Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:15:28, on 09/01/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\System32\regsvr32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\HDD Health\hddhealth.exe C:\Users\sky\AppData\Roaming\Google\wincone.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ppcbooster\ppcb_32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Internet Explorer\IEUser.exe c:\program files\premieropinion\pmropn.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.243:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll O2 - BHO: adsoftinc browser enhancer - {6BB9ECAB-17C2-7FB6-0055-2002BD63BA8C} - C:\Windows\system32\ugmoqnchtjx.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [gsqzqgnfaf] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\ugmoqnchtjx.dll" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl O4 - HKCU\..\Run: [winsvcon] "C:\Users\sky\AppData\Roaming\Google\wincone.exe" 2 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Web Korumasi Istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/... O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://labonitasossow.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: PremierOpinion - VoiceFive Networks, Inc. - C:\Program Files\PremierOpinion\pmservice.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- End of file - 15633 bytes
SmitFraudFix v2.388
Scan done at 10:29:05,79, 11/01/2009
Run from C:\Users\sky\Desktop\SmitfraudFix
OS: Microsoft Windows [Srm 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Windows\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe
C:\Program Files\PremierOpinion\pmservice.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HDD Health\hddhealth.exe
c:\program files\premieropinion\pmropn.exe
C:\Users\sky\AppData\Roaming\Google\wincone.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\sky
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\sky\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\sky\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\sky\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Google\googletoolbar1.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\r3hook.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Atheros AR5007 802.11b/g WiFi Adapter
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{424595A0-7326-458E-AC0E-5EA773ADD85C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{424595A0-7326-458E-AC0E-5EA773ADD85C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.388
Scan done at 17:46:01,87, 16/01/2009
Run from C:\Users\sky\Desktop\SmitfraudFix
OS: Microsoft Windows [Srm 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\Program Files\Google\googletoolbar1.dll
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Atheros AR5007 802.11b/g WiFi Adapter
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{424595A0-7326-458E-AC0E-5EA773ADD85C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{424595A0-7326-458E-AC0E-5EA773ADD85C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\Program Files\Google\googletoolbar1.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of random's system information tool 1.05 (written by random/random)
Run by sky at 2009-01-16 18:03:55
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 2 GB (2%) free of 122 GB
Total RAM: 3069 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:19, on 16/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
c:\program files\premieropinion\pmropn.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Users\sky\AppData\Roaming\Google\wincone.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\sky\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\sky.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.243:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O2 - BHO: adsoftinc browser enhancer - {6BB9ECAB-17C2-7FB6-0055-2002BD63BA8C} - C:\Windows\system32\ugmoqnchtjx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [gsqzqgnfaf] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\ugmoqnchtjx.dll"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
O4 - HKCU\..\Run: [winsvcon] "C:\Users\sky\AppData\Roaming\Google\wincone.exe" 2
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Web Korumasi Istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PremierOpinion - VoiceFive Networks, Inc. - C:\Program Files\PremierOpinion\pmservice.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 13376 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6714ADBD-C6C1-42A8-BD84-9C9339059421}]
TBSB05288 Class - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll [2008-08-14 2484224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BB9ECAB-17C2-7FB6-0055-2002BD63BA8C}]
adsoftinc browser enhancer - C:\Windows\system32\ugmoqnchtjx.dll [2008-12-16 386560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-05 542016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []
{10000000-1000-1000-1000-100000000000} - ECO Bar - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll [2008-08-14 2484224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-17 1033512]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-04-16 442433]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]
"DpAgent"=C:\Program Files\DigitalPersona\Bin\dpagent.exe [2008-03-12 699456]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-05-14 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-11-01 554288]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-06 136600]
"TerraTec Remote Control"=C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [2006-08-25 1028096]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"gsqzqgnfaf"=C:\Windows\System32\regsvr32.exe [2006-11-02 14336]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2008-12-10 1230728]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-10-25 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"HDDHealth"=C:\Program Files\HDD Health\hddhealth.exe [2008-06-15 1692672]
"AdobeBridge"= []
"winsvcon"=C:\Users\sky\AppData\Roaming\Google\wincone.exe [2008-12-22 128512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
C:\Users\sky\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe [2007-09-28 347648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
p2pmax.lnk - C:\Program Files\p2pmax\p2pmax.exe
ppcb_32.lnk - C:\Program Files\ppcbooster\ppcb_32.exe
runit_32.lnk - C:\Program Files\runit\runit_32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2007-06-28 206088]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2009-01-16 18:03:55 ----D---- C:\rsit
2009-01-16 17:56:39 ----A---- C:\tmp.txt
2009-01-16 17:47:50 ----A---- C:\Pass2.cmd
2009-01-16 17:46:30 ----A---- C:\Users\sky\AppData\Roaming\SetValue.bat
2009-01-16 17:46:30 ----A---- C:\Users\sky\AppData\Roaming\GetValue.vbs
2009-01-16 17:45:51 ----A---- C:\Windows\system32\VACFix.exe
2009-01-16 17:45:51 ----A---- C:\Windows\system32\o4Patch.exe
2009-01-16 17:45:51 ----A---- C:\Windows\system32\IEDFix.exe
2009-01-16 17:45:51 ----A---- C:\Windows\system32\IEDFix.C.exe
2009-01-16 17:45:51 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe
2009-01-16 17:45:51 ----A---- C:\Windows\system32\404Fix.exe
2009-01-16 17:45:50 ----A---- C:\Windows\system32\WS2Fix.exe
2009-01-16 17:45:50 ----A---- C:\Windows\system32\VCCLSID.exe
2009-01-16 17:45:50 ----A---- C:\Windows\system32\swxcacls.exe
2009-01-16 17:45:50 ----A---- C:\Windows\system32\swsc.exe
2009-01-16 17:45:50 ----A---- C:\Windows\system32\swreg.exe
2009-01-16 17:45:50 ----A---- C:\Windows\system32\SrchSTS.exe
2009-01-16 17:45:50 ----A---- C:\Windows\system32\Process.exe
2009-01-16 17:45:50 ----A---- C:\Windows\system32\dumphive.exe
2009-01-11 10:29:05 ----A---- C:\rapport.txt
2009-01-10 14:48:45 ----A---- C:\TB.txt
2009-01-10 14:47:43 ----D---- C:\ToolBar SD
2009-01-09 21:15:00 ----D---- C:\Program Files\Trend Micro
2009-01-09 18:39:18 ----D---- C:\Program Files\BoontyGames
2009-01-09 18:32:00 ----D---- C:\ProgramData\BOONTY
2009-01-09 18:31:55 ----D---- C:\Program Files\Common Files\BOONTY Shared
2009-01-09 18:31:46 ----D---- C:\Program Files\1% Indiriliyor
2009-01-09 18:31:01 ----D---- C:\Boonty
2009-01-09 17:31:16 ----D---- C:\Program Files\Audio Data Music CD Burner
2009-01-06 20:24:05 ----D---- C:\PVSW
2009-01-06 20:23:55 ----HD---- C:\ProgramData\{B33CBE2B-A739-401D-A5E0-041195C4A17B}
2009-01-06 20:23:44 ----A---- C:\Windows\system32\cdintf300.dll
2009-01-06 20:23:43 ----D---- C:\ProgramData\EBP
2009-01-06 20:22:16 ----D---- C:\Program Files\Common Files\EBP
2009-01-06 20:22:14 ----D---- C:\Program Files\EBP
2009-01-06 20:21:56 ----HD---- C:\ProgramData\{D2C2A6F4-499E-4C97-BBB7-1F91CA87F749}
2009-01-02 13:04:44 ----D---- C:\Program Files\AviSynth 2.5
2009-01-02 13:04:41 ----D---- C:\Program Files\Red Kawa
2009-01-02 13:04:00 ----D---- C:\OpenCandy
2009-01-02 09:19:34 ----D---- C:\Program Files\Zeallsoft
2009-01-01 17:59:48 ----D---- C:\ProgramData\DVD Shrink
2009-01-01 17:59:47 ----D---- C:\Program Files\DVD Shrink
2008-12-30 02:25:43 ----A---- C:\Windows\system32\GEARAspi.dll
2008-12-30 02:24:28 ----D---- C:\Program Files\iPod
2008-12-30 02:24:25 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-30 02:24:25 ----D---- C:\Program Files\iTunes
2008-12-30 01:52:00 ----D---- C:\Program Files\Bonjour
2008-12-30 01:50:04 ----D---- C:\ProgramData\Apple Computer
2008-12-30 01:48:58 ----D---- C:\Program Files\Apple Software Update
2008-12-30 01:47:23 ----D---- C:\Program Files\Common Files\Apple
2008-12-30 01:47:22 ----D---- C:\ProgramData\Apple
2008-12-28 00:25:40 ----A---- C:\Windows\system32\DBCLIENT.DLL
2008-12-28 00:25:37 ----D---- C:\Program Files\Common Files\Borland Shared
2008-12-28 00:18:23 ----D---- C:\Program Files\micro application
2008-12-22 21:34:42 ----D---- C:\ProgramData\TEMP
2008-12-22 21:34:02 ----A---- C:\Windows\system32\ztvunrar36.dll
2008-12-22 21:34:02 ----A---- C:\Windows\system32\ztvunace26.dll
2008-12-22 21:34:02 ----A---- C:\Windows\system32\ztvcabinet.dll
2008-12-22 21:34:02 ----A---- C:\Windows\system32\UNRAR3.dll
2008-12-22 21:34:02 ----A---- C:\Windows\system32\unacev2.dll
2008-12-22 21:34:00 ----D---- C:\Users\sky\AppData\Roaming\Simply Super Software
2008-12-22 21:34:00 ----D---- C:\ProgramData\Simply Super Software
2008-12-22 21:34:00 ----D---- C:\Program Files\Trojan Remover
2008-12-20 11:46:55 ----A---- C:\Windows\pn8.exe
2008-12-20 11:46:52 ----D---- C:\Program Files\runit
2008-12-20 11:46:51 ----A---- C:\Windows\hw5305.exe
2008-12-20 11:46:49 ----D---- C:\Program Files\IEToolbar
2008-12-20 11:46:47 ----A---- C:\Windows\ykgee3362.exe
2008-12-20 11:46:44 ----D---- C:\Program Files\ppcbooster
2008-12-20 11:46:44 ----A---- C:\Windows\gncyq5.exe
2008-12-20 11:44:46 ----D---- C:\Program Files\p2pmax
2008-12-20 11:44:45 ----A---- C:\Windows\c20232.exe
2008-12-20 11:44:03 ----A---- C:\Windows\system32\cont_adsoftinc-remove.exe
2008-12-20 11:43:51 ----A---- C:\Windows\system32\xqdpraytlupvduba.exe
2008-12-20 11:43:48 ----A---- C:\Windows\nohh06760.exe
2008-12-20 11:43:42 ----A---- C:\kdiue732.txt
2008-12-18 16:23:24 ----A---- C:\Windows\system32\mshtml.dll
2008-12-17 18:55:15 ----D---- C:\ProgramData\WindowsSearch
======List of files/folders modified in the last 1 months======
2009-01-16 18:04:05 ----D---- C:\Windows\Temp
2009-01-16 18:02:20 ----D---- C:\Windows\System32
2009-01-16 18:02:20 ----D---- C:\Windows\inf
2009-01-16 18:02:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-16 17:58:39 ----D---- C:\Windows
2009-01-16 17:58:31 ----D---- C:\ProgramData\Kaspersky Lab
2009-01-16 17:57:51 ----D---- C:\Users\sky\AppData\Roaming\Google
2009-01-16 17:56:33 ----D---- C:\Program Files\Google
2009-01-16 17:49:07 ----SD---- C:\Windows\Downloaded Program Files
2009-01-15 12:22:30 ----D---- C:\Windows\winsxs
2009-01-15 12:12:51 ----D---- C:\Windows\system32\catroot
2009-01-15 12:12:46 ----D---- C:\Program Files\Windows Mail
2009-01-15 12:12:30 ----D---- C:\Windows\system32\drivers
2009-01-15 12:06:52 ----SHD---- C:\System Volume Information
2009-01-14 20:52:40 ----D---- C:\Users\sky\AppData\Roaming\temp
2009-01-11 20:30:21 ----D---- C:\Windows\Prefetch
2009-01-10 15:06:19 ----D---- C:\Windows\system32\Tasks
2009-01-10 02:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-09 21:15:00 ----RD---- C:\Program Files
2009-01-09 20:59:34 ----D---- C:\Windows\system32\catroot2
2009-01-09 18:32:00 ----HD---- C:\ProgramData
2009-01-09 18:31:55 ----D---- C:\Program Files\Common Files
2009-01-06 20:24:23 ----SHD---- C:\Windows\Installer
2008-12-30 02:25:43 ----DC---- C:\Windows\system32\DRVSTORE
2008-12-30 01:51:29 ----D---- C:\Program Files\Internet Explorer
2008-12-30 01:51:28 ----D---- C:\Program Files\QuickTime
2008-12-22 13:00:24 ----D---- C:\Users\sky\AppData\Roaming\Download Manager
2008-12-22 13:00:24 ----D---- C:\Users\sky\AppData\Roaming\DigitalPersona
2008-12-22 13:00:24 ----D---- C:\Users\sky\AppData\Roaming\CyberLink
2008-12-22 13:00:23 ----D---- C:\Users\sky\AppData\Roaming\codeblocks
2008-12-22 13:00:23 ----D---- C:\Users\sky\AppData\Roaming\Canneverbe_Limited
2008-12-22 13:00:23 ----D---- C:\Users\sky\AppData\Roaming\Anuman Interactive
2008-12-22 13:00:23 ----D---- C:\Users\sky\AppData\Roaming\Adobe
2008-12-20 19:32:45 ----D---- C:\ProgramData\FLEXnet
2008-12-20 13:35:52 ----D---- C:\Users\sky\AppData\Roaming\LimeWire
2008-12-20 11:44:03 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-09-26 112144]
R1 KLIF;KLIF; C:\Windows\system32\DRIVERS\klif.sys [2008-09-03 127768]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 WINIO;WINIO; \??\C:\Program Files\IRAI\AUTOMGEN8\winio.sys [2002-03-01 4944]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-28 3544064]
R3 BthEnum;Bluetooth Numaralandirici Hizmeti; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
R3 BthPan;Bluetooth Aygiti (Kisisel Alan Agi); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Bluetooth Radyo USB Sürücüsü; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-01 80424]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-02-01 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-02-01 16168]
R3 CmBatt;Microsoft ACPI Denetim Yöntemi Pil Sürücüsü; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;High Definition Audio Hizmeti için Microsoft 1.1 UAA Islev Sürücüsü; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
R3 RFCOMM;Bluetooth Aygiti (RFCOMM Protokolü TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-14 118784]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-04-16 379904]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-17 196784]
R3 usbvideo;USB Video Aygiti (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-03-26 40752]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Bluetooth Baglanti Noktasi Sürücüsü; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 Dot4;MS IEEE-1284.4 Sürücüsü; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;IEEE-1284.4 için Yazdirma Sinifi Sürücü; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Çekirdek DRM Ses Çözücüsü; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Akis Hizmet Proxy'si; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Akis Saat Proxy'si; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Akis Kalite Yöneticisi Proxy'si; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Akis T/Alicidan-Aliciya Dönüstürücü; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 USB28xxBGA;Cinergy EM28xx Capture; C:\Windows\system32\DRIVERS\emBDA.sys [2006-08-17 292096]
S3 USB28xxOEM;Cinergy EM28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM.sys [2006-08-17 27776]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Tarayici Sürücüsü; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-02-12 73728]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-28 667648]
R2 AVP;Kaspersky Anti-Virus 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 DpHost;Biometric Authentication Service; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2008-03-12 302144]
R2 EBP Pervasive.SQL;EBP Pervasive.SQL; C:\PVSW\Bin\WGE_SRV.exe [2006-12-07 32768]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 hpqddsvc;HP CUE AygitBulma Hizmeti; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-12-15 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-12-15 107832]
R2 PremierOpinion;PremierOpinion; C:\Program Files\PremierOpinion\pmservice.exe [2008-04-24 45056]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-05-14 292248]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-05-14 116112]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-03-26 341328]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe [2008-04-16 221239]
R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-03-26 595248]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2009-01-09 69120]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-15 655624]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-19 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Paylasim Klasörleri USN Günlük Okuyucu hizmeti; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [2008-04-17 5750784]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2009-01-16 18:04:43
======Uninstall list======
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-041F-0000-0000000FF1CE} /uninstall {E599AFDF-22E9-4146-82B5-F6515FB1E3D8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-041F-0000-0000000FF1CE} /uninstall {E599AFDF-22E9-4146-82B5-F6515FB1E3D8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-041F-0000-0000000FF1CE} /uninstall {E599AFDF-22E9-4146-82B5-F6515FB1E3D8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-041F-0000-0000000FF1CE} /uninstall {E0E4AC2D-2A1F-438E-A523-682A6E2252A8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-041F-0000-0000000FF1CE} /uninstall {DD4BF53E-2D96-4352-887A-624D13837D5E}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-041F-0000-0000000FF1CE} /uninstall {E599AFDF-22E9-4146-82B5-F6515FB1E3D8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Agere Systems HDA Modem-->agrsmdel
AMD Driver Support for HP 3D DriverGuard-->MsiExec.exe /X{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}
AOL Araç Çubugu 5.0-->"C:\Program Files\AOL\AOL Araç Çubugu 5.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x001f
Audio Data Music CD Burner 1.40-->"C:\Program Files\Audio Data Music CD Burner\unins000.exe"
AUTOMGEN V8.011 (c)IRAI-->C:\Program Files\IRAI\AUTOMGEN8\iraisetup.exe /uninstall=5,C:\Program Files\IRAI\AUTOMGEN8
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Catalyst Control Center - Branding-->MsiExec.exe /I{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
CEDP Stealer 6.0 for Messenger-->C:\Program Files\CEDP Stealer 6.0 for Messenger\uninstall.exe
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Contextual Platform Adsoftinc-->C:\Windows\system32\cont_adsoftinc-remove.exe
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Delta Force: Xtreme-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{961C4925-5B53-4127-969D-1CACF2426C05}\setup.exe" -l0x9
DigitalPersona Personal 3.0.1-->MsiExec.exe /I{AE72E414-0935-4AC8-B7D6-12E3039BEC13}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EBP Btrieve 8.6-->"C:\ProgramData\{B33CBE2B-A739-401D-A5E0-041195C4A17B}\EBP_Btrieve8.6_SETUP.exe" REMOVE=TRUE MODIFY=FALSE
EBP Btrieve 8.6-->C:\ProgramData\{B33CBE2B-A739-401D-A5E0-041195C4A17B}\EBP_Btrieve8.6_SETUP.exe
EBP Paye 13.1-->"C:\ProgramData\{D2C2A6F4-499E-4C97-BBB7-1F91CA87F749}\setup.exe" REMOVE=TRUE MODIFY=FALSE
EBP Paye 13.1-->C:\ProgramData\{D2C2A6F4-499E-4C97-BBB7-1F91CA87F749}\setup.exe
ECO Bar-->regsvr32 /u /s "C:\Program Files\IEToolbar\ECO Bar\ecobar.dll"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Europa Universalis - Rome-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FD14A8A-FBCC-4442-ACAC-A0E9EC223AED}\setup.exe" -l0x40c
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly
First Class Flurry fr-->"C:\Program Files\BoontyGames\First Class Flurry\unins000.exe"
Fun Morph 3.0-->"C:\Program Files\Zeallsoft\Fun Morph\unins000.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Graffiti Studio 2.0-->"C:\Program Files\Graffiti Studio 2.0\unins000.exe"
HDD Health v3.3 Beta-->"C:\Program Files\HDD Health\unins000.exe"
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}\setup.exe" -l0x9 -removeonly
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{28C3E5E6-5ACA-408D-9A46-089C5334EC97}
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP MULTIPLE MODEM INSTALLER for VISTA-->MsiExec.exe /I{45A136EC-88BF-4B95-99F5-C45D3930E1CC}
HP Photosmart All-In-One Driver Software 10.0 Rel .2-->C:\Program Files\HP\Digital Imaging\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}\setup\hpzscr01.exe -datfile hposcr21.dat -onestop
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.40 D3-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x001f uninst
HP QuickPlay 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 D2-->MsiExec.exe /I{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0102-->MsiExec.exe /I{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}
HP Wireless Assistant-->MsiExec.exe /I{A5CE7175-080D-49AC-B5A3-E7E3502428F5}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x1f -remove -removeonly
IsoBuster 2.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x9 -removeonly
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
K-Lite Codec Pack 4.3.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
LFP MANAGER 08-->C:\Program Files\EA SPORTS\LFP MANAGER 08\eauninstall.exe
LFP MANAGER 09-->C:\Program Files\EA SPORTS\LFP MANAGER 09\eauninstall.exe
LightScribe System Software 1.12.33.2-->MsiExec.exe /X{582287DA-0806-4AC0-BF19-C15E3A466034}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
MathPlayer-->C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Excel MUI (Turkish) 2007-->MsiExec.exe /X{90120000-0016-041F-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Turkish) 2007-->MsiExec.exe /X{90120000-00A1-041F-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Turkish) 2007-->MsiExec.exe /X{90120000-0018-041F-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Turkish) 2007-->MsiExec.exe /X{90120000-001F-041F-0000-0000000FF1CE}
Microsoft Office Proofing (Turkish) 2007-->MsiExec.exe /X{90120000-002C-041F-0000-0000000FF1CE}
Microsoft Office Shared MUI (Turkish) 2007-->MsiExec.exe /X{90120000-006E-041F-0000-0000000FF1CE}
Microsoft Office Word MUI (Turkish) 2007-->MsiExec.exe /X{90120000-001B-041F-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{685B9AFA-1A5B-48FF-A02E-AA6C0029B2FF}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
P2P Max-->"C:\Program Files\p2pmax\p2pmaxu.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PPC Booster-->"C:\Program Files\ppcbooster\ppcbu_32.exe"
PremierOpinion-->c:\program files\premieropinion\pmropn.exe -bootremove -uninst:PremierOpinion
ProtectSmart Hard Drive Protection-->MsiExec.exe /X{39A7C8F1-E4FE-4A7B-89C3-913F9477C137}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x001f -removeonly
RON Tool Adsoftinc-->C:\Windows\system32\xqdpraytlupvduba.exe
Run It-->"C:\Program Files\runit\runitu_32.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Téléchargeur de Commandos 3 fr-->"C:\Program Files\1% Indiriliyor\unins000.exe"
TerraTec Home Cinema-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\setup.exe" -l0x40c
Trojan Remover 6.7.5-->"C:\Program Files\Trojan Remover\unins000.exe"
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
US Trucks Road Simulator -->C:\Program Files\US Trucks Road Simulator\uninst.exe
Validity Sensors software-->MsiExec.exe /X{567E8236-C414-4888-8211-3D61608D57AE}
VDownloader 0.74-->"C:\Program Files\VDOWNLOADER\unins000.exe"
Videora iPod Converter 4.04-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
WampServer 2.0-->"c:\wamp\unins000.exe"
Web Boutique 4.0-->"C:\Program Files\micro application\web boutique 4\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{CB7D9F91-E82E-450C-B884-3DB9A7099C73}
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
YouTube Downloader App 1.01-->C:\Program Files\Red Kawa\Downloader App\uninstaller.exe
======Security center information======
AV: Kaspersky Anti-Virus
AS: Windows Defender
AS: Kaspersky Anti-Virus
System event log
Computer Name: sky-PC
Event Code: 7036
Message: WinHTTP Web Proxy Otomatik Bulma Hizmeti hizmeti Çalisiyor durumuna girdi.
Record Number: 336777
Source Name: Service Control Manager
Time Written: 20090116170351.000000-000
Event Type: Bilgi
User:
Computer Name: sky-PC
Event Code: 3
Message: Hizmet baslatildi.
Record Number: 336778
Source Name: Virtual Disk Service
Time Written: 20090116170427.000000-000
Event Type: Bilgi
User:
Computer Name: sky-PC
Event Code: 7036
Message: Sanal Disk hizmeti Çalisiyor durumuna girdi.
Record Number: 336779
Source Name: Service Control Manager
Time Written: 20090116170427.000000-000
Event Type: Bilgi
User:
Computer Name: sky-PC
Event Code: 4
Message: Service durduruldu.
Record Number: 336780
Source Name: Virtual Disk Service
Time Written: 20090116170431.000000-000
Event Type: Bilgi
User:
Computer Name: sky-PC
Event Code: 7036
Message: Sanal Disk hizmeti durduruldu durumuna girdi.
Record Number: 336781
Source Name: Service Control Manager
Time Written: 20090116170432.000000-000
Event Type: Bilgi
User:
Application event log
Computer Name: sky-PC
Event Code: 0
Message: Hizmet basariyla baslatildi.
Record Number: 22914
Source Name: HP Health Check Service
Time Written: 20090116170104.000000-000
Event Type: Bilgi
User:
Computer Name: sky-PC
Event Code: 1001
Message: WmiApRpl (WmiApRpl) hizmeti için performans sayaçlari basariyla kaldirildi. Kayit Verisi sistem Last Counter ve Last Help kayit defteri girdilerinin yeni degerlerini içerir.
Record Number: 22915
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090116170219.000000-000
Event Type: Bilgi
User:
Computer Name: sky-PC
Event Code: 1000
Message: WmiApRpl (WmiApRpl) hizmeti için performans sayaçlari basariyla yüklendi. Veri bölümündeki Kayit Verisi bu hizmete atanan yeni dizin degerlerini içerir.
Record Number: 22916
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090116170220.000000-000
Event Type: Bilgi
User:
Computer Name: sky-PC
Event Code: 1
Message: Windows Güvenlik Merkezi Hizmeti baslatildi.
Record Number: 22917
Source Name: SecurityCenter
Time Written: 20090116170223.000000-000
Event Type: Bilgi
User:
Computer Name: sky-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 22918
Source Name: LightScribeService
Time Written: 20090116170441.000000-000
Event Type: Bilgi
User:
Security event log
Computer Name: sky-PC
Event Code: 4648
Message: Açik kimlik bilgileri kullanilarak oturum açilmaya çalisildi.
Konu:
Güvenlik Kimligi: S-1-5-18
Hesap Adi: SKY-PC$
Hesap Etki Alani: WORKGROUP
Oturum Açma Kimligi: 0x3e7
Oturum Açma GUID'si: {00000000-0000-0000-0000-000000000000}
Kimlik Bilgileri Kullanilan Hesap:
Hesap Adi: SYSTEM
Hesap Etki Alani: NT AUTHORITY
Oturum Açma GUID'si: {00000000-0000-0000-0000-000000000000}
Hedef Sunucu:
Hedef Sunucu Adi: localhost
Ek Bilgi: localhost
Islem Bilgileri:
Islem Kimligi: 0x2e4
Islem Adi: C:\Windows\System32\services.exe
Ag Bilgileri:
Ag Adresi: -
Baglanti Noktasi: -
Bu olay, bir islem açikça bir hesabin kimlik bilgilerini belirterek hesapta oturum açmayi denediginde olusturulur. Bu genellikle zamanlanan görevler gibi toplu islem türü yapilandirmalarda veya RUNAS komutu kullanildiginda olusur.
Record Number: 205286
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090107212941.317977-000
Event Type: Basari Denetle
User:
Computer Name: sky-PC
Event Code: 4624
Message: Bir hesapta basariyla oturum açildi.
Konu:
Güvenlik Kimligi: S-1-5-18
Hesap Adi: SKY-PC$
Hesap Etki Alani: WORKGROUP
Oturum Açma Kimligi: 0x3e7
Oturum Türü: 5
Yeni Oturum:
Güvenlik Kimligi: S-1-5-18
<br
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1659
Windows 6.0.6001 Service Pack 1
16/01/2009 22:04:56
mbam-log-2009-01-16 (22-04-56).txt
Type de recherche: Examen rapide
Eléments examinés: 68474
Temps écoulé: 54 minute(s), 32 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 28
Processus mémoire infecté(s):
c:\program files\premieropinion\pmropn.exe (Adware.RK) -> Unloaded process successfully.
C:\Users\sky\AppData\Roaming\Google\wincone.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
c:\program files\premieropinion\pmls.dll (Adware.RK) -> Delete on reboot.
C:\Program Files\IEToolbar\ECO Bar\ecobar.dll (Adware.BHO) -> Delete on reboot.
C:\Program Files\IEToolbar\ECO Bar\tbhelper.dll (Adware.BHO) -> Delete on reboot.
C:\Users\sky\AppData\Roaming\Google\mrkgrn.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{2ee92bca-74c4-4d4b-88da-db9f9e3c9f93} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3bb269a-eb7b-4e5b-82d7-1518b8bae930} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bb5c43ae-5ab0-49c3-ba5e-babd0842437f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e67d5bc7-7129-493e-9281-f47bdaface4f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10000000-1000-1000-1000-100000000000} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10000000-1000-1000-1000-100000000000} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{57cadc46-58ff-4105-b733-5a9f3fc9783c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6714adbd-c6c1-42a8-bd84-9c9339059421} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6714adbd-c6c1-42a8-bd84-9c9339059421} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6714adbd-c6c1-42a8-bd84-9c9339059421} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.tbsb05288 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.tbsb05288.3 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6bb9ecab-17c2-7fb6-0055-2002bd63ba8c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6bb9ecab-17c2-7fb6-0055-2002bd63ba8c} (Adware.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{10000000-1000-1000-1000-100000000000} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{10000000-1000-1000-1000-100000000000} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gsqzqgnfaf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsvcon (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\ppcbooster (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\p2pmax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar (Trojan.Agent) -> Delete on reboot.
C:\Program Files\IEToolbar\ECO Bar (Trojan.Agent) -> Delete on reboot.
C:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Users\sezor\Local Settings\Application Data\yqwqw_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\sezor\Local Settings\Application Data\yqwqw_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\sezor\Local Settings\Application Data\yqwqw.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\sezor\Local Settings\Application Data\yqwqw.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\program files\premieropinion\pmls.dll (Adware.RK) -> Delete on reboot.
C:\Program Files\IEToolbar\ECO Bar\ecobar.dll (Adware.BHO) -> Delete on reboot.
C:\Program Files\IEToolbar\ECO Bar\tbhelper.dll (Adware.BHO) -> Delete on reboot.
c:\program files\premieropinion\pmropn.exe (Adware.RK) -> Quarantined and deleted successfully.
C:\Windows\c20232.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\ykgee3362.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\gncyq5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\hw5305.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ppcbooster\ppcbu_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\p2pmax\p2pmaxu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\basis.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\icons.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\info.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\version.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\your_logo.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\runit\runitu_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\runit\runit_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ugmoqnchtjx.dll (Trojan.Agent) -> Delete on reboot.
C:\Pass2.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\nsadsoftinc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\sky\AppData\Roaming\Google\mrkgrn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\sky\AppData\Roaming\Google\wincone.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Voici quelques pistes pour faire évoluer ses processus d'impression, et favoriser l'adoption de bonnes pratiques.
