Deckard's System Scanner v20071014.68
Run by voland on 2008-04-02 11:02:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; access is denied.


Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 247 MiB (512 MiB recommended).[/color]


-- HijackThis (run as voland.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:44, on 02.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
Z:\Work\305\Network test\avz4\avz4\avz.exe
Z:\Work\305\Network test\dss.exe
Z:\Work\305\NETWOR~1\HIJACK~1\voland.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &  Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button:   - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pc-center.edu
O17 - HKLM\Software\..\Telephony: DomainName = pc-center.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pc-center.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pc-center.edu
O23 - Service:   (Eventlog) -   - C:\WINDOWS\system32\services.exe
O23 - Service:  COM  - IMAPI (ImapiService) -   - C:\WINDOWS\system32\imapi.exe
O23 - Service: Plug and Play (PlugPlay) -   - C:\WINDOWS\system32\services.exe
O23 - Service:        (RDSessMgr) -   - C:\WINDOWS\system32\sessmgr.exe
O23 - Service:     (SysmonLog) -   - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service:    (VSS) -   - C:\WINDOWS\System32\vssvc.exe
O23 - Service:   WMI (WmiApSrv) -   - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 4121 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-02 and 2008-04-02 -----------------------------

2008-04-02 11:02:35         0 d-------- Z:\Deckard
2008-04-02 10:45:37         0 d--h----- C:\Documents and Settings\voland\Local Settings
2008-04-02 10:45:22         0 d-------- C:\Documents and Settings\voland\Application Data\EPSON
2008-04-02 10:45:22         0 d-------- C:\Documents and Settings\voland\Application Data\DivX
2008-04-02 10:45:22         0 d-------- C:\Documents and Settings\voland\Application Data\Borland
2008-04-02 10:45:22         0 d-------- C:\Documents and Settings\voland\Application Data\Auslogics
2008-04-02 10:45:22         0 d-------- C:\Documents and Settings\voland\Application Data\ABBYY
2008-04-02 10:45:22         0 d-------- C:\Documents and Settings\voland\Application Data\1C
2008-04-02 10:45:22         0 d-------- C:\Documents and Settings\voland\.CodeBlocks
2008-04-02 10:45:21         0 d--h----- C:\Documents and Settings\voland\
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\ 
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\ 
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\ 
2008-04-02 10:45:21         0 d--h----- C:\Documents and Settings\voland\SendTo
2008-04-02 10:45:21         0 d--h----- C:\Documents and Settings\voland\Recent
2008-04-02 10:45:21         0 d--h----- C:\Documents and Settings\voland\PrintHood
2008-04-02 10:45:21         0 d--h----- C:\Documents and Settings\voland\NetHood
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\logs
2008-04-02 10:45:21         0 d--hs---- C:\Documents and Settings\voland\Cookies
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\Application Data
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\Application Data\Windows Desktop Search
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\Application Data\U3
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\Application Data\TrojanHunter
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\Application Data\TMP
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\Application Data\StatSoft
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\Application Data\Mozilla
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\Application Data\MathWorks
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\Application Data\Macromedia
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\Application Data\InfraRecorder
2008-04-02 10:45:21         0 d-------- C:\Documents and Settings\voland\Application Data\Identities
2008-04-02 10:45:19   1835008 --ah----- C:\Documents and Settings\voland\NTUSER.DAT
2008-04-01 15:33:29         0 d--h----- C:\Documents and Settings\6004eco\Local Settings
2008-04-01 15:33:28         0 d--h----- C:\Documents and Settings\6004eco\
2008-04-01 15:33:28         0 d-------- C:\Documents and Settings\6004eco\ 
2008-04-01 15:33:28         0 dr------- C:\Documents and Settings\6004eco\ 
2008-04-01 15:33:28         0 dr------- C:\Documents and Settings\6004eco\
2008-04-01 15:33:28         0 dr------- C:\Documents and Settings\6004eco\ 
2008-04-01 15:33:28         0 dr-h----- C:\Documents and Settings\6004eco\SendTo
2008-04-01 15:33:28         0 dr-h----- C:\Documents and Settings\6004eco\Recent
2008-04-01 15:33:28         0 d--h----- C:\Documents and Settings\6004eco\PrintHood
2008-04-01 15:33:28         0 d--h----- C:\Documents and Settings\6004eco\NetHood
2008-04-01 15:33:28         0 d--hs---- C:\Documents and Settings\6004eco\Cookies
2008-04-01 15:33:28         0 dr-h----- C:\Documents and Settings\6004eco\Application Data
2008-04-01 15:33:28         0 d---s---- C:\Documents and Settings\6004eco\Application Data\Microsoft
2008-04-01 15:33:28         0 d-------- C:\Documents and Settings\6004eco\Application Data\Identities
2008-04-01 15:33:27   1048576 --ah----- C:\Documents and Settings\6004eco\NTUSER.DAT
2008-03-28 11:55:24         0 d-------- Z:\.Trash-voland
2008-03-27 17:35:00         0 d-------- C:\Program Files\VS Revo Group
2008-03-27 17:24:34         0 d-------- C:\Program Files\nwps
2008-03-27 09:40:42         0 d--h----- C:\Documents and Settings\597eco\Local Settings
2008-03-27 09:40:41         0 d-------- C:\Documents and Settings\597eco\Application Data\Identities
2008-03-27 09:40:41         0 d-------- C:\Documents and Settings\597eco\Application Data\Help
2008-03-27 09:40:41         0 d--hs---- C:\Documents and Settings\597eco\Application Data\.#
2008-03-27 09:40:40         0 d--h----- C:\Documents and Settings\597eco\
2008-03-27 09:40:40         0 d-------- C:\Documents and Settings\597eco\ 
2008-03-27 09:40:40         0 dr------- C:\Documents and Settings\597eco\ 
2008-03-27 09:40:40         0 dr------- C:\Documents and Settings\597eco\
2008-03-27 09:40:40         0 dr------- C:\Documents and Settings\597eco\ 
2008-03-27 09:40:40         0 dr-h----- C:\Documents and Settings\597eco\SendTo
2008-03-27 09:40:40         0 dr-h----- C:\Documents and Settings\597eco\Recent
2008-03-27 09:40:40         0 d--h----- C:\Documents and Settings\597eco\PrintHood
2008-03-27 09:40:40         0 d--h----- C:\Documents and Settings\597eco\NetHood
2008-03-27 09:40:40         0 d--hs---- C:\Documents and Settings\597eco\Cookies
2008-03-27 09:40:40         0 dr-h----- C:\Documents and Settings\597eco\Application Data
2008-03-27 09:40:40         0 d---s---- C:\Documents and Settings\597eco\Application Data\Microsoft
2008-03-27 09:40:38   1048576 --ah----- C:\Documents and Settings\597eco\NTUSER.DAT
2008-03-22 11:35:35         0 d--h----- C:\Documents and Settings\801vst\Local Settings
2008-03-22 11:34:54         0 d-------- C:\Documents and Settings\801vst\Application Data\1C
2008-03-22 11:34:54         0 d--hs---- C:\Documents and Settings\801vst\Application Data\.#
2008-03-22 11:34:54         0 d--h----- C:\Documents and Settings\801vst\.secf119
2008-03-22 11:34:54         0 d--h----- C:\Documents and Settings\801vst\.mywz118
2008-03-22 11:34:54         0 d--h----- C:\Documents and Settings\801vst\.lxvy117
2008-03-22 11:34:54         0 d--h----- C:\Documents and Settings\801vst\.lxvy107
2008-03-22 11:34:54         0 d-------- C:\Documents and Settings\801vst\.gimp-2.4
2008-03-22 11:34:54         0 d--h----- C:\Documents and Settings\801vst\.eqor109
2008-03-22 11:34:54         0 d-------- C:\Documents and Settings\801vst\.borland
2008-03-22 11:34:53         0 d-------- C:\Documents and Settings\801vst\Application Data\Help
2008-03-22 11:34:53         0 d-------- C:\Documents and Settings\801vst\Application Data\Garant-NET
2008-03-22 11:34:53         0 d-------- C:\Documents and Settings\801vst\Application Data\EPSON
2008-03-22 11:34:53         0 d-------- C:\Documents and Settings\801vst\Application Data\Corel
2008-03-22 11:34:53         0 d-------- C:\Documents and Settings\801vst\Application Data\Autodesk
2008-03-22 11:34:53         0 d-------- C:\Documents and Settings\801vst\Application Data\Adobe
2008-03-22 11:34:53         0 d-------- C:\Documents and Settings\801vst\Application Data\ACD Systems
2008-03-22 11:34:53         0 d-------- C:\Documents and Settings\801vst\Application Data\ABBYY
2008-03-22 11:34:52         0 d-------- C:\Documents and Settings\801vst\Application Data\MathWorks
2008-03-22 11:34:52         0 d-------- C:\Documents and Settings\801vst\Application Data\Mathsoft
2008-03-22 11:34:52         0 d-------- C:\Documents and Settings\801vst\Application Data\Mathematica
2008-03-22 11:34:52         0 d-------- C:\Documents and Settings\801vst\Application Data\Identities
2008-03-22 11:34:51         0 dr-h----- C:\Documents and Settings\801vst\SendTo
2008-03-22 11:34:51         0 dr-h----- C:\Documents and Settings\801vst\Recent
2008-03-22 11:34:51         0 d--h----- C:\Documents and Settings\801vst\PrintHood
2008-03-22 11:34:51         0 d--h----- C:\Documents and Settings\801vst\NetHood
2008-03-22 11:34:51         0 d-------- C:\Documents and Settings\801vst\logs
2008-03-22 11:34:51         0 d--hs---- C:\Documents and Settings\801vst\Cookies
2008-03-22 11:34:51         0 dr-h----- C:\Documents and Settings\801vst\Application Data
2008-03-22 11:34:51         0 d-------- C:\Documents and Settings\801vst\Application Data\StatSoft
2008-03-22 11:34:51         0 d-------- C:\Documents and Settings\801vst\Application Data\Opera
2008-03-22 11:34:51         0 d-------- C:\Documents and Settings\801vst\Application Data\Nvu
2008-03-22 11:34:51         0 d-------- C:\Documents and Settings\801vst\Application Data\Mozilla
2008-03-22 11:34:51         0 d---s---- C:\Documents and Settings\801vst\Application Data\Microsoft
2008-03-22 11:34:50         0 dr------- C:\Documents and Settings\801vst\
2008-03-22 11:34:50         0 dr------- C:\Documents and Settings\801vst\ 
2008-03-22 11:34:49         0 d--h----- C:\Documents and Settings\801vst\
2008-03-22 11:34:49         0 d-------- C:\Documents and Settings\801vst\ 
2008-03-22 11:34:49         0 dr------- C:\Documents and Settings\801vst\ 
2008-03-22 11:34:48   1048576 --ah----- C:\Documents and Settings\801vst\NTUSER.DAT
2008-03-21 13:25:11         0 d--h----- C:\Documents and Settings\588eco\Local Settings
2008-03-21 13:25:10         0 d--h----- C:\Documents and Settings\588eco\
2008-03-21 13:25:10         0 d-------- C:\Documents and Settings\588eco\ 
2008-03-21 13:25:10         0 dr------- C:\Documents and Settings\588eco\ 
2008-03-21 13:25:10         0 dr------- C:\Documents and Settings\588eco\
2008-03-21 13:25:10         0 dr------- C:\Documents and Settings\588eco\ 
2008-03-21 13:25:10         0 dr-h----- C:\Documents and Settings\588eco\SendTo
2008-03-21 13:25:10         0 dr-h----- C:\Documents and Settings\588eco\Recent
2008-03-21 13:25:10         0 d--h----- C:\Documents and Settings\588eco\PrintHood
2008-03-21 13:25:10         0 d--h----- C:\Documents and Settings\588eco\NetHood
2008-03-21 13:25:10         0 d--hs---- C:\Documents and Settings\588eco\Cookies
2008-03-21 13:25:10         0 dr-h----- C:\Documents and Settings\588eco\Application Data
2008-03-21 13:25:10         0 d---s---- C:\Documents and Settings\588eco\Application Data\Microsoft
2008-03-21 13:25:10         0 d-------- C:\Documents and Settings\588eco\Application Data\Identities
2008-03-21 13:25:10         0 d-------- C:\Documents and Settings\588eco\Application Data\Help
2008-03-21 13:25:08    913408 --ah----- C:\Documents and Settings\588eco\NTUSER.DAT
2008-03-21 11:46:27         0 d--h----- C:\Documents and Settings\621eco\Local Settings
2008-03-21 11:46:26         0 d--h----- C:\Documents and Settings\621eco\
2008-03-21 11:46:26         0 d-------- C:\Documents and Settings\621eco\ 
2008-03-21 11:46:26         0 dr------- C:\Documents and Settings\621eco\ 
2008-03-21 11:46:26         0 dr------- C:\Documents and Settings\621eco\
2008-03-21 11:46:26         0 dr------- C:\Documents and Settings\621eco\ 
2008-03-21 11:46:26         0 dr-h----- C:\Documents and Settings\621eco\SendTo
2008-03-21 11:46:26         0 dr-h----- C:\Documents and Settings\621eco\Recent
2008-03-21 11:46:26         0 d--h----- C:\Documents and Settings\621eco\PrintHood
2008-03-21 11:46:26         0 d--h----- C:\Documents and Settings\621eco\NetHood
2008-03-21 11:46:26         0 d--hs---- C:\Documents and Settings\621eco\Cookies
2008-03-21 11:46:26         0 dr-h----- C:\Documents and Settings\621eco\Application Data
2008-03-21 11:46:26         0 d---s---- C:\Documents and Settings\621eco\Application Data\Microsoft
2008-03-21 11:46:26         0 d-------- C:\Documents and Settings\621eco\Application Data\Identities
2008-03-21 11:46:24   1048576 --ah----- C:\Documents and Settings\621eco\NTUSER.DAT
2008-03-14 15:31:26         0 d--h----- C:\Documents and Settings\001olimp\Local Settings
2008-03-14 15:31:26         0 d-------- C:\Documents and Settings\001olimp\Application Data\Identities
2008-03-14 15:31:26         0 d-------- C:\Documents and Settings\001olimp\Application Data\1C
2008-03-14 15:31:25         0 d--h----- C:\Documents and Settings\001olimp\
2008-03-14 15:31:25         0 d-------- C:\Documents and Settings\001olimp\ 
2008-03-14 15:31:25         0 dr------- C:\Documents and Settings\001olimp\ 
2008-03-14 15:31:25         0 dr------- C:\Documents and Settings\001olimp\
2008-03-14 15:31:25         0 dr------- C:\Documents and Settings\001olimp\ 
2008-03-14 15:31:25         0 dr-h----- C:\Documents and Settings\001olimp\SendTo
2008-03-14 15:31:25         0 dr-h----- C:\Documents and Settings\001olimp\Recent
2008-03-14 15:31:25         0 d--h----- C:\Documents and Settings\001olimp\PrintHood
2008-03-14 15:31:25         0 d--h----- C:\Documents and Settings\001olimp\NetHood
2008-03-14 15:31:25         0 d--hs---- C:\Documents and Settings\001olimp\Cookies
2008-03-14 15:31:25         0 dr-h----- C:\Documents and Settings\001olimp\Application Data
2008-03-14 15:31:25         0 d---s---- C:\Documents and Settings\001olimp\Application Data\Microsoft
2008-03-14 15:31:24    786432 --ah----- C:\Documents and Settings\001olimp\NTUSER.DAT
2008-03-14 09:31:48         0 d--h----- C:\Documents and Settings\7001jur\Local Settings
2008-03-14 09:31:47         0 d--h----- C:\Documents and Settings\7001jur\
2008-03-14 09:31:47         0 d-------- C:\Documents and Settings\7001jur\ 
2008-03-14 09:31:47         0 dr------- C:\Documents and Settings\7001jur\ 
2008-03-14 09:31:47         0 dr------- C:\Documents and Settings\7001jur\
2008-03-14 09:31:47         0 dr------- C:\Documents and Settings\7001jur\ 
2008-03-14 09:31:47         0 dr-h----- C:\Documents and Settings\7001jur\SendTo
2008-03-14 09:31:47         0 dr-h----- C:\Documents and Settings\7001jur\Recent
2008-03-14 09:31:47         0 d--h----- C:\Documents and Settings\7001jur\PrintHood
2008-03-14 09:31:47         0 d--h----- C:\Documents and Settings\7001jur\NetHood
2008-03-14 09:31:47         0 d--hs---- C:\Documents and Settings\7001jur\Cookies
2008-03-14 09:31:47         0 dr-h----- C:\Documents and Settings\7001jur\Application Data
2008-03-14 09:31:47         0 d---s---- C:\Documents and Settings\7001jur\Application Data\Microsoft
2008-03-14 09:31:47         0 d-------- C:\Documents and Settings\7001jur\Application Data\Identities
2008-03-14 09:31:46    786432 --ah----- C:\Documents and Settings\7001jur\NTUSER.DAT
2008-03-10 11:20:52         0 d--h----- C:\Documents and Settings\7013eco\Local Settings
2008-03-10 11:20:51         0 d--h----- C:\Documents and Settings\7013eco\
2008-03-10 11:20:51         0 d-------- C:\Documents and Settings\7013eco\ 
2008-03-10 11:20:51         0 dr------- C:\Documents and Settings\7013eco\ 
2008-03-10 11:20:51         0 dr------- C:\Documents and Settings\7013eco\
2008-03-10 11:20:51         0 dr------- C:\Documents and Settings\7013eco\ 
2008-03-10 11:20:51         0 dr-h----- C:\Documents and Settings\7013eco\SendTo
2008-03-10 11:20:51         0 dr-h----- C:\Documents and Settings\7013eco\Recent
2008-03-10 11:20:51         0 d--h----- C:\Documents and Settings\7013eco\PrintHood
2008-03-10 11:20:51         0 d--h----- C:\Documents and Settings\7013eco\NetHood
2008-03-10 11:20:51         0 d--hs---- C:\Documents and Settings\7013eco\Cookies
2008-03-10 11:20:51         0 dr-h----- C:\Documents and Settings\7013eco\Application Data
2008-03-10 11:20:51         0 d---s---- C:\Documents and Settings\7013eco\Application Data\Microsoft
2008-03-10 11:20:51         0 d-------- C:\Documents and Settings\7013eco\Application Data\Identities
2008-03-10 11:20:49    786432 --ah----- C:\Documents and Settings\7013eco\NTUSER.DAT
2008-03-07 09:36:39         0 d--h----- C:\Documents and Settings\7007jur\
2008-03-07 09:36:39         0 d-------- C:\Documents and Settings\7007jur\ 
2008-03-07 09:36:39         0 dr------- C:\Documents and Settings\7007jur\ 
2008-03-07 09:36:39         0 dr------- C:\Documents and Settings\7007jur\
2008-03-07 09:36:39         0 dr------- C:\Documents and Settings\7007jur\ 
2008-03-07 09:36:39         0 dr-h----- C:\Documents and Settings\7007jur\SendTo
2008-03-07 09:36:39         0 dr-h----- C:\Documents and Settings\7007jur\Recent
2008-03-07 09:36:39         0 d--h----- C:\Documents and Settings\7007jur\PrintHood
2008-03-07 09:36:39         0 d--h----- C:\Documents and Settings\7007jur\NetHood
2008-03-07 09:36:39         0 d--h----- C:\Documents and Settings\7007jur\Local Settings
2008-03-07 09:36:39         0 d--hs---- C:\Documents and Settings\7007jur\Cookies
2008-03-07 09:36:39         0 dr-h----- C:\Documents and Settings\7007jur\Application Data
2008-03-07 09:36:39         0 d---s---- C:\Documents and Settings\7007jur\Application Data\Microsoft
2008-03-07 09:36:39         0 d-------- C:\Documents and Settings\7007jur\Application Data\Identities
2008-03-07 09:36:38    786432 --ah----- C:\Documents and Settings\7007jur\NTUSER.DAT
2008-03-05 09:52:23         0 d-------- C:\Documents and Settings\ozo06tvr\Application Data\Identities
2008-03-05 09:52:05         0 d--h----- C:\Documents and Settings\ozo06tvr\
2008-03-05 09:52:05         0 d-------- C:\Documents and Settings\ozo06tvr\ 
2008-03-05 09:52:05         0 dr------- C:\Documents and Settings\ozo06tvr\ 
2008-03-05 09:52:05         0 dr------- C:\Documents and Settings\ozo06tvr\
2008-03-05 09:52:05         0 dr------- C:\Documents and Settings\ozo06tvr\ 
2008-03-05 09:52:05         0 dr-h----- C:\Documents and Settings\ozo06tvr\SendTo
2008-03-05 09:52:05         0 dr-h----- C:\Documents and Settings\ozo06tvr\Recent
2008-03-05 09:52:05         0 d--h----- C:\Documents and Settings\ozo06tvr\PrintHood
2008-03-05 09:52:05    786432 --ah----- C:\Documents and Settings\ozo06tvr\NTUSER.DAT
2008-03-05 09:52:05         0 d--h----- C:\Documents and Settings\ozo06tvr\NetHood
2008-03-05 09:52:05         0 d--h----- C:\Documents and Settings\ozo06tvr\Local Settings
2008-03-05 09:52:05         0 d--hs---- C:\Documents and Settings\ozo06tvr\Cookies
2008-03-05 09:52:05         0 dr-h----- C:\Documents and Settings\ozo06tvr\Application Data
2008-03-05 09:52:05         0 d---s---- C:\Documents and Settings\ozo06tvr\Application Data\Microsoft
2008-03-04 19:17:24    173416 --a------ Z:\config_.reg


-- Find3M Report ---------------------------------------------------------------

2008-03-30 11:02:42    475398 --a------ C:\WINDOWS\system32\perfh019.dat
2008-03-30 11:02:42     80124 --a------ C:\WINDOWS\system32\perfc019.dat
2008-02-28 16:27:56         0 d-------- C:\Program Files\Ast-Centre
2008-02-28 16:09:28         0 d-------- C:\Program Files\1cv8
2008-02-28 16:07:40         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-28 16:06:01         0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-28 16:04:19         0 d-------- C:\Program Files\1cv81
2008-02-28 16:03:02      6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2008-02-28 16:03:02       383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-01-24 17:41:06        62 --ahs---- C:\Documents and Settings\voland\Application Data\desktop.ini
2008-01-24 14:49:13     22564 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07.04.2003 11:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [02.03.2006 16:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=1 (0x1)
"HideShutdownScripts"=1 (0x1)
"LogonType"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)
"NoMSAppLogo5ChannelNotify"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

*Newly Created Service* - UTM3MTQ3



-- End of Deckard's System Scanner: finished at 2008-04-02 11:05:27 ------------

