thanks much dear katana!
below log:
log.txt:
Logfile of random's system information tool 1.04 (written by random/random)
Run by aliatto at 2008-11-01 15:14:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 594 MB (8%) free of 7 GB
Total RAM: 3071 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:57, on 01.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
E:\VMWARE\vmware-tray.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\ViaCleaner\ViaCleaner.exe
C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
E:\VMWARE\vmware-authd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\Program Files\Nmap\zenmap\zenmap.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ping.exe
C:\Documents and Settings\aliatto\Рабочий стол\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\aliatto.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:9193
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O1 - Hosts: 67.15.47.4 estsecure.com
www.estsecure.comO2 - BHO: (no name) - {29E63706-E6EC-4603-98A3-AD0E6BE31EDC} - (no file)
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {758F6D53-DCC7-4CCF-9080-4B6F9389F641} - (no file)
O2 - BHO: {f964ae22-2b56-db28-ef44-484e32e5e989} - {989e5e23-e484-44fe-82bd-65b222ea469f} - C:\WINDOWS\system32\mlbide.dll
O2 - BHO: (no name) - {CF272101-7F6E-4CF2-9453-B4C5D2FC32C0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [vmware-tray] E:\VMWARE\vmware-tray.exe
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [bcbad61f] rundll32.exe "C:\WINDOWS\system32\ivwvpper.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [Simp] X:\777\Secway\SimpPro 2.2\SimpPro.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ViaCleaner] "C:\Program Files\ViaCleaner\ViaCleaner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenVPN GUI.lnk = C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit -
res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit -
res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Экспорт в Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Do&wnload selected by Orbit -
res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit -
res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) -
https://w3s.webmoney.ru/WMAcceptor.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{0829663A-7BA2-4BD3-A5A6-45092D107E50}: NameServer = 195.14.50.1 195.14.50.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{58E02C09-B8FB-4FEE-BA8E-1D662E2FF7DB}: NameServer = 10.100.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1029AC6-1AE1-4FCB-93C4-75CBEB2A86E2}: NameServer = 81.30.199.5 81.30.199.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{0829663A-7BA2-4BD3-A5A6-45092D107E50}: NameServer = 195.14.50.1 195.14.50.21
O20 - AppInit_DLLs: mlbide.dll
O20 - Winlogon Notify: efcBqpPf - efcBqpPf.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\VMWARE\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMWARE\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 8675 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29E63706-E6EC-4603-98A3-AD0E6BE31EDC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
IE to GetRight Helper - C:\Program Files\GetRight\xx2gr.dll [2007-07-18 246848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{758F6D53-DCC7-4CCF-9080-4B6F9389F641}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{989e5e23-e484-44fe-82bd-65b222ea469f}]
C:\WINDOWS\system32\mlbide.dll [2008-10-31 132608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF272101-7F6E-4CF2-9453-B4C5D2FC32C0}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"BCWipeTM Startup"=C:\Program Files\Jetico\BCWipe\BCWipeTM.exe [2008-01-09 543272]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-08-18 1447168]
"vmware-tray"=E:\VMWARE\vmware-tray.exe [2008-05-15 72240]
"wmagent.exe"=C:\Program Files\WebMoney Agent\wmagent.exe [2008-10-01 209376]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"bcbad61f"=C:\WINDOWS\system32\ivwvpper.dll [2008-10-31 75392]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"Tracks Eraser Pro"=C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe [2008-06-17 1359872]
"Simp"=X:\777\Secway\SimpPro 2.2\SimpPro.exe [2007-10-25 2347008]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]
"ViaCleaner"=C:\Program Files\ViaCleaner\ViaCleaner.exe [2004-11-22 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcbad61f]
C:\WINDOWS\system32\wyihebpf.dll [2008-10-22 75904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
C:\WINDOWS\system32\bthprops.cpl [2008-04-15 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[]
C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Documents and Settings\aliatto\Главное меню\Программы\Автозагрузка
OpenVPN GUI.lnk - C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="mlbide.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcBqpPf]
efcBqpPf.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{758F6D53-DCC7-4CCF-9080-4B6F9389F641}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\opnmLfCt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Steam\SteamApps\aliatto\counter-strike\hl.exe"="E:\Steam\SteamApps\aliatto\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Мастер переноса файлов и параметров"
"E:\РАБОЧ СТОЛ С ААА\sdc213\StrongDC.exe"="E:\РАБОЧ СТОЛ С ААА\sdc213\StrongDC.exe:*:Enabled:StrongDC++"
"X:\xc798b.apelsin.exe"="X:\xc798b.apelsin.exe:*:Enabled:xc798b.apelsin"
"X:\777\SOFT\miranda_dmikos_v14\miranda32.exe"="X:\777\SOFT\miranda_dmikos_v14\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\WebMoney\WebMoney.exe"="C:\Program Files\WebMoney\WebMoney.exe:*:Enabled:WebMoney Keeper Classic Runner Module"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"W:\xc798b.apelsin.exe"="W:\xc798b.apelsin.exe:*:Enabled:xc798b.apelsin"
"X:\777\Secway\SimpPro 2.2\SimpPro.exe"="X:\777\Secway\SimpPro 2.2\SimpPro.exe:*:Enabled:SimpPro"
"C:\Program Files\GetRight\GetRight.exe"="C:\Program Files\GetRight\GetRight.exe:*:Enabled:GetRight® Download Manager.
www.GetRight.com"
"S:\xc798b.apelsin.exe"="S:\xc798b.apelsin.exe:*:Enabled:xc798b.apelsin"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\aliatto\Local Settings\Temp\Rar$EX00.344\StrongDC.exe"="C:\Documents and Settings\aliatto\Local Settings\Temp\Rar$EX00.344\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\XSpider 7.5 Full\Bin\PTxscan.exe"="C:\Program Files\XSpider 7.5 Full\Bin\PTxscan.exe:*:Enabled:Security Scanner Unit"
"E:\ICQ6\ICQ.exe"="E:\ICQ6\ICQ.exe:*:Enabled:ICQ Library"
"C:\WINDOWS\system32\kflb.exe"="C:\WINDOWS\system32\kflb.exe:*:Disabled:Generic Host Process for Win32 Services"
"E:\Steam\SteamApps\aliatto\day of defeat\hl.exe"="E:\Steam\SteamApps\aliatto\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Steam\SteamApps\aliatto\ricochet\hl.exe"="E:\Steam\SteamApps\aliatto\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\aliatto\Рабочий стол\RatioMaster-1.7.5\RatioMaster.exe"="C:\Documents and Settings\aliatto\Рабочий стол\RatioMaster-1.7.5\RatioMaster.exe:*:Enabled:Ratio Master"
"C:\Documents and Settings\aliatto\Рабочий стол\RatioMaster-1.7.5\RatioMaster-vs.exe"="C:\Documents and Settings\aliatto\Рабочий стол\RatioMaster-1.7.5\RatioMaster-vs.exe:*:Enabled:Ratio Master"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\Runme.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dcdc064-4549-11dd-8f43-001617958e5e}]
shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa0942e-4467-11dd-8f3b-806d6172696f}]
shell\AutoRun\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9714ce4-7208-11dd-8f8a-001617958e5e}]
shell\AutoRun\command - J:\usdeiect.com
shell\explore\command - J:\usdeiect.com
shell\open\command - J:\usdeiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9714ce5-7208-11dd-8f8a-001617958e5e}]
shell\AutoRun\command - K:\usdeiect.com
shell\explore\command - K:\usdeiect.com
shell\open\command - K:\usdeiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb7035a-4483-11dd-adb0-806d6172696f}]
shell\AutoRun\command - J:\Setup.exe
======List of files/folders created in the last 1 months======
2008-11-01 15:14:55 ----D---- C:\rsit
2008-10-31 14:21:28 ----A---- C:\WINDOWS\system32\mlbide.dll
2008-10-31 14:21:22 ----A---- C:\WINDOWS\system32\lntcgwlc.dll
2008-10-31 14:18:23 ----SH---- C:\WINDOWS\system32\reppvwvi.ini
2008-10-31 14:18:22 ----A---- C:\WINDOWS\system32\ivwvpper.dll
2008-10-31 14:16:36 ----SH---- C:\WINDOWS\system32\bcbovdqs.ini
2008-10-30 14:16:38 ----A---- C:\WINDOWS\system32\vidtez.dll
2008-10-30 14:16:27 ----A---- C:\WINDOWS\system32\unkspabt.dll
2008-10-30 14:13:51 ----SH---- C:\WINDOWS\system32\wwmjgcuo.ini
2008-10-29 12:51:47 ----A---- C:\WINDOWS\system32\wwnfpqmr.dll
2008-10-29 01:50:37 ----A---- C:\WINDOWS\system32\vcajfwim.dll
2008-10-28 22:51:49 ----D---- C:\Program Files\Magneto Software
2008-10-28 22:28:17 ----D---- C:\Documents and Settings\aliatto\Application Data\EurekaLog
2008-10-28 22:24:53 ----A---- C:\WINDOWS\system32\ntwdblib.dll
2008-10-28 22:24:46 ----D---- C:\Program Files\Common Files\Safety-lab
2008-10-28 22:24:45 ----D---- C:\Program Files\Safety-lab
2008-10-28 22:01:57 ----D---- C:\Program Files\CCleaner
2008-10-28 22:01:36 ----D---- C:\Program Files\Unlocker
2008-10-28 01:48:29 ----SH---- C:\WINDOWS\system32\mlveopvj.ini
2008-10-28 01:47:39 ----A---- C:\WINDOWS\system32\jvpoevlm.dll
2008-10-27 16:51:01 ----D---- C:\Program Files\Trend Micro
2008-10-27 15:20:17 ----SH---- C:\WINDOWS\system32\qjatcbvg.ini
2008-10-27 15:20:11 ----A---- C:\WINDOWS\system32\gvbctajq.dll
2008-10-27 15:17:23 ----A---- C:\WINDOWS\system32\pbwzez.dll
2008-10-27 15:17:12 ----A---- C:\WINDOWS\system32\lwxilkkl.dll
2008-10-26 15:14:59 ----SH---- C:\WINDOWS\system32\uokaknno.ini
2008-10-24 21:19:08 ----SH---- C:\WINDOWS\system32\dcmbmxuu.ini
2008-10-24 20:53:12 ----A---- C:\WINDOWS\system32\borlndmm.dll
2008-10-24 20:52:07 ----D---- C:\Program Files\ViaCleaner
2008-10-24 19:29:38 ----D---- C:\Documents and Settings\aliatto\Application Data\Uniblue
2008-10-24 19:29:26 ----D---- C:\Program Files\Uniblue
2008-10-24 19:28:31 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-24 16:23:41 ----SH---- C:\WINDOWS\system32\cwemxcat.ini
2008-10-24 13:44:26 ----A---- C:\WINDOWS\system32\PrxerNsp.dll
2008-10-24 13:44:26 ----A---- C:\WINDOWS\system32\PrxerDrv.dll
2008-10-24 00:58:58 ----D---- C:\Program Files\WebMoney Agent
2008-10-23 17:30:44 ----D---- C:\Program Files\EuroPoker
2008-10-23 16:20:31 ----A---- C:\WINDOWS\system32\poqmwyak.dll
2008-10-23 04:26:25 ----D---- C:\Program Files\Enigma Software Group
2008-10-23 03:51:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-23 03:51:36 ----D---- C:\Documents and Settings\aliatto\Application Data\Spyware Terminator
2008-10-23 03:51:31 ----D---- C:\Program Files\Spyware Terminator
2008-10-23 02:35:12 ----SH---- C:\WINDOWS\system32\avxcvhuc.ini
2008-10-22 23:31:07 ----D---- C:\Program Files\Zay Casino
2008-10-22 04:32:26 ----D---- C:\Documents and Settings\aliatto\Application Data\Adobe
2008-10-22 03:09:00 ----D---- C:\Program Files\ESET
2008-10-22 03:09:00 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-10-22 02:33:10 ----SH---- C:\WINDOWS\system32\fpbehiyw.ini
2008-10-22 02:33:08 ----A---- C:\WINDOWS\system32\wyihebpf.dll
2008-10-22 01:23:48 ----SH---- C:\WINDOWS\system32\kfbjifak.ini
2008-10-20 22:25:42 ----SH---- C:\WINDOWS\system32\mbyoqtht.ini
2008-10-20 22:25:33 ----A---- C:\WINDOWS\system32\thtqoybm.dll
2008-10-20 21:15:05 ----D---- C:\WINDOWS\pss
2008-10-20 13:37:16 ----SH---- C:\WINDOWS\system32\pchjaotx.ini
2008-10-20 13:37:04 ----A---- C:\WINDOWS\system32\uovxaxqs.dll
2008-10-20 13:36:15 ----ASH---- C:\WINDOWS\system32\tCfLmnpo.ini2
2008-10-20 13:36:15 ----ASH---- C:\WINDOWS\system32\tCfLmnpo.ini
2008-10-20 12:47:02 ----D---- C:\Program Files\SpyNoMore
2008-10-20 12:46:51 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-20 02:36:59 ----SH---- C:\WINDOWS\system32\wklbsypb.ini
2008-10-20 02:33:57 ----A---- C:\WINDOWS\system32\kkeehefr.dll
2008-10-19 22:43:06 ----D---- C:\Program Files\WinPcap
2008-10-19 20:31:40 ----SH---- C:\WINDOWS\system32\jcermeai.ini
2008-10-19 20:30:14 ----ASH---- C:\WINDOWS\system32\vwwwyccf.ini2
2008-10-19 20:30:14 ----ASH---- C:\WINDOWS\system32\vwwwyccf.ini
2008-10-19 18:38:05 ----SH---- C:\WINDOWS\system32\usoprvdk.ini
2008-10-19 18:38:04 ----A---- C:\WINDOWS\system32\uymfyyka.dll
2008-10-19 18:37:29 ----A---- C:\WINDOWS\system32\b7991261-.txt
2008-10-19 18:37:11 ----ASH---- C:\WINDOWS\system32\RsrsCcfe.ini2
2008-10-19 18:37:11 ----ASH---- C:\WINDOWS\system32\RsrsCcfe.ini
2008-10-19 18:32:27 ----D---- C:\Documents and Settings\aliatto\Application Data\5
2008-10-19 01:53:52 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2008-10-19 00:37:18 ----A---- C:\WINDOWS\k.txt
2008-10-19 00:16:39 ----D---- C:\Documents and Settings\aliatto\Application Data\Camfrog
2008-10-19 00:16:28 ----D---- C:\Program Files\Camfrog
2008-10-18 15:29:15 ----D---- C:\Program Files\TouchStoneSoftware
2008-10-16 21:27:36 ----D---- C:\Program Files\Nmap
2008-10-16 20:49:39 ----A---- C:\WINDOWS\ru24_tools.ini
2008-10-16 20:31:03 ----D---- C:\Program Files\NRG Tools v.0.9
2008-10-16 18:37:05 ----D---- C:\Documents and Settings\aliatto\Application Data\gtk-2.0
2008-10-16 02:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-12 18:53:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-12 18:53:42 ----D---- C:\Program Files\Common Files\Adobe
2008-10-11 20:01:16 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-10-09 18:23:18 ----D---- C:\Documents and Settings\aliatto\Application Data\ICQ
======List of files/folders modified in the last 1 months======
2008-11-01 14:26:39 ----SHD---- C:\RECYCLER
2008-11-01 14:26:39 ----D---- C:\WINDOWS\Temp
2008-11-01 14:23:40 ----D---- C:\Documents and Settings\aliatto\Application Data\Orbit
2008-11-01 14:18:47 ----D---- C:\WINDOWS\system32
2008-11-01 13:27:06 ----D---- C:\WINDOWS\system32\drivers
2008-11-01 13:27:01 ----D---- C:\Documents and Settings\aliatto\Application Data\VMware
2008-11-01 13:26:59 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-11-01 13:26:33 ----D---- C:\WINDOWS
2008-10-31 23:08:02 ----D---- C:\WINDOWS\Prefetch
2008-10-31 22:05:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 22:05:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-31 14:15:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-31 14:15:13 ----HD---- C:\WINDOWS\inf
2008-10-31 14:15:13 ----D---- C:\WINDOWS\system32\ru-ru
2008-10-31 14:15:13 ----D---- C:\WINDOWS\Help
2008-10-31 14:15:13 ----D---- C:\Program Files\Internet Explorer
2008-10-31 00:28:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-31 00:28:02 ----HD---- C:\Documents and Settings\aliatto\Application Data\Viacleaner
2008-10-30 23:23:32 ----D---- C:\WINDOWS\ie7updates
2008-10-30 23:23:32 ----A---- C:\WINDOWS\imsins.BAK
2008-10-30 23:22:30 ----D---- C:\WINDOWS\WBEM
2008-10-30 23:03:24 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-30 13:21:56 ----D---- C:\Program Files\TrueCrypt
2008-10-28 23:21:50 ----SHD---- C:\WINDOWS\Installer
2008-10-28 23:21:50 ----RD---- C:\Program Files
2008-10-28 22:51:50 ----SD---- C:\Documents and Settings\aliatto\Application Data\Microsoft
2008-10-28 22:24:46 ----D---- C:\Program Files\Common Files
2008-10-28 15:22:53 ----D---- C:\Documents and Settings\aliatto\Application Data\WebMoney
2008-10-28 02:09:29 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 01:58:27 ----D---- C:\Documents and Settings
2008-10-28 01:44:42 ----D---- C:\Program Files\Orbitdownloader
2008-10-27 18:07:03 ----D---- C:\Program Files\MyCentria
2008-10-27 18:05:43 ----D---- C:\Program Files\eMule
2008-10-27 16:47:57 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-27 12:55:26 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-26 01:16:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-25 03:10:00 ----D---- C:\Program Files\Messenger
2008-10-24 19:17:30 ----A---- C:\WINDOWS\wininit.ini
2008-10-24 13:44:26 ----D---- C:\Program Files\Proxifier
2008-10-24 00:58:59 ----D---- C:\Program Files\WebMoney
2008-10-22 03:58:23 ----SH---- C:\boot.ini
2008-10-22 03:58:23 ----A---- C:\WINDOWS\win.ini
2008-10-22 03:58:23 ----A---- C:\WINDOWS\system.ini
2008-10-20 22:34:44 ----D---- C:\Program Files\PowerISO
2008-10-20 20:34:49 ----D---- C:\WINDOWS\system32\config
2008-10-19 20:31:23 ----D---- C:\Program Files\OpenVPN
2008-10-19 20:24:57 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-19 19:02:04 ----D---- C:\Documents and Settings\aliatto\Application Data\Hide IP NG
2008-10-19 03:19:38 ----D---- C:\Program Files\WinRAR
2008-10-19 00:51:41 ----D---- C:\Documents and Settings\aliatto\Application Data\uTorrent
2008-10-16 21:27:39 ----D---- C:\WINDOWS\WinSxS
2008-10-16 21:27:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-16 02:01:54 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-11 20:11:37 ----A---- C:\WINDOWS\DFC.INI
2008-10-11 18:52:57 ----D---- C:\WINDOWS\security
2008-10-07 22:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-04-30 35840]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-08-18 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12856]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-06-12 56108]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 UsbFltr;WayTechUSBFilterDriver; C:\WINDOWS\system32\drivers\UsbFltr.sys [2006-04-28 9291]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-08-18 39944]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-06-01 34064]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306]
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-05-15 28592]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\E:\VMWARE\vstor2-ws60.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
R3 Arp1394;Протокол клиента 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
R3 NIC1394;Сетевой драйвер 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-26 33664]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-26 12928]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2008-10-08 25216]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-15 30208]
R3 usbhub;USB2 концентратор; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-15 59520]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-15 17152]
R3 usbstor;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
R3 vmkbd2;VMware kbd2; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-05-15 16816]
R4 truecrypt;truecrypt; \??\C:\Program Files\TrueCrypt\truecrypt.sys []
S3 BthEnum;Драйвер блока запроса Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Драйвер порта Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272512]
S3 BTHUSB;Драйвер порта USB радиомодуля Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 GMSIPCI;GMSIPCI; \??\J:\INSTALL\GMSIPCI.SYS []
S3 RFCOMM;Устройство Bluetooth (протокол RFCOMM TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Класс принтеров Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S4 BCSWAP;BCSWAP; C:\WINDOWS\system32\drivers\BCSWAP.sys [2007-09-14 91496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-15 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-10-23 570880]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 VMAuthdService;VMware Authorization Service; E:\VMWARE\vmware-authd.exe [2008-05-15 109104]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-05-15 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-05-15 150064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-08-18 19200]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2008-10-08 15872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ufad-ws60;VMware Agent Service; E:\VMWARE\vmware-ufad.exe [2008-06-10 180224]
-----------------EOF-----------------
below info.txt log:
info.txt logfile of random's system information tool 1.04 2008-11-01 15:14:59
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 9 - Russian-->MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
BCWipe 3.0-->"C:\WINDOWS\BCUnInstall.exe" C:\Program Files\Jetico\BCWipe\UnInstall.log
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ESET NOD32 Antivirus-->MsiExec.exe /I{1A3D8A23-3215-46B7-AB97-E304ADABFC18}
EuroPoker (remove only)-->"C:\Program Files\EuroPoker\uninstall.exe"
GetRight-->"C:\Program Files\GetRight\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
K-Lite Codec Pack 4.1.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LaserJet 1020 series-->C:\Program Files\Zenographics\{94BA9314-F985-4823-BCF8-E7B1C5565050}\setup.exe -u "HPLJInstaller.dll=Hplj1020.inf"
Media Key-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Media Key\uninst.isu" -c"C:\Program Files\Media Key\UnInst.dll"
MegaPing-->MsiExec.exe /X{D0A79B0C-1099-4361-84E2-CF8122114D29}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Russian) 2007-->MsiExec.exe /X{90120000-0015-0419-0000-0000000FF1CE}
Microsoft Office Excel MUI (Russian) 2007-->MsiExec.exe /X{90120000-0016-0419-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Russian) 2007-->MsiExec.exe /X{90120000-0044-0419-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Russian) 2007-->MsiExec.exe /X{90120000-001A-0419-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Russian) 2007-->MsiExec.exe /X{90120000-0018-0419-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007-->MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007-->MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proofing (Russian) 2007-->MsiExec.exe /X{90120000-002C-0419-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Russian) 2007-->MsiExec.exe /X{90120000-0019-0419-0000-0000000FF1CE}
Microsoft Office Shared MUI (Russian) 2007-->MsiExec.exe /X{90120000-006E-0419-0000-0000000FF1CE}
Microsoft Office Word MUI (Russian) 2007-->MsiExec.exe /X{90120000-001B-0419-0000-0000000FF1CE}
Microsoft Office Профессиональный плюс 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (2.0.0.17)-->E:\BECKUP AAA тут\FULL CATALOG\FireFox\FirefoxPortable\FirefoxPortable\App\firefox\uninstall\helper.exe
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nmap 4.68-->"C:\Program Files\Nmap\uninstall.exe"
NRG Tools v.0.9-->"C:\Program Files\NRG Tools v.0.9\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenVPN 2.1_rc13-->C:\Program Files\OpenVPN\Uninstall.exe
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
OrderReminder HP LaserJet 1020-->"C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1020
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Proxifier version 2.7-->"C:\Program Files\Proxifier\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Security Update для Microsoft .NET Framework 2.0 (КБ928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Shadow Security Scanner 7.147-->"C:\Program Files\Safety-lab\SSS\unins000.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
SpyNoMore 2.67-->C:\Program Files\SpyNoMore\uninst.exe
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Tracks Eraser Pro v7.2-->"C:\Program Files\Acesoft\Tracks Eraser Pro\unins000.exe"
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Undelete Plus 2.97-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VDOTool 4.6-->"C:\Program Files\VDOTool\unins000.exe"
ViaCleaner 7.1 (Remove Only)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85EBE1DD-B45D-443E-8B57-227B401526A5}\Setup.exe"
VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
WebMoney Agent-->C:\Program Files\WebMoney Agent\uninst_wmagent.exe
WebMoney Keeper Classic 3.6.0.6-->"C:\Program Files\WebMoney\Uninstall.exe" "C:\Program Files\WebMoney\install.log" -u
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
winpcap-nmap 4.02-->"C:\Program Files\WinPcap\uninstall.exe"
Wise Calculator-->C:\Program Files\Wise Calculator\uninstall.exe
Zay Casino v.1.0-->"C:\Program Files\Zay Casino\unins000.exe"
Архиватор WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Исправление для Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP - (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP - (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Обновление безопасности для Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Обновление безопасности для Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Обновление для Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Обновление для Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Обновление для Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Обновление для Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
=====HijackThis Backups=====
O4 - HKLM\..\Run: [bcbad61f] rundll32.exe "C:\WINDOWS\system32\jvpoevlm.dll",b
O20 - AppInit_DLLs: bkhcjw.dll pbwzez.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
R3 - Default URLSearchHook is missing
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
======Hosts File======
67.15.47.4 estsecure.com
www.estsecure.com======Security center information======
AV: ESET NOD32 Antivirus 3.0
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;D:\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;D:\QTSystem\QTJava.zip
"QTJAVA"=D:\QTSystem\QTJava.zip
-----------------EOF-----------------