Академический Документы
Профессиональный Документы
Культура Документы
************************************************************
9:56:49 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
9:56:49 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2923520 bytes
Created: 11/2/2006 1:47 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created: 11/2/2006 1:43 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
C:\Program Files\Windows Defender\MSASCui.exe
1004136 bytes
Created: 11/2/2006 5:34 AM
Modified: 11/2/2006 5:34 AM
Company: Microsoft Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1068424 bytes
Created: 6/6/2010 9:55 PM
Modified: 8/4/2009 4:49 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: Sidebar
Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe
1196032 bytes
Created: 11/2/2006 5:35 AM
Modified: 11/2/2006 5:35 AM
Company: Microsoft Corporation
--------------------
Value Name: WindowsWelcomeCenter
Value Data: rundll32.exe oobefldr.dll,ShowWelcomeCenter
C:\Windows\system32\oobefldr.dll
2159104 bytes
Created: 11/2/2006 5:34 AM
Modified: 11/2/2006 5:34 AM
Company: Microsoft Corporation
--------------------
************************************************************
9:56:51 PM: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty
************************************************************
9:56:51 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
9:56:51 PM: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\logon.scr
C:\Windows\system32\logon.scr
5714432 bytes
Created: 11/2/2006 1:48 AM
Modified: 11/2/2006 2:44 AM
Company: Microsoft Corporation
--------------------
************************************************************
9:56:51 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
9:56:52 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
************************************************************
9:56:52 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: atapi
ImagePath: system32\drivers\atapi.sys
C:\Windows\system32\drivers\atapi.sys
19048 bytes
Created: 11/2/2006 1:51 AM
Modified: 2/21/2007 12:49 PM
Company: Microsoft Corporation
----------
Key: BCM43XV
ImagePath: system32\DRIVERS\bcmwl6.sys
C:\Windows\system32\DRIVERS\bcmwl6.sys
464384 bytes
Created: 11/2/2006 3:25 AM
Modified: 11/2/2006 12:30 AM
Company: Broadcom Corporation
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert i
s globally excluded
----------
Key: GoToAssist
ImagePath: "C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service
C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
16680 bytes
Created: 6/6/2010 9:24 PM
Modified: 6/6/2010 9:24 PM
Company: Citrix Online, a division of Citrix Systems, Inc.
----------
Key: HidUsb
ImagePath: \SystemRoot\system32\drivers\hidusb.sys
C:\Windows\system32\drivers\hidusb.sys
12288 bytes
Created: 11/2/2006 1:55 AM
Modified: 11/2/2006 1:55 AM
Company: Microsoft Corporation
----------
Key: HSFHWAZL
ImagePath: system32\DRIVERS\VSTAZL3.SYS
C:\Windows\system32\DRIVERS\VSTAZL3.SYS
200704 bytes
Created: 11/2/2006 3:25 AM
Modified: 11/2/2006 12:41 AM
Company: Conexant Systems, Inc.
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\drivers\iastorv.sys
C:\Windows\system32\drivers\iastorv.sys
232040 bytes
Created: 11/2/2006 12:36 AM
Modified: 11/2/2006 2:51 AM
Company: Intel Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally exc
luded
----------
Key: kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\Windows\system32\drivers\kbdhid.sys
15872 bytes
Created: 11/2/2006 1:51 AM
Modified: 11/2/2006 1:51 AM
Company: Microsoft Corporation
----------
Key: mouhid
ImagePath: \SystemRoot\system32\drivers\mouhid.sys
C:\Windows\system32\drivers\mouhid.sys
15872 bytes
Created: 11/2/2006 1:51 AM
Modified: 11/2/2006 1:51 AM
Company: Microsoft Corporation
----------
Key: msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally e
xcluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally e
xcluded
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created: 11/2/2006 1:51 AM
Modified: 11/2/2006 1:51 AM
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created: 11/2/2006 1:51 AM
Modified: 11/2/2006 1:51 AM
Company: Microsoft Corporation
----------
Key: USBSTOR
ImagePath: \SystemRoot\system32\drivers\usbstor.sys - file is missing - alert is
globally excluded
----------
Key: winachsf
ImagePath: system32\DRIVERS\VSTCNXT3.SYS
C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
654336 bytes
Created: 11/2/2006 3:25 AM
Modified: 11/2/2006 12:41 AM
Company: Conexant Systems, Inc.
----------
************************************************************
9:57:02 PM: Scanning -----VXD ENTRIES-----
************************************************************
9:57:02 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : GoToAssist
DLLName: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - [file not found to scan
]
----------
************************************************************
9:57:11 PM: Scanning ----- CONTEXTMENUHANDLERS -----
************************************************************
9:57:11 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
No Folder\ColumnHandler entries found to scan
************************************************************
9:57:11 PM: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan
************************************************************
9:57:11 PM: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
9:57:11 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
9:57:11 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
9:57:11 PM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
9:57:12 PM: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
9:57:12 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 11/2/2006 5:50 AM
Modified: 11/2/2006 5:50 AM
Company: [no info]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - no ac
tion taken on this file
--------------------
************************************************************
9:57:12 PM: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Alexandria
[C:\Users\Alexandria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start
up]
C:\Users\Alexandria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startu
p\desktop.ini
-HS- 174 bytes
Created: 6/6/2010 9:07 PM
Modified: 6/6/2010 9:07 PM
Company: [no info]
C:\Users\Alexandria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startu
p\desktop.ini - no action taken on this file
----------
--------------------
************************************************************
9:57:12 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
************************************************************
9:57:12 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
No ShellIconOverlayIdentifiers Registry key found to scan
************************************************************
9:57:12 PM: Scanning ----- DEVICE DRIVER ENTRIES -----
************************************************************
9:57:13 PM: ----- ADDITIONAL CHECKS -----
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Windows\web\Wallpaper\img24.jpg
C:\Windows\web\Wallpaper\img24.jpg
926015 bytes
Created: 11/2/2006 5:35 AM
Modified: 11/2/2006 5:35 AM
Company: [no info]
----------
Web Desktop Wallpaper: %SystemRoot%\web\Wallpaper\img24.jpg
C:\Windows\web\Wallpaper\img24.jpg
926015 bytes
Created: 11/2/2006 5:35 AM
Modified: 11/2/2006 5:35 AM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed
************************************************************
9:57:14 PM: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
62976 bytes
Created: 11/2/2006 1:33 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe
7680 bytes
Created: 11/2/2006 1:33 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe - file already scanned
--------------------
C:\Windows\system32\wininit.exe
95744 bytes
Created: 11/2/2006 1:44 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\winlogon.exe
308224 bytes
Created: 11/2/2006 1:44 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\services.exe
279552 bytes
Created: 11/2/2006 1:35 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsass.exe
7680 bytes
Created: 11/2/2006 1:43 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsm.exe
210944 bytes
Created: 11/2/2006 2:02 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe
22016 bytes
Created: 11/2/2006 1:35 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\Ati2evxx.exe
684032 bytes
Created: 6/3/2008 3:33 AM
Modified: 6/3/2008 3:33 AM
Company: ATI Technologies Inc.
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\SLsvc.exe
2592256 bytes
Created: 11/2/2006 1:44 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\Ati2evxx.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\spoolsv.exe
124928 bytes
Created: 11/2/2006 2:15 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe - file already scanned
--------------------
C:\Program Files\Citrix\GoToAssist\514\g2acomm.exe
16680 bytes
Created: 6/6/2010 9:24 PM
Modified: 6/6/2010 9:24 PM
Company: Citrix Online, a division of Citrix Systems, Inc.
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\SearchIndexer.exe
287744 bytes
Created: 11/2/2006 5:34 AM
Modified: 11/2/2006 5:34 AM
Company: Microsoft Corporation
--------------------
C:\Program Files\Citrix\GoToAssist\514\g2alaunchercustomer.exe
16680 bytes
Created: 6/6/2010 9:24 PM
Modified: 6/6/2010 9:24 PM
Company: Citrix Online, a division of Citrix Systems, Inc.
--------------------
C:\Program Files\Citrix\GoToAssist\514\g2asessioncontrol.exe
16680 bytes
Created: 6/6/2010 9:24 PM
Modified: 6/6/2010 9:24 PM
Company: Citrix Online, a division of Citrix Systems, Inc.
--------------------
C:\Windows\system32\taskeng.exe
166400 bytes
Created: 11/2/2006 1:41 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Program Files\Citrix\GoToAssist\514\g2achat.exe
16680 bytes
Created: 6/6/2010 9:24 PM
Modified: 6/6/2010 9:24 PM
Company: Citrix Online, a division of Citrix Systems, Inc.
--------------------
C:\Program Files\Citrix\GoToAssist\514\g2ahost.exe
17192 bytes
Created: 6/6/2010 9:24 PM
Modified: 6/6/2010 9:24 PM
Company: Citrix Online, a division of Citrix Systems, Inc.
--------------------
C:\Windows\system32\taskeng.exe - file already scanned
--------------------
C:\Program Files\Citrix\GoToAssist\514\g2auicustomer.exe
16680 bytes
Created: 6/6/2010 9:24 PM
Modified: 6/6/2010 9:24 PM
Company: Citrix Online, a division of Citrix Systems, Inc.
--------------------
C:\Windows\system32\Dwm.exe
83456 bytes
Created: 11/2/2006 1:39 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Program Files\Citrix\GoToAssist\514\g2aremotediagnostics.exe
16680 bytes
Created: 6/6/2010 9:24 PM
Modified: 6/6/2010 9:24 PM
Company: Citrix Online, a division of Citrix Systems, Inc.
--------------------
C:\Program Files\Citrix\GoToAssist\514\g2afiletransfer.exe
16680 bytes
Created: 6/6/2010 9:24 PM
Modified: 6/6/2010 9:24 PM
Company: Citrix Online, a division of Citrix Systems, Inc.
--------------------
C:\Program Files\Windows Defender\MSASCui.exe - file already scanned
--------------------
C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned
--------------------
C:\Program Files\Internet Explorer\ieuser.exe
288256 bytes
Created: 11/2/2006 1:49 AM
Modified: 11/2/2006 2:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\cmd.exe
320000 bytes
Created: 11/2/2006 1:36 AM
Modified: 11/2/2006 2:44 AM
Company: Microsoft Corporation
--------------------
C:\Windows\explorer.exe - file already scanned
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 3036024
[This is a Trojan Remover component]
--------------------
************************************************************
9:58:06 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 9:58:06 PM 06 Jun 2010
Total Scan time: 00:01:17
************************************************************