[code] OTScanIt logfile created on: 24.08.2008 16:33:29 OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Alim\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy 511,47 Mb Total Physical Memory | 167,87 Mb Available Physical Memory | 32,82% Memory free 3,40 Gb Paging File | 2,79 Gb Available in Paging File | 82,24% Paging File free Paging file location(s): C:\pagefile.sys 3000 4000; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 8,36 Gb Free Space | 11,22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 7,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-C1AD84D1C5 Current User Name: Alim Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4180 | Size = 495616 bytes | Modified Date = 01.11.2007 23:59:21 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4180 | Size = 495616 bytes | Modified Date = 01.11.2007 23:59:21 | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,3 | Size = 611664 bytes | Modified Date = 12.05.2008 12:38:28 | Attr = ] wlan111t.exe -> %ProgramFiles%\NETGEAR\WG111T\wlan111t.exe -> NETGEAR [Ver = 1, 3, 0, 1 | Size = 884840 bytes | Modified Date = 25.01.2006 15:49:02 | Attr = ] prkiller.exe -> %UserProfile%\Start Menu\Programs\Startup\prkiller.exe -> [Ver = 1.4.1 | Size = 29184 bytes | Modified Date = 30.07.2003 0:04:32 | Attr = ] pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 13.06.2008 15:29:14 | Attr = ] pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 6.0.0.16 | Size = 1073544 bytes | Modified Date = 07.08.2008 12:12:38 | Attr = ] pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 6.0.0.10 | Size = 1166216 bytes | Modified Date = 16.07.2008 9:16:20 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12.07.2008 9:29:54 | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,3 | Size = 611664 bytes | Modified Date = 12.05.2008 12:38:28 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4180 | Size = 495616 bytes | Modified Date = 01.11.2007 23:59:21 | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 01.11.2007 21:05:00 | Attr = ] (avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgemc.exe -> File not found (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgwdsvc.exe -> File not found (avgfws8) AVG8 Firewall [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgfws8.exe -> File not found (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04.08.2004 0:56:50 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04.04.2005 1:41:10 | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found (sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 13.06.2008 15:29:14 | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 6.0.0.16 | Size = 1073544 bytes | Modified Date = 07.08.2008 12:12:38 | Attr = ] [Driver Services - Non-Microsoft Only] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 10.06.2008 20:40:45 | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 03.08.2004 19:07:44 | Attr = ] (AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\an983.sys -> ADMtek Incorporated. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Modified Date = 03.08.2004 18:31:20 | Attr = ] (AR5523) NETGEAR WG111T USB2.0 Wireless Card Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WG11TND5.sys -> NETGEAR, Inc. [Ver = 1.5.0.2102 | Size = 362944 bytes | Modified Date = 05.09.2005 11:21:06 | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6734 | Size = 2644480 bytes | Modified Date = 02.11.2007 1:52:04 | Attr = ] (atksgt) atksgt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\atksgt.sys -> [Ver = | Size = 278728 bytes | Modified Date = 26.02.2008 0:11:18 | Attr = ] (Avgfwdx) Avgfwdx [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\avgfwdx.sys -> File not found (Avgfwfd) AVG network filter service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\avgfwdx.sys -> File not found (AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgldx86.sys -> File not found (AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\System32\Drivers\avgmfx86.sys -> File not found (AvgRkx86) avgrkx86.sys [File_System | Boot | Stopped] -> %SystemRoot%\System32\Drivers\avgrkx86.sys -> File not found (AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\System32\Drivers\avgtdix.sys -> File not found (cmpci) C-Media PCI Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\cmaudio.sys -> C-Media Inc [Ver = 5.12.01.0638 | Size = 379150 bytes | Modified Date = 12.06.2002 19:28:50 | Attr = R ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 03.08.2004 23:07:18 | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 03.08.2004 23:07:18 | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 23.08.2001 8:00:00 | Attr = ] (DNINDIS5) DNINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DNINDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.55 | Size = 17149 bytes | Modified Date = 24.07.2003 12:10:34 | Attr = ] (EUSBMSD) eUSB SmartMedia Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EUSBMSD.SYS -> SCM Microsystems Inc. [Ver = 2.17 | Size = 51072 bytes | Modified Date = 03.10.2001 2:47:28 | Attr = ] (lirsgt) lirsgt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\lirsgt.sys -> [Ver = | Size = 25416 bytes | Modified Date = 26.02.2008 0:11:17 | Attr = ] (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 03.08.2004 18:29:56 | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 23.08.2001 8:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 07.03.2007 19:51:00 | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13.11.2007 6:25:53 | Attr = ] (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 716272 bytes | Modified Date = 26.02.2008 1:09:45 | Attr = ] (IKFileSec) File Security Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1042 built by: WinDDK | Size = 42376 bytes | Modified Date = 02.06.2008 15:19:12 | Attr = ] (IKSysFlt) System Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 02.06.2008 15:19:16 | Attr = ] (IKSysSec) System Security Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1033 | Size = 81288 bytes | Modified Date = 10.06.2008 21:22:52 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11.05.2007 3:06:32 | Attr = ] C-Media Mixer -> %SystemRoot%\mixer.exe [Mixer.exe /startup] -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.53 | Size = 1495040 bytes | Modified Date = 13.06.2002 0:23:54 | Attr = R ] HostManager -> %CommonProgramFiles%\AOL\1135840234\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1135840234\ee\AOLSoftware.exe] -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 09.05.2006 20:24:16 | Attr = ] ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> PC Tools [Ver = 6.0.0.10 | Size = 1166216 bytes | Modified Date = 16.07.2008 9:16:20 | Attr = ] ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> File not found PrintDisp -> %SystemRoot%\system32\PrintDisp.exe [C:\WINDOWS\system32\PrintDisp.exe] -> [Ver = | Size = 385024 bytes | Modified Date = 02.09.2007 22:29:24 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 19.10.2007 21:16:26 | Attr = ] RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 02.11.2004 21:24:46 | Attr = ] StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] -> [Ver = | Size = 90112 bytes | Modified Date = 10.11.2006 13:35:24 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe ["C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized] -> File not found DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.12.1.0 | Size = 486856 bytes | Modified Date = 13.02.2008 19:09:40 | Attr = ] Download Master -> %ProgramFiles%\Download Master\dmaster.exe [C:\Program Files\Download Master\dmaster.exe -autorun] -> File not found ICQ -> %ProgramFiles%\ICQ6\ICQ.exe ["C:\Program Files\ICQ6\ICQ.exe" silent] -> ICQ, Inc. [Ver = 6.0.0.6039 | Size = 172280 bytes | Modified Date = 20.11.2007 20:47:27 | Attr = ] < Alim Startup Folder > -> C:\Documents and Settings\Alim\Start Menu\Programs\Startup -> -> %UserProfile%\Start Menu\Programs\Startup\prkiller.CFG -> [Ver = | Size = 360 bytes | Modified Date = 24.08.2008 15:17:00 | Attr = ] -> %UserProfile%\Start Menu\Programs\Startup\prkiller.exe -> [Ver = 1.4.1 | Size = 29184 bytes | Modified Date = 30.07.2003 0:04:32 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WG111T\wlan111t.exe -> NETGEAR [Ver = 1, 3, 0, 1 | Size = 884840 bytes | Modified Date = 25.01.2006 15:49:02 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll schannel.dll digest.dll msnsspc.dll -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 13.06.2007 6:23:07 | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 04.08.2004 0:56:58 | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> C:\WINDOWS\system32\logonuiX.exe -> %SystemRoot%\system32\logonuiX.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4506624 bytes | Modified Date = 18.03.2008 18:47:11 | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 25.10.2007 23:36:51 | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 04.08.2004 0:56:58 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 02.11.2007 0:00:43 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 91 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03.08.2004 22:59:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_CD-RW__CRX215E1____________________SYS2____\5&1007656e&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomLITEON_DVD-ROM_LTD163D__________________GHR3____\5&1007656e&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> SCSI\CdRom&Ven_XL3612M&Prod_RLY085J&Rev_1.01\5&2c4f72d4&0&000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\3 -> SCSI\CdRom&Ven_XL3612M&Prod_RLY085J&Rev_1.01\5&2c4f72d4&0&010 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 13.11.2005 12:59:17 | Attr = ] Autorun.inf [[autorun] | open=autorun.exe | ] -> F:\Autorun.inf [ CDFS ] -> [Ver = | Size = 27 bytes | Modified Date = 15.03.2001 2:44:28 | Attr = R ] autorun.exe [MZђ | ] -> F:\autorun.exe [ CDFS ] -> ООО "Навигатор Паблишинг" [Ver = 4, 6, 3, 8 | Size = 204800 bytes | Modified Date = 29.09.2004 8:46:26 | Attr = R ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yandex.ru/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 23:08:42 | Attr = ] {6C517674-DE1C-4493-977C-34A1BFAB35BA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\VirtualNetwork\VirtualNetwork.dll [VirtualNetwork Class] -> GemBirdCom [Ver = 1, 0, 0, 1 | Size = 187392 bytes | Modified Date = 02.06.2008 6:44:28 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> ICQ, Inc. [Ver = 6.0.0.6039 | Size = 172280 bytes | Modified Date = 20.11.2007 20:47:27 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{8DAE90AD-4583-4977-9DD4-4360F7A45C74} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> ICQ, Inc. [Ver = 6.0.0.6039 | Size = 172280 bytes | Modified Date = 20.11.2007 20:47:27 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Çàêà÷àòü ÂÑÅ ïðè ïîìîùè Download Master -> Reg Error: Value does not exist or could not be read. -> File not found Çàêà÷àòü ïðè ïîìîùè Download Master -> Reg Error: Value does not exist or could not be read. -> File not found Закачать ВСЕ при помощи Download Master -> Reg Error: Value does not exist or could not be read. -> File not found Закачать при помощи Download Master -> Reg Error: Value does not exist or could not be read. -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {8385689D-B396-4A95-AA44-1AF27FF5A53F} -> (NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter) -> {B87BD5D3-08AA-46AF-9E1D-5BCD89D56EA5} -> (1394 Net Adapter) -> {E206B7A2-6979-484C-956D-2D296512ECF9} -> (Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04.08.2004 0:56:44 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15.06.2005 13:49:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04.08.2004 0:56:44 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25.04.2007 10:21:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04.08.2004 0:56:48 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1224 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04.08.2004 0:56:46 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04.08.2004 0:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> C9 D8 2C DE 63 44 05 62 7A A3 23 EE 47 13 8D 5E 37 37 33 39 30 32 36 64 00 FD 07 00 29 67 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 D5 1F 08 37 49 EB 39 52 A2 50 B0 77 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 18 91 12 5A 19 44 EC B3 57 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> BB 15 38 65 28 1C [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 23.08.2001 8:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 48 B2 15 50 4F 27 CF AF E1 31 E4 68 DF E1 1B 93 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> A0 B2 3F A6 10 06 C9 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04.08.2004 0:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 28579 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04.08.2004 0:56:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04.08.2004 0:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\World of Warcraft\Launcher.exe -> %ProgramFiles%\World of Warcraft\Launcher.exe [C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> BitTorrent, Inc. [Ver = 1.8.0.6806 | Size = 253744 bytes | Modified Date = 24.12.2007 18:44:35 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ICQ6\ICQ.exe -> %ProgramFiles%\ICQ6\ICQ.exe [C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6] -> ICQ, Inc. [Ver = 6.0.0.6039 | Size = 172280 bytes | Modified Date = 20.11.2007 20:47:27 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Opera\Opera.exe -> %ProgramFiles%\Opera\Opera.exe [C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser] -> Opera Software [Ver = 8808 | Size = 79360 bytes | Modified Date = 09.08.2007 12:21:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Alim\Desktop\uTorrent.exe -> %UserProfile%\Desktop\uTORRENT.exe [C:\Documents and Settings\Alim\Desktop\uTorrent.exe:*:Enabled:µTorrent] -> BitTorrent, Inc. [Ver = 1.8.0.6806 | Size = 253744 bytes | Modified Date = 13.08.2008 17:17:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe -> %ProgramFiles%\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe [C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Disabled:dndclient] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Miranda IM UA-Pack\miranda32.exe -> %ProgramFiles%\Miranda IM UA-Pack\miranda32.exe [C:\Program Files\Miranda IM UA-Pack\miranda32.exe:*:Disabled:Miranda IM] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\Orb.exe -> %ProgramFiles%\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Disabled:Orb] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe -> %ProgramFiles%\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Disabled:Orb Stream Client] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbTray.exe -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Disabled:OrbTray] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Alim\Desktop\Warcraft III Reign of Chaos\Warcraft III Reign of Chaos\Warcraft III.exe -> %UserProfile%\Desktop\Warcraft III Reign of Chaos\Warcraft III Reign of Chaos\Warcraft III.exe [C:\Documents and Settings\Alim\Desktop\Warcraft III Reign of Chaos\Warcraft III Reign of Chaos\Warcraft III.exe:*:Disabled:Warcraft III] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1135840234\ee\aim6.exe -> %CommonProgramFiles%\AOL\1135840234\ee\aim6.exe [C:\Program Files\Common Files\AOL\1135840234\ee\aim6.exe:*:Disabled:AIM] -> America Online, Inc. [Ver = 1.4.9.1 | Size = 50768 bytes | Modified Date = 28.08.2006 16:22:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader] -> America Online, Inc. [Ver = 9.2.0.1 | Size = 11352 bytes | Modified Date = 11.07.2005 17:35:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1135840234\ee\aolsoftware.exe -> %CommonProgramFiles%\AOL\1135840234\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1135840234\ee\aolsoftware.exe:*:Disabled:AOL Services] -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 09.05.2006 20:24:16 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\WoW-BurningCrusade-enGB-Installer-downloader.exe -> %UserProfile%\Desktop\МОЯ ПАПКА\WoW-BurningCrusade-enGB-Installer-downloader.exe [C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\WoW-BurningCrusade-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Downloads\Программы\WoW-enGB-Installer-downloader.exe -> %SystemDrive%\Downloads\Программы\WoW-enGB-Installer-downloader.exe [C:\Downloads\Программы\WoW-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader] -> Blizzard Entertainment [Ver = 1, 8, 0, 382 | Size = 1284008 bytes | Modified Date = 04.04.2008 19:55:19 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Alim\Desktop\Warcraft III Reign of Chaos\Warcraft III Reign of Chaos\backup1\Warcraft III.exe -> %UserProfile%\Desktop\Warcraft III Reign of Chaos\Warcraft III Reign of Chaos\backup1\Warcraft III.exe [C:\Documents and Settings\Alim\Desktop\Warcraft III Reign of Chaos\Warcraft III Reign of Chaos\backup1\Warcraft III.exe:*:Enabled:Warcraft III] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Cease Fire Demo\cf.exe -> %ProgramFiles%\Cease Fire Demo\cf.exe [C:\Program Files\Cease Fire Demo\cf.exe:*:Disabled:cf] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Alim\Desktop\univer\New Folder\Warcraft III Reign of Chaos\Warcraft III.exe -> %UserProfile%\Desktop\univer\New Folder\Warcraft III Reign of Chaos\Warcraft III.exe [C:\Documents and Settings\Alim\Desktop\univer\New Folder\Warcraft III Reign of Chaos\Warcraft III.exe:*:Enabled:Warcraft III] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Alim\Desktop\wow bc\wowclient-downloader.exe -> %UserProfile%\Desktop\wow bc\wowclient-downloader.exe [C:\Documents and Settings\Alim\Desktop\wow bc\wowclient-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Alim\Desktop\wowclient-downloader.exe -> %UserProfile%\Desktop\wowclient-downloader.exe [C:\Documents and Settings\Alim\Desktop\wowclient-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\javaw.exe [C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_10\bin\java.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\java.exe [C:\Program Files\Java\jre1.5.0_10\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04.08.2004 0:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\Russian\setup.exe -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\Russian\setup.exe [C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\Russian\setup.exe:*:Enabled:Программа установки Kaspersky Internet Security 2009] -> Лаборатория Касперского [Ver = 8.0.0.418 | Size = 70992 bytes | Modified Date = 17.06.2008 9:33:12 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3724:TCP -> 3724:TCP:*:Enabled:Blizzard Downloader: 3724 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04.08.2004 0:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04.08.2004 0:56:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26.07.2005 0:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04.08.2004 0:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 04.08.2004 0:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 04.08.2004 0:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26.07.2005 0:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] diablo save -> %SystemDrive%\diablo save -> [Folder | Created Date = 11.08.2008 13:37:42 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536383488 bytes | Created Date = 23.08.2008 21:21:19 | Attr = HS] Save -> %SystemDrive%\Save -> [Folder | Created Date = 10.08.2008 13:37:54 | Attr = ] se -> %SystemDrive%\se -> [Ver = | Size = 0 bytes | Created Date = 09.08.2008 22:51:57 | Attr = ] SWRepublicCommando.exe -> %SystemDrive%\SWRepublicCommando.exe -> [Ver = | Size = 2441216 bytes | Created Date = 21.08.2008 10:05:43 | Attr = ] Themes -> %SystemDrive%\Themes -> [Folder | Created Date = 22.08.2008 22:54:48 | Attr = ] gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Created Date = 24.08.2008 15:19:29 | Attr = ] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1042 built by: WinDDK | Size = 42376 bytes | Created Date = 24.08.2008 13:46:09 | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 24.08.2008 13:46:09 | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1033 | Size = 81288 bytes | Created Date = 24.08.2008 13:46:09 | Attr = ] kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 24.08.2008 13:46:09 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 24.08.2008 13:04:31 | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 24.08.2008 13:04:31 | Attr = ] ac3acm.acm -> %SystemRoot%\System32\ac3acm.acm -> fccHandler [Ver = 1, 40, 0, 0 | Size = 118784 bytes | Created Date = 20.08.2008 16:59:44 | Attr = ] AK083E209605E394C.lie -> %SystemRoot%\System32\AK083E209605E394C.lie -> [Ver = | Size = 42 bytes | Created Date = 24.08.2008 15:03:11 | Attr = ] ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll -> [Ver = | Size = 7680 bytes | Created Date = 20.08.2008 16:59:34 | Attr = ] ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest -> [Ver = | Size = 547 bytes | Created Date = 20.08.2008 16:59:34 | Attr = ] lameACM.acm -> %SystemRoot%\System32\lameACM.acm -> http://www.mp3dev.org/ [Ver = 0.9.1 | Size = 389120 bytes | Created Date = 20.08.2008 16:59:45 | Attr = ] lame_acm.xml -> %SystemRoot%\System32\lame_acm.xml -> [Ver = | Size = 414 bytes | Created Date = 20.08.2008 16:59:45 | Attr = ] unrar.dll -> %SystemRoot%\System32\unrar.dll -> [Ver = | Size = 164352 bytes | Created Date = 20.08.2008 16:59:49 | Attr = ] xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [Ver = | Size = 1559040 bytes | Created Date = 20.08.2008 16:59:40 | Attr = ] xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll -> [Ver = | Size = 282624 bytes | Created Date = 20.08.2008 16:59:40 | Attr = ] yv12vfw.dll -> %SystemRoot%\System32\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 217088 bytes | Created Date = 20.08.2008 16:59:41 | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Created Date = 24.08.2008 15:19:29 | Attr = ] gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Created Date = 24.08.2008 15:19:29 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 24.08.2008 15:19:32 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 24.08.2008 15:19:29 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 21.08.2008 10:43:18 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 21.08.2008 10:43:18 | Attr = H ] Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 8192 bytes | Created Date = 13.08.2008 17:12:50 | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable [Files Created - Additional Folder Scans - Non-Microsoft Only] Kaspersky Lab Setup Files -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files -> [Folder | Created Date = 22.08.2008 21:23:14 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 23.08.2008 16:21:58 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 24.08.2008 13:04:30 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 24.08.2008 13:04:35 | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Created Date = 24.08.2008 13:46:00 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2800912 bytes | Created Date = 22.08.2008 22:51:38 | Attr = H ] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 793 bytes | Created Date = 23.08.2008 16:22:01 | Attr = ] Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [Ver = | Size = 793 bytes | Created Date = 23.08.2008 16:22:01 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 24.08.2008 13:04:31 | Attr = ] Spyware Doctor.lnk -> %AllUsersProfile%\Desktop\Spyware Doctor.lnk -> [Ver = | Size = 1643 bytes | Created Date = 24.08.2008 13:46:11 | Attr = ] Chernaya_bibliya_edinstvennaya_versiya_iznasilovanie_imari_DVDRip__torrents.ru_.rar.part -> %UserProfile%\Desktop\Chernaya_bibliya_edinstvennaya_versiya_iznasilovanie_imari_DVDRip__torrents.ru_.rar.part -> [Ver = | Size = 304861 bytes | Created Date = 22.08.2008 19:15:25 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 2828813 bytes | Created Date = 23.08.2008 20:14:59 | Attr = R ] Desktop.rar -> %UserProfile%\Desktop\Desktop.rar -> [Ver = | Size = 4665472 bytes | Created Date = 20.08.2008 16:33:42 | Attr = ] GAMES -> %UserProfile%\Desktop\GAMES -> [Folder | Created Date = 13.08.2008 1:17:00 | Attr = R ] gmer -> %UserProfile%\Desktop\gmer -> [Folder | Created Date = 24.08.2008 15:19:24 | Attr = ] gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [Ver = | Size = 747873 bytes | Created Date = 24.08.2008 15:18:58 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gmer.zip:Zone.Identifier HijackThis -> %UserProfile%\Desktop\HijackThis -> [Folder | Created Date = 23.08.2008 16:04:11 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 23.08.2008 23:20:50 | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 23.08.2008 23:20:23 | Attr = ] JDownloader_2008-07-18_07-57_v1.921 -> %UserProfile%\Desktop\JDownloader_2008-07-18_07-57_v1.921 -> [Folder | Created Date = 22.08.2008 20:13:14 | Attr = ] JDownloader_2008-07-18_07-57_v1.921.zip -> %UserProfile%\Desktop\JDownloader_2008-07-18_07-57_v1.921.zip -> [Ver = | Size = 4865573 bytes | Created Date = 20.08.2008 16:33:25 | Attr = ] kaspersky-all -> %UserProfile%\Desktop\kaspersky-all -> [Folder | Created Date = 22.08.2008 21:19:58 | Attr = ] kaspersky-all.rar -> %UserProfile%\Desktop\kaspersky-all.rar -> [Ver = | Size = 65981193 bytes | Created Date = 22.08.2008 20:49:09 | Attr = ] New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Created Date = 23.08.2008 20:13:33 | Attr = ] New Folder (2) -> %UserProfile%\Desktop\New Folder (2) -> [Folder | Created Date = 23.08.2008 16:00:41 | Attr = ] New Folder (2)1 -> %UserProfile%\Desktop\New Folder (2)1 -> [Folder | Created Date = 23.08.2008 21:23:12 | Attr = ] New Folder1 -> %UserProfile%\Desktop\New Folder1 -> [Folder | Created Date = 20.08.2008 12:21:13 | Attr = ] New Microsoft Word Document.doc -> %UserProfile%\Desktop\New Microsoft Word Document.doc -> [Ver = | Size = 23040 bytes | Created Date = 24.08.2008 13:19:36 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 24.08.2008 16:31:23 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 24.08.2008 16:28:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Revo Uninstaller.lnk -> %UserProfile%\Desktop\Revo Uninstaller.lnk -> [Ver = | Size = 917 bytes | Created Date = 23.08.2008 21:24:06 | Attr = ] smitRem -> %UserProfile%\Desktop\smitRem -> [Folder | Created Date = 23.08.2008 16:52:16 | Attr = ] smitRem.exe -> %UserProfile%\Desktop\smitRem.exe -> [Ver = | Size = 383836 bytes | Created Date = 23.08.2008 16:02:05 | Attr = ] Soft -> %UserProfile%\Desktop\Soft -> [Folder | Created Date = 13.08.2008 1:17:45 | Attr = R ] Spyware_Doctor_6[1].0.0.362 -> %UserProfile%\Desktop\Spyware_Doctor_6[1].0.0.362 -> [Folder | Created Date = 24.08.2008 14:03:21 | Attr = ] Spyware_Doctor_6[1].0.0.362.rar -> %UserProfile%\Desktop\Spyware_Doctor_6[1].0.0.362.rar -> [Ver = | Size = 15194438 bytes | Created Date = 24.08.2008 14:02:54 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Spyware_Doctor_6[1].0.0.362.rar:Zone.Identifier Texts -> %UserProfile%\Desktop\Texts -> [Folder | Created Date = 13.08.2008 16:53:12 | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Created Date = 23.08.2008 0:32:47 | Attr = ] VIDEO -> %UserProfile%\Desktop\VIDEO -> [Folder | Created Date = 13.08.2008 1:15:57 | Attr = R ] _5BDa-Anime.org_5DAYCD_201.rm -> %UserProfile%\Desktop\_5BDa-Anime.org_5DAYCD_201.rm -> [Ver = | Size = 0 bytes | Created Date = 24.08.2008 12:41:26 | Attr = ] _5BDa-Anime.org_5DAYCD_201.rm.part -> %UserProfile%\Desktop\_5BDa-Anime.org_5DAYCD_201.rm.part -> [Ver = | Size = 21780200 bytes | Created Date = 24.08.2008 12:41:23 | Attr = ] Cheatbook Database 2007 -> %ProgramFiles%\Cheatbook Database 2007 -> [Folder | Created Date = 25.07.2008 19:55:19 | Attr = ] Diablo 2 Lord of Destruction -> %ProgramFiles%\Diablo 2 Lord of Destruction -> [Folder | Created Date = 08.08.2008 18:51:39 | Attr = ] K-Lite Codec Pack -> %ProgramFiles%\K-Lite Codec Pack -> [Folder | Created Date = 20.08.2008 16:59:28 | Attr = ] Lavasoft -> %ProgramFiles%\Lavasoft -> [Folder | Created Date = 23.08.2008 16:21:58 | Attr = ] LucasArts -> %ProgramFiles%\LucasArts -> [Folder | Created Date = 21.08.2008 9:50:20 | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 24.08.2008 13:04:29 | Attr = ] Spyware Doctor -> %ProgramFiles%\Spyware Doctor -> [Folder | Created Date = 24.08.2008 13:46:00 | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 23.08.2008 23:20:49 | Attr = ] VS Revo Group -> %ProgramFiles%\VS Revo Group -> [Folder | Created Date = 23.08.2008 21:24:06 | Attr = ] [Files/Folders - Modified Within 30 days] diablo save -> %SystemDrive%\diablo save -> [Folder | Modified Date = 14.08.2008 19:38:25 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 11.08.2008 11:15:43 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536383488 bytes | Modified Date = 24.08.2008 13:41:30 | Attr = HS] IPOD -> %SystemDrive%\IPOD -> [Folder | Modified Date = 12.08.2008 22:51:39 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 24.08.2008 15:16:11 | Attr = ] Save -> %SystemDrive%\Save -> [Folder | Modified Date = 10.08.2008 13:37:54 | Attr = ] se -> %SystemDrive%\se -> [Ver = | Size = 0 bytes | Modified Date = 09.08.2008 22:51:57 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 22.08.2008 23:22:34 | Attr = HS] Themes -> %SystemDrive%\Themes -> [Folder | Modified Date = 22.08.2008 22:54:48 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 24.08.2008 15:19:32 | Attr = ] gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 24.08.2008 15:19:29 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 17.08.2008 15:01:14 | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 17.08.2008 15:01:18 | Attr = ] AK083E209605E394C.lie -> %SystemRoot%\System32\AK083E209605E394C.lie -> [Ver = | Size = 42 bytes | Modified Date = 24.08.2008 15:03:11 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 23.08.2008 16:08:50 | Attr = ] 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 24.08.2008 12:02:02 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 09.08.2008 21:53:49 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 21.08.2008 7:07:18 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 24.08.2008 15:19:29 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 63324 bytes | Modified Date = 24.08.2008 13:47:32 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 404104 bytes | Modified Date = 24.08.2008 13:47:32 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 475330 bytes | Modified Date = 24.08.2008 13:47:32 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 22.08.2008 23:22:34 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 24.08.2008 13:42:16 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 21.08.2008 7:07:02 | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 24.08.2008 13:41:33 | Attr = S] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Modified Date = 24.08.2008 15:19:29 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 24.08.2008 15:49:35 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 24.08.2008 15:19:29 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 21.08.2008 7:07:21 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 23.08.2008 16:07:01 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 24.08.2008 15:16:45 | Attr = HS] LogonStudio.ini -> %SystemRoot%\LogonStudio.ini -> [Ver = | Size = 24 bytes | Modified Date = 22.08.2008 22:26:54 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 24.08.2008 13:02:14 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 24.08.2008 15:02:57 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 21.08.2008 10:43:18 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 21.08.2008 10:43:18 | Attr = H ] security -> %SystemRoot%\security -> [Folder | Modified Date = 22.08.2008 21:28:47 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 24.08.2008 15:15:07 | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 24.08.2008 14:15:55 | Attr = ] Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 8192 bytes | Modified Date = 13.08.2008 17:12:50 | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 753 bytes | Modified Date = 22.08.2008 22:43:02 | Attr = ] wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 1936 bytes | Modified Date = 09.08.2008 22:52:06 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 24.08.2008 13:41:46 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 22.09.2007 2:03:57 | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1306 bytes | Modified Date = 22.09.2007 2:03:57 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 13.11.2005 13:08:22 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6760 bytes | Modified Date = 24.08.2008 13:42:48 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6760 bytes | Modified Date = 24.08.2008 13:42:48 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 08.12.2005 20:19:22 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 08.12.2005 20:19:22 | Attr = ] C:\Documents and Settings\Alim\Local Settings\Temp\RarSFX0\ -> C:\Documents and Settings\Alim\Local Settings\Temp\RarSFX0 -> [Folder | Modified Date = 24.08.2008 15:03:12 | Attr = ] PU.exe -> C:\Documents and Settings\Alim\Local Settings\Temp\RarSFX0\PU.exe -> [Ver = 5.9.0.0 | Size = 1621504 bytes | Modified Date = 30.07.2008 11:06:58 | Attr = ] puUpdate.exe -> C:\Documents and Settings\Alim\Local Settings\Temp\RarSFX0\puUpdate.exe -> [Ver = | Size = 747008 bytes | Modified Date = 12.09.2007 11:49:18 | Attr = ] unpu.exe -> C:\Documents and Settings\Alim\Local Settings\Temp\RarSFX0\unpu.exe -> ctuser [Ver = 2.25 | Size = 17713 bytes | Modified Date = 16.06.2008 19:58:15 | Attr = ] ziad.exe -> C:\Documents and Settings\Alim\Local Settings\Temp\RarSFX0\ziad.exe -> [Ver = | Size = 280694 bytes | Modified Date = 15.06.2008 18:58:02 | Attr = ] C:\Documents and Settings\Alim\Local Settings\Temp\ -> C:\Documents and Settings\Alim\Local Settings\Temp -> [Folder | Modified Date = 24.08.2008 16:03:55 | Attr = ] uninst.dll -> C:\Documents and Settings\Alim\Local Settings\Temp\uninst.dll -> [Ver = | Size = 118784 bytes | Modified Date = 13.12.2005 18:16:20 | Attr = ] 6 C:\Documents and Settings\Alim\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Alim\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Alim\Local Settings\Temp\RarSFX0\ -> C:\Documents and Settings\Alim\Local Settings\Temp\RarSFX0 -> [Folder | Modified Date = 24.08.2008 15:03:12 | Attr = ] Update.ini -> C:\Documents and Settings\Alim\Local Settings\Temp\RarSFX0\Update.ini -> [Ver = | Size = 94 bytes | Modified Date = 30.07.2008 11:19:50 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Kaspersky Lab Setup Files -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files -> [Folder | Modified Date = 24.08.2008 15:00:13 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 23.08.2008 16:21:58 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 24.08.2008 13:04:30 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 24.08.2008 15:00:06 | Attr = ] @Alternate Data Stream - 112 bytes -> %AllUsersProfile%\Application Data\TEMP:B606BA34 @Alternate Data Stream - 138 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 24.08.2008 13:04:35 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 24.08.2008 15:15:08 | Attr = S] PC Tools -> %AppData%\PC Tools -> [Folder | Modified Date = 24.08.2008 13:46:00 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 24.08.2008 12:32:33 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 188416 bytes | Modified Date = 24.08.2008 12:42:54 | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 22.08.2008 22:47:04 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2800912 bytes | Modified Date = 22.08.2008 22:51:39 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 23.08.2008 0:39:08 | Attr = ] DAEMONToolsLite4-12-1.rar -> %UserProfile%\My Documents\DAEMONToolsLite4-12-1.rar -> [Ver = | Size = 605 bytes | Modified Date = 23.08.2008 1:43:18 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\DAEMONToolsLite4-12-1.rar:Zone.Identifier Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 22.08.2008 18:03:52 | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 14.08.2008 20:45:27 | Attr = S] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 793 bytes | Modified Date = 23.08.2008 16:22:01 | Attr = ] Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [Ver = | Size = 793 bytes | Modified Date = 23.08.2008 16:22:01 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 24.08.2008 13:04:31 | Attr = ] Spyware Doctor.lnk -> %AllUsersProfile%\Desktop\Spyware Doctor.lnk -> [Ver = | Size = 1643 bytes | Modified Date = 24.08.2008 13:46:11 | Attr = ] Winamp.lnk -> %AllUsersProfile%\Desktop\Winamp.lnk -> [Ver = | Size = 730 bytes | Modified Date = 14.08.2008 16:20:10 | Attr = ] Chernaya_bibliya_edinstvennaya_versiya_iznasilovanie_imari_DVDRip__torrents.ru_.rar.part -> %UserProfile%\Desktop\Chernaya_bibliya_edinstvennaya_versiya_iznasilovanie_imari_DVDRip__torrents.ru_.rar.part -> [Ver = | Size = 304861 bytes | Modified Date = 22.08.2008 19:16:16 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 2828813 bytes | Modified Date = 23.08.2008 19:43:16 | Attr = R ] Desktop.rar -> %UserProfile%\Desktop\Desktop.rar -> [Ver = | Size = 4665472 bytes | Modified Date = 20.08.2008 16:33:59 | Attr = ] GAMES -> %UserProfile%\Desktop\GAMES -> [Folder | Modified Date = 14.08.2008 16:14:30 | Attr = R ] gmer -> %UserProfile%\Desktop\gmer -> [Folder | Modified Date = 24.08.2008 15:42:33 | Attr = ] gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [Ver = | Size = 747873 bytes | Modified Date = 24.08.2008 15:19:09 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gmer.zip:Zone.Identifier HijackThis -> %UserProfile%\Desktop\HijackThis -> [Folder | Modified Date = 23.08.2008 23:12:23 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 23.08.2008 23:20:50 | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 23.08.2008 23:19:14 | Attr = ] JDownloader_2008-07-18_07-57_v1.921 -> %UserProfile%\Desktop\JDownloader_2008-07-18_07-57_v1.921 -> [Folder | Modified Date = 22.08.2008 20:13:14 | Attr = ] kaspersky-all -> %UserProfile%\Desktop\kaspersky-all -> [Folder | Modified Date = 22.08.2008 21:22:30 | Attr = ] kaspersky-all.rar -> %UserProfile%\Desktop\kaspersky-all.rar -> [Ver = | Size = 65981193 bytes | Modified Date = 22.08.2008 20:59:54 | Attr = ] MDS -> %UserProfile%\Desktop\MDS -> [Folder | Modified Date = 07.08.2008 1:56:58 | Attr = ] Mozilla Firefox.lnk -> %UserProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1710 bytes | Modified Date = 14.08.2008 16:10:01 | Attr = ] MUSIC -> %UserProfile%\Desktop\MUSIC -> [Folder | Modified Date = 14.08.2008 13:22:53 | Attr = R ] New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Modified Date = 23.08.2008 20:15:08 | Attr = ] New Folder (2) -> %UserProfile%\Desktop\New Folder (2) -> [Folder | Modified Date = 23.08.2008 16:02:05 | Attr = ] New Folder (2)1 -> %UserProfile%\Desktop\New Folder (2)1 -> [Folder | Modified Date = 24.08.2008 15:02:25 | Attr = ] New Folder1 -> %UserProfile%\Desktop\New Folder1 -> [Folder | Modified Date = 22.08.2008 23:38:11 | Attr = ] New Microsoft Word Document.doc -> %UserProfile%\Desktop\New Microsoft Word Document.doc -> [Ver = | Size = 23040 bytes | Modified Date = 24.08.2008 15:16:02 | Attr = ] Opera.lnk -> %UserProfile%\Desktop\Opera.lnk -> [Ver = | Size = 1530 bytes | Modified Date = 14.08.2008 16:06:25 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 24.08.2008 16:31:23 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 24.08.2008 16:28:33 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Revo Uninstaller.lnk -> %UserProfile%\Desktop\Revo Uninstaller.lnk -> [Ver = | Size = 917 bytes | Modified Date = 23.08.2008 21:24:06 | Attr = ] smitRem -> %UserProfile%\Desktop\smitRem -> [Folder | Modified Date = 23.08.2008 16:53:24 | Attr = ] smitRem.exe -> %UserProfile%\Desktop\smitRem.exe -> [Ver = | Size = 383836 bytes | Modified Date = 23.08.2008 15:47:16 | Attr = ] Soft -> %UserProfile%\Desktop\Soft -> [Folder | Modified Date = 22.08.2008 19:22:07 | Attr = R ] Spyware_Doctor_6[1].0.0.362 -> %UserProfile%\Desktop\Spyware_Doctor_6[1].0.0.362 -> [Folder | Modified Date = 24.08.2008 14:03:23 | Attr = ] Spyware_Doctor_6[1].0.0.362.rar -> %UserProfile%\Desktop\Spyware_Doctor_6[1].0.0.362.rar -> [Ver = | Size = 15194438 bytes | Modified Date = 24.08.2008 14:02:57 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Spyware_Doctor_6[1].0.0.362.rar:Zone.Identifier Texts -> %UserProfile%\Desktop\Texts -> [Folder | Modified Date = 13.08.2008 16:53:33 | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 23.08.2008 0:32:47 | Attr = ] uTORRENT.exe -> %UserProfile%\Desktop\uTORRENT.exe -> BitTorrent, Inc. [Ver = 1.8.0.6806 | Size = 253744 bytes | Modified Date = 13.08.2008 17:17:56 | Attr = ] @Alternate Data Stream - 88 bytes -> %UserProfile%\Desktop\uTORRENT.exe:SummaryInformation @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\uTORRENT.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} VIDEO -> %UserProfile%\Desktop\VIDEO -> [Folder | Modified Date = 14.08.2008 13:25:11 | Attr = R ] _5BDa-Anime.org_5DAYCD_201.rm -> %UserProfile%\Desktop\_5BDa-Anime.org_5DAYCD_201.rm -> [Ver = | Size = 0 bytes | Modified Date = 24.08.2008 12:41:26 | Attr = ] _5BDa-Anime.org_5DAYCD_201.rm.part -> %UserProfile%\Desktop\_5BDa-Anime.org_5DAYCD_201.rm.part -> [Ver = | Size = 21780200 bytes | Modified Date = 24.08.2008 13:00:41 | Attr = ] МОЯ ПАПКА -> %UserProfile%\Desktop\МОЯ ПАПКА -> [Folder | Modified Date = 14.08.2008 16:11:56 | Attr = R ] prkiller.CFG -> %UserProfile%\Start Menu\Programs\Startup\prkiller.CFG -> [Ver = | Size = 360 bytes | Modified Date = 24.08.2008 15:17:00 | Attr = ] LogoManager -> %CommonProgramFiles%\LogoManager -> [Folder | Modified Date = 22.08.2008 22:46:04 | Attr = ] Stardock -> %CommonProgramFiles%\Stardock -> [Folder | Modified Date = 22.08.2008 22:51:19 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 23.08.2008 16:21:32 | Attr = ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000000 "hdf12"=hex:50,30,b6,fb,74,5b,b8,7a,b6,92,fa,c9,09,07,5f,06,27,91,94,0f,72,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:65,f0,b6,71,bf,74,c5,fc,c2,a6,5e,af,a2,73,1a,c7,87,93,59,b5,7b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,44,22,1f,c3,65,14,c6,da,24,01,7f,3b,f8,61,38,07,ca,.. "khjeh"=hex:a9,b5,7d,c7,5f,dc,63,40,96,85,48,6f,a6,81,69,a1,fc,e6,7c,92,5b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:da,86,c8,82,07,42,5f,bd,76,7d,a0,3f,7d,92,56,3d,b1,f3,7c,c9,52,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:f8,d9,0f,45,f6,c5,71,cd,c3,76,66,cd,84,8d,e8,08,f2,a1,d7,9a,94,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000000 "hdf12"=hex:50,30,b6,fb,74,5b,b8,7a,b6,92,fa,c9,09,07,5f,06,27,91,94,0f,72,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:65,f0,b6,71,bf,74,c5,fc,c2,a6,5e,af,a2,73,1a,c7,87,93,59,b5,7b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,44,22,1f,c3,65,14,c6,da,24,01,7f,3b,f8,61,38,07,ca,.. "khjeh"=hex:a9,b5,7d,c7,5f,dc,63,40,96,85,48,6f,a6,81,69,a1,fc,e6,7c,92,5b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:da,86,c8,82,07,42,5f,bd,76,7d,a0,3f,7d,92,56,3d,b1,f3,7c,c9,52,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:f8,d9,0f,45,f6,c5,71,cd,c3,76,66,cd,84,8d,e8,08,f2,a1,d7,9a,94,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000000 "hdf12"=hex:50,30,b6,fb,74,5b,b8,7a,b6,92,fa,c9,09,07,5f,06,27,91,94,0f,72,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:65,f0,b6,71,bf,74,c5,fc,c2,a6,5e,af,a2,73,1a,c7,87,93,59,b5,7b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,44,22,1f,c3,65,14,c6,da,24,01,7f,3b,f8,61,38,07,ca,.. "khjeh"=hex:a9,b5,7d,c7,5f,dc,63,40,96,85,48,6f,a6,81,69,a1,fc,e6,7c,92,5b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:da,86,c8,82,07,42,5f,bd,76,7d,a0,3f,7d,92,56,3d,b1,f3,7c,c9,52,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:f8,d9,0f,45,f6,c5,71,cd,c3,76,66,cd,84,8d,e8,08,f2,a1,d7,9a,94,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000000 "hdf12"=hex:50,30,b6,fb,74,5b,b8,7a,b6,92,fa,c9,09,07,5f,06,27,91,94,0f,72,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:65,f0,b6,71,bf,74,c5,fc,c2,a6,5e,af,a2,73,1a,c7,87,93,59,b5,7b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,44,22,1f,c3,65,14,c6,da,24,01,7f,3b,f8,61,38,07,ca,.. "khjeh"=hex:a9,b5,7d,c7,5f,dc,63,40,96,85,48,6f,a6,81,69,a1,fc,e6,7c,92,5b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:da,86,c8,82,07,42,5f,bd,76,7d,a0,3f,7d,92,56,3d,b1,f3,7c,c9,52,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:f8,d9,0f,45,f6,c5,71,cd,c3,76,66,cd,84,8d,e8,08,f2,a1,d7,9a,94,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\tdssserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "LoadAppInit_DLLs"=dword:00000001 "AppInit_Dlls"="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\!\0040\49\4$\0040\49\4] "Order"=hex:08,00,00,00,02,00,00,00,88,09,00,00,01,00,00,00,0c,00,00,00,d2,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\RussoBit-M\\27\4>\4;\4>\4B\0040\4O\4 ] "Order"=hex:08,00,00,00,02,00,00,00,52,01,00,00,01,00,00,00,02,00,00,00,ae,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\20\4=\4B\48\0042\48\4@\4C\4A\4 ] "Order"=hex:08,00,00,00,02,00,00,00,4e,03,00,00,01,00,00,00,05,00,00,00,9c,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\30\0043\4@\4K\4 ] "Order"=hex:08,00,00,00,02,00,00,00,9a,00,00,00,01,00,00,00,01,00,00,00,8e,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\"\4@\4C\0044\4=\4>\4 ] "Order"=hex:08,00,00,00,02,00,00,00,56,01,00,00,01,00,00,00,02,00,00,00,b6,.. scanning hidden files ... C:\WINDOWS\system32\DirectX\Dinput\Thumbs.db:encryptable 0 bytes C:\WINDOWS\Thumbs.db:encryptable 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 11 < Document and Settings folder & sub folders > detected NTDLL code modification: ZwClose scanning hidden files ... C:\Documents and Settings\Alim\Application Data\Opera\Opera\profile\images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\New Folder1\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\UNIVER\Screenshots\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\uTORRENT.exe:SummaryInformation 88 bytes C:\Documents and Settings\Alim\Desktop\uTORRENT.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Alim\Desktop\VIDEO\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\МУЗЫКА\БЛИЧ ОСТ\1_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ПСП ПРОГРАММЫ\Обои\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ПСП ФИЛЬМЫ\КИНО на ПСП\constantine\PSP\VIDEO\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ПСП ФИЛЬМЫ\КИНО на ПСП\Pristreli.Ih.by.tooper\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ТЕМЫ\firefox-blue-01-12735\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ТЕМЫ\age-of-empires-3-10786\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ТЕМЫ\bio-neon-10997\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ТЕМЫ\blood-elven-beauty-12401\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ТЕМЫ\butterfly-119-14611\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ТЕМЫ\firebird-14487\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ТЕМЫ\gaara-03-15432\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ТЕМЫ\hitman-01-11619\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ТЕМЫ\iphone-v2-15191\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ТЕМЫ\linux-os-15156\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ТЕМЫ\nokia-grey-14563\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ФОТКИ С ТЕЛЕФОНА\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ФОТКИ С ТЕЛЕФОНА\New Folder (2)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ФОТКИ С ТЕЛЕФОНА\New Folder (3)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ФОТКИ С ТЕЛЕФОНА\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ФОТКИ С ТЕЛЕФОНА\Новая папка\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ФОТКИ С ТЕЛЕФОНА\Новая папка (2)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ФОТКИ С ТЕЛЕФОНА\Новая папка (3)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\Desktop\МОЯ ПАПКА\ТЕЛЕФОН\ФОТКИ С ТЕЛЕФОНА\Новая папка (4)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\AlienwareXenoMorph\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\My Videos\New Folder\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\My Videos\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (3)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (4)\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (4)\New Folder (2)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (4)\New Folder (3)\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (4)\New Folder (3)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (5)\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (5)\New Folder (2)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (5)\New Folder (3)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (5)\New Folder (4)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (6)\New Folder\New Folder\New Folder\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (6)\New Folder\New Folder\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (6)\New Folder\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (6)\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (6)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (7)\New Folder\New Folder\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (7)\New Folder\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (7)\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (7)\New Folder (2)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\New Folder (7)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\Downloads\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\Downloads\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\Downloads\Stargate Atlantis S3\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\Downloads\Stargate Atlantis Season 2\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\Downloads\Stargate.Atlantis.Season 1\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\HDR_Wallpapers\HDR_Wallpapers\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\Caitlin\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Alim\My Documents\Caitlin\My Documents\My Videos\DivX Movies\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Application Data\TEMP:B606BA34 112 bytes C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 138 bytes C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 207 < End of report > [/code]