Hi Deltalima,
I followed your instructions: I let MBAM to perform a full scan. It found a dozen of malware infections, the results are as follows (
mbam-log-2009-09-30 (10-53-58).txt). It prompted to reboot. After reboot I run MBAM to make sure, all found infections colud be removed. This time MBAM found my computer clean (
mbam-log-2009-09-30 (13-36-59).txt). Next, I run RSIT, I pasted the logs (
log.txt,
info.txt). I did not notice any changes since MBAM disinfection on my system.
Best regards,
Leon
Log files:
mbam-log-2009-09-30 (10-53-58).txtMalwarebytes' Anti-Malware 1.41
Database version: 2870
Windows 6.0.6000
2009.09.30. 10:53:58
mbam-log-2009-09-30 (10-53-58).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 445224
Time elapsed: 2 hour(s), 1 minute(s), 13 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 11
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
C:\Windows\System32\groupmanager.exe (Trojan.Clicker) -> Failed to unload process.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mabidwe (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\noytcyr (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\roytctm (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\soxpeca (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wingms (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wsldoekd (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\groupmanager (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\krnlsrvc (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\txtfile\shell\open\command\(default) (Hijack.Notepad) -> Bad: ("C:\Windows\system32\nxtepad.exe" "%1") Good: (notepad.exe %1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\Temp\863791232_360.temp (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Windows\System32\c.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\groupmanager.exe (Trojan.Clicker) -> Delete on reboot.
C:\Windows\Temp\OPRYBIHT (Trojan.Agent) -> Quarantined and deleted successfully.
mbam-log-2009-09-30 (13-36-59).txtMalwarebytes' Anti-Malware 1.41
Database version: 2875
Windows 6.0.6000
2009.09.30. 13:36:59
mbam-log-2009-09-30 (13-36-59).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 444973
Time elapsed: 1 hour(s), 59 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
log.txtLogfile of random's system information tool 1.06 (written by random/random)
Run by Leon at 2009-09-30 14:37:53
Microsoft® Windows Vista™ Home Premium
System drive C: has 22 GB (15%) free of 150 GB
Total RAM: 3070 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:00, on 2009.09.30.
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Leon\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Users\Leon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3P1IQAU\RSIT[1].exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Leon.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader hivatkozássúgó - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Leon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O4 - Startup: Check for TWS Updates.lnk = C:\Program Files\Jts\WiseUpdt.exe
O4 - Startup: SDK Tray Menu.lnk = ?
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E70C7EB5-4178-4A2E-818D-6E8CC9892E2C}: NameServer = 193.110.57.4 193.110.56.8
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Distributed Transaction Servic (DstRser) - Unknown owner - C:\Windows\msagent\agentdpv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9942cbcaf5990) (gupdate1c9942cbcaf5990) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help Supportr - Unknown owner - C:\Program Files\Windows Media Player\npdsplay.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logicle Disk Managers - Unknown owner - C:\Windows\msagent\agentpsh.exe
O23 - Service: Logicle Mianags - Unknown owner - C:\Windows\system32\Restore\sframie.exe
O23 - Service: Microsoft Exchange Miange (MSExchangeMEM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEINFS32.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Network DSDM SRV - Unknown owner - C:\Program Files\Windows Media Player\wmpband.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: RenProcis(DPE) (RenPro(DPE)) - Unknown owner - C:\Program Files\Windows Media Player\wmpbands.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
--
End of file - 11939 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-581560883-1044469292-4072932869-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-581560883-1044469292-4072932869-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{5ADDF6CF-0CC0-44B5-AB8F-4DC1CEBF2C02}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader hivatkozássúgó - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live bejelentkezési segítség - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-30 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-27 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-04-16 1006264]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-07-24 174616]
"IaNvSrv"=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2007-07-24 33304]
"OSD"=C:\Program Files\C&E\OSD\osd.exe [2007-09-20 561152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-05-29 951624]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"MSConfig"=C:\Windows\System32\msconfig.exe [2006-11-02 222208]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-07-04 2072576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-16 1232896]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-23 39408]
"Google Update"=C:\Users\Leon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 133104]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
C2CMonitor.lnk - C:\Program Files\ClickToConvert\C2CMonitor.exe
Palo Alto Software Update Manager 8.0.lnk - C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Check for TWS Updates.lnk - C:\Program Files\Jts\WiseUpdt.exe
SDK Tray Menu.lnk - C:\Sun\SDK\jdk\bin\javaw.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bb6c456-7b94-11de-ae62-99d4d065e8ca}]
shell\AutoRun\command - H:\setup_vmc_lite.exe /checkApplicationPresence
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bb6c45b-7b94-11de-ae62-99d4d065e8ca}]
shell\AutoRun\command - I:\setup_vmc_lite.exe /checkApplicationPresence
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bb6c488-7b94-11de-ae62-001060d021c1}]
shell\AutoRun\command - H:\setup_vmc_lite.exe /checkApplicationPresence
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bb6c48a-7b94-11de-ae62-001060d021c1}]
shell\AutoRun\command - H:\setup_vmc_lite.exe /checkApplicationPresence
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4291ce6-2f0f-11dd-95eb-001060d021c1}]
shell\AutoRun\command - G:\MonopolyPBInstall.exe
======File associations======
.txt - open - notepad.exe %1
======List of files/folders created in the last 1 months======
2009-09-30 14:37:53 ----D---- C:\rsit
2009-09-20 01:16:36 ----D---- C:\Users\Leon\AppData\Roaming\Notepad++
2009-09-20 01:16:36 ----D---- C:\Program Files\Notepad++
2009-09-19 14:40:42 ----D---- C:\ProgramData\FLEXnet
2009-09-19 14:36:31 ----D---- C:\Program Files\Bonjour
2009-09-19 14:29:45 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-09-18 11:26:56 ----D---- C:\Program Files\Apache Software Foundation
2009-09-18 01:24:58 ----A---- C:\Windows\php.ini
2009-09-17 23:58:17 ----SHD---- C:\Config.Msi
2009-09-17 23:20:42 ----D---- C:\Program Files\PHP
2009-09-17 20:32:33 ----A---- C:\Windows\libmySQL.dll
2009-09-17 19:58:03 ----D---- C:\Users\Leon\AppData\Roaming\SQLyog
2009-09-17 19:57:56 ----D---- C:\Program Files\SQLyog Enterprise Trial
2009-09-17 19:39:19 ----A---- C:\Windows\system32\libmcrypt.dll
2009-09-17 18:52:50 ----D---- C:\ProgramData\MySQL
2009-09-17 18:52:50 ----D---- C:\Program Files\MySQL
2009-09-14 16:35:18 ----A---- C:\Windows\system32\javaws.exe
2009-09-14 16:35:18 ----A---- C:\Windows\system32\javaw.exe
2009-09-14 16:35:18 ----A---- C:\Windows\system32\java.exe
======List of files/folders modified in the last 1 months======
2009-09-30 14:38:00 ----D---- C:\Windows\Prefetch
2009-09-30 14:37:56 ----D---- C:\Windows\Temp
2009-09-30 14:11:00 ----SHD---- C:\System Volume Information
2009-09-30 11:08:05 ----D---- C:\Windows\System32
2009-09-30 11:08:05 ----D---- C:\Windows\inf
2009-09-30 11:08:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-30 11:06:59 ----D---- C:\Windows\system32\drivers
2009-09-30 11:03:10 ----D---- C:\Windows\system32\inetsrv
2009-09-29 12:10:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-29 11:36:10 ----D---- C:\Program Files\Jts
2009-09-28 23:36:22 ----D---- C:\Users\Leon\AppData\Roaming\Adobe
2009-09-27 20:53:38 ----D---- C:\Users\Leon\AppData\Roaming\uTorrent
2009-09-25 11:55:30 ----D---- C:\Program Files\Common Files
2009-09-23 16:00:41 ----SD---- C:\Users\Leon\AppData\Roaming\Microsoft
2009-09-22 09:24:26 ----D---- C:\Program Files\Windows Media Player
2009-09-20 01:16:36 ----RD---- C:\Program Files
2009-09-19 23:46:05 ----D---- C:\Windows
2009-09-19 15:58:20 ----RSD---- C:\Windows\Fonts
2009-09-19 14:40:42 ----HD---- C:\ProgramData
2009-09-19 14:38:04 ----SHD---- C:\Windows\Installer
2009-09-19 14:37:26 ----D---- C:\Program Files\Adobe
2009-09-19 14:37:06 ----D---- C:\ProgramData\Adobe
2009-09-19 14:36:29 ----D---- C:\Program Files\Common Files\Adobe
2009-09-19 14:25:29 ----D---- C:\tmp
2009-09-17 23:57:22 ----D---- C:\Windows\SoftwareDistribution
2009-09-17 23:56:51 ----SD---- C:\Windows\Downloaded Program Files
2009-09-17 21:29:29 ----D---- C:\Windows\system32\Tasks
2009-09-17 20:59:35 ----A---- C:\Windows\php.iniold
2009-09-14 16:35:17 ----D---- C:\Program Files\Java
2009-09-03 11:40:40 ----D---- C:\Program Files\Windows Live Safety Center
2009-09-02 01:42:34 ----D---- C:\Windows\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 nod32drv;nod32drv; C:\Windows\system32\drivers\nod32drv.sys [2008-05-29 15160]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2008-11-22 5632]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 41456]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2008-05-29 511832]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-04 3351040]
R3 BthEnum;Bluetooth enumerálási szolgáltatás; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
R3 BthPan;Bluetooth-eszköz (személyes hálózat); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth-rádió USB illesztőprogramja; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 CmBatt;Microsoft ACPI vezérlési módú telep illesztőprogramja; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-04-16 14208]
R3 HdAudAddService;Microsoft 1.1 UAA funkció-illesztőprogram High Definition Audio hangszolgáltatáshoz; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-10 1775712]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
R3 NETw4v32;Intel(R) Wireless WiFi Link adapter illesztőprogram 32 bites Windows Vistához; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
R3 RFCOMM;Bluetooth-eszköz (RFCOMM protokoll TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 tap0801;TAP-Win32 Adapter V8; C:\Windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-04-16 11264]
S3 a437mcei;a437mcei; C:\Windows\system32\drivers\a437mcei.sys []
S3 BTHPORT;Bluetooth-portillesztőprogram; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 Cam5603D;WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2007-06-01 753456]
S3 CEBFilter;CEBFilter; \??\C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [2007-09-04 5120]
S3 CEIO;CEIO; \??\C:\Program Files\C&E\OSD\OsdService\ceio.sys [2007-08-31 4608]
S3 cKBFilter;cKBFilter; \??\C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [2007-08-31 7168]
S3 drmkaud;Microsoft Kernel DRM-hangdekódoló; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632]
S3 MSKSSRV;Microsoft Streaming szolgáltatásproxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming óraproxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming minőségkezelő proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming cél/fogadók közötti konverter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 usb_rndisx;USB RNDIS adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2006-11-02 14848]
S3 USBCCID;USB intelligenskártya-olvasó; C:\Windows\system32\DRIVERS\usbccid.sys [2006-11-02 30208]
S3 usbmouseb;usbmouseb; \??\C:\Windows\SYSTEM32\drivers\svhose.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-07-24 354840]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2007-10-11 13824]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2004-10-18 335872]
R2 MSSQLSERVER;MSSQLSERVER; C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe [2005-05-04 9150464]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-05-29 554312]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-10-16 243056]
R2 SysEnforce;SysEnforce; C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE [2006-01-13 57344]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 11111112323322323444;12313212132132321123123123123; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 DstRser;Distributed Transaction Servic; C:\Windows\msagent\agentdpv.exe [2009-02-16 676864]
S2 FastUserSwitchingCompatibility;Microsolf Devicer Manager; C:\Windows\sYSTEM32\SVCHOST.EXE [2006-11-02 22016]
S2 gupdate1c9942cbcaf5990;Google Update Service (gupdate1c9942cbcaf5990); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S2 Help Supportr;Help Supportr; C:\Program Files\Windows Media Player\npdsplay.exe [2009-09-22 479744]
S2 Logicle Disk Managers;Logicle Disk Managers; C:\Windows\msagent\agentpsh.exe [2009-05-15 669696]
S2 Logicle Mianags;Logicle Mianags; C:\Windows\system32\Restore\sframie.exe [2009-06-03 305785]
S2 MSExchangeMEM;Microsoft Exchange Miange; C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEINFS32.exe [2009-05-04 669696]
S2 MS-SP3;Microsoft Support Online Update; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 Network DSDM SRV;Network DSDM SRV; C:\Program Files\Windows Media Player\wmpband.exe [2009-05-05 656384]
S2 RenPro(DPE);RenProcis(DPE); C:\Program Files\Windows Media Player\wmpbands.exe [2009-04-29 645120]
S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-19 654848]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2006-10-01 16384]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe [2005-05-03 323584]
S3 Tomcat6;Apache Tomcat 6; C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2009-05-14 57344]
S3 WMSvc;@%windir%\system32\inetsrv\iisres.dll,-20001; C:\Windows\system32\inetsrv\wmsvc.exe [2006-11-02 10752]
S4 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-12-04 626688]
S4 CSIScanner;CSIScanner; C:\Program Files\PrevxCSI\prevxcsi.exe [2009-02-01 4107832]
S4 Network Connections Manager;Network Connections Manager; C:\Windows\Ati2vexx.exe []
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S4 OsdService;OsdService; C:\Program Files\C&E\OSD\OsdService\OsdService.exe [2007-09-03 53248]
S4 ZYYGD;ZYYGD; C:\Users\Leon\AppData\Local\Temp\ZYYGD.exe []
-----------------EOF-----------------
info.txtinfo.txt logfile of random's system information tool 1.06 2009-09-30 14:38:02
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Reader 8 - Hungarian-->MsiExec.exe /I{AC76BA86-7AD7-1038-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Any Video Converter 2.7.2-->"C:\Program Files\Any Video Converter\unins000.exe"
Apache Tomcat 6.0 (remove only)-->"C:\Program Files\Apache Software Foundation\Tomcat 6.0\Uninstall.exe"
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVIConverter 5.1.6-->C:\Program Files\TrekStor\i.Beat move\AVI-Converter\uninst.exe
CharmDesktop-->"C:\Program Files\CharmDesktop\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Click to Convert 6.0-->C:\PROGRA~1\CLICKT~1\UNWISE.EXE C:\PROGRA~1\CLICKT~1\INSTALL.LOG
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
E.M. Total Video Player 1.31-->"C:\Program Files\Total Video Player\unins000.exe"
Electronic Piano 2.5-->"C:\Program Files\Electronic Piano 2.5\unins000.exe"
ExamDiff Pro 3.1-->"C:\Program Files\ExamDiff Pro\unins000.exe"
Exterminate It!-->C:\Program Files\Exterminate It!\ExterminateIt_Uninst.exe
FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}
Fwink-->MsiExec.exe /I{F432F2AE-F463-4491-A5FE-844849992F6E}
Google Föld-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Gears-->MsiExec.exe /I{95774351-6087-3A3B-8CA8-70BEE49D2BD5}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Heroes of Might and Magic V Collector Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}\setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Turbo Memory és Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Java Platform, Enterprise Edition 5 SDK-->"C:\Sun\SDK\uninstall.exe" -javahome "C:\Sun\SDK\jdk"
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.exe" -l0x9 -removeonly
K&H e-bank2 1.41-->"C:\Program Files\e-bank2\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marketing Plan Pro 9.0-->MsiExec.exe /X{3F7C20E7-37DA-4DBF-B1C1-0F207633C178}
Microsoft .NET Framework (English) v1.0.3705-->C:\Windows\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\Windows\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040E-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2000-->C:\Windows\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVER
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual SourceSafe NetSetup-->"C:\program files\vss\setup\win32\1033\Setup.exe"
Microsoft Visual Studio .NET Enterprise Architect - English-->"C:\Program Files\Microsoft Visual Studio .NET\Setup\Visual Studio .NET Enterprise Architect - English\setup.exe" /MaintMode
Monopoly by Parker Brothers-->C:\PROGRA~1\Hasbro\MONOPO~1\UNWISE.EXE /U C:\PROGRA~1\Hasbro\MONOPO~1\INSTALL.LOG
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySQL Server 5.1-->MsiExec.exe /I{FC874712-FA25-4DDA-9BFD-084CC0AE7327}
Nero 7 Essentials-->MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571038}
Network Recording Player-->MsiExec.exe /I{08333C2F-8219-48E8-8569-E53D4C761882}
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Open Video Capture version 1.1-->"C:\Program Files\OpenVideoCapture\unins000.exe"
openCRX Server-->C:\Program Files\openmdxTomcatEjb-2.4.1\installer\opencrx-server\uninstall.exe
openMDX Tomcat+EJB-->C:\Program Files\openmdxTomcatEjb-2.4.1\installer\openmdx-tomcat-ejb\uninstall.exe
OpenVPN 2.0.9-gui-1.0.3-->C:\Program Files\OpenVPN\Uninstall.exe
OSDInstall-->MsiExec.exe /I{EB863CFD-6889-47B0-9D79-492DE0D07EE7}
Palo Alto Software's Application Manager 8.2-->MsiExec.exe /X{BAD00139-E284-4F6C-AA94-FB637462DEEB}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PCMark05-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C104E56-A441-429D-A609-D8A46EB92EA1}\setup.exe" -l0x9 -removeonly
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PHP 5.2.11-->MsiExec.exe /I{89C096A7-9A21-4402-9CD5-A09DA89551F0}
PieceCopy-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.ntx86 132 C:\Windows\INF\PEACCOPY.INF
Pocket RAR documentation-->C:\Program Files\PocketRAR\uninstall.exe
PowerDV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
Prevx CSI-->"C:\Program Files\PrevxCSI\prevxcsi.exe" /prop UNINSTALL=Y
PrimoPDF -- brought to you by Nitro PDF Software-->"C:\Program Files\Nitro PDF\PrimoPDF\uninstaller.exe"
Professional Equitas Terminal Interface-->"C:\Program Files\PETI\uninstall.exe"
Quake 4(TM) Demo-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BAB004F0-F04C-49DD-8118-AE4A7697C469} /l2057
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Recovery Toolbox for Excel 1.1-->"C:\Program Files\Recovery Toolbox for Excel\unins000.exe"
RemoveIT Pro v7 (Trial)-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Screenshot Pilot version 1.46.01-->"C:\Program Files\Screenshot Pilot\unins000.exe"
Sony Ericsson PC Suite 4.010.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x000e -removeonly
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
SQLyog Enterprise Trial 8.14 -->C:\Program Files\SQLyog Enterprise Trial\uninst.exe
SubViewer 3.063-->C:\Program Files\SubViewer3\Uninstal.exe
System Spyware Interrogator-->C:\PROGRA~1\TRISNA~1\SSI\UNWISE.EXE C:\PROGRA~1\TRISNA~1\SSI\INSTALL.LOG
The Quest-->C:\Windows\WindowsMobile\The Quest\Uninstall.exe The Quest
Total Commander (Remove or Repair)-->c:\Program Files\totalcmd\tcuninst.exe
TradeManager 2008-->C:\Program Files\trademanager\Uninstall.exe
Trader Workstation 4.0-->C:\PROGRA~1\Jts\UNWISE.EXE C:\PROGRA~1\Jts\INSTALL.LOG
Trojan Remover 6.7.5-->"C:\Program Files\Trojan Remover\unins000.exe"
TrojanHunter 5.0-->"C:\Program Files\TrojanHunter 5.0\unins000.exe"
Uninstall AdeptSQL Diff-->"C:\Program Files\AdeptSQL Diff\unins000.exe"
Uninstall Startup Inspector-->"C:\Program Files\Startup Inspector for Windows\unins000.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista PDF Creator 1.02-->"C:\Program Files\Vista PDF Creator\unins000.exe"
VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}
WebCam-->Rundll32.exe BisonRem.dll,WinMainRmv
Windows Live bejelentkezési segéd-->MsiExec.exe /I{733EB793-0840-4D69-97AA-6934FC79DB16}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6E07FF7A-878C-486C-BB85-516F61A8E2C7}
Windows Live feltöltőeszköz-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Messenger-->MsiExec.exe /X{D2C2B2A0-F37E-43CC-9E94-FC52F6D20C43}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Resources-->C:\Program Files\Windows Mobile Resources\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Windows Mobile-eszközközpont-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.7-->"C:\Program Files\WinSCP\unins000.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yawcam v0.3.0-->"C:\Program Files\Yawcam\unins000.exe"
zzEPG 1.0.0.0-->c:\tmp\zzEPG\uninst.exe
=====HijackThis Backups=====
O23 - Service: Wingms - Unknown owner - C:\Windows\SYSTEM32\svhose.exe (file missing) [2009-01-31]
O23 - Service: Network Connections Manager - Unknown owner - C:\Windows\Ati2vexx.exe (file missing) [2009-01-31]
O23 - Service: mstsc - Unknown owner - C:\Windows\RemoteAbc.exe (file missing) [2009-01-31]
O23 - Service: ZYYGD - Unknown owner - C:\Users\Leon\AppData\Local\Temp\ZYYGD.exe (file missing) [2009-01-31]
O23 - Service: mstsc - Unknown owner - C:\Windows\RemoteAbc.exe (file missing) [2009-01-31]
O23 - Service: RenProcis(DPE) (RenPro(DPE)) - Unknown owner - C:\Program Files\Windows Media Player\wmpbands.exe [2009-05-03]
O23 - Service: wsldoekd Service (wsldoekd) - Unknown owner - C:\Windows\system32\wsldoekd.exe (file missing) [2009-05-03]
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe [2009-05-03]
O4 - HKCU\..\Run: [RemoveIT Pro v7Ent] C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe [2009-05-03]
O23 - Service: awsedktv Driver (awsedktv) - Beijing Rising Information Technology Co., Ltd. - C:\Windows\system32\awsedktv.exe [2009-05-03]
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2009-05-03]
O4 - HKCU\..\Run: [aliim] C:\Program Files\trademanager\aliim.exe [2009-05-03]
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-05-03]
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot [2009-05-03]
O15 - Trusted Zone:
http://*.alipay.com [2009-05-03]
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2009-05-03]
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe [2009-05-03]
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon [2009-05-03]
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe [2009-05-03]
O23 - Service: OsdService - Unknown owner - C:\Program Files\C&E\OSD\OsdService\OsdService.exe [2009-05-03]
O15 - Trusted Zone:
http://*.alisoft.com [2009-05-03]
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/activescan ... stubie.cab [2009-05-03]
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\Windows\system32\soxpeca.exe (file missing) [2009-05-03]
O15 - Trusted Zone:
http://*.taobao.com [2009-05-03]
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe [2009-05-03]
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\Windows\system32\noytcyr.exe (file missing) [2009-05-03]
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\Windows\system32\mabidwe.exe (file missing) [2009-05-03]
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\Windows\system32\afisicx.exe (file missing) [2009-05-03]
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\Windows\system32\roytctm.exe (file missing) [2009-05-03]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cab [2009-05-03]
======Hosts File======
127.0.0.1 localhost
::1 localhost
======Security center information======
AV: ESET NOD32 Antivirus System 2.70 (outdated)
AS: Windows Defender
======System event log======
Computer Name: Leon-Laptop
Event Code: 7036
Message: A(z) Microsoft Kötet árnyékmásolata szolgáltató szolgáltatás állapota: "fut".
Record Number: 3906701
Source Name: Service Control Manager
Time Written: 20090930120934.000000-000
Event Type: Információ
User:
Computer Name: Leon-Laptop
Event Code: 33
Message: A(z) C: kötet legrégebbi árnyékmásolatát törölte a program, hogy a(z) C: kötet árnyékmásolatainak tárolására használt lemezterület a felhasználó által megadott korlát alatt maradjon.
Record Number: 3906702
Source Name: volsnap
Time Written: 20090930121100.440342-000
Event Type: Információ
User:
Computer Name: Leon-Laptop
Event Code: 7036
Message: A(z) Kötet árnyékmásolata szolgáltatás állapota: "leállítva".
Record Number: 3906703
Source Name: Service Control Manager
Time Written: 20090930121235.000000-000
Event Type: Információ
User:
Computer Name: Leon-Laptop
Event Code: 7036
Message: A(z) Microsoft Kötet árnyékmásolata szolgáltató szolgáltatás állapota: "leállítva".
Record Number: 3906704
Source Name: Service Control Manager
Time Written: 20090930121535.000000-000
Event Type: Információ
User:
Computer Name: Leon-Laptop
Event Code: 7036
Message: A(z) Védett tároló szolgáltatás állapota: "fut".
Record Number: 3906705
Source Name: Service Control Manager
Time Written: 20090930123628.000000-000
Event Type: Információ
User:
=====Application event log=====
Computer Name: Leon-Laptop
Event Code: 8194
Message: A visszaállítási pont sikeresen létrehozva (Folyamat = C:\Windows\system32\svchost.exe -k netsvcs; Leírás = Windows Update).
Record Number: 39714
Source Name: System Restore
Time Written: 20090930092059.000000-000
Event Type: Információ
User:
Computer Name: Leon-Laptop
Event Code: 8194
Message: A visszaállítási pont sikeresen létrehozva (Folyamat = C:\Windows\system32\svchost.exe -k netsvcs; Leírás = Windows Update).
Record Number: 39715
Source Name: System Restore
Time Written: 20090930092125.000000-000
Event Type: Információ
User:
Computer Name: Leon-Laptop
Event Code: 8224
Message: A VSS-szolgáltatás az üresjárat időtúllépése miatt leáll.
Record Number: 39716
Source Name: VSS
Time Written: 20090930092448.000000-000
Event Type: Információ
User:
Computer Name: Leon-Laptop
Event Code: 0
Message:
Record Number: 39717
Source Name: gusvc
Time Written: 20090930111909.000000-000
Event Type: Információ
User:
Computer Name: Leon-Laptop
Event Code: 8224
Message: A VSS-szolgáltatás az üresjárat időtúllépése miatt leáll.
Record Number: 39718
Source Name: VSS
Time Written: 20090930121234.000000-000
Event Type: Információ
User:
=====Security event log=====
Computer Name: Leon-Laptop
Event Code: 4672
Message: Speciális jogosultságok hozzárendelve az új bejelentkezéshez.
Tárgy:
Biztonsági azonosító: S-1-5-18
Fióknév: SYSTEM
Fiók tartománya: NT AUTHORITY
Bejelentkezési azonosító: 0x3e7
Jogosultságok: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 26484
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090930090614.636509-000
Event Type: Sikeres naplózás
User:
Computer Name: Leon-Laptop
Event Code: 5038
Message: A kódsértetlenségi összetevő megállapította, hogy egy fájlnak nem érvényes a képkivonata. Lehet, hogy a fájl sérült, mert illetéktelenül módosították. Az érvénytelen kivonat esetleges lemezeszközhibára is utalhat.
Fájlnév: \Device\HarddiskVolume3\Windows\System32\drivers\mchInjDrv.sys
Record Number: 26485
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090930090659.346109-000
Event Type: Sikertelen naplózás
User:
Computer Name: Leon-Laptop
Event Code: 5038
Message: A kódsértetlenségi összetevő megállapította, hogy egy fájlnak nem érvényes a képkivonata. Lehet, hogy a fájl sérült, mert illetéktelenül módosították. Az érvénytelen kivonat esetleges lemezeszközhibára is utalhat.
Fájlnév: \Device\HarddiskVolume3\Windows\System32\drivers\mbamswissarmy.sys
Record Number: 26486
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090930090846.275509-000
Event Type: Sikertelen naplózás
User:
Computer Name: Leon-Laptop
Event Code: 4904
Message: Egy biztonságiesemény-forrás regisztrálására történt kísérlet.
Tárgy:
Biztonsági azonosító: S-1-5-18
Fióknév: LEON-LAPTOP$
Fiók tartománya: IRD
Bejelentkezési azonosító: 0x3e7
Folyamat:
Folyamatazonosító: 0x1740
Folyamat neve: C:\Windows\System32\VSSVC.exe
Esemény forrása:
Forrásnév: VSSAudit
Eseményforrás azonosítója: 0x495955
Record Number: 26487
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090930092144.055417-000
Event Type: Sikeres naplózás
User:
Computer Name: Leon-Laptop
Event Code: 4905
Message: Egy biztonságiesemény-forrrás regisztrációjának megszüntetésére történt kísérlet.
Tárgy
Biztonsági azonosító: S-1-5-18
Fióknév: LEON-LAPTOP$
Fiók tartománya: IRD
Bejelentkezési azonosító: 0x3e7
Folyamat:
Folyamatazonosító: 0x1740
Folyamat neve: C:\Windows\System32\VSSVC.exe
Esemény forrása:
Forrásnév: VSSAudit
Eseményforrás azonosítója: 0x495955
Record Number: 26488
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090930092144.055417-000
Event Type: Sikeres naplózás
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"INCLUDE"=C:\Program Files\Microsoft Visual Studio .NET\FrameworkSDK\include\
"LIB"=C:\Program Files\Microsoft Visual Studio .NET\FrameworkSDK\Lib\
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\PHP\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;c:\jdk1.5\jre\bin\client;C:\Program Files\Samsung\Samsung PC Studio 3\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1706
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"VSCOMNTOOLS"="C:\Program Files\Microsoft Visual Studio .NET\Common7\Tools\"
"windir"=%SystemRoot%
"PHPRC"=C:\Program Files\PHP\
-----------------EOF-----------------