversLVPr2Mon.sys
2008-12-16 18:50 13,584 —-a-w c:windowssystem32driversiKeyLgFT.dll
2008-12-16 18:38 85,302 —-a-w c:windowssystem32driversLVFeL002.cfg
2008-12-16 18:38 69,592 —-a-w c:windowssystem32driversLVFaL000.cfg
2008-12-16 18:38 227,172 —-a-w c:windowssystem32driversLVFeL000.cfg
2008-12-16 18:38 146,680 —-a-w c:windowssystem32driversLVFeL001.cfg
2008-12-11 10:57 333,952 —-a-w c:windowssystem32driverssrv.sys
2008-12-10 17:12
d
w c:documents and settingsUserApplication Datadvdcss
2008-12-08 17:04 410,984 —-a-w c:windowssystem32deploytk.dll
2008-12-08 09:53 57,344 —-a-w c:windowssystem32ff_vfw.dll
2008-11-13 12:12 35,912 —-a-w c:documents and settingsБэттаApplication DataGDIPFONTCACHEV1.DAT
2008-02-13 17:45 32,128 —-a-w c:documents and settingsЛизунчикApplication DataGDIPFONTCACHEV1.DAT
2004-02-19 18:31 204 —-a-w c:documents and settingsUserccd4.reg
2004-02-19 18:31 204 —-a-w c:documents and settingsUserccd4.reg
2002-08-29 10:57 834,516 —-a-r c:windowsinfiis.tmp
2006-01-04 17:41 45,056 —-a-w c:program filesmozilla firefoxpluginsUPD62INT.dll
2005-04-16 12:30 56 —sh—r c:windowssystem320875F77CC7.sys
.((((((((((((((((((((((((((((( SnapShot@2009-02-06_21.42.13.96 )))))))))))))))))))))))))))))))))))))))))
.
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«googletalk»=»c:program filesGoogleGoogle Talkgoogletalk.exe» [2007-01-02 3739648]
«mRouterConfig»=»c:program filesIntuwaveSharedmRouterRuntimemRouterConfig.exe» [2006-03-02 290816]
«Auslogics BoostSpeed 4″=»z:program filesAusLogicsBoostSpeedboostspeed.exe» [2009-01-25 361584]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320]
«IPPON MONITOR»=»z:program filesipponMonitorippmon_0_99_6.exe» [2005-08-07 847360]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2007-11-03 68856]
«BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2009-02-06 342848][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 8.0Lvagent.exe» [2002-12-10 102400]
«NVRTCLK»=»c:windowssystem32NVRTCLKNVRTClk.exe» [2003-12-30 24576]
«PC Suite for Smartphones»=»c:program filesSony EricssonMobile4Application LauncherApplication Launcher.exe» [2007-12-25 548864]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-08-29 61440]
«ZBrowser Launcher»=»z:program filesLogitechiTouchiTouch.exe» [2004-03-18 892928]
«SunJavaUpdateSched»=»z:program filesJavajre6binjusched.exe» [2008-12-08 136600]
«00PCTFW»=»z:program filesPC ToolsFirewall PlusFirewallGUI.exe» [2009-01-29 2652056]
«Sunkist2k»=»c:program filesMultimedia Card Readershwicon2k.exe» [2005-02-25 131072]
«googletalk»=»c:program filesGoogleGoogle Talkgoogletalk.exe» [2007-01-02 3739648]
«LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [2008-12-20 2656528]
«Logitech Utility»=»Logi_MwX.Exe» [2003-12-17 c:windowsLOGI_MWX.EXE]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2008-04-14 c:windowssystem32bthprops.cpl]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-16 c:windowssoundman.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360]c:documents and settingsAdministratorStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — z:program filesOpenOffice.org 3programquickstart.exe [2009-01-08 384000]c:documents and settingsЊпгиStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — z:program filesOpenOffice.org 3programquickstart.exe [2009-01-08 384000]c:documents and settingsAll UsersStart MenuProgramsStartup
BlueSoleil.lnk — c:program filesIVT CorporationBlueSoleilBlueSoleil.exe [2006-07-16 626176]
Windows Search.lnk — c:program filesWindows Desktop SearchWindowsSearch.exe [2008-05-26 123904]
Џа®Ја ¬¬ ®Ў®ў«ҐЁ© Google.lnk — c:program filesGoogleGoogle UpdaterGoogleUpdater.exe [2007-11-03 161264][hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{56F9679E-7826-4C84-81F3-532071A8BCC5}»= «c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll» [2008-05-26 304128][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3radius»= l3codecp.acm
«vidc.I263″= I263_32.drv
«msacm.divxa32″= msaud32_divx.acm[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0smrgdf c:program filesiolosystem mechanic 4[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«CTFMON.EXE»=c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe»
«RegKillElbyCheck»=»c:program filesElaborate BytesDVD Region KillerElbyCheck.exe» /L RegKill
«DAEMON Tools-1033″=»c:program filesD-Toolsdaemon.exe» -lang 1033[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\Google\Google Talk\googletalk.exe»=
«c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe»=
«d:\DOWNLOAD\utorrent-1.8.2.upx.exe»=
«z:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe»=
«c:\Program Files\DNA\btdna.exe»=
«z:\Program Files\BitTorrent\bittorrent.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2009-02-01 28544]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-07-01 34312]
R1 pctgntdi;pctgntdi;c:windowssystem32driverspctgntdi.sys [2009-01-17 159600]
R1 prodrv04;Star Force copy protection driver v4;c:windowssystem32driversprodrv04.sys [2004-04-16 114496]
R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 ETDrv;ETDrv;c:windowssystem32driversETDrv.sys [2003-12-12 151476]
R2 PCTAppEvent;PCTAppEvent Driver;c:windowssystem32driversPCTAppEvent.sys [2009-01-17 73840]
R2 PGPdisk;PGPdisk;c:windowssystem32driversPGPdisk.sys [2004-12-10 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:windowssystem32driversPGPsdk.sys [2004-12-10 26624]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:windowssystem32driversm4cxw2k3.sys [2007-02-15 250752]
R3 pctplfw;pctplfw;c:windowssystem32driverspctplfw.sys [2009-01-17 95640]
R3 RegKill;RegKill;c:windowssystem32driversRegKill.sys [2002-11-28 6400]
S2 gupdate1c9652ad837e686;Google Update Service (gupdate1c9652ad837e686);c:program filesGoogleUpdateGoogleUpdate.exe [2008-12-23 133104]
S2 SVKP;SVKP; [x]
S3 ACSET;ACS USB Smart Card Reader;c:windowssystem32driversacrusbxp.sys [2006-11-27 25728]
S3 ACSSCR;ACR38 Smart Card Reader;c:windowssystem32driversa38usbxp.sys [2006-03-12 24832]
S3 cxbu0wdm;CardMan 3×21;c:windowssystem32driverscxbu0wdm.sys [2008-01-15 97792]
S3 OracleClientCache80;OracleClientCache80;c:oracleproduct8.0.6BINONRSD80.EXE [2002-10-18 101136]
S3 OracleOracle9iR2ClientCache;OracleOracle9iR2ClientCache;c:oracleproduct9.2.0binONRSD.EXE [2002-04-26 242328]
S3 OracleOracle9iR2HTTPServer;OracleOracle9iR2HTTPServer;c:oracleproduct9.2.0ApacheApacheApache.exe [2002-04-18 4096]
S3 OracleOracle9iR2PagingServer;OracleOracle9iR2PagingServer;c:oracleproduct9.2.0binpagntsrv.exe [2002-05-13 49152]
S3 OracleOracle9iR2TNSListener;OracleOracle9iR2TNSListener;c:oracleproduct9.2.0BINTNSLSNR —> c:oracleproduct9.2.0BINTNSLSNR [?]
S3 OracleServiceCARBON;OracleServiceCARBON;c:oracleproduct9.2.0binORACLE.EXE CARBON —> c:oracleproduct9.2.0binORACLE.EXE CARBON [?]
S3 Pantcgmtd;Pantcgmtd;c:windowssystem32driversk600whnt.sys [2005-05-11 5744]
S3 pcwe;pcwe;c:program filesPC Wizard 2005pcwizard.sys [2005-10-16 6528]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [2008-03-01 356920]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:windowssystem32driversSE31bus.sys [2006-10-15 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:windowssystem32driversSE31mdfl.sys [2006-10-15 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:windowssystem32driversSE31mdm.sys [2006-10-15 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:windowssystem32driversSE31mgmt.sys [2006-10-15 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:windowssystem32driversse31nd5.sys [2006-10-15 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:windowssystem32driversSE31obex.sys [2006-10-15 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:windowssystem32driversse31unic.sys [2006-10-15 90800]— Other Services/Drivers In Memory —
*Deregistered* — mchInjDrv
*Deregistered* — mscgcosd[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder2009-02-10 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-12-23 20:06]2009-02-10 c:windowsTasksGoogleUpdateTaskMachine.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-02 20:57]
.
.
Supplementary Scan
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/201
IE: &Grab video by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/204
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Do&wnload selected by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/203
IE: Down&load all by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/202
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать все при помощи FlashGet — z:program filesFlashGetjc_all.htm
IE: Закачать при помощи Download Master
IE: Закачать при помощи FlashGet — z:program filesFlashGetjc_link.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
TCP: {5C8551BA-FDA3-4A35-9A79-EECDEE4F1FA7} = 213.177.96.1,213.177.97.1
Handler: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — z:program filesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
Handler: yandexcd — {e519db43-cff1-11d1-be82-0000c0df45f8} — c:windowsYandexCD.dll
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} — hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
FF — ProfilePath — c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.default
FF — prefs.js: browser.search.selectedEngine — Orbit Search (Powered By Google)
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}componentsnstidy.dll
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{cf2812dc-6a7c-4402-b639-4d277dac4c36}componentsschemval.dll
FF — component: c:documents and settingsUserApplication DataMozillaFirefoxProfilesosv32efd.defaultextensions{cf2812dc-6a7c-4402-b639-4d277dac4c36}componentsxforms.dll
FF — plugin: c:program filesGoogleGoogle Updater2.4.1441.4352npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.141.5npGoogleOneClick7.dll
FF — plugin: z:program filesGooglePicasa3npPicasa3.dll
FF — plugin: z:program filesJavajre6binnew_pluginnpdeploytk.dll
FF — plugin: z:program filesJavajre6binnew_pluginnpjp2.dll
FF — plugin: z:program filesMozillaFirefoxpluginsnpbittorrent.dll—- FIREFOX POLICIES —-
FF — user.js: network.http.max-connections-per-server — 4
FF — user.js: content.max.tokenizing.time — 1500000
FF — user.js: content.notify.interval — 750000
FF — user.js: nglayout.initialpaint.delay — 100
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 20:20:20
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet003ServicesOracleOracle9iR2PagingServer]
«ImagePath»=»c:oracleproduct9.2.0/bin/pagntsrv.exe»[HKEY_LOCAL_MACHINESystemControlSet003ServicesOracleOracle9iR2TNSListener]
«ImagePath»=»c:oracleproduct9.2.0BINTNSLSNR «
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{59193459-d9d8-4aff-a163-ba4966d01dad}]
@Denied: (Full) (Everyone)
«Model»=dword:00000070
«Therad»=dword:0000000f[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
«scansk»=hex(0):bf,ba,ee,48,ae,e9,46,33,61,29,c5,eb,88,1c,08,59,7d,c0,e3,34,6c,
d6,c6,5e,d2,e5,ea,d8,a3,39,ae,d2,13,de,1a,4c,3b,57,e2,5c,00,00,00,00,00,00,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
«scansk»=hex(0):9a,35,d3,3a,eb,33,32,14,ff,12,7e,ae,2a,86,a1,41,2e,99,1c,8b,1f,
06,87,c8,36,cb,ce,9b,3a,8c,bc,d9,48,76,67,e1,e2,61,24,1d,00,00,00,00,00,00,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7e89b566-7e6b-40e4-a9ec-e5a10ad6ef84}]
@Denied: (Full) (Everyone)
«Model»=dword:000000ae
«Therad»=dword:0000000f[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindowsCurrentVersionReinstallШP*]
«DisplayName»=»?13?13″
«DeviceDesc»=»?13?13″
«ProviderName»=»»
«MFG»=»???\»
«ReinstallString»=»c:\WINDOWS\System32\ReinstallBackups\?13\DriverFiles\.INF»
«DeviceInstanceIds»=multi:»nf\cx_08948.inf00″
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(152)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2009-02-10 20:23:13
ComboFix-quarantined-files.txt 2009-02-10 17:22:50
ComboFix2.txt 2009-02-06 18:43:32Pre-Run: 4 345 622 528 bytes free
Post-Run: 4,358,844,416 bytes free7372 — E O F — 2009-02-09 04:33:21
ComboFix 09-02-08.02 — User 2009-02-10 20:16:25.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.1535.982 [GMT 3:00]
Running from: d:downloadComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated)
FW: Panda Antivirus Platinum 7 *disabled*
FW: PC Tools Firewall Plus *disabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:windowssystem32biubhwjc.ini
c:windowssystem32qeatrkpp.ini
c:windowssystem32rwqbvxwn.ini
c:windowssystem32wigboxty.ini.
((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.2009-02-08 21:50 . 2009-02-08 21:50 210,052 —a
c:windowssystem32SII-TT-0021B.pdf
2009-02-08 17:31 . 2009-02-08 17:31d
c:program filesMicrosoft Silverlight
2009-02-08 17:31 . 2009-02-08 17:31d
c:documents and settingsUserApplication DataWindows Desktop Search
2009-02-08 17:30 . 2009-02-08 17:30d
c:windowssystem32GroupPolicy
2009-02-08 17:30 . 2009-02-08 17:30d
c:program filesWindows Desktop Search
2009-02-08 17:29 . 2008-03-07 20:02 192,000
c— c:windowssystem32dllcacheofffilt.dll
2009-02-08 17:29 . 2008-03-07 20:02 98,304
c— c:windowssystem32dllcachenlhtml.dll
2009-02-08 17:29 . 2008-03-07 20:02 29,696
c— c:windowssystem32dllcachemimefilt.dll
2009-02-07 23:21 . 2009-02-07 23:21d—hs—- c:documents and settingsUserIETldCache
2009-02-07 23:21 . 2009-02-07 23:21d—hs—- c:documents and settingsUserIETldCache
2009-02-07 22:46 . 2009-02-07 22:46d
c:windowsie8updates
2009-02-07 22:43 . 2009-02-07 22:44d—h-c— c:windowsie8
2009-02-07 22:40 . 2009-01-11 08:00 79,360
c— c:windowssystem32dllcacheiecompat.dll
2009-02-07 20:56 . 2009-02-07 20:56d—hs—- c:documents and settingsUserPrivacIE
2009-02-07 20:56 . 2009-02-07 20:56d—hs—- c:documents and settingsUserPrivacIE
2009-02-07 18:21 . 2009-02-07 18:21d
c:program filesWindows Media Connect 2
2009-02-07 18:08 . 2009-02-07 18:08d
c:windowssystem32LogFiles
2009-02-07 18:08 . 2009-02-07 18:14d
c:windowssystem32driversUMDF
2009-02-07 15:50 . 2009-02-07 15:50d
c:windowssystem32CatRoot_bak
2009-02-07 15:09 . 2008-04-13 22:06 144,384
c:windowssystem32drivershdaudbus.sys
2009-02-07 15:09 . 2008-04-14 00:10 10,240
c:windowssystem32driverssffp_mmc.sys
2009-02-07 15:06 . 2006-12-29 00:31 19,569 —a
c:windows003610_.tmp
2009-02-06 22:20 . 2009-02-10 20:06d
c:program filesDNA
2009-02-06 22:20 . 2009-02-10 20:16d
c:documents and settingsUserApplication DataDNA
2009-02-06 22:20 . 2009-02-10 06:36d
c:documents and settingsUserApplication DataBitTorrent
2009-02-06 21:43 . 2009-02-06 21:43d—hs—- c:tempRECYCLER
2009-02-06 21:37 . 2009-02-10 20:20d
c:tempenforcer
2009-02-04 21:59 . 2009-02-04 21:59d
c:windowssystem32Kaspersky Lab
2009-02-04 21:59 . 2009-02-04 21:59d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-02-04 21:42 . 2009-02-04 22:28d
c:program filesWindows Live Safety Center
2009-02-02 20:47 . 2009-02-02 20:47d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-02-02 20:47 . 2009-02-02 20:47d
c:documents and settingsUserApplication DataMalwarebytes
2009-02-02 20:47 . 2009-01-14 16:11 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2009-02-02 20:47 . 2009-01-14 16:11 15,504 —a
c:windowssystem32driversmbam.sys
2009-02-01 18:36 . 2009-02-06 21:29d—hs—- c:tempSystem Volume Information
2009-02-01 18:17 . 2009-02-01 18:17 50,512 —ah
c:windowssystem32mlfcache.dat
2009-02-01 18:08 . 2009-02-01 18:08d
c:windowssystem32IOSUBSYS
2009-02-01 17:38 . 2008-06-19 16:24 28,544 —a
c:windowssystem32driverspavboot.sys
2009-02-01 17:30 . 2009-02-01 17:30d
c:program filesPanda Security
2009-02-01 16:32 . 2009-02-04 21:40d
c:documents and settingsUser.housecall6.6
2009-02-01 16:32 . 2009-02-04 21:40d
c:documents and settingsUser.housecall6.6
2009-02-01 15:31 . 2008-12-17 08:55 195,096 —a
c:windowssystem32lvci11901262.dll
2009-02-01 15:29 . 2009-02-01 15:29d
c:program filesLogitech
2009-02-01 00:01 . 2009-02-01 16:40d
C:rsit
2009-02-01 00:01 . 2009-02-01 00:01d
c:program filestrend micro
2009-01-31 20:18 . 2009-01-31 20:35d
c:documents and settingsAdministratorApplication DataAuslogics
2009-01-31 18:37 . 2009-01-31 18:37 41,667 —a
C:6l8d.jpg
2009-01-31 18:32 . 2009-01-31 18:32 200,175 —a
C:6.jpg
2009-01-31 18:21 . 2009-01-31 18:21 29,393 —a
C:shark_tale.jpg
2009-01-31 18:19 . 2009-01-31 18:19 69,441 —a
C:shark_tale_ver2.jpg
2009-01-31 18:18 . 2009-01-31 18:18 64,084 —a
C:shark_tale_ver3.jpg
2009-01-31 18:12 . 2009-01-31 18:12 38,317 —a
C:shark_tale_ver4.jpg
2009-01-29 21:22 . 2009-01-29 21:22d
c:documents and settingsAdministratorApplication DataOpenOffice.org
2009-01-29 20:43 . 2009-01-29 20:43d
c:documents and settingsAdministratorApplication DataGrabPro
2009-01-29 20:38 . 2009-01-29 20:38d
c:documents and settingsAdministratorApplication DataPCToolsFirewallPlus
2009-01-29 09:16 . 2007-07-10 22:27 212,240 —a
c:windowssystem32RICHTX32.OCX
2009-01-29 09:16 . 2007-07-10 22:27 40,960 —a
c:windowssystem32SSUBTMR6.DLL
2009-01-28 21:39 . 2007-10-07 11:27 10,752 —a
c:windowssystem32aamd532.dll
2009-01-17 16:39 . 2009-01-17 16:39d
c:documents and settingsUserApplication DataPCToolsFirewallPlus
2009-01-17 16:22 . 2008-06-20 14:51 361,600
c— c:windowssystem32dllcachetcpip.sys
2009-01-17 16:22 . 2008-06-20 20:46 245,248
c— c:windowssystem32dllcachemswsock.dll
2009-01-17 16:22 . 2008-06-20 14:08 225,856
c— c:windowssystem32dllcachetcpip6.sys
2009-01-17 16:22 . 2008-06-20 20:46 147,968
c— c:windowssystem32dllcachednsapi.dll
2009-01-17 16:22 . 2008-08-14 13:04 138,496
c— c:windowssystem32dllcacheafd.sys
2009-01-17 16:14 . 2008-12-11 08:38 159,600 —a
c:windowssystem32driverspctgntdi.sys
2009-01-17 16:14 . 2008-12-11 12:32 132,976 —a
c:windowssystem32driversPCTCore.sys
2009-01-17 16:14 . 2008-12-11 12:32 73,840 —a
c:windowssystem32driversPCTAppEvent.sys
2009-01-17 16:12 . 2009-01-17 16:14d
c:program filesCommon FilesPC Tools
2009-01-17 16:12 . 2008-09-22 12:29 97,408 —a
c:windowssystem32driverspctfw.sys
2009-01-17 16:12 . 2008-12-11 17:01 95,640 —a
c:windowssystem32driverspctplfw.sys
2009-01-17 14:29 . 2008-08-14 13:11 2,189,184
c— c:windowssystem32dllcachentoskrnl.exe
2009-01-17 14:29 . 2008-08-14 13:09 2,145,280
c— c:windowssystem32dllcachentkrnlmp.exe
2009-01-17 14:29 . 2008-08-14 12:33 2,066,048
c— c:windowssystem32dllcachentkrnlpa.exe
2009-01-17 14:29 . 2008-08-14 12:33 2,023,936
c— c:windowssystem32dllcachentkrpamp.exe
2009-01-17 07:11 . 2008-10-24 14:21 455,296
c— c:windowssystem32dllcachemrxsmb.sys
2009-01-17 07:04 . 2008-05-08 17:02 203,136
c— c:windowssystem32dllcachermcast.sys
2009-01-17 00:23 . 2008-09-15 15:12 1,846,400
c— c:windowssystem32dllcachewin32k.sys
2009-01-17 00:22 . 2008-07-07 23:26 253,952
c— c:windowssystem32dllcachees.dll
2009-01-16 01:07 . 2008-12-11 13:57 333,952
c— c:windowssystem32dllcachesrv.sys
2009-01-15 02:22 . 2009-01-15 02:22 1,228,800
c:windowssystem32ieframe.dll.mui
2009-01-15 02:22 . 2009-01-15 02:22 49,152
c:windowssystem32msrating.dll.mui
2009-01-15 02:21 . 2009-01-15 02:21 2,560
c:windowssystem32mshta.exe.mui
2009-01-15 02:19 . 2009-01-15 02:19 81,920
c:windowssystem32iedkcs32.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 10,240
c:windowssystem32advpack.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 4,096
c:windowssystem32ie4uinit.exe.mui
2009-01-15 02:17 . 2009-01-15 02:17 636,264
c— c:windowssystem32dllcacheiexplore.exe
2009-01-15 02:17 . 2009-01-15 02:17 392,040
c— c:windowssystem32dllcacheiedkcs32.dll
2009-01-15 02:06 . 2009-01-15 02:06 1,467,392
c— c:windowssystem32dllcacheinetcpl.cpl
2009-01-15 02:06 . 2009-01-15 02:06 236,544
c— c:windowssystem32dllcachewebcheck.dll
2009-01-15 02:06 . 2009-01-15 02:06 105,984
c— c:windowssystem32dllcacheurl.dll
2009-01-15 02:05 . 2009-01-15 02:05 193,536
c— c:windowssystem32dllcachemsrating.dll
2009-01-15 02:05 . 2009-01-15 02:05 109,056
c— c:windowssystem32dllcacheoccache.dll
2009-01-15 02:05 . 2009-01-15 02:05 43,008
c— c:windowssystem32dllcachelicmgr10.dll
2009-01-15 02:04 . 2009-01-15 02:04 755,200
c— c:windowssystem32dllcacheVGX.dll
2009-01-15 02:04 . 2009-01-15 02:04 25,600
c— c:windowssystem32dllcachejsproxy.dll
2009-01-15 02:04 . 2009-01-15 02:04 18,944
c— c:windowssystem32dllcachecorpol.dll
2009-01-15 02:03 . 2009-01-15 02:03 724,992
c— c:windowssystem32dllcachejscript.dll
2009-01-15 02:03 . 2009-01-15 02:03 420,352
c— c:windowssystem32dllcachevbscript.dll
2009-01-15 02:03 . 2009-01-15 02:03 228,352
c— c:windowssystem32dllcacheieaksie.dll
2009-01-15 02:03 . 2009-01-15 02:03 172,544
c— c:windowssystem32dllcacheie4uinit.exe
2009-01-15 02:03 . 2009-01-15 02:03 128,512
c— c:windowssystem32dllcacheadvpack.dll
2009-01-15 02:03 . 2009-01-15 02:03 125,952
c— c:windowssystem32dllcacheieakeng.dll
2009-01-15 02:03 . 2009-01-15 02:03 94,720
c— c:windowssystem32dllcacheinseng.dll
2009-01-15 02:03 . 2009-01-15 02:03 72,704
c— c:windowssystem32dllcacheadmparse.dll
2009-01-15 02:03 . 2009-01-15 02:03 71,680
c— c:windowssystem32dllcacheiesetup.dll
2009-01-15 02:03 . 2009-01-15 02:03 55,808
c— c:windowssystem32dllcacheiernonce.dll
2009-01-15 02:02 . 2009-01-15 02:02 611,840
c— c:windowssystem32dllcachemstime.dll
2009-01-15 02:01 . 2009-01-15 02:01 348,160
c— c:windowssystem32dllcachedxtmsft.dll
2009-01-15 02:01 . 2009-01-15 02:01 216,064
c— c:windowssystem32dllcachedxtrans.dll
2009-01-15 02:01 . 2009-01-15 02:01 183,808
c— c:windowssystem32dllcacheiepeers.dll
2009-01-15 02:01 . 2009-01-15 02:01 66,560
c— c:windowssystem32dllcachemshtmled.dll
2009-01-15 02:01 . 2009-01-15 02:01 46,592
c— c:windowssystem32dllcachepngfilt.dll
2009-01-15 02:01 . 2009-01-15 02:01 34,304
c— c:windowssystem32dllcacheimgutil.dll
2009-01-15 02:00 . 2009-01-15 02:00 1,639,936
c— c:windowssystem32dllcachemshtml.tlb
2009-01-15 02:00 . 2009-01-15 02:00 66,560
c— c:windowssystem32dllcachetdc.ocx
2009-01-15 02:00 . 2009-01-15 02:00 48,128
c— c:windowssystem32dllcachemshtmler.dll
2009-01-15 02:00 . 2009-01-15 02:00 45,568
c— c:windowssystem32dllcachemshta.exe
2009-01-15 01:53 . 2009-01-15 01:53 68,608
c— c:windowssystem32dllcachehmmapi.dll
2009-01-12 21:15 . 2009-01-12 22:03 21,035 —a
c:windows7xunun.dat
2009-01-12 00:31 . 2009-01-12 22:18 68,096 —a
c:windowsScUnin.exe
2009-01-12 00:31 . 2009-01-12 22:18 33,233 —a
c:windowsscunin.dat
2009-01-12 00:31 . 2009-01-12 22:18 967 —a
c:windowsScUnin.pif
2009-01-11 21:03 . 2009-01-11 21:03d
c:program filesRealtek AC97
2009-01-11 19:58 . 2009-01-11 23:05d
c:documents and settingsUserApplication DataStarDict
2009-01-11 19:54 . 2009-01-11 19:54d
c:program filesCommon FilesAdobe AIR.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 17:11
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-02-10 17:11
d
w c:documents and settingsUserApplication DataSkype
2009-02-10 17:07
d
w c:documents and settingsUserApplication DataskypePM
2009-02-09 20:34
d
w c:documents and settingsAll UsersApplication DataGoogle Updater
2009-02-09 17:38
d
w c:program filesSpyware Doctor
2009-02-09 17:23
d
w c:program filesGoogle
2009-02-09 17:01
d—h—w c:program filesInstallShield Installation Information
2009-02-09 17:00
d
w c:program filesD-Link
2009-02-07 22:32
d
w c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-02-07 13:11
d
w c:documents and settingsUserApplication DatauTorrent
2009-02-01 13:02
d
w c:program filesCodeSaver
2009-02-01 12:32
d
w c:program filesCommon FilesLogiShrd
2009-02-01 12:29
d
w c:documents and settingsAll UsersApplication DataLogishrd
2009-01-29 17:42
d
w c:documents and settingsAdministratorApplication DataOrbit
2009-01-29 17:34
d
w c:documents and settingsUserApplication DataOrbit
2009-01-15 20:34
d
w c:program filesCOMODO
2009-01-15 19:29
d
w c:program filesCommon FilesReal
2009-01-15 04:55
d
w c:documents and settingsБэттаApplication DataOrbit
2009-01-14 23:05 911,872 —-a-w c:windowssystem32wininet.dll
2009-01-14 23:05 43,008 —-a-w c:windowssystem32licmgr10.dll
2009-01-14 23:04 18,944 —-a-w c:windowssystem32corpol.dll
2009-01-14 23:03 72,704 —-a-w c:windowssystem32admparse.dll
2009-01-14 23:03 71,680 —-a-w c:windowssystem32iesetup.dll
2009-01-14 23:03 420,352 —-a-w c:windowssystem32vbscript.dll
2009-01-14 23:01 34,304 —-a-w c:windowssystem32imgutil.dll
2009-01-14 23:00 48,128 —-a-w c:windowssystem32mshtmler.dll
2009-01-14 23:00 45,568 —-a-w c:windowssystem32mshta.exe
2009-01-14 22:50 156,160 —-a-w c:windowssystem32msls31.dll
2009-01-12 21:17
d
w c:program filesKMPlayer
2009-01-11 20:49
d
w c:program filesStarCraft
2009-01-11 20:04
d
w c:program filesStarDict
2009-01-10 11:02
d
w c:program filesCanon
2009-01-09 11:06
d
w c:program filesMicrosoft Works
2009-01-09 11:05
d
w c:program filesMSBuild
2009-01-09 10:52
d
w c:program filesMicrosoft Visual Studio 8
2009-01-09 08:14
d
w c:program filesMicrosoft CAPICOM
2009-01-08 20:59
d
w c:program filesMicrosoft Baseline Security Analyzer 2
2009-01-06 14:05
d
w c:documents and settingsUserApplication DataCanneverbe_Limited
2009-01-05 22:33 3,751,995 —-a-w c:windowssystem32GPhotos.scr
2009-01-01 11:33 35,912 —-a-w c:documents and settingsUserApplication DataGDIPFONTCACHEV1.DAT
2008-12-31 08:27
d
w c:program filesCommon FilesLogitech
2008-12-29 04:57
d
w c:program filesSkype
2008-12-27 19:50
d
w c:documents and settingsUserApplication DataWireshark
2008-12-27 14:52
d
w c:documents and settingsUserApplication DataOpenCandy
2008-12-23 20:53
d
w c:program filesFastStone
2008-12-21 11:22 81,288 —-a-w c:windowssystem32driversiksyssec.sys
2008-12-21 11:22 66,952 —-a-w c:windowssystem32driversiksysflt.sys
2008-12-21 11:22 40,840 —-a-w c:windowssystem32driversikfilesec.sys
2008-12-18 17:27
d
w c:documents and settingsUserApplication DataYandex
2008-12-17 21:00
d—h—w c:program filesZero G Registry
2008-12-17 21:00
d
w c:program filesUpsPilot
2008-12-17 06:01 432,664 —-a-w c:windowssystem32LVUI2RC.dll
2008-12-17 06:01 41,752 —-a-w c:windowssystem32driversLVUSBSta.sys
2008-12-17 06:00 768,024 —-a-w c:windowssystem32driverslvrs.sys
2008-12-17 06:00 494,104 —-a-w c:windowssystem32LVUI2.dll
2008-12-17 05:55 416,280 —-a-w c:windowssystem32lvcodec2.dll
2008-12-17 05:53 2,686,104 —-a-w c:windowssystem32driversLV302V32.SYS
2008-12-17 05:53 13,848 —-a-w c:windowssystem32driverslv302af.sys
2008-12-17 05:37 29,562 —-a-w c:windowssystem32Repository.reg
2008-12-16 18:58 25,624 —-a-w c:windowssystem32driversLVPr2Mon.sys
2008-12-16 18:50 13,584 —-a-w c:windowssystem32driversiKeyLgFT.dll
2008-12-16 18:38 85,302 —-a-w c:windowssystem32driversLVFeL002.cfg
2008-12-16 18:38 69,592 —-a-w c:windowssystem32driversLVFaL000.cfg
2008-12-16 18:38 227,172 —-a-w c:windowssystem32driversLVFeL000.cfg
2008-12-16 18:38 146,680 —-a-w c:windowssystem32driversLVFeL001.cfg
2008-12-11 10:57 333,952 —-a-w c:windowssystem32driverssrv.sys
2008-12-10 17:12
d
w c:documents and settingsUserApplication Datadvdcss
2008-12-08 17:04 410,984 —-a-w c:windowssystem32deploytk.dll
2008-12-08 09:53 57,344 —-a-w c:windowssystem32ff_vfw.dll
2008-11-13 12:12 35,912 —-a-w c:documents and settingsБэттаApplication DataGDIPFONTCACHEV1.DAT
2008-02-13 17:45 32,128 —-a-w c:documents and settingsЛизунчикApplication DataGDIPFONTCACHEV1.DAT
2004-02-19 18:31 204 —-a-w c:documents and settingsUserccd4.reg
2004-02-19 18:31 204 —-a-w c:documents and settingsUserccd4.reg
2002-08-29 10:57 834,516 —-a-r c:windowsinfiis.tmp
2006-01-04 17:41 45,056 —-a-w c:program filesmozilla firefoxpluginsUPD62INT.dll
2005-04-16 12:30 56 —sh—r c:windowssystem320875F77CC7.sys
.((((((((((((((((((((((((((((( SnapShot@2009-02-06_21.42.13.96 )))))))))))))))))))))))))))))))))))))))))
.
.
— Snapshot reset to current date —
.Совершенно верно, ComboFix выполнил очень важную работу. Он удалил какоую-то «заразу», которая, видимо, блокировала применение двух важных обновлений безопасности Windows. Оба обновления были связаны с Windows Media Player. Первое — KB911564 (http://www.microsoft.com/rus/technet/security/bulletin/ms06-006.mspx), второе я точно не помню.
В итоге я сумел «залатать» бреши в безопасности, а система нормально обновилась. Решив закрепить результат, я установил Service Pack 3 для Windows XP. Скорее, в надежде, что это, возможно, что-то улучшит. SP3 успешно установился. Требуемые системные обновления я в большинстве применил. Исключением стал лишь Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86: он весит почти 250Мб.
Однако, NOD32 по-прежнему «ругается». Вот последнее сообщение:
08.02.2009 22:47:36
Фильтр HTTP
файл
http://ad.ox88.info/msusb.bin
Win32/Adware.Coolezweb приложение
соединение прервано — изолирован
NT AUTHORITYSYSTEM
Обнаружена угроза при попытке доступа в Интернет следующим приложением: C:WINDOWSsystem32svchost.exe.Честно говоря, теперь и не знаю, что делать. Поскольку ComboFix у меня установлен, то на него, кроме всего прочего, «ругается» PC Tools Spyware Doctor. Правда, мягко: мол, это легитимное приложение, но при определённых условиях и т.д.
Посоветуйте, как действовать дальше. Вы тут упоминали о поиске руткитов. Насколько я понимаю, это процесс посложнее, чем просто поиск вирусов и троянов. Стоти ли оставить ComboFix или его можно удалить? Стоит ли удалять Malwarebytes’ Anti-Malware (он тоже пока установлен)?
Заранее спасибо.
ComboFix скачал и запустил.
Вот результат:ComboFix 09-02-06.01 — Њпги 2009-02-06 21:30:05.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1535.934 [GMT 3:00]
Running from: d:downloadComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated)
FW: Panda Antivirus Platinum 7 *disabled*
FW: PC Tools Firewall Plus *enabled*
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:setup.exe
c:windowsInstall.txt
c:windowssystem32Install.txt
c:windowssystem32kTvyIRqr.ini
c:windowssystem32kTvyIRqr.ini2
c:windowssystem32pthreadGC2.dll
c:windowssystem32tmp0_624102519904.bk.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_NPF((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.2009-02-06 21:37 . 2009-02-06 21:40
d
c:tempenforcer
2009-02-06 21:27 . 2009-02-06 21:27d
C:32788R22FWJFW
2009-02-04 21:59 . 2009-02-04 21:59d
c:windowssystem32Kaspersky Lab
2009-02-04 21:59 . 2009-02-04 21:59d
c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-02-04 21:42 . 2009-02-04 22:28d
c:program filesWindows Live Safety Center
2009-02-02 20:47 . 2009-02-02 20:47d
c:documents and settingsAll UsersApplication DataMalwarebytes
2009-02-02 20:47 .c:documents and settingsUserApplication DataMalwarebytes
2009-02-02 20:47 . 2009-01-14 16:11 38,496 —a
c:windowssystem32driversmbamswissarmy.sys
2009-02-02 20:47 . 2009-01-14 16:11 15,504 —a
c:windowssystem32driversmbam.sys
2009-02-01 18:36 . 2009-02-06 21:29d—hs—- c:tempSystem Volume Information
2009-02-01 18:17 . 2009-02-01 18:17 50,512 —ah
c:windowssystem32mlfcache.dat
2009-02-01 18:08 . 2009-02-01 18:08d
c:windowssystem32IOSUBSYS
2009-02-01 17:38 . 2008-06-19 16:24 28,544 —a
c:windowssystem32driverspavboot.sys
2009-02-01 17:30 . 2009-02-01 17:30d
c:program filesPanda Security
2009-02-01 16:32 .c:documents and settingsUser.housecall6.6
2009-02-01 15:31 . 2008-12-17 08:55 195,096 —a
c:windowssystem32lvci11901262.dll
2009-02-01 15:29 . 2009-02-01 15:29d
c:program filesLogitech
2009-02-01 00:01 . 2009-02-01 16:40d
C:rsit
2009-02-01 00:01 . 2009-02-01 00:01d
c:program filestrend micro
2009-01-31 20:18 . 2009-01-31 20:35d
c:documents and settingsAdministratorApplication DataAuslogics
2009-01-31 18:37 . 2009-01-31 18:37 41,667 —a
C:6l8d.jpg
2009-01-31 18:32 . 2009-01-31 18:32 200,175 —a
C:6.jpg
2009-01-31 18:21 . 2009-01-31 18:21 29,393 —a
C:shark_tale.jpg
2009-01-31 18:19 . 2009-01-31 18:19 69,441 —a
C:shark_tale_ver2.jpg
2009-01-31 18:18 . 2009-01-31 18:18 64,084 —a
C:shark_tale_ver3.jpg
2009-01-31 18:12 . 2009-01-31 18:12 38,317 —a
C:shark_tale_ver4.jpg
2009-01-29 21:22 . 2009-01-29 21:22d
c:documents and settingsAdministratorApplication DataOpenOffice.org
2009-01-29 20:43 . 2009-01-29 20:43d
c:documents and settingsAdministratorApplication DataGrabPro
2009-01-29 20:38 . 2009-01-29 20:38d
c:documents and settingsAdministratorApplication DataPCToolsFirewallPlus
2009-01-29 09:16 . 2007-07-10 22:27 212,240 —a
c:windowssystem32RICHTX32.OCX
2009-01-29 09:16 . 2007-07-10 22:27 40,960 —a
c:windowssystem32SSUBTMR6.DLL
2009-01-28 21:39 . 2007-10-07 11:27 10,752 —a
c:windowssystem32aamd532.dll
2009-01-25 03:31 . 2009-01-29 06:15 110 —a
C:_dele.bat
2009-01-17 16:39 .c:documents and settingsUserApplication DataPCToolsFirewallPlus
2009-01-17 16:14 . 2008-12-11 08:38 159,600 —a
c:windowssystem32driverspctgntdi.sys
2009-01-17 16:14 . 2008-12-11 12:32 132,976 —a
c:windowssystem32driversPCTCore.sys
2009-01-17 16:14 . 2008-12-11 12:32 73,840 —a
c:windowssystem32driversPCTAppEvent.sys
2009-01-17 16:12 . 2009-01-17 16:14d
c:program filesCommon FilesPC Tools
2009-01-17 16:12 . 2008-09-22 12:29 97,408 —a
c:windowssystem32driverspctfw.sys
2009-01-17 16:12 . 2008-12-11 17:01 95,640 —a
c:windowssystem32driverspctplfw.sys
2009-01-12 21:15 . 2009-01-12 22:03 21,035 —a
c:windows7xunun.dat
2009-01-12 00:31 . 2009-01-12 22:18 68,096 —a
c:windowsScUnin.exe
2009-01-12 00:31 . 2009-01-12 22:18 33,233 —a
c:windowsscunin.dat
2009-01-12 00:31 . 2009-01-12 22:18 967 —a
c:windowsScUnin.pif
2009-01-11 21:03 . 2009-01-11 21:03d
c:program filesRealtek AC97
2009-01-11 19:58 .c:documents and settingsUserApplication DataStarDict
2009-01-11 19:54 . 2009-01-11 19:54d
c:program filesCommon FilesAdobe AIR
2009-01-09 14:12 . 2006-10-26 19:56 32,592 —a
c:windowssystem32msonpmon.dll
2009-01-09 14:06 . 2009-01-09 14:06d
c:program filesMicrosoft Works
2009-01-09 14:05 . 2009-01-09 14:05d
c:program filesMSBuild
2009-01-09 13:52 . 2009-01-09 13:52d
c:program filesMicrosoft Visual Studio 8
2009-01-09 13:48 . 2009-01-19 07:04d
c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-01-09 13:46 . 2009-01-09 13:46dr-h
C:MSOCache
2009-01-09 11:14 . 2009-01-09 11:14d
c:program filesMicrosoft CAPICOM
2009-01-06 17:05 .c:documents and settingsUserApplication DataCanneverbe_Limited
2009-01-06 01:33 . 2009-01-06 01:33 3,751,995 —a
c:windowssystem32GPhotos.scr.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 18:39
d
w c:documents and settingsUserApplication DataSkype
2009-02-06 18:37
d—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-02-06 17:43
d
w c:program filesSpyware Doctor
2009-02-06 17:33
d
w c:documents and settingsUserApplication DataskypePM
2009-02-06 17:31
d
w c:documents and settingsAll UsersApplication DataGoogle Updater
2009-02-02 17:59
d
w c:program filesGoogle
2009-02-01 19:15
d
w c:documents and settingsUserApplication DatauTorrent
2009-02-01 13:02
d
w c:program filesCodeSaver
2009-02-01 12:32
d
w c:program filesCommon FilesLogiShrd
2009-02-01 12:29
d
w c:documents and settingsAll UsersApplication DataLogishrd
2009-01-31 16:56
d
w c:documents and settingsUserApplication DataAdobe
2009-01-29 17:42
d
w c:documents and settingsAdministratorApplication DataOrbit
2009-01-29 17:34
d
w c:documents and settingsUserApplication DataOrbit
2009-01-18 14:44
d—h—w c:program filesInstallShield Installation Information
2009-01-15 20:34
d
w c:program filesCOMODO
2009-01-15 19:29
d
w c:program filesCommon FilesReal
2009-01-15 19:29
d
w c:documents and settingsUserApplication DataReal
2009-01-15 04:55
d
w c:documents and settingsБэттаApplication DataOrbit
2009-01-12 21:17
d
w c:program filesKMPlayer
2009-01-11 21:23
d-s—w c:documents and settingsUserApplication DataMicrosoft
2009-01-11 20:49
d
w c:program filesStarCraft
2009-01-11 20:04
d
w c:program filesStarDict
2009-01-10 11:02
d
w c:program filesCanon
2009-01-08 20:59
d
w c:program filesMicrosoft Baseline Security Analyzer 2
2009-01-01 11:33 35,912 —-a-w c:documents and settingsUserApplication DataGDIPFONTCACHEV1.DAT
2008-12-31 08:27
d
w c:program filesCommon FilesLogitech
2008-12-29 04:57
d
w c:program filesSkype
2008-12-27 19:50
d
w c:documents and settingsUserApplication DataWireshark
2008-12-27 14:52
d
w c:documents and settingsUserApplication DataOpenCandy
2008-12-24 13:23
d
w c:documents and settingsБэттаApplication DataReal
2008-12-23 20:53
d
w c:program filesFastStone
2008-12-21 11:22 81,288 —-a-w c:windowssystem32driversiksyssec.sys
2008-12-21 11:22 66,952 —-a-w c:windowssystem32driversiksysflt.sys
2008-12-21 11:22 40,840 —-a-w c:windowssystem32driversikfilesec.sys
2008-12-18 17:27
d
w c:documents and settingsUserApplication DataYandex
2008-12-17 21:00
d—h—w c:program filesZero G Registry
2008-12-17 21:00
d
w c:program filesUpsPilot
2008-12-17 20:59
d
w c:program filesD-Link
2008-12-17 06:01 41,752 —-a-w c:windowssystem32driversLVUSBSta.sys
2008-12-17 06:00 768,024 —-a-w c:windowssystem32driverslvrs.sys
2008-12-17 05:53 2,686,104 —-a-w c:windowssystem32driversLV302V32.SYS
2008-12-17 05:53 13,848 —-a-w c:windowssystem32driverslv302af.sys
2008-12-16 18:58 25,624 —-a-w c:windowssystem32driversLVPr2Mon.sys
2008-12-16 18:50 13,584 —-a-w c:windowssystem32driversiKeyLgFT.dll
2008-12-16 18:38 85,302 —-a-w c:windowssystem32driversLVFeL002.cfg
2008-12-16 18:38 69,592 —-a-w c:windowssystem32driversLVFaL000.cfg
2008-12-16 18:38 227,172 —-a-w c:windowssystem32driversLVFeL000.cfg
2008-12-16 18:38 146,680 —-a-w c:windowssystem32driversLVFeL001.cfg
2008-12-13 15:47
d
w c:documents and settingsБэттаApplication DataAdobe
2008-12-11 11:57 333,184 —-a-w c:windowssystem32driverssrv.sys
2008-12-10 17:12
d
w c:documents and settingsUserApplication Datadvdcss
2008-12-08 19:36
d
w c:documents and settingsЛизунчикApplication DataOrbit
2008-11-13 12:12 35,912 —-a-w c:documents and settingsБэттаApplication DataGDIPFONTCACHEV1.DAT
2008-02-13 17:45 32,128 —-a-w c:documents and settingsЛизунчикApplication DataGDIPFONTCACHEV1.DAT
2004-02-19 18:31 204 —-a-w c:documents and settingsUserccd4.reg
2006-01-04 17:41 45,056 —-a-w c:program filesmozilla firefoxpluginsUPD62INT.dll
2005-04-16 12:30 56 —sh—r c:windowssystem320875F77CC7.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«googletalk»=»c:program filesGoogleGoogle Talkgoogletalk.exe» [2007-01-02 3739648]
«mRouterConfig»=»c:program filesIntuwaveSharedmRouterRuntimemRouterConfig.exe» [2006-03-02 290816]
«Auslogics BoostSpeed 4″=»z:program filesAusLogicsBoostSpeedboostspeed.exe» [2009-01-25 361584]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2008-11-07 21633320]
«IPPON MONITOR»=»z:program filesipponMonitorippmon_0_99_6.exe» [2005-08-07 847360]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2007-11-03 68856][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Lingvo Launcher»=»c:program filesABBYY Lingvo 8.0Lvagent.exe» [2002-12-10 102400]
«NVRTCLK»=»c:windowssystem32NVRTCLKNVRTClk.exe» [2003-12-30 24576]
«PC Suite for Smartphones»=»c:program filesSony EricssonMobile4Application LauncherApplication Launcher.exe» [2007-12-25 548864]
«egui»=»c:program filesESETESET NOD32 Antivirusegui.exe» [2008-07-01 1447168]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-12 34672]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2008-08-29 61440]
«ZBrowser Launcher»=»z:program filesLogitechiTouchiTouch.exe» [2004-03-18 892928]
«SunJavaUpdateSched»=»z:program filesJavajre6binjusched.exe» [2008-12-08 136600]
«00PCTFW»=»z:program filesPC ToolsFirewall PlusFirewallGUI.exe» [2009-01-29 2652056]
«Sunkist2k»=»c:program filesMultimedia Card Readershwicon2k.exe» [2005-02-25 131072]
«googletalk»=»c:program filesGoogleGoogle Talkgoogletalk.exe» [2007-01-02 3739648]
«LogitechQuickCamRibbon»=»c:program filesLogitechQuickCamQuickcam.exe» [2008-12-20 2656528]
«ISTray»=»c:program filesSpyware DoctorpctsTray.exe» [2008-12-21 1168264]
«Logitech Utility»=»Logi_MwX.Exe» [2003-12-17 c:windowsLOGI_MWX.EXE]
«BluetoothAuthenticationAgent»=»bthprops.cpl» [2004-08-04 c:windowssystem32bthprops.cpl]
«SoundMan»=»SOUNDMAN.EXE» [2007-04-16 c:windowssoundman.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2004-08-04 15360]c:documents and settingsAdministratorStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — z:program filesOpenOffice.org 3programquickstart.exe [2009-01-08 384000]c:documents and settingsЊпгиStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — z:program filesOpenOffice.org 3programquickstart.exe [2009-01-08 384000]c:documents and settingsAll UsersStart MenuProgramsStartup
BlueSoleil.lnk — c:program filesIVT CorporationBlueSoleilBlueSoleil.exe [2006-07-16 626176]
Џа®Ја ¬¬ ®Ў®ў«ҐЁ© Google.lnk — c:program filesGoogleGoogle UpdaterGoogleUpdater.exe [2007-11-03 161264][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.l3radius»= l3codecp.acm
«vidc.I263″= I263_32.drv
«msacm.divxa32″= msaud32_divx.acm[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0smrgdf c:program filesiolosystem mechanic 4″[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
«CTFMON.EXE»=c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe»
«RegKillElbyCheck»=»c:program filesElaborate BytesDVD Region KillerElbyCheck.exe» /L RegKill
«DAEMON Tools-1033″=»c:program filesD-Toolsdaemon.exe» -lang 1033[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringPandaFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\Google\Google Talk\googletalk.exe»=
«c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe»=
«d:\DOWNLOAD\utorrent-1.8.2.upx.exe»=
«z:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2009-02-01 28544]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-07-01 34312]
R1 pctgntdi;pctgntdi;c:windowssystem32driverspctgntdi.sys [2009-01-17 159600]
R1 prodrv04;Star Force copy protection driver v4;c:windowssystem32driversprodrv04.sys [2004-04-16 114496]
R2 ekrn;Eset Service;c:program filesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 ETDrv;ETDrv;c:windowssystem32driversETDrv.sys [2003-12-12 151476]
R2 PCTAppEvent;PCTAppEvent Driver;c:windowssystem32driversPCTAppEvent.sys [2009-01-17 73840]
R2 PGPdisk;PGPdisk;c:windowssystem32driversPGPdisk.sys [2004-12-10 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:windowssystem32driversPGPsdk.sys [2004-12-10 26624]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [2008-03-01 356920]
R3 pctplfw;pctplfw;c:windowssystem32driverspctplfw.sys [2009-01-17 95640]
R3 RegKill;RegKill;c:windowssystem32driversRegKill.sys [2002-11-28 6400]
S2 gupdate1c9652ad837e686;Google Update Service (gupdate1c9652ad837e686);c:program filesGoogleUpdateGoogleUpdate.exe [2008-12-23 133104]
S2 SVKP;SVKP; [x]
S3 ACSET;ACS USB Smart Card Reader;c:windowssystem32driversacrusbxp.sys [2006-11-27 25728]
S3 ACSSCR;ACR38 Smart Card Reader;c:windowssystem32driversa38usbxp.sys [2006-03-12 24832]
S3 cxbu0wdm;CardMan 3×21;c:windowssystem32driverscxbu0wdm.sys [2008-01-15 97792]
S3 OracleClientCache80;OracleClientCache80;c:oracleproduct8.0.6BINONRSD80.EXE [2002-10-18 101136]
S3 OracleOracle9iR2ClientCache;OracleOracle9iR2ClientCache;c:oracleproduct9.2.0binONRSD.EXE [2002-04-26 242328]
S3 OracleOracle9iR2HTTPServer;OracleOracle9iR2HTTPServer;c:oracleproduct9.2.0ApacheApacheApache.exe [2002-04-18 4096]
S3 OracleOracle9iR2PagingServer;OracleOracle9iR2PagingServer;c:oracleproduct9.2.0binpagntsrv.exe [2002-05-13 49152]
S3 OracleOracle9iR2TNSListener;OracleOracle9iR2TNSListener;c:oracleproduct9.2.0BINTNSLSNR —> c:oracleproduct9.2.0BINTNSLSNR [?]
S3 OracleServiceCARBON;OracleServiceCARBON;c:oracleproduct9.2.0binORACLE.EXE CARBON —> c:oracleproduct9.2.0binORACLE.EXE CARBON [?]
S3 Pantcgmtd;Pantcgmtd;c:windowssystem32driversk600whnt.sys [2005-05-11 5744]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:windowssystem32driversSE31bus.sys [2006-10-15 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:windowssystem32driversSE31mdfl.sys [2006-10-15 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:windowssystem32driversSE31mdm.sys [2006-10-15 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:windowssystem32driversSE31mgmt.sys [2006-10-15 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:windowssystem32driversse31nd5.sys [2006-10-15 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:windowssystem32driversSE31obex.sys [2006-10-15 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:windowssystem32driversse31unic.sys [2006-10-15 90800]— Other Services/Drivers In Memory —
*Deregistered* — mchInjDrv
*Deregistered* — mscgcosd
.
Contents of the ‘Scheduled Tasks’ folder2009-02-06 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-12-23 20:06]2009-02-06 c:windowsTasksGoogleUpdateTaskMachine.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-02-02 20:57]
.
— — — — ORPHANS REMOVED — — — —HKU-Default-Run-Picasa Media Detector — c:program filesPicasa2PicasaMediaDetector.exe
.
Supplementary Scan
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/201
IE: &Grab video by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/204
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: Do&wnload selected by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/203
IE: Down&load all by Orbit — c:program filesOrbitDownloaderorbitmxt.dll/202
IE: Easy-WebPrint Add To Print List — c:program filesCanonEasy-WebPrintResource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print — c:program filesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview — c:program filesCanonEasy-WebPrintResource.dll/RC_Preview.html
IE: Easy-WebPrint Print — c:program filesCanonEasy-WebPrintResource.dll/RC_Print.html
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать все при помощи FlashGet — z:program filesFlashGetjc_all.htm
IE: Закачать при помощи Download Master
IE: Закачать при помощи FlashGet — z:program filesFlashGetjc_link.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
TCP: {5C8551BA-FDA3-4A35-9A79-EECDEE4F1FA7} = 213.177.96.1,213.177.97.1
Handler: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — z:program filesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
Handler: yandexcd — {e519db43-cff1-11d1-be82-0000c0df45f8} — c:windowsYandexCD.dll
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} — hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
FF — ProfilePath —
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 21:39:57
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet003ServicesOracleOracle9iR2PagingServer]
«ImagePath»=»c:oracleproduct9.2.0/bin/pagntsrv.exe»[HKEY_LOCAL_MACHINESystemControlSet003ServicesOracleOracle9iR2TNSListener]
«ImagePath»=»c:oracleproduct9.2.0BINTNSLSNR «
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{59193459-d9d8-4aff-a163-ba4966d01dad}]
@Denied: (Full) (Everyone)
«Model»=dword:00000070
«Therad»=dword:0000000f[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
«scansk»=hex(0):bf,ba,ee,48,ae,e9,46,33,61,29,c5,eb,88,1c,08,59,7d,c0,e3,34,6c,
d6,c6,5e,d2,e5,ea,d8,a3,39,ae,d2,13,de,1a,4c,3b,57,e2,5c,00,00,00,00,00,00,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
«scansk»=hex(0):9a,35,d3,3a,eb,33,32,14,ff,12,7e,ae,2a,86,a1,41,2e,99,1c,8b,1f,
06,87,c8,36,cb,ce,9b,3a,8c,bc,d9,48,76,67,e1,e2,61,24,1d,00,00,00,00,00,00,[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{7e89b566-7e6b-40e4-a9ec-e5a10ad6ef84}]
@Denied: (Full) (Everyone)
«Model»=dword:000000ae
«Therad»=dword:0000000f[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindowsCurrentVersionReinstallШP*]
«DisplayName»=»?13?13″
«DeviceDesc»=»?13?13″
«ProviderName»=»»
«MFG»=»???\»
«ReinstallString»=»c:\WINDOWS\System32\ReinstallBackups\?13\DriverFiles\.INF»
«DeviceInstanceIds»=multi:»nf\cx_08948.inf00″
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1876)
c:windowssystem32Ati2evxx.dll
.
Other Running Processes
.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:windowssystem32scardsvr.exe
c:program filesIVT CorporationBlueSoleilBTNtService.exe
c:windowssystem32driversCDAC11BA.EXE
c:program filesExecutive SoftwareDiskeeperDkService.exe
z:program filesJavajre6binjqs.exe
c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
z:program filesCDBurnerXPNMSAccessU.exe
z:program filesPC ToolsFirewall PlusFWService.exe
c:windowssystem32PGPServ.exe
c:windowssystem32wdfmgr.exe
c:program filesATI TechnologiesATI.ACECore-StaticMOM.exe
c:windowssystem32rundll32.exe
z:program filesLogitechMouseWaresystemEM_EXEC.EXE
c:program filesCommon FilesLogiShrdLQCVFXCOCIManager.exe
c:program filesATI TechnologiesATI.ACECore-StaticCCC.exe
c:program filesCommon FilesTeleca SharedGeneric.exe
c:program filesCommon FilesTeleca Sharedlogger.exe
c:progra~1SymbianSharedSYMBIA~1SYMBIA~1.EXE
c:progra~1SymbianSharedSYMBIA~1SCBAL.exe
c:program filesSpyware DoctorpctsSvc.exe
.
**************************************************************************
.
Completion time: 2009-02-06 21:43:30 — machine was rebooted
ComboFix-quarantined-files.txt 2009-02-06 18:43:26Pre-Run: 7я994я617я856 bytes free
Post-Run: 8,008,458,240 bytes free355 — E O F — 2009-01-31 21:06:02
Просканировал и удалил, что было найдено (см. лог):
Malwarebytes’ Anti-Malware 1.33
Database version: 1716
Windows 5.1.2600 Service Pack 202.02.2009 21:32:56
mbam-log-2009-02-02 (21-32-56).txtScan type: Quick Scan
Objects scanned: 69475
Time elapsed: 8 minute(s), 15 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftrdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:
(No malicious items detected)Registry Data Items Infected:
(No malicious items detected)Folders Infected:
(No malicious items detected)Files Infected:
C:WINDOWSsystem32tpszxyd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
— EOF —Свежий лог RSIT:
Logfile of random’s system information tool 1.05 (written by random/random)
Run at 2009-02-02 21:48:34
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (19%) free of 42 GB
Total RAM: 1535 MB (49% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:39, on 02.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32SCardSvr.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesGoogleUpdateGoogleUpdate.exe
Z:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
Z:Program FilesCDBurnerXPNMSAccessU.exe
Z:Program FilesPC ToolsFirewall PlusFWService.exe
C:WINDOWSsystem32PGPserv.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSExplorer.EXE
C:Program FilesABBYY Lingvo 8.0Lvagent.exe
C:Program FilesSony EricssonMobile4Application LauncherApplication Launcher.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
Z:Program FilesLogitechiTouchiTouch.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
Z:Program FilesJavajre6binjusched.exe
C:WINDOWSSOUNDMAN.EXE
Z:Program FilesLogitechMouseWaresystemem_exec.exe
Z:Program FilesPC ToolsFirewall PlusFirewallGUI.exe
C:Program FilesMultimedia Card Readershwicon2k.exe
C:Program FilesGoogleGoogle Talkgoogletalk.exe
C:Program FilesLogitechQuickCamQuickcam.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:Program FilesIntuwaveSharedmRouterRuntimemRouterConfig.exe
Z:Program FilesAusLogicsBoostSpeedboostspeed.exe
C:Program FilesSkypePhoneSkype.exe
Z:Program FilesipponMonitorippmon_0_99_6.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
C:Program FilesIntuwaveSharedmRouterRuntimemRouterRuntime.exe
Z:Program FilesOpenOffice.org 3programsoffice.exe
Z:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesFARFar.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesCommon FilesTeleca Sharedlogger.exe
C:PROGRA~1SymbianSharedSYMBIA~1SYMBIA~1.EXE
C:PROGRA~1SymbianSharedSYMBIA~1SCBAL.exe
Z:Program FilesMozillaFirefoxfirefox.exe
C:Program FilesMicrosoft Baseline Security Analyzer 2mbsa.exe
C:rsitrsit.exe
C:WINDOWSSystem32wbemwmiprvse.exe
Z:Program FilesHijackThisМяуш.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 — BHO: Adobe PDF Link Helper — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: IeCatch5 Class — {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} — Z:PROGRA~1FlashGetjccatch.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — Z:Program FilesJavajre6binssv.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — Z:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — Z:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: gFlash Class — {F156768E-81EF-470C-9057-481BA8380DBA} — Z:PROGRA~1FlashGetgetflash.dll
O3 — Toolbar: FlashGet Bar — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — Z:PROGRA~1FlashGetfgiebar.dll
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 8.0Lvagent.exe» /STARTUP
O4 — HKLM..Run: [NVRTCLK] C:WINDOWSsystem32NVRTCLKNVRTClk.exe
O4 — HKLM..Run: [PC Suite for Smartphones] «C:Program FilesSony EricssonMobile4Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [ZBrowser Launcher] Z:Program FilesLogitechiTouchiTouch.exe
O4 — HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [SunJavaUpdateSched] «Z:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [00PCTFW] «Z:Program FilesPC ToolsFirewall PlusFirewallGUI.exe» -s
O4 — HKLM..Run: [Sunkist2k] C:Program FilesMultimedia Card Readershwicon2k.exe
O4 — HKLM..Run: [googletalk] C:Program FilesGoogleGoogle Talkgoogletalk.exe /autostart
O4 — HKLM..Run: [LogitechQuickCamRibbon] «C:Program FilesLogitechQuickCamQuickcam.exe» /hide
O4 — HKLM..Run: [ISTray] «C:Program FilesSpyware DoctorpctsTray.exe»
O4 — HKCU..Run: [googletalk] «C:Program FilesGoogleGoogle Talkgoogletalk.exe» /autostart
O4 — HKCU..Run: [mRouterConfig] «C:Program FilesIntuwaveSharedmRouterRuntimemRouterConfig.exe»
O4 — HKCU..Run: [Auslogics BoostSpeed 4] Z:Program FilesAusLogicsBoostSpeedboostspeed.exe
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [IPPON MONITOR] Z:Program FilesipponMonitorippmon_0_99_6.exe
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: OpenOffice.org 3.0.lnk = Z:Program FilesOpenOffice.org 3programquickstart.exe
O4 — Global Startup: BlueSoleil.lnk = C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
O4 — Global Startup: Программа обновлений Google.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
O8 — Extra context menu item: &Download by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/201
O8 — Extra context menu item: &Grab video by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/204
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 — Extra context menu item: Add to Google Photos Screensa&ver — res://C:WINDOWSsystem32GPhotos.scr/200
O8 — Extra context menu item: Do&wnload selected by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/203
O8 — Extra context menu item: Down&load all by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/202
O8 — Extra context menu item: Easy-WebPrint Add To Print List — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 — Extra context menu item: Easy-WebPrint High Speed Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 — Extra context menu item: Easy-WebPrint Preview — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 — Extra context menu item: Easy-WebPrint Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O8 — Extra context menu item: Закачать все при помощи FlashGet — Z:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — Z:Program FilesFlashGetjc_link.htm
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra button: (no name) — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — (no file)
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — Z:PROGRA~1FlashGetflashget.exe
O9 — Extra ‘Tools’ menuitem: &FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — Z:PROGRA~1FlashGetflashget.exe
O9 — Extra button: eBay — Homepage — {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} — C:Program FilesIrfanViewEbayEbay.htm
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: Trashcan — {072F3B8A-2DA2-40e2-B841-88899F240200} — C:WINDOWSSystem32shdocvw.dll (HKCU)
O9 — Extra ‘Tools’ menuitem: Show Trashcan — {072F3B8A-2DA2-40e2-B841-88899F240200} — C:WINDOWSSystem32shdocvw.dll (HKCU)
O16 — DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) — http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098366764265
O17 — HKLMSystemCCSServicesTcpip..{5C8551BA-FDA3-4A35-9A79-EECDEE4F1FA7}: NameServer = 213.177.96.1,213.177.97.1
O18 — Protocol: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — Z:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: yandexcd — {E519DB43-CFF1-11D1-BE82-0000C0DF45F8} — C:WINDOWSYandexCD.dll
O23 — Service: Adobe LM Service — Unknown owner — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: C-DillaCdaC11BA — Macrovision — C:WINDOWSsystem32driversCDAC11BA.EXE
O23 — Service: Diskeeper — Executive Software International, Inc. — C:Program FilesExecutive SoftwareDiskeeperDkService.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Google Update Service (gupdate1c9652ad837e686) (gupdate1c9652ad837e686) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — Z:Program FilesJavajre6binjqs.exe
O23 — Service: Process Monitor (LVPrcSrv) — Logitech Inc. — C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
O23 — Service: Devices Manager Service (mscgcosd) — Unknown owner — C:WINDOWSsystem32mscgco.exe
O23 — Service: Intel NCS NetService (NetSvc) — Intel(R) Corporation — C:Program FilesIntelNCSSyncNetSvc.exe
O23 — Service: NMSAccessU — Unknown owner — Z:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: OracleClientCache80 — Unknown owner — c:oracleproduct8.0.6BINONRSD80.EXE
O23 — Service: OracleOracle9iR2ClientCache — Unknown owner — c:oracleproduct9.2.0BINONRSD.EXE
O23 — Service: OracleOracle9iR2HTTPServer — Unknown owner — c:oracleproduct9.2.0ApacheApacheapache.exe
O23 — Service: OracleOracle9iR2PagingServer — Unknown owner — c:oracleproduct9.2.0/bin/pagntsrv.exe
O23 — Service: OracleOracle9iR2TNSListener — Unknown owner — c:oracleproduct9.2.0BINTNSLSNR.exe
O23 — Service: OracleServiceCARBON — Oracle Corporation — c:oracleproduct9.2.0binORACLE.EXE
O23 — Service: PC Tools Firewall Plus (PCToolsFirewallPlus) — PC Tools — Z:Program FilesPC ToolsFirewall PlusFWService.exe
O23 — Service: PGPserv — PGP Corporation — C:WINDOWSsystem32PGPserv.exe
O23 — Service: PC Tools Auxiliary Service (sdAuxService) — PC Tools — C:Program FilesSpyware DoctorpctsAuxs.exe
O23 — Service: PC Tools Security Service (sdCoreService) — PC Tools — C:Program FilesSpyware DoctorpctsSvc.exe—
End of file — 13586 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogle Software Updater.job
C:WINDOWStasksGoogleUpdateTaskMachine.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class — Z:PROGRA~1FlashGetjccatch.dll [2006-05-16 81920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — Z:Program FilesJavajre6binssv.dll [2008-12-08 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll [2008-12-23 657904][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — Z:Program FilesJavajre6binjp2ssv.dll [2008-12-08 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — Z:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-12-08 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class — Z:PROGRA~1FlashGetgetflash.dll [2006-09-12 126976][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} — FlashGet Bar — Z:PROGRA~1FlashGetfgiebar.dll [2005-06-07 86016][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 8.0Lvagent.exe [2002-12-10 102400]
«NVRTCLK»=C:WINDOWSsystem32NVRTCLKNVRTClk.exe [2003-12-30 24576]
«PC Suite for Smartphones»=C:Program FilesSony EricssonMobile4Application LauncherApplication Launcher.exe [2007-12-25 548864]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-08-29 61440]
«ZBrowser Launcher»=Z:Program FilesLogitechiTouchiTouch.exe [2004-03-18 892928]
«Logitech Utility»=C:WINDOWSLogi_MwX.Exe [2003-12-17 19968]
«BluetoothAuthenticationAgent»=C:WINDOWSSYSTEM32bthprops.cpl [2004-08-04 110592]
«SunJavaUpdateSched»=Z:Program FilesJavajre6binjusched.exe [2008-12-08 136600]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2007-04-16 577536]
«00PCTFW»=Z:Program FilesPC ToolsFirewall PlusFirewallGUI.exe [2009-01-29 2652056]
«Sunkist2k»=C:Program FilesMultimedia Card Readershwicon2k.exe [2005-02-25 131072]
«googletalk»=C:Program FilesGoogleGoogle Talkgoogletalk.exe [2007-01-02 3739648]
«LogitechQuickCamRibbon»=C:Program FilesLogitechQuickCamQuickcam.exe [2008-12-20 2656528]
«ISTray»=C:Program FilesSpyware DoctorpctsTray.exe [2008-12-21 1168264][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«googletalk»=C:Program FilesGoogleGoogle Talkgoogletalk.exe [2007-01-02 3739648]
«mRouterConfig»=C:Program FilesIntuwaveSharedmRouterRuntimemRouterConfig.exe [2006-03-02 290816]
«Auslogics BoostSpeed 4″=Z:Program FilesAusLogicsBoostSpeedboostspeed.exe [2009-01-25 361584]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2008-11-07 21633320]
«IPPON MONITOR»=Z:Program FilesipponMonitorippmon_0_99_6.exe [2005-08-07 847360]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-11-03 68856]C:Documents and SettingsAll UsersStart MenuProgramsStartup
BlueSoleil.lnk — C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
Программа обновлений Google.lnk — C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exeC:Documents and SettingsМяушStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — Z:Program FilesOpenOffice.org 3programquickstart.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSSYSTEM32Ati2evxx.dll [2008-10-29 143360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSSYSTEM32WgaLogon.dll [2006-06-27 3584][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoInstrumentation»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesGoogleGoogle Talkgoogletalk.exe»=»C:Program FilesGoogleGoogle Talkgoogletalk.exe:*:Enabled:Google Talk»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«D:DOWNLOADutorrent-1.8.2.upx.exe»=»D:DOWNLOADutorrent-1.8.2.upx.exe:*:Enabled:µTorrent»
«Z:Program FilesuTorrentutorrent-1.8.2.upx.exe»=»Z:Program FilesuTorrentutorrent-1.8.2.upx.exe:*:Enabled:µTorrent»
«Z:Program FilesuTorrentuTorrent.exe»=»Z:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesIntuwaveSharedmRouterRuntimemRouterRuntime.exe»=»C:Program FilesIntuwaveSharedmRouterRuntimemRouterRuntime.exe:*:Enabled:mRouterRuntime Module»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«Z:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»Z:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»======List of files/folders created in the last 3 months======
2009-02-02 20:47:24 —-D—- C:Documents and SettingsМяушApplication DataMalwarebytes
2009-02-02 20:47:10 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-02-01 18:08:10 —-D—- C:WINDOWSsystem32IOSUBSYS
2009-02-01 17:30:48 —-D—- C:Program FilesPanda Security
2009-02-01 16:20:25 —-A—- C:1.txt
2009-02-01 15:31:24 —-A—- C:WINDOWSsystem32lvci11901262.dll
2009-02-01 15:29:41 —-D—- C:Program FilesLogitech
2009-02-01 14:34:10 —-HDC—- C:WINDOWS$NtUninstallKB916089$
2009-02-01 00:01:22 —-D—- C:Program Filestrend micro
2009-02-01 00:01:13 —-D—- C:rsit
2009-01-29 09:16:10 —-A—- C:WINDOWSsystem32SSUBTMR6.DLL
2009-01-28 21:39:26 —-A—- C:WINDOWSsystem32aamd532.dll
2009-01-25 03:31:03 —-A—- C:_dele.bat
2009-01-23 21:59:44 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2009-01-17 22:54:12 —-HDC—- C:WINDOWS$NtUninstallKB937894$
2009-01-17 20:38:58 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-01-17 16:55:13 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-01-17 16:39:49 —-D—- C:Documents and SettingsМяушApplication DataPCToolsFirewallPlus
2009-01-17 16:22:50 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-01-17 16:12:13 —-D—- C:Program FilesCommon FilesPC Tools
2009-01-17 15:29:08 —-D—- C:WINDOWSsystem32en-US
2009-01-17 15:23:54 —-HDC—- C:WINDOWS$NtUninstallKB932823-v3$
2009-01-17 14:29:26 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2009-01-17 07:13:26 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-01-17 07:05:03 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-01-17 00:23:23 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2009-01-17 00:22:58 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-01-17 00:22:36 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-01-17 00:22:02 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-01-16 01:08:20 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-01-12 00:31:45 —-A—- C:WINDOWSScUnin.exe
2009-01-11 22:06:52 —-A—- C:WINDOWSsystem32pthreadGC2.dll
2009-01-11 21:03:46 —-D—- C:Program FilesRealtek AC97
2009-01-11 19:58:58 —-D—- C:Documents and SettingsМяушApplication DataStarDict
2009-01-11 19:54:00 —-D—- C:Program FilesCommon FilesAdobe AIR
2009-01-09 14:12:45 —-A—- C:WINDOWSsystem32msonpmon.dll
2009-01-09 14:06:15 —-D—- C:Program FilesMicrosoft Works
2009-01-09 14:05:53 —-D—- C:Program FilesMSBuild
2009-01-09 14:05:02 —-D—- C:Program FilesMicrosoft Visual Studio
2009-01-09 13:56:11 —-HDC—- C:WINDOWS$NtUninstallKB956391$
2009-01-09 13:52:45 —-D—- C:Program FilesMicrosoft Visual Studio 8
2009-01-09 13:48:37 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-01-09 13:46:30 —-RHD—- C:MSOCache
2009-01-09 13:21:49 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2009-01-09 13:15:06 —-HDC—- C:WINDOWS$NtUninstallKB954156_WM9L$
2009-01-09 12:17:22 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2009-01-09 12:10:35 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2009-01-09 11:23:08 —-HDC—- C:WINDOWS$NtUninstallKB943460$
2009-01-09 11:15:31 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-01-09 11:14:24 —-D—- C:Program FilesMicrosoft CAPICOM
2009-01-09 10:40:28 —-HDC—- C:WINDOWS$NtUninstallKB946026$
2009-01-09 10:39:03 —-HDC—- C:WINDOWS$NtUninstallKB950749$
2009-01-09 10:31:29 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-01-09 10:29:48 —-HDC—- C:WINDOWS$NtUninstallKB951698$
2009-01-09 01:38:52 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-01-06 17:05:16 —-D—- C:Documents and SettingsМяушApplication DataCanneverbe_Limited
2008-12-27 22:50:14 —-D—- C:Documents and SettingsМяушApplication DataWireshark
2008-12-27 17:52:47 —-D—- C:Documents and SettingsМяушApplication DataOpenCandy
2008-12-23 20:48:02 —-D—- C:Program FilesCommon FilesReal
2008-12-23 20:48:00 —-D—- C:Documents and SettingsМяушApplication DataReal
2008-12-23 20:17:07 —-D—- C:WINDOWSsystem32runtime
2008-12-23 20:17:05 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle
2008-12-18 21:20:05 —-HDC—- C:WINDOWS$NtUninstallKB910437$
2008-12-17 23:59:17 —-D—- C:Program FilesD-Link
2008-12-08 21:07:43 —-HDC—- C:WINDOWS$NtUninstallKB925902$
2008-12-08 21:06:50 —-HDC—- C:WINDOWS$NtUninstallKB931261$
2008-12-08 21:05:52 —-HDC—- C:WINDOWS$NtUninstallKB931784$
2008-12-08 21:04:54 —-HDC—- C:WINDOWS$NtUninstallKB938829$
2008-12-08 21:00:19 —-HDC—- C:WINDOWS$NtUninstallKB929123$
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32javaws.exe
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32javaw.exe
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32java.exe
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32deploytk.dll
2008-11-28 23:33:43 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2008-11-28 23:32:48 —-HDC—- C:WINDOWS$NtUninstallKB956390$
2008-11-28 21:43:09 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32LVUI2RC.dll
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32LVUI2.dll
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32lvcoinst.ini
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32lvcodec2.dll
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32lvci11801048.dll
2008-11-24 00:52:57 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2008-11-24 00:52:43 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2008-11-24 00:52:27 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2008-11-24 00:39:45 —-D—- C:WINDOWSsystem32Adobe
2008-11-23 23:01:13 —-HDC—- C:WINDOWS$NtUninstallKB894391$
2008-11-18 21:39:03 —-D—- C:Documents and SettingsМяушApplication DataInfraRecorder
2008-11-18 00:33:39 —-A—- C:WINDOWSUNBOC.EXE
2008-11-18 00:33:38 —-A—- C:WINDOWSCMDLIC.DLL
2008-11-18 00:31:59 —-D—- C:WINDOWSsystem32CatRoot_bak
2008-11-18 00:11:28 —-ASH—- C:WINDOWSsystem32rwqbvxwn.ini
2008-11-17 23:39:04 —-D—- C:Documents and SettingsAll UsersApplication DataOffice Genuine Advantage
2008-11-17 23:24:18 —-A—- C:WINDOWSsystem32WgaTray.exe
2008-11-17 23:24:18 —-A—- C:WINDOWSsystem32WgaLogon.dll
2008-11-17 23:11:07 —-ASH—- C:WINDOWSsystem32biubhwjc.ini
2008-11-17 01:08:44 —-ASH—- C:WINDOWSsystem32wigboxty.ini
2008-11-16 19:07:15 —-ASH—- C:WINDOWSsystem32qeatrkpp.ini
2008-11-16 19:06:26 —-A—- C:WINDOWSsystem32c7b26cf2-.txt
2008-11-16 19:05:12 —-ASH—- C:WINDOWSsystem32kTvyIRqr.ini2
2008-11-16 19:05:12 —-ASH—- C:WINDOWSsystem32kTvyIRqr.ini
2008-11-16 12:23:01 —-D—- C:OpenCandy
2008-11-16 11:25:46 —-D—- C:Documents and SettingsМяушApplication DataWinRAR
2008-11-16 01:56:33 —-D—- C:Documents and SettingsAll UsersApplication DataATI
2008-11-09 20:07:02 —-D—- C:Program FilesESET
2008-11-09 20:07:02 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2008-11-08 01:05:53 —-D—- C:Documents and SettingsAll UsersApplication DataAuslogics======List of files/folders modified in the last 3 months======
2009-02-02 21:45:54 —-D—- C:WINDOWSsystem32
2009-02-02 21:43:54 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-02-02 21:41:45 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-02 21:39:45 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-02-02 21:39:42 —-D—- C:Documents and SettingsМяушApplication DataSkype
2009-02-02 21:36:55 —-A—- C:WINDOWSiTouch.ini
2009-02-02 21:35:45 —-D—- C:WINDOWSsystem32drivers
2009-02-02 21:35:28 —-SD—- C:WINDOWSTasks
2009-02-02 21:33:36 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-02 21:12:42 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2009-02-02 20:59:18 —-SHD—- C:WINDOWSInstaller
2009-02-02 20:59:02 —-D—- C:Program FilesGoogle
2009-02-02 20:53:20 —-D—- C:Program FilesSpyware Doctor
2009-02-02 20:32:38 —-D—- C:Documents and SettingsМяушApplication DataskypePM
2009-02-01 22:15:05 —-D—- C:Documents and SettingsМяушApplication DatauTorrent
2009-02-01 21:41:17 —-A—- C:WINDOWSNeroDigital.ini
2009-02-01 18:41:03 —-D—- C:WINDOWS
2009-02-01 18:08:10 —-HD—- C:WINDOWSinf
2009-02-01 18:07:55 —-D—- C:Program Files
2009-02-01 17:30:50 —-D—- C:WINDOWSPrefetch
2009-02-01 16:02:06 —-D—- C:Program FilesCodeSaver
2009-02-01 15:33:50 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-02-01 15:32:46 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-01 15:32:41 —-D—- C:Program FilesCommon FilesLogiShrd
2009-02-01 15:32:25 —-D—- C:WINDOWSsystem32CatRoot
2009-02-01 15:29:33 —-D—- C:Documents and SettingsAll UsersApplication DataLogishrd
2009-01-31 19:59:42 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-01-31 19:56:12 —-D—- C:Documents and SettingsМяушApplication DataAdobe
2009-01-29 21:48:10 —-D—- C:Downloads
2009-01-29 20:34:53 —-D—- C:Documents and SettingsМяушApplication DataOrbit
2009-01-24 10:08:15 —-D—- C:WINDOWSsystem32config
2009-01-23 21:59:55 —-A—- C:WINDOWSimsins.BAK
2009-01-23 21:59:22 —-HD—- C:WINDOWS$hf_mig$
2009-01-18 22:49:59 —-D—- C:WINDOWSMicrosoft.NET
2009-01-18 22:49:49 —-RSD—- C:WINDOWSassembly
2009-01-18 22:19:57 —-D—- C:WINDOWSWinSxS
2009-01-18 22:19:19 —-D—- C:Program FilesInternet Explorer
2009-01-18 17:48:30 —-RSD—- C:WINDOWSFonts
2009-01-18 17:44:15 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-17 16:12:13 —-D—- C:Program FilesCommon Files
2009-01-17 00:22:38 —-D—- C:Program FilesMessenger
2009-01-15 23:34:48 —-D—- C:Program FilesCOMODO
2009-01-13 00:17:24 —-D—- C:Program FilesKMPlayer
2009-01-12 21:27:51 —-D—- C:Program FilesAdobe
2009-01-12 00:23:43 —-SD—- C:Documents and SettingsМяушApplication DataMicrosoft
2009-01-11 23:49:26 —-D—- C:Program FilesStarCraft
2009-01-11 23:04:35 —-D—- C:Program FilesStarDict
2009-01-11 21:38:55 —-D—- C:Program FilesMicrosoft Office
2009-01-11 21:38:50 —-D—- C:WINDOWSShellNew
2009-01-11 21:04:08 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-01-11 20:39:41 —-SHD—- C:System Volume Information
2009-01-11 01:09:19 —-A—- C:WINDOWSModemLog_Sony Ericsson M600 USB Modem.txt
2009-01-11 00:56:32 —-HD—- C:BJPrinter
2009-01-10 14:02:58 —-D—- C:Program FilesCanon
2009-01-10 11:30:05 —-D—- C:WINDOWSsystem32NtmsData
2009-01-10 11:29:07 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-01-09 17:35:30 —-A—- C:WINDOWSsystem32MRT.exe
2009-01-09 15:09:17 —-D—- C:WINDOWSsystem32wbem
2009-01-09 14:37:08 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-01-09 14:21:06 —-A—- C:WINDOWSwin.ini
2009-01-09 14:20:43 —-D—- C:Program FilesCommon FilesSystem
2009-01-08 23:59:06 —-D—- C:Program FilesMicrosoft Baseline Security Analyzer 2
2009-01-08 15:15:23 —-A—- C:WINDOWSavisplitter.INI
2009-01-06 10:21:44 —-D—- C:WINDOWSsecurity
2008-12-31 11:27:51 —-D—- C:Program FilesCommon FilesLogitech
2008-12-29 07:57:51 —-D—- C:Program FilesSkype
2008-12-28 01:03:27 —-D—- C:Documents and Settings
2008-12-23 23:53:21 —-D—- C:Program FilesFastStone
2008-12-18 21:17:17 —-D—- C:WUTemp
2008-12-18 20:27:58 —-D—- C:Documents and SettingsМяушApplication DataYandex
2008-12-18 00:00:58 —-D—- C:Program FilesUpsPilot
2008-12-18 00:00:42 —-HD—- C:Program FilesZero G Registry
2008-12-12 22:32:32 —-D—- C:WINDOWSsystem
2008-12-12 20:33:23 —-A—- C:WINDOWSsystem32mshtml.dll
2008-12-10 20:12:57 —-D—- C:Documents and SettingsМяушApplication Datadvdcss
2008-12-08 21:00:34 —-D—- C:Program FilesOutlook Express
2008-12-08 12:53:32 —-A—- C:WINDOWSsystem32ff_vfw.dll
2008-11-24 21:52:46 —-D—- C:WINDOWSsystem32DirectX
2008-11-24 21:40:08 —-D—- C:WINDOWSsystem32Macromed
2008-11-24 00:39:52 —-SD—- C:WINDOWSDownloaded Program Files
2008-11-23 23:18:22 —-D—- C:WINDOWSehome
2008-11-23 11:28:35 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Corporation
2008-11-23 11:28:10 —-D—- C:Program FilesGabest
2008-11-23 11:27:16 —-D—- C:WINDOWSUlead.dat
2008-11-23 11:17:09 —-D—- C:Program FilesMozilla Thunderbird
2008-11-23 11:17:05 —-A—- C:WINDOWSWININIT.INI
2008-11-23 10:55:41 —-D—- C:Program FilesFree Download Manager
2008-11-23 10:53:59 —-D—- C:Documents and SettingsМяушApplication DataeMule
2008-11-23 10:53:20 —-D—- C:Program FilesCommon FilesAdaptec Shared
2008-11-23 10:50:44 —-D—- C:Program FilesDivX
2008-11-23 10:46:31 —-D—- C:Program FilesOCS
2008-11-23 10:45:00 —-D—- C:Program FilesAzureus
2008-11-18 00:31:59 —-D—- C:WINDOWSDebug
2008-11-17 23:45:54 —-D—- C:WINDOWSsystem32oobe
2008-11-17 23:45:53 —-A—- C:WINDOWSsetuplog.txt
2008-11-17 23:39:00 —-D—- C:Documents and SettingsAll UsersApplication DataWindows Genuine Advantage
2008-11-16 12:54:48 —-D—- C:Documents and SettingsМяушApplication DataWinamp
2008-11-16 11:18:36 —-D—- C:Program FilesWinRAR
2008-11-16 01:56:33 —-D—- C:Documents and SettingsМяушApplication DataATI
2008-11-16 01:51:31 —-D—- C:Program FilesATI Technologies
2008-11-15 23:16:55 —-D—- C:Program FilesCommon FilesAdobe
2008-11-15 00:27:00 —-D—- C:WINDOWSHelp======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:WINDOWSsystem32driversCdr4_xp.sys [2006-05-20 2432]
R1 Cdralw2k;Cdralw2k; C:WINDOWSsystem32driversCdralw2k.sys [2006-05-20 2560]
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 IKSysFlt;System Filter Driver; C:WINDOWSsystem32driversiksysflt.sys [2008-12-21 66952]
R1 IKSysSec;System Security Driver; C:WINDOWSsystem32driversiksyssec.sys [2008-12-21 81288]
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-03 36096]
R1 pctgntdi;pctgntdi; ??C:WINDOWSsystem32driverspctgntdi.sys []
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2004-05-05 4228]
R1 prodrv04;Star Force copy protection driver v4; C:WINDOWSSystem32driversprodrv04.sys [2004-04-16 114496]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [2003-12-10 17101]
R2 CdaC15BA;CdaC15BA; ??C:WINDOWSsystem32driversCdaC15BA.SYS []
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 ElbyCDIO;ElbyCDIO Driver; C:WINDOWSSystem32DriversElbyCDIO.sys [2004-07-22 9856]
R2 ETDrv;ETDrv; C:WINDOWSsystem32driversETDrv.sys [2003-04-07 151476]
R2 irda;IrDA Protocol; C:WINDOWSSystem32DRIVERSirda.sys [2004-08-03 87424]
R2 PCTAppEvent;PCTAppEvent Driver; ??C:WINDOWSsystem32driversPCTAppEvent.sys []
R2 PGPdisk;PGPdisk; C:WINDOWSsystem32driversPGPdisk.sys [2004-06-09 169120]
R2 PGPsdkDriver;PGPsdkDriver; C:WINDOWSSystem32DriversPGPsdk.sys [2004-06-09 26624]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2008-09-24 4122368]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
R3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2006-06-23 31488]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2006-01-19 10068]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys [2006-07-16 23040]
R3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys [2005-07-30 11988]
R3 E100B;Intel(R) PRO Adapter Driver; C:WINDOWSSystem32DRIVERSe100b325.sys [2003-03-04 145408]
R3 GVCplDrv;GVCplDrv; C:WINDOWSsystem32driversGVCplDrv.sys [2003-05-06 20156]
R3 itchfltr;iTouch Keyboard Filter; C:WINDOWSsystem32DRIVERSitchfltr.sys [2004-03-10 12953]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:WINDOWSSystem32DRIVERSL8042pr2.Sys [2003-12-17 51729]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:WINDOWSSystem32DRIVERSLMouFlt2.Sys [2003-12-17 70801]
R3 LVPr2Mon;LVPr2Mon Driver; C:WINDOWSsystem32DriversLVPr2Mon.sys [2008-12-16 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:WINDOWSsystem32DRIVERSlvrs.sys [2008-12-17 768024]
R3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys [2008-12-17 41752]
R3 pctplfw;pctplfw; ??C:WINDOWSsystem32driverspctplfw.sys []
R3 pepifilter;Volume Adapter; C:WINDOWSsystem32DRIVERSlv302af.sys [2008-12-17 13848]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2002-10-01 9856]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:WINDOWSsystem32DRIVERSLV302V32.SYS [2008-12-17 2686104]
R3 Rasirda;WAN Miniport (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 RegKill;RegKill; C:WINDOWSSystem32DriversRegKill.sys [2002-11-28 6400]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
R3 SFilter;PCTools Driver; C:WINDOWSsystem32DRIVERSpctfw.sys [2008-09-22 97408]
R3 SunkFilt;Alcor Micro Corp Reader; ??C:WINDOWSSystem32Driverssunkfilt.sys []
R3 USB_RNDIS;D-Link DSL Bridge/Router; C:WINDOWSsystem32DRIVERSusb8023.sys [2004-08-03 12672]
R3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2006-02-28 84836]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:WINDOWSsystem32DRIVERSzebrceb.sys [2008-01-15 63360]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S2 SVKP;SVKP; C:WINDOWSsystem32driversSVKP.sys []
S3 ACSET;ACS USB Smart Card Reader; C:WINDOWSsystem32DRIVERSacrusbxp.sys [2004-01-16 25728]
S3 ACSSCR;ACR38 Smart Card Reader; C:WINDOWSsystem32DRIVERSa38usbxp.sys [2004-04-30 24832]
S3 BOCDRIVE;BOClean Kernel Monitor.; ??Z:Program FilesComodoCBOCleanBOCDRIVE.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:WINDOWSsystem32DRIVERSbthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:WINDOWSSystem32DriversBTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-03 18944]
S3 BTNetFilter;Bluetooth Network Filter; ??C:Program FilesIVT CorporationBlueSoleilDeviceWin2kBTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSSystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 cxbu0wdm;CardMan 3×21; C:WINDOWSsystem32DRIVERScxbu0wdm.sys [2008-01-15 97792]
S3 ENTECH;ENTECH; ??C:WINDOWSSystem32DRIVERSENTECH.sys []
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 HidBth;Microsoft Bluetooth HID Miniport; C:WINDOWSsystem32DRIVERShidbth.sys [2004-08-03 25600]
S3 mouhid;Mouse HID Driver; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:WINDOWSSystem32DRIVERSMSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:WINDOWSSystem32DRIVERSNMnt.sys [2004-08-03 40320]
S3 P2k;Motorola USB Device; C:WINDOWSsystem32DRIVERSP2k.sys [2003-04-22 38016]
S3 Pantcgmtd;Pantcgmtd; C:WINDOWSsystem32driversk600whnt.sys [2005-05-11 5744]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-03 59648]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE31bus.sys [2006-05-01 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE31mdfl.sys [2006-05-01 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE31mdm.sys [2006-05-01 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE31mgmt.sys [2006-05-01 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS); C:WINDOWSsystem32DRIVERSse31nd5.sys [2006-05-01 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE31obex.sys [2006-05-01 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM); C:WINDOWSsystem32DRIVERSse31unic.sys [2006-05-01 90800]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 STIrUsb;STIrUsb.sys Tekram IR-410W USB-IrDA Adapter; C:WINDOWSSystem32DRIVERSirstusb.sys [2001-09-24 30088]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; ??C:WINDOWSsystem32DRIVERSTVICHW32.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSSystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;Motorola USB Modem Driver; C:WINDOWSsystem32DRIVERSusbser.sys [2004-08-03 25600]
S3 VHidMinidrv;Bluetooth HID Device Service; C:WINDOWSsystem32driversVHIDMini.sys [2005-07-29 11736]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:WINDOWSsystem32DRIVERSw800bus.sys [2005-09-07 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSw800mdfl.sys [2005-09-07 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:WINDOWSsystem32DRIVERSw800mdm.sys [2005-09-07 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:WINDOWSsystem32DRIVERSw800mgmt.sys [2005-09-07 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:WINDOWSsystem32DRIVERSw800obex.sys [2005-09-07 85664]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 zebrbus;Sony Ericsson Composite Device driver; C:WINDOWSsystem32DRIVERSzebrbus.sys [2008-10-02 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter; C:WINDOWSsystem32DRIVERSzebrmdfl.sys [2008-10-02 14848]
S3 zebrmdm;Sony Ericsson Port (WDM); C:WINDOWSsystem32DRIVERSzebrmdm.sys [2008-10-02 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:WINDOWSsystem32DRIVERSzebrmdmc.sys [2008-10-02 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port; C:WINDOWSsystem32DRIVERSzebrsce.sys [2008-10-02 91264]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;System Restore Filter Driver; C:WINDOWSSystem32DRIVERSsr.sys [2004-08-03 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:WINDOWSsystem32driversCDAC11BA.EXE [2005-01-18 54784]
R2 Diskeeper;Diskeeper; C:Program FilesExecutive SoftwareDiskeeperDkService.exe [2003-08-22 241664]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 Irmon;Infrared Monitor; C:WINDOWSSystem32svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; Z:Program FilesJavajre6binjqs.exe [2008-12-08 152984]
R2 LVPrcSrv;Process Monitor; C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe [2008-12-16 150040]
R2 NMSAccessU;NMSAccessU; Z:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; Z:Program FilesPC ToolsFirewall PlusFWService.exe [2008-12-11 146800]
R2 PGPserv;PGPserv; C:WINDOWSsystem32PGPserv.exe [2004-06-09 69632]
R2 sdAuxService;PC Tools Auxiliary Service; C:Program FilesSpyware DoctorpctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:Program FilesSpyware DoctorpctsSvc.exe [2008-12-21 1079176]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
S2 gupdate1c9652ad837e686;Google Update Service (gupdate1c9652ad837e686); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-02-02 133104]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-12-23 182768]
S2 mscgcosd;Devices Manager Service; C:WINDOWSsystem32mscgco.exe [2004-08-04 65536]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2004-04-22 68096]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 NetSvc;Intel NCS NetService; C:Program FilesIntelNCSSyncNetSvc.exe [2003-03-03 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 OracleClientCache80;OracleClientCache80; c:oracleproduct8.0.6BINONRSD80.EXE [2002-10-18 101136]
S3 OracleOracle9iR2ClientCache;OracleOracle9iR2ClientCache; c:oracleproduct9.2.0BINONRSD.EXE [2002-04-26 242328]
S3 OracleOracle9iR2HTTPServer;OracleOracle9iR2HTTPServer; c:oracleproduct9.2.0ApacheApacheapache.exe [2002-04-18 4096]
S3 OracleOracle9iR2PagingServer;OracleOracle9iR2PagingServer; c:oracleproduct9.2.0/bin/pagntsrv.exe [2002-05-13 49152]
S3 OracleOracle9iR2TNSListener;OracleOracle9iR2TNSListener; c:oracleproduct9.2.0BINTNSLSNR []
S3 OracleServiceCARBON;OracleServiceCARBON; c:oracleproduct9.2.0binORACLE.EXE [2002-05-14 29475088]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
EOF
После Malwarebytes’ Anti-Malware, но перед RSIT NOD32 снова сообщил:
02.02.2009 21:45:53 Фильтр HTTP файл http://ad.ox88.info/msusb.bin Win32/Adware.Coolezweb приложение соединение прервано — изолирован NT AUTHORITYSYSTEM Обнаружена угроза при попытке доступа в Интернет следующим приложением: C:WINDOWSsystem32svchost.exe.Вот лог программы OTMoveIt:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service afisicx stopped successfully.
Service afisicx deleted successfully.
Unable to stop service mscgcosd .
Service noytcyr stopped successfully.
Service noytcyr deleted successfully.
Service roytctm stopped successfully.
Service roytctm deleted successfully.
Service soxpeca stopped successfully.
Service soxpeca deleted successfully.
Service tdydowkc stopped successfully.
Service tdydowkc deleted successfully.
Service wsldoekd stopped successfully.
Service wsldoekd deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows\»AppInit_DLLS»|»» /E : value set successfully!
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifynnnliGYr\ deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa\»Authentication Packages»|hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,00 /E : value set successfully!
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{61564c3e-33bb-11dc-8553-000b0d6918bf}\ deleted successfully.
Registry key HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e9138ea2-7fdb-11db-8485-028037010300}\ deleted successfully.
========== FILES ==========
File/Folder C:WINDOWSsystem32afisicx.exe not found.
File move failed. C:WINDOWSsystem32mscgco.exe scheduled to be moved on reboot.
File/Folder C:WINDOWSsystem32noytcyr.exe not found.
File/Folder C:WINDOWSsystem32roytctm.exe not found.
File/Folder C:WINDOWSsystem32soxpeca.exe not found.
File/Folder C:WINDOWSsystem32tdydowkc.exe not found.
File/Folder C:WINDOWSsystem32wsldoekd.exe not found.
========== COMMANDS ==========
File delete failed. T:enforcerPerflib_Perfdata_3fc.dat scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStemplogishrdLVPrcInj07.dll scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempenforcerPerflib_Perfdata_3fc.dat scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempPerflib_Perfdata_544.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 02012009_183529
Files moved on Reboot…
File move failed. C:WINDOWSsystem32mscgco.exe scheduled to be moved on reboot.
File T:enforcerPerflib_Perfdata_3fc.dat not found!
File move failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be moved on reboot.
File C:WINDOWStemplogishrdLVPrcInj07.dll not found!
File C:WINDOWStempenforcerPerflib_Perfdata_3fc.dat not found!
File C:WINDOWStempPerflib_Perfdata_544.dat not found!Свежий лог RSIT:
Logfile of random’s system information tool 1.05 (written by random/random)
Run at 2009-02-01 18:47:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (19%) free of 42 GB
Total RAM: 1535 MB (43% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:15, on 01.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32SCardSvr.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesGoogleUpdateGoogleUpdate.exe
C:WINDOWSExplorer.EXE
Z:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
Z:Program FilesCDBurnerXPNMSAccessU.exe
Z:Program FilesPC ToolsFirewall PlusFWService.exe
C:WINDOWSsystem32PGPserv.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSnotepad.exe
C:Program FilesABBYY Lingvo 8.0Lvagent.exe
C:Program FilesSony EricssonMobile4Application LauncherApplication Launcher.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
Z:Program FilesLogitechiTouchiTouch.exe
C:WINDOWSsystem32rundll32.exe
Z:Program FilesJavajre6binjusched.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:WINDOWSSOUNDMAN.EXE
Z:Program FilesPC ToolsFirewall PlusFirewallGUI.exe
Z:Program FilesLogitechMouseWaresystemem_exec.exe
C:Program FilesMultimedia Card Readershwicon2k.exe
C:Program FilesLogitechQuickCamQuickcam.exe
C:Program FilesGoogleGoogle Talkgoogletalk.exe
C:Program FilesIntuwaveSharedmRouterRuntimemRouterConfig.exe
Z:Program FilesAusLogicsBoostSpeedboostspeed.exe
C:Program FilesSkypePhoneSkype.exe
Z:Program FilesipponMonitorippmon_0_99_6.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
C:Program FilesIntuwaveSharedmRouterRuntimemRouterRuntime.exe
Z:Program FilesOpenOffice.org 3programsoffice.exe
Z:Program FilesOpenOffice.org 3programsoffice.bin
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe
C:WINDOWSSystem32alg.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesCommon FilesTeleca Sharedlogger.exe
C:PROGRA~1SymbianSharedSYMBIA~1SYMBIA~1.EXE
C:PROGRA~1SymbianSharedSYMBIA~1SCBAL.exe
Z:Program FilesMozillaFirefoxfirefox.exe
C:Program FilesFARFar.exe
C:rsitrsit.exe
C:WINDOWSSystem32wbemwmiprvse.exe
Z:Program FilesHijackThisМяуш.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 — BHO: Adobe PDF Link Helper — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: IeCatch5 Class — {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} — Z:PROGRA~1FlashGetjccatch.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — Z:Program FilesJavajre6binssv.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — Z:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — Z:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: gFlash Class — {F156768E-81EF-470C-9057-481BA8380DBA} — Z:PROGRA~1FlashGetgetflash.dll
O3 — Toolbar: FlashGet Bar — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — Z:PROGRA~1FlashGetfgiebar.dll
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 8.0Lvagent.exe» /STARTUP
O4 — HKLM..Run: [NVRTCLK] C:WINDOWSsystem32NVRTCLKNVRTClk.exe
O4 — HKLM..Run: [PC Suite for Smartphones] «C:Program FilesSony EricssonMobile4Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [ZBrowser Launcher] Z:Program FilesLogitechiTouchiTouch.exe
O4 — HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [SunJavaUpdateSched] «Z:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [00PCTFW] «Z:Program FilesPC ToolsFirewall PlusFirewallGUI.exe» -s
O4 — HKLM..Run: [Sunkist2k] C:Program FilesMultimedia Card Readershwicon2k.exe
O4 — HKLM..Run: [googletalk] C:Program FilesGoogleGoogle Talkgoogletalk.exe /autostart
O4 — HKLM..Run: [LogitechQuickCamRibbon] «C:Program FilesLogitechQuickCamQuickcam.exe» /hide
O4 — HKLM..Run: [ISTray] «C:Program FilesSpyware DoctorpctsTray.exe»
O4 — HKCU..Run: [googletalk] «C:Program FilesGoogleGoogle Talkgoogletalk.exe» /autostart
O4 — HKCU..Run: [mRouterConfig] «C:Program FilesIntuwaveSharedmRouterRuntimemRouterConfig.exe»
O4 — HKCU..Run: [Auslogics BoostSpeed 4] Z:Program FilesAusLogicsBoostSpeedboostspeed.exe
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [IPPON MONITOR] Z:Program FilesipponMonitorippmon_0_99_6.exe
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘Default user’)
O4 — S-1-5-18 Startup: OpenOffice.org 3.0.lnk = Z:Program FilesOpenOffice.org 3programquickstart.exe (User ‘SYSTEM’)
O4 — .DEFAULT Startup: OpenOffice.org 3.0.lnk = Z:Program FilesOpenOffice.org 3programquickstart.exe (User ‘Default user’)
O4 — Startup: OpenOffice.org 3.0.lnk = Z:Program FilesOpenOffice.org 3programquickstart.exe
O4 — Global Startup: BlueSoleil.lnk = C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
O4 — Global Startup: Программа обновлений Google.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
O8 — Extra context menu item: &Download by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/201
O8 — Extra context menu item: &Grab video by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/204
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 — Extra context menu item: Add to Google Photos Screensa&ver — res://C:WINDOWSsystem32GPhotos.scr/200
O8 — Extra context menu item: Do&wnload selected by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/203
O8 — Extra context menu item: Down&load all by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/202
O8 — Extra context menu item: Easy-WebPrint Add To Print List — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 — Extra context menu item: Easy-WebPrint High Speed Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 — Extra context menu item: Easy-WebPrint Preview — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 — Extra context menu item: Easy-WebPrint Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O8 — Extra context menu item: Закачать все при помощи FlashGet — Z:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — Z:Program FilesFlashGetjc_link.htm
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra button: (no name) — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — (no file)
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — Z:PROGRA~1FlashGetflashget.exe
O9 — Extra ‘Tools’ menuitem: &FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — Z:PROGRA~1FlashGetflashget.exe
O9 — Extra button: eBay — Homepage — {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} — C:Program FilesIrfanViewEbayEbay.htm
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: Trashcan — {072F3B8A-2DA2-40e2-B841-88899F240200} — C:WINDOWSSystem32shdocvw.dll (HKCU)
O9 — Extra ‘Tools’ menuitem: Show Trashcan — {072F3B8A-2DA2-40e2-B841-88899F240200} — C:WINDOWSSystem32shdocvw.dll (HKCU)
O16 — DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) — http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098366764265
O17 — HKLMSystemCCSServicesTcpip..{5C8551BA-FDA3-4A35-9A79-EECDEE4F1FA7}: NameServer = 213.177.96.1,213.177.97.1
O18 — Protocol: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — Z:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: yandexcd — {E519DB43-CFF1-11D1-BE82-0000C0DF45F8} — C:WINDOWSYandexCD.dll
O23 — Service: Adobe LM Service — Unknown owner — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: C-DillaCdaC11BA — Macrovision — C:WINDOWSsystem32driversCDAC11BA.EXE
O23 — Service: Diskeeper — Executive Software International, Inc. — C:Program FilesExecutive SoftwareDiskeeperDkService.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Google Update Service (gupdate1c9652ad837e686) (gupdate1c9652ad837e686) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — Z:Program FilesJavajre6binjqs.exe
O23 — Service: Process Monitor (LVPrcSrv) — Logitech Inc. — C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
O23 — Service: Devices Manager Service (mscgcosd) — Unknown owner — C:WINDOWSsystem32mscgco.exe
O23 — Service: Intel NCS NetService (NetSvc) — Intel(R) Corporation — C:Program FilesIntelNCSSyncNetSvc.exe
O23 — Service: NMSAccessU — Unknown owner — Z:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: OracleClientCache80 — Unknown owner — c:oracleproduct8.0.6BINONRSD80.EXE
O23 — Service: OracleOracle9iR2ClientCache — Unknown owner — c:oracleproduct9.2.0BINONRSD.EXE
O23 — Service: OracleOracle9iR2HTTPServer — Unknown owner — c:oracleproduct9.2.0ApacheApacheapache.exe
O23 — Service: OracleOracle9iR2PagingServer — Unknown owner — c:oracleproduct9.2.0/bin/pagntsrv.exe
O23 — Service: OracleOracle9iR2TNSListener — Unknown owner — c:oracleproduct9.2.0BINTNSLSNR.exe
O23 — Service: OracleServiceCARBON — Oracle Corporation — c:oracleproduct9.2.0binORACLE.EXE
O23 — Service: PC Tools Firewall Plus (PCToolsFirewallPlus) — PC Tools — Z:Program FilesPC ToolsFirewall PlusFWService.exe
O23 — Service: PGPserv — PGP Corporation — C:WINDOWSsystem32PGPserv.exe
O23 — Service: PC Tools Auxiliary Service (sdAuxService) — PC Tools — C:Program FilesSpyware DoctorpctsAuxs.exe
O23 — Service: PC Tools Security Service (sdCoreService) — PC Tools — C:Program FilesSpyware DoctorpctsSvc.exe—
End of file — 13827 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogle Software Updater.job
C:WINDOWStasksGoogleUpdateTaskMachine.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class — Z:PROGRA~1FlashGetjccatch.dll [2006-05-16 81920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — Z:Program FilesJavajre6binssv.dll [2008-12-08 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll [2008-12-23 657904][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — Z:Program FilesJavajre6binjp2ssv.dll [2008-12-08 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — Z:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-12-08 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class — Z:PROGRA~1FlashGetgetflash.dll [2006-09-12 126976][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} — FlashGet Bar — Z:PROGRA~1FlashGetfgiebar.dll [2005-06-07 86016][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 8.0Lvagent.exe [2002-12-10 102400]
«NVRTCLK»=C:WINDOWSsystem32NVRTCLKNVRTClk.exe [2003-12-30 24576]
«PC Suite for Smartphones»=C:Program FilesSony EricssonMobile4Application LauncherApplication Launcher.exe [2007-12-25 548864]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-08-29 61440]
«ZBrowser Launcher»=Z:Program FilesLogitechiTouchiTouch.exe [2004-03-18 892928]
«Logitech Utility»=C:WINDOWSLogi_MwX.Exe [2003-12-17 19968]
«BluetoothAuthenticationAgent»=C:WINDOWSSYSTEM32bthprops.cpl [2004-08-04 110592]
«SunJavaUpdateSched»=Z:Program FilesJavajre6binjusched.exe [2008-12-08 136600]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2007-04-16 577536]
«00PCTFW»=Z:Program FilesPC ToolsFirewall PlusFirewallGUI.exe [2009-01-29 2652056]
«Sunkist2k»=C:Program FilesMultimedia Card Readershwicon2k.exe [2005-02-25 131072]
«googletalk»=C:Program FilesGoogleGoogle Talkgoogletalk.exe [2007-01-02 3739648]
«LogitechQuickCamRibbon»=C:Program FilesLogitechQuickCamQuickcam.exe [2008-12-20 2656528]
«ISTray»=C:Program FilesSpyware DoctorpctsTray.exe [2008-12-21 1168264][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«googletalk»=C:Program FilesGoogleGoogle Talkgoogletalk.exe [2007-01-02 3739648]
«mRouterConfig»=C:Program FilesIntuwaveSharedmRouterRuntimemRouterConfig.exe [2006-03-02 290816]
«Auslogics BoostSpeed 4″=Z:Program FilesAusLogicsBoostSpeedboostspeed.exe [2009-01-25 361584]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2008-11-07 21633320]
«IPPON MONITOR»=Z:Program FilesipponMonitorippmon_0_99_6.exe [2005-08-07 847360]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-11-03 68856]C:Documents and SettingsAll UsersStart MenuProgramsStartup
BlueSoleil.lnk — C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
Программа обновлений Google.lnk — C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exeC:Documents and SettingsМяушStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — Z:Program FilesOpenOffice.org 3programquickstart.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSSYSTEM32Ati2evxx.dll [2008-10-29 143360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSSYSTEM32WgaLogon.dll [2006-06-27 3584][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoInstrumentation»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesGoogleGoogle Talkgoogletalk.exe»=»C:Program FilesGoogleGoogle Talkgoogletalk.exe:*:Enabled:Google Talk»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«D:DOWNLOADutorrent-1.8.2.upx.exe»=»D:DOWNLOADutorrent-1.8.2.upx.exe:*:Enabled:чTorrent»
«Z:Program FilesuTorrentutorrent-1.8.2.upx.exe»=»Z:Program FilesuTorrentutorrent-1.8.2.upx.exe:*:Enabled:чTorrent»
«Z:Program FilesuTorrentuTorrent.exe»=»Z:Program FilesuTorrentuTorrent.exe:*:Enabled:чTorrent»
«C:Program FilesIntuwaveSharedmRouterRuntimemRouterRuntime.exe»=»C:Program FilesIntuwaveSharedmRouterRuntimemRouterRuntime.exe:*:Enabled:mRouterRuntime Module»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«Z:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»Z:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»======List of files/folders created in the last 3 months======
2009-02-01 18:08:10 —-D—- C:WINDOWSsystem32IOSUBSYS
2009-02-01 17:30:48 —-D—- C:Program FilesPanda Security
2009-02-01 16:20:25 —-A—- C:1.txt
2009-02-01 15:31:24 —-A—- C:WINDOWSsystem32lvci11901262.dll
2009-02-01 15:29:41 —-D—- C:Program FilesLogitech
2009-02-01 14:34:10 —-HDC—- C:WINDOWS$NtUninstallKB916089$
2009-02-01 00:01:22 —-D—- C:Program Filestrend micro
2009-02-01 00:01:13 —-D—- C:rsit
2009-01-29 09:16:10 —-A—- C:WINDOWSsystem32SSUBTMR6.DLL
2009-01-28 21:39:26 —-A—- C:WINDOWSsystem32aamd532.dll
2009-01-25 03:31:03 —-A—- C:_dele.bat
2009-01-23 21:59:44 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2009-01-17 22:54:12 —-HDC—- C:WINDOWS$NtUninstallKB937894$
2009-01-17 20:38:58 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-01-17 16:55:13 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-01-17 16:39:49 —-D—- C:Documents and SettingsМяушApplication DataPCToolsFirewallPlus
2009-01-17 16:22:50 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-01-17 16:12:13 —-D—- C:Program FilesCommon FilesPC Tools
2009-01-17 15:29:08 —-D—- C:WINDOWSsystem32en-US
2009-01-17 15:23:54 —-HDC—- C:WINDOWS$NtUninstallKB932823-v3$
2009-01-17 14:29:26 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2009-01-17 07:13:26 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-01-17 07:05:03 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-01-17 00:23:23 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2009-01-17 00:22:58 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-01-17 00:22:36 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-01-17 00:22:02 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-01-16 01:08:20 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-01-12 00:31:45 —-A—- C:WINDOWSScUnin.exe
2009-01-11 22:06:52 —-A—- C:WINDOWSsystem32pthreadGC2.dll
2009-01-11 21:03:46 —-D—- C:Program FilesRealtek AC97
2009-01-11 19:58:58 —-D—- C:Documents and SettingsМяушApplication DataStarDict
2009-01-11 19:54:00 —-D—- C:Program FilesCommon FilesAdobe AIR
2009-01-09 14:12:45 —-A—- C:WINDOWSsystem32msonpmon.dll
2009-01-09 14:06:15 —-D—- C:Program FilesMicrosoft Works
2009-01-09 14:05:53 —-D—- C:Program FilesMSBuild
2009-01-09 14:05:02 —-D—- C:Program FilesMicrosoft Visual Studio
2009-01-09 13:56:11 —-HDC—- C:WINDOWS$NtUninstallKB956391$
2009-01-09 13:52:45 —-D—- C:Program FilesMicrosoft Visual Studio 8
2009-01-09 13:48:37 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-01-09 13:46:30 —-RHD—- C:MSOCache
2009-01-09 13:21:49 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2009-01-09 13:15:06 —-HDC—- C:WINDOWS$NtUninstallKB954156_WM9L$
2009-01-09 12:17:22 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2009-01-09 12:10:35 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2009-01-09 11:23:08 —-HDC—- C:WINDOWS$NtUninstallKB943460$
2009-01-09 11:15:31 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-01-09 11:14:24 —-D—- C:Program FilesMicrosoft CAPICOM
2009-01-09 10:40:28 —-HDC—- C:WINDOWS$NtUninstallKB946026$
2009-01-09 10:39:03 —-HDC—- C:WINDOWS$NtUninstallKB950749$
2009-01-09 10:31:29 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-01-09 10:29:48 —-HDC—- C:WINDOWS$NtUninstallKB951698$
2009-01-09 01:38:52 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-01-06 17:05:16 —-D—- C:Documents and SettingsМяушApplication DataCanneverbe_Limited
2008-12-27 22:50:14 —-D—- C:Documents and SettingsМяушApplication DataWireshark
2008-12-27 17:52:47 —-D—- C:Documents and SettingsМяушApplication DataOpenCandy
2008-12-23 20:48:02 —-D—- C:Program FilesCommon FilesReal
2008-12-23 20:48:00 —-D—- C:Documents and SettingsМяушApplication DataReal
2008-12-23 20:17:07 —-D—- C:WINDOWSsystem32runtime
2008-12-23 20:17:05 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle
2008-12-18 21:20:05 —-HDC—- C:WINDOWS$NtUninstallKB910437$
2008-12-17 23:59:17 —-D—- C:Program FilesD-Link
2008-12-08 21:07:43 —-HDC—- C:WINDOWS$NtUninstallKB925902$
2008-12-08 21:06:50 —-HDC—- C:WINDOWS$NtUninstallKB931261$
2008-12-08 21:05:52 —-HDC—- C:WINDOWS$NtUninstallKB931784$
2008-12-08 21:04:54 —-HDC—- C:WINDOWS$NtUninstallKB938829$
2008-12-08 21:00:19 —-HDC—- C:WINDOWS$NtUninstallKB929123$
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32javaws.exe
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32javaw.exe
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32java.exe
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32deploytk.dll
2008-11-28 23:33:43 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2008-11-28 23:32:48 —-HDC—- C:WINDOWS$NtUninstallKB956390$
2008-11-28 21:43:09 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32LVUI2RC.dll
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32LVUI2.dll
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32lvcoinst.ini
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32lvcodec2.dll
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32lvci11801048.dll
2008-11-24 00:52:57 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2008-11-24 00:52:43 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2008-11-24 00:52:27 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2008-11-24 00:39:45 —-D—- C:WINDOWSsystem32Adobe
2008-11-23 23:01:13 —-HDC—- C:WINDOWS$NtUninstallKB894391$
2008-11-18 21:39:03 —-D—- C:Documents and SettingsМяушApplication DataInfraRecorder
2008-11-18 00:33:39 —-A—- C:WINDOWSUNBOC.EXE
2008-11-18 00:33:38 —-A—- C:WINDOWSCMDLIC.DLL
2008-11-18 00:31:59 —-D—- C:WINDOWSsystem32CatRoot_bak
2008-11-18 00:11:28 —-ASH—- C:WINDOWSsystem32rwqbvxwn.ini
2008-11-17 23:39:04 —-D—- C:Documents and SettingsAll UsersApplication DataOffice Genuine Advantage
2008-11-17 23:24:18 —-A—- C:WINDOWSsystem32WgaTray.exe
2008-11-17 23:24:18 —-A—- C:WINDOWSsystem32WgaLogon.dll
2008-11-17 23:11:07 —-ASH—- C:WINDOWSsystem32biubhwjc.ini
2008-11-17 01:08:44 —-ASH—- C:WINDOWSsystem32wigboxty.ini
2008-11-16 19:07:15 —-ASH—- C:WINDOWSsystem32qeatrkpp.ini
2008-11-16 19:06:26 —-A—- C:WINDOWSsystem32c7b26cf2-.txt
2008-11-16 19:05:12 —-ASH—- C:WINDOWSsystem32kTvyIRqr.ini2
2008-11-16 19:05:12 —-ASH—- C:WINDOWSsystem32kTvyIRqr.ini
2008-11-16 12:23:01 —-D—- C:OpenCandy
2008-11-16 11:25:46 —-D—- C:Documents and SettingsМяушApplication DataWinRAR
2008-11-16 01:56:33 —-D—- C:Documents and SettingsAll UsersApplication DataATI
2008-11-09 20:07:02 —-D—- C:Program FilesESET
2008-11-09 20:07:02 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2008-11-08 01:05:53 —-D—- C:Documents and SettingsAll UsersApplication DataAuslogics======List of files/folders modified in the last 3 months======
2009-02-01 18:44:19 —-D—- C:WINDOWSsystem32
2009-02-01 18:44:19 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-02-01 18:43:39 —-D—- C:Documents and SettingsМяушApplication DataSkype
2009-02-01 18:41:03 —-D—- C:WINDOWS
2009-02-01 18:40:49 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-02-01 18:40:30 —-A—- C:WINDOWSiTouch.ini
2009-02-01 18:39:54 —-D—- C:WINDOWSsystem32drivers
2009-02-01 18:39:35 —-SD—- C:WINDOWSTasks
2009-02-01 18:37:42 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-01 18:08:10 —-HD—- C:WINDOWSinf
2009-02-01 18:07:55 —-D—- C:Program Files
2009-02-01 17:30:50 —-D—- C:WINDOWSPrefetch
2009-02-01 16:22:43 —-D—- C:Documents and SettingsМяушApplication DataskypePM
2009-02-01 16:11:08 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-01 16:02:28 —-SHD—- C:WINDOWSInstaller
2009-02-01 16:02:06 —-D—- C:Program FilesCodeSaver
2009-02-01 15:33:50 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-02-01 15:32:46 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-01 15:32:41 —-D—- C:Program FilesCommon FilesLogiShrd
2009-02-01 15:32:25 —-D—- C:WINDOWSsystem32CatRoot
2009-02-01 15:29:33 —-D—- C:Documents and SettingsAll UsersApplication DataLogishrd
2009-02-01 13:41:12 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2009-01-31 19:59:42 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-01-31 19:56:12 —-D—- C:Documents and SettingsМяушApplication DataAdobe
2009-01-31 19:05:54 —-D—- C:Documents and SettingsМяушApplication DatauTorrent
2009-01-30 23:27:26 —-D—- C:Program FilesSpyware Doctor
2009-01-29 21:48:10 —-D—- C:Downloads
2009-01-29 20:34:53 —-D—- C:Documents and SettingsМяушApplication DataOrbit
2009-01-28 22:52:01 —-A—- C:WINDOWSNeroDigital.ini
2009-01-24 10:08:15 —-D—- C:WINDOWSsystem32config
2009-01-23 21:59:55 —-A—- C:WINDOWSimsins.BAK
2009-01-23 21:59:22 —-HD—- C:WINDOWS$hf_mig$
2009-01-18 22:49:59 —-D—- C:WINDOWSMicrosoft.NET
2009-01-18 22:49:49 —-RSD—- C:WINDOWSassembly
2009-01-18 22:19:57 —-D—- C:WINDOWSWinSxS
2009-01-18 22:19:19 —-D—- C:Program FilesInternet Explorer
2009-01-18 17:48:30 —-RSD—- C:WINDOWSFonts
2009-01-18 17:44:15 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-17 16:12:13 —-D—- C:Program FilesCommon Files
2009-01-17 00:22:38 —-D—- C:Program FilesMessenger
2009-01-15 23:34:48 —-D—- C:Program FilesCOMODO
2009-01-13 00:17:24 —-D—- C:Program FilesKMPlayer
2009-01-12 21:27:51 —-D—- C:Program FilesAdobe
2009-01-12 00:23:43 —-SD—- C:Documents and SettingsМяушApplication DataMicrosoft
2009-01-11 23:49:26 —-D—- C:Program FilesStarCraft
2009-01-11 23:04:35 —-D—- C:Program FilesStarDict
2009-01-11 21:38:55 —-D—- C:Program FilesMicrosoft Office
2009-01-11 21:38:50 —-D—- C:WINDOWSShellNew
2009-01-11 21:04:08 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-01-11 20:39:41 —-SHD—- C:System Volume Information
2009-01-11 01:09:19 —-A—- C:WINDOWSModemLog_Sony Ericsson M600 USB Modem.txt
2009-01-11 00:56:32 —-HD—- C:BJPrinter
2009-01-10 14:02:58 —-D—- C:Program FilesCanon
2009-01-10 11:30:05 —-D—- C:WINDOWSsystem32NtmsData
2009-01-10 11:29:07 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-01-09 17:35:30 —-A—- C:WINDOWSsystem32MRT.exe
2009-01-09 15:09:17 —-D—- C:WINDOWSsystem32wbem
2009-01-09 14:37:08 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-01-09 14:21:06 —-A—- C:WINDOWSwin.ini
2009-01-09 14:20:43 —-D—- C:Program FilesCommon FilesSystem
2009-01-08 23:59:06 —-D—- C:Program FilesMicrosoft Baseline Security Analyzer 2
2009-01-08 15:15:23 —-A—- C:WINDOWSavisplitter.INI
2009-01-06 10:21:44 —-D—- C:WINDOWSsecurity
2008-12-31 11:27:51 —-D—- C:Program FilesCommon FilesLogitech
2008-12-29 07:57:51 —-D—- C:Program FilesSkype
2008-12-28 01:03:27 —-D—- C:Documents and Settings
2008-12-23 23:53:21 —-D—- C:Program FilesFastStone
2008-12-23 21:18:42 —-D—- C:Program FilesGoogle
2008-12-18 21:17:17 —-D—- C:WUTemp
2008-12-18 20:27:58 —-D—- C:Documents and SettingsМяушApplication DataYandex
2008-12-18 00:00:58 —-D—- C:Program FilesUpsPilot
2008-12-18 00:00:42 —-HD—- C:Program FilesZero G Registry
2008-12-12 22:32:32 —-D—- C:WINDOWSsystem
2008-12-12 20:33:23 —-A—- C:WINDOWSsystem32mshtml.dll
2008-12-10 20:12:57 —-D—- C:Documents and SettingsМяушApplication Datadvdcss
2008-12-08 21:00:34 —-D—- C:Program FilesOutlook Express
2008-12-08 12:53:32 —-A—- C:WINDOWSsystem32ff_vfw.dll
2008-11-24 21:52:46 —-D—- C:WINDOWSsystem32DirectX
2008-11-24 21:40:08 —-D—- C:WINDOWSsystem32Macromed
2008-11-24 00:39:52 —-SD—- C:WINDOWSDownloaded Program Files
2008-11-23 23:18:22 —-D—- C:WINDOWSehome
2008-11-23 11:28:35 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Corporation
2008-11-23 11:28:10 —-D—- C:Program FilesGabest
2008-11-23 11:27:16 —-D—- C:WINDOWSUlead.dat
2008-11-23 11:17:09 —-D—- C:Program FilesMozilla Thunderbird
2008-11-23 11:17:05 —-A—- C:WINDOWSWININIT.INI
2008-11-23 10:55:41 —-D—- C:Program FilesFree Download Manager
2008-11-23 10:53:59 —-D—- C:Documents and SettingsМяушApplication DataeMule
2008-11-23 10:53:20 —-D—- C:Program FilesCommon FilesAdaptec Shared
2008-11-23 10:50:44 —-D—- C:Program FilesDivX
2008-11-23 10:46:31 —-D—- C:Program FilesOCS
2008-11-23 10:45:00 —-D—- C:Program FilesAzureus
2008-11-18 00:31:59 —-D—- C:WINDOWSDebug
2008-11-17 23:45:54 —-D—- C:WINDOWSsystem32oobe
2008-11-17 23:45:53 —-A—- C:WINDOWSsetuplog.txt
2008-11-17 23:39:00 —-D—- C:Documents and SettingsAll UsersApplication DataWindows Genuine Advantage
2008-11-16 12:54:48 —-D—- C:Documents and SettingsМяушApplication DataWinamp
2008-11-16 11:18:36 —-D—- C:Program FilesWinRAR
2008-11-16 01:56:33 —-D—- C:Documents and SettingsМяушApplication DataATI
2008-11-16 01:51:31 —-D—- C:Program FilesATI Technologies
2008-11-15 23:16:55 —-D—- C:Program FilesCommon FilesAdobe
2008-11-15 00:27:00 —-D—- C:WINDOWSHelp======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:WINDOWSsystem32driversCdr4_xp.sys [2006-05-20 2432]
R1 Cdralw2k;Cdralw2k; C:WINDOWSsystem32driversCdralw2k.sys [2006-05-20 2560]
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 IKSysFlt;System Filter Driver; C:WINDOWSsystem32driversiksysflt.sys [2008-12-21 66952]
R1 IKSysSec;System Security Driver; C:WINDOWSsystem32driversiksyssec.sys [2008-12-21 81288]
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-03 36096]
R1 pctgntdi;pctgntdi; ??C:WINDOWSsystem32driverspctgntdi.sys []
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2004-05-05 4228]
R1 prodrv04;Star Force copy protection driver v4; C:WINDOWSSystem32driversprodrv04.sys [2004-04-16 114496]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [2003-12-10 17101]
R2 CdaC15BA;CdaC15BA; ??C:WINDOWSsystem32driversCdaC15BA.SYS []
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 ElbyCDIO;ElbyCDIO Driver; C:WINDOWSSystem32DriversElbyCDIO.sys [2004-07-22 9856]
R2 ETDrv;ETDrv; C:WINDOWSsystem32driversETDrv.sys [2003-04-07 151476]
R2 irda;IrDA Protocol; C:WINDOWSSystem32DRIVERSirda.sys [2004-08-03 87424]
R2 PCTAppEvent;PCTAppEvent Driver; ??C:WINDOWSsystem32driversPCTAppEvent.sys []
R2 PGPdisk;PGPdisk; C:WINDOWSsystem32driversPGPdisk.sys [2004-06-09 169120]
R2 PGPsdkDriver;PGPsdkDriver; C:WINDOWSSystem32DriversPGPsdk.sys [2004-06-09 26624]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2008-09-24 4122368]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
R3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2006-06-23 31488]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2006-01-19 10068]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys [2006-07-16 23040]
R3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys [2005-07-30 11988]
R3 E100B;Intel(R) PRO Adapter Driver; C:WINDOWSSystem32DRIVERSe100b325.sys [2003-03-04 145408]
R3 GVCplDrv;GVCplDrv; C:WINDOWSsystem32driversGVCplDrv.sys [2003-05-06 20156]
R3 itchfltr;iTouch Keyboard Filter; C:WINDOWSsystem32DRIVERSitchfltr.sys [2004-03-10 12953]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:WINDOWSSystem32DRIVERSL8042pr2.Sys [2003-12-17 51729]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:WINDOWSSystem32DRIVERSLMouFlt2.Sys [2003-12-17 70801]
R3 LVPr2Mon;LVPr2Mon Driver; C:WINDOWSsystem32DriversLVPr2Mon.sys [2008-12-16 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:WINDOWSsystem32DRIVERSlvrs.sys [2008-12-17 768024]
R3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys [2008-12-17 41752]
R3 pctplfw;pctplfw; ??C:WINDOWSsystem32driverspctplfw.sys []
R3 pepifilter;Volume Adapter; C:WINDOWSsystem32DRIVERSlv302af.sys [2008-12-17 13848]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2002-10-01 9856]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:WINDOWSsystem32DRIVERSLV302V32.SYS [2008-12-17 2686104]
R3 Rasirda;WAN Miniport (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 RegKill;RegKill; C:WINDOWSSystem32DriversRegKill.sys [2002-11-28 6400]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
R3 SFilter;PCTools Driver; C:WINDOWSsystem32DRIVERSpctfw.sys [2008-09-22 97408]
R3 SunkFilt;Alcor Micro Corp Reader; ??C:WINDOWSSystem32Driverssunkfilt.sys []
R3 USB_RNDIS;D-Link DSL Bridge/Router; C:WINDOWSsystem32DRIVERSusb8023.sys [2004-08-03 12672]
R3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2006-02-28 84836]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:WINDOWSsystem32DRIVERSzebrceb.sys [2008-01-15 63360]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S2 SVKP;SVKP; C:WINDOWSsystem32driversSVKP.sys []
S3 ACSET;ACS USB Smart Card Reader; C:WINDOWSsystem32DRIVERSacrusbxp.sys [2004-01-16 25728]
S3 ACSSCR;ACR38 Smart Card Reader; C:WINDOWSsystem32DRIVERSa38usbxp.sys [2004-04-30 24832]
S3 BOCDRIVE;BOClean Kernel Monitor.; ??Z:Program FilesComodoCBOCleanBOCDRIVE.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:WINDOWSsystem32DRIVERSbthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:WINDOWSSystem32DriversBTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-03 18944]
S3 BTNetFilter;Bluetooth Network Filter; ??C:Program FilesIVT CorporationBlueSoleilDeviceWin2kBTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSSystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 cxbu0wdm;CardMan 3×21; C:WINDOWSsystem32DRIVERScxbu0wdm.sys [2008-01-15 97792]
S3 ENTECH;ENTECH; ??C:WINDOWSSystem32DRIVERSENTECH.sys []
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 HidBth;Microsoft Bluetooth HID Miniport; C:WINDOWSsystem32DRIVERShidbth.sys [2004-08-03 25600]
S3 mouhid;Mouse HID Driver; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:WINDOWSSystem32DRIVERSMSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:WINDOWSSystem32DRIVERSNMnt.sys [2004-08-03 40320]
S3 P2k;Motorola USB Device; C:WINDOWSsystem32DRIVERSP2k.sys [2003-04-22 38016]
S3 Pantcgmtd;Pantcgmtd; C:WINDOWSsystem32driversk600whnt.sys [2005-05-11 5744]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-03 59648]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE31bus.sys [2006-05-01 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE31mdfl.sys [2006-05-01 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE31mdm.sys [2006-05-01 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE31mgmt.sys [2006-05-01 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS); C:WINDOWSsystem32DRIVERSse31nd5.sys [2006-05-01 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE31obex.sys [2006-05-01 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM); C:WINDOWSsystem32DRIVERSse31unic.sys [2006-05-01 90800]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 STIrUsb;STIrUsb.sys Tekram IR-410W USB-IrDA Adapter; C:WINDOWSSystem32DRIVERSirstusb.sys [2001-09-24 30088]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; ??C:WINDOWSsystem32DRIVERSTVICHW32.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSSystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;Motorola USB Modem Driver; C:WINDOWSsystem32DRIVERSusbser.sys [2004-08-03 25600]
S3 VHidMinidrv;Bluetooth HID Device Service; C:WINDOWSsystem32driversVHIDMini.sys [2005-07-29 11736]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:WINDOWSsystem32DRIVERSw800bus.sys [2005-09-07 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSw800mdfl.sys [2005-09-07 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:WINDOWSsystem32DRIVERSw800mdm.sys [2005-09-07 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:WINDOWSsystem32DRIVERSw800mgmt.sys [2005-09-07 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:WINDOWSsystem32DRIVERSw800obex.sys [2005-09-07 85664]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 zebrbus;Sony Ericsson Composite Device driver; C:WINDOWSsystem32DRIVERSzebrbus.sys [2008-10-02 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter; C:WINDOWSsystem32DRIVERSzebrmdfl.sys [2008-10-02 14848]
S3 zebrmdm;Sony Ericsson Port (WDM); C:WINDOWSsystem32DRIVERSzebrmdm.sys [2008-10-02 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:WINDOWSsystem32DRIVERSzebrmdmc.sys [2008-10-02 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port; C:WINDOWSsystem32DRIVERSzebrsce.sys [2008-10-02 91264]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;System Restore Filter Driver; C:WINDOWSSystem32DRIVERSsr.sys [2004-08-03 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:WINDOWSsystem32driversCDAC11BA.EXE [2005-01-18 54784]
R2 Diskeeper;Diskeeper; C:Program FilesExecutive SoftwareDiskeeperDkService.exe [2003-08-22 241664]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 Irmon;Infrared Monitor; C:WINDOWSSystem32svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; Z:Program FilesJavajre6binjqs.exe [2008-12-08 152984]
R2 LVPrcSrv;Process Monitor; C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe [2008-12-16 150040]
R2 NMSAccessU;NMSAccessU; Z:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; Z:Program FilesPC ToolsFirewall PlusFWService.exe [2008-12-11 146800]
R2 PGPserv;PGPserv; C:WINDOWSsystem32PGPserv.exe [2004-06-09 69632]
R2 sdAuxService;PC Tools Auxiliary Service; C:Program FilesSpyware DoctorpctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:Program FilesSpyware DoctorpctsSvc.exe [2008-12-21 1079176]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
S2 gupdate1c9652ad837e686;Google Update Service (gupdate1c9652ad837e686); C:Program FilesGoogleUpdateGoogleUpdate.exe [2008-12-23 119280]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-12-23 182768]
S2 mscgcosd;Devices Manager Service; C:WINDOWSsystem32mscgco.exe [2004-08-04 65536]
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2004-04-22 68096]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 NetSvc;Intel NCS NetService; C:Program FilesIntelNCSSyncNetSvc.exe [2003-03-03 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 OracleClientCache80;OracleClientCache80; c:oracleproduct8.0.6BINONRSD80.EXE [2002-10-18 101136]
S3 OracleOracle9iR2ClientCache;OracleOracle9iR2ClientCache; c:oracleproduct9.2.0BINONRSD.EXE [2002-04-26 242328]
S3 OracleOracle9iR2HTTPServer;OracleOracle9iR2HTTPServer; c:oracleproduct9.2.0ApacheApacheapache.exe [2002-04-18 4096]
S3 OracleOracle9iR2PagingServer;OracleOracle9iR2PagingServer; c:oracleproduct9.2.0/bin/pagntsrv.exe [2002-05-13 49152]
S3 OracleOracle9iR2TNSListener;OracleOracle9iR2TNSListener; c:oracleproduct9.2.0BINTNSLSNR []
S3 OracleServiceCARBON;OracleServiceCARBON; c:oracleproduct9.2.0binORACLE.EXE [2002-05-14 29475088]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
EOF
NOD32 по-прежнему «ругается»
01.02.2009 18:49:47 Фильтр HTTP файл http://ad.ox88.info/msusb.bin Win32/Adware.Coolezweb приложение соединение прервано - изолирован NT AUTHORITYSYSTEM Обнаружена угроза при попытке доступа в Интернет следующим приложением: C:WINDOWSsystem32svchost.exe.
Logfile of random’s system information tool 1.05 (written by random/random)
Run at 2009-02-01 16:40:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (19%) free of 42 GB
Total RAM: 1535 MB (44% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:03, on 01.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32SCardSvr.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesGoogleUpdateGoogleUpdate.exe
Z:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
Z:Program FilesCDBurnerXPNMSAccessU.exe
Z:Program FilesPC ToolsFirewall PlusFWService.exe
C:WINDOWSsystem32PGPserv.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wuauclt.exe
C:Program FilesABBYY Lingvo 8.0Lvagent.exe
C:Program FilesSony EricssonMobile4Application LauncherApplication Launcher.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
Z:Program FilesLogitechiTouchiTouch.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:WINDOWSsystem32rundll32.exe
Z:Program FilesJavajre6binjusched.exe
C:WINDOWSSOUNDMAN.EXE
Z:Program FilesPC ToolsFirewall PlusFirewallGUI.exe
Z:Program FilesLogitechMouseWaresystemem_exec.exe
C:Program FilesMultimedia Card Readershwicon2k.exe
C:Program FilesGoogleGoogle Talkgoogletalk.exe
C:Program FilesLogitechQuickCamQuickcam.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:Program FilesIntuwaveSharedmRouterRuntimemRouterConfig.exe
Z:Program FilesAusLogicsBoostSpeedboostspeed.exe
C:Program FilesSkypePhoneSkype.exe
Z:Program FilesipponMonitorippmon_0_99_6.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
C:Program FilesIntuwaveSharedmRouterRuntimemRouterRuntime.exe
C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe
Z:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesCommon FilesTeleca Sharedlogger.exe
Z:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:PROGRA~1SymbianSharedSYMBIA~1SYMBIA~1.EXE
C:PROGRA~1SymbianSharedSYMBIA~1SCBAL.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesFARFar.exe
Z:Program FilesMozillaFirefoxfirefox.exe
Z:Program FilesJavajre6binjava.exe
C:rsitrsit.exe
C:WINDOWSSystem32wbemwmiprvse.exe
Z:Program FilesHijackThisМяуш.exeR0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 — BHO: Adobe PDF Link Helper — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: IeCatch5 Class — {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} — Z:PROGRA~1FlashGetjccatch.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — Z:Program FilesJavajre6binssv.dll
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — Z:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — Z:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: gFlash Class — {F156768E-81EF-470C-9057-481BA8380DBA} — Z:PROGRA~1FlashGetgetflash.dll
O3 — Toolbar: FlashGet Bar — {E0E899AB-F487-11D5-8D29-0050BA6940E3} — Z:PROGRA~1FlashGetfgiebar.dll
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [Lingvo Launcher] «C:Program FilesABBYY Lingvo 8.0Lvagent.exe» /STARTUP
O4 — HKLM..Run: [NVRTCLK] C:WINDOWSsystem32NVRTCLKNVRTClk.exe
O4 — HKLM..Run: [PC Suite for Smartphones] «C:Program FilesSony EricssonMobile4Application LauncherApplication Launcher.exe» /startoptions
O4 — HKLM..Run: [egui] «C:Program FilesESETESET NOD32 Antivirusegui.exe» /hide /waitservice
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 9.0ReaderReader_sl.exe»
O4 — HKLM..Run: [StartCCC] «C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe» MSRun
O4 — HKLM..Run: [ZBrowser Launcher] Z:Program FilesLogitechiTouchiTouch.exe
O4 — HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 — HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 — HKLM..Run: [SunJavaUpdateSched] «Z:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 — HKLM..Run: [00PCTFW] «Z:Program FilesPC ToolsFirewall PlusFirewallGUI.exe» -s
O4 — HKLM..Run: [Sunkist2k] C:Program FilesMultimedia Card Readershwicon2k.exe
O4 — HKLM..Run: [googletalk] C:Program FilesGoogleGoogle Talkgoogletalk.exe /autostart
O4 — HKLM..Run: [LogitechQuickCamRibbon] «C:Program FilesLogitechQuickCamQuickcam.exe» /hide
O4 — HKLM..Run: [ISTray] «C:Program FilesSpyware DoctorpctsTray.exe»
O4 — HKCU..Run: [googletalk] «C:Program FilesGoogleGoogle Talkgoogletalk.exe» /autostart
O4 — HKCU..Run: [mRouterConfig] «C:Program FilesIntuwaveSharedmRouterRuntimemRouterConfig.exe»
O4 — HKCU..Run: [Auslogics BoostSpeed 4] Z:Program FilesAusLogicsBoostSpeedboostspeed.exe
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKCU..Run: [IPPON MONITOR] Z:Program FilesipponMonitorippmon_0_99_6.exe
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘Default user’)
O4 — S-1-5-18 Startup: OpenOffice.org 3.0.lnk = Z:Program FilesOpenOffice.org 3programquickstart.exe (User ‘SYSTEM’)
O4 — .DEFAULT Startup: OpenOffice.org 3.0.lnk = Z:Program FilesOpenOffice.org 3programquickstart.exe (User ‘Default user’)
O4 — Startup: OpenOffice.org 3.0.lnk = Z:Program FilesOpenOffice.org 3programquickstart.exe
O4 — Global Startup: BlueSoleil.lnk = C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
O4 — Global Startup: Программа обновлений Google.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
O8 — Extra context menu item: &Download by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/201
O8 — Extra context menu item: &Grab video by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/204
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 — Extra context menu item: Add to Google Photos Screensa&ver — res://C:WINDOWSsystem32GPhotos.scr/200
O8 — Extra context menu item: Do&wnload selected by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/203
O8 — Extra context menu item: Down&load all by Orbit — res://C:Program FilesOrbitDownloaderorbitmxt.dll/202
O8 — Extra context menu item: Easy-WebPrint Add To Print List — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 — Extra context menu item: Easy-WebPrint High Speed Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 — Extra context menu item: Easy-WebPrint Preview — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 — Extra context menu item: Easy-WebPrint Print — res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O8 — Extra context menu item: Закачать все при помощи FlashGet — Z:Program FilesFlashGetjc_all.htm
O8 — Extra context menu item: Закачать при помощи FlashGet — Z:Program FilesFlashGetjc_link.htm
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 — Extra button: (no name) — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — (no file)
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 — Extra button: FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — Z:PROGRA~1FlashGetflashget.exe
O9 — Extra ‘Tools’ menuitem: &FlashGet — {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} — Z:PROGRA~1FlashGetflashget.exe
O9 — Extra button: eBay — Homepage — {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} — C:Program FilesIrfanViewEbayEbay.htm
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra button: Trashcan — {072F3B8A-2DA2-40e2-B841-88899F240200} — C:WINDOWSSystem32shdocvw.dll (HKCU)
O9 — Extra ‘Tools’ menuitem: Show Trashcan — {072F3B8A-2DA2-40e2-B841-88899F240200} — C:WINDOWSSystem32shdocvw.dll (HKCU)
O16 — DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) — http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098366764265
O17 — HKLMSystemCCSServicesTcpip..{5C8551BA-FDA3-4A35-9A79-EECDEE4F1FA7}: NameServer = 213.177.96.1,213.177.97.1
O18 — Protocol: bwfile-8876480 — {9462A756-7B47-47BC-8C80-C34B9B80B32B} — Z:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Protocol: yandexcd — {E519DB43-CFF1-11D1-BE82-0000C0DF45F8} — C:WINDOWSYandexCD.dll
O20 — AppInit_DLLs:
O20 — Winlogon Notify: nnnliGYr — nnnliGYr.dll (file missing)
O23 — Service: Adobe LM Service — Unknown owner — C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 — Service: afisicx — Unknown owner — C:WINDOWSsystem32afisicx.exe (file missing)
O23 — Service: Ati HotKey Poller — ATI Technologies Inc. — C:WINDOWSsystem32Ati2evxx.exe
O23 — Service: ATI Smart — Unknown owner — C:WINDOWSsystem32ati2sgag.exe
O23 — Service: BlueSoleil Hid Service — Unknown owner — C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 — Service: C-DillaCdaC11BA — Macrovision — C:WINDOWSsystem32driversCDAC11BA.EXE
O23 — Service: Diskeeper — Executive Software International, Inc. — C:Program FilesExecutive SoftwareDiskeeperDkService.exe
O23 — Service: Eset HTTP Server (EhttpSrv) — ESET — C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 — Service: Eset Service (ekrn) — ESET — C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 — Service: Google Update Service (gupdate1c9652ad837e686) (gupdate1c9652ad837e686) — Google Inc. — C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 — Service: Google Software Updater (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — Z:Program FilesJavajre6binjqs.exe
O23 — Service: Process Monitor (LVPrcSrv) — Logitech Inc. — C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
O23 — Service: Devices Manager Service (mscgcosd) — Unknown owner — C:WINDOWSsystem32mscgco.exe
O23 — Service: Intel NCS NetService (NetSvc) — Intel(R) Corporation — C:Program FilesIntelNCSSyncNetSvc.exe
O23 — Service: NMSAccessU — Unknown owner — Z:Program FilesCDBurnerXPNMSAccessU.exe
O23 — Service: noytcyr — Unknown owner — C:WINDOWSsystem32noytcyr.exe (file missing)
O23 — Service: OracleClientCache80 — Unknown owner — c:oracleproduct8.0.6BINONRSD80.EXE
O23 — Service: OracleOracle9iR2ClientCache — Unknown owner — c:oracleproduct9.2.0BINONRSD.EXE
O23 — Service: OracleOracle9iR2HTTPServer — Unknown owner — c:oracleproduct9.2.0ApacheApacheapache.exe
O23 — Service: OracleOracle9iR2PagingServer — Unknown owner — c:oracleproduct9.2.0/bin/pagntsrv.exe
O23 — Service: OracleOracle9iR2TNSListener — Unknown owner — c:oracleproduct9.2.0BINTNSLSNR.exe
O23 — Service: OracleServiceCARBON — Oracle Corporation — c:oracleproduct9.2.0binORACLE.EXE
O23 — Service: PC Tools Firewall Plus (PCToolsFirewallPlus) — PC Tools — Z:Program FilesPC ToolsFirewall PlusFWService.exe
O23 — Service: PGPserv — PGP Corporation — C:WINDOWSsystem32PGPserv.exe
O23 — Service: roytctm — Unknown owner — C:WINDOWSsystem32roytctm.exe (file missing)
O23 — Service: PC Tools Auxiliary Service (sdAuxService) — PC Tools — C:Program FilesSpyware DoctorpctsAuxs.exe
O23 — Service: PC Tools Security Service (sdCoreService) — PC Tools — C:Program FilesSpyware DoctorpctsSvc.exe
O23 — Service: soxpeca — Unknown owner — C:WINDOWSsystem32soxpeca.exe (file missing)
O23 — Service: tdydowkc — Unknown owner — C:WINDOWSsystem32tdydowkc.exe (file missing)
O23 — Service: wsldoekd — Unknown owner — C:WINDOWSsystem32wsldoekd.exe (file missing)—
End of file — 14435 bytes======Scheduled tasks folder======
C:WINDOWStasksGoogle Software Updater.job
C:WINDOWStasksGoogleUpdateTaskMachine.job======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class — Z:PROGRA~1FlashGetjccatch.dll [2006-05-16 81920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — Z:Program FilesJavajre6binssv.dll [2008-12-08 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll [2008-12-23 657904][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — Z:Program FilesJavajre6binjp2ssv.dll [2008-12-08 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — Z:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-12-08 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class — Z:PROGRA~1FlashGetgetflash.dll [2006-09-12 126976][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} — FlashGet Bar — Z:PROGRA~1FlashGetfgiebar.dll [2005-06-07 86016][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]
«Lingvo Launcher»=C:Program FilesABBYY Lingvo 8.0Lvagent.exe [2002-12-10 102400]
«NVRTCLK»=C:WINDOWSsystem32NVRTCLKNVRTClk.exe [2003-12-30 24576]
«PC Suite for Smartphones»=C:Program FilesSony EricssonMobile4Application LauncherApplication Launcher.exe [2007-12-25 548864]
«egui»=C:Program FilesESETESET NOD32 Antivirusegui.exe [2008-07-01 1447168]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-08-29 61440]
«ZBrowser Launcher»=Z:Program FilesLogitechiTouchiTouch.exe [2004-03-18 892928]
«Logitech Utility»=C:WINDOWSLogi_MwX.Exe [2003-12-17 19968]
«BluetoothAuthenticationAgent»=C:WINDOWSSYSTEM32bthprops.cpl [2004-08-04 110592]
«SunJavaUpdateSched»=Z:Program FilesJavajre6binjusched.exe [2008-12-08 136600]
«SoundMan»=C:WINDOWSSOUNDMAN.EXE [2007-04-16 577536]
«00PCTFW»=Z:Program FilesPC ToolsFirewall PlusFirewallGUI.exe [2009-01-29 2652056]
«Sunkist2k»=C:Program FilesMultimedia Card Readershwicon2k.exe [2005-02-25 131072]
«googletalk»=C:Program FilesGoogleGoogle Talkgoogletalk.exe [2007-01-02 3739648]
«LogitechQuickCamRibbon»=C:Program FilesLogitechQuickCamQuickcam.exe [2008-12-20 2656528]
«ISTray»=C:Program FilesSpyware DoctorpctsTray.exe [2008-12-21 1168264][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«googletalk»=C:Program FilesGoogleGoogle Talkgoogletalk.exe [2007-01-02 3739648]
«mRouterConfig»=C:Program FilesIntuwaveSharedmRouterRuntimemRouterConfig.exe [2006-03-02 290816]
«Auslogics BoostSpeed 4″=Z:Program FilesAusLogicsBoostSpeedboostspeed.exe [2009-01-25 361584]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2008-11-07 21633320]
«IPPON MONITOR»=Z:Program FilesipponMonitorippmon_0_99_6.exe [2005-08-07 847360]
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-11-03 68856]C:Documents and SettingsAll UsersStart MenuProgramsStartup
BlueSoleil.lnk — C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
Программа обновлений Google.lnk — C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exeC:Documents and SettingsМяушStart MenuProgramsStartup
OpenOffice.org 3.0.lnk — Z:Program FilesOpenOffice.org 3programquickstart.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
«AppInit_DLLS»=» «[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSSYSTEM32Ati2evxx.dll [2008-10-29 143360][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifynnnliGYr]
nnnliGYr.dll [][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSSYSTEM32WgaLogon.dll [2006-06-27 3584][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«authentication packages»=msv1_0
C:WINDOWSsystem32rqRIyvTk[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdauxservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworksdcoreservice]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145
«NoInstrumentation»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program FilesGoogleGoogle Talkgoogletalk.exe»=»C:Program FilesGoogleGoogle Talkgoogletalk.exe:*:Enabled:Google Talk»
«C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe»=»C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil»
«D:DOWNLOADutorrent-1.8.2.upx.exe»=»D:DOWNLOADutorrent-1.8.2.upx.exe:*:Enabled:чTorrent»
«Z:Program FilesuTorrentutorrent-1.8.2.upx.exe»=»Z:Program FilesuTorrentutorrent-1.8.2.upx.exe:*:Enabled:чTorrent»
«Z:Program FilesuTorrentuTorrent.exe»=»Z:Program FilesuTorrentuTorrent.exe:*:Enabled:чTorrent»
«C:Program FilesIntuwaveSharedmRouterRuntimemRouterRuntime.exe»=»C:Program FilesIntuwaveSharedmRouterRuntimemRouterRuntime.exe:*:Enabled:mRouterRuntime Module»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«Z:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe»=»Z:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{61564c3e-33bb-11dc-8553-000b0d6918bf}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SanDisk.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e9138ea2-7fdb-11db-8485-028037010300}]
shellAutoRuncommand — Q:umenu.exe======List of files/folders created in the last 3 months======
2009-02-01 16:20:25 —-A—- C:1.txt
2009-02-01 15:31:24 —-A—- C:WINDOWSsystem32lvci11901262.dll
2009-02-01 15:29:41 —-D—- C:Program FilesLogitech
2009-02-01 14:34:10 —-HDC—- C:WINDOWS$NtUninstallKB916089$
2009-02-01 00:01:22 —-D—- C:Program Filestrend micro
2009-02-01 00:01:13 —-D—- C:rsit
2009-01-29 09:16:10 —-A—- C:WINDOWSsystem32SSUBTMR6.DLL
2009-01-28 21:39:26 —-A—- C:WINDOWSsystem32aamd532.dll
2009-01-25 03:31:03 —-A—- C:_dele.bat
2009-01-23 21:59:44 —-HDC—- C:WINDOWS$NtUninstallKB955839$
2009-01-17 22:54:12 —-HDC—- C:WINDOWS$NtUninstallKB937894$
2009-01-17 20:38:58 —-HDC—- C:WINDOWS$NtUninstallKB952069_WM9$
2009-01-17 16:55:13 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-01-17 16:39:49 —-D—- C:Documents and SettingsМяушApplication DataPCToolsFirewallPlus
2009-01-17 16:22:50 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-01-17 16:12:13 —-D—- C:Program FilesCommon FilesPC Tools
2009-01-17 15:29:08 —-D—- C:WINDOWSsystem32en-US
2009-01-17 15:23:54 —-HDC—- C:WINDOWS$NtUninstallKB932823-v3$
2009-01-17 14:29:26 —-HDC—- C:WINDOWS$NtUninstallKB956841$
2009-01-17 07:13:26 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-01-17 07:05:03 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-01-17 00:23:23 —-HDC—- C:WINDOWS$NtUninstallKB954211$
2009-01-17 00:22:58 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-01-17 00:22:36 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-01-17 00:22:02 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-01-16 01:08:20 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-01-12 00:31:45 —-A—- C:WINDOWSScUnin.exe
2009-01-11 22:06:52 —-A—- C:WINDOWSsystem32pthreadGC2.dll
2009-01-11 21:03:46 —-D—- C:Program FilesRealtek AC97
2009-01-11 19:58:58 —-D—- C:Documents and SettingsМяушApplication DataStarDict
2009-01-11 19:54:00 —-D—- C:Program FilesCommon FilesAdobe AIR
2009-01-09 14:12:45 —-A—- C:WINDOWSsystem32msonpmon.dll
2009-01-09 14:06:15 —-D—- C:Program FilesMicrosoft Works
2009-01-09 14:05:53 —-D—- C:Program FilesMSBuild
2009-01-09 14:05:02 —-D—- C:Program FilesMicrosoft Visual Studio
2009-01-09 13:56:11 —-HDC—- C:WINDOWS$NtUninstallKB956391$
2009-01-09 13:52:45 —-D—- C:Program FilesMicrosoft Visual Studio 8
2009-01-09 13:48:37 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-01-09 13:46:30 —-RHD—- C:MSOCache
2009-01-09 13:21:49 —-HDC—- C:WINDOWS$NtUninstallKB960714$
2009-01-09 13:15:06 —-HDC—- C:WINDOWS$NtUninstallKB954156_WM9L$
2009-01-09 12:17:22 —-HDC—- C:WINDOWS$NtUninstallKB958215$
2009-01-09 12:10:35 —-HDC—- C:WINDOWS$NtUninstallKB941569$
2009-01-09 11:23:08 —-HDC—- C:WINDOWS$NtUninstallKB943460$
2009-01-09 11:15:31 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-01-09 11:14:24 —-D—- C:Program FilesMicrosoft CAPICOM
2009-01-09 10:40:28 —-HDC—- C:WINDOWS$NtUninstallKB946026$
2009-01-09 10:39:03 —-HDC—- C:WINDOWS$NtUninstallKB950749$
2009-01-09 10:31:29 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-01-09 10:29:48 —-HDC—- C:WINDOWS$NtUninstallKB951698$
2009-01-09 01:38:52 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-01-06 17:05:16 —-D—- C:Documents and SettingsМяушApplication DataCanneverbe_Limited
2008-12-27 22:50:14 —-D—- C:Documents and SettingsМяушApplication DataWireshark
2008-12-27 17:52:47 —-D—- C:Documents and SettingsМяушApplication DataOpenCandy
2008-12-23 20:48:02 —-D—- C:Program FilesCommon FilesReal
2008-12-23 20:48:00 —-D—- C:Documents and SettingsМяушApplication DataReal
2008-12-23 20:17:07 —-D—- C:WINDOWSsystem32runtime
2008-12-23 20:17:05 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle
2008-12-18 21:20:05 —-HDC—- C:WINDOWS$NtUninstallKB910437$
2008-12-17 23:59:17 —-D—- C:Program FilesD-Link
2008-12-08 21:07:43 —-HDC—- C:WINDOWS$NtUninstallKB925902$
2008-12-08 21:06:50 —-HDC—- C:WINDOWS$NtUninstallKB931261$
2008-12-08 21:05:52 —-HDC—- C:WINDOWS$NtUninstallKB931784$
2008-12-08 21:04:54 —-HDC—- C:WINDOWS$NtUninstallKB938829$
2008-12-08 21:00:19 —-HDC—- C:WINDOWS$NtUninstallKB929123$
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32javaws.exe
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32javaw.exe
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32java.exe
2008-12-08 20:05:16 —-A—- C:WINDOWSsystem32deploytk.dll
2008-11-28 23:33:43 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2008-11-28 23:32:48 —-HDC—- C:WINDOWS$NtUninstallKB956390$
2008-11-28 21:43:09 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32LVUI2RC.dll
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32LVUI2.dll
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32lvcoinst.ini
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32lvcodec2.dll
2008-11-25 22:55:42 —-A—- C:WINDOWSsystem32lvci11801048.dll
2008-11-24 00:52:57 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2008-11-24 00:52:43 —-HDC—- C:WINDOWS$NtUninstallKB938464$
2008-11-24 00:52:27 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2008-11-24 00:39:45 —-D—- C:WINDOWSsystem32Adobe
2008-11-23 23:01:13 —-HDC—- C:WINDOWS$NtUninstallKB894391$
2008-11-18 21:39:03 —-D—- C:Documents and SettingsМяушApplication DataInfraRecorder
2008-11-18 00:33:39 —-A—- C:WINDOWSUNBOC.EXE
2008-11-18 00:33:38 —-A—- C:WINDOWSCMDLIC.DLL
2008-11-18 00:31:59 —-D—- C:WINDOWSsystem32CatRoot_bak
2008-11-18 00:11:28 —-ASH—- C:WINDOWSsystem32rwqbvxwn.ini
2008-11-17 23:39:04 —-D—- C:Documents and SettingsAll UsersApplication DataOffice Genuine Advantage
2008-11-17 23:24:18 —-A—- C:WINDOWSsystem32WgaTray.exe
2008-11-17 23:24:18 —-A—- C:WINDOWSsystem32WgaLogon.dll
2008-11-17 23:11:07 —-ASH—- C:WINDOWSsystem32biubhwjc.ini
2008-11-17 01:08:44 —-ASH—- C:WINDOWSsystem32wigboxty.ini
2008-11-16 19:07:15 —-ASH—- C:WINDOWSsystem32qeatrkpp.ini
2008-11-16 19:06:26 —-A—- C:WINDOWSsystem32c7b26cf2-.txt
2008-11-16 19:05:12 —-ASH—- C:WINDOWSsystem32kTvyIRqr.ini2
2008-11-16 19:05:12 —-ASH—- C:WINDOWSsystem32kTvyIRqr.ini
2008-11-16 12:23:01 —-D—- C:OpenCandy
2008-11-16 11:25:46 —-D—- C:Documents and SettingsМяушApplication DataWinRAR
2008-11-16 01:56:33 —-D—- C:Documents and SettingsAll UsersApplication DataATI
2008-11-09 20:07:02 —-D—- C:Program FilesESET
2008-11-09 20:07:02 —-D—- C:Documents and SettingsAll UsersApplication DataESET
2008-11-08 01:05:53 —-D—- C:Documents and SettingsAll UsersApplication DataAuslogics======List of files/folders modified in the last 3 months======
2009-02-01 16:39:37 —-D—- C:Documents and SettingsМяушApplication DataSkype
2009-02-01 16:33:26 —-AD—- C:Documents and SettingsAll UsersApplication DataTEMP
2009-02-01 16:22:43 —-D—- C:Documents and SettingsМяушApplication DataskypePM
2009-02-01 16:21:56 —-A—- C:WINDOWSiTouch.ini
2009-02-01 16:13:33 —-D—- C:WINDOWSsystem32
2009-02-01 16:13:33 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-02-01 16:11:41 —-D—- C:WINDOWSPrefetch
2009-02-01 16:11:08 —-D—- C:WINDOWSsystem32CatRoot2
2009-02-01 16:09:54 —-D—- C:WINDOWSsystem32drivers
2009-02-01 16:08:48 —-SD—- C:WINDOWSTasks
2009-02-01 16:06:58 —-A—- C:WINDOWSSchedLgU.Txt
2009-02-01 16:02:59 —-HD—- C:WINDOWSinf
2009-02-01 16:02:28 —-SHD—- C:WINDOWSInstaller
2009-02-01 16:02:06 —-D—- C:Program FilesCodeSaver
2009-02-01 15:48:06 —-D—- C:WINDOWS
2009-02-01 15:47:55 —-D—- C:Program Files
2009-02-01 15:33:50 —-DC—- C:WINDOWSsystem32DRVSTORE
2009-02-01 15:32:46 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-02-01 15:32:41 —-D—- C:Program FilesCommon FilesLogiShrd
2009-02-01 15:32:25 —-D—- C:WINDOWSsystem32CatRoot
2009-02-01 15:29:33 —-D—- C:Documents and SettingsAll UsersApplication DataLogishrd
2009-02-01 13:41:12 —-D—- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2009-01-31 19:59:42 —-D—- C:Documents and SettingsAll UsersApplication DataAdobe
2009-01-31 19:56:12 —-D—- C:Documents and SettingsМяушApplication DataAdobe
2009-01-31 19:05:54 —-D—- C:Documents and SettingsМяушApplication DatauTorrent
2009-01-30 23:27:26 —-D—- C:Program FilesSpyware Doctor
2009-01-29 21:48:10 —-D—- C:Downloads
2009-01-29 20:34:53 —-D—- C:Documents and SettingsМяушApplication DataOrbit
2009-01-28 22:52:01 —-A—- C:WINDOWSNeroDigital.ini
2009-01-24 10:08:15 —-D—- C:WINDOWSsystem32config
2009-01-23 21:59:55 —-A—- C:WINDOWSimsins.BAK
2009-01-23 21:59:22 —-HD—- C:WINDOWS$hf_mig$
2009-01-18 22:49:59 —-D—- C:WINDOWSMicrosoft.NET
2009-01-18 22:49:49 —-RSD—- C:WINDOWSassembly
2009-01-18 22:19:57 —-D—- C:WINDOWSWinSxS
2009-01-18 22:19:19 —-D—- C:Program FilesInternet Explorer
2009-01-18 17:48:30 —-RSD—- C:WINDOWSFonts
2009-01-18 17:44:15 —-HD—- C:Program FilesInstallShield Installation Information
2009-01-17 16:12:13 —-D—- C:Program FilesCommon Files
2009-01-17 00:22:38 —-D—- C:Program FilesMessenger
2009-01-15 23:34:48 —-D—- C:Program FilesCOMODO
2009-01-13 00:17:24 —-D—- C:Program FilesKMPlayer
2009-01-12 21:27:51 —-D—- C:Program FilesAdobe
2009-01-12 00:23:43 —-SD—- C:Documents and SettingsМяушApplication DataMicrosoft
2009-01-11 23:49:26 —-D—- C:Program FilesStarCraft
2009-01-11 23:04:35 —-D—- C:Program FilesStarDict
2009-01-11 21:38:55 —-D—- C:Program FilesMicrosoft Office
2009-01-11 21:38:50 —-D—- C:WINDOWSShellNew
2009-01-11 21:04:08 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-01-11 20:39:41 —-SHD—- C:System Volume Information
2009-01-11 01:09:19 —-A—- C:WINDOWSModemLog_Sony Ericsson M600 USB Modem.txt
2009-01-11 00:56:32 —-HD—- C:BJPrinter
2009-01-10 14:02:58 —-D—- C:Program FilesCanon
2009-01-10 11:30:05 —-D—- C:WINDOWSsystem32NtmsData
2009-01-10 11:29:07 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-01-09 17:35:30 —-A—- C:WINDOWSsystem32MRT.exe
2009-01-09 15:09:17 —-D—- C:WINDOWSsystem32wbem
2009-01-09 14:37:08 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-01-09 14:21:06 —-A—- C:WINDOWSwin.ini
2009-01-09 14:20:43 —-D—- C:Program FilesCommon FilesSystem
2009-01-08 23:59:06 —-D—- C:Program FilesMicrosoft Baseline Security Analyzer 2
2009-01-08 15:15:23 —-A—- C:WINDOWSavisplitter.INI
2009-01-06 10:21:44 —-D—- C:WINDOWSsecurity
2008-12-31 11:27:51 —-D—- C:Program FilesCommon FilesLogitech
2008-12-29 07:57:51 —-D—- C:Program FilesSkype
2008-12-28 01:03:27 —-D—- C:Documents and Settings
2008-12-23 23:53:21 —-D—- C:Program FilesFastStone
2008-12-23 21:18:42 —-D—- C:Program FilesGoogle
2008-12-18 21:17:17 —-D—- C:WUTemp
2008-12-18 20:27:58 —-D—- C:Documents and SettingsМяушApplication DataYandex
2008-12-18 00:00:58 —-D—- C:Program FilesUpsPilot
2008-12-18 00:00:42 —-HD—- C:Program FilesZero G Registry
2008-12-12 22:32:32 —-D—- C:WINDOWSsystem
2008-12-12 20:33:23 —-A—- C:WINDOWSsystem32mshtml.dll
2008-12-10 20:12:57 —-D—- C:Documents and SettingsМяушApplication Datadvdcss
2008-12-08 21:00:34 —-D—- C:Program FilesOutlook Express
2008-12-08 12:53:32 —-A—- C:WINDOWSsystem32ff_vfw.dll
2008-11-24 21:52:46 —-D—- C:WINDOWSsystem32DirectX
2008-11-24 21:40:08 —-D—- C:WINDOWSsystem32Macromed
2008-11-24 00:39:52 —-SD—- C:WINDOWSDownloaded Program Files
2008-11-23 23:18:22 —-D—- C:WINDOWSehome
2008-11-23 11:28:35 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Corporation
2008-11-23 11:28:10 —-D—- C:Program FilesGabest
2008-11-23 11:27:16 —-D—- C:WINDOWSUlead.dat
2008-11-23 11:17:09 —-D—- C:Program FilesMozilla Thunderbird
2008-11-23 11:17:05 —-A—- C:WINDOWSWININIT.INI
2008-11-23 10:55:41 —-D—- C:Program FilesFree Download Manager
2008-11-23 10:53:59 —-D—- C:Documents and SettingsМяушApplication DataeMule
2008-11-23 10:53:20 —-D—- C:Program FilesCommon FilesAdaptec Shared
2008-11-23 10:50:44 —-D—- C:Program FilesDivX
2008-11-23 10:46:31 —-D—- C:Program FilesOCS
2008-11-23 10:45:00 —-D—- C:Program FilesAzureus
2008-11-18 00:31:59 —-D—- C:WINDOWSDebug
2008-11-17 23:45:54 —-D—- C:WINDOWSsystem32oobe
2008-11-17 23:45:53 —-A—- C:WINDOWSsetuplog.txt
2008-11-17 23:39:00 —-D—- C:Documents and SettingsAll UsersApplication DataWindows Genuine Advantage
2008-11-16 12:54:48 —-D—- C:Documents and SettingsМяушApplication DataWinamp
2008-11-16 11:18:36 —-D—- C:Program FilesWinRAR
2008-11-16 01:56:33 —-D—- C:Documents and SettingsМяушApplication DataATI
2008-11-16 01:51:31 —-D—- C:Program FilesATI Technologies
2008-11-15 23:16:55 —-D—- C:Program FilesCommon FilesAdobe
2008-11-15 00:27:00 —-D—- C:WINDOWSHelp======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:WINDOWSsystem32driversCdr4_xp.sys [2006-05-20 2432]
R1 Cdralw2k;Cdralw2k; C:WINDOWSsystem32driversCdralw2k.sys [2006-05-20 2560]
R1 easdrv;easdrv; C:WINDOWSsystem32DRIVERSeasdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-07-01 34312]
R1 IKSysFlt;System Filter Driver; C:WINDOWSsystem32driversiksysflt.sys [2008-12-21 66952]
R1 IKSysSec;System Security Driver; C:WINDOWSsystem32driversiksyssec.sys [2008-12-21 81288]
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-03 36096]
R1 pctgntdi;pctgntdi; ??C:WINDOWSsystem32driverspctgntdi.sys []
R1 PQNTDrv;PQNTDrv; C:WINDOWSsystem32driversPQNTDrv.sys [2004-05-05 4228]
R1 prodrv04;Star Force copy protection driver v4; C:WINDOWSSystem32driversprodrv04.sys [2004-04-16 114496]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [2003-12-10 17101]
R2 CdaC15BA;CdaC15BA; ??C:WINDOWSsystem32driversCdaC15BA.SYS []
R2 eamon;EAMON; C:WINDOWSsystem32DRIVERSeamon.sys [2008-07-01 39944]
R2 ElbyCDIO;ElbyCDIO Driver; C:WINDOWSSystem32DriversElbyCDIO.sys [2004-07-22 9856]
R2 ETDrv;ETDrv; C:WINDOWSsystem32driversETDrv.sys [2003-04-07 151476]
R2 irda;IrDA Protocol; C:WINDOWSSystem32DRIVERSirda.sys [2004-08-03 87424]
R2 PCTAppEvent;PCTAppEvent Driver; ??C:WINDOWSsystem32driversPCTAppEvent.sys []
R2 PGPdisk;PGPdisk; C:WINDOWSsystem32driversPGPdisk.sys [2004-06-09 169120]
R2 PGPsdkDriver;PGPsdkDriver; C:WINDOWSSystem32DriversPGPsdk.sys [2004-06-09 26624]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2008-09-24 4122368]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-10-29 3341824]
R3 BlueletAudio;Bluetooth Audio Service; C:WINDOWSsystem32DRIVERSblueletaudio.sys [2006-06-23 31488]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:WINDOWSsystem32DRIVERSBlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys [2006-01-19 10068]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys [2006-07-16 23040]
R3 BTHidEnum;Bluetooth HID Enumerator; C:WINDOWSsystem32DRIVERSvbtenum.sys [2005-07-30 11988]
R3 E100B;Intel(R) PRO Adapter Driver; C:WINDOWSSystem32DRIVERSe100b325.sys [2003-03-04 145408]
R3 GVCplDrv;GVCplDrv; C:WINDOWSsystem32driversGVCplDrv.sys [2003-05-06 20156]
R3 itchfltr;iTouch Keyboard Filter; C:WINDOWSsystem32DRIVERSitchfltr.sys [2004-03-10 12953]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:WINDOWSSystem32DRIVERSL8042pr2.Sys [2003-12-17 51729]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:WINDOWSSystem32DRIVERSLMouFlt2.Sys [2003-12-17 70801]
R3 LVPr2Mon;LVPr2Mon Driver; C:WINDOWSsystem32DriversLVPr2Mon.sys [2008-12-16 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:WINDOWSsystem32DRIVERSlvrs.sys [2008-12-17 768024]
R3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys [2008-12-17 41752]
R3 pctplfw;pctplfw; ??C:WINDOWSsystem32driverspctplfw.sys []
R3 pepifilter;Volume Adapter; C:WINDOWSsystem32DRIVERSlv302af.sys [2008-12-17 13848]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2002-10-01 9856]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:WINDOWSsystem32DRIVERSLV302V32.SYS [2008-12-17 2686104]
R3 Rasirda;WAN Miniport (IrDA); C:WINDOWSSystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 RegKill;RegKill; C:WINDOWSSystem32DriversRegKill.sys [2002-11-28 6400]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:WINDOWSSystem32DriversRootMdm.sys [2001-08-23 5888]
R3 SFilter;PCTools Driver; C:WINDOWSsystem32DRIVERSpctfw.sys [2008-09-22 97408]
R3 SunkFilt;Alcor Micro Corp Reader; ??C:WINDOWSSystem32Driverssunkfilt.sys []
R3 USB_RNDIS;D-Link DSL Bridge/Router; C:WINDOWSsystem32DRIVERSusb8023.sys [2004-08-03 12672]
R3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys [2006-02-28 84836]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:WINDOWSsystem32DRIVERSzebrceb.sys [2008-01-15 63360]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S2 SVKP;SVKP; C:WINDOWSsystem32driversSVKP.sys []
S3 ACSET;ACS USB Smart Card Reader; C:WINDOWSsystem32DRIVERSacrusbxp.sys [2004-01-16 25728]
S3 ACSSCR;ACR38 Smart Card Reader; C:WINDOWSsystem32DRIVERSa38usbxp.sys [2004-04-30 24832]
S3 BOCDRIVE;BOClean Kernel Monitor.; ??Z:Program FilesComodoCBOCleanBOCDRIVE.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:WINDOWSsystem32DRIVERSBthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:WINDOWSsystem32DRIVERSbthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:WINDOWSsystem32DRIVERSbthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:WINDOWSSystem32DriversBTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:WINDOWSSystem32DriversBTHUSB.sys [2004-08-03 18944]
S3 BTNetFilter;Bluetooth Network Filter; ??C:Program FilesIVT CorporationBlueSoleilDeviceWin2kBTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSSystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 cxbu0wdm;CardMan 3×21; C:WINDOWSsystem32DRIVERScxbu0wdm.sys [2008-01-15 97792]
S3 ENTECH;ENTECH; ??C:WINDOWSSystem32DRIVERSENTECH.sys []
S3 gdrv;gdrv; ??C:WINDOWSgdrv.sys []
S3 HidBth;Microsoft Bluetooth HID Miniport; C:WINDOWSsystem32DRIVERShidbth.sys [2004-08-03 25600]
S3 mouhid;Mouse HID Driver; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:WINDOWSsystem32driversmsmpu401.sys [2001-08-17 2944]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:WINDOWSSystem32DRIVERSMSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:WINDOWSSystem32DRIVERSNMnt.sys [2004-08-03 40320]
S3 P2k;Motorola USB Device; C:WINDOWSsystem32DRIVERSP2k.sys [2003-04-22 38016]
S3 Pantcgmtd;Pantcgmtd; C:WINDOWSsystem32driversk600whnt.sys [2005-05-11 5744]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:WINDOWSsystem32DRIVERSrfcomm.sys [2004-08-03 59648]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM); C:WINDOWSsystem32DRIVERSSE31bus.sys [2006-05-01 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSSE31mdfl.sys [2006-05-01 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver; C:WINDOWSsystem32DRIVERSSE31mdm.sys [2006-05-01 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM); C:WINDOWSsystem32DRIVERSSE31mgmt.sys [2006-05-01 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS); C:WINDOWSsystem32DRIVERSse31nd5.sys [2006-05-01 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface; C:WINDOWSsystem32DRIVERSSE31obex.sys [2006-05-01 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM); C:WINDOWSsystem32DRIVERSse31unic.sys [2006-05-01 90800]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 STIrUsb;STIrUsb.sys Tekram IR-410W USB-IrDA Adapter; C:WINDOWSSystem32DRIVERSirstusb.sys [2001-09-24 30088]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; ??C:WINDOWSsystem32DRIVERSTVICHW32.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSSystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbser;Motorola USB Modem Driver; C:WINDOWSsystem32DRIVERSusbser.sys [2004-08-03 25600]
S3 VHidMinidrv;Bluetooth HID Device Service; C:WINDOWSsystem32driversVHIDMini.sys [2005-07-29 11736]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:WINDOWSsystem32DRIVERSw800bus.sys [2005-09-07 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:WINDOWSsystem32DRIVERSw800mdfl.sys [2005-09-07 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:WINDOWSsystem32DRIVERSw800mdm.sys [2005-09-07 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:WINDOWSsystem32DRIVERSw800mgmt.sys [2005-09-07 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:WINDOWSsystem32DRIVERSw800obex.sys [2005-09-07 85664]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 zebrbus;Sony Ericsson Composite Device driver; C:WINDOWSsystem32DRIVERSzebrbus.sys [2008-10-02 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter; C:WINDOWSsystem32DRIVERSzebrmdfl.sys [2008-10-02 14848]
S3 zebrmdm;Sony Ericsson Port (WDM); C:WINDOWSsystem32DRIVERSzebrmdm.sys [2008-10-02 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:WINDOWSsystem32DRIVERSzebrmdmc.sys [2008-10-02 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port; C:WINDOWSsystem32DRIVERSzebrsce.sys [2008-10-02 91264]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 sr;System Restore Filter Driver; C:WINDOWSSystem32DRIVERSsr.sys [2004-08-03 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-10-29 585728]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:Program FilesIVT CorporationBlueSoleilBTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:WINDOWSsystem32driversCDAC11BA.EXE [2005-01-18 54784]
R2 Diskeeper;Diskeeper; C:Program FilesExecutive SoftwareDiskeeperDkService.exe [2003-08-22 241664]
R2 ekrn;Eset Service; C:Program FilesESETESET NOD32 Antivirusekrn.exe [2008-07-01 468224]
R2 Irmon;Infrared Monitor; C:WINDOWSSystem32svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; Z:Program FilesJavajre6binjqs.exe [2008-12-08 152984]
R2 LVPrcSrv;Process Monitor; C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe [2008-12-16 150040]
R2 NMSAccessU;NMSAccessU; Z:Program FilesCDBurnerXPNMSAccessU.exe [2008-10-20 71096]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; Z:Program FilesPC ToolsFirewall PlusFWService.exe [2008-12-11 146800]
R2 PGPserv;PGPserv; C:WINDOWSsystem32PGPserv.exe [2004-06-09 69632]
R2 sdAuxService;PC Tools Auxiliary Service; C:Program FilesSpyware DoctorpctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:Program FilesSpyware DoctorpctsSvc.exe [2008-12-21 1079176]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
S2 afisicx;afisicx; C:WINDOWSsystem32afisicx.exe []
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-10-28 593920]
S2 gupdate1c9652ad837e686;Google Update Service (gupdate1c9652ad837e686); C:Program FilesGoogleUpdateGoogleUpdate.exe [2008-12-23 119280]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-12-23 182768]
S2 mscgcosd;Devices Manager Service; C:WINDOWSsystem32mscgco.exe [2004-08-04 65536]
S2 noytcyr;noytcyr; C:WINDOWSsystem32noytcyr.exe []
S2 roytctm;roytctm; C:WINDOWSsystem32roytctm.exe []
S2 soxpeca;soxpeca; C:WINDOWSsystem32soxpeca.exe []
S2 tdydowkc;tdydowkc; C:WINDOWSsystem32tdydowkc.exe []
S2 wsldoekd;wsldoekd; C:WINDOWSsystem32wsldoekd.exe []
S3 Adobe LM Service;Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [2004-04-22 68096]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 NetSvc;Intel NCS NetService; C:Program FilesIntelNCSSyncNetSvc.exe [2003-03-03 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 OracleClientCache80;OracleClientCache80; c:oracleproduct8.0.6BINONRSD80.EXE [2002-10-18 101136]
S3 OracleOracle9iR2ClientCache;OracleOracle9iR2ClientCache; c:oracleproduct9.2.0BINONRSD.EXE [2002-04-26 242328]
S3 OracleOracle9iR2HTTPServer;OracleOracle9iR2HTTPServer; c:oracleproduct9.2.0ApacheApacheapache.exe [2002-04-18 4096]
S3 OracleOracle9iR2PagingServer;OracleOracle9iR2PagingServer; c:oracleproduct9.2.0/bin/pagntsrv.exe [2002-05-13 49152]
S3 OracleOracle9iR2TNSListener;OracleOracle9iR2TNSListener; c:oracleproduct9.2.0BINTNSLSNR []
S3 OracleServiceCARBON;OracleServiceCARBON; c:oracleproduct9.2.0binORACLE.EXE [2002-05-14 29475088]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
EOF
info.txt logfile of random's system information tool 1.05 2009-02-01 00:48:01
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
@BIOS-->C:WINDOWSIsUninst.exe -f"C:Program FilesGigabyteGigabyte Windows Utility ManagerbiosUninst.isu"
-->C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
7-Zip 4.57-->"Z:Program Files7-ZipUninstall.exe"
ABBYY Lingvo 8.0 English-Russian Edition-->MsiExec.exe /I{E87E8336-6DF9-4906-B1B2-61F53588D2C5}
abcAVI-->"C:Program FilesabcAVIunins000.exe"
Adobe AIR-->C:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{EFB21DE7-8C19-4A88-BB28-A766E16493BC}setup.exe" -l0x9
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:WINDOWSsystem32adobeSHOCKW~1UNWISE.EXE C:WINDOWSsystem32AdobeSHOCKW~1Install.log
Age of Wonders II-->G:Age of Wonders IIaow2Uninstall.exe
Antanta GOLD-->"G:BukaAntanta GOLDunins000.exe"
Application Loader V1.4-->"C:Program FilesOberthurCSApplication Loader1.4Uninstallunins000.exe"
ArcSoft VideoImpression 2-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6762AB61-2BE9-45D8-B9F2-24014324CD35}setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe" -l0x575c
ATI Display Driver-->rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
aTuner (remove only)-->"Z:Program FilesaTunerUninstall aTuner.exe"
Audacity 1.2.6-->"Z:Program FilesAudacityunins000.exe"
Auslogics BoostSpeed-->"Z:Program FilesAusLogicsBoostSpeedunins000.exe"
BlueSoleil-->MsiExec.exe /X{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}
Canon Camera Window for ZoomBrowser EX-->C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon i865-->C:WINDOWSsystem32CNMCP5m.exe "-PRINTERNAMECanon i865" "-HELPERDLLC:BJPrinterCNMWINDOWSCanon i865 InstallerInst2cnmis.dll" "-RCDLLC:BJPrinterCNMWINDOWSCanon i865 InstallerInst2cnmi0419.dll"
Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX-->C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX-->C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon Utilities Easy-PhotoPrint-->Z:Program FilesCanonEasy-PhotoPrintuninst.exe uninst.ini
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CDBurnerXP-->"Z:Program FilesCDBurnerXPunins000.exe"
CDex extraction audio-->"C:Program FilesCDexuninstall.exe"
CD-LabelPrint-->"Z:Program FilesCD-LabelPrintUninstal.exe" Canon.CDLabelPrint.Application
Civ3 Conquests v1.22 Full-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}Setup.exe"
CIVILIZATION III - Conquests-->"C:Program FilesCIV3Conunins000.exe"
CodeSaver-->MsiExec.exe /I{1552CEFA-66CC-4E9C-BCA3-1AA18499CF61}
Collins COBUILD on CD-ROM-->C:WINDOWSLgUninst.exe Z:Program FilesLingeaLex2002Setup.exe
Cool Edit 2000-->C:Program FilesCool2000ce2Kunin.exe
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dawn of War - Dark Crusade-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{A24A086F-C353-451A-AD4E-6073B49077ED}setup.exe" -l0x19 -removeonly
Disc2Phone-->MsiExec.exe /I{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}
Diskeeper Professional Edition-->MsiExec.exe /X{A320805E-26CE-4332-9239-2F4837165C8B}
DivX 5.0.5 Pro Video Codec-->C:WINDOWSSystem32rundll32.exe setupapi.dll,InstallHinfSection Remove_Mpeg_NT 132 C:WINDOWSINFdivx50.inf
DivX Codec-->C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Converter-->C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player-->C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
DSL USB Driver-->%ComSpec% /c ("%ProgramFiles%D-LinkDSL USB Driverdeviceinst.exe" -remove "%ProgramFiles%D-LinkDSL USB Driverdevice.dat") && (C:WINNTuninst.exe -f"%ProgramFiles%D-LinkDSL USB DriverDeIsL1.isu" -c"%ProgramFiles%D-LinkDSL USB Driver_ISREG32.DLL")
DVD Decrypter (Remove Only)-->"C:Program FilesDVD Decrypteruninstall.exe"
DVD Region Killer-->"C:Program FilesElaborate BytesDVD Region Killerregkill-uninst.exe" /D="C:Program FilesElaborate BytesDVD Region Killer"
Easy Reader 5.9.0 (Free edition)-->"C:Program FilesEDSIEasyReader5unins000.exe"
Easy-WebPrint-->C:WINDOWSIsUninst.exe -f"C:Program FilesCanonEasy-WebPrintUninst.isu"
ESET NOD32 Antivirus-->MsiExec.exe /I{FAC088DD-FE02-430D-85AD-7CF5AD669619}
ESMART mobile-->"C:Program FilesESMART mobileUninstall.exe" "C:Program FilesESMART mobileinstall.log"
Far Manager v1.70-->C:Program FilesFARuninstall.exe
FastStone Image Viewer 3.6-->Z:Program FilesFastStoneImage Vieweruninst.exe
ffdshow [rev 2602] [2009-01-09]-->"C:Program FilesK-Lite Codec Packffdshowunins000.exe"
FlashGet(JetCar)-->Z:PROGRA~1FlashGetUNWISE.EXE Z:PROGRA~1FlashGetINSTALL.LOG
FLV Player-->"C:WINDOWSFLV Playeruninstall.exe" "/U:Z:Program FilesFLV PlayerUninstalluninstall.xml"
Gigabyte Windows Utility Manager-->C:WINDOWSISUNINST.EXE -f"C:Program FilesGigabyteGigabyte Windows Utility ManagerUninst.isu" -cC:WINDOWSSystem32ungwum.dll
GNU make 3.80.0-->C:MinGWuninstallunins001.exe
GNU Privacy Guard-->"Z:GNUGnuPGuninst-gnupg.exe"
GOM Player-->"Z:Program FilesGRETECHGomPlayerUninstall.exe"
Google Chrome-->"C:Program FilesGoogleChromeApplication1.0.154.43Installersetup.exe" --uninstall --system-level
Google Photos Screensaver-->MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Talk (remove only)-->"C:Program FilesGoogleGoogle Talkuninstall.exe"
Google Update-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe" -uninstall
Google Планета Земля-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
GTK+ Runtime 2.12.1 rev b (remove only)-->C:Program FilesCommon FilesGTK2.0uninst.exe
HashTab 2.1.0-->Z:Program FilesHashTabuninst.exe
Heroes of Might and Magic V-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{CB9A636A-AF2D-4B03-AE8B-8FE99AC197E8}setup.exe" -l0x19
Heroes of Might and Magic(tm) IV (Rus)-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6E3F1305-401D-48FB-A7F8-35B159668411}setup.exe"
HijackThis 2.0.2-->"Z:Program FilesHijackThisHijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe"
HubReader v1.5-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{85618A9D-3B60-4866-9C86-C3B2349F6CE2}setup.exe" -l0x9
ImageDrive (Ahead Software)-->C:WINDOWSUNIDRV.exe /UNINSTALL
IndeoR software-->C:WINDOWSIsUninst.exe -f"C:Program FilesIntelIndeoUninst.isu" -c"C:Program FilesIntelIndeoSavedSystemFilesindounin.dll"
Intel A/V Codecs V2.0-->C:WINDOWSIsUninst.exe -fC:WINDOWSSystem32CDUninst.isu
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
IPPON MONITOR 0.99.6-->Z:Program FilesipponMonitorippmon_0_99_6.exe /uninstall
IrfanView (remove only)-->C:Program FilesIrfanViewiv_uninstall.exe
IsoBuster 1.9-->"C:Program FilesSmart ProjectsIsoBusterUninstunins000.exe"
J2SE Development Kit 5.0 Update 8-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150080}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java 2 SDK Standard Edition v1.2.2_017-->C:WINDOWSIsUninst.exe -fC:j2sdk1.2.2_17Uninst.isu
Java 2 SDK, SE v1.4.2_05-->MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142050}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Development Kit 6 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160110}
Karaoke GALAXY maker-->C:PROGRA~1KARAOK~1KarMakerUNWISE.EXE C:PROGRA~1KARAOK~1KarMakerINSTALL.LOG
Karaoke GALAXY player-->C:PROGRA~1KARAOK~1PlayerUNWISE.EXE C:PROGRA~1KARAOK~1PlayerINSTALL.LOG
KC Softwares SUMo-->"Z:Program FilesKC SoftwaresSUMounins000.exe"
K-Lite Codec Pack 3.8.0 Full-->"C:Program FilesK-Lite Codec Packunins000.exe"
Kyodai Mahjongg-->"C:Program FilesKyodai Mahjonggunins000.exe"
Light Alloy 4.1-->C:Program FilesLight Alloyuninst.exe
Logitech Desktop Messenger-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}Setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{036AA4D4-6D32-11D4-9875-00105ACE7734}Setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 -->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5809E7CF-4DCF-11D4-9875-00105ACE7734}Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech QuickCam Driver Package-->"C:Program FilesCommon FilesLogiShrdLogiDriverStorelvdrivers11.80.1048LgDrvInst.exe" -remove -instdir"C:Program FilesCommon FilesLogiShrdLogiDriverStorelvdrivers" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech Updater-->MsiExec.exe /I{53735ECE-E461-4FD0-B742-23A352436D3A}
Logos Open Platform Manager-->MsiExec.exe /X{F1D3779F-A277-47AA-A6C6-16CCE7BB59BF}
LSCript Developer Tools-->MsiExec.exe /X{D6A55708-048E-4166-A185-D5F57223D54B}
Mahjong 3D-->C:Program FilesMahjong 3Duninstall.exe
MediaInfo 0.7.8-->Z:Program FilesMediaInfouninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe" "C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Age of Empires. Золотая коллекция.-->"G:Новый ДискAge of Empires GoldUNINSTAL.EXE"
Microsoft Baseline Security Analyzer 2.1-->MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
Microsoft Data Access Components KB870669-->C:WINDOWSmuninst.exe C:WINDOWSINFKB870669.inf
Microsoft Office Access MUI (Russian) 2007-->MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007-->MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office Groove MUI (Russian) 2007-->MsiExec.exe /X{90120000-00BA-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007-->MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Russian) 2007-->MsiExec.exe /X{90120000-00A1-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007-->MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007-->MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007-->MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007-->MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007-->MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007-->MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007-->MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (Russian) 2007-->MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Windows Script 5.7-->"C:WINDOWS$NtUninstallscripten$spuninstspuninst.exe"
MinGW 3.1.0-->C:MinGWuninstallunins000.exe
Minimal SYStem 1.0.10-->C:msys1.0uninstallunins000.exe
Miranda IM 0.7.14-->Z:Program FilesMiranda IMUninstall.exe
Mozilla Firefox (3.0.6)-->C:Program FilesMozillaFirefox 3uninstallhelper.exe
Mpeg Layer3 Codec FHG-Radium v1.263-->C:WINDOWSUNWISE.EXE C:PROGRA~1L3CODE~1INSTALL.LOG
MPEG-VCR-->C:PROGRA~1WOMBLE~1UNWISE.EXE C:PROGRA~1WOMBLE~1INSTALL.LOG
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MSYS Developer Tool Kit 1.0.1-->C:msys1.0uninstallunins001.exe
Multimedia Card Reader-->C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645}
Nero 6 Enterprise Edition-->C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Nero Digital-->C:WINDOWSUNNeroVision.exe /UNINSTALL
Nero Media Player-->C:WINDOWSUNNMP.exe /UNINSTALL
Norton PartitionMagic 8.0-->C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
Oberthur CS - Card Command Processor V 5.6-->C:WINDOWSIsUninst.exe -f"C:Program FilesOberthurCSPCOM325.6Uninst.isu"
Oberthur CS - OP Loader-->C:WINDOWSIsUninst.exe -f"C:Program FilesOCSCosmopolICOP_Loader.isu"
OberthurCS - CosmopolIC Development Environment-->C:WINDOWSIsUninst.exe -f"C:Program FilesOCSCosmopolICDevel_Environ.isu"
OpenOffice.org 3.0-->MsiExec.exe /I{37D61238-24EE-49C7-BA77-E395458B5E35}
OpenSSL 0.9.8a-->"C:OpenSSLunins000.exe"
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PC Suite for Sony Ericsson-->C:WINDOWSInstaller{E1252473-6306-4d5d-904D-B06AA7F38161}Setup.exe /uninstall
PC Suite for Sony Ericsson-->MsiExec.exe /I{AD501749-CD49-499A-AD54-51DC42A57434}
PC Tools Firewall Plus 5.0-->Z:Program FilesPC ToolsFirewall Plusunins000.exe /LOG
PC Wizard 2005.1.65-->"C:Program FilesPC Wizard 2005unins000.exe"
PGP 8.1-->C:PROGRA~1PGPCOR~1PGPFOR~1PGPUNI~1setup.exe PGP
Picasa 2-->"C:Program FilesPicasa2Uninstall.exe"
PowerDVD-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe" -uninstall
Praetorians-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{59AA0FD4-9DAC-483A-9873-07DC80FC0905}setup.exe" -l0x19
Prince of Perso-->MsiExec.exe /I{E1F89F9E-D6D8-4470-AB45-49A27952ABA5}
QuickGamma 2.0.0.1-->"C:Program FilesQuickGammaunins000.exe"
QuickTime Alternative 1.70-->"C:Program FilesQuickTime Alternativeunins000.exe"
Realtek AC'97 Audio-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe" -l0x19 -removeonly
Rise Of Legends-->C:PROGRA~1COMMON~1INSTAL~1Driver1150INTEL3~1IDriver.exe /M{CADDE354-C78C-46CB-A006-E2B178EFC271}
RomeTW - Barbarian Invasion-->C:PROGRA~1COMMON~1INSTAL~1Driver1050INTEL3~1IDriver.exe /M{C7CABDCA-20CF-436B-B430-8C3451C283D4}
RON - Thrones And Patriots-->"C:Program FilesRON - Thrones And Patriotsunins000.exe"
SafeCast Shared Components-->C:Program FilesCommon FilesMacrovision SharedSafeCastInstallCDAC13BA.EXE /uninstall
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Windows Media Encoder (KB954156)-->"C:WINDOWS$NtUninstallKB954156_WM9L$spuninstspuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:WINDOWS$NtUninstallKB925398_WMP64$spuninstspuninst.exe"
Security Update for Windows XP (KB890046)-->"C:WINDOWS$NtUninstallKB890046$spuninstspuninst.exe"
Security Update for Windows XP (KB893756)-->"C:WINDOWS$NtUninstallKB893756$spuninstspuninst.exe"
Security Update for Windows XP (KB896358)-->"C:WINDOWS$NtUninstallKB896358$spuninstspuninst.exe"
Security Update for Windows XP (KB896422)-->"C:WINDOWS$NtUninstallKB896422$spuninstspuninst.exe"
Security Update for Windows XP (KB896423)-->"C:WINDOWS$NtUninstallKB896423$spuninstspuninst.exe"
Security Update for Windows XP (KB896424)-->"C:WINDOWS$NtUninstallKB896424$spuninstspuninst.exe"
Security Update for Windows XP (KB896428)-->"C:WINDOWS$NtUninstallKB896428$spuninstspuninst.exe"
Security Update for Windows XP (KB896688)-->"C:WINDOWS$NtUninstallKB896688$spuninstspuninst.exe"
Security Update for Windows XP (KB899587)-->"C:WINDOWS$NtUninstallKB899587$spuninstspuninst.exe"
Security Update for Windows XP (KB899588)-->"C:WINDOWS$NtUninstallKB899588$spuninstspuninst.exe"
Security Update for Windows XP (KB899589)-->"C:WINDOWS$NtUninstallKB899589$spuninstspuninst.exe"
Security Update for Windows XP (KB899591)-->"C:WINDOWS$NtUninstallKB899591$spuninstspuninst.exe"
Security Update for Windows XP (KB900725)-->"C:WINDOWS$NtUninstallKB900725$spuninstspuninst.exe"
Security Update for Windows XP (KB901017)-->"C:WINDOWS$NtUninstallKB901017$spuninstspuninst.exe"
Security Update for Windows XP (KB901214)-->"C:WINDOWS$NtUninstallKB901214$spuninstspuninst.exe"
Security Update for Windows XP (KB902400)-->"C:WINDOWS$NtUninstallKB902400$spuninstspuninst.exe"
Security Update for Windows XP (KB904706)-->"C:WINDOWS$NtUninstallKB904706$spuninstspuninst.exe"
Security Update for Windows XP (KB905414)-->"C:WINDOWS$NtUninstallKB905414$spuninstspuninst.exe"
Security Update for Windows XP (KB905749)-->"C:WINDOWS$NtUninstallKB905749$spuninstspuninst.exe"
Security Update for Windows XP (KB905915)-->"C:WINDOWS$NtUninstallKB905915$spuninstspuninst.exe"
Security Update for Windows XP (KB908519)-->"C:WINDOWS$NtUninstallKB908519$spuninstspuninst.exe"
Security Update for Windows XP (KB908531)-->"C:WINDOWS$NtUninstallKB908531$spuninstspuninst.exe"
Security Update for Windows XP (KB911562)-->"C:WINDOWS$NtUninstallKB911562$spuninstspuninst.exe"
Security Update for Windows XP (KB911567)-->"C:WINDOWS$NtUninstallKB911567$spuninstspuninst.exe"
Security Update for Windows XP (KB911927)-->"C:WINDOWS$NtUninstallKB911927$spuninstspuninst.exe"
Security Update for Windows XP (KB912812)-->"C:WINDOWS$NtUninstallKB912812$spuninstspuninst.exe"
Security Update for Windows XP (KB912919)-->"C:WINDOWS$NtUninstallKB912919$spuninstspuninst.exe"
Security Update for Windows XP (KB913446)-->"C:WINDOWS$NtUninstallKB913446$spuninstspuninst.exe"
Security Update for Windows XP (KB913580)-->"C:WINDOWS$NtUninstallKB913580$spuninstspuninst.exe"
Security Update for Windows XP (KB914388)-->"C:WINDOWS$NtUninstallKB914388$spuninstspuninst.exe"
Security Update for Windows XP (KB914389)-->"C:WINDOWS$NtUninstallKB914389$spuninstspuninst.exe"
Security Update for Windows XP (KB916281)-->"C:WINDOWS$NtUninstallKB916281$spuninstspuninst.exe"
Security Update for Windows XP (KB917159)-->"C:WINDOWS$NtUninstallKB917159$spuninstspuninst.exe"
Security Update for Windows XP (KB917344)-->"C:WINDOWS$NtUninstallKB917344$spuninstspuninst.exe"
Security Update for Windows XP (KB917422)-->"C:WINDOWS$NtUninstallKB917422$spuninstspuninst.exe"
Security Update for Windows XP (KB917953)-->"C:WINDOWS$NtUninstallKB917953$spuninstspuninst.exe"
Security Update for Windows XP (KB918118)-->"C:WINDOWS$NtUninstallKB918118$spuninstspuninst.exe"
Security Update for Windows XP (KB918439)-->"C:WINDOWS$NtUninstallKB918439$spuninstspuninst.exe"
Security Update for Windows XP (KB918899)-->"C:WINDOWS$NtUninstallKB918899$spuninstspuninst.exe"
Security Update for Windows XP (KB919007)-->"C:WINDOWS$NtUninstallKB919007$spuninstspuninst.exe"
Security Update for Windows XP (KB920213)-->"C:WINDOWS$NtUninstallKB920213$spuninstspuninst.exe"
Security Update for Windows XP (KB920214)-->"C:WINDOWS$NtUninstallKB920214$spuninstspuninst.exe"
Security Update for Windows XP (KB920670)-->"C:WINDOWS$NtUninstallKB920670$spuninstspuninst.exe"
Security Update for Windows XP (KB920683)-->"C:WINDOWS$NtUninstallKB920683$spuninstspuninst.exe"
Security Update for Windows XP (KB920685)-->"C:WINDOWS$NtUninstallKB920685$spuninstspuninst.exe"
Security Update for Windows XP (KB921398)-->"C:WINDOWS$NtUninstallKB921398$spuninstspuninst.exe"
Security Update for Windows XP (KB921883)-->"C:WINDOWS$NtUninstallKB921883$spuninstspuninst.exe"
Security Update for Windows XP (KB922616)-->"C:WINDOWS$NtUninstallKB922616$spuninstspuninst.exe"
Security Update for Windows XP (KB922760)-->"C:WINDOWS$NtUninstallKB922760$spuninstspuninst.exe"
Security Update for Windows XP (KB922819)-->"C:WINDOWS$NtUninstallKB922819$spuninstspuninst.exe"
Security Update for Windows XP (KB923191)-->"C:WINDOWS$NtUninstallKB923191$spuninstspuninst.exe"
Security Update for Windows XP (KB923414)-->"C:WINDOWS$NtUninstallKB923414$spuninstspuninst.exe"
Security Update for Windows XP (KB923689)-->"C:WINDOWS$NtUninstallKB923689$spuninstspuninst.exe"
Security Update for Windows XP (KB923694)-->"C:WINDOWS$NtUninstallKB923694$spuninstspuninst.exe"
Security Update for Windows XP (KB923980)-->"C:WINDOWS$NtUninstallKB923980$spuninstspuninst.exe"
Security Update for Windows XP (KB924191)-->"C:WINDOWS$NtUninstallKB924191$spuninstspuninst.exe"
Security Update for Windows XP (KB924270)-->"C:WINDOWS$NtUninstallKB924270$spuninstspuninst.exe"
Security Update for Windows XP (KB924667)-->"C:WINDOWS$NtUninstallKB924667$spuninstspuninst.exe"
Security Update for Windows XP (KB925454)-->"C:WINDOWS$NtUninstallKB925454$spuninstspuninst.exe"
Security Update for Windows XP (KB925486)-->"C:WINDOWS$NtUninstallKB925486$spuninstspuninst.exe"
Security Update for Windows XP (KB925902)-->"C:WINDOWS$NtUninstallKB925902$spuninstspuninst.exe"
Security Update for Windows XP (KB926255)-->"C:WINDOWS$NtUninstallKB926255$spuninstspuninst.exe"
Security Update for Windows XP (KB926436)-->"C:WINDOWS$NtUninstallKB926436$spuninstspuninst.exe"
Security Update for Windows XP (KB927779)-->"C:WINDOWS$NtUninstallKB927779$spuninstspuninst.exe"
Security Update for Windows XP (KB927802)-->"C:WINDOWS$NtUninstallKB927802$spuninstspuninst.exe"
Security Update for Windows XP (KB928090)-->"C:WINDOWS$NtUninstallKB928090$spuninstspuninst.exe"
Security Update for Windows XP (KB928255)-->"C:WINDOWS$NtUninstallKB928255$spuninstspuninst.exe"
Security Update for Windows XP (KB928843)-->"C:WINDOWS$NtUninstallKB928843$spuninstspuninst.exe"
Security Update for Windows XP (KB929123)-->"C:WINDOWS$NtUninstallKB929123$spuninstspuninst.exe"
Security Update for Windows XP (KB929969)-->"C:WINDOWS$NtUninstallKB929969$spuninstspuninst.exe"
Security Update for Windows XP (KB930178)-->"C:WINDOWS$NtUninstallKB930178$spuninstspuninst.exe"
Security Update for Windows XP (KB931261)-->"C:WINDOWS$NtUninstallKB931261$spuninstspuninst.exe"
Security Update for Windows XP (KB931784)-->"C:WINDOWS$NtUninstallKB931784$spuninstspuninst.exe"
Security Update for Windows XP (KB932168)-->"C:WINDOWS$NtUninstallKB932168$spuninstspuninst.exe"
Security Update for Windows XP (KB933729)-->"C:WINDOWS$NtUninstallKB933729$spuninstspuninst.exe"
Security Update for Windows XP (KB935839)-->"C:WINDOWS$NtUninstallKB935839$spuninstspuninst.exe"
Security Update for Windows XP (KB935840)-->"C:WINDOWS$NtUninstallKB935840$spuninstspuninst.exe"
Security Update for Windows XP (KB937894)-->"C:WINDOWS$NtUninstallKB937894$spuninstspuninst.exe"
Security Update for Windows XP (KB938127)-->"C:WINDOWS$NtUninstallKB938127$spuninstspuninst.exe"
Security Update for Windows XP (KB938464)-->"C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe"
Security Update for Windows XP (KB938829)-->"C:WINDOWS$NtUninstallKB938829$spuninstspuninst.exe"
Security Update for Windows XP (KB941202)-->"C:WINDOWS$NtUninstallKB941202$spuninstspuninst.exe"
Security Update for Windows XP (KB941568)-->"C:WINDOWS$NtUninstallKB941568$spuninstspuninst.exe"
Security Update for Windows XP (KB941569)-->"C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe"
Security Update for Windows XP (KB943055)-->"C:WINDOWS$NtUninstallKB943055$spuninstspuninst.exe"
Security Update for Windows XP (KB943460)-->"C:WINDOWS$NtUninstallKB943460$spuninstspuninst.exe"
Security Update for Windows XP (KB943485)-->"C:WINDOWS$NtUninstallKB943485$spuninstspuninst.exe"
Security Update for Windows XP (KB944653)-->"C:WINDOWS$NtUninstallKB944653$spuninstspuninst.exe"
Security Update for Windows XP (KB945553)-->"C:WINDOWS$NtUninstallKB945553$spuninstspuninst.exe"
Security Update for Windows XP (KB946026)-->"C:WINDOWS$NtUninstallKB946026$spuninstspuninst.exe"
Security Update for Windows XP (KB946648)-->"C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe"
Security Update for Windows XP (KB950749)-->"C:WINDOWS$NtUninstallKB950749$spuninstspuninst.exe"
Security Update for Windows XP (KB950762)-->"C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe"
Security Update for Windows XP (KB950974)-->"C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe"
Security Update for Windows XP (KB951066)-->"C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe"
Security Update for Windows XP (KB951698)-->"C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe"
Security Update for Windows XP (KB951748)-->"C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe"
Security Update for Windows XP (KB952954)-->"C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe"
Security Update for Windows XP (KB954211)-->"C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe"
Security Update for Windows XP (KB954600)-->"C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe"
Security Update for Windows XP (KB955069)-->"C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe"
Security Update for Windows XP (KB956390)-->"C:WINDOWS$NtUninstallKB956390$spuninstspuninst.exe"
Security Update for Windows XP (KB956391)-->"C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe"
Security Update for Windows XP (KB956802)-->"C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe"
Security Update for Windows XP (KB956803)-->"C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe"
Security Update for Windows XP (KB956841)-->"C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe"
Security Update for Windows XP (KB957097)-->"C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe"
Security Update for Windows XP (KB958215)-->"C:WINDOWS$NtUninstallKB958215$spuninstspuninst.exe"
Security Update for Windows XP (KB958644)-->"C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe"
Security Update for Windows XP (KB958687)-->"C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe"
Security Update for Windows XP (KB960714)-->"C:WINDOWS$NtUninstallKB960714$spuninstspuninst.exe"
Sid Meier's Civilization 4-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime11�0Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}setup.exe" -l0x19 -removeonly
SIMAlliance Interoperable Loader-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{1EDF47E8-88E0-4C76-A66C-2E5DD469ADB1}Setup.exe"
SIMCare V.2.1-->C:WINDOWSuninst.exe -f"C:Program FilesOCSSIMCare2.1DeIsL1.isu" -c"C:Program FilesOCSSIMCare2.1_ISREG32.DLL"
SIMCheck v1.6 Beta 5-->"C:Program FilesOberthurCSSIMCheckUNINSTAL.EXE" "C:Program FilesOberthurCSSIMCheckINSTALL.LOG" "SIMCheck v1.6 Beta 5 Uninstall"
SIMphonIC Advisor V.2.0.1-->C:WINDOWSIsUninst.exe -f"C:Program FilesOCSSIMphonICAdvisor2.0.1Uninst_main.isu"
SIMphonIC Composer V.3.1.1-->C:WINDOWSIsUninst.exe -f"C:Program FilesOCSSIMphonICComposer3.1.1Uninst_main.isu"
SkypeT 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson Symbian 9 Drivers-->C:Program FilesSony EricssonSony Ericsson Symbian 9 DriversZEBRUninstall.exe
Sony Ericsson Themes Creator 3.00-->C:Program FilesSony EricssonThemes CreatorUninstall.exe
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spyware Doctor 6.0-->C:Program FilesSpyware Doctorunins000.exe /LOG
Starcraft-->C:WINDOWSscunin.exe C:WINDOWSscunin.dat
StarDict (remove only)-->Z:Program FilesStarDictstardict-uninst.exe
STDU Viewer version 1.4.16.0-->"C:Program FilesSTDU Viewerunins000.exe"
Stellarium 0.8.1-->"C:Program FilesStellariumunins000.exe"
Tag&Rename 3.3.5-->"C:Program FilesTagRenameunins000.exe"
Tekram IR-410W USB-IrDA Adapter-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}Setup.exe" -l0x9
The KMPlayer (remove only)-->"C:PROGRA~1KMPlayeruninstall.exe"
Trusted Logic jTOP Initializer (tljtopinit) V1.5.2 (remove only)-->C:Program FilesTrusted LogicTLjTOPInitv1.5.2tljtopinit_uninstall.exe
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Tweak UI-->"C:WINDOWSSystem32mshta.exe" "res://C:WINDOWSSystem32TweakUI.exe/uninstall.hta"
UltraEdit-32-->"C:Program FilesUltraEditUninstall.exe" "C:Program FilesUltraEditueinstall.log"
Update for Windows XP (KB894391)-->"C:WINDOWS$NtUninstallKB894391$spuninstspuninst.exe"
Update for Windows XP (KB896727)-->"C:WINDOWS$NtUninstallKB896727$spuninstspuninst.exe"
Update for Windows XP (KB900485)-->"C:WINDOWS$NtUninstallKB900485$spuninstspuninst.exe"
Update for Windows XP (KB910437)-->"C:WINDOWS$NtUninstallKB910437$spuninstspuninst.exe"
Update for Windows XP (KB911280)-->"C:WINDOWS$NtUninstallKB911280$spuninstspuninst.exe"
Update for Windows XP (KB916595)-->"C:WINDOWS$NtUninstallKB916595$spuninstspuninst.exe"
Update for Windows XP (KB920872)-->"C:WINDOWS$NtUninstallKB920872$spuninstspuninst.exe"
Update for Windows XP (KB922582)-->"C:WINDOWS$NtUninstallKB922582$spuninstspuninst.exe"
Update for Windows XP (KB930916)-->"C:WINDOWS$NtUninstallKB930916$spuninstspuninst.exe"
Update for Windows XP (KB931836)-->"C:WINDOWS$NtUninstallKB931836$spuninstspuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:WINDOWS$NtUninstallKB932823-v3$spuninstspuninst.exe"
Update for Windows XP (KB933360)-->"C:WINDOWS$NtUninstallKB933360$spuninstspuninst.exe"
Update for Windows XP (KB955839)-->"C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe"
Update Service-->C:Program FilesSony EricssonUpdate Serviceuninst.exe
VideoLAN VLC media player 0.8.6e-->C:Program FilesVideoLANVLCuninstall.exe
ViewSonic Windows XP Signed Files-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FC47C7A5-BE63-11D5-B7C9-005004566E4D}Setup.exe" -l0x9
Virtual Stylist-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{19339503-C7B5-4FBB-808C-847C3D1C2353}setup.exe" -l0x19
Warhammer 40000 - Dawn Of War-->"C:Program FilesWarhammer 40000 - Dawn Of Warunins000.exe"
Wig Application Creator Standard-->"C:Program FilesSmartTrustWigApplicationCreatorUninstallerDataUninstall pro.exe"
Winamp-->"Z:Program FilesWinampUninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:WINDOWS$MSI31Uninstall_KB893803$spuninstspuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:Program FilesWindows Media Playerwmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:Program FilesWindows Media PlayerSetup_wm.exe" /Uninstall
Windows Updates Downloader-->"C:Program FilesWindows Updates Downloaderuninstall.exe"
Windows XP Hotfix - KB834707-->C:WINDOWS$NtUninstallKB834707$spuninstspuninst.exe
Windows XP Hotfix - KB867282-->C:WINDOWS$NtUninstallKB867282$spuninstspuninst.exe
Windows XP Hotfix - KB873333-->C:WINDOWS$NtUninstallKB873333$spuninstspuninst.exe
Windows XP Hotfix - KB873339-->C:WINDOWS$NtUninstallKB873339$spuninstspuninst.exe
Windows XP Hotfix - KB885250-->C:WINDOWS$NtUninstallKB885250$spuninstspuninst.exe
Windows XP Hotfix - KB885835-->C:WINDOWS$NtUninstallKB885835$spuninstspuninst.exe
Windows XP Hotfix - KB885836-->C:WINDOWS$NtUninstallKB885836$spuninstspuninst.exe
Windows XP Hotfix - KB885884-->C:WINDOWS$NtUninstallKB885884$spuninstspuninst.exe
Windows XP Hotfix - KB886185-->C:WINDOWS$NtUninstallKB886185$spuninstspuninst.exe
Windows XP Hotfix - KB887472-->C:WINDOWS$NtUninstallKB887472$spuninstspuninst.exe
Windows XP Hotfix - KB887742-->C:WINDOWS$NtUninstallKB887742$spuninstspuninst.exe
Windows XP Hotfix - KB887797-->C:WINDOWS$NtUninstallKB887797$spuninstspuninst.exe
Windows XP Hotfix - KB888113-->C:WINDOWS$NtUninstallKB888113$spuninstspuninst.exe
Windows XP Hotfix - KB888302-->C:WINDOWS$NtUninstallKB888302$spuninstspuninst.exe
Windows XP Hotfix - KB890047-->C:WINDOWS$NtUninstallKB890047$spuninstspuninst.exe
Windows XP Hotfix - KB890175-->C:WINDOWS$NtUninstallKB890175$spuninstspuninst.exe
Windows XP Hotfix - KB890859-->"C:WINDOWS$NtUninstallKB890859$spuninstspuninst.exe"
Windows XP Hotfix - KB890923-->"C:WINDOWS$NtUninstallKB890923$spuninstspuninst.exe"
Windows XP Hotfix - KB891781-->C:WINDOWS$NtUninstallKB891781$spuninstspuninst.exe
Windows XP Hotfix - KB893066-->"C:WINDOWS$NtUninstallKB893066$spuninstspuninst.exe"
Windows XP Hotfix - KB893086-->"C:WINDOWS$NtUninstallKB893086$spuninstspuninst.exe"
WinRAR archiver-->Z:Program FilesWinRARuninstall.exe
XviD MPEG4 Video Codec (remove only)-->"C:WINDOWSsystem32xvid-uninstall.exe"
XviD MPEG-4 Video Codec-->"C:Program FilesXviDunins000.exe"
Герои меча и Магии II: Золотая серия-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesBuka3DOHeroes of Might and Magic II Golden Series (Rus)Setupsetup.exe"
Герои меча и магии IV Грядущая буря-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesBuka3DOHeroes of Might and Magic IV (Rus)Heroes of Might and Magic(tm) IV (Rus)setup.exe" -l0x19
Герои Меча и Магии-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesBuka3DOHeroes of Might and Magic (Rus)Setupsetup.exe"
Дракоша и Занимательная География-->C:WINDOWSGPInstall.exe "/UNINST=C:Program FilesGeoKidsUnInst01.log" "/APPNAME=Дракоша и Занимательная География"
История России и её соседей-->E:avanta.exe /UNINSTALL
Клиффорд учится читать по-английски-->C:WINDOWSSystem32Clifford Uninstall.exe C:Program FilesScholastic's CliffordClifford Reading
Ларри VII-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{D2405942-47C5-4BEB-9F5B-09CD0BD3FEA1}setup.exe" -l0x19
Тайна Третьей планеты-->"C:Program FilesAkella GamesТайна Третьей планетыUninstall.exe" "C:Program FilesAkella GamesТайна Третьей планетыinstall.log"
======Security center information======
AV: Panda Antivirus Platinum 7 (disabled) (outdated)
AV: ESET NOD32 Antivirus 3.0
FW: PC Tools Firewall Plus
FW: Panda Antivirus Platinum 7 (disabled)
System event log
Computer Name: BLACKICE
Event Code: 7000
Message: The noytcyr service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090131232401.000000+180
Event Type: error
User:
Computer Name: BLACKICE
Event Code: 7000
Message: The afisicx service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090131232401.000000+180
Event Type: error
User:
Computer Name: BLACKICE
Event Code: 5
Message: Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Up
Record Number: 3
Source Name: E100B
Time Written: 20090131232334.000000+180
Event Type: information
User:
Computer Name: BLACKICE
Event Code: 6005
Message: The Event log service was started.
Record Number: 2
Source Name: EventLog
Time Written: 20090131232314.000000+180
Event Type: information
User:
Computer Name: BLACKICE
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20090131232314.000000+180
Event Type: information
User:
Application event log
Computer Name: BLACKICE
Event Code: 0
Message:
Record Number: 5
Source Name: LVCOMSer
Time Written: 20090131191843.000000+180
Event Type: information
User:
Computer Name: BLACKICE
Event Code: 0
Message:
Record Number: 4
Source Name: gusvc
Time Written: 20090131191841.000000+180
Event Type: information
User:
Computer Name: BLACKICE
Event Code: 0
Message:
Record Number: 3
Source Name: gupdate1c9652ad837e686
Time Written: 20090131191841.000000+180
Event Type: information
User:
Computer Name: BLACKICE
Event Code: 2
Message: The Diskeeper Control Center has been started.
Diskeeper service started
Record Number: 2
Source Name: Diskeeper
Time Written: 20090131191839.000000+180
Event Type: information
User:
Computer Name: BLACKICE
Event Code: 105
Message: The service was started.
Record Number: 1
Source Name: ATI Smart
Time Written: 20090131191834.000000+180
Event Type: information
User:
======Environment variables======
"ANT_HOME"=c:ant1.6.5
"CATALINA_HOME"=C:Program FilesApache Software FoundationTomcat 6.0
"CLASSPATH"=.;%JC21_HOME%libapi21.jar;C:freemarker-2.3libfreemarker.jar
"ComSpec"=%SystemRoot%system32cmd.exe
"DEFAULT_CA_NR"=CA8
"DERBY_HOME"=C:Program FilesJavaJavaDB
"FP_NO_HOST_CHECK"=NO
"JAVA_HOME"=%JAVA6_HOME%
"JAVA12_HOME"=c:j2sdk1.2.2_17
"JAVA14_HOME"=c:j2sdk1.4.2_05
"JAVA5_HOME"=c:Program FilesJavajdk1.5.0_08
"JAVA6_HOME"=C:Program FilesJavajdk1.6.0_07
"JC21_HOME"=c:jcdk2.1.2
"NUMBER_OF_PROCESSORS"=2
"OPENSSL_CONF"=C:OpenSSLbinopenssl.cnf
"OS"=Windows_NT
"Path"=%SYSTEMROOT%SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%SYSTEM32WBEM;%JAVA_HOME%BIN;C:ORACLEPRODUCT9.2.0BIN;C:ORACLEPRODUCT8.0.6BIN;C:PROGRAM FILESORACLEJRE1.3.1BIN;C:PROGRAM FILESORACLEJRE1.1.8BIN;C:ORACLEPRODUCT8.0.6JDKBIN;%JC21_HOME%BIN;C:MINGWBIN;C:BORLANDCBIN;%ANT_HOME%BIN;C:ARCH;C:UTIL;;%DERBY_HOME%bin;C:Program FilesCommon FilesGTK2.0bin;C:Program FilesCommon FilesTeleca Shared;C:Program FilesIntuwaveSharedmRouterRuntime;C:Program FilesATI TechnologiesATI.ACECore-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"TEMP"=%SystemRoot%TEMP
"TMP"=%SystemRoot%TEMP
"windir"=%SystemRoot%
EOF
