Log

[CODE]
EFIX 5.7 20110122.01 - 2011-07-01 15:24:45 - NTFS

0404
Microsoft Windows XP Service Pack 3 - XP
m: C:\Documents and Settings\XP\\EF2011012201.EXE
AV: Symantec Endpoint Protection (Symantec Corporation) True - Enabled
FW: Symantec Endpoint Protection (Symantec Corporation.) - Disable
G
wws KB978207
================================================================================
EFRC:
"d:\autorun.inf"
"c:\autorun.inf"
================================================================================
EFnC:
SRn.
================================================================================
EFRmC:
c:\autorun.inf => C:\EF_BACKUP\backup\c\autorun.inf.vir
d:\autorun.inf => C:\EF_BACKUP\backup\d\autorun.inf.vir
================================================================================
UtM :
2008-04-15 19:00:00 . 2008-04-15 19:00:00
ont.bin
2009-08-20 09:01:53 . 2009-08-20 09:01:53
che
2009-07-22 09:46:49 . 2009-07-22 09:46:49
213830 rash-----
c:\bootf
<DIR>
r--h-d---
c:\MSOCa
<DIR>
---h-d---
d:\Ghost
********** Created 2011-06 -- 2011-07 Files: **********

2011-07-01 15:12:38 . 2011-07-01 15:12:38
C:\WINDOWS\Wininit.ini
2011-06-22 15:28:22 . 2008-04-14 00:15:40
C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys
2011-06-22 15:28:22 . 2008-04-14 00:15:40
C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2011-06-21 11:11:54 . 2011-06-21 11:11:54
am Files\IBM
2011-06-21 11:10:51 . 2011-06-21 11:10:51
p
52
-a-------
32128
-a-----c-
32128
-a-------
<DIR>
-----d---
C:\Progr
-a-------
C:\law.s
********** Modified 2011-06 -- 2011-07 files: **********

2011-07-01 15:24:37 . 2009-07-22
ents and Settings\XP\
2011-07-01 15:24:20 . 2009-07-22
ents and Settings\XP\Cookies
2011-07-01 15:22:45 . 2009-07-21
C:\WINDOWS\WindowsUpdate.log
2011-07-01 15:22:20 . 2009-07-22
09:12:25
<DIR>
-----d---
C:\Docum
09:12:25
<DIR>
--s--d---
C:\Docum
18:41:50
1889988
-a-------
02:31:30
211
--sh-----
C:\boot.ini
2011-07-01 15:22:20 . 2008-04-15 19:00:00
C:\WINDOWS\win.ini
2011-07-01 15:22:20 . 2008-04-15 19:00:00
C:\WINDOWS\system.ini
2011-07-01 15:20:52 . 2009-11-04 16:01:44
ents and Settings\XP\.rainlendar2
2011-07-01 15:20:13 . 2008-04-15 19:00:00
C:\WINDOWS\SYSTEM32\wpa.dbl
2011-07-01 15:20:03 . 2009-07-22 09:12:26
WS\0.log
2011-07-01 15:20:01 . 2009-07-21 18:32:09
C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
2011-07-01 15:19:47 . 2009-07-21 18:37:50
C:\WINDOWS\wiadebug.log
2011-07-01 15:19:45 . 2009-07-21 18:37:50
C:\WINDOWS\wiaservc.log
2011-07-01 15:19:22 . 2009-07-21 18:44:17
C:\WINDOWS\bootstat.dat
2011-07-01 15:17:51 . 2009-07-22 09:11:10
C:\WINDOWS\SchedLgU.Txt
2011-07-01 15:17:48 . 2009-07-22 09:12:25
C:\Documents and Settings\XP\ntuser.ini
2011-07-01 15:17:08 . 2009-07-22 09:12:25
ents and Settings\XP\My Documents
2011-07-01 15:17:08 . 2009-07-22 02:26:04
WS\inf
2011-07-01 15:17:00 . 2009-07-21 18:32:27
C:\WINDOWS\setupapi.log
2011-07-01 15:13:03 . 2010-01-14 15:55:05
s3
2011-07-01 15:12:38 . 2011-07-01 15:12:38
C:\WINDOWS\Wininit.ini
2011-07-01 15:06:19 . 2009-07-21 18:32:33
WS\SYSTEM32\CatRoot2
2011-06-22 15:28:27 . 2009-07-22 02:26:04
WS\SYSTEM32\dllcache
2011-06-22 15:28:22 . 2009-07-22 02:26:04
WS\SYSTEM32\drivers
2011-06-22 15:28:13 . 2009-07-21 18:32:15
C:\WINDOWS\setupact.log
2011-06-21 17:46:10 . 2009-02-24 08:28:02
C:\WINDOWS\SYSTEM32\DRIVERS\wpshelper.sys
2011-06-21 11:13:10 . 2009-07-21 18:35:18
am Files\Common Files\Microsoft Shared
2011-06-21 11:11:36 . 2009-09-09 10:51:27
C:\WINDOWS\SYSTEM32\ssprs.tgz
2011-06-21 11:11:36 . 2009-09-09 10:49:47
C:\WINDOWS\SYSTEM32\lsprst7.tgz
2011-06-21 11:11:36 . 2009-09-09 10:49:47
C:\WINDOWS\SYSTEM32\lsprst7.dll
2011-06-21 11:11:36 . 2009-09-09 10:49:47
C:\WINDOWS\SYSTEM32\servdat.slm
2011-06-21 11:10:51 . 2011-06-21 11:10:51
p
573
-a-------
227
-a-------
<DIR>
2206
0
-----d---
C:\Docum
-a-------a-------
C:\WINDO
415656
-a-------
159
-a-------
48
-a-------
2048
-as------
32528
-a-------
178
--sh-----
<DIR>
r----d---
C:\Docum
<DIR>
---h-d---
C:\WINDO
706657
<DIR>
52
-a-----------d---
C:\EView
-a-------
<DIR>
-----d---
C:\WINDO
<DIR>
r-sh-d-c-
C:\WINDO
<DIR>
-----d---
C:\WINDO
177703
-a-------
167936
-a-------
<DIR>
-----d---
C:\Progr
87
-a-------
355
-a-------
341
-a-------
17
-a-h-----a-------
C:\law.s
================================================================================
{:
[V] [PID: 1040 ] C:\WINDOWS\system32\services.exe [ Microsoft Corporation ]
[V] [PID: 1600 ] C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.ex

e [ Symantec Corporation ]
[V] [PID: 1944 ] C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [
Symantec Corporation ]
[V] [PID: 360 ] C:\WINDOWS\system32\spoolsv.exe [ Microsoft Corporation ]
[V] [PID: 1352 ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.E
XE [ Microsoft Corporation ]
[-] [PID: 1856 ] C:\Program Files\Nakido\nakido.exe [ Nakido ]
[-] [PID: 1916 ] C:\Program Files\CyberLink\Shared files\RichVideo.exe [ N/A
]
[V] [PID: 244 ] C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan
.exe [ Symantec Corporation ]
[V] [PID: 516 ] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [ Y
ahoo! Inc. ]
[V] [PID: 768 ] C:\WINDOWS\system32\wuauclt.exe [ Microsoft Corporation ]
[V] [PID: 2292 ] C:\WINDOWS\System32\alg.exe [ Microsoft Corporation ]
[V] [PID: 3412 ] C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui
.exe [ Symantec Corporation ]
[V] [PID: 3748 ] C:\WINDOWS\RTHDCPL.EXE [ Realtek Semiconductor Corp. ]
[V] [PID: 4024 ] C:\WINDOWS\system32\hkcmd.exe [ Intel Corporation ]
[V] [PID: 4064 ] C:\WINDOWS\system32\igfxpers.exe [ Intel Corporation ]
[V] [PID: 1044 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [ Ad
obe Systems Inc. ]
[-] [PID: 1404 ] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [ Cyberlink
Corp. ]
[V] [PID: 1420 ] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [ Sy
mantec Corporation ]
[-] [PID: 1800 ] C:\Program Files\Common Files\Ulead Systems\AutoDetector\moni
tor.exe [ Ulead Systems, Inc. ]
[-] [PID: 304 ] C:\Program Files\USB Disk Security\USBGuard.exe [ Zbshareware
Lab ]
[V] [PID: 1992 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [ A
dobe Systems Incorporated ]
[V] [PID: 2032 ] C:\WINDOWS\system32\ctfmon.exe [ Microsoft Corporation ]
[V] [PID: 2496 ] C:\Program Files\Yahoo!\Search Protection\SearchProtection.ex
e [ Yahoo! Inc ]
[V] [PID: 2568 ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo
tifier.exe [ Google Inc. ]
[-] [PID: 2732 ] C:\Program Files\Rainlendar2\Rainlendar2.exe [ N/A ]
[V] [PID: 3996 ] C:\WINDOWS\system32\wuauclt.exe [ Microsoft Corporation ]
[V] [PID: 3616 ] C:\WINDOWS\system32\mmc.exe [ Microsoft Corporation ]
[V] [PID: 3892 ] C:\WINDOWS\system32\conime.exe [ Microsoft Corporation ]
[V] [PID: 3028 ] C:\WINDOWS\system32\AF5D4D.COM [ Microsoft Corporation ]
[V] [PID: 2656 ] C:\WINDOWS\system32\AF5D4D.COM [ Microsoft Corporation ]
[V] [PID: 3052 ] C:\WINDOWS\explorer.exe [ Microsoft Corporation ]
[-] [PID: 3080 ] E:\Windows\setup.exe [ SPSS Inc. ]
================================================================================
nC *** `N : `| ***
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ Microsoft Corporation ]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [ N/A ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
[ Microsoft Corporation ]
"RTHDCPL"="RTHDCPL.EXE" [ Realtek Semiconductor Corp. ]
"Alcmtr"="ALCMTR.EXE" [ Realtek Semiconductor Corp. ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ Intel Corporation ]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ Intel Corporation ]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [ Intel Corporation ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ Symantec Co
rporation ]
"USB Antivirus"="C:\Program Files\USB Disk Security\USBGuard.exe" [ Zbshareware
Lab ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [ Microsof
t Corporation ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [ Microsoft Corporation ]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"="0"
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"="1"
"undockwithoutlogon"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobject
delayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" - 2006-05-09 20:58 52
224 C:\WINDOWS\system32\WPDShServiceObj.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7
695ECA05670}]
2010-03-23 15:45 940856 C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-F
A578C2EBDC3}]
2009-02-27 12:07 75128 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroI
EHelperShim.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-9
0988571CECB}]
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-C
F10577473F7}]
2011-04-13 21:30 298160 C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.
dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0
445EE161910}]
2009-02-27 12:12 349576 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\Acro
IEFavClient.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-C
E66B5AD205D}]
2011-04-13 21:31 848952 C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1
142\swg.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D

13A8D28CB1F}]
2008-05-22 10:47 1099968 C:\Program Files\Tracker Software\PDF-XChange Viewer\pd
f-viewer\PDFXCviewIEPlugin.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-6
65D8EE6A077}]
2009-02-27 12:12 349576 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\Acro
IEFavClient.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-8
6F7AC245081}]
2010-03-23 15:45 160056 C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingle
Instance.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\igfxcui]
igfxdev.dll - 2005-04-05 14:18 131072 C:\WINDOWS\system32\igfxdev.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\WgaLogon]
WgaLogon.dll - 2009-03-10 22:18 264064 C:\WINDOWS\system32\WgaLogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat
Assistant 8.0]
"command"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [ Adobe Sys
tems Inc. ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Ac
robat Speed Launcher]
"command"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [ Adobe S
ystems Incorporated ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe AR
M]
"command"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [ Adobe Sy
stems Incorporated ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\coolsos]
"command"="C:\WINDOWS\system32\aqoeerw.exe" [ FILE NOT FOUND. ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Language
Shortcut]
"command"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [ N/A ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"command"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" [ F
ILE NOT FOUND. ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCo
ntrol]
"command"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ Cyberlink Corp.
]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search P
rotection]
"command"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ Ya
hoo! Inc ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
"command"="SkyTel.EXE" [ Realtek Semiconductor Corp. ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"command"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.e
xe" [ Google Inc. ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Au
toDetector v2]
"command"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe"
[ Ulead Systems, Inc. ]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"="145"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"="1"
[hku\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"="149"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
PendingFileRenameOperations C:\DOCUME~1\XP\LOCALS~1\Temp\~nsu.tmp\Au_.exe ;DELETE;
C:\DOCUME~1\XP\LOCALS~1\Temp\~nsu.tmp ;DELETE;
================================================================================
A \ X C:
: A AW;W;W
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [ Microsoft Corpora
tion ]
S2 gupdate;Google sA (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc
[ Google Inc. ]
S3 gupdatem;Google s A (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe /
edsvc [ Google Inc. ]
R2 Nakido;Nakido; C:\Program Files\Nakido\nakido.exe [ Nakido ]
S3 napagent;Network Access Protection Agent; C:\WINDOWS\System32\qagentrt.dll
[ Microsoft Corporation ]
S3 Smcinst;Symantec Auto-upgrade Agent; C:\Program Files\Symantec\Symantec Endp
oint Protection\SmcLU\Setup\smcinst.exe [ FILE NOT FOUND. ]
S4 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec End
point Protection\SNAC.EXE [ Symantec Corporation ]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WI
NDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [ Microsoft
Corporation ]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooA
UService.exe [ Yahoo! Inc. ]
S3 COH_Mon;COH_Mon; C:\WINDOWS\system32\Drivers\COH_Mon.sys [ Symantec Corpora
tion ]
S2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [ FILE NOT FOUND. ]
S1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [ FILE NOT FOUND. ]
S1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [ FILE NOT FOUN
D. ]
S3 NOWMEMDF;NOWMEMDF; C:\WINDOWS\system32\NOWMEMDF.sys [ FILE NOT FOUND. ]
S4 SysPlant;SysPlant for NT; C:\WINDOWS\system32\Drivers\SysPlant.sys [ Symant
ec Corporation ]
R1 WPS;WPS; C:\WINDOWS\system32\drivers\wpsdrvnt.sys [ Symantec Corporation ]
R3 WpsHelper;WpsHelper; C:\WINDOWS\system32\drivers\WpsHelper.sys [ Symantec C

orporation ]
================================================================================
u@{:
2011-07-01 C:\WINDOWS\TASKS\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 11:03 135664]
2011-06-29 C:\WINDOWS\TASKS\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 11:03 135664]
2011-07-01 C:\WINDOWS\TASKS\RealUpgradeLogonTaskS-1-5-21-1644491937-1960408961-1
417001333-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe []
2010-11-19 C:\WINDOWS\TASKS\RealUpgradeScheduledTaskS-1-5-21-1644491937-19604089
61-1417001333-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe []
IE ]w:
Internet Explorer Version: 6.0.2900.5512
HKCU - Start Page = hxxp://tw.yahoo.com/
HKCU - Extra menu item: &UHU?} - C:\Program Files\NamiRobot\Data\du.html
HKLM - Extensions: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Dia
gnostic\xpnetdiag.exe
HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Mes
senger\msmsgs.exe
DNS: {69A007EE-9CB3-42EC-8056-644FE0D9700A} - 163.28.112.1,163.28.113.1
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\hidedeskt
opicons\newstartpanel]
{20D04FE0-3AEA-1069-A2D8-08002B30309D}=DWORD:00000001
{450D8FBA-AD25-11D0-98A8-0800361B1103}=DWORD:00000001
{208D2C60-3AEA-1069-A2D7-08002B30309D}=DWORD:00000001
{871C5380-42A0-1069-A2EA-08002B30309D}=DWORD:00000001
************************* HKLM\...\NAMESPACE *************************
.
{1f4de370-d627-11d1-ba4f-00a0c91eedba} - My Computer
{450D8FBA-AD25-11D0-98A8-0800361B1103} - My Documents
{645FF040-5081-101B-9F08-00AA002F954E} - Recycle Bin
{e17d4fc0-5564-11d1-83f2-00a0c90dc849} - Windows Search
************************* HKCU\...\NAMESPACE *************************
.
************************* HKU\(S-1-1-21...)\NAMESPACE ****************
.
************************* HKCR\CLSID\...\COMMAND *********************
.
[HKEY_CLASSES_ROOT\CLSID\{C41D93B8-0B87-478A-B793-1908EDB2144D}\Shell\Open\Comma
nd]
@=C:\Program Files\Symantec\LiveUpdate\LUCONFIG.EXE
************************* HKLM\SOFTWARE\Classes\CLSID\...\COMMAND ****
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41D93B8-0B87-478A-B793-1908EDB2144D
}\Shell\Open\Command]
************************* HKCU\SOFTWARE\Classes\CLSID\...\COMMAND ****
.
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{C41D93B8-0B87-478A-B793-1908EDB2144D}
\Shell\Open\Command]
FIREFOX DEFAULT PREFS.JS
"C:\Documents and Settings\XP\Application Data\MOZILLA\FIREFOX\PROFILES\kplf5dje
.default\prefs.js"
user_pref("browser.startup.homepage", "hxxp://tw.yahoo.com/");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.18");
************************* FILES SCAN *********************************
C:\Documents and Settings\XP\\

EF2011012201.EXE - C:\Documents and Settings\XP\\EF2011012201.EXE [ N/A ]
Team 6 PPT.rar - C:\Documents and Settings\XP\\Team 6 PPT.rar [ N/A ]
Thumbs.db - C:\Documents and Settings\XP\\Thumbs.db [ N/A ]
~$ Appendix-_CARACAR_tables.doc - C:\Documents and Settings\XP\\~$ Appendix-_CARACAR
_tables.doc [ N/A ]
~$nking channel papers to download 20091214.doc - C:\Documents and Settings\XP\\~$nk
ing channel papers to download 20091214.doc [ N/A ]
~$pendix-_CARACAR_tables[1].doc - C:\Documents and Settings\XP\\~$pendix-_CARACAR_ta
bles[1].doc [ N/A ]
~$thesis.doc - C:\Documents and Settings\XP\\~$thesis.doc [ N/A ]
~$OISEMG.doc - C:\Documents and Settings\XP\\~$OISEMG.doc [ N/A ]
~$OI(2).doc - C:\Documents and Settings\XP\\~$OI(2).doc [ N/A ]
~$xdpe07.docx - C:\Documents and Settings\XP\\~$xdpe07.docx [ N/A ]
~$|pe20091218 Ann's version.doc - C:\Documents and Settings\XP\\~$|pe
A ]
~$j??.docx - C:\Documents and Settings\XP\\~$j??.docx [ N/A ]
~$.docx - C:\Documents and Settings\XP\\~$.docx [ N/A ]
~$2010_1_a290ab9c.doc - C:\Documents and Settings\XP\\~$2010_1_a290ab9c
~$~1.doc - C:\Documents and Settings\XP\\~$~1.doc [ N/A ]
~$ sk(1).docx - C:\Documents and Settings\XP\\~$ sk(1).docx [ N/A ]
~$OI.doc - C:\Documents and Settings\XP\\~$OI.doc [ N/A ]
~$|PiN~peiH~T{q.doc_.doc - C:\Documents and Settings\XP\
~WRL0001.tmp - C:\Documents and Settings\XP\\~WRL0001.tmp [ N/A ]
C:\Documents and Settings\XP\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK
LAUNCH\
Aquarium Time.lnk - C:\WINDOWS\system32\MarineAquariumTime.scr [ N/A ]
Goldfish Aquarium.lnk - C:\WINDOWS\system32\Goldfish.scr [ N/A ]
Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [ Micr
osoft Corporation ]
Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [ Mozilla C
orporation ]
PCMan 2004 Combo.lnk - C:\Program Files\PCMan Combo\PCMan.exe [ x ]
Sharks, Terrors of the Deep MD.lnk - C:\WINDOWS\system32\SharksMD.scr [ N/A ]
Internet Explorer s.lnk - C:\Program Files\Internet Explorer\iexplore.exe
Corporation ]
[ Mic
.scf - C:\Documents and Settings\XP\Application Data\MICROSOFT\INTERNET EXPLORER\QU

AUNCH\.scf [ N/A ]
================================================================================
Win32/Conficker worm has not been found active in the memory.
Do you want to perform scanning and cleaning anyway? (y/n)
Nothing was found.
Checking for Win32/Conficker.AA files:
Nothing was found.
================================================================================
a:
c:
d:
e:
Removable
Fixed
Fixed
CDROM
0MB
35625MB
78419MB
0MB
0MB
70009MB
87055MB
4018MB
NTFS
NTFS
UDF
NOTREADY
READY
READY
READY
================================================================================
y: 2011-07-01 15:27:29.73
[/CODE]

Log

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Log

Загружено:

Авторское право:

Доступные форматы

[CODE]

EFIX 5.7 20110122.01 - 2011-07-01 15:24:45 - NTFS

Created 2011-06 -- 2011-07 Files:

Modified 2011-06 -- 2011-07 files:

[V] [PID: 1600 ] C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.ex

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ Intel Corporation ]

[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;

R3 WpsHelper;WpsHelper; C:\WINDOWS\system32\drivers\WpsHelper.sys [ Symantec C

C:\Documents and Settings\XP\\

.scf - C:\Documents and Settings\XP\Application Data\MICROSOFT\INTERNET EXPLORER\QU

Вам также может понравиться