лечение TR/Packed.22159, BDS/Prorat.JYP, TR/Agent.812314

This topic has 6 ответов, 2 участника, and was last updated 14 years, 2 months назад by icav.

Просмотр 7 сообщений - с 1 по 7 (из 7 всего)

Автор

Сообщения
4 сентября, 2010 в 2:38 пп #18652
icav
Participant
- Темы:1
- Сообщений:4
Доброго дня суток всем!
на компе (целик 1.7, via, win xp pro, Avira) есть 3 вот эти трояна — TR/Packed.22159, BDS/Prorat.JYP, TR/Agent.812314.
Определяются только авирой и нортоном (из того, что было). drweb, avz и каспер не видят их. В общем жить они не мешают… но всё же хотелось бы файлы вылечить без удаления (авира хоть спрашивает, нортон же тупо удаляет, но никто не лечит).

Что можно сделать?

Logfile of random’s system information tool 1.08 (written by random/random)
Run by Yulian Kolesnikov at 2010-09-04 18:20:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (40%) free of 56 GB
Total RAM: 447 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:57, on 04.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32M-AudioTaskBarIcon.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesRegistry Repair ProRegistryRepairPro.exe
C:Program FilesCommonSchedulerwcomschd.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program Filestotalcmd7.50aTOTALCMD.EXE
C:Documents and SettingsYulian KolesnikovDesktopRSIT.exe
C:Program Filestrend microYulian Kolesnikov.exe

R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
O2 — BHO: AcroIEHelperStub — {18DF081C-E8AD-4283-A596-FA578C2EBDC3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 — BHO: IE 4.x-6.x BHO for Download Master — {9961627E-4059-41B4-8E0E-A7D6B3854ADF} — C:PROGRA~1DOWNLO~1dmiehlp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O4 — HKLM..Run: [M-Audio Taskbar Icon] C:WINDOWSSystem32M-AudioTaskBarIcon.exe
O4 — HKLM..Run: [avgnt] «C:Program FilesAviraAntiVir Desktopavgnt.exe» /min
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: Registry Repair Pro.lnk = C:Program FilesRegistry Repair ProRegistryRepairPro.exe
O4 — Startup: Scheduler.lnk = C:Program FilesCommonSchedulerwcomschd.exe
O8 — Extra context menu item: Translate with Lingvo — res://C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
O8 — Extra context menu item: Закачать ВСЕ при помощи Download Master — C:Program FilesDownload Masterdmieall.htm
O8 — Extra context menu item: Закачать при помощи Download Master — C:Program FilesDownload Masterdmie.htm
O8 — Extra context menu item: Передать на удаленную закачку DM — C:Program FilesDownload Masterremdown.htm
O9 — Extra button: Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra ‘Tools’ menuitem: &Download Master — {8DAE90AD-4583-4977-9DD4-4360F7A45C74} — C:Program FilesDownload Masterdmaster.exe
O9 — Extra button: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:WINDOWSSystem32shdocvw.dll
O9 — Extra ‘Tools’ menuitem: ICQ Lite — {B863453A-26C3-4e1f-A54D-A2CD196348E9} — C:WINDOWSSystem32shdocvw.dll
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O16 — DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) — http://go.microsoft.com/fwlink/?linkid=39204
O16 — DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} — http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 — HKLMSystemCCSServicesTcpip..{6ABE78B0-B412-4DBE-996C-C78651643115}: NameServer = 212.48.193.37 213.158.7.2
O17 — HKLMSystemCCSServicesTcpip..{C0742B27-1F65-4671-9A9F-21FF0AC60C98}: NameServer = 192.168.1.1
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 — SharedTaskScheduler: Browseui preloader — {438755C2-A8BA-11D1-B96B-00A0C90312E1} — C:WINDOWSSystem32browseui.dll
O22 — SharedTaskScheduler: Component Categories cache daemon — {8C7461EF-2B13-11d2-BE35-3078302C2030} — C:WINDOWSSystem32browseui.dll
O23 — Service: Avira AntiVir Планировщик (AntiVirSchedulerService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopsched.exe
O23 — Service: Avira AntiVir Guard (AntiVirService) — Avira GmbH — C:Program FilesAviraAntiVir Desktopavguard.exe
O23 — Service: NBService — Nero AG — C:Program FilesNeroNero 7Nero BackItUpNBService.exe

—
End of file — 5214 bytes

======Scheduled tasks folder======

C:WINDOWStasks$~$Sys0$.job
C:WINDOWStasksGoogleUpdateTaskMachineCore1cac6c579f57c8e.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2010-07-27 165184]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«M-Audio Taskbar Icon»=C:WINDOWSSystem32M-AudioTaskBarIcon.exe [2008-05-15 356864]
«avgnt»=C:Program FilesAviraAntiVir Desktopavgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 9.3ReaderReader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdVantage]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcoholAutomount]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregavgnt]
C:Program FilesAviraAntiVir Desktopavgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
C:Program FilesDownload Masterdmaster.exe [2010-07-27 3803968]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregegui]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEPSON Stylus C62 Series]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGW Port Controller]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH2O]
C:Program FilesSyncroSoftPosH2Ocledx.exe [2005-10-23 385024]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHPUsageTracking]
C:Program FilesHPHP UTbinhppusg.exe C:Program FilesHPHP UT []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregICQ Lite]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInCD]
C:Program FilesNeroNero 7InCDInCD.exe [2008-05-06 1057064]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]
C:WINDOWSsystem32dumprep 0 -k []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
C:Program FilesABBYY Lingvo 10 Multilingual DictionaryLvagent.exe [2004-10-09 110592]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvoTraining]
C:Program FilesABBYY Lingvo 10 Multilingual DictionaryTutor.exe [2004-10-09 1159168]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
C:Program FilesMessengermsmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesAheadLibNeroCheck.exe [2008-05-28 570664]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOSSelectorReinstall]
C:Program FilesCommon FilesAcronisAcronis Disk Directoross_reinstall.exe [2007-03-26 2227256]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPinnacleDriverCheck]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPrintDisp]
C:WINDOWSsystem32PrintDisp.exe [2009-08-21 878080]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSecurDisc]
C:Program FilesNeroNero 7InCDNBHGui.exe [2008-05-06 1629480]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
C:Program FilesSkypePhoneSkype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
C:WINDOWSSOUNDMAN.EXE [2005-08-17 90112]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program FilesJavajre6binjusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsystemsrvload]
C:recoverWINDOWSsystem32svchost.exe [2004-08-18 14336]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregToolBoxFX]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrafMonitor]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrickler]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreguTorrent]
C:Program FilesuTorrentuTorrent.exe [2010-06-08 322352]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVTTimer]
C:WINDOWSsystem32VTTimer.exe [2005-03-08 53248]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMC_AutoUpdate]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:PROGRA~1MICROS~4Office10OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Порт Symantec Fax Starter Edition.lnk]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Средство управления клиента межсетевого экрана Microsoft.lnk]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Punto Switcher.lnk]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Registration Myst V]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Scheduler.lnk]
C:PROGRA~1CommonSCHEDU~1wcomschd.exe [2007-07-24 464240]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^UserGate Agent.lnk]
[]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«WmdmPmSp»=2
«W32Time»=2
«Themes»=2
«Schedule»=2
«RemoteRegistry»=2
«Messenger»=2
«helpsvc»=2
«Eventlog»=2
«SLService»=2
«ProtexisLicensing»=2
«Printer Control»=2
«PLFlash DeviceIoControl Service»=2
«NMIndexingService»=3
«NIHardwareService»=2
«NeroRegInCDSrv»=2
«JavaQuickStarterService»=2
«InCDsrv»=2
«gupdate1c9cb5ba7f43352″=2
«Adobe LM Service»=3

C:Documents and SettingsYulian KolesnikovStart MenuProgramsStartup
Registry Repair Pro.lnk — C:Program FilesRegistry Repair ProRegistryRepairPro.exe
Scheduler.lnk — C:Program FilesCommonSchedulerwcomschd.exe

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
«notification packages»=
scecli
scecli

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=1

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesuTorrentuTorrent.exe»=»C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent»
«C:Program FilesSkypePlugin ManagerskypePM.exe»=»C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager»
«C:WINDOWSsystem32dpvsetup.exe»=»C:WINDOWSsystem32dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test»
«C:WINDOWSsystem32rundll32.exe»=»C:WINDOWSsystem32rundll32.exe:*:Enabled:Run a DLL as an App»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program Files1cv81bin1cv8.exe»=»C:Program Files1cv81bin1cv8.exe:*:Enabled:1cv8»
«C:Program FilesFoxit PDF EditorPDFEdit.exe»=»C:Program FilesFoxit PDF EditorPDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»

======List of files/folders created in the last 1 months======

2010-09-04 18:09:19 —-ASH—- C:hiberfil.sys
2010-09-04 17:45:59 —-A—- C:WINDOWSsystem32driversavipbb.sys
2010-09-04 17:45:59 —-A—- C:WINDOWSsystem32driversavgntmgr.sys
2010-09-04 17:45:59 —-A—- C:WINDOWSsystem32driversavgntdd.sys
2010-09-04 17:45:56 —-A—- C:WINDOWSsystem32driversssmdrv.sys
2010-09-04 17:45:54 —-D—- C:Program FilesAvira
2010-09-04 17:45:54 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataAvira
2010-09-04 17:18:48 —-D—- C:Program Filestrend micro
2010-09-04 17:18:47 —-D—- C:rsit
2010-09-04 16:25:54 —-A—- C:WINDOWSsystem32driversuzi0ntaz.sys
2010-09-04 15:13:47 —-D—- C:Program FilesWindows Sidebar
2010-09-04 15:13:38 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataNorton
2010-09-04 15:12:47 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataNortonInstaller
2010-09-04 14:54:35 —-D—- C:Documents and SettingsYulian KolesnikovApplication DataThinstall
2010-09-04 09:30:06 —-D—- C:Documents and SettingsYulian KolesnikovApplication DataInstaller
2010-08-29 23:36:49 —-D—- C:Program Filesofftimer
2010-08-24 17:48:49 —-D—- C:Documents and SettingsYulian KolesnikovApplication DataDownload Master
2010-08-24 17:48:25 —-D—- C:Program FilesDownload Master
2010-08-24 10:31:15 —-D—- C:Program FilesAdobe
2010-08-23 13:57:34 —-A—- C:WINDOWSgroupwar.ini
2010-08-12 15:51:38 —-HDC—- C:WINDOWS$NtUninstallKB2183461$
2010-08-12 15:51:16 —-HDC—- C:WINDOWS$NtUninstallKB982214$
2010-08-12 15:50:59 —-HDC—- C:WINDOWS$NtUninstallKB981852$
2010-08-12 15:50:12 —-HDC—- C:WINDOWS$NtUninstallKB2079403$
2010-08-12 11:08:07 —-HDC—- C:WINDOWS$NtUninstallKB2160329$
2010-08-12 11:02:30 —-HDC—- C:WINDOWS$NtUninstallKB980436$
2010-08-12 10:11:04 —-HDC—- C:WINDOWS$NtUninstallKB981997$
2010-08-12 10:08:26 —-HDC—- C:WINDOWS$NtUninstallKB982665$
2010-08-11 22:38:44 —-A—- C:WINDOWSUPGRADE.TXT

======List of files/folders modified in the last 1 months======

2010-09-04 18:10:27 —-D—- C:WINDOWSTemp
2010-09-04 18:10:27 —-D—- C:WINDOWSsystem32ias
2010-09-04 18:10:23 —-D—- C:WINDOWSsystem32CatRoot2
2010-09-04 18:06:19 —-AC—- C:WINDOWSntbtlog.txt
2010-09-04 17:59:35 —-D—- C:WINDOWS
2010-09-04 17:46:11 —-D—- C:WINDOWSsystem32drivers
2010-09-04 17:46:10 —-HD—- C:WINDOWSinf
2010-09-04 17:45:54 —-RD—- C:Program Files
2010-09-04 17:43:50 —-SHD—- C:WINDOWSInstaller
2010-09-04 17:43:50 —-HD—- C:Config.Msi
2010-09-04 17:43:49 —-D—- C:WINDOWSWinSxS
2010-09-04 17:38:49 —-SHD—- C:System Volume Information
2010-09-04 17:35:57 —-AD—- C:WINDOWSsystem32
2010-09-04 15:52:59 —-D—- C:WINDOWSsystem32driversetc
2010-09-04 15:16:30 —-D—- C:Program FilesCommon Files
2010-09-04 14:55:01 —-SD—- C:Documents and SettingsYulian KolesnikovApplication DataMicrosoft
2010-09-04 13:00:29 —-D—- C:Documents and SettingsYulian KolesnikovApplication Datavlc
2010-09-04 11:41:22 —-RASH—- C:boot.ini
2010-09-04 11:41:22 —-AC—- C:WINDOWSwin.ini
2010-09-04 11:41:22 —-AC—- C:WINDOWSsystem.ini
2010-09-04 09:55:20 —-D—- C:Temp
2010-09-03 11:38:03 —-D—- C:Documents and SettingsYulian KolesnikovApplication DatauTorrent
2010-08-29 11:10:04 —-A—- C:WINDOWSsystem32msvcsv60.dll
2010-08-27 20:39:00 —-SD—- C:WINDOWSTasks
2010-08-27 20:32:20 —-D—- C:Program FilesGuitar Pro 5
2010-08-27 20:28:37 —-RSD—- C:WINDOWSFonts
2010-08-27 19:42:18 —-D—- C:Documents and Settings
2010-08-27 09:58:20 —-D—- C:Documents and SettingsYulian KolesnikovApplication Data1C
2010-08-27 09:42:49 —-D—- C:WINDOWSsystem32CatRoot
2010-08-25 09:20:54 —-HD—- C:Program FilesInstallShield Installation Information
2010-08-24 10:32:16 —-D—- C:Program FilesCommon FilesAdobe
2010-08-24 10:32:11 —-D—- C:Documents and SettingsAll Users.WINDOWSApplication DataAdobe
2010-08-23 17:28:08 —-D—- C:Talk
2010-08-23 14:28:53 —-D—- C:WINDOWSsystem32NtmsData
2010-08-23 14:27:02 —-D—- C:WINDOWStwain_32
2010-08-23 14:26:05 —-D—- C:Program FilesHP
2010-08-23 14:02:32 —-D—- C:Program FilesGuitar Scales Method
2010-08-23 13:56:40 —-RSHDC—- C:WINDOWSsystem32dllcache
2010-08-23 11:36:35 —-RASHD—- C:Documents and SettingsAll Users.WINDOWSApplication DataTemp
2010-08-16 17:42:51 —-AC—- C:WINDOWSNeroDigital.ini
2010-08-12 15:51:28 —-A—- C:WINDOWSimsins.BAK
2010-08-12 15:51:15 —-HD—- C:WINDOWS$hf_mig$
2010-08-12 12:20:14 —-RSD—- C:WINDOWSassembly
2010-08-12 10:11:34 —-D—- C:Program FilesMovie Maker
2010-08-11 22:58:05 —-D—- C:Documents and SettingsYulian KolesnikovApplication DataAhead

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore3;hotcore3; C:WINDOWSsystem32drivershotcore3.sys [2007-04-13 38448]
R0 imagedrv;imagedrv; C:WINDOWSSystem32Driversimagedrv.sys [2008-01-22 11304]
R0 imagesrv;imagesrv; C:WINDOWSsystem32DRIVERSimagesrv.sys [2008-01-22 132904]
R0 PxHelp20;PxHelp20; C:WINDOWSSystem32DriversPxHelp20.sys [2008-08-20 44944]
R0 RecAgent;RecAgent; C:WINDOWSSystem32DRIVERSSLDRVRecAgent.sys [2005-05-10 14680]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:WINDOWSSystem32driverssfdrv01.sys [2005-03-03 48640]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:WINDOWSSystem32driverssfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:WINDOWSSystem32driverssfhlp02.sys [2006-06-14 13680]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:WINDOWSSystem32driverssfsync04.sys [2006-08-11 59776]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:WINDOWSSystem32driverssfvfs02.sys [2007-02-08 83320]
R0 snapman;Acronis Snapshots Manager; C:WINDOWSsystem32DRIVERSsnapman.sys [2010-03-16 114048]
R0 sptd;sptd; C:WINDOWSSystem32Driverssptd.sys [2009-05-16 717296]
R0 viaagp1;VIA AGP Filter; C:WINDOWSSystem32DRIVERSviaagp1.sys [2003-07-02 27904]
R1 avgio;avgio; ??C:Program FilesAviraAntiVir Desktopavgio.sys []
R1 avipbb;avipbb; C:WINDOWSsystem32DRIVERSavipbb.sys [2009-03-30 96104]
R1 InCDPass;Nero InCDPass; C:WINDOWSsystem32driversInCDPass.sys [2008-05-06 36648]
R1 incdrm;Nero InCD MRW Remapper; C:WINDOWSsystem32driversInCDRm.sys [2008-05-06 38312]
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2008-04-13 36352]
R1 PCLEPCI;PCLEPCI; ??C:WINDOWSSystem32driverspclepci.sys []
R1 ssmdrv;ssmdrv; C:WINDOWSsystem32DRIVERSssmdrv.sys [2009-05-11 28520]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:WINDOWSSystem32DRIVERStcpip6.sys [2010-02-11 226880]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:WINDOWSSystem32DriversUim_IM.sys [2007-04-13 131456]
R1 UimBus;Universal Image Mounter Controller; C:WINDOWSsystem32DRIVERSUimBus.sys [2007-04-13 32352]
R1 uzi0ntaz;AVZ-RK Kernel Driver; ??C:WINDOWSsystem32Driversuzi0ntaz.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2001-08-23 12032]
R2 avgntflt;avgntflt; C:WINDOWSsystem32DRIVERSavgntflt.sys [2009-11-25 56816]
R2 hardlock;hardlock; ??C:WINDOWSsystem32drivershardlock.sys []
R2 Haspnt;Haspnt; ??C:WINDOWSSystem32driversHaspnt.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2005-08-19 3644800]
R3 AR5211;Atheros Wireless Network Adapter Service; C:WINDOWSSystem32DRIVERSar5211.sys [2005-05-05 463168]
R3 CLEDX;Team H2O CLEDX service; C:WINDOWSsystem32DRIVERScledx.sys [2005-05-09 33792]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:WINDOWSSystem32DRIVERSfetnd5bv.sys [2005-08-08 43008]
R3 hidusb;Microsoft HID Class Driver; C:WINDOWSSystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM); C:WINDOWSsystem32DRIVERSmausb.sys [2008-03-11 143624]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 Mtlmnt5;Mtlmnt5; C:WINDOWSSystem32DRIVERSSLDRVMtlmnt5.sys [2005-05-10 237616]
R3 Slntamr;SmartLink AMR_PCI Driver; C:WINDOWSSystem32DRIVERSSLDRVslntamr.sys [2005-05-10 698848]
R3 SlWdmSup;SlWdmSup; C:WINDOWSSystem32DRIVERSSLDRVSlWdmSup.sys [2005-05-10 13248]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:WINDOWSSystem32DRIVERStunmp.sys [2008-04-13 12288]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:WINDOWSSystem32DRIVERSvtmini.sys [2005-09-29 238464]
R4 InCDfs;Nero InCD File System; C:WINDOWSsystem32driversInCDFs.sys [2008-05-06 118952]
S2 DgiVecp;Team MFP Comm Driver; C:WINDOWSSystem32DriversDgiVecp.sys [2001-03-05 40448]
S3 akshasp;Aladdin HASP Key; C:WINDOWSSystem32DRIVERSakshasp.sys [2006-11-22 327168]
S3 aksusb;Aladdin USB Key; C:WINDOWSSystem32DRIVERSaksusb.sys [2006-11-22 100096]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:WINDOWSSystem32DRIVERSfetnd5.sys [2001-08-17 27165]
S3 HPFXBULK;HPFXBULK; C:WINDOWSsystem32drivershpfxbulk.sys [2006-04-05 9344]
S3 ma763004;M-Audio MobilePre USB; C:WINDOWSsystem32driversMA763004.sys []
S3 Mtlstrm;Mtlstrm; C:WINDOWSSystem32DRIVERSSLDRVMtlstrm.sys [2005-06-21 1464912]
S3 SlNtHal;SlNtHal; C:WINDOWSSystem32DRIVERSSLDRVSlnthal.sys [2005-05-10 101328]
S3 Smport;Smport; ??C:Program FilesTVRSmport.sys []
S3 tmeter;TMeter Service; C:WINDOWSsystem32DRIVERStmeter.sys []
S3 tmeterMP;tmeterMP; C:WINDOWSsystem32DRIVERStmeter.sys []
S3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSSystem32DRIVERSusbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSSystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSSystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 VirtualFD;VirtualFD; ??c:DistributivesLingvo 10CRACKABBYY.Lingvo.10.Multilingual.serialvfdvfd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 AntiVirSchedulerService;Avira AntiVir Планировщик; C:Program FilesAviraAntiVir Desktopsched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:Program FilesAviraAntiVir Desktopavguard.exe [2009-07-21 185089]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
S1 InCDrec;Nero InCD File System Recognizer; C:WINDOWSsystem32driversInCDRec.sys [2008-05-06 16936]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2008-04-08 800040]
S4 gupdate1c9cb5ba7f43352;Служба Google Update (gupdate1c9cb5ba7f43352); C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-05-02 133104]
S4 InCDsrv;InCD Helper; C:Program FilesNeroNero 7InCDInCDsrv.exe [2008-05-06 1553192]
S4 NeroRegInCDSrv;Nero Registry InCD Service; C:Program FilesNeroNero 7InCDNBHRegInCDSrv.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
S4 NIHardwareService;NIHardwareService; C:Program FilesCommon FilesNative InstrumentsHardwareNIHardwareService.exe [2009-07-17 3576320]
S4 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2008-01-22 275752]
S4 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:WINDOWSSystem32IoctlSvc.exe [2006-12-19 81920]
S4 Printer Control;Printer Control; C:WINDOWSsystem32PrintCtrl.exe [2009-06-16 77824]
S4 ProtexisLicensing;ProtexisLicensing; C:WINDOWSsystem32PSIService.exe [2006-11-02 174656]
S4 SLService;SmartLinkService; C:WINDOWSsystem32slmdmsr.exe [2005-05-10 61440]

EOF

info.txt logfile of random’s system information tool 1.08 2010-09-04 17:19:22

======Uninstall list======

—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
—>C:Program FilesNeroNero 7\nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSNuNInst.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
—>C:WINDOWSUNNeroShowTime.exe /UNINSTALL
—>C:WINDOWSUNNeroVision.exe /UNINSTALL
—>C:WINDOWSUNRecode.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
µTorrent—>»C:Program FilesuTorrentuTorrent.exe» /UNINSTALL
ABBYY FineReader 8.0 Professional Edition—>MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
ABBYY Lingvo 10 Multilingual Dictionary—>MsiExec.exe /I{AA10000A-C75E-487C-88FC-37AA1AACFB60}
AC3Filter (remove only)—>C:Program FilesAC3Filteruninstall.exe
Acronis Disk Director Suite—>MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Addictive Drums—>C:WINDOWSunvise32.exe C:Program FilesAddictive Drumsuninstal.log
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashFlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashFlashUtil10h_Plugin.exe -maintain plugin
Adobe MPEG Encoder—>MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Reader 9.3 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A93000000001}
AmpliTube Fender—>C:Program FilesInstallShield Installation Information{B178BACA-880B-4D20-85F9-522F7F2DECBE}setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AmpliTube Jimi Hendrix—>C:Program FilesInstallShield Installation Information{66BA35B0-1911-47EF-B170-1DCFFDA362F1}setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AmpliTube Metal—>C:Program FilesInstallShield Installation Information{9EDEF5B1-B740-4DFF-AC16-E2428E1713E8}setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Antares Autotune VST RTAS TDM v5.08—>»C:Program FilesAntares Audio Technologiesunins000.exe»
ASIO4ALL—>C:Program FilesASIO4ALL v2uninstall.exe
Avanquest update—>»C:Program FilesInstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}Setup.exe» -runfromtemp -l0x0009 -removeonly
BS.Player FREE—>»C:Program FilesBSplayeruninstall.exe»
Cabinet—>C:Program FilesAudio Ease CabinetUninstall Cabinet.exe
CD Audio Reader Filter (remove only)—>»C:Program FilesCD Audio Reader Filteruninstall.exe»
City Guide 2.2—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{AA644D57-1863-4080-A57E-A3C403F2969C}setup.exe» -l0x9
dBpoweramp Music Converter—>»C:WINDOWSsystem32SpoonUninstall.exe» C:WINDOWSsystem32SpoonUninstall-dBpoweramp Music Converter.dat
DC-Bass Source 1.1.1—>»C:Program FilesDSP-worxDC-Bass SourceUninstall.exe»
DirectVobSub (remove only)—>»C:Program FilesDirectVobSubuninstall.exe»
DivX Codec—>C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Content Uploader—>C:Program FilesDivXDivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player—>C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player—>C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
Download Master version 5.7.3.1221—>»C:Program FilesDownload Masterunins000.exe»
EarMaster Pro 5—>»C:Program FilesEarMaster Pro 5unins000.exe»
Fast Track Pro—>C:Program FilesInstallShield Installation Information{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}setup.exe -runfromtemp -l0x0009 -removeonly
FLAC 1.2.1b (remove only)—>C:Program FilesFLACuninstall.exe
FLV Player—>»C:WINDOWSFLV Playeruninstall.exe» «/U:C:Program FilesFLV PlayerUninstalluninstall.xml»
foobar2000 v1.0.1—>»C:Program Filesfoobar2000uninstall.exe» _?=C:Program Filesfoobar2000
Foxit PDF Editor—>C:Program FilesFoxit PDF Editoruninstall.exe
Functional Ear Trainer v1.1—>MsiExec.exe /I{29C00AEB-D97A-4C91-80A0-B2AA910CE32C}
GOM Player—>»C:Program FilesGomPlayerUninstall.exe»
Google Chrome—>»C:Program FilesGoogleChromeApplication5.0.375.126Installersetup.exe» —uninstall —system-level
Google Update Helper—>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GSM 1.1.4.2—>»C:Program FilesGuitar Scales Methoduninstunins000.exe»
Guitar Pro 5.2—>»C:Program FilesGuitar Pro 5unins000.exe»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
Hotfix for Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Hotfix for Windows XP (KB961118)—>»C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe»
Hotfix for Windows XP (KB970653-v3)—>»C:WINDOWS$NtUninstallKB970653-v3$spuninstspuninst.exe»
Hotfix for Windows XP (KB979306)—>»C:WINDOWS$NtUninstallKB979306$spuninstspuninst.exe»
Hotfix for Windows XP (KB981793)—>»C:WINDOWS$NtUninstallKB981793$spuninstspuninst.exe»
InterVideo WinDVD—>»C:Program FilesInstallShield Installation Information{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}setup.exe» REMOVEALL
K-Lite Codec Pack 2.49 Full—>»C:Program FilesK-Lite Codec Packunins000.exe»
Lizardtech DjVu Control—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{105CFC7C-6992-11D5-BD9D-000102C10FD8}Setup.exe» -l0x9
Microsoft .NET Framework 1.1 Russian Language Pack—>MsiExec.exe /X{2BB372D9-52B4-410A-BC1A-FEAB63181EEF}
Microsoft .NET Framework 1.1 Security Update (KB979906)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM979906M979906Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{34AB2437-1B34-3E2D-9DE8-3E2D35335B3F}
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack — RUS—>MsiExec.exe /I{CFF15B94-E062-3701-869A-4CDF4590461E}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack — rus—>MsiExec.exe /I{95E44F11-19F0-39EA-A894-792E054AA1CF}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Project Standard 2002—>MsiExec.exe /I{913A0419-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 — x86 9.0.30729.4148—>MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)—>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MuzLand Tuner—>C:Program FilesMuzLand TunerUninstal.exe
Native Instruments Controller Editor—>»C:Documents and SettingsAll Users.WINDOWSApplication Data{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}Controller Editor Setup.exe» REMOVE=TRUE MODIFY=FALSE
Native Instruments Controller Editor—>C:Documents and SettingsAll Users.WINDOWSApplication Data{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}Controller Editor Setup.exe
Native Instruments Guitar Rig 3—>C:PROGRA~1NATIVE~1GUITAR~3UNWISE.EXE C:PROGRA~1NATIVE~1GUITAR~3INSTALL.LOG
Native Instruments GuitarRig Mobile IO Driver—>»C:Documents and SettingsAll Users.WINDOWSApplication Data{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}GuitarRig Mobile IO Driver Setup.exe» REMOVE=TRUE MODIFY=FALSE
Native Instruments GuitarRig Mobile IO Driver—>C:Documents and SettingsAll Users.WINDOWSApplication Data{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}GuitarRig Mobile IO Driver Setup.exe
Native Instruments Service Center—>»C:Documents and SettingsAll Users.WINDOWSApplication Data{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}Service Center Setup.exe» REMOVE=TRUE MODIFY=FALSE
Native Instruments Service Center—>C:Documents and SettingsAll Users.WINDOWSApplication Data{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}Service Center Setup.exe
Native Instruments Session IO Driver—>»C:Documents and SettingsAll Users.WINDOWSApplication Data{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}Session IO Driver Setup.exe» REMOVE=TRUE MODIFY=FALSE
Native Instruments Session IO Driver—>C:Documents and SettingsAll Users.WINDOWSApplication Data{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}Session IO Driver Setup.exe
Nero 7 Premium—>MsiExec.exe /X{98EFD8F0-08DE-48DB-B922-A2EBAB711049}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus—>C:Program FilesNortonInstaller{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAVA5E82D0217.7.0.12InstStub.exe /X
OpenSource DTS/AC3/DD+ Source Filter (remove only)—>»C:Program FilesOpenSource DTSAC3DD+ Source Filteruninstall.exe»
OpenSource Flash Video Splitter (remove only)—>»C:Program FilesOpenSource Flash Video Splitteruninstall.exe»
Paragon Hard Disk Manager 8.5 Professional—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{A415C47C-B1E1-4281-85C7-3E8AE2AAA03A}Setup.exe» -l0x9
Phaser 3120—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{085895C1-D691-4AB9-B72F-D380623127AD}Setup.exe»
Power Tab Editor 1.7—>MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Realtek AC’97 Audio—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe» -l0x9 -removeonly
Registry Repair Pro—>»C:Program FilesRegistry Repair Prounins000.exe»
ReValver Mk II—>»C:Program FilesReValver Mk IIunins000.exe»
Right PDF Printer 3.0 Pro—>»C:Program FilesRight PDF Printerunins000.exe»
R-Studio 4.5—>C:Program FilesR-StudioUninstall.exe
Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB954155)—>»C:WINDOWS$NtUninstallKB954155_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB968816)—>»C:WINDOWS$NtUninstallKB968816_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9L$spuninstspuninst.exe»
Security Update for Windows Media Player (KB978695)—>»C:WINDOWS$NtUninstallKB978695_WM9$spuninstspuninst.exe»
Security Update for Windows XP (KB2079403)—>»C:WINDOWS$NtUninstallKB2079403$spuninstspuninst.exe»
Security Update for Windows XP (KB2160329)—>»C:WINDOWS$NtUninstallKB2160329$spuninstspuninst.exe»
Security Update for Windows XP (KB2183461)—>»C:WINDOWS$NtUninstallKB2183461$spuninstspuninst.exe»
Security Update for Windows XP (KB2229593)—>»C:WINDOWS$NtUninstallKB2229593$spuninstspuninst.exe»
Security Update for Windows XP (KB2286198)—>»C:WINDOWS$NtUninstallKB2286198$spuninstspuninst.exe»
Security Update for Windows XP (KB904706)—>»C:WINDOWS$NtUninstallKB904706$spuninstspuninst.exe»
Security Update for Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Security Update for Windows XP (KB938464-v2)—>»C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Security Update for Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Security Update for Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Security Update for Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Security Update for Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Security Update for Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Security Update for Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Security Update for Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Security Update for Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Security Update for Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Security Update for Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Security Update for Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Security Update for Windows XP (KB956744)—>»C:WINDOWS$NtUninstallKB956744$spuninstspuninst.exe»
Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Security Update for Windows XP (KB956844)—>»C:WINDOWS$NtUninstallKB956844$spuninstspuninst.exe»
Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Security Update for Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Security Update for Windows XP (KB958690)—>»C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe»
Security Update for Windows XP (KB958869)—>»C:WINDOWS$NtUninstallKB958869$spuninstspuninst.exe»
Security Update for Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Security Update for Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Security Update for Windows XP (KB960715)—>»C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe»
Security Update for Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Security Update for Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
Security Update for Windows XP (KB961371)—>»C:WINDOWS$NtUninstallKB961371$spuninstspuninst.exe»
Security Update for Windows XP (KB961371-v2)—>»C:WINDOWS$NtUninstallKB961371-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB961373)—>»C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe»
Security Update for Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Security Update for Windows XP (KB963027)—>»C:WINDOWS$NtUninstallKB963027$spuninstspuninst.exe»
Security Update for Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Security Update for Windows XP (KB969059)—>»C:WINDOWS$NtUninstallKB969059$spuninstspuninst.exe»
Security Update for Windows XP (KB969898)—>»C:WINDOWS$NtUninstallKB969898$spuninstspuninst.exe»
Security Update for Windows XP (KB969947)—>»C:WINDOWS$NtUninstallKB969947$spuninstspuninst.exe»
Security Update for Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
Security Update for Windows XP (KB970430)—>»C:WINDOWS$NtUninstallKB970430$spuninstspuninst.exe»
Security Update for Windows XP (KB971468)—>»C:WINDOWS$NtUninstallKB971468$spuninstspuninst.exe»
Security Update for Windows XP (KB971557)—>»C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe»
Security Update for Windows XP (KB971633)—>»C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe»
Security Update for Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
Security Update for Windows XP (KB971961)—>»C:WINDOWS$NtUninstallKB971961$spuninstspuninst.exe»
Security Update for Windows XP (KB972260)—>»C:WINDOWS$NtUninstallKB972260$spuninstspuninst.exe»
Security Update for Windows XP (KB972270)—>»C:WINDOWS$NtUninstallKB972270$spuninstspuninst.exe»
Security Update for Windows XP (KB973346)—>»C:WINDOWS$NtUninstallKB973346$spuninstspuninst.exe»
Security Update for Windows XP (KB973354)—>»C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe»
Security Update for Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
Security Update for Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
Security Update for Windows XP (KB973904)—>»C:WINDOWS$NtUninstallKB973904$spuninstspuninst.exe»
Security Update for Windows XP (KB974112)—>»C:WINDOWS$NtUninstallKB974112$spuninstspuninst.exe»
Security Update for Windows XP (KB974318)—>»C:WINDOWS$NtUninstallKB974318$spuninstspuninst.exe»
Security Update for Windows XP (KB974392)—>»C:WINDOWS$NtUninstallKB974392$spuninstspuninst.exe»
Security Update for Windows XP (KB974571)—>»C:WINDOWS$NtUninstallKB974571$spuninstspuninst.exe»
Security Update for Windows XP (KB975025)—>»C:WINDOWS$NtUninstallKB975025$spuninstspuninst.exe»
Security Update for Windows XP (KB975467)—>»C:WINDOWS$NtUninstallKB975467$spuninstspuninst.exe»
Security Update for Windows XP (KB975560)—>»C:WINDOWS$NtUninstallKB975560$spuninstspuninst.exe»
Security Update for Windows XP (KB975561)—>»C:WINDOWS$NtUninstallKB975561$spuninstspuninst.exe»
Security Update for Windows XP (KB975562)—>»C:WINDOWS$NtUninstallKB975562$spuninstspuninst.exe»
Security Update for Windows XP (KB975713)—>»C:WINDOWS$NtUninstallKB975713$spuninstspuninst.exe»
Security Update for Windows XP (KB977165)—>»C:WINDOWS$NtUninstallKB977165$spuninstspuninst.exe»
Security Update for Windows XP (KB977816)—>»C:WINDOWS$NtUninstallKB977816$spuninstspuninst.exe»
Security Update for Windows XP (KB977914)—>»C:WINDOWS$NtUninstallKB977914$spuninstspuninst.exe»
Security Update for Windows XP (KB978037)—>»C:WINDOWS$NtUninstallKB978037$spuninstspuninst.exe»
Security Update for Windows XP (KB978251)—>»C:WINDOWS$NtUninstallKB978251$spuninstspuninst.exe»
Security Update for Windows XP (KB978262)—>»C:WINDOWS$NtUninstallKB978262$spuninstspuninst.exe»
Security Update for Windows XP (KB978338)—>»C:WINDOWS$NtUninstallKB978338$spuninstspuninst.exe»
Security Update for Windows XP (KB978542)—>»C:WINDOWS$NtUninstallKB978542$spuninstspuninst.exe»
Security Update for Windows XP (KB978601)—>»C:WINDOWS$NtUninstallKB978601$spuninstspuninst.exe»
Security Update for Windows XP (KB978706)—>»C:WINDOWS$NtUninstallKB978706$spuninstspuninst.exe»
Security Update for Windows XP (KB979309)—>»C:WINDOWS$NtUninstallKB979309$spuninstspuninst.exe»
Security Update for Windows XP (KB979482)—>»C:WINDOWS$NtUninstallKB979482$spuninstspuninst.exe»
Security Update for Windows XP (KB979559)—>»C:WINDOWS$NtUninstallKB979559$spuninstspuninst.exe»
Security Update for Windows XP (KB979683)—>»C:WINDOWS$NtUninstallKB979683$spuninstspuninst.exe»
Security Update for Windows XP (KB980195)—>»C:WINDOWS$NtUninstallKB980195$spuninstspuninst.exe»
Security Update for Windows XP (KB980218)—>»C:WINDOWS$NtUninstallKB980218$spuninstspuninst.exe»
Security Update for Windows XP (KB980232)—>»C:WINDOWS$NtUninstallKB980232$spuninstspuninst.exe»
Security Update for Windows XP (KB980436)—>»C:WINDOWS$NtUninstallKB980436$spuninstspuninst.exe»
Security Update for Windows XP (KB981349)—>»C:WINDOWS$NtUninstallKB981349$spuninstspuninst.exe»
Security Update for Windows XP (KB981852)—>»C:WINDOWS$NtUninstallKB981852$spuninstspuninst.exe»
Security Update for Windows XP (KB981997)—>»C:WINDOWS$NtUninstallKB981997$spuninstspuninst.exe»
Security Update for Windows XP (KB982214)—>»C:WINDOWS$NtUninstallKB982214$spuninstspuninst.exe»
Security Update for Windows XP (KB982381)—>»C:WINDOWS$NtUninstallKB982381$spuninstspuninst.exe»
Security Update for Windows XP (KB982665)—>»C:WINDOWS$NtUninstallKB982665$spuninstspuninst.exe»
SE-MediaPlayer 1.6.2.62—>»C:Program FilesSE-MediaPlayerunins000.exe»
Skype™ 4.1—>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Smart Link 56K Voice Modem—>C:WINDOWSModioSLAMR2KVSetup.exe /Remove
Spelling Dictionaries Support For Adobe Reader 8—>MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Steinberg Cubase SX v3.1.1.944—>C:PROGRA~1STEINB~1CUBASE~1UNWISE.EXE C:PROGRA~1STEINB~1CUBASE~1INSTALL.LOG
SyncroSoft Emu (Remove only)—>C:Program FilesSyncroSoftPosH2OUninst.exe
Syncrosoft’s License Control—>C:PROGRA~1SYNCRO~1UNWISE.EXE C:PROGRA~1SYNCRO~1INSTALL.LOG
TabAlbum 2.2—>C:Program FilesTabAlbum 2.2uninstall.exe
TC Native Essentials 2.02—>C:PROGRA~1TCWorksTCNativeEssentials202UninstallTCEssentials.exe C:PROGRA~1TCWorksTCNativeEssentials202INSTALL.LOG
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
Update for Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Update for Windows XP (KB955759)—>»C:WINDOWS$NtUninstallKB955759$spuninstspuninst.exe»
Update for Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Update for Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
Update for Windows XP (KB968389)—>»C:WINDOWS$NtUninstallKB968389$spuninstspuninst.exe»
Update for Windows XP (KB971737)—>»C:WINDOWS$NtUninstallKB971737$spuninstspuninst.exe»
Update for Windows XP (KB973687)—>»C:WINDOWS$NtUninstallKB973687$spuninstspuninst.exe»
Update for Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
Update for Windows XP (KB978207)—>»C:WINDOWS$NtUninstallKB978207$spuninstspuninst.exe»
Update for Windows XP (KB980182)—>»C:WINDOWS$NtUninstallKB980182$spuninstspuninst.exe»
VIA Platform Device Manager—>C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter—>Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver—>C:PROGRA~1S3UChromePs3minset.exe /u UChromeP.uns
VLC media player 1.1.1—>C:Program FilesVideoLANVLCuninstall.exe
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
WinRAR archiver—>C:Program FilesWinRARuninstall.exe
XML Paper Specification Shared Components Language Pack 1.0—>»C:WINDOWS$NtUninstallXPSEPSCLP$spuninstspuninst.exe»
Длинные нарды 2.0—>»C:Program FilesMuzLand TunerUninstal.exe»
Печать НД с PDF417 3.0.6—>MsiExec.exe /I{51F4A8FE-BEFC-4C9F-9422-5D760B43ED41}
Профессиональный выпуск Microsoft Office 2000—>MsiExec.exe /I{00010419-78E1-11D2-B60F-006097C998E7}
Языковой пакет Microsoft .NET Framework 3.5 — RUS—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 Language Pack — russetup.exe

======Security center information======

AV: Norton AntiVirus (disabled)

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem
«windir»=%SystemRoot%
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 13 Stepping 8, GenuineIntel
«PROCESSOR_REVISION»=0d08
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«FP_NO_HOST_CHECK»=NO

EOF
4 сентября, 2010 в 4:11 пп #31321
Admin
Keymaster
- Темы:40
- Сообщений:5676
Здравствуйте, добро пожаловать на Spyware-ru форум.

Выполним дополнительную проверку.
Скачайте программу Combofix. Если вы уже скачивали эту программу, то удалите её и скачайте свежую копию.
Закройте все открытые окна и запустите эту программу.
4 сентября, 2010 в 6:38 пп #31322
icav
Participant
- Темы:1
- Сообщений:4
не без труда, но всё же проверился комбофиксом.
(интересно, что даже при отключенной авире, она выдает, что, де, «есть таки что-то на твоём компе, друг».. работает как партизан-невидимо и неслышимо)

помогите, пожлста, разобрать лог.

под «Other Deletions» 7 путей, это что виры?

и да, в заглавии темы трояны, которые нашли авира и нортон, но забыл написать, они находятся на съёмном внешнем винте H, а в логе только С…

ComboFix 10-09-03.02 — Yulian Kolesnikov 04.09.2010 22:08:05.1.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.447.171 [GMT 4:00]
Running from: c:documents and settingsYulian KolesnikovDesktopComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:autorun.inf
c:documents and settingsAll Users.WINDOWSApplication Data1pdfdec.dll
C:Thumbs.db
c:windowssystem32gxvxccounter
c:windowssystem32gxvxcniluucwnoemktsmxbqoltsnompulkrwa.dll
c:windowssystem32msvcsv60.dll
c:windowssystem32Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-09-04 13:45 . 2009-03-30 05:33 96104 —-a-w- c:windowssystem32driversavipbb.sys
2010-09-04 13:45 . 2009-02-13 07:29 22360 —-a-w- c:windowssystem32driversavgntmgr.sys
2010-09-04 13:45 . 2009-02-13 07:17 45416 —-a-w- c:windowssystem32driversavgntdd.sys
2010-09-04 13:45 . 2010-09-04 13:45

d

w- c:program filesAvira
2010-09-04 13:45 . 2010-09-04 13:45

d

w- c:documents and settingsAll Users.WINDOWSApplication DataAvira
2010-09-04 13:18 . 2010-09-04 14:20

d

w- c:program filestrend micro
2010-09-04 13:18 . 2010-09-04 13:19

d

w- C:rsit
2010-09-04 12:29 . 2010-09-04 12:29

d

w- c:documents and settingsYulian KolesnikovLocal SettingsApplication DataSymantec
2010-09-04 12:25 . 2010-09-04 12:25 11264 —-a-w- c:windowssystem32driversuzi0ntaz.sys
2010-09-04 11:13 . 2010-09-04 11:13

d

w- c:program filesWindows Sidebar
2010-09-04 11:13 . 2010-09-04 13:38

d

w- c:documents and settingsAll Users.WINDOWSApplication DataNorton
2010-09-04 11:12 . 2010-09-04 11:57

d

w- c:documents and settingsAll Users.WINDOWSApplication DataNortonInstaller
2010-09-04 10:54 . 2010-09-04 10:54

d

w- c:documents and settingsYulian KolesnikovApplication DataThinstall
2010-09-04 05:55 . 2010-09-04 05:55 63479 —-a-w- c:tempИнтервалы.zip
2010-09-04 05:30 . 2010-09-04 05:30

d

w- c:documents and settingsYulian KolesnikovApplication DataInstaller
2010-08-29 19:36 . 2010-08-29 19:36

d

w- c:program filesofftimer
2010-08-27 15:42 . 2010-08-27 15:42

d

w- c:documents and settingsDefault User
2010-08-24 14:19 . 2010-08-25 06:05

d

w- c:documents and settingsYulian KolesnikovDoctorWeb
2010-08-24 13:48 . 2010-08-24 13:50

d

w- c:documents and settingsYulian KolesnikovApplication DataDownload Master
2010-08-24 13:48 . 2007-12-18 10:56 1412608 —-a-w- c:documents and settingsYulian KolesnikovApplication DataDownload Mastertempskin.dll
2010-08-24 13:48 . 2010-08-24 14:16

d

w- c:program filesDownload Master
2010-08-24 06:57 . 2010-08-24 06:57

d

w- c:tempУскорение компьютера_files
2010-08-24 06:57 . 2010-08-24 06:57

d

w- c:tempтуризм
2010-08-24 06:57 . 2010-08-24 06:57

d

w- c:tempЛит-ра
2010-08-24 06:57 . 2010-08-24 06:57

d

w- c:tempЛечебная гимнастика (физкультура) при грудном остеохондрозе._files
2010-08-24 06:53 . 2010-08-24 06:57

d

w- c:tempВУЗъ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 17:32 . 2009-05-11 07:44

d

w- c:documents and settingsYulian KolesnikovApplication DatauTorrent
2010-09-04 09:00 . 2010-07-24 08:30

d

w- c:documents and settingsYulian KolesnikovApplication Datavlc
2010-08-29 07:10 . 2009-04-17 12:03 48 —-a-w- c:windowsmsocreg32.dat
2010-08-27 16:32 . 2008-08-21 17:04

d

w- c:program filesGuitar Pro 5
2010-08-27 05:58 . 2007-11-20 12:46

d

w- c:documents and settingsYulian KolesnikovApplication Data1C
2010-08-25 05:20 . 2006-10-07 16:36

d—h—w- c:program filesInstallShield Installation Information
2010-08-24 06:32 . 2007-11-28 14:28

d

w- c:program filesCommon FilesAdobe
2010-08-23 10:26 . 2010-07-26 08:48

d

w- c:program filesHP
2010-08-23 10:03 . 2007-11-21 12:31 124096 -c—a-w- c:documents and settingsYulian KolesnikovLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-08-23 10:02 . 2009-12-17 14:11

d

w- c:program filesGuitar Scales Method
2010-08-23 07:36 . 2009-02-01 20:26

d-sha-r- c:documents and settingsAll Users.WINDOWSApplication DataTemp
2010-08-11 18:58 . 2009-01-27 21:20

d

w- c:documents and settingsYulian KolesnikovApplication DataAhead
2010-08-03 20:10 . 2009-12-13 20:39

d

w- c:documents and settingsYulian KolesnikovApplication DataSkype
2010-08-03 20:09 . 2009-12-13 20:42

d

w- c:documents and settingsYulian KolesnikovApplication DataskypePM
2010-07-29 18:39 . 2010-07-25 08:34

d

w- c:documents and settingsAll Users.WINDOWSApplication Datafirebird
2010-07-26 08:49 . 2010-07-26 08:49

d

w- c:program filesCommon FilesHewlett-Packard
2010-07-24 08:25 . 2009-07-04 20:10

d

w- c:documents and settingsYulian KolesnikovApplication Datadvdcss
2010-06-30 12:31 . 2009-05-10 09:27 149504 —-a-w- c:windowssystem32schannel.dll
2010-06-24 12:10 . 2009-06-07 06:25 81920 —-a-w- c:windowssystem32ieencode.dll
2010-06-24 12:10 . 2006-06-23 08:33 667136 —-a-w- c:windowssystem32wininet.dll
2010-06-23 13:44 . 2009-05-10 09:27 1851904 —-a-w- c:windowssystem32win32k.sys
2010-06-21 15:27 . 2009-05-10 09:27 354304 —-a-w- c:windowssystem32driverssrv.sys
2010-06-17 14:03 . 2001-08-22 21:00 80384 —-a-w- c:windowssystem32iccvid.dll
2010-06-14 14:31 . 2007-11-20 12:19 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
2010-06-14 07:41 . 2007-11-29 17:29 1172480 —-a-w- c:windowssystem32msxml3.dll
2009-06-04 17:21 . 2009-06-04 17:13 88 —sh—r- c:windowssystem32AE63DBAF41.sys
2009-06-04 17:25 . 2009-06-04 17:13 952 —sha-w- c:windowssystem32KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360]

[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:windowspssHP Digital Imaging Monitor.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:windowspssMicrosoft Office.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Порт Symantec Fax Starter Edition.lnk]
backup=c:windowspssПорт Symantec Fax Starter Edition.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Средство управления клиента межсетевого экрана Microsoft.lnk]
backup=c:windowspssСредство управления клиента межсетевого экрана Microsoft.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Punto Switcher.lnk]
backup=c:windowspssPunto Switcher.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Registration Myst V]
backup=c:windowspssRegistration Myst VStartup

[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
path=c:documents and settingsYulian KolesnikovStart MenuProgramsStartupRegistry Repair Pro.lnk
backup=c:windowspssRegistry Repair Pro.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:documents and settingsYulian KolesnikovStart MenuProgramsStartupScheduler.lnk
backup=c:windowspssScheduler.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^UserGate Agent.lnk]
backup=c:windowspssUserGate Agent.lnkStartup
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdVantage
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcoholAutomount
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregegui
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEPSON Stylus C62 Series
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGW Port Controller
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregICQ Lite

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]
c:windowssystem32dumprep 0 -k [X]
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPinnacleDriverCheck
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregToolBoxFX
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrafMonitor
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrickler

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
2009-12-11 11:57 948672 —-a-r- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2009-12-21 21:57 35760 —-a-w- c:program filesAdobeReader 9.3Readerreader_sl.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregavgnt]
2009-03-02 08:08 209153 —-a-w- c:program filesAviraAntiVir Desktopavgnt.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 08:13 152872 —-a-w- c:program filesCommon FilesAheadLibNMBgMonitor.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
2008-04-14 00:12 15360 —-a-w- c:windowssystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
2010-07-27 10:05 3803968 —-a-w- c:program filesDownload Masterdmaster.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH2O]
2005-10-22 20:00 385024 —-a-w- c:program filesSyncrosoftPOSH2Ocledx.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInCD]
2008-05-06 08:55 1057064 —-a-w- c:program filesNeroNero 7InCDInCD.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
2004-10-09 16:17 110592 -c—a-w- c:program filesABBYY Lingvo 10 Multilingual DictionaryLvAgent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvoTraining]
2004-10-09 16:23 1159168 -c—a-w- c:program filesABBYY Lingvo 10 Multilingual DictionaryTutor.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregM-Audio Taskbar Icon]
2008-05-15 13:45 356864 —-a-w- c:windowssystem32M-AudioTaskBarIcon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 00:12 1695232 —-a-w- c:program filesMessengermsmsgs.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2008-05-28 05:27 570664 —-a-w- c:program filesCommon FilesAheadLibNeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOSSelectorReinstall]
2007-03-26 12:31 2227256 —-a-w- c:program filesCommon FilesAcronisAcronis Disk Directoross_reinstall.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPrintDisp]
2009-08-21 07:36 878080 —-a-w- c:windowssystem32PrintDisp.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSecurDisc]
2008-05-06 08:55 1629480 —-a-w- c:program filesNeroNero 7InCDNBHGui.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
2009-10-09 10:11 25623336 —-a-r- c:program filesSkypePhoneSkype.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
2005-08-17 15:39 90112 -c—a-w- c:windowsSOUNDMAN.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2009-10-11 01:17 149280 —-a-w- c:program filesJavajre6binjusched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsystemsrvload]
2004-08-18 12:00 14336 -c—a-w- c:recoverWINDOWSsystem32svchost.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreguTorrent]
2010-06-08 19:59 322352 —-a-w- c:program filesuTorrentuTorrent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVTTimer]
2005-03-08 00:33 53248 -c—a-w- c:windowssystem32VTTimer.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«WmdmPmSp»=2 (0x2)
«W32Time»=2 (0x2)
«Themes»=2 (0x2)
«Schedule»=2 (0x2)
«RemoteRegistry»=2 (0x2)
«Messenger»=2 (0x2)
«helpsvc»=2 (0x2)
«Eventlog»=2 (0x2)
«SLService»=2 (0x2)
«ProtexisLicensing»=2 (0x2)
«Printer Control»=2 (0x2)
«PLFlash DeviceIoControl Service»=2 (0x2)
«NMIndexingService»=3 (0x3)
«NIHardwareService»=2 (0x2)
«NeroRegInCDSrv»=2 (0x2)
«JavaQuickStarterService»=2 (0x2)
«InCDsrv»=2 (0x2)
«gupdate1c9cb5ba7f43352″=2 (0x2)
«Adobe LM Service»=3 (0x3)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Foxit PDF Editor\PDFEdit.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«1723:TCP»= 1723:TCP:@xpsp2res.dll,-22015
«1701:UDP»= 1701:UDP:@xpsp2res.dll,-22016
«500:UDP»= 500:UDP:@xpsp2res.dll,-22017
«1032:TCP»= 1032:TCP:Akamai NetSession Interface
«5000:UDP»= 5000:UDP:Akamai NetSession Interface

R0 hotcore3;hotcore3;c:windowssystem32drivershotcore3.sys [16.03.2010 15:17 38448]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 16:46 63352]
R1 uzi0ntaz;AVZ-RK Kernel Driver;c:windowssystem32driversuzi0ntaz.sys [04.09.2010 16:25 11264]
R2 AntiVirSchedulerService;Avira AntiVir Планировщик;c:program filesAviraAntiVir Desktopsched.exe [04.09.2010 17:45 108289]
R3 CLEDX;Team H2O CLEDX service;c:windowssystem32driverscledx.sys [17.04.2009 14:52 33792]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:windowssystem32driversmausb.sys [19.09.2009 14:47 143624]
S3 Smport;Smport;??c:program filesTVRSmport.sys —> c:program filesTVRSmport.sys [?]
S3 tmeter;TMeter Service;c:windowssystem32DRIVERStmeter.sys —> c:windowssystem32DRIVERStmeter.sys [?]
S3 tmeterMP;tmeterMP;c:windowssystem32DRIVERStmeter.sys —> c:windowssystem32DRIVERStmeter.sys [?]
S4 gupdate1c9cb5ba7f43352;Служба Google Update (gupdate1c9cb5ba7f43352);c:program filesGoogleUpdateGoogleUpdate.exe [02.05.2009 23:24 133104]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:program filesNeroNero 7InCDNBHRegInCDSrv.exe —> c:program filesNeroNero 7InCDNBHRegInCDSrv.exe [?]
S4 NIHardwareService;NIHardwareService;c:program filesCommon FilesNative InstrumentsHardwareNIHardwareService.exe [17.07.2009 17:32 3576320]
S4 Printer Control;Printer Control;c:windowssystem32PrintCtrl.exe [01.04.2010 14:55 77824]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [16.05.2009 22:37 717296]
.
Contents of the ‘Scheduled Tasks’ folder

2009-09-11 c:windowsTasks$~$Sys0$.job
— c:windowsSystem32SchedSvc.dll [2008-01-10 00:12]

2010-03-18 c:windowsTasksGoogleUpdateTaskMachineCore1cac6c579f57c8e.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-02 19:24]
.
.

Supplementary Scan

.
uStart Page = about:blank
IE: Translate with Lingvo — c:program filesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
Trusted Zone: pornostream.ru
Trusted Zone: vkontakte.ru
TCP: {C0742B27-1F65-4671-9A9F-21FF0AC60C98} = 192.168.1.1
DPF: DirectAnimation Java Classes — file://c:windowsJavaclassesdajava.cab
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
.
— — — — ORPHANS REMOVED — — — —

MSConfigStartUp-HPUsageTracking — c:program filesHPHP UTbinhppusg.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 22:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84F838B8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf7506f28
DriverACPI -> ACPI.sys @ 0xf7459cb8
Driveratapi -> 0x84f838b8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
DeviceHarddisk0DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Atheros AR5005G Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf72afbd4
PacketIndicateHandler -> NDIS.sys @ 0xf729da0d
SendHandler -> NDIS.sys @ 0xf72b1b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.**v*R%OpenWithList]
@Class=»Shell»
«a»=»LA.exe»
«MRUList»=»a»

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.**v*R%OpenWithProgids]
«v-_auto_file»=hex(0):

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*c*/,%]
@Class=»Shell»

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*c*/,%OpenWithList]
@Class=»Shell»

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*$%4*j*]
@Class=»Shell»

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*$%4*j*OpenWithList]
@Class=»Shell»

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=»FlashBroker»
«LocalizedString»=»@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe,-101»

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]
«Enabled»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]
@=»c:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe»

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker4″

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0»
.

Other Running Processes

.
c:program filesAviraAntiVir Desktopavguard.exe
c:windowssystem32wdfmgr.exe
.
**************************************************************************
.
Completion time: 2010-09-04 22:29:41 — machine was rebooted
ComboFix-quarantined-files.txt 2010-09-04 18:29

Pre-Run: 23 312 338 944 bytes free
Post-Run: 23 249 235 968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
UnsupportedDebug=»do not select this» /debug
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional» /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
— — End Of File — — 9ACD3C8D59DF8F08DFC9E1F38C9C0A7E
6 сентября, 2010 в 5:05 пп #31323
Admin
Keymaster
- Темы:40
- Сообщений:5676
они находятся на съёмном внешнем винте H

Подключите этот диск, после чего выполните следующии шаги:

Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
```
Registry::

[-HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsystemsrvload]



File::

c:windowsTasks$~$Sys0$.job



RegLock::

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
```
Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
7 сентября, 2010 в 8:12 дп #31324
icav
Participant
- Темы:1
- Сообщений:4
ComboFix 10-09-06.03 — Yulian Kolesnikov 07.09.2010 11:53:44.5.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.447.243 [GMT 4:00]
Running from: c:documents and settingsYulian KolesnikovDesktopComboFix.exe
Command switches used :: c:documents and settingsYulian KolesnikovDesktopCFScript.txt

FILE ::
«c:windowsTasks$~$Sys0$.job»
.

((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.

2010-09-07 06:24 . 2010-09-07 06:25

d

w- C:rsit
2010-09-07 05:42 . 2010-09-07 05:42 3839253 —-a-w- c:program filesComboFix.exe
2010-09-06 05:54 . 2010-09-06 05:54

d

w- c:tempпо
2010-09-06 05:54 . 2010-09-06 05:54

d

w- C:Temp
2010-09-04 13:18 . 2010-09-07 06:24

d

w- c:program filestrend micro
2010-09-04 12:29 . 2010-09-04 12:29

d

w- c:documents and settingsYulian KolesnikovLocal SettingsApplication DataSymantec
2010-09-04 12:25 . 2010-09-04 12:25 11264 —-a-w- c:windowssystem32driversuzi0ntaz.sys
2010-09-04 11:13 . 2010-09-04 11:13

d

w- c:program filesWindows Sidebar
2010-09-04 11:13 . 2010-09-04 13:38

d

w- c:documents and settingsAll Users.WINDOWSApplication DataNorton
2010-09-04 11:12 . 2010-09-04 11:57

d

w- c:documents and settingsAll Users.WINDOWSApplication DataNortonInstaller
2010-09-04 10:54 . 2010-09-04 10:54

d

w- c:documents and settingsYulian KolesnikovApplication DataThinstall
2010-09-04 05:30 . 2010-09-04 05:30

d

w- c:documents and settingsYulian KolesnikovApplication DataInstaller
2010-08-29 19:36 . 2010-08-29 19:36

d

w- c:program filesofftimer
2010-08-27 15:42 . 2010-08-27 15:42

d

w- c:documents and settingsDefault User
2010-08-24 14:19 . 2010-08-25 06:05

d

w- c:documents and settingsYulian KolesnikovDoctorWeb
2010-08-24 13:48 . 2010-08-24 13:50

d

w- c:documents and settingsYulian KolesnikovApplication DataDownload Master
2010-08-24 13:48 . 2007-12-18 10:56 1412608 —-a-w- c:documents and settingsYulian KolesnikovApplication DataDownload Mastertempskin.dll
2010-08-24 13:48 . 2010-08-24 14:16

d

w- c:program filesDownload Master

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 05:34 . 2008-08-21 17:04

d

w- c:program filesGuitar Pro 5
2010-09-05 05:14 . 2009-05-11 07:44

d

w- c:documents and settingsYulian KolesnikovApplication DatauTorrent
2010-09-04 09:00 . 2010-07-24 08:30

d

w- c:documents and settingsYulian KolesnikovApplication Datavlc
2010-08-29 07:10 . 2009-04-17 12:03 48 —-a-w- c:windowsmsocreg32.dat
2010-08-27 05:58 . 2007-11-20 12:46

d

w- c:documents and settingsYulian KolesnikovApplication Data1C
2010-08-25 05:20 . 2006-10-07 16:36

d—h—w- c:program filesInstallShield Installation Information
2010-08-24 06:32 . 2007-11-28 14:28

d

w- c:program filesCommon FilesAdobe
2010-08-23 10:26 . 2010-07-26 08:48

d

w- c:program filesHP
2010-08-23 10:03 . 2007-11-21 12:31 124096 -c—a-w- c:documents and settingsYulian KolesnikovLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-08-23 10:02 . 2009-12-17 14:11

d

w- c:program filesGuitar Scales Method
2010-08-23 07:36 . 2009-02-01 20:26

d-sha-r- c:documents and settingsAll Users.WINDOWSApplication DataTemp
2010-08-11 18:58 . 2009-01-27 21:20

d

w- c:documents and settingsYulian KolesnikovApplication DataAhead
2010-08-03 20:10 . 2009-12-13 20:39

d

w- c:documents and settingsYulian KolesnikovApplication DataSkype
2010-08-03 20:09 . 2009-12-13 20:42

d

w- c:documents and settingsYulian KolesnikovApplication DataskypePM
2010-07-29 18:39 . 2010-07-25 08:34

d

w- c:documents and settingsAll Users.WINDOWSApplication Datafirebird
2010-07-26 08:49 . 2010-07-26 08:49

d

w- c:program filesCommon FilesHewlett-Packard
2010-07-24 08:25 . 2009-07-04 20:10

d

w- c:documents and settingsYulian KolesnikovApplication Datadvdcss
2010-06-30 12:31 . 2009-05-10 09:27 149504 —-a-w- c:windowssystem32schannel.dll
2010-06-24 12:10 . 2009-06-07 06:25 81920 —-a-w- c:windowssystem32ieencode.dll
2010-06-24 12:10 . 2006-06-23 08:33 667136 —-a-w- c:windowssystem32wininet.dll
2010-06-23 13:44 . 2009-05-10 09:27 1851904 —-a-w- c:windowssystem32win32k.sys
2010-06-21 15:27 . 2009-05-10 09:27 354304 —-a-w- c:windowssystem32driverssrv.sys
2010-06-17 14:03 . 2001-08-22 21:00 80384 —-a-w- c:windowssystem32iccvid.dll
2010-06-14 14:31 . 2007-11-20 12:19 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
2010-06-14 07:41 . 2007-11-29 17:29 1172480 —-a-w- c:windowssystem32msxml3.dll
2009-06-04 17:21 . 2009-06-04 17:13 88 —sh—r- c:windowssystem32AE63DBAF41.sys
2009-06-04 17:25 . 2009-06-04 17:13 952 —sha-w- c:windowssystem32KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360]

[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:windowspssHP Digital Imaging Monitor.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:windowspssMicrosoft Office.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Порт Symantec Fax Starter Edition.lnk]
backup=c:windowspssПорт Symantec Fax Starter Edition.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Средство управления клиента межсетевого экрана Microsoft.lnk]
backup=c:windowspssСредство управления клиента межсетевого экрана Microsoft.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Punto Switcher.lnk]
backup=c:windowspssPunto Switcher.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Registration Myst V]
backup=c:windowspssRegistration Myst VStartup

[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
path=c:documents and settingsYulian KolesnikovStart MenuProgramsStartupRegistry Repair Pro.lnk
backup=c:windowspssRegistry Repair Pro.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:documents and settingsYulian KolesnikovStart MenuProgramsStartupScheduler.lnk
backup=c:windowspssScheduler.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^UserGate Agent.lnk]
backup=c:windowspssUserGate Agent.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]
c:windowssystem32dumprep 0 -k [X]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
2009-12-11 11:57 948672 —-a-r- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2009-12-21 21:57 35760 —-a-w- c:program filesAdobeReader 9.3Readerreader_sl.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 08:13 152872 —-a-w- c:program filesCommon FilesAheadLibNMBgMonitor.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
2008-04-14 00:12 15360 —-a-w- c:windowssystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
2010-07-27 10:05 3803968 —-a-w- c:program filesDownload Masterdmaster.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH2O]
2005-10-22 20:00 385024 —-a-w- c:program filesSyncrosoftPOSH2Ocledx.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInCD]
2008-05-06 08:55 1057064 —-a-w- c:program filesNeroNero 7InCDInCD.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
2004-10-09 16:17 110592 -c—a-w- c:program filesABBYY Lingvo 10 Multilingual DictionaryLvAgent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvoTraining]
2004-10-09 16:23 1159168 -c—a-w- c:program filesABBYY Lingvo 10 Multilingual DictionaryTutor.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregM-Audio Taskbar Icon]
2008-05-15 13:45 356864 —-a-w- c:windowssystem32M-AudioTaskBarIcon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 00:12 1695232 —-a-w- c:program filesMessengermsmsgs.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2008-05-28 05:27 570664 —-a-w- c:program filesCommon FilesAheadLibNeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOSSelectorReinstall]
2007-03-26 12:31 2227256 —-a-w- c:program filesCommon FilesAcronisAcronis Disk Directoross_reinstall.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPrintDisp]
2009-08-21 07:36 878080 —-a-w- c:windowssystem32PrintDisp.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSecurDisc]
2008-05-06 08:55 1629480 —-a-w- c:program filesNeroNero 7InCDNBHGui.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
2009-10-09 10:11 25623336 —-a-r- c:program filesSkypePhoneSkype.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
2005-08-17 15:39 90112 -c—a-w- c:windowsSOUNDMAN.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2009-10-11 01:17 149280 —-a-w- c:program filesJavajre6binjusched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreguTorrent]
2010-06-08 19:59 322352 —-a-w- c:program filesuTorrentuTorrent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVTTimer]
2005-03-08 00:33 53248 -c—a-w- c:windowssystem32VTTimer.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«WmdmPmSp»=2 (0x2)
«W32Time»=2 (0x2)
«Themes»=2 (0x2)
«Schedule»=2 (0x2)
«RemoteRegistry»=2 (0x2)
«Messenger»=2 (0x2)
«helpsvc»=2 (0x2)
«Eventlog»=2 (0x2)
«SLService»=2 (0x2)
«ProtexisLicensing»=2 (0x2)
«Printer Control»=2 (0x2)
«PLFlash DeviceIoControl Service»=2 (0x2)
«NMIndexingService»=3 (0x3)
«NIHardwareService»=2 (0x2)
«NeroRegInCDSrv»=2 (0x2)
«JavaQuickStarterService»=2 (0x2)
«InCDsrv»=2 (0x2)
«gupdate1c9cb5ba7f43352″=2 (0x2)
«Adobe LM Service»=3 (0x3)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Foxit PDF Editor\PDFEdit.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«1723:TCP»= 1723:TCP:@xpsp2res.dll,-22015
«1701:UDP»= 1701:UDP:@xpsp2res.dll,-22016
«500:UDP»= 500:UDP:@xpsp2res.dll,-22017
«1032:TCP»= 1032:TCP:Akamai NetSession Interface
«5000:UDP»= 5000:UDP:Akamai NetSession Interface

R0 hotcore3;hotcore3;c:windowssystem32drivershotcore3.sys [16.03.2010 15:17 38448]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 16:46 63352]
R1 uzi0ntaz;AVZ-RK Kernel Driver;c:windowssystem32driversuzi0ntaz.sys [04.09.2010 16:25 11264]
R3 CLEDX;Team H2O CLEDX service;c:windowssystem32driverscledx.sys [17.04.2009 14:52 33792]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:windowssystem32driversmausb.sys [19.09.2009 14:47 143624]
S3 Smport;Smport;??c:program filesTVRSmport.sys —> c:program filesTVRSmport.sys [?]
S3 tmeter;TMeter Service;c:windowssystem32DRIVERStmeter.sys —> c:windowssystem32DRIVERStmeter.sys [?]
S3 tmeterMP;tmeterMP;c:windowssystem32DRIVERStmeter.sys —> c:windowssystem32DRIVERStmeter.sys [?]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [16.05.2009 22:37 717296]
.
Contents of the ‘Scheduled Tasks’ folder

2010-03-18 c:windowsTasksGoogleUpdateTaskMachineCore1cac6c579f57c8e.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-02 19:24]
.
.

Supplementary Scan

.
uStart Page = about:blank
uInternet Settings,ProxyOverride =
IE: Translate with Lingvo — c:program filesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
Trusted Zone: vkontakte.ru
TCP: {C0742B27-1F65-4671-9A9F-21FF0AC60C98} = 192.168.1.1
DPF: DirectAnimation Java Classes — file://c:windowsJavaclassesdajava.cab
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 12:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84F883E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf74ecf28
DriverACPI -> ACPI.sys @ 0xf743fcb8
Driveratapi -> 0x84f883e8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
DeviceHarddisk0DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Atheros AR5005G Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7295bd4
PacketIndicateHandler -> NDIS.sys @ 0xf7283a0d
SendHandler -> NDIS.sys @ 0xf7297b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.**v*R%OpenWithList]
@Class=»Shell»
«a»=»LA.exe»
«MRUList»=»a»

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.**v*R%OpenWithProgids]
«v-_auto_file»=hex(0):

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*c*/,%]
@Class=»Shell»

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*c*/,%OpenWithList]
@Class=»Shell»

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*$%4*j*]
@Class=»Shell»

[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*$%4*j*OpenWithList]
@Class=»Shell»
.
Completion time: 2010-09-07 12:09:08
ComboFix-quarantined-files.txt 2010-09-07 08:09
ComboFix2.txt 2010-09-07 07:25
ComboFix3.txt 2010-09-07 07:02

Pre-Run: 34 563 514 368 bytes free
Post-Run: 34 551 332 864 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
— — End Of File — — 9D802127D830DDB85712A548E0CC9EF4
13 сентября, 2010 в 5:50 пп #31325
Admin
Keymaster
- Темы:40
- Сообщений:5676
Лог выглядит нормально. Как сейчас работает компьютер ?
14 сентября, 2010 в 7:32 дп #31326
icav
Participant
- Темы:1
- Сообщений:4
всё ок (тьфу-тьфу-тьфу)

спасибо! =)
Автор

Сообщения