Созданные ответы форума
-
Сообщения
-
ComboFix 10-09-06.03 — Yulian Kolesnikov 07.09.2010 11:53:44.5.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.447.243 [GMT 4:00]
Running from: c:documents and settingsYulian KolesnikovDesktopComboFix.exe
Command switches used :: c:documents and settingsYulian KolesnikovDesktopCFScript.txtFILE ::
«c:windowsTasks$~$Sys0$.job»
.((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.2010-09-07 06:24 . 2010-09-07 06:25
d
w- C:rsit
2010-09-07 05:42 . 2010-09-07 05:42 3839253 —-a-w- c:program filesComboFix.exe
2010-09-06 05:54 . 2010-09-06 05:54
d
w- c:tempпо
2010-09-06 05:54 . 2010-09-06 05:54
d
w- C:Temp
2010-09-04 13:18 . 2010-09-07 06:24
d
w- c:program filestrend micro
2010-09-04 12:29 . 2010-09-04 12:29
d
w- c:documents and settingsYulian KolesnikovLocal SettingsApplication DataSymantec
2010-09-04 12:25 . 2010-09-04 12:25 11264 —-a-w- c:windowssystem32driversuzi0ntaz.sys
2010-09-04 11:13 . 2010-09-04 11:13
d
w- c:program filesWindows Sidebar
2010-09-04 11:13 . 2010-09-04 13:38
d
w- c:documents and settingsAll Users.WINDOWSApplication DataNorton
2010-09-04 11:12 . 2010-09-04 11:57
d
w- c:documents and settingsAll Users.WINDOWSApplication DataNortonInstaller
2010-09-04 10:54 . 2010-09-04 10:54
d
w- c:documents and settingsYulian KolesnikovApplication DataThinstall
2010-09-04 05:30 . 2010-09-04 05:30
d
w- c:documents and settingsYulian KolesnikovApplication DataInstaller
2010-08-29 19:36 . 2010-08-29 19:36
d
w- c:program filesofftimer
2010-08-27 15:42 . 2010-08-27 15:42
d
w- c:documents and settingsDefault User
2010-08-24 14:19 . 2010-08-25 06:05
d
w- c:documents and settingsYulian KolesnikovDoctorWeb
2010-08-24 13:48 . 2010-08-24 13:50
d
w- c:documents and settingsYulian KolesnikovApplication DataDownload Master
2010-08-24 13:48 . 2007-12-18 10:56 1412608 —-a-w- c:documents and settingsYulian KolesnikovApplication DataDownload Mastertempskin.dll
2010-08-24 13:48 . 2010-08-24 14:16
d
w- c:program filesDownload Master.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 05:34 . 2008-08-21 17:04
d
w- c:program filesGuitar Pro 5
2010-09-05 05:14 . 2009-05-11 07:44
d
w- c:documents and settingsYulian KolesnikovApplication DatauTorrent
2010-09-04 09:00 . 2010-07-24 08:30
d
w- c:documents and settingsYulian KolesnikovApplication Datavlc
2010-08-29 07:10 . 2009-04-17 12:03 48 —-a-w- c:windowsmsocreg32.dat
2010-08-27 05:58 . 2007-11-20 12:46
d
w- c:documents and settingsYulian KolesnikovApplication Data1C
2010-08-25 05:20 . 2006-10-07 16:36
d—h—w- c:program filesInstallShield Installation Information
2010-08-24 06:32 . 2007-11-28 14:28
d
w- c:program filesCommon FilesAdobe
2010-08-23 10:26 . 2010-07-26 08:48
d
w- c:program filesHP
2010-08-23 10:03 . 2007-11-21 12:31 124096 -c—a-w- c:documents and settingsYulian KolesnikovLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-08-23 10:02 . 2009-12-17 14:11
d
w- c:program filesGuitar Scales Method
2010-08-23 07:36 . 2009-02-01 20:26
d-sha-r- c:documents and settingsAll Users.WINDOWSApplication DataTemp
2010-08-11 18:58 . 2009-01-27 21:20
d
w- c:documents and settingsYulian KolesnikovApplication DataAhead
2010-08-03 20:10 . 2009-12-13 20:39
d
w- c:documents and settingsYulian KolesnikovApplication DataSkype
2010-08-03 20:09 . 2009-12-13 20:42
d
w- c:documents and settingsYulian KolesnikovApplication DataskypePM
2010-07-29 18:39 . 2010-07-25 08:34
d
w- c:documents and settingsAll Users.WINDOWSApplication Datafirebird
2010-07-26 08:49 . 2010-07-26 08:49
d
w- c:program filesCommon FilesHewlett-Packard
2010-07-24 08:25 . 2009-07-04 20:10
d
w- c:documents and settingsYulian KolesnikovApplication Datadvdcss
2010-06-30 12:31 . 2009-05-10 09:27 149504 —-a-w- c:windowssystem32schannel.dll
2010-06-24 12:10 . 2009-06-07 06:25 81920 —-a-w- c:windowssystem32ieencode.dll
2010-06-24 12:10 . 2006-06-23 08:33 667136 —-a-w- c:windowssystem32wininet.dll
2010-06-23 13:44 . 2009-05-10 09:27 1851904 —-a-w- c:windowssystem32win32k.sys
2010-06-21 15:27 . 2009-05-10 09:27 354304 —-a-w- c:windowssystem32driverssrv.sys
2010-06-17 14:03 . 2001-08-22 21:00 80384 —-a-w- c:windowssystem32iccvid.dll
2010-06-14 14:31 . 2007-11-20 12:19 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
2010-06-14 07:41 . 2007-11-29 17:29 1172480 —-a-w- c:windowssystem32msxml3.dll
2009-06-04 17:21 . 2009-06-04 17:13 88 —sh—r- c:windowssystem32AE63DBAF41.sys
2009-06-04 17:25 . 2009-06-04 17:13 952 —sha-w- c:windowssystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360][HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:windowspssHP Digital Imaging Monitor.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:windowspssMicrosoft Office.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Порт Symantec Fax Starter Edition.lnk]
backup=c:windowspssПорт Symantec Fax Starter Edition.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Средство управления клиента межсетевого экрана Microsoft.lnk]
backup=c:windowspssСредство управления клиента межсетевого экрана Microsoft.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Punto Switcher.lnk]
backup=c:windowspssPunto Switcher.lnkStartup[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Registration Myst V]
backup=c:windowspssRegistration Myst VStartup[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
path=c:documents and settingsYulian KolesnikovStart MenuProgramsStartupRegistry Repair Pro.lnk
backup=c:windowspssRegistry Repair Pro.lnkStartup[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:documents and settingsYulian KolesnikovStart MenuProgramsStartupScheduler.lnk
backup=c:windowspssScheduler.lnkStartup[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^UserGate Agent.lnk]
backup=c:windowspssUserGate Agent.lnkStartup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]
c:windowssystem32dumprep 0 -k [X][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
2009-12-11 11:57 948672 —-a-r- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2009-12-21 21:57 35760 —-a-w- c:program filesAdobeReader 9.3Readerreader_sl.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 08:13 152872 —-a-w- c:program filesCommon FilesAheadLibNMBgMonitor.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
2008-04-14 00:12 15360 —-a-w- c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
2010-07-27 10:05 3803968 —-a-w- c:program filesDownload Masterdmaster.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH2O]
2005-10-22 20:00 385024 —-a-w- c:program filesSyncrosoftPOSH2Ocledx.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInCD]
2008-05-06 08:55 1057064 —-a-w- c:program filesNeroNero 7InCDInCD.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
2004-10-09 16:17 110592 -c—a-w- c:program filesABBYY Lingvo 10 Multilingual DictionaryLvAgent.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvoTraining]
2004-10-09 16:23 1159168 -c—a-w- c:program filesABBYY Lingvo 10 Multilingual DictionaryTutor.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregM-Audio Taskbar Icon]
2008-05-15 13:45 356864 —-a-w- c:windowssystem32M-AudioTaskBarIcon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 00:12 1695232 —-a-w- c:program filesMessengermsmsgs.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2008-05-28 05:27 570664 —-a-w- c:program filesCommon FilesAheadLibNeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOSSelectorReinstall]
2007-03-26 12:31 2227256 —-a-w- c:program filesCommon FilesAcronisAcronis Disk Directoross_reinstall.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPrintDisp]
2009-08-21 07:36 878080 —-a-w- c:windowssystem32PrintDisp.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSecurDisc]
2008-05-06 08:55 1629480 —-a-w- c:program filesNeroNero 7InCDNBHGui.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
2009-10-09 10:11 25623336 —-a-r- c:program filesSkypePhoneSkype.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
2005-08-17 15:39 90112 -c—a-w- c:windowsSOUNDMAN.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2009-10-11 01:17 149280 —-a-w- c:program filesJavajre6binjusched.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreguTorrent]
2010-06-08 19:59 322352 —-a-w- c:program filesuTorrentuTorrent.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVTTimer]
2005-03-08 00:33 53248 -c—a-w- c:windowssystem32VTTimer.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«WmdmPmSp»=2 (0x2)
«W32Time»=2 (0x2)
«Themes»=2 (0x2)
«Schedule»=2 (0x2)
«RemoteRegistry»=2 (0x2)
«Messenger»=2 (0x2)
«helpsvc»=2 (0x2)
«Eventlog»=2 (0x2)
«SLService»=2 (0x2)
«ProtexisLicensing»=2 (0x2)
«Printer Control»=2 (0x2)
«PLFlash DeviceIoControl Service»=2 (0x2)
«NMIndexingService»=3 (0x3)
«NIHardwareService»=2 (0x2)
«NeroRegInCDSrv»=2 (0x2)
«JavaQuickStarterService»=2 (0x2)
«InCDsrv»=2 (0x2)
«gupdate1c9cb5ba7f43352″=2 (0x2)
«Adobe LM Service»=3 (0x3)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Foxit PDF Editor\PDFEdit.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«1723:TCP»= 1723:TCP:@xpsp2res.dll,-22015
«1701:UDP»= 1701:UDP:@xpsp2res.dll,-22016
«500:UDP»= 500:UDP:@xpsp2res.dll,-22017
«1032:TCP»= 1032:TCP:Akamai NetSession Interface
«5000:UDP»= 5000:UDP:Akamai NetSession InterfaceR0 hotcore3;hotcore3;c:windowssystem32drivershotcore3.sys [16.03.2010 15:17 38448]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 16:46 63352]
R1 uzi0ntaz;AVZ-RK Kernel Driver;c:windowssystem32driversuzi0ntaz.sys [04.09.2010 16:25 11264]
R3 CLEDX;Team H2O CLEDX service;c:windowssystem32driverscledx.sys [17.04.2009 14:52 33792]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:windowssystem32driversmausb.sys [19.09.2009 14:47 143624]
S3 Smport;Smport;??c:program filesTVRSmport.sys —> c:program filesTVRSmport.sys [?]
S3 tmeter;TMeter Service;c:windowssystem32DRIVERStmeter.sys —> c:windowssystem32DRIVERStmeter.sys [?]
S3 tmeterMP;tmeterMP;c:windowssystem32DRIVERStmeter.sys —> c:windowssystem32DRIVERStmeter.sys [?]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [16.05.2009 22:37 717296]
.
Contents of the ‘Scheduled Tasks’ folder2010-03-18 c:windowsTasksGoogleUpdateTaskMachineCore1cac6c579f57c8e.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-02 19:24]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Settings,ProxyOverride =
IE: Translate with Lingvo — c:program filesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
Trusted Zone: vkontakte.ru
TCP: {C0742B27-1F65-4671-9A9F-21FF0AC60C98} = 192.168.1.1
DPF: DirectAnimation Java Classes — file://c:windowsJavaclassesdajava.cab
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 12:06
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84F883E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf74ecf28
DriverACPI -> ACPI.sys @ 0xf743fcb8
Driveratapi -> 0x84f883e8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
DeviceHarddisk0DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Atheros AR5005G Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7295bd4
PacketIndicateHandler -> NDIS.sys @ 0xf7283a0d
SendHandler -> NDIS.sys @ 0xf7297b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.**v*R%OpenWithList]
@Class=»Shell»
«a»=»LA.exe»
«MRUList»=»a»[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.**v*R%OpenWithProgids]
«v-_auto_file»=hex(0):[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*c*/,%]
@Class=»Shell»[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*c*/,%OpenWithList]
@Class=»Shell»[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*$%4*j*]
@Class=»Shell»[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*$%4*j*OpenWithList]
@Class=»Shell»
.
Completion time: 2010-09-07 12:09:08
ComboFix-quarantined-files.txt 2010-09-07 08:09
ComboFix2.txt 2010-09-07 07:25
ComboFix3.txt 2010-09-07 07:02Pre-Run: 34 563 514 368 bytes free
Post-Run: 34 551 332 864 bytes freeCurrent=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
— — End Of File — — 9D802127D830DDB85712A548E0CC9EF4не без труда, но всё же проверился комбофиксом.
(интересно, что даже при отключенной авире, она выдает, что, де, «есть таки что-то на твоём компе, друг».. работает как партизан-невидимо и неслышимо)помогите, пожлста, разобрать лог.
под «Other Deletions» 7 путей, это что виры?
и да, в заглавии темы трояны, которые нашли авира и нортон, но забыл написать, они находятся на съёмном внешнем винте H, а в логе только С…
ComboFix 10-09-03.02 — Yulian Kolesnikov 04.09.2010 22:08:05.1.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.447.171 [GMT 4:00]
Running from: c:documents and settingsYulian KolesnikovDesktopComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:autorun.inf
c:documents and settingsAll Users.WINDOWSApplication Data1pdfdec.dll
C:Thumbs.db
c:windowssystem32gxvxccounter
c:windowssystem32gxvxcniluucwnoemktsmxbqoltsnompulkrwa.dll
c:windowssystem32msvcsv60.dll
c:windowssystem32Thumbs.db.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.2010-09-04 13:45 . 2009-03-30 05:33 96104 —-a-w- c:windowssystem32driversavipbb.sys
2010-09-04 13:45 . 2009-02-13 07:29 22360 —-a-w- c:windowssystem32driversavgntmgr.sys
2010-09-04 13:45 . 2009-02-13 07:17 45416 —-a-w- c:windowssystem32driversavgntdd.sys
2010-09-04 13:45 . 2010-09-04 13:45
d
w- c:program filesAvira
2010-09-04 13:45 . 2010-09-04 13:45
d
w- c:documents and settingsAll Users.WINDOWSApplication DataAvira
2010-09-04 13:18 . 2010-09-04 14:20
d
w- c:program filestrend micro
2010-09-04 13:18 . 2010-09-04 13:19
d
w- C:rsit
2010-09-04 12:29 . 2010-09-04 12:29
d
w- c:documents and settingsYulian KolesnikovLocal SettingsApplication DataSymantec
2010-09-04 12:25 . 2010-09-04 12:25 11264 —-a-w- c:windowssystem32driversuzi0ntaz.sys
2010-09-04 11:13 . 2010-09-04 11:13
d
w- c:program filesWindows Sidebar
2010-09-04 11:13 . 2010-09-04 13:38
d
w- c:documents and settingsAll Users.WINDOWSApplication DataNorton
2010-09-04 11:12 . 2010-09-04 11:57
d
w- c:documents and settingsAll Users.WINDOWSApplication DataNortonInstaller
2010-09-04 10:54 . 2010-09-04 10:54
d
w- c:documents and settingsYulian KolesnikovApplication DataThinstall
2010-09-04 05:55 . 2010-09-04 05:55 63479 —-a-w- c:tempИнтервалы.zip
2010-09-04 05:30 . 2010-09-04 05:30
d
w- c:documents and settingsYulian KolesnikovApplication DataInstaller
2010-08-29 19:36 . 2010-08-29 19:36
d
w- c:program filesofftimer
2010-08-27 15:42 . 2010-08-27 15:42
d
w- c:documents and settingsDefault User
2010-08-24 14:19 . 2010-08-25 06:05
d
w- c:documents and settingsYulian KolesnikovDoctorWeb
2010-08-24 13:48 . 2010-08-24 13:50
d
w- c:documents and settingsYulian KolesnikovApplication DataDownload Master
2010-08-24 13:48 . 2007-12-18 10:56 1412608 —-a-w- c:documents and settingsYulian KolesnikovApplication DataDownload Mastertempskin.dll
2010-08-24 13:48 . 2010-08-24 14:16
d
w- c:program filesDownload Master
2010-08-24 06:57 . 2010-08-24 06:57
d
w- c:tempУскорение компьютера_files
2010-08-24 06:57 . 2010-08-24 06:57
d
w- c:tempтуризм
2010-08-24 06:57 . 2010-08-24 06:57
d
w- c:tempЛит-ра
2010-08-24 06:57 . 2010-08-24 06:57
d
w- c:tempЛечебная гимнастика (физкультура) при грудном остеохондрозе._files
2010-08-24 06:53 . 2010-08-24 06:57
d
w- c:tempВУЗъ.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 17:32 . 2009-05-11 07:44
d
w- c:documents and settingsYulian KolesnikovApplication DatauTorrent
2010-09-04 09:00 . 2010-07-24 08:30
d
w- c:documents and settingsYulian KolesnikovApplication Datavlc
2010-08-29 07:10 . 2009-04-17 12:03 48 —-a-w- c:windowsmsocreg32.dat
2010-08-27 16:32 . 2008-08-21 17:04
d
w- c:program filesGuitar Pro 5
2010-08-27 05:58 . 2007-11-20 12:46
d
w- c:documents and settingsYulian KolesnikovApplication Data1C
2010-08-25 05:20 . 2006-10-07 16:36
d—h—w- c:program filesInstallShield Installation Information
2010-08-24 06:32 . 2007-11-28 14:28
d
w- c:program filesCommon FilesAdobe
2010-08-23 10:26 . 2010-07-26 08:48
d
w- c:program filesHP
2010-08-23 10:03 . 2007-11-21 12:31 124096 -c—a-w- c:documents and settingsYulian KolesnikovLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-08-23 10:02 . 2009-12-17 14:11
d
w- c:program filesGuitar Scales Method
2010-08-23 07:36 . 2009-02-01 20:26
d-sha-r- c:documents and settingsAll Users.WINDOWSApplication DataTemp
2010-08-11 18:58 . 2009-01-27 21:20
d
w- c:documents and settingsYulian KolesnikovApplication DataAhead
2010-08-03 20:10 . 2009-12-13 20:39
d
w- c:documents and settingsYulian KolesnikovApplication DataSkype
2010-08-03 20:09 . 2009-12-13 20:42
d
w- c:documents and settingsYulian KolesnikovApplication DataskypePM
2010-07-29 18:39 . 2010-07-25 08:34
d
w- c:documents and settingsAll Users.WINDOWSApplication Datafirebird
2010-07-26 08:49 . 2010-07-26 08:49
d
w- c:program filesCommon FilesHewlett-Packard
2010-07-24 08:25 . 2009-07-04 20:10
d
w- c:documents and settingsYulian KolesnikovApplication Datadvdcss
2010-06-30 12:31 . 2009-05-10 09:27 149504 —-a-w- c:windowssystem32schannel.dll
2010-06-24 12:10 . 2009-06-07 06:25 81920 —-a-w- c:windowssystem32ieencode.dll
2010-06-24 12:10 . 2006-06-23 08:33 667136 —-a-w- c:windowssystem32wininet.dll
2010-06-23 13:44 . 2009-05-10 09:27 1851904 —-a-w- c:windowssystem32win32k.sys
2010-06-21 15:27 . 2009-05-10 09:27 354304 —-a-w- c:windowssystem32driverssrv.sys
2010-06-17 14:03 . 2001-08-22 21:00 80384 —-a-w- c:windowssystem32iccvid.dll
2010-06-14 14:31 . 2007-11-20 12:19 744448 —-a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
2010-06-14 07:41 . 2007-11-29 17:29 1172480 —-a-w- c:windowssystem32msxml3.dll
2009-06-04 17:21 . 2009-06-04 17:13 88 —sh—r- c:windowssystem32AE63DBAF41.sys
2009-06-04 17:25 . 2009-06-04 17:13 952 —sha-w- c:windowssystem32KGyGaAvL.sys
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowsSystem32CTFMON.EXE» [2008-04-14 15360][HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:windowspssHP Digital Imaging Monitor.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:windowspssMicrosoft Office.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Порт Symantec Fax Starter Edition.lnk]
backup=c:windowspssПорт Symantec Fax Starter Edition.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Средство управления клиента межсетевого экрана Microsoft.lnk]
backup=c:windowspssСредство управления клиента межсетевого экрана Microsoft.lnkCommon Startup[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Punto Switcher.lnk]
backup=c:windowspssPunto Switcher.lnkStartup[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Registration Myst V]
backup=c:windowspssRegistration Myst VStartup[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
path=c:documents and settingsYulian KolesnikovStart MenuProgramsStartupRegistry Repair Pro.lnk
backup=c:windowspssRegistry Repair Pro.lnkStartup[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:documents and settingsYulian KolesnikovStart MenuProgramsStartupScheduler.lnk
backup=c:windowspssScheduler.lnkStartup[HKLM~startupfolderC:^Documents and Settings^Yulian Kolesnikov^Start Menu^Programs^Startup^UserGate Agent.lnk]
backup=c:windowspssUserGate Agent.lnkStartup
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdVantage
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcoholAutomount
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregegui
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEPSON Stylus C62 Series
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGW Port Controller
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregICQ Lite[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]
c:windowssystem32dumprep 0 -k [X]
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPinnacleDriverCheck
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPunto Switcher
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregToolBoxFX
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrafMonitor
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrickler[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
2009-12-11 11:57 948672 —-a-r- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
2009-12-21 21:57 35760 —-a-w- c:program filesAdobeReader 9.3Readerreader_sl.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregavgnt]
2009-03-02 08:08 209153 —-a-w- c:program filesAviraAntiVir Desktopavgnt.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 08:13 152872 —-a-w- c:program filesCommon FilesAheadLibNMBgMonitor.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]
2008-04-14 00:12 15360 —-a-w- c:windowssystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
2010-07-27 10:05 3803968 —-a-w- c:program filesDownload Masterdmaster.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH2O]
2005-10-22 20:00 385024 —-a-w- c:program filesSyncrosoftPOSH2Ocledx.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInCD]
2008-05-06 08:55 1057064 —-a-w- c:program filesNeroNero 7InCDInCD.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvo Launcher]
2004-10-09 16:17 110592 -c—a-w- c:program filesABBYY Lingvo 10 Multilingual DictionaryLvAgent.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLingvoTraining]
2004-10-09 16:23 1159168 -c—a-w- c:program filesABBYY Lingvo 10 Multilingual DictionaryTutor.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregM-Audio Taskbar Icon]
2008-05-15 13:45 356864 —-a-w- c:windowssystem32M-AudioTaskBarIcon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 00:12 1695232 —-a-w- c:program filesMessengermsmsgs.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2008-05-28 05:27 570664 —-a-w- c:program filesCommon FilesAheadLibNeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOSSelectorReinstall]
2007-03-26 12:31 2227256 —-a-w- c:program filesCommon FilesAcronisAcronis Disk Directoross_reinstall.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPrintDisp]
2009-08-21 07:36 878080 —-a-w- c:windowssystem32PrintDisp.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSecurDisc]
2008-05-06 08:55 1629480 —-a-w- c:program filesNeroNero 7InCDNBHGui.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
2009-10-09 10:11 25623336 —-a-r- c:program filesSkypePhoneSkype.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
2005-08-17 15:39 90112 -c—a-w- c:windowsSOUNDMAN.EXE[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2009-10-11 01:17 149280 —-a-w- c:program filesJavajre6binjusched.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsystemsrvload]
2004-08-18 12:00 14336 -c—a-w- c:recoverWINDOWSsystem32svchost.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreguTorrent]
2010-06-08 19:59 322352 —-a-w- c:program filesuTorrentuTorrent.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVTTimer]
2005-03-08 00:33 53248 -c—a-w- c:windowssystem32VTTimer.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«WmdmPmSp»=2 (0x2)
«W32Time»=2 (0x2)
«Themes»=2 (0x2)
«Schedule»=2 (0x2)
«RemoteRegistry»=2 (0x2)
«Messenger»=2 (0x2)
«helpsvc»=2 (0x2)
«Eventlog»=2 (0x2)
«SLService»=2 (0x2)
«ProtexisLicensing»=2 (0x2)
«Printer Control»=2 (0x2)
«PLFlash DeviceIoControl Service»=2 (0x2)
«NMIndexingService»=3 (0x3)
«NIHardwareService»=2 (0x2)
«NeroRegInCDSrv»=2 (0x2)
«JavaQuickStarterService»=2 (0x2)
«InCDsrv»=2 (0x2)
«gupdate1c9cb5ba7f43352″=2 (0x2)
«Adobe LM Service»=3 (0x3)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\WINDOWS\system32\dpvsetup.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Foxit PDF Editor\PDFEdit.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«1723:TCP»= 1723:TCP:@xpsp2res.dll,-22015
«1701:UDP»= 1701:UDP:@xpsp2res.dll,-22016
«500:UDP»= 500:UDP:@xpsp2res.dll,-22017
«1032:TCP»= 1032:TCP:Akamai NetSession Interface
«5000:UDP»= 5000:UDP:Akamai NetSession InterfaceR0 hotcore3;hotcore3;c:windowssystem32drivershotcore3.sys [16.03.2010 15:17 38448]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:windowssystem32driverssfdrv01a.sys [05.07.2006 16:46 63352]
R1 uzi0ntaz;AVZ-RK Kernel Driver;c:windowssystem32driversuzi0ntaz.sys [04.09.2010 16:25 11264]
R2 AntiVirSchedulerService;Avira AntiVir Планировщик;c:program filesAviraAntiVir Desktopsched.exe [04.09.2010 17:45 108289]
R3 CLEDX;Team H2O CLEDX service;c:windowssystem32driverscledx.sys [17.04.2009 14:52 33792]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:windowssystem32driversmausb.sys [19.09.2009 14:47 143624]
S3 Smport;Smport;??c:program filesTVRSmport.sys —> c:program filesTVRSmport.sys [?]
S3 tmeter;TMeter Service;c:windowssystem32DRIVERStmeter.sys —> c:windowssystem32DRIVERStmeter.sys [?]
S3 tmeterMP;tmeterMP;c:windowssystem32DRIVERStmeter.sys —> c:windowssystem32DRIVERStmeter.sys [?]
S4 gupdate1c9cb5ba7f43352;Служба Google Update (gupdate1c9cb5ba7f43352);c:program filesGoogleUpdateGoogleUpdate.exe [02.05.2009 23:24 133104]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:program filesNeroNero 7InCDNBHRegInCDSrv.exe —> c:program filesNeroNero 7InCDNBHRegInCDSrv.exe [?]
S4 NIHardwareService;NIHardwareService;c:program filesCommon FilesNative InstrumentsHardwareNIHardwareService.exe [17.07.2009 17:32 3576320]
S4 Printer Control;Printer Control;c:windowssystem32PrintCtrl.exe [01.04.2010 14:55 77824]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [16.05.2009 22:37 717296]
.
Contents of the ‘Scheduled Tasks’ folder2009-09-11 c:windowsTasks$~$Sys0$.job
— c:windowsSystem32SchedSvc.dll [2008-01-10 00:12]2010-03-18 c:windowsTasksGoogleUpdateTaskMachineCore1cac6c579f57c8e.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-05-02 19:24]
.
.
Supplementary Scan
.
uStart Page = about:blank
IE: Translate with Lingvo — c:program filesABBYY Lingvo 10 Multilingual DictionaryLingvo.exe/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
Trusted Zone: pornostream.ru
Trusted Zone: vkontakte.ru
TCP: {C0742B27-1F65-4671-9A9F-21FF0AC60C98} = 192.168.1.1
DPF: DirectAnimation Java Classes — file://c:windowsJavaclassesdajava.cab
DPF: Microsoft XML Parser for Java — file://c:windowsJavaclassesxmldso.cab
.
— — — — ORPHANS REMOVED — — — —MSConfigStartUp-HPUsageTracking — c:program filesHPHP UTbinhppusg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 22:22
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84F838B8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xf7506f28
DriverACPI -> ACPI.sys @ 0xf7459cb8
Driveratapi -> 0x84f838b8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
DeviceHarddisk0DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Atheros AR5005G Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf72afbd4
PacketIndicateHandler -> NDIS.sys @ 0xf729da0d
SendHandler -> NDIS.sys @ 0xf72b1b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.**v*R%OpenWithList]
@Class=»Shell»
«a»=»LA.exe»
«MRUList»=»a»[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.**v*R%OpenWithProgids]
«v-_auto_file»=hex(0):[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*c*/,%]
@Class=»Shell»[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*c*/,%OpenWithList]
@Class=»Shell»[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*$%4*j*]
@Class=»Shell»[HKEY_USERSS-1-5-21-854245398-220523388-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.*$%4*j*OpenWithList]
@Class=»Shell»[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=»FlashBroker»
«LocalizedString»=»@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe,-101»[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]
«Enabled»=dword:00000001[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]
@=»c:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe»[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker4″[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0»
.
Other Running Processes
.
c:program filesAviraAntiVir Desktopavguard.exe
c:windowssystem32wdfmgr.exe
.
**************************************************************************
.
Completion time: 2010-09-04 22:29:41 — machine was rebooted
ComboFix-quarantined-files.txt 2010-09-04 18:29Pre-Run: 23 312 338 944 bytes free
Post-Run: 23 249 235 968 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
UnsupportedDebug=»do not select this» /debug
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional» /fastdetect /NoExecute=OptInCurrent=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
— — End Of File — — 9ACD3C8D59DF8F08DFC9E1F38C9C0A7E
